last executing test programs:

6m10.220841872s ago: executing program 0 (id=1111):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="00bde3e41a34260f27bc2d89eebd809961d64d688c8d9748ad43784805328b29325a761da5641485aa1949", 0x2b}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000180)="ebbe7b9fbc90ac9a9f9a587ec52fb8b03ceaa844d90c8178c42b082966dd59f29f51620ffb9cd85f98aa5177c36bfa1f8a5c8165d770355d473e0a858ad951421836ede4128539fb6c09dbfbf2adcf8ac46f08504117c34ff3fa9d54664e73dab0a261ca3448cf584ed4d6cca550f414af1e8fe73f", 0x75}, {&(0x7f0000000280)="519e2c263f7e43059caf30da51ac2b48a6c4fdb1713772bc83a4a63d526f5c4514bee24320b7829da497fb4db337c98fd8e6e2c3a7f7dfa421a7b30e751d9fd823596b2e157f6ad623f474b5372762c630f6e20b531cf59cf214bead4a9db9d23f8c7e0fb09cc4be7495fe0cc446f5b7c77658c3eff36d7152c6143950b8be9f7ca8b524599c22b82b2d334e661ff3d0a8575ee729487eb67910b7fe817d15d57cc9d5fc5b54c2537da7c8e3726a2cb4382e816809032d24765170254838e0488d4d9c297300c1e8a37511f716142a698f8e98dc77d9e006113a013f5d4c99e394794e4051a4e62c3dc1002f5668bd6eca87ed6b2ee9fae678bfd444dbd304ce081f0e502519f6227cdab849e6e147facd964eb4e27a13f1171ef393e8a16d1998740a8bfccfbace3d51da031eb622905fb1693ac2f47fadddb0a8bb135d7c88307c8d057680cc83d0b9f91582c236dc133b570e30a61fd2d7a6588339b213a3c6d3cc3baa45179921aff7f2c77fc3c8f9fcba07fe6e1d5e2053e3669852dd3e640aeea1c8747b86bbe44b28e62e13196758d8b6c0d592c9c37de9e28e73d8b9e9a589e9105ba3f4d41e74cc5ef67bfffd17139866deec9881167be4f87993068df87d052655028b1eb7780b71a3e3868c10ebc48b0dca7c69aac606357cba6adae1610e3ab84eccc48cdabdcf09e6387dedf8136f09552316e505d93bd8e1829ad3b0534987dc9937dacfd0e0b3339d795996d2bc2039807ffe4090b91b3e8f39d81cd98e33bd2c2704020618229cda237370fd38cb5a7e3e45a21b1be106168bfc05cf8935cf2f503e7bdc04e2b5cb5d074833566b957ba15fa139886df7877b4061978d73acbc810780a92f65fab968c4853d721d019a3ec7ed4a6123c4d887dc3fdabe810bc2f51ba1969d62e1b62447ce9599a8199d2e6ef3c04686063673d287ed352bacb5be3732210af03a08b0ccb0dc0605f7950892cbbf6918c9ba8c7c27c4352b9c612e7f223f2aee305a7ce6bc6cf893c7545233f1c9c330435f2f42344560adc6f6a99df82c26284c63c138c98a56b86fc7dc7c8b5b3ae4df630152ea5468325dd2cbdec87744688c1ab11c3bba5677ab52eaa8001708c0fcc1ea158309d27e08dcf590f556a4e384cd1ed1b494b26e3ace6629446052b205315372b3c1a11ff7973f3f75f884d850d09d786834b8831b47ee258356b008b1bdeb6c586e4d4c8e12565aa9871acf68c51ec9f54411a065c3da759b694a9d7f932e724f810d2dec3eec18ca0c0083b42389f11702cf3e2ee8729dd6b5f41aeb1132b24c4416652be956278475837c621a71cae1b79455fd835c16bb6bd31d9400dc7d075b221d9f18450084933e2de0c3b646842532528abcb511e5bb91082c95646a8885e1741a82399d5bd8f7d74aaab807f8f51af3778973937f86a0fee236084b22d9e5f9ac43e65148e952b5e4dd7b15ea513255cbdee846c2c0f1d76e1a132e21620f5803ca0a63b372baeb4789d1d6d90e179cfa7186bc962bd35f4e5faf7fe0ef4c013bfe5b41e6136939ea831f4c8623cbf6430e7c4418b0d1665beba44dcbb2bb951d5322bdf5640ae3a52a17823e158e86cd0d1096ea62a3585fa29d3ba28477cecc8dc8dd7bb48be777a2069e6f884d67ab2a848e34e5ee07993f208fc0a0389e6d7e27ee7adb98a9e549197be5a2b0abe1cd49f7600ce37b03dd5bd3616e2a41127f8bdcc0ebd1ced6fcc561bb7a7923b8dee0324ae6b70305689ff62143a63e1480d756a8831d72be50dc3300212efa1148f1", 0x4f9}], 0x2}}], 0x2, 0x4400c840)
sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd)

6m9.450269955s ago: executing program 0 (id=1113):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x11000000)

6m8.359100738s ago: executing program 0 (id=1115):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000040)=@hopopts={0x62}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
ioctl$sock_bt_hci(r4, 0x400448c9, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @dev}, 0x18, 0x0}}], 0x6c00, 0x48)

6m0.505930008s ago: executing program 0 (id=1143):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa1c08, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x12d5498, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x2, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000000540)={0x2020}, 0x2020)

6m0.405741016s ago: executing program 0 (id=1145):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000ccb000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
modify_ldt$write(0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x39}, @NFTA_INNER_EXPR={0x14, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x4}}}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000)
r5 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000180)={r2, r3})
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000001380)={<r6=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r6)
close_range(r1, 0xffffffffffffffff, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x1f1d, &(0x7f0000000200)={0x0, 0xe3cb, 0x8223, 0x2, 0xda}, &(0x7f0000000180), &(0x7f0000000280))

5m59.662731198s ago: executing program 0 (id=1149):
syz_usb_connect(0x3, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000006c0)={@dev={0xfe, 0x80, '\x00', 0x13}}, 0x14)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000002040)={'veth1_to_batadv\x00', <r7=>0x0})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x3}, r7}, 0x14)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, r7, 0x25, 0x8, @val=@perf_event={0x27dd}}, 0x18)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000002140)='maps\x00')
read$FUSE(r8, &(0x7f0000000000)={0x2020}, 0xfffffc7a)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
statx(r8, &(0x7f0000002080)='./file0\x00', 0x6000, 0x80, &(0x7f0000002180))
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000006000000020000000900010073797a3000e2ff000900020073797a32000000003c000480380001800b00010064796e736574000028000280080004400000000008000340000000000900010073797a31000000000800"], 0x90}}, 0x0)
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

5m57.460372009s ago: executing program 32 (id=1149):
syz_usb_connect(0x3, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f00000006c0)={@dev={0xfe, 0x80, '\x00', 0x13}}, 0x14)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000002040)={'veth1_to_batadv\x00', <r7=>0x0})
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x3}, r7}, 0x14)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, r7, 0x25, 0x8, @val=@perf_event={0x27dd}}, 0x18)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3a, 0x0, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000002140)='maps\x00')
read$FUSE(r8, &(0x7f0000000000)={0x2020}, 0xfffffc7a)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
statx(r8, &(0x7f0000002080)='./file0\x00', 0x6000, 0x80, &(0x7f0000002180))
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a09040000000006000000020000000900010073797a3000e2ff000900020073797a32000000003c000480380001800b00010064796e736574000028000280080004400000000008000340000000000900010073797a31000000000800"], 0x90}}, 0x0)
io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0)

5m25.062291428s ago: executing program 3 (id=1234):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

5m24.338024137s ago: executing program 3 (id=1235):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000180)={0x40, 0x3, 0x2, '#\t'}, 0x0, 0x0})
socket$igmp(0x2, 0x3, 0x2)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

5m21.173876254s ago: executing program 3 (id=1246):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

5m20.520727183s ago: executing program 3 (id=1248):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000340)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xa1c08, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x2, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000000540)={0x2020}, 0x2020)

5m20.19765516s ago: executing program 3 (id=1250):
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r1}, 0x10)
gettid()

5m19.541072169s ago: executing program 3 (id=1253):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r4}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast})

5m18.783679448s ago: executing program 33 (id=1253):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r4}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast})

13.245437339s ago: executing program 4 (id=2093):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_open_dev$ndb(&(0x7f0000000140), 0x0, 0x115440)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000006111b4000000000085000000580000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x48)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000001340)={0x84, &(0x7f0000001400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0xa980, 0x0)
readv(r5, &(0x7f0000000400), 0x0)
readv(r5, &(0x7f0000000580)=[{&(0x7f0000000080)=""/125, 0x7d}, {0x0}], 0x2)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0d, &(0x7f0000000040))
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
connect$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)

10.27973199s ago: executing program 6 (id=2101):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)={0x3c, 0x0, 0x431, 0x70bd28, 0xffffffff, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x3c}}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f00000001c0)={@remote}, 0x14)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', <r3=>0x0})
r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCX_GETX(r4, 0x4018920a, 0x0)
setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000000)={@remote, r3}, 0x14)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newtfilter={0x2c, 0x11, 0xd27, 0x2000, 0x0, {0x0, 0x0, 0x74, r3, {}, {0xafabc05531515610, 0xfff3}, {0xf, 0x5}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x9}}]}, 0x2c}, 0x1, 0xf0ffffffffffff, 0x0, 0x1c005}, 0x4008054)

9.994027432s ago: executing program 5 (id=2102):
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x2, 0x6}}, './file0\x00'})
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000380)=0x2, 0x4)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
syz_emit_ethernet(0x32, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffff1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000140)={0x1ff, 0x1000000000, 0x5, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a5fd03"}, 0x38)

9.06252792s ago: executing program 6 (id=2103):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000ccb000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00"/13], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
modify_ldt$write(0x1, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x39}, @NFTA_INNER_EXPR={0x14, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x4}}}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000)
r5 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000180)={r2, r3})
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000001380)={<r6=>0xffffffffffffffff})
syz_genetlink_get_family_id$batadv(&(0x7f0000000200), r6)
close_range(r1, 0xffffffffffffffff, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x1f1d, &(0x7f0000000200)={0x0, 0xe3cb, 0x8223, 0x2, 0xda}, &(0x7f0000000180), &(0x7f0000000280))

9.032338951s ago: executing program 5 (id=2104):
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x244}, 0x1, 0x0, 0x0, 0x44010}, 0xc010)
syz_usb_connect$hid(0x59c7271563034cba, 0x0, 0x0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x55, &(0x7f0000000580)=@string={0x55, 0x3, "f34c2a690f9edebae6a2d918a57adfc32e8b019527eaa18146f93b2762db6c23ee51dd91b80c0423907b5013a6212e814d37637d351fcd98c90e4fdfaaf16079e116382e7c5d3d57b4e88f26024cfb18dce543"}}]})
r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x2020)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

8.473864439s ago: executing program 4 (id=2106):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="580000000206010800000000002000000000004005000100060000000500050002000000050004000000"], 0x58}}, 0x0)

8.393220547s ago: executing program 2 (id=2107):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x12b6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x145)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_type(r3, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001080)=""/216, 0xd8}], 0x1, 0x10})
io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
io_submit(0x0, 0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, 0x0, 0x0)

8.030815623s ago: executing program 5 (id=2109):
accept4$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000440)=0x14, 0x0)
r0 = syz_io_uring_setup(0x49f, 0x0, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r2 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000300)=r2, 0x1)
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)

8.017701453s ago: executing program 6 (id=2111):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}})
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
umount2(&(0x7f0000000180)='./file0\x00', 0xa)
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x403, {0x1, 0x5, 0x0, '\x00', {0x10000, 0xad4, 0x8, 0x8, r2, r3, 0x4000, '\x00', 0x1, 0x8, 0x100000000, 0x6, {0x6, 0x6}, {0x20000000000004}, {0x100000000, 0x9}, {0x8, 0xa04}, 0x4, 0x80000b, 0x4, 0x3}}}})
write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x0, 0x0, 0xc5ca, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)

7.762290387s ago: executing program 5 (id=2113):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000027c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x3}}]}, 0x38}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r6)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

7.182760874s ago: executing program 4 (id=2114):
socket(0xa, 0x3, 0x3a)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
add_key(&(0x7f00000018c0)='big_key\x00', &(0x7f0000001900)={'syz', 0x1}, &(0x7f0000001940)='\f', 0xfffff, 0xfffffffffffffffe)

7.044852487s ago: executing program 6 (id=2115):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8101, 0x0, 0x0, 0x2cf}, 0x0, &(0x7f0000000600)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
creat(0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @multicast1, 0x3}, 0x0, 0x0, 0x2})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)

6.543798191s ago: executing program 4 (id=2116):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, 0x0, 0x0)
read$char_usb(r1, 0x0, 0x0)
syz_usb_disconnect(r0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x0, 0x4, 0x0, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, 0x0, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x2, 0x0, 0x0)

4.702086061s ago: executing program 6 (id=2118):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd28, 0x6000000, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0xfffffc00, 0x8, 0x10000000, 0x200000b, 0xff}, @broadcast, @local, 0xff, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x11, 0x8}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x4000800)

