last executing test programs:

2m34.628391996s ago: executing program 4 (id=93):
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x4d, 0x42, 0xd8, 0x20, 0x1ba6, 0x1, 0x4988, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x77, 0xe4, 0xf9}}]}}]}}, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000001380)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r6, 0x7b2, &(0x7f0000000000)={0x0, 0x2})
bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r5, &(0x7f0000000640)='\x00', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
shutdown(r5, 0x1)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x4b4a, 0xffffffffffffff15)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)

2m31.207083071s ago: executing program 4 (id=106):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10)
r1 = socket(0x1e, 0x4, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)}], 0x1}}], 0x1, 0x9200000000000000)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvmmsg$unix(r0, &(0x7f0000002d40)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000002c0)=""/228, 0xe4}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
semctl$IPC_RMID(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = semget$private(0x0, 0x6, 0x0)
semtimedop(r2, &(0x7f00000003c0)=[{0x0, 0x1}, {0x2, 0x4, 0x1800}], 0x2, 0x0)
semop(r2, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2)
semop(r2, &(0x7f0000001240)=[{}, {0x0, 0x0, 0x2000}], 0x2)
semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000240))
semctl$GETZCNT(r2, 0x4, 0xf, 0x0)

2m30.216354817s ago: executing program 4 (id=110):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_ivalue=0x8})
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))

2m29.726957275s ago: executing program 4 (id=111):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2689064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

2m29.188525303s ago: executing program 4 (id=113):
io_uring_setup(0x4332, &(0x7f0000000780)={0x0, 0x986d, 0x1000, 0xfffffff8, 0x100002})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec00004000f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e", 0x4f}], 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r3, 0xc0384707, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0x0, "3eccd8f9d20000000000001000000200000500"})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4)
syz_emit_ethernet(0x32, &(0x7f0000000880)=ANY=[], 0x0)
r4 = socket$inet(0x2, 0x2, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="020200020f0000000000000000000000020001000000000000c85300000000a00800120003000200b56b6e000100000006006c04000000000000000000e02522d60100000000000000000000040000000a01010000000000000000152000000003000500ff007dbe1e2796a0e9d600000000000000"], 0x78}, 0x1, 0x7}, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x23, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x8005, 0x480)
pselect6(0x40, &(0x7f0000000300)={0x0, 0x4000000000000000, 0x0, 0x100, 0x0, 0x10, 0xfffc}, &(0x7f0000000580)={0x7ff, 0x0, 0x7, 0x2, 0x0, 0x0, 0x400, 0x3}, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)

2m26.853190361s ago: executing program 4 (id=114):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f00000001c0)=0x1)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000)=0xffb)
fcntl$setstatus(r3, 0x4, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000080)={'syz0\x00', {0x0, 0x2}, 0x35, [0x4346, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x1, 0xfffffffe, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10000000, 0xfffffff9, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xfff, 0xfffffffc, 0xffffffff, 0x401, 0x5, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x851, 0x0, 0x2, 0x3, 0x0, 0x0, 0x800], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001, 0xa0000000, 0x0, 0x80000001, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x2, 0x5, 0x4, 0x2, 0x7, 0xd5c2], [0x200, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x80000000, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x80000000, 0xc, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x100, 0x0, 0x7, 0x0, 0x0, 0x5, 0x0, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5], [0x0, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, 0x51d, 0x4, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0x10000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x9, 0x4]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$UI_SET_PROPBIT(r5, 0x4004556e, 0x13)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00'}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
getsockopt$inet6_tcp_int(r6, 0x6, 0x24, &(0x7f0000000c00), &(0x7f0000002000)=0x2)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)

2m11.731655567s ago: executing program 32 (id=114):
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f00000001c0)=0x1)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000)=0xffb)
fcntl$setstatus(r3, 0x4, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r4 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$uinput_user_dev(r5, &(0x7f0000000080)={'syz0\x00', {0x0, 0x2}, 0x35, [0x4346, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x3, 0x0, 0x0, 0x1, 0xfffffffe, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10000000, 0xfffffff9, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xfff, 0xfffffffc, 0xffffffff, 0x401, 0x5, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x851, 0x0, 0x2, 0x3, 0x0, 0x0, 0x800], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10001, 0xa0000000, 0x0, 0x80000001, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xe9, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x2, 0x5, 0x4, 0x2, 0x7, 0xd5c2], [0x200, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x80000000, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x80000000, 0xc, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x100, 0x0, 0x7, 0x0, 0x0, 0x5, 0x0, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5], [0x0, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, 0x51d, 0x4, 0x0, 0x3, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0x10000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x9, 0x4]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$UI_SET_PROPBIT(r5, 0x4004556e, 0x13)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4, 0x3032, 0xffffffffffffffff, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00'}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
getsockopt$inet6_tcp_int(r6, 0x6, 0x24, &(0x7f0000000c00), &(0x7f0000002000)=0x2)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00'})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)

1m43.508723194s ago: executing program 1 (id=244):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x90a2, 0x2, &(0x7f0000006680))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r2, &(0x7f0000000040)="363c8f3fca5d66571e583e7c88a8", 0xe, 0x0, &(0x7f0000000200)={0x11, 0x8100, r1, 0x1, 0x0, 0x6, @remote}, 0x14)

1m43.256637658s ago: executing program 1 (id=247):
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = epoll_create(0x10000e9)
r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r4 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000080)={0x30000009})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = dup(r1)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd74)
socket(0x10, 0x803, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x3)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)

1m40.908603916s ago: executing program 1 (id=255):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)=0x9)

1m40.67258468s ago: executing program 1 (id=257):
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, 0x0, 0x4000000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

1m40.516582702s ago: executing program 1 (id=259):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'vcan0\x00'})
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0xe, &(0x7f0000000280)={@initdev}, &(0x7f0000000380)=0x14)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000500), 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
socket(0x10, 0x80002, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r2 = msgget$private(0x0, 0x444)
msgsnd(r2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
socket$rxrpc(0x21, 0x2, 0x2)
syz_io_uring_setup(0x6d8a, &(0x7f0000000400)={0x0, 0x37b4, 0x200, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3})
r8 = socket(0x10, 0x3, 0x0)
write(r8, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000050009000d000000", 0x24)

1m39.960628331s ago: executing program 1 (id=262):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
epoll_create1(0x0)
socket(0x840000000002, 0x3, 0xfa)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
socket(0x10, 0x3, 0x0)
r0 = syz_io_uring_setup(0x42e6, &(0x7f0000000080)={0x0, 0x10005eda, 0x10000, 0x3}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_REMOVE={0x7, 0xc, 0x0, 0x0, 0x0, 0x23456})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x7330, 0x0, 0x0, 0x0, 0x0)

1m38.879579449s ago: executing program 33 (id=262):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
epoll_create1(0x0)
socket(0x840000000002, 0x3, 0xfa)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
socket(0x10, 0x3, 0x0)
r0 = syz_io_uring_setup(0x42e6, &(0x7f0000000080)={0x0, 0x10005eda, 0x10000, 0x3}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_REMOVE={0x7, 0xc, 0x0, 0x0, 0x0, 0x23456})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x7330, 0x0, 0x0, 0x0, 0x0)

7.041962406s ago: executing program 5 (id=550):
socket$alg(0x26, 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)

6.464728655s ago: executing program 3 (id=551):
pipe(&(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000001640)="0ae1b3e87bfd5dfe1a61c82e56234ce023ca7ded19d823c1001112217a2317bae1af0bb4a6f78f68a68938b336701b6e1194cf0c851954592094c60edae451296daa5c68d57140222ff0324b0478dc4a42cd090534f901fa06aca3da3c9948c7d7e880d3706ab51a44ee52c898b53592b054ae39b3a2bd13a4ec93824c2600d9e84fcc16b9c106335e32f1c59bcefb3ee427183968950658e37c0cf70af9b3924045270ef159bcc8aff59102576aa3f9cdb1319cadb25182e2ee2efa7e509b56017ce835596eeb3e22e9f508588b324681ad5976fb20bf014af30c3d120bb5ad0a8a30a9f23778ad13b4318cb18e273d61e0f98f3dd3adb340c6b317496ac294f5501eb32b3d747e9866fa0a103ed7ed6dc6bb70759d372693868761b1c35958beb4712ca5b2a4cb49813213a8b53b0a27573e4468f7ea0dd5983136be26ab08017fcce0d98ca5c78b49d11f397e65532f860b14a9e69c80a67b7be240090a91c254f6b26c620745ddc377940eea9fd24ee514b3a8ecdf9563dccd4992d7b732e441b078040d163de5cf955ad948c5bc026a84337b6a943a63df3dc09b728f8a47d7f6fb01c9c72eee37f97bb040396bdc0e2bade4d28c40d97479e222927cf330e42db4c8441a7f73499e310f9b6503a30f11053d5e1e3a94148b1bb08d49d4daae5b9cf16ed623692af28572458d069addf42c55ae9fc9da4f0322b76e4663465f55917e072e3040009791a2508fea2f0699ffa424af0b671b451631514b053bbcf6b737b7474eedd03d2c4a50f1ff4920a8d4aafe6a2139d81331efc00b85f6c701579a37dc6e01dab658df500b8e9bcca316c013857839b1245092202b7034e36e861207e5b7e26faad1068dea2d5b3f410f8b90240757f0e5f2b826a581825a99baaa3754851f9c8f04baad46c8c6b44e3592586636d2abde6f3f2a7233675ed35aa4bb8dc32b952a413877bdd25750dc2bf403c4cdda92123514f80810545ce19b179aecd02e2c3d129758252d48de1de1568558bf6c06cbea580f754d527026cbc643917c6c86da27e9accc2efcf2e8c331f8c7baa07521fc7e26d7cd4cc2ece68611774ebf6b515a8d5a67141478fc0344d089101e6ffb15e23ea79067183cf26d8f62d2f45c239ea16498cdb39433f1d8f6b99241f90d4f3800fdfc8979c99b0b23ab7dd66a65c5c017fe6d65f0573e2b48eb1c34b5f100c3a1e401dfb97fce5434911edf34bb358e6a0d9836ef53e3234a2e783d6ad15b955fe5a8e2cd6ce7c1305b6d8989048da8f331ccd8c19f02b19445291e50d34e2a65b64848929427c23820f280a4cb17eea57da1b972737c41413c343fa6786a4a420980264d03498dfb48a19152272120b4cb57f6680f8988f63050adfc76cfe94e8b0a6ff85722ee6cc33e8e0161a4331ecc77b8d6a3a2365b7ef55ba946759a79361306f2ede98df926b6f199f0d23cb891b4dc786fd1b8125150c3384e74ed0a4d98f8422cc4485e50fd5abda10bb048414ba0791d79508ccaf6e78078d42ceb39727c0e302560af1a22bc337e8095c60797d97ea61e4aaaed85ccd98d1c33077a45cdbb81d54659792c1dcb469450528c140878b923f30440f839254bec87da7048552ca78a9b6b981b497b961bab865e2fc88ba117e52c5294469cbbf34eb3792794d91839398e024604d5a8b29e36f35114eba9543b47b159a3a4f45d381915b18528f9858426f81fa3ea787ef7357064c0685d8edab103a0927744e048c5354db19022bac1dc7c4fec3c00307d2f1751bebd2ee97b55a396ea6d71a1cfa65133d68b31485dc31ea98b85ea7eed584b8e64e21ee2ed51c7014904cf05cb44c9e510bd13866ca4e37f7d004ae6cd123795761624824aa01dbc0325a8f91b269693bbc744e4bde208367cc1a86280f819356464d2621d2869ba98de2ffda66d94545ac6652c2fc1f9acf11e331b779b1b8fbdc9bec6a5d06a989b19e029d2f7e2f32c446b27b355d635555dc3ec501fa723dd881e808154fdd91457cbcf1ca982e8a89226ac3b90a928ffac617c0a4c21de17eb18438225aa37fbf5d56b548337d30b94b9fd89cc66908e5eda83c845b24ca1d80c1ccfb29f368974450edddddd52322c4f1fbf351f8c299605ecd479910d0e5092d44f06069b9fbf8b2b9533775fe453e5f0229b48233ab5845f464d470ba64a0873899af75e5003f035c0f6d872db672cabde36f359537026efb9969bbf4d20469c7d9cf4907cf3d03434581ca78dcd3812ef0edfacbe65cadc17e89e4e6a5e697a3f3bd763e0c23742dbb70c1f28524e5f5c44de5b5489b06cb5382170ccc9971d3f8111bce43f932025c43314d1e98d0625f5cdc4553c2491711342826c4abdbcb37d4cbdb6ce31efd78a9124320dad7f2f9c77ba0d92d7609523405c674eb07057281675018cc895838591ee9999c15e9dfc51c802428a25bee0983f4bc4b8ac01cac49fb5d94b615d388e07784963a78868cde9b12090f1943b0ca6ddd344354b11ca6629e58953a04da126e7278acc63514c0a7048722a6189858c4a8ea72038d3f5ebc82f13bc795bfecc339fcf8c9982b99a48c881e86a315b98da39f6065de2d685d098516eb4efe44c5070db0879faece1cd7c234e634caadb64bbb7b36892a4c91930069a82691b75da9ba6c73e5ee462e9cb41249a2745700246353cb02346285f238f7bb07f1d322ee05003c222018fbd2f2560335d5aaa2bf56cd8a742b2d1eafd3640b807a6fd49b12f7b9ebbb4c97f5e31b2e8f1bff6890570cba798570f993d907ecd2a779b22cc7be03150d4089435a740319f144fb75860672f0894ece1e36b5c1da0d4c583b7eb6b02d8ff1afc79c69c80055c6b9097c9e5fc8642e1407cefac9a1723b53804807fc6f439c9128b6194a0c12cb911ff6b0cf10e88470045b4c7ad985c9020048b31ed9e63834aa2b2db022ca8a0a53fbb9f3e39b8420f8ed65fc548848dc52a58b53c7d6fff1bd68525e846fcf29de2452a0e7f968ca158a8b982dbab8f2e4aacd94eb0b6df7f9e904ce7ca74c1bfe20e306135bd3566d900011b739921d72ff21472a37d9998861248124c3e6b53757ccea0b6b37d828e635ab95004e87863085be686ef7136b5d94e285656105cb32c6eb7761f948cb6a10d69f411e749d864cc0f86f3ab984aa946b6ef9a4364bae9ba61430db9482756cd0465b3e538455e855dfccce9290675dd705f23410f41739fe94f95b5e82d699e26112a8e793d16f88273404f7417dd85cfdb748b03e974d7a8dc6a3b56db21e41932afc652d35e090842d68b8a8a6b72a846d8a855d9b18dfbb23e195d95031014913320e908e744080c226a639f7f6b9ad2ee6161095fa4c706e399e5a4292673896ce31a27aea87c5a8a06d4138209430768f61dd66be4ac439b7e0f925b0aa8e696a7618f6ea8b31bd006fde7c26b33760b745ace3650f748294d32eaf4c737f6998fdc2e7df5c98d9880faa5dcc7a7642b69a32f1770ee8b5009a23c4f5bb744cc30ac", 0x9c1}, {&(0x7f0000000380)='4\t V', 0x4}, {&(0x7f0000000040)="045ec6b8", 0x4}, {&(0x7f0000003640)="bedff1894520227536a640bb2972e5421b17af14390da2716bcd3d4c45998159d047d14ab96cb9464902efe96623c6026b0c7d41a57db13fb2ce4553a57e02c62b0d9c837f9c38327505639fc8d9f8588fb9ac9fed1a65df12188ceacbc730d7ab1b3e184b711731d4fc7566fa6a320b5e7f9488c41e45d744604d7cb83db1da1ae40c791834cd623c876c45152f38c16c729b0eff2763610f85608dcf1aae64537a870aaa3613eab37084a39be937817f4b3f11db3fe88540d4d462025ae2fa04e991e83cba19d752bd74b47a61ec94f9a5e39bc4aa3940065b62e173294a2475222e2a86764de906151f905bf8f6234523b94854358de0c3adb963a31a49f349e6578675bda18d7f821e3aea6b81dca7fe0f2db7090de0cb6bdd7eb9a55f31109e7879f544df50cc19fad6888d862e12a49bc0561aec5b09b127247f9cb3cfef31811a20fe1493e21d7bd1ae8645e1c3dce4210d430ad5b5eb25761919019c7bb4fe0e72dd19b23b01ceafc2a8c16ac4957a5f1a4aad8aa2e9c9686f4bd08a6253c527c1b73058d2cddde11f13ab5f1b1a83da79ba7650558bc6079466fed3d34bcdf2dabb00890036d360d609efdad31133cf08d559359835dfd7d724b240918744a945e5603fd80ec8a52a6c7df8a7315e460d279df43d3b8fc5d2b50625abfeb827e3e246cdac1edfee454c0210d09986564537955a6b5cbc776bcef16c53a05743de6d9ec30ca3038fa56c029434a3e8ba2aa03094ef3eb43f1c612fb68431c028b40ee4ccd905ef9cdd8cfab45d15fd3f31c993c22bdf8c38a2b9904502d34b1cb97371ef42f4164719227d976ed2444d6b62e7b4cdb8e21787365b6c8904c1b56629422fb8417cf6a64fe9fe5b1db32bc9371b154e8480784e1349440292b295df33cbd390f78c91d2308b354e3b96e0946aa572f7e3261820836021dad76cb79d0376b2eceb55b92b8ee18dbe8d8c7febba0c409b12a18c209f2806e09af6112a7e4120072d320e9bd941093011bf251008c88bbca49f258a81e3db4798dcb4ab767bda89da7baa81a5f50b767297470cb84e474356520dabaf09f4b1568a58a3308c592248caefff5861a34f71b793b13383c6f3df98e00606ea8867077ec68b24754477825163f22ea108f5285c67cd84d2ed4eeb273be762c528b06fd68b3f83b57fb39ad74a70e73199dcd569bb1ca0514653349cfc58b9626316c7b89cd4e11f89414c3a015271a1dd483003d0e21d33500f84ac5a7460f548306cbb2ca4bf7cfa661a9d7a4fd6a1cf7215374e55364eb82f9aa8b4b652cc3e043e6d18fab569b906d900a2e9ce0aa6039db351d9ab468188a2d67b3044a7e22939418a8d5d9826f3d6146f3ce347ea71a52f707144c9eeaaa916fc760a2511939365854cd1c0f9e38f717d07a9948e3a63b2608f2530f12bdf6641b1160bf3de4abe6539e7744ed0448c266e82b8f8ce8568bd28ac06e68fbb7eaac6d67d14e3e0f9fc3cf618e306cbed6086307368800e39dc0d994c1338b5bee128c5e3a72ea127158eb16718bafb0907292cafc73980085ce185bb4bd91ef694c2dcb623052f75c0fffa0ef00a5fd7a08cfd2565f84a6ba057fe814f1d318aee416ed3d094cc62c3f8962b181ce9899bf651eceffc8e81b86bd58810bc91fa29b3f190311574e8826a0ea9c0a7728ebffccf754a11498bd87ae26a3671e9f187d8453b93aac552197b1bdbffc204987cca194302ffdd640bc2a973e6ab734f638386274a7c233a0fa43c185ae6373be92c0240734d2a73faf0f244b8dc0aa7920067cb6e65a71b506305d71ddc819892d093a3c9816acaa92046280f6172d0acc596889993c596923c69cc0d13c1c9198408dfad25a30609050481d488a5f177e1690cba005dc3e4528874d5eeb46040861ed05a1ac5e934ceddf8aa6f0d09b5b63221611ec3d9ac8c6edfdd93a40df5ec237f0594bcc227f382c101cfa240dea676858c6c7610f6c5cc43f9d26f947d1de277c8f9f1342f47ca847a03432470febb7a9c5ed219c13b21543baa94dc6a11e58a6c077e300523bc55fdf4446fe7785f328b12c9e660ba996bac83abea43f9792384c3ad953536ae6beb836e5e0cddbf61736fbb0909ca3ea3d90149ee9f3a25569a5fb4719045f3f448f48eebf13bf94044b1ba426daf59ab4a92ddad91610b0ecf0c18f9f4fba9865fbfb3fcc8d67776cd03c3f55807b86c1be676e20d900d81f93ec23507d7065876b62abd4024a91a73408b2853dac5fd6564f922f82176f7471db2bd5209827a9fb455f612569212aea5d82a221b422cc8effb3477376f2bf0e68681015892546e98114ed4cb693762e58db9ff1d0b65c7cdbc03c60f19de059ba5521d9011e07baf9150bd430089a56a2006c2e0aee33e750d4a4d9dad83b31d672ffb46f66c2e59a0289e47c708909c7c3f2f0031ac5f5dcce4fbe49ec42ad57d6a3d5e3be989dd0e9a2bb2cc4ab85125718ecc61c787d40d0a555ec9ae5e01f07475de524e606bfb73a190ca576b0f4836dc9fefb39cba834de7c0b043528e3d93bd4f19901c33836585d79c9eb8945f31740fd7a949645730c6e11a7a76aa68ceb7017a9e188e36d96693b757fe1d79d2da44f0603eadf213ea42641c689db48519451e7dda700c8c2360ede55dee38032058e09f57204de7c6a5f95b93196f824a6944528d3abfa8f90ec008beb57d18be6a259f682f622bd3dcab175d06ec97be049fe0ed6dbe34e5301bd4df625f89a4a604e6ce300fd1d7db135ba36b5354d4a0d959524c7fc30080be0fa176f614bb6a25d400d2679514c2c7cd9d4d5fa432b1c2337b029eaa8b71692b30a1e6742f09a135bbf8718cb70e2a9543a98555b95950dccbcbf87d0810d8660d311bb1b096338ef8f4476685871b365eea3f4d5a98f5eca7e1296ac646f33b561b759d4d56bbc513c81ec75efffb2162662a9568237bc22cb8c2640d85438de931b47198f6a4549f617cd5148bea51b7b28e0918cd393855cd99e34fe383a9ce22e0213473f0690fb71d9eed2e6ebcf275e82dffcadf405f0a1c15be3e1bc65f560ec78902d65f38031dcd38078fba4681eb84f0c4c39c5692eda3507cf71f58e82e3f7184020544e790b7565b2762f19220b1922721a49b2326212769eec1007c96767017cca1484e80f6fb6fabaef528f8f86d4ebf946c12213b617ef92ab32b065ec13e178900380565b9a5506fc7d6f3030440e91de44c492ecfb897d00064af4836673d8f52d815461ab6948b83746017f8a70362e7991ce6ad4c8facd2db296f4e8b45544a73c6244e650b1e11d386b2fc893f44a322634a792b49b37288d7b961caea039739c218c2d633a28fdaa62950eb4405bf9bd41e66dee25560ffe96aa90781d6f2d81b80a40027d6380bb69d704e030d9c931ca3758acd275152a75c3cd67428a4b63be3f7d8b99171c825c5c804a1eeee6fdd8361ef5e8ed7bf53c5c9e025014949a6d7e6b5995fbc0c6e47849001dc755174b317434185512a", 0x9c1}, {&(0x7f0000000200)="26f640", 0x3}], 0x5, 0x8)
ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, 0x0)