4.653687951s ago: executing program 2 (id=2119):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d032, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f0000000000)=0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x18, 0x1409, 0x1, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0xc050)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0xac, 0x0, &(0x7f00000002c0)=[@enter_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @dead_binder_done, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}}, @acquire_done={0x40106309, 0x2}], 0x1, 0x0, &(0x7f0000001ac0)="d4"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000040)="a1"})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f00000004c0)='fdinfo\x00')
fchdir(r6)
syz_fuse_handle_req(r5, &(0x7f0000006680)="8e503ba12553ae35664093744598ff2ed98313cfeff69bbb1f3ba451bc98d27cf439225d75522ac543a153ac5284bf131a87e53d0b20f8dddcb2af841def3e560070344be18fcee4983553ba856738012b512e3dc760fb581a17e5622e0e22e22546476d6cc6d6d94d828a2fa22ec77a1cf082f5ca88f1f8976e8b6c3a7a537f8f50b432bf4df69c912bfcc539a65851f86b23f24e714e0643429ec1198ea1647316538a3ce23fad21e19e087c0dedc7aa6d5e4b0dcbfcbe22c857f5a848aef15126b9ecc810249cbbc82c8b6ba49e46b71cb79f6ef9449d0838b9130946398941a4c64f6e2d84118b60ed4ccfed8a26446032fecf87434e71b7989253f64feb6d2e1013673a9600b1915174e55ad78d1d666fb75c24142e44ceca89a18ca66b4b5e66ba953ca42fb6a36d4a3612a2948393f67a7d1d0957a8553c73855fd007abbb6c3d4bbc943f3b102bb2ea6f40e714516a3de91acc6e1468e9e7b66ee57815da23054153d9d5fca6bdb26ed8f7754d88154d46df2f2e4964ee5d7f47e9218d6877c3b232c945cddeef70b24e5c6c434fa30fd0a2ad1c348c3658494f7cfdfb6bb56b43f1d9b2d049c1166161c3232ada01f3c789b2d6958cdd9f044a654f8397d64cb928f4d57f0c4e9739afbf3afbf0e9f84d56a1aba6db7538d98404b7cdfa97f8770a6df4a13145c1d0cfb7ec0349b5639d9180eada54b2f8c12472fb379901e6d514fbfd6d41d2dd77eb42608a784fc016ae48fb126776b10be5c03f62ec90987e766d20d821a17c03e0d867f4aa3f4902fb803e8261833aa9397e107e6c100daa3d8b792bf4b5081ef56670762b5ae3f528836029ca332f44fcc5cf3750f39091985032afa8dd2e80b69cbffc29aa13fcdc0ff811a108794b4154ecaf70e58a9f70a573cf9d1040e23f5a04a873a583e4ab0fa5f77d620c60f0a45cdc789b849e9e8746528846bbbf8251a84f2aa97ccc3e49f4c9b6abf0248344e86a71486eba9e62ff5920bb80ceccc5813f068da0d5aa208c440b7889118d2f4e8baf22a84544f232d6a3a1aedf31d5fc22f0ece56ac611b1363ff35e5071342a0257d3f146dc3ea1cc795d2f06afeb1d6995e50eb2d2d21dc6c4377a2626dd9486446517d03a4a03c43ef2e255a92b775c198bfe92c21375599235aac33c69190bbbfaad76860d0c9e70ad53273460c370b06bdf94ee8bfc31c48609ff6de0d39f873ec11e8c2835f17b3f18891c8ae335a7074fb5a5c794007a327fbb2622e71d62e43f50a00cc59b7eeb3f8ceed5d87fa5eb62a7a8c74ec90b1096a0b24606bf14b1f13f78ea4ab522304c7ca1d7b8ae47b5859f6a0d9baf3b6ffd29a4fb6782732febcfa51446aa87691ac81bf891717fbf8e4deaccac63477d3bc7b8ed52e9b6ca3fd39eefee6a337c2ad76df9739e2fbff34bf36027be0cfbebfe5b2fd168d75b2fd64479e2faf85654c013955e04044a9b7bf8b3d42da91962796bfe6eb53fe29e36a7a7512a155c712ae561d885703cb26d72e6f1df3976cc665960f871f3110309ffb6b5a79e54057a7a286c62c11e973ef671e86051686f77992f985d729740f38fecf83e03a1fef542cd6b4cee48546f67873a9c682c4afe4a5beccfc64085c622c5a0b5a1f6355f938d16925cabe61426a837c48fd6ad790afe54448fb296a03322f3427e132e8c0623bd311af8a619c2d91415e851744941700f09a2d8471def9dbc448c6aefb4c664f8902c872cc7de9d26e8b300b55b1d08a80257095efef35d9b497487607a22bc95c68f39aeeae243e76ccd40dd1b7ccad6eb39b35d91d239b2b005c8bb6e50037ffb1253276e20384398a5e97ad705fcffd04c720539ddf80cf4e929e82e3fec3d7542e0b7495733eb5da29f6dff5a34ec88a71881f660a5bc9481e755fd3c5683e95ed97cc91ab0edf49afda477aea42bc436b364747d973d61be806e1e63b6982e42814a13c5adb3bd767ec724d2d654afb106198fba6b4c798f4b82f329c2b8055ac4d247da971e32eb4cb971c9ac99d18c0a216d48dd7dffd372e0cad9ce6f05b06e47842c2f53b7c987139c6ddac3446fdb163342f8ca8f5401db91d324a6b710f28dece5839d37760c2515d6ad815a746cd7ccd3a438a5d3f28ca331f6874dedbab107c64127a7590a2813c1287ca977807827d52df80a9c19bc7ef335791da1be53c89f6de8ee1f02f26069b786f22bfd23cd8366e3ca02c0b296d0966d7f8fdbc0ef06895c547224f1a01c92d5f43f81b35539469d1fd9cd76dbf8cdd21b479a6474578863c9906ce6b12d0dbf5a458dafc042fcabe64aeebeb70c0da9300ed22e5d2851c5e77b20f9da1cd26cd810e0b8f1ba17d7c819e8a8ad86aa5bc4eb64748b75ab4a85f05bb1dc542234ac175eced1fe8f3fbd86f1c7349a360f5af0244818df303dce6842ea7afa722be19cf162d671256e5659c77c5569d827b28dc44b7dbb7d9433bc9eff26edbff36cf796b8afb285393f2dab6bb9a3ed40dd065ba8a8ab62cb575e696b97a2853b1700835ae429b983a5bb88972e367f5996a21e9a3b00e943e15c1163fdee023e1cf6e8dc42655cb175590fb6b8c46148b37957c5026aa94e96cbb71bcf9e7899c489edd9b34ca2d3d0dbd29f135cb158652ded6c959820b26a5fb6e8f3a6cfb80bcfa52c36ae0a3868914bda36b5ac09d2ae6cfccff9859550cfc5c6c3b30cddf6a2130c0c563445ae10634f38c65a47aeb8c72a0f25a6747a6787e703e1723303dd6d5bd4303240cb6d4659ee32d80b92859327e882ec84d9bb2a6976d9c6fa450d5598c6af1c92fc4ed7614e3192a06e62e704278424e2e5d521ec4f2cbd87d9b8a65405e807f6247e3f9228e8a5c44e31c9de9247d1b8248ce71d34663cbfcce728c9f08628629fca3f334566118aeb86470886147d714d2dce240408fac3c971b851dd33cb7997e238a2362195ba4f0e83d5c1c5039328817f258d6645bcbc20512398a7a34e2288585b4dc626c6867f3af5a0f573492cdb04e5613bd95bcfe6a61541c3912b4e841b34db2820ed5aca226dcba496f9586b83ab44ed3b9f34cfd2397f36dc4f9811815b975a208b6cd163031296b289b7d202036bca9c4e862f6b1d6356c3c54d47de63e0d0b38e7b9e41e1b25d94fbd03853f786fcf2325020355469e52dd2cfc879e2758382f609173cb2c01775030d1d536af97f5bd0a4b71ad9bf3e5becfccd7dce72fa8882733d2c32cab1338ce67f301be74b1c51dbacff9bdc22868f3f16531cb86b7597aff03040a821c4f7cae2b5b92db792f327dce81e79ac83d4ca15aa248ddc2fad518ebd360c5ac8ff3636e15e8ff61501b1e5c6338847ff43c0d3ed38c87aa623c318c8facffb72fbad8bf4effdd2013dc60ad91f1f5a791905b572321ce0956ffded80e2152b0672875fe71923de673ce343a665d327560c5267223b6fa636ef188b94d4a42884721b4f2d51f90ff3e5145aab164fb56982648a7215601d23017b749c01b684082e250330d109af89bf5d20ca788fbd95fd8d1c128aad3306c4e1bd1c054def7b7ea1948e3c95826078991d234808f55c2314706c8177d7674b2378792afe66b2d65484b481b0e52d8b60e0980163fcf2fffa2cd81f4dbf57afd76fd4e71ec8a6604a697fcaf57e65bba50489f6f0c5b4c046a14303eac05700550ee10fa29d8f68a9eb02fa504b640865f7e2c21f1451ed7d75c90a4734ba64327bc3597b5aff23d0a8f1229f0539720bece2b980f85e11c5ecbf3a560e5dedc40e1260349ccbc647d4d9763b17a45fe1b63e5d16e1a49d55c0011e3ab898b64a6618682bd7bb7e8ed18dafa1b462f20f6aaf2d7c4777a6fb73aa7a1720d67a644f4f4b0bc3ff965e696fd3513979f2e72289dec447af56b240380cfa2a9ce38a808e961d26b6ee6810c75778e9d23a93b3f79b3b293f138f23ef2596b60ecd4afc2036debb7e14f61774d84c1325ee7b8f95dc80c12b001e32e894516473a82aa2c24b5ff7f8c3374e245f1b3ff2a8cf0cc33ecd4b9b7528c34cf54d77756ed3e1b74a0e66c9c1dd8e53c123872c084f70e8a04efe8a8c3527ba75f4d9ced8469229ad7453a1376cae90b155638696103216a07b02e93e3924c4a98d159ce8633b2c8bda44ef28f37ba5edf1e80184c9ac2c8b0db77096dbf2f866536ac4f5ee9eed4bb8dfe0dad4361e901450ba499c119aa1af2a1a7c527b09562a47d8260bd7647e29ee422432f063a84d195e9c843e6f6fa684dd044bd09b8cb3e7a976df68049f09caba37b69a595cea61667f2631e561be743309568b4c37fdaed8ebc628889bc3bf9c5a63bc74e9358a9c2228f51370eb483ee39e682cd4f56f15a16217904c6189ef50044e04f244da23d1c9f41a5209f4f485df4ad8d1922203d365eb11102d48c93c09b700e177aef00f8bf729c0406b89de32490fca998bd34f80c99be60601d4de10e9a86a5a22652eb9df948daa66529b6445cdde70ad125d06e41a3469216233a8b9eeb928f2d041eded321d518f0435ca377e90ae49e95793aabccf299c1f1a82ddec49b2b8732aecd1610d5f09cc5e509d4065c5cfb4edc55f6a15fbaf4dea24439ea95b63bae312ed90e47787000810f22ab9b6aa0622ab969fa30b724b24d82447d6a357468b2d1ec61a80ae680ff7b8b894158218b0e63f99103879f3c1dae33aedec60a1e755755604e33a6698cd0e378b0a0b04017278411f33eade9c4c0e3b7d0d6e62fdc3ebf5559310e0a2913d5aff1ce1bead51578b3879c0e25d96a7a150ba655c97875d864c3a6d5b595ff9dd9698857b3b0bab2d087bbf7f80f5a7225cdebf794ede16a61ca73201f311f87ef9cececb8fd07b2bf384a22a8ae988a5e91e6355e26ac923e78004968bf7f4ae3b319e61a422a43841831a51e2c41df8a118da5239c87b4b0aceb32854413d53e0228090babc167ed6600041390ce04e96c94c65c51fdc00e617e4ed870fe9ed2bbef84c1e1f3f796b2867b0f383b6e01ba2b82ecfced722ac5a7c092716d18b9b41674c342a1a6a7ef961893d451648cce5d0ccb4c180e0493a53f5453de43a6535c486acbfb9f480f3255f998831b684a468a88840e1e7e8a310ef296ce89bef65b7e54265c88bff204e48963cea9945608260e5de37b949acacc938e8e2de9fff925022c010f94a0cd6c7bf16d4e3132034a8a3301f1c1950b9a31ee8227b17cbf460db666f6207a59783064115eac2d4f29f9483ebcd34e8792809d5c25a380b2137bbcd7cda502f4a41a043f7d626e922adec9b4c6478ac0df9842bd4e8912deb2ad2026461510ca392383ee9a7ad0388ae499951a4283db39ca57ed9bebf43dcaa6caa391169077a189641fda3151d8e3a3a0b525dcafa2d9d7b2a01468e658c10c27a8ba74b487a968b05031a3d53b59139068b28ca87c5bfd9db867c0e9b9abd91142c96dbf8883e1a89db8d96c9f0a8999a4f9d6b07f32d6f8bb2ea6d2eaa8a531edf85f25aef35c84eb4bf3f46ab4213602be20cad885d404ef47fafc7793247247848f1c3a06ea31c23d0cbffa07aa5981714dc85736e95cd4d60ed1f25351b1c723e4f042f55f02d24a089862df124c75cc4f618853914439c1406a393a0f1ec0f2346f4cbd6beb17713149d67b9bf1854c814bd8ba3a199218e6eac655db998c955df382c8dee2b4d30c750a63a08e9a88009840e96a331bde3767bce177fc5c44528cb673e862e24c2dc2399be1435cd20916e9e060f8bef39d4b47f335dde4493e0e44b0f619822a35e69b7c5d93dc69575ff71ced7c858e43dbee46f4e50846288cbc8fecbb9291d455a015fdd6e1412aec0e6104d0377074b8e160ec7d813bbc6d3b8e6b0256bce8d255d7a592b408cdf6e63164c99d94f00a693e06c2ecba9dc6d36c6a35697c1647f942df4c805c18344b8e5ac885689068f864c395e8c970702e40cf6c683d10455c7ad75fc035ae260f359c2d8c91305406c6f56ec535be445601c75ffdde1758904787f29a558d0f3bd04bfa08f1612a7ee8a7acf129ed5eb854bba757d34afa354098ed8b4e3a599db4b7611a665fcbbb182a0774cb026a00714d8b91c7fb8691b629b6a93f92da2f3701348885dcefe5a548c90101e50dbaf3f4907611623f7616bcea943bd3feedecf3b3681b4d04a938ac83d9f18a21991a90dc17005e7c56d2e09a0f4ad9f3c676e7da478e96122046d0a167f7e1a28d97d514aa68d24dac8501a1a35ddb6f3703311b26bfa3319361ff5e4d38cd55a04ef1b4fb417a3b638cde7f8569531a22c0fa12ad3a55dfe3c2642205fe1ba0c82d36f8815ec52f6381fe789fcf89efb305498a9b1f0ffafe01bcc5581f5b5d195bba77797085ab1837fd081cf5f086da2a16b6a7f8ca9efbc4c9cf771961b70626120e3715b16b222932291e4ee2449591b1807d56a53d4d86f25011704e7d5efcb799ab130ec2aacd54afd3c43c8acda1c5874ce23234b090c4eaa8ddaedf979b1218a5b9dfb36b8196ce05924dcdc7f50d96b95d0c288551a0498ff23f56c7ccdfb8966480477849c7471bea99cb0af35dbcaa5e781b5ddecf3cde51d78067aed9ca267550dfae119a3d83710ecb92fe80841837b41a40d262f5fad16c20203d1cc3455ca63ebdf0f5dbb7a498b4629dcb87333f2d58726871e6b5adf60faa0f8c9cb4718005e5e199457330da1a11cd0d7e78f617b6805fff8fa45c2cb56e1e17904773e165d2a39470ce1616418e7e15481c798afed92efad9c2babcc3e3346f8022ce30b3e1db015a2b9f5dbd4560ee9776c77eb9cff5cf2af28ebf1085650e29bd8dac01b814e6c285bf964da2eb1a442aeb671589a02c29d58208829c9501c355644ac28c38835f4025dcdabfd3852b1a16e45e9c032e97f7f2f0f612739c6569f44731692e3f3b97ba5bcd0b7f2dea1ee6303b5f92514c022e54aa4c587eff74a5d509c17785686c613bf6b778e3624ff3653674e6daab3f788ec9cf879f06957a673a20fdccf721ced05a0d23e074de82614f775a84dfcd31c621cf0369e28791ab742b62f271218fa1bc8681e9d41b4a93b05cc693013d54d367b1e6e1a7e74b43b44b920192ed8fbb63b89f393e5ffab584d7c201d1b99b7bc6907033109986a4fe7bb79e803315c4df94ed471cba889e148645fd1748374015ea8c696ff64bf6d23bce7e5efa7c7e6215ceefa938cd88aa0374da4ee1e10cbfa96d5283b4a0867f4d76b8492fc618e2bca34ba9bc2ff3368756080a78a1ece2f0d1d1cc30cb721677de3c4cd6da378697c40419bc1f2184b86b8e40abd627aab9c308d8fd2db8daf8b43225003ea9124c11dfcbd1b6ea959a86623e360b40c381d991892c1fa6c0c81bb4d03d8d3656cedd1e48539192fc8bd1474ce961159816dcdc76e95ed9d9893e91a0ca670cd1152cb014310facf952fa9fd0d30900196b604c10596c1a31c1e70416824c207656426b09ef9b558496ae87fc7449bfdba0d5628e9af6397385ddadc986424fde545c07664fb6ef2756ed9e443e39257eef2179fb9e4a9e84062f9b6048125151e2e7fad2560df277323b5e22ab2731dc802d6f372d2a335b5da7e5a86508329b3dceb56f0d4f9f6f9e48507af3ec99fc172c237e67ece3d51198a033a9c66f3243ef694893af85421ff6f93ecb95eacceba5fdc1a76810e999a40733b46433328b24ee17b718b135b74dd535202c7966de2de5a26412e600971704bb90007e42d3e6a3acd33e7358da6b32883c9ad30c2abb1cdef7452e211734c6fb6d199a397bea8aa3cf1f014929941c34ba06096e70d852fc420effc7924ec29c03bea29f289c82338f0115e00de549007456d5867253a5b9bb4493bcff815a3100fc45a0de0aad7b0b5c641ed1be3e8f07fb3b1a8a496ecfd3dff5abf0d8f5854621faeb4a9920d8c52b7a0338d49fd21d99c24e1943de3ba2668aea7bc95bcf21e2bf0b2d5f899f33d0cec31b60df4ef5a23e1b173cc89390c8bc3ee96e38de06f6016a2b0eafe86af9dc59bead4f5f948a81b1008a95e3ab39f8009bdb4f268f3002245e73ee2ff50cf1cd37e867cbe44ad370b9336e0dddcffb6dd8f2f79155235300bce6385e544105e6d278d345870216e61100337a871ab51b2cde74fe976e1f8b77a90bb8b51eefe7e4201db41915f482edbe1f8ae268314d5af95ffdeb94aba3f4e316990792d281a123d7febbba7f6abaed7ccfc0c567d4bd1c2d9ca217535167c9a09f1ad0ecaa99cc08338fead5deef7fab77d2082d893b91c27f8ea4e48e052a2a31c8e3f9510c4ce94ef16053bcc25eafa324e5a1d045a3de8f7d731e58ec9130427552323bcfde47f6b55b5634e8cb190fe183af132f12d72ef5e4d98508b57106ccb647ab505369c728958a0789c67ee80acc4bbf41b97fa56d8701c3ec5ead411aed16882dfb026c50c28b5fcc442c432837a82f8bfd47650b83aa71b909be61ea77cc029a0c615f8e390874995d19e224c38349c64bc166f50c54332d1a3eff0071d7a0b11a901c56a847b93ab5bd0bfad8f965cbfb53c2184c588fb7dbc5c693a3ade89b303e801a650b79c1ea957aabed937998b5df77ff29fd43515e8a5ffe441e323fefa45a2775237e1c749897d448f1f3ef60c7755d1a1441b96a136a86d341471d57c68c859813656658266c40b8bb8bafded8ed0d940f8c5954923eb43ad5afb58eb452d6430990bc924afb97191f31cd1a1f58e30b0c243f9636245c459280d16da1df1a30ff63de677554d6b252487455e8aff91370c4a0ba9f341384cf8483d18b9d3f2fc51b07ba8a5fa795d7925189ca344f0fddb8bf55e35013f6fab3806b3c4d17499ec1ae819d4f3aa6b6a570c2ea68558fa33373394584dbf11d41f7059b55f186bd54bdc30dea390872737bf0312f4c68dc963d28d5b218eca6314e23b7381cfbcd01c325d9a3869f1176eb82c183b37d65c8500a48e9bbb1c465e27bfb668a16100e5384d9116aa35f3b00b4ee3bc84700ab17283d4db6b420e6140d14d09b51ad020fc8e505d2c820ac307d45b211213c18487ce12dff233a5caf87cd94a77d0eba69d61452f41c1f82cbe32b567a39a4615a6d2155cc73c3b90dc55daf33c8d9eba3eb0e182c79dede1293dd30840ebf048df8a93e38d0136e856d94ea105cd04323406dc429b5551538625109105d88b1ac480d0fb1e9d1977099707f9f9534b683d855c4d3c30a29c6678a3221e0dea7772f8859f572420708da9a030ddf973cf9f221404117b05efb76bb08ecf34aa9b36b0418c74f90a07e8e5c91e1d7c8a8ea596c0de9b10c222e9588c2bbc77d860b7197b42b42a1ab834ce24fccbbe20f2579ec6dbd4efb9aa1a3d2e062de594d289273e98342440045a0c134e400003b50d4243826b029ecd177cf3d2cf3d164ddc58f88a970a0bbdc7f0d60271cab0df2dde79d1b929cd3028effccbe94c05008f4261297024e4f72604d52db9da7b0e5f2f4f59ebe77b319c54aaab9581a8355b75594eb6dc0fc25e91052c89764256ca464f9f6e45bc34d6e5aa28e1fd93997b58f21feff551aa3ecb5375c19ee4543f7339418c11b9ea18fe2637a9bc9744cc9fcb21a7643eb87683694732154bd1eec746f1c57bac65cf18a83267ea437f7993644c510ac44307703ea28b20e52644dbaabbe9ee1e23a38b29b91cf9077fecdb98ff4e4749c9d6ad2901c5a891c07a8b0c26ad1f8126e6db537df7fff65486afeb85eda80e2a04d09d46720330700267cbcf205b5c00076c01d9db0a64d5426864d14cce1781098afdc28f9f5948ab7791627baf78c3e9df2c0ed9ce50b083bc7a34ee0087f4efde579e2dea313e4e20580c5e63d5ef4509c05a9dc38ced91340bbb9cf948bb03ea5e60c666a1a5c4acd385d0c1a01797b9b3183f4afbc925dd2641d21410b4b1af2f21f8cca330fbc08834e1e8210fdcf332f70f08b48a2655cf017ec8a19640f2f263c54876d6f4ad2193be944667f6498baa32225d2b5b82abd3f2fc64033f1db9adff6b1c788555d5ffa1a35d4a691802447b163ba9a615d6c958036528bbab84230d676145054828d530f0e3af417ad0480eaf2004b9002b644bcd8f0ecf860c31766ace95769ab4fd01f297c595b45e6c7b1c9f662044f43fc82b6244e5d08b1e556599096c034600e20ff000d996b6ba3a6700116127b9468c9567ad920ddcf7ccf9c0a74f49984e24a7aaa2321ee58583c1bdba668cb98c319f682ffc5957015ba1799930d4b676bd3bc76037f6bc2d9ddcb47efebd366a90dc7e67076ebc25e2ef2929a89faee06aa04538a3ae7b196dfecd33725ce9f859c5df4713b220ecd18b1613ba76aebbe8f9f93eeaea9e88e46e7ed24c4efbd86fcd57a4f9fc76152175782871ab211a18ae303be8e9459aab930597d17875c5f5f24d9b16bd8dc4e25f6a7a1de05763da11ee7e26e1e32ee0a5ab2de5d069d03a6ea95a33abc1025d59800fccfff1f0e0f7335e2778b8731cbae94828dbe70507c5369f36d457e98d6042e342cbffde2ee74e05cf0f8aa7185de485e5050294472cd8c7ae03977b62cb287a9d6e4d66650dbc4d89e58ad4f7c24d46573acf85f633d1af73cf655788b431bf22315bdae78d9f6f9cfe32330cbf77bb0195a60244d4bcd0ea35b94bcdf7255ff58f1fb11a09a06747337c95f332a0ade622d49ce0f2943517fb4da8049f3c1b53cb68475c2eb52551d40cbeaf5e79a748c5314bb531b4fc28494b65ee8513427e1fd3cc990fe4ef5ead14b65f1c3e9e0598edf42e2862e2eb180b3e674fc3005859ac56ad17022a8f48b49dcc97e991cfece1d52b7ca82e711944a877567ca0da0663276480d69fa4be56f425bb84dc9177d3e3ed45fb737ce026b8df38336f9efedb89a8650f9fb73918d300c909e9f9189458e1930f09b05433980e79a2eacd0dda32852bdb1a417e4ba62b83d0e17ac8d39834f41c8cd49517013ec658c4e10b38d0788df96764d13ce074271b51041671240549d18540271c8898a5c9e4be4895881235d59666a1f0f3b3cd098786afd6ab4781b73275232b488fb3d9eff77e71f8448a95c653fc80d069c15aa2a80d5799e6c45eb27ea8d6675f28f7aa7cfe3cef877c91ecf3e576e942a20312ffb48a64a91876ec5d1ad2f6a68946e73db4785894736106906731793c3482365d4151051c8d5f16dcb0348628e3aba4087ea8c9ce24bb93190fa12916f529c8eed6dfd3f5bc24d09b1ad377699de3f687b392ec921d81e35dc27bd14be4d004e713c3d07cf600255d45fdfb326b4327c9507c6f69d01236eb9383133dbaa787ba37de14a12e850ec60381a9ffab939ce16cb9b490685343048c0933bc280e809fc8114096ae2d303bbcbbc941b70b5d1d03f59f0b534fa195cbcf34e57d2aaee9c1dcddb5eafd8399fd1d53bfdb48a6f6d3153bb903ce411800f7220bdcfa312ac603672c163a0896b85409859b817cd304e73f278634fab0b1dbe226d7e4f93f220180c3434c7c22ac3143e06702f9a21e66a46d4980bd20d9b0c62846362d0a1151584a28a87902dd0f35187850d501c68900", 0x2000, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180), 0x0})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r7, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})