5.956620474s ago: executing program 3 (id=552):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a0000", @ANYRES32, @ANYBLOB="00000000000b000024001280c5dd79bc34de0a0b0001006272696467650000e1077b157e9fa21ad9aa09f4c749f879054624af067332adff87af896d8663a8b69642332c1e12757d9bac97cdde8dbcb75a90d51068b80600000000000000359588ac3480de0ae31b9ea87c1652acd359b32bcc725e295f56abc96f5b65f92bcecc9905388624f7dde968ee80930d9c7554a8030fcb28e809f299ff59f799fa9b0ea4024b224c4116441e4e9070a8a5931ab1b1c9e57ddf88dbf16b57"], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendto$packet(r5, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)

5.651990328s ago: executing program 6 (id=554):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@dev, 0x400, 0x0, 0xff, 0x1}, 0x20)
recvmsg(r1, &(0x7f0000001140)={&(0x7f0000000600)=@isdn, 0x80, &(0x7f00000010c0)=[{0x0}, {0x0}, {&(0x7f0000000dc0)=""/228, 0xe4}, {0x0}, {&(0x7f0000000f80)=""/154, 0x9a}, {&(0x7f0000001040)=""/68, 0x44}], 0x6, &(0x7f0000001100)=""/55, 0x37}, 0x40002100)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6], [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1], [0x2, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xdf, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3)
r3 = socket(0x10, 0x3, 0x0)
socket(0x11, 0x800000003, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

5.012355779s ago: executing program 3 (id=556):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x2000004}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=<r3=>0x0, &(0x7f0000000440))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
socket$alg(0x26, 0x5, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f0000000280))
openat$kvm(0xffffff9c, &(0x7f0000000380), 0x200100, 0x0)

4.93975272s ago: executing program 2 (id=557):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pidfd_send_signal(r2, 0x12, 0x0, 0x4)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
setsockopt$llc_int(r1, 0x10c, 0x9, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
socket$kcm(0x2, 0xa, 0x2)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
close(0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003940)=@newlink={0x64, 0x10, 0x1, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x2102, 0x22008}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x2ded000, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}}]}]}]}, 0x64}}, 0x0)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0x20ff, 0x5, 0x89, 0xd615, 0x3fb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x100}}, {0x0, 0x13}}}, 0xa0)
msgget(0x1, 0x200)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)

4.93917715s ago: executing program 0 (id=558):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x44}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x2, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x4020040)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)

4.771949443s ago: executing program 5 (id=559):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c00)=""/4092, 0xffc}, {&(0x7f0000002c40)=""/196, 0xc4}], 0x3}, 0x12}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000540)=""/226, 0xe2}, {&(0x7f00000001c0)=""/37, 0x25}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000002d40)=""/4107, 0x100b}, {&(0x7f0000000640)=""/60, 0x3c}, {&(0x7f0000000840)=""/249, 0xf9}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x10122, 0x0)

4.730859933s ago: executing program 6 (id=560):
r0 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r0, &(0x7f0000000280)='keyring\x00', &(0x7f0000000480)={'syz', 0x0}, 0xfffffffffffffffc)

4.512081597s ago: executing program 6 (id=561):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000002480), 0x20402, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

4.511358857s ago: executing program 5 (id=562):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

3.824333268s ago: executing program 0 (id=563):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x40000)
ioctl$VIDIOC_DQEVENT(r5, 0x80885659, 0x0)

3.791602798s ago: executing program 5 (id=564):
socket(0x10, 0x803, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
socket$isdn(0x22, 0x2, 0x26)
epoll_create1(0x0)
epoll_create1(0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x6811}, 0x2400c810)

3.69025311s ago: executing program 2 (id=565):
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x98}, 0x1, 0x0, 0xfffffffffffffff5, 0x4080}, 0x0)
bind$inet6(r0, 0x0, 0x0)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB='ALT'], 0xe6)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001680))
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r4 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r5 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_xfrm(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000000300)=@delsa={0x28, 0x11, 0x400, 0x70bd2d, 0x25dfdbfc, {@in=@dev={0xac, 0x14, 0x14, 0x2f}, 0x4d2, 0x2, 0x33}}, 0x28}}, 0x4004000)
r6 = dup2(r4, r4)
setsockopt$inet6_int(r6, 0x29, 0x4a, &(0x7f0000000580)=0x7ff, 0x4)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

3.543225403s ago: executing program 5 (id=566):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x202, 0x0)
write$sequencer(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="9200b00000f8fffffe01"], 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff000800034000000038580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c000380280000800800034000000002100002800c00028008000180000000000c0004400000"], 0xec}}, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000640)}}], 0x1, 0x800)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
socket$alg(0x26, 0x5, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001080)=[{{0x0, 0x0, 0x0}, 0xffff}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000640)=""/85, 0x55}], 0x1}, 0x4}], 0x2, 0x10022, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x0)
r4 = dup(r3)
r5 = open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x0)
sendfile(r4, r5, 0x0, 0x8000fffffffe)
memfd_secret(0x80000)
socket$inet6(0xa, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18)
r6 = add_key$user(&(0x7f00000003c0), &(0x7f00000001c0), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r6, r6, r6}, 0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={'poly1305-simd\x00'}})

2.957690032s ago: executing program 3 (id=567):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000004580)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r4}, 0x10)
mount_setattr(0xffffffffffffff9c, 0x0, 0x8900, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xb6c2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r5}, 0x18)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x62060200)

2.708706176s ago: executing program 0 (id=568):
socket$nl_route(0x10, 0x3, 0x0)
r0 = io_uring_setup(0x192, &(0x7f0000000300)={0x0, 0x4178, 0x400, 0x8000002, 0x3d7})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
gettid()
close_range(r0, 0xffffffffffffffff, 0x0)

2.700836796s ago: executing program 2 (id=569):
socket$alg(0x26, 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)

1.781609631s ago: executing program 3 (id=570):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000b00)=@ccm_128={{0x303}, "0000090800000003", "73b59657269ef929ee540a8a0a86c5d0", "6362dfd5", "21be0dd9f7f3c312"}, 0x28)
sendfile(r0, r1, &(0x7f0000000100)=0x10, 0x10001)

1.656889293s ago: executing program 0 (id=571):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@dev, 0x400, 0x0, 0xff, 0x1}, 0x20)
recvmsg(r1, &(0x7f0000001140)={&(0x7f0000000600)=@isdn, 0x80, &(0x7f00000010c0)=[{0x0}, {0x0}, {&(0x7f0000000dc0)=""/228, 0xe4}, {0x0}, {&(0x7f0000000f80)=""/154, 0x9a}, {&(0x7f0000001040)=""/68, 0x44}], 0x6, &(0x7f0000001100)=""/55, 0x37}, 0x40002100)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6], [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1], [0x2, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xdf, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3)
r3 = socket(0x10, 0x3, 0x0)
socket(0x11, 0x800000003, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

1.656354053s ago: executing program 6 (id=572):
r0 = syz_open_dev$vbi(&(0x7f0000000480), 0x1, 0x2)
ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000180)={0x5, @raw_data="7522fbc86913710c31732be27b1f9a394a7b0e46a7e36037fdd6b51d4cf02af7b1216a5ed9d6204c246c038b5992014265cd273a44610c4a337dd7fb456a227aa14a023c7614b5652f78e68ace107ffed12fd448f0499cc3bb6926caae1ef4b09d74ecf3156feb931dd7a9ac14c38869cfc01150e4bcef4c184b28db65b15d3c51d3cecdcc421ab85665bc5f5d3c1c13b291442e6469439797004f54c802029749c27e0783a92db02c5a3169a64236567afc4d4f0974d480e7049c6586752883cf8800"})

1.472682286s ago: executing program 6 (id=573):
socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r0 = epoll_create(0x10000e9)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000080)={0x30000009})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd74)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)

901.826135ms ago: executing program 3 (id=574):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x2, 0xb2, &(0x7f0000000040)=ANY=[], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

729.414318ms ago: executing program 0 (id=575):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xc)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

609.87925ms ago: executing program 6 (id=576):
unshare(0x6a040000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x2c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x3, 0xf, &(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000086000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000d6580000850000009b0000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x8, &(0x7f0000000000)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000140)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="a314472a3ebf07662bb26a717f3b", 0x0, 0x2002, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
symlink(0x0, &(0x7f00000059c0)='./file0\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet6_dccp(0xa, 0x6, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x1}, 0x1c)
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

551.438171ms ago: executing program 2 (id=577):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
sendto$inet6(r0, &(0x7f0000000380)="13884884f0f7", 0x6, 0x4000000, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
r2 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r2, &(0x7f0000000440)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@newtfilter={0x8c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x1c, 0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x200, 0x7, 0x3}}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10000}, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000300)={@remote, @initdev}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'sit0\x00', 0x0})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000006c0)={0x0}, 0x1, 0x0, 0x0, 0x4000801}, 0x8000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff78, 0x0, 0x0}, &(0x7f0000000340)=0x40)

495.928222ms ago: executing program 5 (id=578):
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0x80000000}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000340)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e22, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}, 0xdc}}, 0x3, 0x0, 0x825e, 0x0, 0x22, 0x1, 0xff}, 0x9c)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000300)=""/16, 0x10, 0xfff9, 0x0, 0x203}}, 0x11c)

274.547325ms ago: executing program 0 (id=579):
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x98}, 0x1, 0x0, 0xfffffffffffffff5, 0x4080}, 0x0)
bind$inet6(r0, 0x0, 0x0)
write$proc_mixer(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB='ALT'], 0xe6)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001680))
r3 = eventfd2(0x1, 0x1)
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0)={0x0, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000000)={0x0, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r2, 0x4008af60, &(0x7f0000000140)={@my=0x1})
r4 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r5 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_xfrm(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000000300)=@delsa={0x28, 0x11, 0x400, 0x70bd2d, 0x25dfdbfc, {@in=@dev={0xac, 0x14, 0x14, 0x2f}, 0x4d2, 0x2, 0x33}}, 0x28}}, 0x4004000)
dup2(r4, r4)
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

220.731986ms ago: executing program 2 (id=580):
syz_emit_ethernet(0x56, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@canfd={0xd, {{0x0, 0x1, 0x1}, 0x23, 0x0, 0x0, 0x0, "2ea5d4b374266cfc2314fa991f1cbb6a4a4ef2905d6f83545198a443e397b0fe217fbc71636fc78107d3c159353b1aebdab224269287398ba8248c30df5dae5c"}}}}, 0x0)