4.525958259s ago: executing program 4 (id=2120):
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_open_dev$sndmidi(0x0, 0x5, 0x141101)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001980)="d527cf11805d55533beee663b219fc6742ceda12c4ba069e5d711c602617720ced4aeef3c627ec8ad698db10e3f3dbd3712fbe8eb20ba74f94971ff02659784db4600a1b79ec37b13575abaf52a8afe4"})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r6, 0x2)
close(r6)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921"], 0x0)
mlock2(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0)

3.03478335s ago: executing program 2 (id=2122):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa, 0x6}, {}, {0xa, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}]}}]}, 0x3c}}, 0x24004000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf291000000008000900000000001800018014000200776c616e3000000000000000"], 0x3c}}, 0x0)

2.856541777s ago: executing program 2 (id=2123):
accept4$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000440)=0x14, 0x0)
r0 = syz_io_uring_setup(0x49f, &(0x7f0000000400)={0x0, 0xefa8, 0x10000, 0x7ffe, 0xc0024e}, 0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r1 = eventfd2(0xff, 0x80001)
io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000300)=r1, 0x1)
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)

2.622291231s ago: executing program 2 (id=2124):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0xa7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=ANY=[@ANYBLOB="580000000206010800000000002000000000004005000100060000000500050002000000050004000000"], 0x58}}, 0x0)

2.386349166s ago: executing program 1 (id=2126):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000040)={{0x80a0000, 0x6000, 0x10, 0x5, 0x3, 0xb, 0x4, 0x4, 0x0, 0x0, 0x5, 0x67}, {0xffff1000, 0x100000, 0x10, 0xc, 0x40, 0x0, 0x6, 0x7, 0x1, 0x5, 0x6, 0x3}, {0xdddd0000, 0x2, 0x0, 0x2, 0xc, 0x5, 0x28, 0x4, 0xff, 0x2, 0x5, 0x9}, {0x0, 0xdddd3000, 0x4, 0x77, 0x7f, 0xd, 0x4, 0xd, 0x7e, 0x8, 0x81, 0x8}, {0xdddd1000, 0x4000, 0x3, 0x1, 0x81, 0x3, 0x9, 0x3, 0xbf, 0x7, 0x25, 0x7}, {0x3000, 0x4000, 0x8, 0x9, 0x8, 0x2, 0x4, 0x9, 0x44, 0x5, 0xb, 0x7}, {0xdddd1000, 0xdddd0000, 0xc, 0x3, 0x8, 0x0, 0x9d, 0x5, 0x7, 0xe, 0x7f, 0xd7}, {0x10000, 0x3000, 0x8, 0xba, 0x1, 0x7, 0xa0, 0x6, 0x5, 0x1, 0x7, 0x5}, {0xeeef0000, 0x3}, {0x1000, 0xa311}, 0x40004, 0x0, 0xeefff000, 0x0, 0xd, 0x2000, 0xeeee0000, [0x9, 0x800, 0x400, 0x3]})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0xaaaacb1, 0x0, 0x0, 0x0)

2.125535938s ago: executing program 1 (id=2127):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="81b641f1f38437", 0x7}], 0x1}, 0x48005)
readv(r0, &(0x7f0000001540)=[{&(0x7f0000004580)=""/4107, 0x100b}], 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0)

1.179431018s ago: executing program 4 (id=2128):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8101, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
creat(0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @multicast1, 0x3}, 0x0, 0x0, 0x2})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)

666.291131ms ago: executing program 1 (id=2129):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x2, &(0x7f0000000000)=<r0=>0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r1, 0x0)
io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, 0xffffffffffffffff, &(0x7f0000000180)="0100fd6400000000", 0x8, 0x36}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0xffffff29, 0x0, 0x0, 0x1}])

494.522082ms ago: executing program 1 (id=2130):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0xec}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200000038000480340001800b00010074617267657400002400028010000100434f4e4e5345434d41524b0005000300ef00000008000240000000000900010073797a30000000000900020073797a3200000000140005800800024000000000080001"], 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x44110)

296.532552ms ago: executing program 2 (id=2131):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x800, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000d40)={0x0, 0x130a, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x47f6, 0x0, 0x4, 0x0, 0x0)

236.633569ms ago: executing program 5 (id=2132):
r0 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4, 0xfffffffe})

235.946192ms ago: executing program 1 (id=2133):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa, 0x6}, {}, {0xa, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}]}}]}, 0x3c}}, 0x24004000)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fbdbdf291000000008000900000000001800018014000200776c616e3000000000000000"], 0x3c}}, 0x0)

42.945967ms ago: executing program 5 (id=2134):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000008c0)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './mnt\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x30}}, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3426, 0x0, 0xa, 0x0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='0.::/', 0x0)
r4 = add_key$user(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x0}, &(0x7f0000000540)="bc3009bb66682c9d4233b0cc644f5fdae5b9d17f7ada03bc77aea173022c18232e1fb162caf50d08fda40c6e9c515c4a2c7245660296c0460cbff563b781695432f5a83f5ab8979bf6fd1c17aaa22ada927f1feb5074053514edf5734d63b2b58edc5b848d6fa38f7956549438addc5e72bb0cdbce326b0b3f673b0174949173922f6ee103a5a4af7b3068d357d2c821f6", 0x91, 0xfffffffffffffffe)
readv(0xffffffffffffffff, 0x0, 0x0)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

42.253199ms ago: executing program 6 (id=2135):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0x5, 0x5, 0x17, 0x0, 0x3, 0xf9, 0x2, 0x79, 0xff, 0x5, 0x8, 0xfe, 0x0, 0x8, 0x2, 0x8, 0x72, 0x5, 0xfa, '\x00', 0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r4, 0x2000003, 0x11, r2, 0x0)

0s ago: executing program 1 (id=2136):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
fsopen(&(0x7f0000000080)='ext3\x00', 0x0)
syz_usb_connect(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010002a2b8d240bb2170200b87010203010902240001a00800040904c81e010103f7090905"], 0x0)

kernel console output (not intermixed with test programs):