0s ago: executing program 2 (id=581):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r1 = accept(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 mode
[   62.464361][ T4165] device veth0_vlan entered promiscuous mode
[   62.475774][ T4169] device veth0_vlan entered promiscuous mode
[   62.483488][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   62.493513][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   62.502254][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   62.530398][ T4169] device veth1_vlan entered promiscuous mode
[   62.556533][ T4165] device veth1_vlan entered promiscuous mode
[   62.566679][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   62.583630][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   62.596715][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   62.607773][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   62.620013][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.648123][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.656847][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   62.665383][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   62.676450][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.685831][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.694849][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.706577][ T4178] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.724417][ T4178] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.734045][ T4178] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.743847][ T4178] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.753308][ T4178] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.767479][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   62.776997][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.804111][ T4176] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.830694][ T4169] device veth0_macvtap entered promiscuous mode
[   62.837880][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.848158][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.856240][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.864518][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   62.873784][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.884484][ T4165] device veth0_macvtap entered promiscuous mode
[   62.902830][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.912126][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   62.921798][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   62.932210][ T4169] device veth1_macvtap entered promiscuous mode
[   62.957219][ T4165] device veth1_macvtap entered promiscuous mode
[   62.997192][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   63.016224][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   63.037444][ T4171] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.101757][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.107821][ T1282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.123030][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.126994][ T1282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.148143][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.171707][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.182701][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.193395][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.204223][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.215968][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.238453][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   63.246675][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   63.255939][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   63.265128][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   63.275193][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   63.284625][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   63.293761][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   63.306963][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.318170][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.331487][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.341555][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.352898][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.362875][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.374069][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.386746][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.410925][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   63.420934][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   63.431338][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   63.440212][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   63.448811][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   63.458437][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   63.489877][ T4223] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.495934][ T4169] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.498033][ T4223] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.516373][ T4169] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.526055][ T4169] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.535067][ T4169] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.546506][ T4165] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.556300][ T4165] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.565274][ T4165] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.574327][ T4165] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.596825][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   63.622555][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   63.632255][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   63.669196][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   63.680735][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   63.688650][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   63.698658][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   63.709909][ T4212] Bluetooth: hci0: command 0x040f tx timeout
[   63.716394][ T4171] device veth0_vlan entered promiscuous mode
[   63.719750][ T4212] Bluetooth: hci2: command 0x040f tx timeout
[   63.729911][ T4212] Bluetooth: hci1: command 0x040f tx timeout
[   63.732597][ T4176] device veth0_vlan entered promiscuous mode
[   63.752516][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   63.769863][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   63.785054][ T4171] device veth1_vlan entered promiscuous mode
[   63.793162][    T7] Bluetooth: hci4: command 0x040f tx timeout
[   63.800373][    T7] Bluetooth: hci3: command 0x040f tx timeout
[   63.812806][ T4176] device veth1_vlan entered promiscuous mode
[   63.899087][ T4243] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'.
[   63.956670][ T4176] device veth0_macvtap entered promiscuous mode
[   63.980999][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.989077][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.007231][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   64.015995][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   64.024687][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   64.035558][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   64.045181][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   64.054249][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   64.063489][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.073685][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   64.092507][ T4245] netlink: 'syz.1.6': attribute type 1 has an invalid length.
[   64.104068][ T4176] device veth1_macvtap entered promiscuous mode
[   64.114499][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.122852][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.155487][ T4245] =======================================================
[   64.155487][ T4245] WARNING: The mand mount option has been deprecated and
[   64.155487][ T4245]          and is ignored by this kernel. Remove the mand
[   64.155487][ T4245]          option from the mount to silence this warning.
[   64.155487][ T4245] =======================================================
[   64.217095][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   64.225470][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   64.235086][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   64.248760][ T4171] device veth0_macvtap entered promiscuous mode
[   64.293703][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.296633][ T4171] device veth1_macvtap entered promiscuous mode
[   64.307438][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.331040][ T1174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.332698][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.339025][ T1174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.354359][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.367379][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.378516][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.397871][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.408406][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.418217][ T4248] ubi31: attaching mtd0
[   64.422320][ T4248] ubi31: scanning is finished
[   64.431177][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.439274][ T4248] ubi31: empty MTD device detected
[   64.442226][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   64.453715][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   64.468833][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.478477][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.492797][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   64.505319][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   64.518017][ T4248] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[   64.544466][ T4248] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   64.550954][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.575505][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.592918][ T4248] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[   64.602538][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.606720][ T4248] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[   64.614299][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.628199][ T4248] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   64.633326][ T4176] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.638780][ T4248] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[   64.656925][ T4248] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3604074289
[   64.667890][ T4248] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   64.696149][ T4250] ubi31: background thread "ubi_bgt31d" started, PID 4250
[   64.719370][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.728288][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.737200][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.746247][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.755168][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.764109][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.773018][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.781961][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.790863][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.799768][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   64.857645][ T4176] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.005130][ T4176] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.068079][ T4252] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   65.147229][ T4252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   65.427693][ T4176] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.474086][ T4176] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.487157][ T4176] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.501623][ T4176] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.615442][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.637649][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.790566][ T4208] Bluetooth: hci1: command 0x0419 tx timeout
[   65.795731][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.807909][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.818264][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.819599][ T4208] Bluetooth: hci2: command 0x0419 tx timeout
[   65.829268][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.845403][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   65.856489][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.861983][ T4208] Bluetooth: hci0: command 0x0419 tx timeout
[   65.877878][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_0
[   65.933307][ T4208] Bluetooth: hci3: command 0x0419 tx timeout
[   65.956723][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   65.975146][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   65.983999][ T4208] Bluetooth: hci4: command 0x0419 tx timeout
[   66.005646][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.016532][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.026867][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.038906][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.169553][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   66.197790][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.541469][ T4266] sched: RT throttling activated
[   68.389389][ T4171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.824484][ T4171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.875518][ T4171] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.914267][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.926203][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   69.026425][ T4171] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.046451][ T4171] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.055581][ T4171] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.064462][ T4171] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   69.141922][ T4271] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10'.
[   69.191352][ T4271] device bridge_slave_1 left promiscuous mode
[   69.198528][ T4271] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.301579][ T4271] device bridge_slave_0 left promiscuous mode
[   69.351565][ T4271] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.776137][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.803830][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.825330][ T4286] overlayfs: missing 'lowerdir'
[   69.841830][ T1174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.862588][ T4253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.862824][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   69.894362][ T1174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.903871][ T4253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.911659][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.927167][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   70.018318][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   70.054181][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   70.086812][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   70.709723][ T4293] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.053832][ T4305] 9pnet_virtio: no channels available for device syz
[   71.095368][ T4293] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.228169][ T4293] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.315364][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[   71.322766][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[   71.486682][ T4293] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.802310][ T4293] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.835654][ T4293] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.868354][ T4293] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.945893][ T4293] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   72.304663][ T4315] syz.0.19 uses obsolete (PF_INET,SOCK_PACKET)
[   72.485346][ T4315] overlayfs: failed to resolve './bus': -2
[   73.013930][ T4323] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[   73.020890][ T4323] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   73.143731][ T4323] vhci_hcd vhci_hcd.0: Device attached
[   73.242211][ T4327] vhci_hcd: connection closed
[   73.243664][ T4253] vhci_hcd: stop threads
[   74.137745][ T4253] vhci_hcd: release socket
[   74.164796][ T4253] vhci_hcd: disconnect device
[   75.851993][ T4338] loop4: detected capacity change from 0 to 32768
[   76.964885][ T4344] loop1: detected capacity change from 0 to 32768
[   77.058482][   T26] audit: type=1800 audit(1745384852.924:2): pid=4338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.26" name="file1" dev="loop4" ino=4 res=0 errno=0
[   77.294961][ T4344] XFS (loop1): Mounting V5 Filesystem
[   77.469272][ T4344] XFS (loop1): Ending clean mount
[   77.727204][ T4272] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x39/0xc0, xfs_bnobt block 0x8 
[   77.748414][ T4272] XFS (loop1): Unmount and run xfs_repair
[   77.769966][ T4272] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[   77.790239][ T4272] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[   77.813745][ T4272] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 40  ...............@
[   77.831955][ T4272] 00000020: ca 7e 21 01 b8 f1 48 38 8e 2d 76 37 b9 06 20 e6  .~!...H8.-v7.. .
[   77.844345][ T4344] overlayfs: './file0' not a directory
[   77.850048][   T26] audit: type=1800 audit(1745384853.704:3): pid=4361 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.28" name="file0" dev="loop1" ino=1295 res=0 errno=0
[   77.886009][ T4272] 00000030: 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 03  ................
[   77.901859][ T4272] 00000040: 00 00 02 a4 00 00 0d 5c 00 00 02 a0 00 00 0d 60  .......\.......`
[   77.914641][ T4272] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   77.926118][ T4272] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   77.987537][ T4272] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[   78.014835][ T4272] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x26e/0x370" at daddr 0x8 len 8 error 74
[   78.095774][ T4272] XFS (loop1): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1750/0x1df0 (fs/xfs/libxfs/xfs_defer.c:504).  Shutting down filesystem.
[   78.129591][ T4272] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[   78.169213][ T4178] XFS (loop1): Unmounting Filesystem
[   78.320323][ T4365] netlink: 16 bytes leftover after parsing attributes in process `syz.4.30'.
[   80.350111][ T4373] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   81.433675][ T4402] netlink: 24 bytes leftover after parsing attributes in process `syz.3.40'.
[   81.552386][ T1110] cfg80211: failed to load regulatory.db
[   81.753745][ T4404] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5
[   81.902428][ T4413] netlink: 'syz.2.45': attribute type 1 has an invalid length.
[   82.174546][ T4414] device ip6erspan0 entered promiscuous mode
[   82.207614][ T4408] loop4: detected capacity change from 0 to 4096
[   82.260184][ T4408] ntfs3: Unknown parameter 'nocase'
[   83.179586][ T4209] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   83.459439][ T4209] usb 5-1: Using ep0 maxpacket: 8
[   83.604161][ T4454] netlink: 8 bytes leftover after parsing attributes in process `syz.3.54'.
[   83.613090][ T4454] netlink: 'syz.3.54': attribute type 5 has an invalid length.
[   84.339692][ T4209] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   84.351553][ T4209] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   84.378519][ T4209] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   84.399592][ T4209] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   84.419452][ T4209] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   84.428553][ T4209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.436878][   T13] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   84.750411][   T13] usb 2-1: Using ep0 maxpacket: 8
[   84.799672][ T4209] usb 5-1: GET_CAPABILITIES returned 0
[   84.805844][ T4209] usbtmc 5-1:16.0: can't read capabilities
[   84.890452][   T13] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   84.908486][   T13] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   84.929701][   T13] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   84.973086][   T13] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   85.045332][   T13] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   85.076070][ T4210] usb 5-1: USB disconnect, device number 2