to 7
[  466.373135][ T8734] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  466.424016][ T8734] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  466.461613][ T8734] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  466.511037][ T8734] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  466.567881][ T8734] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  466.604865][ T8734] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.785708][ T9307] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  466.883762][ T9328] SET target dimension over the limit!
[  466.890830][ T9328] netlink: 'syz.4.856': attribute type 3 has an invalid length.
[  466.898567][ T9328] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.856'.
[  468.032214][ T9336] netlink: 260 bytes leftover after parsing attributes in process `syz.4.857'.
[  468.864293][ T9343] trusted_key: encrypted_key: insufficient parameters specified
[  469.788151][ T8734] usb 1-1: USB disconnect, device number 13
[  469.794392][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  469.794441][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  469.842965][ T9346] delete_channel: no stack
[  472.279045][  T980] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  472.659135][  T980] usb 2-1: Using ep0 maxpacket: 32
[  472.735369][  T980] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  472.819643][  T980] usb 2-1: config 0 has no interface number 0
[  472.885943][  T980] usb 2-1: config 0 interface 12 has no altsetting 0
[  473.019097][   T30] audit: type=1326 audit(1752671344.519:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9381 comm="syz.0.866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0c778e929 code=0x0
[  473.052538][  T980] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  473.247832][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.257875][  T980] usb 2-1: Product: syz
[  473.264419][  T980] usb 2-1: Manufacturer: syz
[  473.265462][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  473.269928][  T980] usb 2-1: SerialNumber: syz
[  473.286249][  T980] usb 2-1: config 0 descriptor??
[  473.339088][  T980] usb 2-1: can't set config #0, error -71
[  473.380717][  T980] usb 2-1: USB disconnect, device number 14
[  473.659445][ T9394] netlink: 260 bytes leftover after parsing attributes in process `syz.4.869'.
[  474.682481][ T9404] trusted_key: encrypted_key: insufficient parameters specified
[  475.497869][ T5894] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  475.803068][ T5894] usb 3-1: unable to get BOS descriptor or descriptor too short
[  475.839844][ T5894] usb 3-1: unable to read config index 0 descriptor/start: -71
[  475.857811][ T5894] usb 3-1: can't read configurations, error -71
[  475.864656][ T9401] delete_channel: no stack
[  478.217082][ T5894] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  478.442677][ T5894] usb 1-1: Using ep0 maxpacket: 32
[  478.458711][ T5894] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  478.519944][ T5894] usb 1-1: config 0 has no interface number 0
[  478.526107][ T5894] usb 1-1: config 0 interface 12 has no altsetting 0
[  478.625844][ T5894] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  479.237458][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.248324][ T5894] usb 1-1: Product: syz
[  479.252851][ T5894] usb 1-1: Manufacturer: syz
[  479.257555][ T5894] usb 1-1: SerialNumber: syz
[  479.280008][ T5894] usb 1-1: config 0 descriptor??
[  479.303952][ T5894] f81534 1-1:0.12: required endpoints missing
[  479.689623][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  479.875877][ T9435] lo speed is unknown, defaulting to 1000
[  480.677488][ T9462] netlink: 260 bytes leftover after parsing attributes in process `syz.4.882'.
[  481.410889][ T5894] usb 1-1: USB disconnect, device number 14
[  481.647250][ T9467] trusted_key: encrypted_key: insufficient parameters specified
[  482.729063][  T980] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  482.868455][ T9470] delete_channel: no stack
[  482.950436][  T980] usb 2-1: unable to get BOS descriptor or descriptor too short
[  483.042696][  T980] usb 2-1: unable to read config index 0 descriptor/start: -71
[  483.063368][  T980] usb 2-1: can't read configurations, error -71
[  483.944937][ T5894] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  484.042764][   T30] audit: type=1800 audit(1752671355.569:16): pid=9492 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.891" name="/" dev="9p" ino=2 res=0 errno=0
[  484.331957][ T5894] usb 1-1: Using ep0 maxpacket: 8
[  484.351981][ T5894] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  484.362642][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.379874][ T5894] usb 1-1: Product: syz
[  484.387805][ T5894] usb 1-1: Manufacturer: syz
[  484.454528][ T9501] fuse: Unknown parameter 'group_id00000000000000000000'
[  484.719306][ T9502] netlink: 260 bytes leftover after parsing attributes in process `syz.4.893'.
[  485.249330][  T980] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  485.324313][ T5894] usb 1-1: SerialNumber: syz
[  485.336048][ T5894] usb 1-1: config 0 descriptor??
[  485.355935][ T5894] gspca_main: se401-2.14.0 probing 047d:5003
[  485.461322][  T980] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  485.487817][  T980] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  486.192920][  T980] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  486.202976][  T980] usb 2-1: Product: syz
[  486.210252][  T980] usb 2-1: config 0 descriptor??
[  486.236338][  T980] pwc: Askey VC010 type 2 USB webcam detected.
[  486.247393][ T5894] gspca_se401: ExtraFeatures: 255
[  486.261839][ T5894] gspca_se401: Frame size: 2314x9695 bayer
[  486.267969][ T5894] gspca_se401: Frame size: 285x9 bayer
[  486.273702][ T5894] gspca_se401: Frame size: 80x32786 bayer
[  486.280368][ T5894] gspca_se401: Frame size: 76x33016 bayer
[  486.350219][   T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  486.389372][ T5894] gspca_se401: Frame size: 20x51 bayer
[  486.414746][ T9518] trusted_key: encrypted_key: insufficient parameters specified
[  486.428318][ T5894] gspca_se401: Frame size: 0x0 1/16th janggu
[  486.434953][ T5894] gspca_se401: Frame size: 0x0 1/16th janggu
[  486.447048][ T5894] gspca_se401: Frame size: 0x255 bayer
[  486.939572][   T10] usb 4-1: Using ep0 maxpacket: 32
[  487.070103][   T10] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  487.096066][   T10] usb 4-1: config 0 has no interface number 0
[  487.112600][   T10] usb 4-1: config 0 interface 12 has no altsetting 0
[  487.124237][ T5894] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input10
[  487.153445][  T980] pwc: recv_control_msg error -32 req 02 val 2b00
[  487.163237][   T10] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  487.183248][  T980] pwc: recv_control_msg error -32 req 02 val 2700
[  487.240235][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.290318][   T10] usb 4-1: Product: syz
[  487.294941][   T10] usb 4-1: Manufacturer: syz
[  487.332758][ T5894] usb 1-1: USB disconnect, device number 15
[  487.431352][  T980] pwc: recv_control_msg error -71 req 04 val 1000
[  487.532962][  T980] pwc: recv_control_msg error -71 req 04 val 1300
[  487.545057][  T980] pwc: recv_control_msg error -71 req 04 val 1400
[  487.552100][  T980] pwc: recv_control_msg error -71 req 02 val 2000
[  487.552911][   T10] usb 4-1: SerialNumber: syz
[  487.559279][  T980] pwc: recv_control_msg error -71 req 02 val 2100
[  487.573025][ T9523] delete_channel: no stack
[  487.577921][  T980] pwc: recv_control_msg error -71 req 04 val 1500
[  487.595113][  T980] pwc: recv_control_msg error -71 req 02 val 2500
[  487.620353][  T980] pwc: recv_control_msg error -71 req 02 val 2400
[  487.627918][  T980] pwc: recv_control_msg error -71 req 02 val 2600
[  487.636034][  T980] pwc: recv_control_msg error -71 req 02 val 2900
[  487.648648][  T980] pwc: recv_control_msg error -71 req 02 val 2800
[  487.656409][  T980] pwc: recv_control_msg error -71 req 04 val 1100
[  487.674704][  T980] pwc: recv_control_msg error -71 req 04 val 1200
[  487.778940][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  487.803826][   T10] usb 4-1: config 0 descriptor??
[  487.829322][  T980] videodev: could not get a free minor
[  487.834817][  T980] pwc: Failed to register as video device (-23).
[  487.858248][  T980] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -23
[  488.570346][ T9516] lo speed is unknown, defaulting to 1000
[  488.693221][   T10] f81534 4-1:0.12: required endpoints missing
[  488.739474][  T980] usb 2-1: USB disconnect, device number 17
[  489.469010][  T980] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  489.649710][  T980] usb 2-1: unable to get BOS descriptor or descriptor too short
[  489.913552][ T5913] usb 4-1: USB disconnect, device number 20
[  490.007713][  T980] usb 2-1: unable to read config index 0 descriptor/start: -71
[  490.311047][  T980] usb 2-1: can't read configurations, error -71
[  490.873925][ T9563] netlink: 260 bytes leftover after parsing attributes in process `syz.2.906'.
[  491.403506][ T9562] fuse: Unknown parameter 'group_id00000000000000000000'
[  492.949080][ T8734] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  493.545523][ T9573] delete_channel: no stack
[  493.725996][ T8734] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  493.799470][ T8734] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  493.808648][ T8734] usb 2-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  493.842228][ T8734] usb 2-1: Product: syz
[  493.851542][ T8734] usb 2-1: config 0 descriptor??
[  493.860273][ T8734] pwc: Askey VC010 type 2 USB webcam detected.
[  493.878946][ T5894] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  494.077958][ T5894] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  494.092295][ T5894] usb 3-1: config 0 has no interface number 0
[  494.993574][ T8734] pwc: recv_control_msg error -32 req 02 val 2b00
[  495.023168][ T5894] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  495.109640][ T8734] pwc: recv_control_msg error -32 req 02 val 2700
[  495.173768][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  495.206921][ T5894] usb 3-1: Product: syz
[  495.215563][ T5894] usb 3-1: Manufacturer: syz
[  495.225153][ T5894] usb 3-1: SerialNumber: syz
[  495.233538][ T5894] usb 3-1: config 0 descriptor??
[  495.339282][ T6016] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  495.370916][ T8734] pwc: recv_control_msg error -71 req 04 val 1000
[  495.408562][ T8734] pwc: recv_control_msg error -71 req 04 val 1300
[  495.425696][ T8734] pwc: recv_control_msg error -71 req 04 val 1400
[  495.442102][ T8734] pwc: recv_control_msg error -71 req 02 val 2000
[  495.712975][ T8734] pwc: recv_control_msg error -71 req 02 val 2100
[  495.730032][ T8734] pwc: recv_control_msg error -71 req 04 val 1500
[  495.744341][ T8734] pwc: recv_control_msg error -71 req 02 val 2500
[  495.751542][ T8734] pwc: recv_control_msg error -71 req 02 val 2400
[  495.758541][ T8734] pwc: recv_control_msg error -71 req 02 val 2600
[  496.148079][ T9615] netlink: 260 bytes leftover after parsing attributes in process `syz.0.920'.
[  496.650718][ T8734] pwc: recv_control_msg error -71 req 02 val 2900
[  496.657656][ T8734] pwc: recv_control_msg error -71 req 02 val 2800
[  496.670266][ T5894] usb 3-1: Firmware version (0.0) predates our first public release.
[  496.688602][ T6016] usb 5-1: Using ep0 maxpacket: 32
[  496.704161][ T8734] pwc: recv_control_msg error -71 req 04 val 1100
[  496.720597][ T6016] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  496.733636][ T5894] usb 3-1: Please update to version 0.2 or newer
[  496.748975][ T8734] pwc: recv_control_msg error -71 req 04 val 1200
[  496.892698][ T6016] usb 5-1: config 0 has no interface number 0
[  496.904896][ T8734] pwc: Registered as video103.
[  496.909968][ T6016] usb 5-1: config 0 interface 12 has no altsetting 0
[  496.922779][ T8734] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input11
[  496.933164][ T6016] usb 5-1: string descriptor 0 read error: -71
[  496.941881][ T6016] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  496.972566][ T8734] usb 2-1: USB disconnect, device number 20
[  496.979656][ T6016] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.013869][ T6016] usb 5-1: config 0 descriptor??
[  497.020919][ T6016] usb 5-1: can't set config #0, error -71
[  497.340320][ T6016] usb 5-1: USB disconnect, device number 21
[  497.471413][ T9631] netlink: 260 bytes leftover after parsing attributes in process `syz.4.922'.
[  497.481129][ T9631] fuse: Bad value for 'fd'
[  498.032788][ T9632] fuse: Unknown parameter 'group_id00000000000000000000'
[  498.370450][ T5894] usb 3-1: USB disconnect, device number 26
[  501.292078][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  501.798931][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  502.214781][  T980] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  503.257908][ T9688] fuse: Unknown parameter 'group_id00000000000000000000'
[  503.281070][  T980] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  503.351693][  T980] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  503.398329][  T980] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  503.444561][  T980] usb 5-1: Product: syz
[  503.469801][  T980] usb 5-1: config 0 descriptor??
[  503.687938][ T5953] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  503.705852][  T980] pwc: Askey VC010 type 2 USB webcam detected.
[  503.819749][ T9694] netlink: 260 bytes leftover after parsing attributes in process `syz.1.937'.
[  503.833282][ T9694] fuse: Bad value for 'fd'
[  503.947113][  T980] pwc: recv_control_msg error -32 req 02 val 2b00
[  503.954053][ T5953] usb 3-1: Using ep0 maxpacket: 32
[  504.099203][ T5953] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  504.146279][  T980] pwc: recv_control_msg error -32 req 02 val 2700
[  504.470368][ T5953] usb 3-1: config 0 has no interface number 0
[  504.477953][ T5953] usb 3-1: config 0 interface 12 has no altsetting 0
[  504.493406][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  504.499997][ T5953] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  505.074302][  T980] pwc: recv_control_msg error -71 req 04 val 1000
[  505.080924][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.089420][ T5953] usb 3-1: Product: syz
[  505.093758][  T980] pwc: recv_control_msg error -71 req 04 val 1300
[  505.100718][ T5953] usb 3-1: Manufacturer: syz
[  505.105576][ T5953] usb 3-1: SerialNumber: syz
[  505.118963][  T980] pwc: recv_control_msg error -71 req 04 val 1400
[  505.201290][  T980] pwc: recv_control_msg error -71 req 02 val 2000
[  505.208829][ T5953] usb 3-1: config 0 descriptor??
[  505.239444][  T980] pwc: recv_control_msg error -71 req 02 val 2100
[  505.246033][ T5953] usb 3-1: can't set config #0, error -71
[  505.268663][  T980] pwc: recv_control_msg error -71 req 04 val 1500
[  505.276779][ T5953] usb 3-1: USB disconnect, device number 27
[  505.301722][  T980] pwc: recv_control_msg error -71 req 02 val 2500
[  506.473181][  T980] pwc: recv_control_msg error -71 req 02 val 2400
[  506.487213][  T980] pwc: recv_control_msg error -71 req 02 val 2600
[  506.714291][  T980] pwc: recv_control_msg error -71 req 02 val 2900
[  506.729348][  T980] pwc: recv_control_msg error -71 req 02 val 2800
[  506.757377][  T980] pwc: recv_control_msg error -71 req 04 val 1100
[  506.764274][  T980] pwc: recv_control_msg error -71 req 04 val 1200
[  506.796735][  T980] pwc: Registered as video103.
[  506.844862][  T980] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input12
[  506.933456][  T980] usb 5-1: USB disconnect, device number 22
[  507.281457][ T9724] xt_ipcomp: unknown flags 12
[  508.997516][ T9737] fuse: Unknown parameter 'group_id00000000000000000000'
[  509.194661][ T9739] netlink: 260 bytes leftover after parsing attributes in process `syz.3.949'.
[  509.204655][ T9739] fuse: Bad value for 'fd'
[  510.519047][  T980] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  511.911871][   T30] audit: type=1326 audit(1752671383.469:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9743 comm="syz.0.951" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0c778e929 code=0x0
[  512.069280][  T980] usb 3-1: device not accepting address 28, error -71
[  512.411860][ T8734] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  512.668981][ T8734] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  512.854073][ T8734] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  513.234444][ T8734] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  514.029325][ T8734] usb 4-1: Product: syz
[  514.036460][ T8734] usb 4-1: config 0 descriptor??
[  514.053042][ T8734] pwc: Askey VC010 type 2 USB webcam detected.
[  514.512278][ T9773] xt_ipcomp: unknown flags 12
[  514.519663][ T8734] pwc: recv_control_msg error -32 req 02 val 2b00
[  515.500647][ T8734] pwc: recv_control_msg error -71 req 02 val 2c00
[  515.515262][ T8734] pwc: recv_control_msg error -71 req 04 val 1000
[  515.681578][ T8734] pwc: recv_control_msg error -71 req 04 val 1300
[  515.690158][ T8734] pwc: recv_control_msg error -71 req 04 val 1400
[  515.697989][ T8734] pwc: recv_control_msg error -71 req 02 val 2000
[  515.705406][ T8734] pwc: recv_control_msg error -71 req 02 val 2100
[  515.893227][ T9779] netlink: 4 bytes leftover after parsing attributes in process `syz.4.960'.
[  515.902192][ T8734] pwc: recv_control_msg error -71 req 04 val 1500
[  515.914902][ T9779] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  515.923932][ T9779] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  515.924665][ T8734] pwc: recv_control_msg error -71 req 02 val 2500
[  515.933302][ T9779] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  515.947987][ T9779] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  515.978963][ T8734] pwc: recv_control_msg error -71 req 02 val 2400
[  515.988014][ T8734] pwc: recv_control_msg error -71 req 02 val 2600
[  516.015984][ T8734] pwc: recv_control_msg error -71 req 02 val 2900
[  516.457531][ T9779] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  516.466587][ T9779] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  516.475559][ T9779] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  516.484526][ T9779] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  516.511531][ T8734] pwc: recv_control_msg error -71 req 02 val 2800
[  516.548081][ T8734] pwc: recv_control_msg error -71 req 04 val 1100
[  516.619190][ T8734] pwc: recv_control_msg error -71 req 04 val 1200
[  516.667871][ T8734] pwc: Registered as video103.
[  516.698624][ T8734] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input13
[  516.799432][ T8734] usb 4-1: USB disconnect, device number 21
[  517.185145][ T6016] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  517.348941][ T6016] usb 1-1: Using ep0 maxpacket: 32
[  517.391559][ T6016] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  517.445814][ T6016] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.492661][ T6016] usb 1-1: config 0 descriptor??
[  517.712265][ T6016] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  518.498127][ T6016] usb 1-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  518.520175][ T6016] usb 1-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  519.138948][ T5981] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  519.309075][ T5981] usb 3-1: Using ep0 maxpacket: 32
[  519.320920][ T5981] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  519.477197][ T5981] usb 3-1: config 0 has no interface number 0
[  519.484762][ T5981] usb 3-1: config 0 interface 12 has no altsetting 0
[  519.504453][ T5981] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  519.515757][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.525476][ T5981] usb 3-1: Product: syz
[  519.534427][ T5981] usb 3-1: Manufacturer: syz
[  519.541156][ T5981] usb 3-1: SerialNumber: syz
[  519.549036][   T30] audit: type=1326 audit(1752671391.099:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9804 comm="syz.3.966" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fada3f8e929 code=0x0
[  519.582834][ T5981] usb 3-1: config 0 descriptor??
[  519.635692][ T9813] netlink: 'syz.4.968': attribute type 3 has an invalid length.
[  520.029145][ T5981] f81534 3-1:0.12: required endpoints missing
[  520.170958][ T9803] lo speed is unknown, defaulting to 1000
[  520.759316][ T5981] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  520.888977][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  521.450630][ T5981] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  521.604532][ T5981] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  521.699594][ T5981] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  521.786646][ T5981] usb 5-1: Product: syz
[  521.865132][ T5981] usb 5-1: config 0 descriptor??
[  521.973161][  T980] usb 3-1: USB disconnect, device number 30
[  522.192267][ T5981] pwc: Askey VC010 type 2 USB webcam detected.
[  522.563777][ T5981] pwc: recv_control_msg error -32 req 02 val 2b00
[  522.684317][ T9848] netlink: 20 bytes leftover after parsing attributes in process `syz.2.978'.
[  522.693349][ T9848] netlink: 24 bytes leftover after parsing attributes in process `syz.2.978'.
[  522.720250][ T9842] lo speed is unknown, defaulting to 1000
[  522.798038][ T5981] pwc: recv_control_msg error -71 req 02 val 2c00
[  522.869940][ T5981] pwc: recv_control_msg error -71 req 04 val 1000
[  522.881961][ T5981] pwc: recv_control_msg error -71 req 04 val 1300
[  522.891353][ T5981] pwc: recv_control_msg error -71 req 04 val 1400
[  522.898237][ T5981] pwc: recv_control_msg error -71 req 02 val 2000
[  522.907468][ T5981] pwc: recv_control_msg error -71 req 02 val 2100
[  522.916444][ T5981] pwc: recv_control_msg error -71 req 04 val 1500
[  522.926098][ T5981] pwc: recv_control_msg error -71 req 02 val 2500
[  522.945249][ T5981] pwc: recv_control_msg error -71 req 02 val 2400
[  522.994261][ T5981] pwc: recv_control_msg error -71 req 02 val 2600
[  523.150891][ T5981] pwc: recv_control_msg error -71 req 02 val 2900
[  523.161524][ T5981] pwc: recv_control_msg error -71 req 02 val 2800
[  523.177419][ T5981] pwc: recv_control_msg error -71 req 04 val 1100
[  523.221268][   T30] audit: type=1326 audit(1752671394.779:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9851 comm="syz.2.979" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f600158e929 code=0x0
[  523.252478][ T5981] pwc: recv_control_msg error -71 req 04 val 1200
[  523.291242][ T5981] pwc: Registered as video103.
[  523.298300][ T5981] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input14
[  523.402895][ T5981] usb 5-1: USB disconnect, device number 23
[  524.197314][ T9867] kAFS: No cell specified
[  528.191896][ T9905] netlink: 4 bytes leftover after parsing attributes in process `syz.4.994'.
[  528.206936][   T30] audit: type=1326 audit(1752671399.759:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9898 comm="syz.1.992" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  529.267459][ T9920] lo speed is unknown, defaulting to 1000
[  532.980716][ T9931] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  535.045689][ T8734] libceph: connect (1)[c::]:6789 error -101
[  535.059354][ T8734] libceph: mon0 (1)[c::]:6789 connect error
[  535.280687][ T9939] ceph: No mds server is up or the cluster is laggy
[  535.315012][ T5842] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  538.432109][ T9985] input: syz1 as /devices/virtual/input/input15
[  539.611820][ T5842] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  539.621818][ T5842] CPU: 1 UID: 0 PID: 5842 Comm: kworker/u9:3 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  539.621847][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  539.621861][ T5842] Workqueue: hci3 hci_rx_work
[  539.621917][ T5842] Call Trace:
[  539.621929][ T5842]  <TASK>
[  539.621939][ T5842]  dump_stack_lvl+0x189/0x250
[  539.621968][ T5842]  ? kernfs_path_from_node+0x2c/0x260
[  539.621992][ T5842]  ? __pfx_dump_stack_lvl+0x10/0x10
[  539.622016][ T5842]  ? __pfx__printk+0x10/0x10
[  539.622046][ T5842]  ? kernfs_path_from_node+0x2c/0x260
[  539.622066][ T5842]  ? kernfs_path_from_node+0x2c/0x260
[  539.622096][ T5842]  ? kernfs_path_from_node+0x22c/0x260
[  539.622116][ T5842]  ? kernfs_path_from_node+0x2c/0x260
[  539.622141][ T5842]  sysfs_create_dir_ns+0x259/0x280
[  539.622178][ T5842]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  539.622214][ T5842]  ? do_raw_spin_unlock+0x122/0x240
[  539.622248][ T5842]  kobject_add_internal+0x59f/0xb40
[  539.622282][ T5842]  kobject_add+0x155/0x220
[  539.622310][ T5842]  ? __pfx_kobject_add+0x10/0x10
[  539.622333][ T5842]  ? _raw_spin_unlock+0x28/0x50
[  539.622367][ T5842]  ? get_device_parent+0x366/0x3a0
[  539.622398][ T5842]  device_add+0x408/0xb50
[  539.622430][ T5842]  hci_conn_add_sysfs+0xd5/0x1e0
[  539.622465][ T5842]  le_conn_complete_evt+0xc3a/0x1220
[  539.622507][ T5842]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  539.622534][ T5842]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  539.622553][ T5842]  ? __asan_memcpy+0x40/0x70
[  539.622581][ T5842]  ? __pfx___mutex_lock+0x10/0x10
[  539.622602][ T5842]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  539.622621][ T5842]  ? skb_pull_data+0xfb/0x200
[  539.622658][ T5842]  hci_le_conn_complete_evt+0x187/0x450
[  539.622691][ T5842]  hci_event_packet+0x78c/0x1200
[  539.622729][ T5842]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  539.622756][ T5842]  ? __pfx_hci_event_packet+0x10/0x10
[  539.622788][ T5842]  ? kcov_remote_start+0x4d3/0x7f0
[  539.622818][ T5842]  ? lockdep_hardirqs_on+0x90/0x150
[  539.622854][ T5842]  ? hci_send_to_monitor+0xe2/0x570
[  539.622884][ T5842]  hci_rx_work+0x46a/0xe80
[  539.622927][ T5842]  ? process_scheduled_works+0x9ef/0x17b0
[  539.622952][ T5842]  process_scheduled_works+0xade/0x17b0
[  539.623010][ T5842]  ? __pfx_process_scheduled_works+0x10/0x10
[  539.623055][ T5842]  worker_thread+0x8a0/0xda0
[  539.623127][ T5842]  kthread+0x711/0x8a0
[  539.623161][ T5842]  ? __pfx_worker_thread+0x10/0x10
[  539.623184][ T5842]  ? __pfx_kthread+0x10/0x10
[  539.623215][ T5842]  ? _raw_spin_unlock_irq+0x23/0x50
[  539.623245][ T5842]  ? lockdep_hardirqs_on+0x9c/0x150
[  539.623273][ T5842]  ? __pfx_kthread+0x10/0x10
[  539.623303][ T5842]  ret_from_fork+0x3fc/0x770
[  539.623328][ T5842]  ? __pfx_ret_from_fork+0x10/0x10
[  539.623357][ T5842]  ? __switch_to_asm+0x39/0x70
[  539.623382][ T5842]  ? __switch_to_asm+0x33/0x70
[  539.623407][ T5842]  ? __pfx_kthread+0x10/0x10
[  539.623437][ T5842]  ret_from_fork_asm+0x1a/0x30
[  539.623483][ T5842]  </TASK>
[  539.623514][ T5842] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  539.930943][ T5842] Bluetooth: hci3: failed to register connection device
[  544.219812][ T5981] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  544.459176][ T5981] usb 3-1: Using ep0 maxpacket: 32
[  544.500735][ T5981] usb 3-1: config 14 has an invalid interface number: 137 but max is 3
[  544.522567][ T5981] usb 3-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  544.546207][ T5981] usb 3-1: config 14 has 2 interfaces, different from the descriptor's value: 4
[  544.567158][ T5981] usb 3-1: config 14 has no interface number 1
[  544.577590][ T5981] usb 3-1: config 14 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  544.658965][ T5981] usb 3-1: config 14 interface 137 has no altsetting 0
[  544.695463][ T5981] usb 3-1: config 14 interface 0 has no altsetting 0
[  544.752225][ T5981] usb 3-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=2a.8a
[  544.789190][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.310201][ T5981] usb 3-1: Product: syz
[  545.509408][ T5981] usb 3-1: Manufacturer: syz
[  545.522708][ T5981] usb 3-1: SerialNumber: syz
[  546.028409][ T5981] ati_remote2 3-1:14.0: ati_remote2_probe(): interface 0 must have an endpoint
[  546.068599][ T5981] usb 3-1: USB disconnect, device number 31
[  546.090315][ T5842] Bluetooth: hci3: command 0x0406 tx timeout
[  547.442248][ T9644] IPVS: starting estimator thread 0...
[  547.659016][T10068] IPVS: using max 45 ests per chain, 108000 per kthread
[  549.503680][T10088] kAFS: No cell specified
[  552.813112][   T30] audit: type=1326 audit(1752671424.309:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10103 comm="syz.3.1050" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fada3f8e929 code=0x0
[  553.219128][T10114] CUSE: unknown device info "ÿ
"
[  553.224174][T10114] CUSE: zero length info key specified
[  553.941626][   T30] audit: type=1326 audit(1752671425.499:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10117 comm="syz.1.1055" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  554.279505][T10129] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1056'.
[  556.402022][T10144] kAFS: No cell specified
[  557.719507][ T5981] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  558.160098][   T30] audit: type=1326 audit(1752671429.689:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10165 comm="syz.1.1069" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  558.338515][ T5981] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  558.425986][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.537150][ T5981] usb 4-1: Product: syz
[  558.593112][ T5981] usb 4-1: Manufacturer: syz
[  558.659595][ T5981] usb 4-1: SerialNumber: syz
[  558.871632][ T5981] usb 4-1: config 0 descriptor??
[  558.893794][ T5981] ch341 4-1:0.0: ch341-uart converter detected
[  560.034848][ T5981] usb 4-1: failed to send control message: -71
[  560.042565][ T5981] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  560.377143][ T5981] usb 4-1: USB disconnect, device number 22
[  560.522574][ T5981] ch341 4-1:0.0: device disconnected
[  560.851783][T10203] CUSE: unknown device info "ÿ
"
[  560.856874][T10203] CUSE: zero length info key specified
[  562.692647][   T30] audit: type=1326 audit(1752671434.249:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10215 comm="syz.1.1083" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  562.810485][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  562.816829][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  562.912504][T10224] program syz.0.1084 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  564.460423][ T5894] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  565.122144][ T5894] usb 4-1: Using ep0 maxpacket: 32
[  565.156451][ T5894] usb 4-1: config 14 has an invalid interface number: 137 but max is 3
[  565.188597][ T5894] usb 4-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  565.233321][ T5894] usb 4-1: config 14 has 2 interfaces, different from the descriptor's value: 4
[  565.342380][ T5894] usb 4-1: config 14 has no interface number 1
[  565.369426][ T5894] usb 4-1: config 14 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  565.423749][ T5894] usb 4-1: config 14 interface 137 has no altsetting 0
[  565.436555][ T5894] usb 4-1: config 14 interface 0 has no altsetting 0
[  565.450932][ T5894] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=2a.8a
[  565.464123][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.474985][ T5894] usb 4-1: Product: syz
[  565.484493][ T5894] usb 4-1: Manufacturer: syz
[  565.494416][ T5894] usb 4-1: SerialNumber: syz
[  565.885923][ T5894] ati_remote2 4-1:14.0: ati_remote2_probe(): interface 0 must have an endpoint
[  565.917290][ T5894] usb 4-1: USB disconnect, device number 23
[  566.078519][   T30] audit: type=1326 audit(1752671437.629:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10256 comm="syz.4.1096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53cad8e929 code=0x0
[  569.422315][ T5842] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  570.069792][ T5981] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  570.337790][ T5981] usb 5-1: Using ep0 maxpacket: 16
[  570.347113][ T5981] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  570.368050][ T5981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  571.336060][ T5981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 255, changing to 11
[  571.356125][ T5981] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 26368, setting to 1024
[  571.367561][ T5981] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  571.396728][ T5981] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  571.406488][ T5981] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  571.843513][ T5981] usb 5-1: Manufacturer: syz
[  571.853137][ T5981] usb 5-1: config 0 descriptor??
[  572.499600][ T5981] rc_core: IR keymap rc-hauppauge not found
[  572.529569][ T5981] Registered IR keymap rc-empty
[  572.582230][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  572.880147][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.045784][ T5981] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  573.124777][ T5981] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input16
[  573.164873][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.199354][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.229227][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.233427][T10346] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1123'.
[  573.248409][T10346] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1123'.
[  573.251988][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.309623][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.351863][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.399742][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.424993][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.482905][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.529666][ T5981] mceusb 5-1:0.0: Error: mce write urb status = -71
[  573.571374][ T5981] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  573.593063][ T5981] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  574.594667][ T5981] usb 5-1: USB disconnect, device number 24
[  577.177600][T10387] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1134'.
[  579.388955][ T5927] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  579.418981][ T5894] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  579.579249][ T5927] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  579.592488][ T5894] usb 4-1: Using ep0 maxpacket: 8
[  579.609486][ T5894] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  579.634161][ T5894] usb 4-1: config 179 has no interface number 0
[  579.640897][ T5927] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  579.650682][ T5894] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  579.667719][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.700576][ T5894] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  579.713310][ T5927] usb 5-1: config 0 descriptor??
[  579.737110][ T5894] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  579.748869][ T5894] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  579.787686][ T5927] hub 5-1:0.0: bad descriptor, ignoring hub
[  579.807531][ T5894] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  579.821433][ T5927] hub 5-1:0.0: probe with driver hub failed with error -5
[  579.847885][ T5927] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  579.866116][ T5894] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  579.905302][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.961712][T10408] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  581.170929][ T6658] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  582.317150][ T9503] usb 5-1: USB disconnect, device number 25
[  582.417740][ T5894] usb 4-1: USB disconnect, device number 24
[  582.423783][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  582.423837][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  582.588733][ T6658] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.578346][ T6016] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  583.594746][   T30] audit: type=1326 audit(1752671454.569:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10451 comm="syz.3.1156" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fada3f8e929 code=0x0
[  583.684470][ T6016] dvb_usb_az6027 1-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  583.893553][ T6658] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  583.937627][ T6016] usb 1-1: USB disconnect, device number 16
[  584.083779][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  584.094003][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  584.103240][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  584.119165][ T8734] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  584.131364][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  584.156682][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  584.264337][ T6658] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  584.275155][ T8734] usb 3-1: Using ep0 maxpacket: 32
[  584.283465][ T8734] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  584.298190][ T8734] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.317712][ T8734] usb 3-1: config 0 descriptor??
[  584.406866][T10468] lo speed is unknown, defaulting to 1000
[  584.413323][T10472] tipc: Started in network mode
[  584.472457][T10473] siw: device registration error -23
[  584.478828][T10472] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  584.503096][T10472] tipc: Enabled bearer <eth:vlan0>, priority 10
[  584.712521][ T8734] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  584.768603][ T8734] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  584.788861][ T8734] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  584.798256][ T8734] usb 3-1: media controller created
[  584.909376][ T8734] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  585.449675][ T8734] az6027: usb out operation failed. (-71)
[  585.470396][ T8734] az6027: usb out operation failed. (-71)
[  585.484441][ T8734] stb0899_attach: Driver disabled by Kconfig
[  585.505673][ T8734] az6027: no front-end attached
[  585.505673][ T8734] 
[  585.520636][ T5981] tipc: Node number set to 10005162
[  585.550371][ T8734] az6027: usb out operation failed. (-71)
[  585.556162][ T8734] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  585.597267][ T8734] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input17
[  585.735888][ T8734] dvb-usb: schedule remote query interval to 400 msecs.
[  585.746566][ T8734] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  585.798202][ T8734] usb 3-1: USB disconnect, device number 32
[  585.836665][ T9640] udevd[9640]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  585.958479][ T8734] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  586.251820][ T5842] Bluetooth: hci2: command tx timeout
[  586.258035][ T6658] dummy0: left allmulticast mode
[  586.265798][ T6658] bridge0: port 3(dummy0) entered disabled state
[  587.041370][ T6658] bridge_slave_1: left allmulticast mode
[  587.047157][ T6658] bridge_slave_1: left promiscuous mode
[  587.082677][ T6658] bridge0: port 2(bridge_slave_1) entered disabled state
[  587.188159][ T6658] bridge_slave_0: left allmulticast mode
[  587.208838][ T6658] bridge_slave_0: left promiscuous mode
[  587.214644][ T6658] bridge0: port 1(bridge_slave_0) entered disabled state
[  587.224357][T10494] netlink: 'syz.3.1163': attribute type 39 has an invalid length.
[  587.579277][ T6016] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  587.805864][ T6016] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  587.849182][ T6016] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  587.888970][ T6016] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  587.922690][ T6016] usb 3-1: config 0 descriptor??
[  588.053727][T10509] xt_ipcomp: unknown flags 12
[  588.061507][ T6016] hub 3-1:0.0: bad descriptor, ignoring hub
[  588.266658][ T6016] hub 3-1:0.0: probe with driver hub failed with error -5
[  588.287776][ T6016] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  588.330899][ T5842] Bluetooth: hci2: command tx timeout
[  588.929449][   T30] audit: type=1326 audit(1752671460.429:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10506 comm="syz.4.1166" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53cad8e929 code=0x0
[  590.409519][ T5842] Bluetooth: hci2: command tx timeout
[  591.012194][ T6658] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  591.034641][ T6658] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  591.079168][ T6658] bond0 (unregistering): Released all slaves
[  591.091472][T10536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  591.203171][ T6658] tipc: Disabling bearer <eth:vlan0>
[  591.209957][ T6658] tipc: Left network mode
[  591.470037][ T9503] usb 3-1: USB disconnect, device number 33
[  592.498900][ T5842] Bluetooth: hci2: command tx timeout
[  592.725102][T10468] chnl_net:caif_netlink_parms(): no params data found
[  595.784967][ T6658] hsr_slave_0: left promiscuous mode
[  595.838582][T10581] siw: device registration error -23
[  595.877391][ T6658] hsr_slave_1: left promiscuous mode
[  595.897682][ T6658] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  595.914153][ T6658] batman_adv: batadv0: Removing interface: batadv_slave_0
[  596.082556][ T6658] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  596.098594][ T6658] batman_adv: batadv0: Removing interface: batadv_slave_1
[  596.341892][ T6658] veth1_macvtap: left promiscuous mode
[  596.348509][ T6658] veth0_macvtap: left promiscuous mode
[  596.355558][ T6658] veth1_vlan: left promiscuous mode
[  596.364385][ T6658] veth0_vlan: left promiscuous mode
[  600.191778][ T6658] team0 (unregistering): Port device team_slave_1 removed
[  600.322002][ T6658] team0 (unregistering): Port device team_slave_0 removed
[  601.514634][T10580] tipc: Started in network mode
[  601.525679][T10580] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  601.647410][T10580] tipc: Enabled bearer <eth:vlan0>, priority 10
[  601.666850][ T6016] lo speed is unknown, defaulting to 1000
[  601.693483][ T6016] infiniband syz0: ib_query_port failed (-19)
[  601.872706][T10468] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.943682][T10468] bridge0: port 1(bridge_slave_0) entered disabled state
[  601.961617][T10468] bridge_slave_0: entered allmulticast mode
[  601.969942][T10468] bridge_slave_0: entered promiscuous mode
[  602.034138][T10468] bridge0: port 2(bridge_slave_1) entered blocking state
[  602.056144][T10468] bridge0: port 2(bridge_slave_1) entered disabled state
[  602.086060][T10468] bridge_slave_1: entered allmulticast mode
[  602.132362][T10468] bridge_slave_1: entered promiscuous mode
[  602.413322][T10641] netlink: 280 bytes leftover after parsing attributes in process `syz.4.1192'.
[  602.621925][T10468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  602.650469][T10468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  602.669166][ T5953] tipc: Node number set to 10005162
[  603.100878][T10468] team0: Port device team_slave_0 added
[  603.124591][T10468] team0: Port device team_slave_1 added
[  603.209589][ T6016] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  603.249469][ T8734] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  603.282580][T10468] batman_adv: batadv0: Adding interface: batadv_slave_0
[  603.300199][T10468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  603.346953][T10468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  603.371511][ T6016] usb 3-1: Using ep0 maxpacket: 32
[  603.387108][ T6016] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  603.403090][T10468] batman_adv: batadv0: Adding interface: batadv_slave_1
[  603.414913][T10468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  603.422192][ T6016] usb 3-1: config 0 has no interface number 0
[  603.442580][T10468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  603.469310][ T8734] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  603.523665][ T8734] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  603.537568][ T6016] usb 3-1: config 0 interface 12 has no altsetting 0
[  603.550722][ T8734] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  603.569990][ T6016] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  603.582194][ T6016] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.592827][T10468] hsr_slave_0: entered promiscuous mode
[  603.602293][ T8734] usb 5-1: config 0 descriptor??
[  603.608869][ T6016] usb 3-1: Product: syz
[  603.621535][ T8734] hub 5-1:0.0: bad descriptor, ignoring hub
[  603.631395][T10468] hsr_slave_1: entered promiscuous mode
[  603.636482][ T6016] usb 3-1: Manufacturer: syz
[  603.649774][ T8734] hub 5-1:0.0: probe with driver hub failed with error -5
[  603.657242][ T6016] usb 3-1: SerialNumber: syz
[  603.662935][T10468] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  603.677863][ T8734] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  603.688337][ T6016] usb 3-1: config 0 descriptor??
[  603.693613][T10468] Cannot create hsr debugfs directory
[  604.072623][ T5842] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  604.393457][T10468] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  604.412809][T10468] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  604.425836][T10468] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  604.436930][T10468] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  604.557798][ T6016] f81534 3-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  604.596420][ T6016] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  604.615310][ T6016] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  604.638695][ T6016] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  604.713606][ T6016] usb 3-1: USB disconnect, device number 34
[  605.023193][T10468] 8021q: adding VLAN 0 to HW filter on device bond0
[  605.104693][T10468] 8021q: adding VLAN 0 to HW filter on device team0
[  605.184691][ T6660] bridge0: port 1(bridge_slave_0) entered blocking state
[  605.192039][ T6660] bridge0: port 1(bridge_slave_0) entered forwarding state
[  605.290951][ T6607] bridge0: port 2(bridge_slave_1) entered blocking state
[  605.298129][ T6607] bridge0: port 2(bridge_slave_1) entered forwarding state
[  605.647588][T10706] trusted_key: encrypted_key: insufficient parameters specified
[  606.440083][T10722] tipc: Started in network mode
[  606.459850][T10722] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  606.487028][T10722] tipc: Enabled bearer <eth:vlan0>, priority 10
[  606.540989][T10468] 8021q: adding VLAN 0 to HW filter on device batadv0
[  606.704976][T10722] lo speed is unknown, defaulting to 1000
[  607.203092][T10722] lo speed is unknown, defaulting to 1000
[  607.296542][T10722] lo speed is unknown, defaulting to 1000
[  607.315311][T10722] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  607.446841][T10722] lo speed is unknown, defaulting to 1000
[  607.489097][ T5981] tipc: Node number set to 10005162
[  608.069460][T10722] lo speed is unknown, defaulting to 1000
[  608.102861][T10722] lo speed is unknown, defaulting to 1000
[  608.202096][T10722] lo speed is unknown, defaulting to 1000
[  608.270175][T10722] lo speed is unknown, defaulting to 1000
[  609.543914][T10753] random: crng reseeded on system resumption
[  609.612535][ T5953] usb 5-1: USB disconnect, device number 26
[  610.555106][T10763] 9pnet_fd: Insufficient options for proto=fd
[  610.843792][T10468] veth0_vlan: entered promiscuous mode
[  610.881491][T10468] veth1_vlan: entered promiscuous mode
[  610.961030][T10468] veth0_macvtap: entered promiscuous mode
[  611.013619][T10468] veth1_macvtap: entered promiscuous mode
[  611.066210][T10468] batman_adv: batadv0: Interface activated: batadv_slave_0
[  611.111366][T10468] batman_adv: batadv0: Interface activated: batadv_slave_1
[  611.157928][T10468] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  611.194586][T10468] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  611.204646][T10468] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  611.233225][T10468] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  611.427603][   T30] audit: type=1326 audit(1752671482.979:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10769 comm="syz.1.1217" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  611.582547][ T6658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  611.590617][ T6658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  611.871065][ T6658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  611.908324][ T6658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  612.369044][ T5981] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  612.640018][ T5981] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  612.844044][ T5981] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  612.989697][ T5981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.308136][ T5981] usb 5-1: config 0 descriptor??
[  613.492657][ T5981] hub 5-1:0.0: bad descriptor, ignoring hub
[  613.499163][ T5981] hub 5-1:0.0: probe with driver hub failed with error -5
[  613.541130][ T5981] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  615.319103][ T8734] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  615.478889][ T8734] usb 3-1: Using ep0 maxpacket: 32
[  615.513894][ T8734] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  615.641514][   T30] audit: type=1326 audit(1752671487.199:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10826 comm="syz.5.1233" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f403cd8e929 code=0x0