[   85.084514][   T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.489623][   T13] usb 2-1: GET_CAPABILITIES returned 0
[   85.495257][   T13] usbtmc 2-1:16.0: can't read capabilities
[   85.712964][ T4209] usb 2-1: USB disconnect, device number 2
[   86.281177][   T13] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   87.948680][ T4495] netlink: 12 bytes leftover after parsing attributes in process `syz.1.61'.
[   88.281445][   T13] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   88.320938][   T13] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   88.367964][   T13] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[   88.398068][   T13] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   88.419363][   T13] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   88.473431][ T4509] tipc: Started in network mode
[   88.532231][ T4509] tipc: Node identity 4, cluster identity 4711
[   88.538430][ T4509] tipc: Node number set to 4
[   88.600160][ T4500] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   88.600160][ T4500] The task syz.4.62 (4500) triggered the difference, watch for misbehavior.
[   89.379685][   T13] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   89.388774][   T13] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   89.541139][   T13] usb 1-1: Product: syz
[   89.573019][   T13] usb 1-1: Manufacturer: syz
[   89.651647][   T13] usb 1-1: can't set config #1, error -71
[   89.712197][   T13] usb 1-1: USB disconnect, device number 2
[   90.265743][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.295601][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.303741][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.324410][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.370008][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.386047][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.404255][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.412297][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.431691][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   90.457340][ T4539] netlink: 'syz.3.68': attribute type 3 has an invalid length.
[   91.521952][ T4552] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   91.564853][ T4552] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.610766][ T4552] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.686195][ T4552] device bridge_slave_0 left promiscuous mode
[   91.738296][ T4552] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.369445][ T4564] ksmbd: Unknown IPC event: 6, ignore.
[   93.974470][ T4552] device bridge_slave_1 left promiscuous mode
[   94.090943][ T4552] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.118076][ T4552] bond0: (slave bond_slave_0): Releasing backup interface
[   94.150284][ T4552] bond0: (slave bond_slave_1): Releasing backup interface
[   95.921224][ T4552] team0: Port device team_slave_0 removed
[   95.964166][ T4552] team0: Port device team_slave_1 removed
[   96.105516][ T4552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   96.162358][ T4552] batman_adv: batadv0: Removing interface: batadv_slave_0
[   96.292032][ T4552] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   96.300663][ T4552] batman_adv: batadv0: Removing interface: batadv_slave_1
[   96.587937][ T4552] syz.2.74 (4552) used greatest stack depth: 18744 bytes left
[   96.617751][   T26] audit: type=1326 audit(1745384872.484:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   96.739415][   T26] audit: type=1326 audit(1745384872.484:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   96.839776][   T26] audit: type=1326 audit(1745384872.494:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   96.924043][   T26] audit: type=1326 audit(1745384872.494:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   97.000260][   T26] audit: type=1326 audit(1745384872.494:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   97.021695][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[   97.121780][   T26] audit: type=1326 audit(1745384872.494:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   97.144379][   T26] audit: type=1326 audit(1745384872.494:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   97.181921][   T26] audit: type=1326 audit(1745384872.494:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   97.229058][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   97.273050][   T26] audit: type=1326 audit(1745384872.494:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   97.341976][ T4598] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   97.371264][   T26] audit: type=1326 audit(1745384872.494:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4586 comm="syz.4.82" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3054691169 code=0x7ffc0000
[   98.569816][   T13] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   98.960362][ T4639] ptrace attach of "./syz-executor exec"[4178] was attempted by "./syz-executor exec"[4639]
[   99.681172][   T13] usb 5-1: Using ep0 maxpacket: 32
[   99.911304][ T4643] netlink: 224 bytes leftover after parsing attributes in process `syz.1.99'.
[  100.174557][ T4645] device bond0 entered promiscuous mode
[  100.199688][   T13] usb 5-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88
[  100.208835][   T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.230365][ T4645] device bond_slave_0 entered promiscuous mode
[  100.271682][ T4645] device bond_slave_1 entered promiscuous mode
[  100.278994][   T13] usb 5-1: Product: syz
[  100.299772][   T13] usb 5-1: Manufacturer: syz
[  100.332685][   T13] usb 5-1: SerialNumber: syz
[  100.371045][   T13] usb 5-1: config 0 descriptor??
[  100.440200][   T13] as10x_usb: device has been detected
[  100.446194][   T13] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan)
[  100.505041][   T13] usb 5-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)...
[  100.588103][   T13] as10x_usb: error during firmware upload part1
[  100.613489][   T13] Registered device Abilis Systems DVB-Titan
[  101.089437][   T13] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  101.567925][   T21] usb 5-1: USB disconnect, device number 3
[  101.636720][   T21] Unregistered device Abilis Systems DVB-Titan
[  101.639713][   T21] as10x_usb: device has been disconnected
[  101.789907][   T13] usb 1-1: Using ep0 maxpacket: 8
[  101.919955][   T13] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  101.970537][   T13] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  102.005793][   T13] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  102.036795][   T13] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  102.079540][   T13] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  102.109168][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.389631][   T13] usb 1-1: GET_CAPABILITIES returned 0
[  102.395281][   T13] usbtmc 1-1:16.0: can't read capabilities
[  103.136913][   T13] usb 1-1: USB disconnect, device number 3
[  109.272188][ T4792] device bridge_slave_0 entered promiscuous mode
[  110.629213][ T4815] validate_nla: 44 callbacks suppressed
[  110.629231][ T4815] netlink: 'syz.0.130': attribute type 10 has an invalid length.
[  110.728230][ T4815] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.735678][ T4815] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.911169][ T4815] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.918312][ T4815] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.925811][ T4815] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.932928][ T4815] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.084797][ T4815] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  111.738977][ T4824] 8021q: adding VLAN 0 to HW filter on device bond1
[  111.908410][ T4824] bond0: (slave bond1): Enslaving as an active interface with an up link
[  112.298573][   T26] kauditd_printk_skb: 17 callbacks suppressed
[  112.298589][   T26] audit: type=1326 audit(2000000001.070:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4830 comm="syz.3.136" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x0
[  114.450032][ T4865] process 'syz.0.145' launched './file1' with NULL argv: empty string added
[  119.125057][   T26] audit: type=1326 audit(2000000007.900:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  119.253031][   T26] audit: type=1326 audit(2000000007.900:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  119.396329][   T26] audit: type=1326 audit(2000000007.920:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=81 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  119.531924][   T26] audit: type=1326 audit(2000000007.920:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  120.569886][ T4916] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  120.578701][ T4916] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  120.795033][   T26] audit: type=1326 audit(2000000007.920:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  120.838862][   T26] audit: type=1326 audit(2000000007.920:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  121.005362][   T26] audit: type=1326 audit(2000000007.920:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  121.199573][   T26] audit: type=1326 audit(2000000007.920:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35f5b34169 code=0x7ffc0000
[  121.377342][   T26] audit: type=1326 audit(2000000007.920:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35f5b33d6b code=0x7ffc0000
[  121.524444][   T26] audit: type=1326 audit(2000000007.920:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4904 comm="syz.2.154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f35f5b32ad0 code=0x7ffc0000
[  121.945216][ T4929] dccp_close: ABORT with 32 bytes unread
[  122.238824][ T4932] input: syz0 as /devices/virtual/input/input6
[  122.931207][ T4927] chnl_net:caif_netlink_parms(): no params data found
[  124.029764][ T4239] Bluetooth: hci5: command 0x0409 tx timeout
[  124.156658][ T4927] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.167409][ T4927] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.183730][ T4927] device bridge_slave_0 entered promiscuous mode
[  124.200386][ T4927] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.226831][ T4927] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.249691][ T4927] device bridge_slave_1 entered promiscuous mode
[  124.543624][ T4927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.575520][ T4927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.655716][ T4927] team0: Port device team_slave_0 added
[  124.702429][ T4927] team0: Port device team_slave_1 added
[  125.731792][ T4927] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.759430][ T4927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.939274][ T4927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.969621][ T4927] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.969639][ T4927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.969667][ T4927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.208464][ T1107] Bluetooth: hci5: command 0x041b tx timeout
[  126.462427][ T4927] device hsr_slave_0 entered promiscuous mode
[  126.530642][ T4927] device hsr_slave_1 entered promiscuous mode
[  126.544029][ T4927] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  126.835519][ T4927] Cannot create hsr debugfs directory
[  127.571099][ T4927] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  127.660698][ T4927] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  127.737527][ T4927] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  127.805915][ T4927] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  128.225006][ T4927] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.270315][    T7] Bluetooth: hci5: command 0x040f tx timeout
[  128.325164][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.344032][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.420311][ T4927] 8021q: adding VLAN 0 to HW filter on device team0
[  128.644467][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.655701][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.673080][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.680301][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.729502][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.867612][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  128.898891][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.950053][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.957151][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.984883][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  129.010451][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  129.067382][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  129.089788][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  129.117660][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  129.171533][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  129.188215][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  129.197125][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  130.498359][ T4272] Bluetooth: hci5: command 0x0419 tx timeout
[  131.185473][ T1174] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.285344][ T4927] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  131.309825][ T4927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  131.358408][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.391099][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  131.421777][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  131.496848][ T1174] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.767894][ T1174] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  131.868454][ T1174] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  132.356987][ T4927] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.407601][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.429743][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.669816][ T1107] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  132.754321][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.929627][ T1107] usb 4-1: Using ep0 maxpacket: 8
[  133.049957][ T1107] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  133.058534][ T1107] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  133.085840][ T1107] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  133.105520][ T1107] usb 4-1: config 250 has no interface number 0
[  133.135572][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  133.145049][ T1107] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  133.152671][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  133.199411][ T1107] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  133.260510][ T1107] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  133.272679][ T4927] device veth0_vlan entered promiscuous mode
[  133.308853][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.329419][ T1107] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  133.349459][ T1107] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  133.370158][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.379659][ T1107] usb 4-1: config 250 interface 228 has no altsetting 0
[  133.411697][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.427788][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.489099][ T4927] device veth1_vlan entered promiscuous mode
[  133.499725][ T1107] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  133.513960][ T1107] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  133.563114][ T1107] usb 4-1: Product: syz
[  133.568200][ T1107] usb 4-1: SerialNumber: syz
[  133.636500][ T1107] hub 4-1:250.228: bad descriptor, ignoring hub
[  133.661527][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  133.663979][ T1107] hub: probe of 4-1:250.228 failed with error -5
[  133.676878][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  133.731042][ T4927] device veth0_macvtap entered promiscuous mode
[  133.770643][ T4927] device veth1_macvtap entered promiscuous mode
[  133.853248][ T1107] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  133.923678][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.000855][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.062826][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.145992][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.200115][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.268746][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.329854][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.352313][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.409687][ T4927] batman_adv: batadv0: Interface activated: batadv_slave_0
[  134.462889][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  134.490652][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  134.530656][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  134.588457][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  134.630013][ T5027] usb 4-1: reset high-speed USB device number 2 using dummy_hcd
[  134.720282][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.772528][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.791473][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.812479][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.832733][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.848640][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.859490][ T4927] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.870560][ T4927] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.921488][ T4927] batman_adv: batadv0: Interface activated: batadv_slave_1
[  134.982117][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  135.002754][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  135.041537][ T4927] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.060708][ T4927] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.070535][ T4927] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.079663][ T4927] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.255292][ T5027] usb 4-1: failed to restore interface 228 altsetting 255 (error=-71)
[  135.283092][ T4210] usb 4-1: USB disconnect, device number 2
[  135.289809][   T23] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  135.317913][ T4210] usblp0: removed
[  135.321813][ T1282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  135.321931][ T1282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.324932][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  135.556889][ T4337] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  135.568475][ T4337] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.583922][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  135.609902][   T21] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  135.695526][ T1174] device hsr_slave_0 left promiscuous mode
[  135.702387][   T23] usb 1-1: config 0 has no interfaces?
[  135.708787][ T1174] device hsr_slave_1 left promiscuous mode
[  135.736710][ T1174] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.745494][ T1174] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.774615][ T1174] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.795016][ T1174] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.803474][ T1110] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  135.828940][ T1174] device bridge_slave_1 left promiscuous mode
[  135.839475][ T1174] bridge0: port 2(bridge_slave_1) entered disabled state
[  135.858137][ T1174] device bridge_slave_0 left promiscuous mode
[  135.865077][ T1174] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.879991][   T23] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  135.912218][ T1174] device veth1_macvtap left promiscuous mode
[  135.920557][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.937293][ T1174] device veth0_macvtap left promiscuous mode
[  135.945209][ T1174] device veth1_vlan left promiscuous mode
[  135.952489][ T1174] device veth0_vlan left promiscuous mode
[  135.982627][   T23] usb 1-1: Product: syz
[  135.986837][   T23] usb 1-1: Manufacturer: syz
[  136.004554][   T23] usb 1-1: SerialNumber: syz
[  136.050953][   T23] usb 1-1: config 0 descriptor??
[  136.190185][ T1110] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.219612][   T21] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  136.361409][   T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.370813][   T21] usb 3-1: Product: syz
[  136.375000][   T21] usb 3-1: Manufacturer: syz
[  136.380073][   T21] usb 3-1: SerialNumber: syz
[  136.387077][   T21] usb 3-1: config 0 descriptor??
[  136.447153][ T5114] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  136.479634][ T1110] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  136.498632][ T1110] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.589436][ T1110] usb 2-1: Product: syz
[  136.595488][ T1110] usb 2-1: Manufacturer: syz
[  136.617304][ T1110] usb 2-1: SerialNumber: syz
[  136.663422][   T13] usb 1-1: USB disconnect, device number 4
[  136.710091][    T7] usb 3-1: USB disconnect, device number 2
[  137.316982][ T1174] team0 (unregistering): Port device team_slave_1 removed
[  137.375400][ T1174] team0 (unregistering): Port device team_slave_0 removed
[  137.406151][ T1174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  137.476228][ T1174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  137.832400][ T1174] bond0 (unregistering): Released all slaves
[  138.179517][ T5122] netlink: 36 bytes leftover after parsing attributes in process `syz.0.200'.
[  138.300074][ T1110] cdc_ncm 2-1:1.0: bind() failure
[  138.322218][ T1110] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  138.376024][ T1110] cdc_ncm 2-1:1.1: bind() failure
[  138.436169][ T1110] usb 2-1: USB disconnect, device number 3
[  138.469419][   T13] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  138.759383][   T13] usb 4-1: Using ep0 maxpacket: 8
[  138.879642][   T13] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  138.938791][   T13] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  138.992942][   T13] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  139.065739][   T13] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  139.126754][   T13] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  139.167304][   T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.217177][ T5155] netlink: 24 bytes leftover after parsing attributes in process `syz.1.206'.
[  139.529603][   T13] usb 4-1: GET_CAPABILITIES returned 0
[  139.535247][   T13] usbtmc 4-1:16.0: can't read capabilities
[  139.749447][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.759444][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.768580][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.777674][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.786764][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.795848][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.804937][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.814145][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.823232][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.832333][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.841422][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.850508][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.859589][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.868670][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.877772][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  139.886898][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  140.084461][ T4272] usb 4-1: USB disconnect, device number 3
[  141.974839][ T5207] ptrace attach of "./syz-executor exec"[4165] was attempted by "./syz-executor exec"[5207]
[  143.311178][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.426671][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.493772][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.562843][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.625204][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.694917][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.904668][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  143.927824][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.042581][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.169524][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.176963][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.377456][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.561932][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.572420][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.599774][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.633153][   T21] hid-generic FFF9:0000:0203.0001: unknown main item tag 0x0
[  144.691002][   T21] hid-generic FFF9:0000:0203.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  145.159411][ T4207] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  145.569544][ T4207] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  145.632612][ T4207] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 12847, setting to 1024
[  145.730420][ T4207] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  145.825217][ T4207] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  145.885313][ T4207] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.959843][ T5229] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  146.368767][ T1110] usb 3-1: USB disconnect, device number 3
[  147.465487][ T5293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.233'.
[  147.773512][ T5302] ptrace attach of "./syz-executor exec"[4171] was attempted by "./syz-executor exec"[5302]
[  147.919500][ T5307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.235'.
[  148.652831][ T5316] netlink: 48 bytes leftover after parsing attributes in process `syz.1.237'.
[  148.821929][ T5318] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  149.019750][ T4167] Bluetooth: Unknown LE signaling command 0x0b
[  149.026475][ T4167] Bluetooth: Wrong link type (-22)
[  150.322578][ T5362] netlink: 8 bytes leftover after parsing attributes in process `syz.0.248'.
[  152.060854][ T1110] libceph: connect (1)[c::]:6789 error -101
[  152.070356][ T1110] libceph: mon0 (1)[c::]:6789 connect error
[  152.098155][ T5375] ceph: No mds server is up or the cluster is laggy
[  152.421647][ T4207] libceph: connect (1)[c::]:6789 error -101
[  152.427835][ T4207] libceph: mon0 (1)[c::]:6789 connect error
[  152.943026][ T5404] ptrace attach of "./syz-executor exec"[4171] was attempted by "./syz-executor exec"[5404]
[  154.209380][ T4334] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  155.549514][ T4334] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  156.038494][ T4334] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  156.170342][ T4334] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  156.242525][ T4334] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.296453][ T4334] usb 4-1: config 0 descriptor??
[  156.352769][ T4334] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  156.701852][ T5420] chnl_net:caif_netlink_parms(): no params data found
[  157.000651][ T5420] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.009541][ T5420] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.017737][ T5420] device bridge_slave_0 entered promiscuous mode
[  157.288713][ T5420] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.344218][ T5420] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.365786][ T5420] device bridge_slave_1 entered promiscuous mode
[  157.478052][ T5420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  157.519227][ T5420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.775160][ T5420] team0: Port device team_slave_0 added
[  157.823031][ T4207] usb 4-1: USB disconnect, device number 4
[  157.898895][ T5420] team0: Port device team_slave_1 added
[  158.115419][ T5420] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.138082][ T5420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.189588][ T4334] Bluetooth: hci3: command 0x0409 tx timeout
[  158.366245][ T5420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.388598][ T5420] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.388612][ T5420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.388632][ T5420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.605181][ T5420] device hsr_slave_0 entered promiscuous mode
[  158.618106][ T5420] device hsr_slave_1 entered promiscuous mode
[  158.623434][ T5420] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  158.623529][ T5420] Cannot create hsr debugfs directory
[  158.754398][ T1174] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.878822][ T1174] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.170041][ T1174] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.347049][ T1174] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  159.775372][ T1174] tipc: Left network mode
[  159.784205][ T5487] tmpfs: Unknown parameter 'quota'
[  159.856428][ T5420] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  159.990976][ T5420] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  160.014223][ T5420] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  160.076705][ T5420] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  160.270201][ T4272] Bluetooth: hci3: command 0x041b tx timeout
[  160.328334][   T26] kauditd_printk_skb: 21 callbacks suppressed
[  160.328346][   T26] audit: type=1326 audit(2000000049.100:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  160.439096][   T26] audit: type=1326 audit(2000000049.100:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  160.461235][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.540124][   T26] audit: type=1326 audit(2000000049.260:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  160.562130][    C1] vkms_vblank_simulate: vblank timer overrun
[  160.679635][   T26] audit: type=1326 audit(2000000049.260:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  160.768312][   T26] audit: type=1326 audit(2000000049.260:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  160.869476][   T26] audit: type=1326 audit(2000000049.260:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  160.952922][   T26] audit: type=1326 audit(2000000049.260:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  161.057218][ T5420] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.108296][   T26] audit: type=1326 audit(2000000049.260:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  161.130532][    C1] vkms_vblank_simulate: vblank timer overrun
[  161.152531][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  161.237675][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  161.270966][ T5420] 8021q: adding VLAN 0 to HW filter on device team0
[  161.358400][   T26] audit: type=1326 audit(2000000049.260:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  161.380552][    C1] vkms_vblank_simulate: vblank timer overrun
[  161.400914][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  161.420368][   T26] audit: type=1326 audit(2000000049.260:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5495 comm="syz.0.277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  161.437808][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  161.468231][ T1282] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.475401][ T1282] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.783830][ T4334] Bluetooth: hci3: command 0x040f tx timeout
[  162.832982][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  162.844891][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  162.867043][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  162.888031][ T1282] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.895247][ T1282] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.932330][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  163.010443][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  163.040839][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  163.087819][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  163.184220][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  163.215184][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  163.283027][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  163.301289][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  163.318142][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  163.340161][ T5420] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  163.420557][ T5420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  163.529053][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  163.555020][ T1282] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  163.914327][ T1174] device hsr_slave_0 left promiscuous mode
[  163.947481][ T1174] device hsr_slave_1 left promiscuous mode
[  163.962490][ T1174] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  164.012790][ T1174] batman_adv: batadv0: Removing interface: batadv_slave_0
[  164.045277][ T1174] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  164.069043][ T1174] batman_adv: batadv0: Removing interface: batadv_slave_1
[  164.144691][ T1174] device veth1_macvtap left promiscuous mode
[  164.178689][ T1174] device veth0_macvtap left promiscuous mode
[  164.199209][ T1174] device veth1_vlan left promiscuous mode
[  164.223650][ T1174] device veth0_vlan left promiscuous mode
[  164.574992][ T1174] team0 (unregistering): Port device team_slave_1 removed
[  164.616867][ T1174] team0 (unregistering): Port device team_slave_0 removed
[  164.640509][ T1174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  164.668580][ T1174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.802552][ T1174] bond0 (unregistering): Released all slaves
[  164.828471][ T5583] netlink: 28 bytes leftover after parsing attributes in process `syz.5.292'.
[  164.834313][ T4272] Bluetooth: hci3: command 0x0419 tx timeout
[  164.844460][ T5593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'.
[  164.850888][ T5583] netlink: 'syz.5.292': attribute type 7 has an invalid length.
[  164.869869][ T5583] netlink: 4 bytes leftover after parsing attributes in process `syz.5.292'.
[  164.883757][ T5583] device bond0 entered promiscuous mode
[  164.889420][ T5583] device bond_slave_0 entered promiscuous mode
[  164.896523][ T5583] device bond_slave_1 entered promiscuous mode
[  164.897663][ T5594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  164.916373][ T5583] device bridge0 entered promiscuous mode
[  164.950724][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  164.965859][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  164.974762][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  164.994357][ T5592] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  165.027512][ T5420] 8021q: adding VLAN 0 to HW filter on device batadv0
[  165.305538][ T5609] sp0: Synchronizing with TNC
[  166.060331][ T5624] netlink: 8 bytes leftover after parsing attributes in process `syz.3.298'.
[  166.069263][ T5624] netlink: 'syz.3.298': attribute type 5 has an invalid length.
[  166.744251][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  166.759067][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  166.860258][ T4582] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  166.882428][ T4582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  166.923548][ T4582] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  166.965432][ T4582] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  167.004111][ T5420] device veth0_vlan entered promiscuous mode
[  167.051913][ T5420] device veth1_vlan entered promiscuous mode
[  167.068236][   T26] kauditd_printk_skb: 75 callbacks suppressed
[  167.068248][   T26] audit: type=1326 audit(2000000055.840:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  167.099637][ T5639] dccp_close: ABORT with 32 bytes unread
[  167.230329][   T26] audit: type=1326 audit(2000000055.890:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  167.262856][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  167.300819][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  167.367453][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  167.378860][   T26] audit: type=1326 audit(2000000055.890:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  167.405431][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  167.603857][ T5420] device veth0_macvtap entered promiscuous mode
[  167.641473][ T5420] device veth1_macvtap entered promiscuous mode
[  167.689529][   T26] audit: type=1326 audit(2000000055.890:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  167.727229][ T5420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.761267][ T5420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.781661][   T26] audit: type=1326 audit(2000000055.890:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  167.803405][ T5420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.902474][ T5420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.017075][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.029640][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.037257][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.045120][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.069534][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.077264][   T26] audit: type=1326 audit(2000000055.890:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  168.087316][ T5420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  168.119499][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.147233][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.168607][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.196676][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.207862][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.214962][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.215339][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.215616][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.215851][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.216115][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.216345][ T4213] hid-generic FFF9:0000:0203.0002: unknown main item tag 0x0
[  168.224750][ T4213] hid-generic FFF9:0000:0203.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  168.386275][   T26] audit: type=1326 audit(2000000055.890:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  168.386322][   T26] audit: type=1326 audit(2000000055.890:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  168.386358][   T26] audit: type=1326 audit(2000000055.890:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  168.386393][   T26] audit: type=1326 audit(2000000055.890:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5632 comm="syz.3.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  168.390021][ T5420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.391584][ T5420] batman_adv: batadv0: Interface activated: batadv_slave_0
[  168.391720][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  168.392385][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  168.392999][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  168.393618][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  168.396878][ T5420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.396899][ T5420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.396911][ T5420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.396926][ T5420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.396941][ T5420] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  168.396955][ T5420] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  168.398453][ T5420] batman_adv: batadv0: Interface activated: batadv_slave_1
[  168.398581][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  168.399191][ T4289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  168.406037][ T5420] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.406072][ T5420] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.406097][ T5420] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.406122][ T5420] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.751998][ T4289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.752056][ T4289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.754809][ T4582] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  170.283121][ T4289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  170.304352][ T4289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  170.354796][ T4582] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  170.509401][ T4334] Bluetooth: hci3: command 0x0405 tx timeout
[  170.677299][ T5681] ptrace attach of "./syz-executor exec"[4169] was attempted by ""[5681]
[  172.070565][   T26] kauditd_printk_skb: 72 callbacks suppressed