[  615.789375][ T5981] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  615.965876][ T5981] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  615.995643][ T8734] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  615.999385][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.019094][ T8734] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  616.027321][ T8734] usb 3-1: Product: syz
[  616.048809][ T8734] usb 3-1: Manufacturer: syz
[  616.053449][ T8734] usb 3-1: SerialNumber: syz
[  616.073837][ T5981] usb 4-1: Product: syz
[  616.080232][ T8734] usb 3-1: config 0 descriptor??
[  616.085931][T10831] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  616.104737][ T5981] usb 4-1: Manufacturer: syz
[  616.117318][ T5981] usb 4-1: SerialNumber: syz
[  616.135456][ T5981] usb 4-1: config 0 descriptor??
[  616.146496][ T5981] ch341 4-1:0.0: ch341-uart converter detected
[  616.959159][ T5913] usb 5-1: USB disconnect, device number 27
[  617.032612][ T8734] usb 3-1: USB disconnect, device number 35
[  617.370694][ T5894] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  617.460060][ T5981] usb 4-1: failed to send control message: -71
[  617.491204][ T5981] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  617.504584][ T5981] usb 4-1: USB disconnect, device number 25
[  617.519703][ T5981] ch341 4-1:0.0: device disconnected
[  617.589093][ T5894] usb 6-1: Using ep0 maxpacket: 32
[  617.616502][ T5894] usb 6-1: config 14 has an invalid interface number: 137 but max is 3
[  617.632440][ T5894] usb 6-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  618.345299][ T5894] usb 6-1: config 14 has 2 interfaces, different from the descriptor's value: 4
[  618.385834][ T5894] usb 6-1: config 14 has no interface number 1
[  618.403013][ T5894] usb 6-1: config 14 interface 0 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  618.447810][ T5894] usb 6-1: config 14 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  618.513963][ T5894] usb 6-1: config 14 interface 137 has no altsetting 0
[  618.556967][ T5894] usb 6-1: config 14 interface 0 has no altsetting 0
[  618.622838][ T5894] usb 6-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=2a.8a
[  618.662994][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.699337][ T5894] usb 6-1: Product: syz
[  618.716856][ T5894] usb 6-1: Manufacturer: syz
[  618.732067][ T5894] usb 6-1: SerialNumber: syz
[  619.004446][ T5894] ati_remote2 6-1:14.0: ati_remote2_probe(): interface 0 must have an endpoint
[  619.093221][ T5894] usb 6-1: USB disconnect, device number 2
[  620.505146][   T30] audit: type=1326 audit(1752671492.059:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10891 comm="syz.2.1247" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f600158e929 code=0x0
[  620.586036][ T6654] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.814774][ T6654] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  620.950542][ T6654] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  621.733709][ T6654] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.359305][ T8734] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  622.600059][ T8734] usb 6-1: Using ep0 maxpacket: 32
[  622.667705][T10926] lo speed is unknown, defaulting to 1000
[  622.687823][ T8734] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  622.729533][ T8734] usb 6-1: config 0 has no interface number 0
[  622.735692][ T8734] usb 6-1: config 0 interface 12 has no altsetting 0
[  622.791230][ T8734] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  622.835489][ T8734] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.874339][ T8734] usb 6-1: Product: syz
[  622.878544][ T8734] usb 6-1: Manufacturer: syz
[  622.897745][ T8734] usb 6-1: SerialNumber: syz
[  622.929666][ T8734] usb 6-1: config 0 descriptor??
[  622.956499][ T8734] f81534 6-1:0.12: required endpoints missing
[  623.389919][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  623.399368][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  623.413328][ T6654] bridge_slave_1: left allmulticast mode
[  623.422496][ T6654] bridge_slave_1: left promiscuous mode
[  623.429463][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  623.446472][ T6654] bridge0: port 2(bridge_slave_1) entered disabled state
[  623.467262][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  623.475732][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  623.483836][ T6654] bridge_slave_0: left allmulticast mode
[  623.496001][ T6654] bridge_slave_0: left promiscuous mode
[  623.531219][ T6654] bridge0: port 1(bridge_slave_0) entered disabled state
[  624.180251][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  624.186663][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  624.291416][ T6654]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  624.379011][ T5981] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  624.560070][ T6654]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  624.610480][ T5981] usb 3-1: Using ep0 maxpacket: 32
[  624.627607][ T6654]  (unregistering): Released all slaves
[  624.683811][ T5981] usb 3-1: config 14 has an invalid interface number: 137 but max is 3
[  624.775926][ T5981] usb 3-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  624.934088][ T5981] usb 3-1: config 14 has 2 interfaces, different from the descriptor's value: 4
[  624.974437][ T5981] usb 3-1: config 14 has no interface number 1
[  624.983986][ T5981] usb 3-1: config 14 interface 0 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[  624.995155][ T5981] usb 3-1: config 14 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  625.008198][ T5981] usb 3-1: config 14 interface 137 has no altsetting 0
[  625.015180][ T5981] usb 3-1: config 14 interface 0 has no altsetting 0
[  625.024400][ T5981] usb 3-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=2a.8a
[  625.033646][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.043825][ T5981] usb 3-1: Product: syz
[  625.048090][ T5981] usb 3-1: Manufacturer: syz
[  625.053384][ T5981] usb 3-1: SerialNumber: syz
[  625.166101][ T6654] bond0 (unregistering): Released all slaves
[  625.226039][T10934] lo speed is unknown, defaulting to 1000
[  625.305043][ T5981] ati_remote2 3-1:14.0: ati_remote2_probe(): interface 0 must have an endpoint
[  625.323649][T10953] lo speed is unknown, defaulting to 1000
[  625.325181][ T6654] tipc: Disabling bearer <eth:vlan0>
[  625.342276][ T5981] usb 3-1: USB disconnect, device number 36
[  625.360780][ T6654] tipc: Left network mode
[  625.460011][T10944] lo speed is unknown, defaulting to 1000
[  625.531445][ T5848] Bluetooth: hci4: command tx timeout
[  625.842532][ T6654] hsr_slave_0: left promiscuous mode
[  625.857577][ T6654] hsr_slave_1: left promiscuous mode
[  625.909604][ T6654] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  625.917060][ T6654] batman_adv: batadv0: Removing interface: batadv_slave_0
[  626.047312][ T6654] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  626.062575][ T6654] batman_adv: batadv0: Removing interface: batadv_slave_1
[  626.097726][ T6654] veth1_macvtap: left promiscuous mode
[  626.153322][ T6654] veth0_macvtap: left promiscuous mode
[  626.336401][ T6654] veth1_vlan: left promiscuous mode
[  626.366778][ T6654] veth0_vlan: left promiscuous mode
[  627.531538][ T5848] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  627.609642][ T5848] Bluetooth: hci4: command tx timeout
[  627.637986][ T6654] team0 (unregistering): Port device team_slave_1 removed
[  627.657167][   T30] audit: type=1326 audit(1752671499.209:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10987 comm="syz.4.1268" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53cad8e929 code=0x0
[  627.737556][ T6654] team0 (unregistering): Port device team_slave_0 removed
[  627.982176][T11001] netlink: 'syz.1.1272': attribute type 10 has an invalid length.
[  628.477820][ T6016] usb 6-1: USB disconnect, device number 3
[  628.525863][T11001] 8021q: adding VLAN 0 to HW filter on device batadv0
[  628.570202][T11001] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  628.598397][T11005] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  628.610257][T11006] syzkaller0: entered promiscuous mode
[  628.625166][T11006] syzkaller0: entered allmulticast mode
[  628.721042][T11003] tipc: Resetting bearer <eth:syzkaller0>
[  628.765176][T11001] syz.1.1272 (11001) used greatest stack depth: 19784 bytes left
[  628.799485][T11002] tipc: Resetting bearer <eth:syzkaller0>
[  628.991015][T11002] tipc: Disabling bearer <eth:syzkaller0>
[  629.698950][ T5848] Bluetooth: hci4: command tx timeout
[  630.126618][ T5913] libceph: connect (1)[c::]:6789 error -101
[  630.153603][ T5913] libceph: mon0 (1)[c::]:6789 connect error
[  630.342068][T10944] chnl_net:caif_netlink_parms(): no params data found
[  630.430496][ T5913] libceph: connect (1)[c::]:6789 error -101
[  630.459377][ T5913] libceph: mon0 (1)[c::]:6789 connect error
[  630.869756][T10944] bridge0: port 1(bridge_slave_0) entered blocking state
[  630.877367][T10944] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.892055][T11030] ceph: No mds server is up or the cluster is laggy
[  630.926877][T10944] bridge_slave_0: entered allmulticast mode
[  630.938735][T10944] bridge_slave_0: entered promiscuous mode
[  630.952037][T10944] bridge0: port 2(bridge_slave_1) entered blocking state
[  630.959624][T10944] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.977921][ T9503] libceph: connect (1)[c::]:6789 error -101
[  630.985159][ T9503] libceph: mon0 (1)[c::]:6789 connect error
[  631.163216][T10944] bridge_slave_1: entered allmulticast mode
[  631.170932][T10944] bridge_slave_1: entered promiscuous mode
[  631.791348][ T5848] Bluetooth: hci4: command tx timeout
[  632.269384][T11064] netlink: 'syz.1.1287': attribute type 10 has an invalid length.
[  633.514695][T10944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  633.570569][T10944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  633.676186][   T30] audit: type=1326 audit(1752671505.229:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11044 comm="syz.2.1282" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f600158e929 code=0x0
[  633.823998][T10944] team0: Port device team_slave_0 added
[  633.883944][T10944] team0: Port device team_slave_1 added
[  633.929400][ T9503] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  634.058220][T10944] batman_adv: batadv0: Adding interface: batadv_slave_0
[  634.068941][ T9503] usb 5-1: device descriptor read/64, error -71
[  634.086848][T10944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  634.188687][T10944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  634.410552][T10944] batman_adv: batadv0: Adding interface: batadv_slave_1
[  634.412419][ T9503] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  634.442762][T10944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  634.569406][ T9503] usb 5-1: device descriptor read/64, error -71
[  634.572447][T10944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  634.685944][T10944] hsr_slave_0: entered promiscuous mode
[  634.692763][T10944] hsr_slave_1: entered promiscuous mode
[  634.709611][ T9503] usb usb5-port1: attempt power cycle
[  634.716364][T10944] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  634.748867][T10944] Cannot create hsr debugfs directory
[  635.078961][ T9503] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  635.122191][ T9503] usb 5-1: device descriptor read/8, error -71
[  635.363306][ T5927] libceph: connect (1)[c::]:6789 error -101
[  635.379066][ T5927] libceph: mon0 (1)[c::]:6789 connect error
[  635.417991][T10944] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  635.466063][T10944] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  635.486834][T10944] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  635.631217][T10944] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  635.667488][ T5927] libceph: connect (1)[c::]:6789 error -101
[  635.712716][ T5927] libceph: mon0 (1)[c::]:6789 connect error
[  636.078872][ T9503] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  636.129714][ T9503] usb 5-1: device descriptor read/8, error -71
[  636.167044][T11117] ceph: No mds server is up or the cluster is laggy
[  636.252543][ T9503] usb usb5-port1: unable to enumerate USB device
[  636.334482][T10944] 8021q: adding VLAN 0 to HW filter on device bond0
[  636.399608][T10944] 8021q: adding VLAN 0 to HW filter on device team0
[  636.515303][ T6605] bridge0: port 1(bridge_slave_0) entered blocking state
[  636.522566][ T6605] bridge0: port 1(bridge_slave_0) entered forwarding state
[  636.555212][ T6605] bridge0: port 2(bridge_slave_1) entered blocking state
[  636.562428][ T6605] bridge0: port 2(bridge_slave_1) entered forwarding state
[  636.714062][   T30] audit: type=1326 audit(1752671508.249:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11136 comm="syz.1.1299" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  637.799752][T11165] SET target dimension over the limit!
[  637.806266][T11165] netlink: 'syz.2.1304': attribute type 3 has an invalid length.
[  637.814281][T11165] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1304'.
[  639.102945][T10944] 8021q: adding VLAN 0 to HW filter on device batadv0
[  639.249133][ T5848] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  640.004997][   T30] audit: type=1326 audit(1752671511.559:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11192 comm="syz.1.1313" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  641.447217][T10944] veth0_vlan: entered promiscuous mode
[  641.518243][T10944] veth1_vlan: entered promiscuous mode
[  641.644911][T10944] veth0_macvtap: entered promiscuous mode
[  641.695886][T10944] veth1_macvtap: entered promiscuous mode
[  641.714089][ T5848] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  641.926984][T10944] batman_adv: batadv0: Interface activated: batadv_slave_0
[  641.978899][T10944] batman_adv: batadv0: Interface activated: batadv_slave_1
[  642.026048][T10944] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  642.068429][T10944] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  642.098251][T10944] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  642.134060][T10944] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  642.545400][ T6658] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  642.597700][   T30] audit: type=1326 audit(1752671514.139:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11237 comm="syz.1.1324" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  642.618736][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.195191][ T6658] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  643.375944][ T6658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  643.412559][ T6658] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  644.017194][ T5848] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  645.181792][T11288] xt_ipcomp: unknown flags 12
[  647.469415][ T5848] Bluetooth: hci0: ACL packet for unknown connection handle 200
[  648.863199][ T5848] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  650.264198][T11386] netlink: 'syz.1.1364': attribute type 39 has an invalid length.
[  650.808579][T11394] netlink: 'syz.4.1366': attribute type 10 has an invalid length.
[  650.834469][T11394] 8021q: adding VLAN 0 to HW filter on device batadv0
[  650.860653][T11394] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  651.903299][T11394] syz.4.1366 (11394) used greatest stack depth: 18792 bytes left
[  652.030290][T11396] tipc: Resetting bearer <eth:vlan0>
[  654.850422][T11444] netlink: 'syz.1.1378': attribute type 1 has an invalid length.
[  654.917444][T11444] 8021q: adding VLAN 0 to HW filter on device bond2
[  655.143735][ T5913] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  655.301951][ T5913] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  655.315049][ T5913] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  655.348140][ T5913] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  655.400208][ T5913] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  655.454754][ T5913] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  655.509951][ T5913] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  655.527187][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  655.562726][ T5913] usb 5-1: Product: syz
[  655.585111][ T5913] usb 5-1: Manufacturer: syz
[  655.638396][ T5913] cdc_wdm 5-1:1.0: skipping garbage
[  655.744465][ T5913] cdc_wdm 5-1:1.0: skipping garbage
[  655.903636][ T5913] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  655.983306][ T5913] cdc_wdm 5-1:1.0: Unknown control protocol
[  656.315929][ T5913] usb 5-1: USB disconnect, device number 32
[  656.855506][ T5913] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  657.191569][ T5913] usb 7-1: Using ep0 maxpacket: 8
[  657.217986][ T5913] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  657.259185][ T5913] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  657.442589][ T5913] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  657.479947][ T5913] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  657.508815][ T5913] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  657.527019][ T5913] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  657.566591][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.806292][ T5913] usb 7-1: usb_control_msg returned -32
[  657.813552][ T5913] usbtmc 7-1:16.0: can't read capabilities
[  658.692387][T11488] kAFS: No cell specified
[  661.167827][ T5953] usb 7-1: USB disconnect, device number 2
[  663.026434][T11535] netlink: 'syz.4.1396': attribute type 1 has an invalid length.
[  663.292736][T11535] 8021q: adding VLAN 0 to HW filter on device bond2
[  663.404174][T11541] kAFS: No cell specified
[  665.769656][ T5894] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  665.928901][ T5894] usb 7-1: Using ep0 maxpacket: 16
[  665.936114][ T5894] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  665.947830][ T5894] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  665.988381][ T5894] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  665.997929][ T5894] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.019546][ T5894] usb 7-1: Product: syz
[  666.027270][ T5894] usb 7-1: Manufacturer: syz
[  666.042371][ T5894] usb 7-1: SerialNumber: syz
[  666.064636][ T5894] usb 7-1: config 0 descriptor??
[  666.122074][ T5894] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  666.158831][ T5894] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  666.659633][   T30] audit: type=1326 audit(1752671538.209:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11581 comm="syz.1.1406" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6bd0f8e929 code=0x0
[  666.805514][ T8734] IPVS: starting estimator thread 0...
[  666.919043][T11592] IPVS: using max 28 ests per chain, 67200 per kthread
[  667.005998][ T5894] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  667.014495][ T5894] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[  667.626941][ T5894] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[  667.643424][ T5894] em28xx 7-1:0.0: couldn't setup AC97 register 2
[  667.747692][T11604] kAFS: No cell specified
[  668.258941][ T5894] em28xx 7-1:0.0: couldn't setup AC97 register 4
[  668.624413][ T5894] em28xx 7-1:0.0: couldn't setup AC97 register 6
[  668.632521][ T5894] em28xx 7-1:0.0: couldn't setup AC97 register 54
[  668.639314][ T5894] em28xx 7-1:0.0: couldn't setup AC97 register 56
[  668.663856][ T5894] usb 7-1: USB disconnect, device number 3
[  670.375176][T11632] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  670.481999][T11634] syzkaller0: entered promiscuous mode
[  670.522683][T11634] syzkaller0: entered allmulticast mode
[  670.642678][T11632] tipc: Resetting bearer <eth:syzkaller0>
[  670.766625][T11631] tipc: Resetting bearer <eth:syzkaller0>
[  670.850054][T11631] tipc: Disabling bearer <eth:syzkaller0>
[  671.168886][ T5894] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  671.231084][T11651] overlayfs: missing 'lowerdir'
[  671.358981][ T5894] usb 6-1: Using ep0 maxpacket: 8
[  671.377106][ T5894] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  671.395027][ T5894] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  671.405199][ T8734] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  671.440944][ T5894] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  671.464310][ T5894] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  671.488219][ T5894] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  671.535926][ T5894] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  671.560883][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.588801][ T8734] usb 3-1: Using ep0 maxpacket: 8
[  671.606846][ T8734] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  671.630076][ T8734] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.650651][ T8734] usb 3-1: Product: syz
[  671.661851][ T8734] usb 3-1: Manufacturer: syz
[  671.676804][ T8734] usb 3-1: SerialNumber: syz
[  671.707829][ T8734] usb 3-1: config 0 descriptor??
[  671.730938][ T8734] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  671.755793][ T8734] usb 3-1: setting power ON
[  671.772603][ T8734] dvb-usb: bulk message failed: -22 (2/0)
[  671.798779][ T5894] usb 6-1: usb_control_msg returned -32
[  671.809838][ T8734] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  671.830815][ T5894] usbtmc 6-1:16.0: can't read capabilities
[  671.845673][ T8734] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  671.874483][ T8734] usb 3-1: media controller created
[  671.989272][ T8734] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  672.096330][ T8734] usb 3-1: selecting invalid altsetting 6
[  672.107789][ T8734] usb 3-1: digital interface selection failed (-22)
[  672.125581][ T8734] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  672.162594][T11639] usbtmc 6-1:16.0: usb_control_msg returned -32
[  672.176362][ T9644] usb 6-1: USB disconnect, device number 4
[  672.192023][ T8734] usb 3-1: setting power OFF
[  672.218427][ T8734] dvb-usb: bulk message failed: -22 (2/0)
[  672.230116][ T8734] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  672.267028][ T8734] (NULL device *): no alternate interface
[  672.371425][ T8734] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  672.430250][ T8734] usb 3-1: USB disconnect, device number 37
[  672.476927][T11677] kAFS: No cell specified
[  673.022315][T11687] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1423'.
[  674.593269][T11702] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1428'.
[  674.767876][T11707] overlayfs: missing 'lowerdir'
[  676.378160][T11746] xt_ecn: cannot match TCP bits for non-tcp packets
[  676.448215][T11748] loop6: detected capacity change from 0 to 2098
[  676.830302][T11754] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1439'.
[  678.995403][T11779] overlayfs: missing 'workdir'
[  679.028401][T11777] delete_channel: no stack
[  679.468838][ T5913] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  679.629450][ T5913] usb 3-1: Using ep0 maxpacket: 8
[  679.821132][ T5913] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  679.865411][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.580152][ T5913] usb 3-1: Product: syz
[  680.584390][ T5913] usb 3-1: Manufacturer: syz
[  680.761465][ T5913] usb 3-1: SerialNumber: syz
[  680.791190][ T5913] usb 3-1: config 0 descriptor??
[  680.801030][ T5913] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  680.819971][ T5913] usb 3-1: setting power ON
[  680.876666][T11806] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1452'.
[  681.423806][ T5913] dvb-usb: bulk message failed: -22 (2/0)
[  681.524782][ T5913] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  681.541607][ T5913] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  681.558270][ T5913] usb 3-1: media controller created
[  681.759677][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  681.782980][ T5913] usb 3-1: selecting invalid altsetting 6
[  682.259552][ T5913] usb 3-1: digital interface selection failed (-22)
[  682.266209][ T5913] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  682.548849][ T5913] usb 3-1: setting power OFF
[  682.553598][ T5913] dvb-usb: bulk message failed: -22 (2/0)
[  682.589497][ T5913] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  682.646879][ T5913] (NULL device *): no alternate interface
[  682.912089][ T5913] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  683.041166][ T5913] usb 3-1: USB disconnect, device number 38
[  683.453039][T11821] delete_channel: no stack
[  684.642724][T11846] CUSE: unknown device info "ÿ
"
[  684.647791][T11846] CUSE: zero length info key specified
[  685.624292][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  685.682222][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  687.569408][ T5981] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  688.349456][ T5981] usb 3-1: Using ep0 maxpacket: 8
[  688.481389][ T5981] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  688.520279][ T5981] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.545469][ T5981] usb 3-1: Product: syz
[  688.575263][ T5981] usb 3-1: Manufacturer: syz
[  688.584251][ T5981] usb 3-1: SerialNumber: syz
[  688.616367][ T5981] usb 3-1: config 0 descriptor??
[  689.100647][ T5981] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  689.113612][ T5981] usb 3-1: setting power ON
[  689.118249][ T5981] dvb-usb: bulk message failed: -22 (2/0)
[  689.182793][ T5981] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  689.244999][ T5981] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  689.276545][T11873] dvb-usb: bulk message failed: -22 (3/0)
[  689.289567][ T5981] usb 3-1: media controller created
[  689.339338][T11873] cxusb: i2c rd: len=138 is too big!
[  689.339338][T11873] 
[  689.428639][ T5981] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  689.559794][ T5981] usb 3-1: selecting invalid altsetting 6
[  689.568996][ T5981] usb 3-1: digital interface selection failed (-22)
[  689.575655][ T5981] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  689.645060][ T5981] usb 3-1: setting power OFF
[  689.686314][ T5981] dvb-usb: bulk message failed: -22 (2/0)
[  689.697328][ T5981] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  689.727372][T11887] delete_channel: no stack
[  689.733267][ T5981] (NULL device *): no alternate interface
[  689.911745][ T5981] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  690.466706][ T5981] usb 3-1: USB disconnect, device number 39
[  691.259434][T11909] bridge0: entered promiscuous mode
[  691.278529][T11909] macvlan2: entered promiscuous mode
[  691.308739][T11914] xt_ecn: cannot match TCP bits for non-tcp packets
[  691.338368][T11914] loop6: detected capacity change from 0 to 2098
[  692.155343][T11927] netlink: 260 bytes leftover after parsing attributes in process `syz.6.1481'.
[  693.079801][T11933] delete_channel: no stack
[  694.433390][T11951] SET target dimension over the limit!
[  694.440558][T11951] netlink: 'syz.4.1488': attribute type 3 has an invalid length.
[  694.448298][T11951] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1488'.
[  694.666762][T11961] CUSE: unknown device info "ÿ
"
[  694.673019][T11961] CUSE: zero length info key specified
[  696.313737][T11978] delete_channel: no stack
[  696.979785][   T30] audit: type=1326 audit(1752671568.079:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11973 comm="syz.4.1493" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53cad8e929 code=0x0
[  697.127795][T11987] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1499'.
[  697.474403][ T8734] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  697.666088][ T8734] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  697.712462][ T8734] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  697.779813][ T8734] usb 5-1: New USB device found, idVendor=05ac, idProduct=0290, bcdDevice=dc.1b
[  697.828620][T12009] tipc: Started in network mode
[  697.835786][T12009] tipc: Node identity , cluster identity 4711
[  697.842048][T12009] tipc: Failed to set node id, please configure manually
[  697.891185][ T8734] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=35
[  697.983375][T12009] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  698.018030][ T8734] usb 5-1: SerialNumber: syz
[  698.034946][ T8734] usb 5-1: config 0 descriptor??
[  698.238821][ T5953] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  698.416366][ T5953] usb 6-1: device descriptor read/64, error -71
[  698.739348][ T5953] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  698.747248][T12020] SET target dimension over the limit!
[  698.753391][T12020] netlink: 'syz.1.1504': attribute type 3 has an invalid length.
[  698.761196][T12020] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1504'.
[  699.078842][ T5953] usb 6-1: device descriptor read/64, error -71
[  699.190504][ T5953] usb usb6-port1: attempt power cycle
[  699.882455][T12030] delete_channel: no stack
[  699.889355][ T5953] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  699.941636][ T5953] usb 6-1: device descriptor read/8, error -71
[  700.236967][ T5953] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  700.323205][ T5953] usb 6-1: device descriptor read/8, error -71
[  700.459114][ T5953] usb usb6-port1: unable to enumerate USB device
[  701.169182][T12047] netlink: 260 bytes leftover after parsing attributes in process `syz.6.1510'.
[  701.837867][ T5953] usb 5-1: USB disconnect, device number 33
[  703.570835][T12066] SET target dimension over the limit!
[  703.576965][T12066] netlink: 'syz.5.1515': attribute type 3 has an invalid length.
[  703.585554][T12066] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1515'.
[  703.775588][T12077] CUSE: unknown device info "ÿ
"
[  703.787859][T12077] CUSE: zero length info key specified
[  704.959011][T12083] delete_channel: no stack
[  708.171678][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  710.239190][T12148] delete_channel: no stack
[  710.736743][T12165] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1532'.
[  717.102186][T12224] delete_channel: no stack
[  717.678929][ T5894] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  717.781376][ T9644] lo speed is unknown, defaulting to 1000
[  717.911488][ T5894] usb 7-1: config 160 has an invalid interface number: 200 but max is 0
[  717.938234][ T5894] usb 7-1: config 160 has no interface number 0
[  717.965256][ T5894] usb 7-1: config 160 interface 200 has no altsetting 0
[  717.995721][ T5894] usb 7-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  718.035705][ T5894] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.060187][ T5894] usb 7-1: Product: syz
[  718.064728][ T5894] usb 7-1: Manufacturer: syz
[  718.086859][ T5894] usb 7-1: SerialNumber: syz
[  718.816525][ T5894] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  718.834706][ T5894] usb 7-1: MIDIStreaming interface descriptor not found
[  719.276349][ T5894] usb 7-1: USB disconnect, device number 4
[  719.565373][T12273] udevd[12273]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  723.802099][T12300] delete_channel: no stack
[  725.930554][T12334] SET target dimension over the limit!
[  725.936887][T12334] netlink: 'syz.1.1564': attribute type 3 has an invalid length.
[  725.944718][T12334] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1564'.
[  730.349147][ T5894] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  730.618181][ T5894] usb 6-1: config 160 has an invalid interface number: 200 but max is 0
[  730.638298][ T5894] usb 6-1: config 160 has no interface number 0
[  731.609092][ T5894] usb 6-1: config 160 interface 200 has no altsetting 0
[  731.631960][ T5894] usb 6-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  731.648115][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.344385][ T5894] usb 6-1: Product: syz
[  732.348599][ T5894] usb 6-1: Manufacturer: syz
[  732.353287][ T5894] usb 6-1: SerialNumber: syz
[  732.359788][   T30] audit: type=1326 audit(1752671603.469:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12374 comm="syz.6.1575" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f667ab8e929 code=0x0
[  732.589839][ T5894] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  732.618373][ T5894] usb 6-1: MIDIStreaming interface descriptor not found
[  732.781578][ T5894] usb 6-1: USB disconnect, device number 9
[  733.325255][T12276] udevd[12276]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  736.282837][T12445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1587'.
[  739.081559][T12461] xt_CT: No such helper "pptp"
[  745.090012][ T5981] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  745.942955][ T5981] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  747.056056][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  747.181831][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  747.885134][ T5981] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  748.239803][ T5981] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.285740][ T5981] usb 6-1: config 0 descriptor??
[  748.326400][ T5981] usb 6-1: can't set config #0, error -71
[  748.520445][ T5981] usb 6-1: USB disconnect, device number 10
[  749.490154][T12558] xt_ecn: cannot match TCP bits for non-tcp packets
[  749.929065][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  751.110277][T12577] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1617'.
[  755.425317][T12621] xt_ecn: cannot match TCP bits for non-tcp packets
[  756.365399][ T8734] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  756.368777][ T5981] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  756.572849][ T8734] usb 3-1: config 0 has no interfaces?
[  756.616341][ T8734] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  756.628510][ T8734] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.643178][ T8734] usb 3-1: Product: syz
[  756.647399][ T8734] usb 3-1: Manufacturer: syz
[  756.662808][ T8734] usb 3-1: SerialNumber: syz
[  756.693709][ T8734] usb 3-1: config 0 descriptor??
[  756.719931][ T5981] usb 7-1: Using ep0 maxpacket: 32
[  756.773272][ T5981] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  756.822345][ T5981] usb 7-1: config 0 has no interface number 0
[  756.861042][ T5981] usb 7-1: config 0 interface 12 has no altsetting 0
[  756.896471][ T5981] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  756.928569][T12623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1628'.
[  756.938326][ T5981] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.946464][ T5981] usb 7-1: Product: syz
[  756.955864][ T5981] usb 7-1: Manufacturer: syz
[  756.961934][ T5981] usb 7-1: SerialNumber: syz
[  757.586199][ T5981] usb 7-1: config 0 descriptor??
[  757.629631][ T5981] f81534 7-1:0.12: required endpoints missing
[  758.015621][ T5842] Bluetooth: hci4: command 0x0406 tx timeout
[  758.197186][T12627] lo speed is unknown, defaulting to 1000
[  758.945687][ T9644] usb 3-1: USB disconnect, device number 40
[  759.358071][ T5981] usb 7-1: USB disconnect, device number 5
[  762.804168][T12668] syzkaller0: entered promiscuous mode
[  762.862180][T12668] syzkaller0: entered allmulticast mode
[  764.801409][ T9503] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  764.998877][ T9503] usb 5-1: Using ep0 maxpacket: 16
[  765.026031][ T9503] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  765.052183][ T9503] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  765.093123][ T9503] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  765.101169][T12692] kvm: pic: single mode not supported
[  765.105958][ T9503] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.113345][T12692] kvm: pic: single mode not supported
[  765.121404][T12692] kvm: pic: level sensitive irq not supported
[  765.127501][ T9503] usb 5-1: Product: syz
[  765.127523][ T9503] usb 5-1: Manufacturer: syz
[  765.127538][ T9503] usb 5-1: SerialNumber: syz
[  765.159778][ T9503] usb 5-1: config 0 descriptor??
[  765.185808][ T9503] em28xx 5-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  765.211001][T12692] kvm: pic: single mode not supported
[  765.211016][T12692] kvm: pic: level sensitive irq not supported
[  765.222901][T12692] kvm: pic: single mode not supported
[  765.229560][T12692] kvm: pic: level sensitive irq not supported
[  765.260451][T12692] kvm: pic: single mode not supported
[  765.266615][T12692] kvm: pic: level sensitive irq not supported
[  766.849756][ T5953] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  767.045994][ T5981] usb 5-1: USB disconnect, device number 34
[  767.060599][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  767.125763][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  767.165809][ T5953] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  767.195447][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.220291][ T5953] usb 3-1: config 0 descriptor??
[  771.419028][  T980] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  771.511823][ T5953] usbhid 3-1:0.0: can't add hid device: -71
[  771.529877][ T5953] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  771.575368][ T5953] usb 3-1: USB disconnect, device number 41
[  771.708813][  T980] usb 6-1: Using ep0 maxpacket: 32
[  771.715637][  T980] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  771.766074][  T980] usb 6-1: config 0 has no interface number 0
[  771.785648][  T980] usb 6-1: config 0 interface 12 has no altsetting 0
[  771.810823][  T980] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  771.841295][  T980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.018689][  T980] usb 6-1: Product: syz
[  772.023000][  T980] usb 6-1: Manufacturer: syz
[  772.038076][  T980] usb 6-1: SerialNumber: syz
[  772.060390][  T980] usb 6-1: config 0 descriptor??
[  772.090452][  T980] f81534 6-1:0.12: required endpoints missing
[  772.091569][T12760] xt_ecn: cannot match TCP bits for non-tcp packets
[  772.159372][T12763] loop6: detected capacity change from 0 to 2098
[  772.673266][T12752] lo speed is unknown, defaulting to 1000
[  773.228788][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  774.000171][ T5953] usb 6-1: USB disconnect, device number 11
[  776.789082][ T8734] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  777.178761][ T8734] usb 7-1: Using ep0 maxpacket: 32
[  777.186424][ T8734] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  777.195715][ T8734] usb 7-1: config 0 has no interface number 0
[  777.212125][ T8734] usb 7-1: config 0 interface 12 has no altsetting 0
[  777.250744][ T8734] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  777.288713][ T8734] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.296732][ T8734] usb 7-1: Product: syz
[  777.318238][ T8734] usb 7-1: Manufacturer: syz
[  777.329436][ T8734] usb 7-1: SerialNumber: syz
[  777.359365][ T8734] usb 7-1: config 0 descriptor??
[  777.386853][ T8734] f81534 7-1:0.12: required endpoints missing
[  777.945036][T12822] lo speed is unknown, defaulting to 1000
[  778.591323][ T5842] Bluetooth: hci4: command 0x0406 tx timeout
[  779.498112][ T9644] usb 7-1: USB disconnect, device number 6
[  780.476039][T12872] vlan2: entered allmulticast mode
[  780.482621][T12872] veth1: entered allmulticast mode
[  783.389707][ T5953] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  783.548776][ T5953] usb 6-1: Using ep0 maxpacket: 32
[  783.773153][ T5953] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  783.789027][ T5953] usb 6-1: config 0 has no interface number 0
[  783.799386][ T5953] usb 6-1: config 0 interface 12 has no altsetting 0
[  783.819615][ T5953] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  783.876961][ T5953] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.895784][ T5953] usb 6-1: Product: syz
[  783.920191][T12910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1711'.
[  783.946085][ T5953] usb 6-1: Manufacturer: syz
[  783.952236][T12910] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1711'.
[  784.006354][ T5953] usb 6-1: SerialNumber: syz
[  784.112985][ T5953] usb 6-1: config 0 descriptor??
[  784.215652][ T5953] f81534 6-1:0.12: required endpoints missing
[  784.497431][ T5953] usb 6-1: USB disconnect, device number 12
[  785.231309][T12930] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1716'.
[  785.294224][T12932] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1718'.
[  787.345198][T12957] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1726'.
[  787.578346][T12953] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1726'.
[  789.530426][T12974] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1731'.
[  789.541721][T12974] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1731'.
[  790.179093][ T9644] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  790.395182][ T9644] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  790.410923][ T9644] usb 7-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  790.438704][ T9644] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  790.458984][ T9644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.559879][ T9644] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  790.605203][ T9644] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -2
[  790.702839][T12980] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  790.863744][T10631] udevd[10631]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  791.272612][  T980] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  791.546832][  T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  791.604327][  T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  791.854079][  T980] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  791.987723][  T980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.049929][  T980] usb 5-1: config 0 descriptor??
[  792.858225][T13008] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1740'.
[  793.518303][T12980] delete_channel: no stack
[  793.529975][ T5913] usb 7-1: USB disconnect, device number 7
[  794.507564][T13026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1748'.
[  794.519036][T13026] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1748'.
[  794.588421][  T980] usbhid 5-1:0.0: can't add hid device: -71
[  794.614540][  T980] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  794.715412][  T980] usb 5-1: USB disconnect, device number 35
[  796.335107][T13047] netlink: 'syz.5.1753': attribute type 10 has an invalid length.
[  796.346787][T13047] 8021q: adding VLAN 0 to HW filter on device batadv0
[  796.371485][T13047] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  797.421482][T13056] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1758'.
[  797.724854][  T980] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  798.411357][  T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  798.447421][  T980] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  798.470325][  T980] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  798.482263][  T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.511787][  T980] usb 3-1: config 0 descriptor??
[  798.578245][T13072] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1761'.
[  798.894857][T13078] netlink: 'syz.1.1764': attribute type 3 has an invalid length.
[  798.903988][T13078] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1764'.
[  799.951919][T13089] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1767'.
[  799.962612][T13089] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1767'.
[  801.064230][T13101] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1772'.
[  802.588485][T13118] Cannot find del_set index 2 as target
[  803.851635][  T980] usbhid 3-1:0.0: can't add hid device: -32
[  803.859981][  T980] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[  804.116662][  T980] usb 3-1: USB disconnect, device number 42
[  804.124432][   T30] audit: type=1326 audit(1752671675.679:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13120 comm="syz.5.1778" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f403cd8e929 code=0x0
[  805.037453][T13139] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1782'.
[  808.119644][T13168] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1791'.
[  808.130190][T13168] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1791'.
[  808.218928][ T5894] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  808.494536][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  808.503072][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  808.513363][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  808.545344][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  808.575193][ T5894] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  808.595687][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.626054][ T5894] usb 5-1: config 0 descriptor??
[  814.038021][ T5894] usbhid 5-1:0.0: can't add hid device: -32
[  814.044128][ T5894] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  814.266864][ T8734] usb 5-1: USB disconnect, device number 36
[  814.529307][ T5894] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  814.588053][T13219] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1802'.
[  814.708763][ T5894] usb 3-1: Using ep0 maxpacket: 32
[  814.805805][ T5894] usb 3-1: config 0 has no interfaces?
[  814.817861][ T5894] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  814.842774][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.863347][ T5894] usb 3-1: config 0 descriptor??
[  816.896468][   T30] audit: type=1326 audit(1752671688.449:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13242 comm="syz.4.1813" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f53cad8e929 code=0x0
[  817.444065][ T5913] usb 3-1: USB disconnect, device number 43
[  817.934189][T13264] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1815'.
[  817.949079][T13264] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1815'.
[  825.070166][T13336] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1835'.
[  826.174267][T13336] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1835'.
[  835.499218][T13417] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1855'.
[  835.509712][T13417] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1855'.
[  838.884638][ T9644] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  839.048775][ T9644] usb 7-1: Using ep0 maxpacket: 8
[  839.102191][ T9644] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  839.860995][ T9644] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  839.919349][ T9644] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  839.940207][ T9644] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  839.961861][ T9644] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  840.010399][ T9644] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  840.200389][ T9644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.631304][ T9644] usb 7-1: usb_control_msg returned -32
[  840.636943][ T9644] usbtmc 7-1:16.0: can't read capabilities
[  841.816086][T13486] netlink: 'syz.2.1874': attribute type 12 has an invalid length.
[  842.167086][  T980] usb 7-1: USB disconnect, device number 8
[  843.816437][T13501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1878'.
[  843.860277][T13501] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1878'.
[  846.066922][T13518] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1882'.
[  846.451319][T13529] netlink: 'syz.4.1886': attribute type 10 has an invalid length.
[  846.634594][T13534] binder: BINDER_SET_CONTEXT_MGR already set
[  846.641624][T13534] binder: 13531:13534 ioctl 4018620d 2000000001c0 returned -16
[  850.837696][T13585] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1899'.
[  850.848119][T13585] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1899'.
[  850.989637][   T30] audit: type=1326 audit(1752671722.539:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13578 comm="syz.6.1901" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f667ab8e929 code=0x0
[  852.000306][ T9644] IPVS: starting estimator thread 0...
[  852.080159][T13583] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  852.096912][T13583] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  852.104382][T13599] IPVS: using max 29 ests per chain, 69600 per kthread
[  852.154067][T13583] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  852.162143][T13583] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  852.179958][T13583] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  852.186684][T13583] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  852.203564][T13583] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  852.460457][T13583] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  852.467730][T13583] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  852.546671][T13583] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  852.560465][T13583] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  854.169143][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout
[  854.248702][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  854.255147][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  854.496897][T13624] Bluetooth: hci2: command 0x0406 tx timeout
[  854.580188][T13624] Bluetooth: hci4: command 0x0406 tx timeout
[  856.248896][T13624] Bluetooth: hci0: command 0x0c1a tx timeout
[  856.329862][T13624] Bluetooth: hci3: command 0x0406 tx timeout
[  856.336037][ T5842] Bluetooth: hci1: command 0x0406 tx timeout
[  856.568947][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  856.648655][ T5842] Bluetooth: hci4: command 0x0406 tx timeout
[  857.088807][ T8734] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  857.328658][ T8734] usb 7-1: Using ep0 maxpacket: 32
[  857.335835][ T8734] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  857.344357][ T8734] usb 7-1: config 0 has no interface number 0
[  857.351077][ T8734] usb 7-1: config 0 interface 12 has no altsetting 0
[  857.361895][ T8734] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  857.371192][ T8734] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.382101][ T8734] usb 7-1: Product: syz
[  857.387402][ T8734] usb 7-1: Manufacturer: syz
[  857.392501][ T8734] usb 7-1: SerialNumber: syz
[  857.400438][ T8734] usb 7-1: config 0 descriptor??
[  857.418315][ T8734] f81534 7-1:0.12: required endpoints missing
[  857.424911][ T9644] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  857.595929][ T9644] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  857.624596][ T9644] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  857.660080][ T9644] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  857.681618][ T9644] usb 3-1: config 0 descriptor??
[  857.704334][ T9644] hub 3-1:0.0: bad descriptor, ignoring hub
[  857.714920][ T9644] hub 3-1:0.0: probe with driver hub failed with error -5
[  857.723561][ T9644] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  858.049953][T13653] lo speed is unknown, defaulting to 1000
[  858.410980][T13624] Bluetooth: hci3: command 0x0406 tx timeout
[  858.808693][T13624] Bluetooth: hci4: command 0x0406 tx timeout
[  858.878355][T13671] random: crng reseeded on system resumption
[  859.254830][T13679] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1927'.
[  860.199012][ T8734] usb 7-1: USB disconnect, device number 9
[  860.309345][T13679] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1927'.
[  860.358971][  T980] usb 3-1: USB disconnect, device number 44
[  860.745825][T13691] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1931'.
[  862.863172][  T980] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  863.928739][  T980] usb 7-1: Using ep0 maxpacket: 16
[  863.937335][  T980] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  863.951124][  T980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  863.986036][  T980] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  864.053449][  T980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  864.069985][  T980] usb 7-1: Product: syz
[  864.085304][  T980] usb 7-1: Manufacturer: syz
[  864.092365][  T980] usb 7-1: SerialNumber: syz
[  864.100085][  T980] usb 7-1: config 0 descriptor??
[  864.125182][  T980] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  864.172388][  T980] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[  864.737414][  T980] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  864.763841][  T980] em28xx 7-1:0.0: Config register raw data: 0x00
[  866.208658][T13736] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1942'.
[  866.685607][ T8734] usb 7-1: USB disconnect, device number 10
[  866.821691][ T8734] em28xx 7-1:0.0: Disconnecting em28xx
[  866.959474][ T8734] em28xx 7-1:0.0: Freeing device
[  869.728655][ T5981] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  869.839636][T13766] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1950'.
[  869.878651][ T5981] usb 5-1: Using ep0 maxpacket: 32
[  869.893679][ T5981] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  869.919914][ T5981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  869.942245][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  869.948773][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  870.091262][ T5981] usb 5-1: config 0 descriptor??
[  870.305347][ T5981] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  870.329432][  T980] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  870.351596][ T5981] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  870.455129][ T5981] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  870.499762][  T980] usb 6-1: device descriptor read/64, error -71
[  871.559657][  T980] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  871.729675][  T980] usb 6-1: device descriptor read/64, error -71
[  871.850554][  T980] usb usb6-port1: attempt power cycle
[  872.209863][  T980] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  872.249574][  T980] usb 6-1: device descriptor read/8, error -71
[  872.498992][  T980] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  872.542888][  T980] usb 6-1: device descriptor read/8, error -71
[  872.752100][  T980] usb usb6-port1: unable to enumerate USB device
[  872.931148][ T5913] usb 7-1: new full-speed USB device number 11 using dummy_hcd
[  873.737445][ T5913] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  874.306705][ T5913] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  874.564216][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.576596][ T5913] usb 7-1: config 0 descriptor??
[  874.586459][ T5913] hub 7-1:0.0: bad descriptor, ignoring hub
[  874.595910][ T5913] hub 7-1:0.0: probe with driver hub failed with error -5
[  874.705848][ T5913] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  876.858649][ T5953] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  877.018660][ T5953] usb 3-1: Using ep0 maxpacket: 32
[  877.055126][ T5953] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  877.106709][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  877.175115][ T5953] usb 3-1: config 0 descriptor??
[  877.563238][  T980] usb 7-1: USB disconnect, device number 11
[  877.575456][ T5953] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  879.616427][T13838] ptrace attach of "./syz-executor exec"[10468] was attempted by "./syz-executor exec"[13838]
[  879.636318][T13838] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1966'.
[  879.650114][T13838] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1966'.
[  879.660585][T13838] netlink: 'syz.5.1966': attribute type 3 has an invalid length.
[  879.671947][T13838] netlink: 11 bytes leftover after parsing attributes in process `syz.5.1966'.
[  881.926666][T13848] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus
[  881.940108][T13844] lo speed is unknown, defaulting to 1000
[  882.212947][T13856] SET target dimension over the limit!
[  884.029238][ T5913] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  884.272747][ T5913] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  884.283159][ T5913] usb 6-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  884.327417][ T5913] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  884.565863][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.713532][ T5913] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  884.906723][T13876] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  885.044183][ T5913] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[  885.075062][T13885] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  886.315039][T13897] SET target dimension over the limit!
[  887.537670][ T5894] usb 6-1: USB disconnect, device number 17
[  887.546713][T13874] delete_channel: no stack
[  887.680932][T13914] lo speed is unknown, defaulting to 1000
[  888.947722][T13932] SET target dimension over the limit!
[  892.969443][T13971] SET target dimension over the limit!
[  893.697074][T13978] CUSE: unknown device info "ÿ
"
[  893.702207][T13978] CUSE: zero length info key specified
[  901.026565][T14024] SET target dimension over the limit!
[  905.229291][T14054] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2030'.
[  905.274345][T14054] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2030'.
[  907.509516][T14064] binder: 14060:14064 ioctl 4018620d 0 returned -22
[  908.029194][ T5894] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  908.202193][ T5894] usb 7-1: Using ep0 maxpacket: 8
[  908.220548][ T5894] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  908.233852][ T5894] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  908.278925][ T5894] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  908.319478][ T5894] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  908.460524][ T5894] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  908.474067][ T5894] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  908.484097][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  908.612393][T14086] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2038'.
[  908.750673][ T5894] usb 7-1: usb_control_msg returned -32
[  909.252534][ T5894] usbtmc 7-1:16.0: can't read capabilities
[  909.525095][T14088] SET target dimension over the limit!
[  910.027875][T14093] CUSE: unknown device info "ÿ
"
[  910.033804][T14093] CUSE: zero length info key specified
[  910.626539][ T9644] usb 7-1: USB disconnect, device number 12
[  913.576013][T14138] SET target dimension over the limit!
[  914.480048][T14144] CUSE: unknown device info "ÿ
"
[  914.485156][T14144] CUSE: zero length info key specified
[  916.393747][T14166] netlink: 'syz.1.2052': attribute type 4 has an invalid length.
[  916.429958][T14166] netlink: 'syz.1.2052': attribute type 4 has an invalid length.
[  916.530161][T14167] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2058'.
[  916.715891][T14167] openvswitch: netlink: Flow key attr not present in new flow.
[  918.687117][T14179] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2062'.
[  919.015510][T14187] SET target dimension over the limit!
[  919.023167][ T9644] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  919.698669][ T9644] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  919.736045][ T9644] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  919.773451][ T9644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.802361][ T9644] usb 7-1: config 0 descriptor??
[  919.816037][ T9644] hub 7-1:0.0: bad descriptor, ignoring hub
[  919.823006][ T9644] hub 7-1:0.0: probe with driver hub failed with error -5
[  919.832563][ T9644] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  921.466441][T14216] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2074'.
[  921.766771][T14223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2076'.
[  922.224498][T14222] lo speed is unknown, defaulting to 1000
[  923.006436][T14233] SET target dimension over the limit!
[  923.639684][ T8734] usb 7-1: USB disconnect, device number 13
[  925.344616][T14254] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2086'.
[  925.618027][    C0] hrtimer: interrupt took 34640 ns
[  925.796222][T14270] CUSE: unknown device info "ÿ
"
[  925.801623][T14270] CUSE: zero length info key specified
[  925.849216][ T5913] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[  926.316741][ T5913] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  926.366310][ T5913] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  926.405805][ T5913] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.451315][ T5913] usb 7-1: config 0 descriptor??
[  926.480828][ T5913] hub 7-1:0.0: bad descriptor, ignoring hub
[  926.505528][ T5913] hub 7-1:0.0: probe with driver hub failed with error -5
[  926.542721][ T5913] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  926.727973][T14280] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2088'.
[  929.321883][ T8734] usb 7-1: USB disconnect, device number 14
[  929.661061][T14310] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2101'.
[  930.921045][T14320] loop6: detected capacity change from 0 to 7
[  930.960952][T14320] Dev loop6: unable to read RDB block 7
[  930.984186][T14320]  loop6: unable to read partition table
[  931.017653][T14320] loop6: partition table beyond EOD, truncated
[  931.046958][T14320] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  931.374134][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  931.380735][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.404396][ T5953] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  931.464798][ T5981] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  931.498088][ T5953] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -2
[  931.517500][ T5981] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  931.540828][ T5953] usb 3-1: USB disconnect, device number 45
[  931.551649][ T5981] usb 5-1: USB disconnect, device number 37
[  931.825684][T14338] netlink: 'syz.1.2110': attribute type 8 has an invalid length.
[  931.888637][ T5953] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  932.030888][T14345] tipc: Started in network mode
[  932.036930][T14345] tipc: Node identity , cluster identity 4711
[  932.046860][T14345] tipc: Failed to obtain node identity
[  932.060810][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  932.078672][T14345] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  932.087810][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  932.161102][T14349] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2106'.
[  932.316668][T14348] syzkaller0: entered promiscuous mode
[  932.337967][T14348] syzkaller0: entered allmulticast mode
[  932.539356][ T5953] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  932.550032][ T5953] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  932.571682][ T5953] usb 3-1: config 0 descriptor??
[  933.529127][ T8734] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  933.893201][ T8734] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  933.913429][ T8734] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  933.957292][ T8734] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  933.980707][ T8734] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  934.023040][ T8734] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  934.115432][ T8734] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  934.145582][ T8734] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  934.161670][ T8734] usb 5-1: Product: syz
[  934.179557][ T8734] usb 5-1: Manufacturer: syz
[  934.245827][ T8734] cdc_wdm 5-1:1.0: skipping garbage
[  934.294213][ T8734] cdc_wdm 5-1:1.0: skipping garbage
[  934.315618][ T8734] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  934.344642][ T8734] cdc_wdm 5-1:1.0: Unknown control protocol
[  934.447924][ T5981] usb 5-1: USB disconnect, device number 38
[  935.066683][ T5953] usbhid 3-1:0.0: can't add hid device: -71
[  935.102370][ T5953] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  935.171444][ T5953] usb 3-1: USB disconnect, device number 46
[  935.580772][T14382] binder: BINDER_SET_CONTEXT_MGR already set
[  935.586829][T14382] binder: 14375:14382 ioctl 4018620d 200000000040 returned -16
[  935.634558][T14382] binder: 14375:14382 ioctl c0306201 200000001a80 returned -11
[  936.489630][ T8734] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  936.659151][ T8734] usb 5-1: Using ep0 maxpacket: 16
[  936.814038][T14389] netlink: 'syz.2.2122': attribute type 8 has an invalid length.
[  937.977535][T14402] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2124'.
[  938.577989][ T8734] usb 5-1: unable to get BOS descriptor or descriptor too short
[  938.610035][ T8734] usb 5-1: unable to read config index 0 descriptor/start: -71
[  938.621613][ T8734] usb 5-1: can't read configurations, error -71
[  939.584773][T14414] netlink: 'syz.1.2133': attribute type 8 has an invalid length.
[  940.104477][T14426] ------------[ cut here ]------------
[  940.110571][T14426] WARNING: CPU: 0 PID: 14426 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[  940.120551][T14426] Modules linked in:
[  940.125162][T14426] CPU: 0 UID: 0 PID: 14426 Comm: syz.6.2135 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  940.137658][T14426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  940.147924][T14426] RIP: 0010:folio_memcg+0x1a8/0x310
[  940.153172][T14426] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0f 56 65 09 cc e8 f9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  940.173069][T14426] RSP: 0018:ffffc9000cb47250 EFLAGS: 00010287
[  940.179179][T14426] RAX: ffffffff8205bd57 RBX: 0000000000000000 RCX: 0000000000080000
[  940.187152][T14426] RDX: ffffc900046da000 RSI: 000000000000b81a RDI: 000000000000b81b
[  940.195278][T14426] RBP: 0000000000000000 R08: ffffea0000c7a687 R09: 1ffffd400018f4d0
[  940.203517][T14426] R10: dffffc0000000000 R11: fffff9400018f4d1 R12: ffffea0000c7a6b0
[  940.211548][T14426] R13: dffffc0000000000 R14: ffff88805a263d00 R15: 0000000000000002
[  940.219646][T14426] FS:  00007f667badf6c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
[  940.229869][T14426] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  940.237018][T14426] CR2: 0000200000046030 CR3: 00000000349f2000 CR4: 00000000003526f0
[  940.245050][T14426] Call Trace:
[  940.248333][T14426]  <TASK>
[  940.251312][T14426]  workingset_activation+0x5f/0x4a0
[  940.256532][T14426]  ? folio_mark_accessed+0x2b1/0x4a0
[  940.262081][T14426]  folio_mark_accessed+0x3b5/0x4a0
[  940.267245][T14426]  kvm_release_page_dirty+0xa2/0xf0
[  940.272498][T14426]  kvm_tdp_page_fault+0x2dd/0x370
[  940.277553][T14426]  kvm_mmu_do_page_fault+0x2c5/0x640
[  940.282900][T14426]  ? vmx_vcpu_run+0xd8b/0x25d0
[  940.287670][T14426]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  940.293704][T14426]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  940.299292][T14426]  ? __pfx_current_save_fsgs+0x10/0x10
[  940.304762][T14426]  kvm_mmu_page_fault+0x22f/0xb70
[  940.309844][T14426]  ? __pfx_handle_ept_violation+0x10/0x10
[  940.315598][T14426]  vmx_handle_exit+0x1090/0x18a0
[  940.320756][T14426]  ? vcpu_run+0x361c/0x6f70
[  940.325318][T14426]  vcpu_run+0x432e/0x6f70
[  940.330685][T14426]  ? vcpu_run+0x361c/0x6f70
[  940.335310][T14426]  ? __pfx_vcpu_run+0x10/0x10
[  940.340604][T14426]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  940.346384][T14426]  ? rcu_is_watching+0x15/0xb0
[  940.351475][T14426]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  940.357039][T14426]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  940.362906][T14426]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  940.368958][T14426]  ? rcu_is_watching+0x15/0xb0
[  940.373740][T14426]  ? look_up_lock_class+0x74/0x170
[  940.379075][T14426]  ? register_lock_class+0x51/0x320
[  940.384305][T14426]  ? __lock_acquire+0xab9/0xd20
[  940.389218][T14426]  kvm_vcpu_ioctl+0x95c/0xe90
[  940.393920][T14426]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  940.399168][T14426]  ? __lock_acquire+0xab9/0xd20
[  940.404023][T14426]  ? __asan_memset+0x22/0x50
[  940.408927][T14426]  ? smack_file_ioctl+0x302/0x340
[  940.413994][T14426]  ? __pfx_smack_file_ioctl+0x10/0x10
[  940.419424][T14426]  ? __fget_files+0x2a/0x420
[  940.424023][T14426]  ? __fget_files+0x3a0/0x420
[  940.428784][T14426]  ? __fget_files+0x2a/0x420
[  940.434212][T14426]  ? bpf_lsm_file_ioctl+0x9/0x20
[  940.439807][T14426]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  940.445024][T14426]  __se_sys_ioctl+0xfc/0x170
[  940.449683][T14426]  do_syscall_64+0xfa/0x3b0
[  940.454214][T14426]  ? lockdep_hardirqs_on+0x9c/0x150
[  940.459455][T14426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  940.465539][T14426]  ? clear_bhb_loop+0x60/0xb0
[  940.470477][T14426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  940.476377][T14426] RIP: 0033:0x7f667ab8e929
[  940.480860][T14426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  940.500785][T14426] RSP: 002b:00007f667badf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  940.509263][T14426] RAX: ffffffffffffffda RBX: 00007f667adb5fa0 RCX: 00007f667ab8e929
[  940.517257][T14426] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  940.525293][T14426] RBP: 00007f667ac10b39 R08: 0000000000000000 R09: 0000000000000000
[  940.533573][T14426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  940.542236][T14426] R13: 0000000000000000 R14: 00007f667adb5fa0 R15: 00007ffe1709cb18
[  940.550615][T14426]  </TASK>
[  940.553661][T14426] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  940.560937][T14426] CPU: 0 UID: 0 PID: 14426 Comm: syz.6.2135 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  940.573000][T14426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  940.583057][T14426] Call Trace:
[  940.586346][T14426]  <TASK>
[  940.589291][T14426]  dump_stack_lvl+0x99/0x250
[  940.593885][T14426]  ? __asan_memcpy+0x40/0x70
[  940.598475][T14426]  ? __pfx_dump_stack_lvl+0x10/0x10
[  940.603696][T14426]  ? __pfx__printk+0x10/0x10
[  940.608330][T14426]  panic+0x2db/0x790
[  940.612243][T14426]  ? __pfx_panic+0x10/0x10
[  940.616691][T14426]  __warn+0x31b/0x4b0
[  940.620679][T14426]  ? folio_memcg+0x1a8/0x310
[  940.625281][T14426]  ? folio_memcg+0x1a8/0x310
[  940.629878][T14426]  report_bug+0x2be/0x4f0
[  940.634215][T14426]  ? folio_memcg+0x1a8/0x310
[  940.638815][T14426]  ? folio_memcg+0x1a8/0x310
[  940.643422][T14426]  ? folio_memcg+0x1aa/0x310
[  940.648016][T14426]  handle_bug+0x84/0x160
[  940.652269][T14426]  exc_invalid_op+0x1a/0x50
[  940.656772][T14426]  asm_exc_invalid_op+0x1a/0x20
[  940.661732][T14426] RIP: 0010:folio_memcg+0x1a8/0x310
[  940.666936][T14426] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 0f 56 65 09 cc e8 f9 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  940.686559][T14426] RSP: 0018:ffffc9000cb47250 EFLAGS: 00010287
[  940.692815][T14426] RAX: ffffffff8205bd57 RBX: 0000000000000000 RCX: 0000000000080000
[  940.700792][T14426] RDX: ffffc900046da000 RSI: 000000000000b81a RDI: 000000000000b81b
[  940.708769][T14426] RBP: 0000000000000000 R08: ffffea0000c7a687 R09: 1ffffd400018f4d0
[  940.716748][T14426] R10: dffffc0000000000 R11: fffff9400018f4d1 R12: ffffea0000c7a6b0
[  940.724719][T14426] R13: dffffc0000000000 R14: ffff88805a263d00 R15: 0000000000000002
[  940.732695][T14426]  ? folio_memcg+0x1a7/0x310
[  940.737301][T14426]  workingset_activation+0x5f/0x4a0
[  940.742509][T14426]  ? folio_mark_accessed+0x2b1/0x4a0
[  940.747812][T14426]  folio_mark_accessed+0x3b5/0x4a0
[  940.752934][T14426]  kvm_release_page_dirty+0xa2/0xf0
[  940.758143][T14426]  kvm_tdp_page_fault+0x2dd/0x370
[  940.763186][T14426]  kvm_mmu_do_page_fault+0x2c5/0x640
[  940.768507][T14426]  ? vmx_vcpu_run+0xd8b/0x25d0
[  940.773283][T14426]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  940.779104][T14426]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  940.784651][T14426]  ? __pfx_current_save_fsgs+0x10/0x10
[  940.790120][T14426]  kvm_mmu_page_fault+0x22f/0xb70
[  940.795156][T14426]  ? __pfx_handle_ept_violation+0x10/0x10
[  940.800883][T14426]  vmx_handle_exit+0x1090/0x18a0
[  940.805825][T14426]  ? vcpu_run+0x361c/0x6f70
[  940.810350][T14426]  vcpu_run+0x432e/0x6f70
[  940.814701][T14426]  ? vcpu_run+0x361c/0x6f70
[  940.819247][T14426]  ? __pfx_vcpu_run+0x10/0x10
[  940.823929][T14426]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  940.829687][T14426]  ? rcu_is_watching+0x15/0xb0
[  940.834468][T14426]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  940.840037][T14426]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  940.845772][T14426]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  940.851772][T14426]  ? rcu_is_watching+0x15/0xb0
[  940.856534][T14426]  ? look_up_lock_class+0x74/0x170
[  940.861658][T14426]  ? register_lock_class+0x51/0x320
[  940.866858][T14426]  ? __lock_acquire+0xab9/0xd20
[  940.871728][T14426]  kvm_vcpu_ioctl+0x95c/0xe90
[  940.876433][T14426]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  940.881655][T14426]  ? __lock_acquire+0xab9/0xd20
[  940.886506][T14426]  ? __asan_memset+0x22/0x50
[  940.891102][T14426]  ? smack_file_ioctl+0x302/0x340
[  940.896135][T14426]  ? __pfx_smack_file_ioctl+0x10/0x10
[  940.901530][T14426]  ? __fget_files+0x2a/0x420
[  940.906300][T14426]  ? __fget_files+0x3a0/0x420
[  940.910987][T14426]  ? __fget_files+0x2a/0x420
[  940.915583][T14426]  ? bpf_lsm_file_ioctl+0x9/0x20
[  940.920528][T14426]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  940.925733][T14426]  __se_sys_ioctl+0xfc/0x170
[  940.930342][T14426]  do_syscall_64+0xfa/0x3b0
[  940.934849][T14426]  ? lockdep_hardirqs_on+0x9c/0x150
[  940.940078][T14426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  940.946155][T14426]  ? clear_bhb_loop+0x60/0xb0
[  940.950850][T14426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  940.956768][T14426] RIP: 0033:0x7f667ab8e929
[  940.961193][T14426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  940.980806][T14426] RSP: 002b:00007f667badf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  940.989237][T14426] RAX: ffffffffffffffda RBX: 00007f667adb5fa0 RCX: 00007f667ab8e929
[  940.997216][T14426] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  941.005197][T14426] RBP: 00007f667ac10b39 R08: 0000000000000000 R09: 0000000000000000
[  941.013185][T14426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  941.021166][T14426] R13: 0000000000000000 R14: 00007f667adb5fa0 R15: 00007ffe1709cb18
[  941.029162][T14426]  </TASK>
[  941.032523][T14426] Kernel Offset: disabled
[  941.036851][T14426] Rebooting in 86400 seconds..