[  172.070580][   T26] audit: type=1326 audit(2000000060.850:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.144216][   T26] audit: type=1326 audit(2000000060.850:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.170149][   T26] audit: type=1326 audit(2000000060.850:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.193379][   T26] audit: type=1326 audit(2000000060.880:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.236853][   T26] audit: type=1326 audit(2000000060.880:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.521157][   T26] audit: type=1326 audit(2000000060.880:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.570065][   T26] audit: type=1326 audit(2000000060.880:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  172.656947][ T5717] netlink: 'syz.3.315': attribute type 1 has an invalid length.
[  173.654867][   T26] audit: type=1326 audit(2000000060.880:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  173.749483][   T26] audit: type=1326 audit(2000000060.880:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  173.927369][   T26] audit: type=1326 audit(2000000060.880:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5698 comm="syz.3.313" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  174.386391][ T5731] kvm: pic: non byte read
[  175.562249][ T5731] kvm: pic: non byte read
[  175.566925][ T5731] kvm: pic: single mode not supported
[  175.567055][ T5731] kvm: pic: level sensitive irq not supported
[  175.580333][ T5731] kvm: pic: non byte read
[  175.607187][ T5731] kvm: pic: non byte read
[  176.161922][ T5767] dccp_close: ABORT with 32 bytes unread
[  176.199499][   T21] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  176.549491][   T21] usb 4-1: Using ep0 maxpacket: 8
[  176.679710][   T21] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  176.693985][   T21] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  176.710589][   T21] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  176.720450][   T21] usb 4-1: config 250 has no interface number 0
[  176.739532][   T21] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  176.778230][   T21] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  176.839429][   T21] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  176.875253][   T21] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  176.908059][   T21] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  176.954936][   T21] usb 4-1: config 250 interface 228 has no altsetting 0
[  177.109751][   T21] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  177.125698][   T21] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  177.158772][   T21] usb 4-1: Product: syz
[  177.175105][   T21] usb 4-1: SerialNumber: syz
[  177.300678][   T21] hub 4-1:250.228: bad descriptor, ignoring hub
[  177.306995][   T21] hub: probe of 4-1:250.228 failed with error -5
[  177.531056][   T21] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 5 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  179.322001][ T5803] netlink: 'syz.0.335': attribute type 10 has an invalid length.
[  179.475271][ T5803] 8021q: adding VLAN 0 to HW filter on device team0
[  179.532653][ T5803] bond0: (slave team0): Enslaving as an active interface with an up link
[  180.725262][   T26] kauditd_printk_skb: 64 callbacks suppressed
[  180.725275][   T26] audit: type=1326 audit(2000000069.490:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  180.800309][   T26] audit: type=1326 audit(2000000069.530:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  180.910000][ T4212] Bluetooth: hci1: command 0x0406 tx timeout
[  180.961602][ T4212] Bluetooth: hci2: command 0x0406 tx timeout
[  181.277396][   T26] audit: type=1326 audit(2000000069.530:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.311389][   T26] audit: type=1326 audit(2000000069.530:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.331903][ T4212] Bluetooth: hci0: command 0x0406 tx timeout
[  181.344754][   T26] audit: type=1326 audit(2000000069.530:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.454894][   T26] audit: type=1326 audit(2000000069.530:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.595049][   T26] audit: type=1326 audit(2000000069.530:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.773672][   T26] audit: type=1326 audit(2000000069.530:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.773725][   T26] audit: type=1326 audit(2000000069.530:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.773761][   T26] audit: type=1326 audit(2000000069.530:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5830 comm="syz.5.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  181.847172][ T5851] netlink: 'syz.2.341': attribute type 1 has an invalid length.
[  183.337407][ T5871] netlink: 36 bytes leftover after parsing attributes in process `syz.0.344'.
[  183.538257][ T4334] usb 4-1: USB disconnect, device number 5
[  183.584825][ T4334] usblp0: removed
[  183.884002][ T5880] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  183.895507][ T5882] netlink: 4 bytes leftover after parsing attributes in process `syz.3.347'.
[  183.965264][ T5882] device batadv0 entered promiscuous mode
[  184.027121][ T5885] netlink: 8 bytes leftover after parsing attributes in process `syz.5.346'.
[  184.159451][ T5882] device macvtap0 entered promiscuous mode
[  184.180570][ T5882] 8021q: adding VLAN 0 to HW filter on device macvtap0
[  184.238863][ T5882] device batadv0 left promiscuous mode
[  184.478208][ T5895] netlink: 'syz.0.348': attribute type 29 has an invalid length.
[  184.593095][ T5895] netlink: 'syz.0.348': attribute type 29 has an invalid length.
[  184.687532][ T5898] netlink: 'syz.0.348': attribute type 29 has an invalid length.
[  184.969499][ T5908] input: syz0 as /devices/virtual/input/input7
[  185.578656][ T5916] netlink: 8 bytes leftover after parsing attributes in process `syz.5.353'.
[  185.587658][ T5916] netlink: 'syz.5.353': attribute type 5 has an invalid length.
[  188.482230][ T5954] netlink: 'syz.2.361': attribute type 29 has an invalid length.
[  188.512720][ T5954] netlink: 'syz.2.361': attribute type 29 has an invalid length.
[  188.540151][ T5955] netlink: 'syz.2.361': attribute type 29 has an invalid length.
[  189.213548][   T26] kauditd_printk_skb: 32 callbacks suppressed
[  189.213566][   T26] audit: type=1326 audit(2000000077.990:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5965 comm="syz.3.364" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f989b352169 code=0x0
[  189.989475][ T4334] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  190.429480][ T4334] usb 7-1: Using ep0 maxpacket: 8
[  190.468458][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.483883][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.503036][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.543662][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.559570][ T4334] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  190.584769][ T4334] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  190.605370][ T4334] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  190.624488][ T4334] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  190.637780][ T4334] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  190.647078][ T4334] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.675688][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.739542][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.752093][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.769479][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.789398][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.800550][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.813747][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.830172][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.849753][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.904469][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.926344][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  190.951580][ T4210] hid-generic FFF9:0000:0203.0003: unknown main item tag 0x0
[  191.022980][ T4210] hid-generic FFF9:0000:0203.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  193.528499][ T6030] could not allocate digest TFM handle cmac-aes-neon
[  194.149514][ T4334] usb 7-1: usb_control_msg returned -71
[  194.155109][ T4334] usbtmc 7-1:16.0: can't read capabilities
[  194.192124][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  194.288031][ T4334] usb 7-1: USB disconnect, device number 2
[  194.806779][ T6066] dccp_close: ABORT with 32 bytes unread
[  195.016727][ T6070] netlink: 8 bytes leftover after parsing attributes in process `syz.3.383'.
[  195.025619][ T6070] netlink: 'syz.3.383': attribute type 5 has an invalid length.
[  199.059499][ T5807] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  199.419602][ T5807] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  199.442001][ T5807] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  199.486206][ T5807] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  199.514992][ T5807] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  199.553639][ T5807] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  199.729507][ T5807] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  199.747007][ T5807] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  199.784433][ T5807] usb 6-1: Product: syz
[  199.810125][ T5807] usb 6-1: Manufacturer: syz
[  199.891182][ T5807] cdc_wdm 6-1:1.0: skipping garbage
[  199.897125][ T5807] cdc_wdm 6-1:1.0: skipping garbage
[  199.928720][ T5807] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  199.947226][ T5807] cdc_wdm 6-1:1.0: Unknown control protocol
[  200.119525][ T4334] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  200.132420][   T23] usb 6-1: USB disconnect, device number 2
[  200.499501][ T4334] usb 3-1: config 0 has no interfaces?
[  200.699554][ T4334] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  200.737113][ T4334] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.787935][ T4334] usb 3-1: Product: syz
[  200.809408][ T4334] usb 3-1: Manufacturer: syz
[  200.815230][ T4334] usb 3-1: SerialNumber: syz
[  200.847061][ T4334] usb 3-1: config 0 descriptor??
[  202.656276][ T6183] input: syz1 as /devices/virtual/input/input8
[  204.778978][ T6192] ptrace attach of "./syz-executor exec"[5420] was attempted by ""[6192]
[  204.901923][   T21] usb 3-1: USB disconnect, device number 4
[  205.910310][ T6229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.416'.
[  205.959446][ T4334] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  206.249479][ T4334] usb 4-1: Using ep0 maxpacket: 16
[  206.425169][ T6234] ptrace attach of "./syz-executor exec"[4927] was attempted by ""[6234]
[  206.592105][ T4334] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  206.625953][ T4334] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  206.717042][ T4334] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  206.767009][ T4334] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.971776][ T4334] usb 4-1: config 0 descriptor??
[  207.309202][ T4212] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  207.413702][ T6264] netlink: 'syz.6.426': attribute type 1 has an invalid length.
[  208.228651][ T6259] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  208.236597][ T6259] IPv6: NLM_F_CREATE should be set when creating new route
[  208.416525][ T4212] usb 1-1: Using ep0 maxpacket: 32
[  208.599580][ T4212] usb 1-1: unable to get BOS descriptor or descriptor too short
[  208.679844][   T26] audit: type=1326 audit(2000000097.460:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  208.719577][ T4212] usb 1-1: config 127 has an invalid interface number: 158 but max is 0
[  208.771264][ T4212] usb 1-1: config 127 has no interface number 0
[  208.862657][ T4212] usb 1-1: config 127 interface 158 has no altsetting 0
[  208.864201][   T26] audit: type=1326 audit(2000000097.460:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  208.921489][   T26] audit: type=1326 audit(2000000097.460:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.020692][   T26] audit: type=1326 audit(2000000097.460:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.061311][   T26] audit: type=1326 audit(2000000097.460:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.105390][   T26] audit: type=1326 audit(2000000097.460:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.169765][   T26] audit: type=1326 audit(2000000097.460:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.323544][ T4212] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=36.f5
[  209.375386][   T26] audit: type=1326 audit(2000000097.460:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.398011][   T26] audit: type=1326 audit(2000000097.460:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.426590][   T26] audit: type=1326 audit(2000000097.460:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6269 comm="syz.5.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f96703f0169 code=0x7ffc0000
[  209.437981][ T4212] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.508322][ T4212] usb 1-1: Product: syz
[  209.512639][ T4212] usb 1-1: Manufacturer: syz
[  209.518464][ T4212] usb 1-1: SerialNumber: syz
[  209.789994][ T4212] comedi comedi0: could not switch to alternate setting 1
[  209.822639][ T4212] usbduxfast 1-1:127.158: driver 'usbduxfast' failed to auto-configure device.
[  209.899629][ T4208] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  209.931809][ T4212] usb 1-1: USB disconnect, device number 5
[  210.149375][ T4208] usb 6-1: Using ep0 maxpacket: 8
[  210.323982][   T21] usb 4-1: USB disconnect, device number 6
[  210.430312][ T4208] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  210.448044][ T4208] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.477196][ T4208] usb 6-1: Product: syz
[  210.524192][ T4208] usb 6-1: Manufacturer: syz
[  210.561195][ T4208] usb 6-1: SerialNumber: syz
[  210.599025][ T4208] usb 6-1: config 0 descriptor??
[  210.899753][ T4208] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  211.743361][ T6259] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.751865][ T6259] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.760695][ T6259] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  211.769233][ T6259] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  212.001113][ T6300] netlink: 'syz.3.435': attribute type 10 has an invalid length.
[  212.016434][ T6300] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.023971][ T6300] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.087691][ T6300] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.094873][ T6300] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.102369][ T6300] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.109489][ T6300] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.176322][ T6300] device bridge0 entered promiscuous mode
[  212.183618][ T6300] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  212.193675][ T1174] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready
[  212.759561][ T4208] dvb_usb_rtl28xxu: probe of 6-1:0.0 failed with error -71
[  212.807422][ T4208] usb 6-1: USB disconnect, device number 3
[  213.132504][ T6331] netlink: 'syz.3.439': attribute type 1 has an invalid length.
[  213.922184][   T26] kauditd_printk_skb: 53 callbacks suppressed
[  213.922202][   T26] audit: type=1326 audit(2000000102.700:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6326 comm="syz.0.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa07ba7c169 code=0x7ffc0000
[  215.799492][   T13] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  216.039472][   T13] usb 1-1: Using ep0 maxpacket: 32
[  216.159735][   T13] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  216.189235][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.287464][   T13] usb 1-1: config 0 descriptor??
[  216.354586][   T13] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  216.771288][ T6363] udc-core: couldn't find an available UDC or it's busy
[  216.795141][ T6363] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  217.089464][   T13] gspca_vc032x: reg_w err -110
[  217.094424][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.106490][ T6396] netlink: 'syz.5.450': attribute type 10 has an invalid length.
[  217.129616][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.167272][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.189167][ T6396] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.196514][ T6396] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.217776][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.248817][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.285150][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.304940][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.317240][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.466409][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.486573][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.505587][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  217.563125][ T6407] netlink: 'syz.3.452': attribute type 1 has an invalid length.
[  218.331734][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.339412][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.357440][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.405877][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.439459][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.453287][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.464891][   T13] gspca_vc032x: I2c Bus Busy Wait 00
[  218.475543][   T13] gspca_vc032x: Unknown sensor...
[  218.487941][   T13] vc032x: probe of 1-1:0.0 failed with error -22
[  218.597450][   T26] audit: type=1326 audit(2000000107.370:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  218.683691][   T23] usb 1-1: USB disconnect, device number 6
[  218.731838][ T6419] netlink: 36 bytes leftover after parsing attributes in process `syz.6.455'.
[  218.775036][   T26] audit: type=1326 audit(2000000107.370:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.016666][ T6421] ptrace attach of "./syz-executor exec"[4169] was attempted by "./syz-executor exec"[6421]
[  219.037482][   T26] audit: type=1326 audit(2000000107.370:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.376785][   T26] audit: type=1326 audit(2000000107.370:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.460613][   T26] audit: type=1326 audit(2000000107.370:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.495947][ T1110] libceph: connect (1)[c::]:6789 error -101
[  219.511030][ T1110] libceph: mon0 (1)[c::]:6789 connect error
[  219.517133][ T6431] ceph: No mds server is up or the cluster is laggy
[  219.526735][   T26] audit: type=1326 audit(2000000107.370:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.551391][   T26] audit: type=1326 audit(2000000107.370:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.587254][   T26] audit: type=1326 audit(2000000107.370:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.791675][   T26] audit: type=1326 audit(2000000107.370:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.815264][   T26] audit: type=1326 audit(2000000107.370:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.960828][   T26] audit: type=1326 audit(2000000107.370:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  219.986314][   T26] audit: type=1326 audit(2000000107.370:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6411 comm="syz.3.454" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  220.217144][ T6445] Zero length message leads to an empty skb
[  221.567486][ T6458] netlink: 'syz.6.464': attribute type 1 has an invalid length.
[  222.508856][ T6466] netlink: 8 bytes leftover after parsing attributes in process `syz.6.466'.
[  222.810869][ T5807] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  222.902787][ T5807] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  223.489307][ T6482] ptrace attach of "./syz-executor exec"[4165] was attempted by "./syz-executor exec"[6482]
[  223.685723][ T6489] device macsec1 entered promiscuous mode
[  223.706201][ T1110] libceph: connect (1)[c::]:6789 error -101
[  223.721107][ T1110] libceph: mon0 (1)[c::]:6789 connect error
[  223.737291][ T6490] ceph: No mds server is up or the cluster is laggy
[  223.760245][ T6489] device syz_tun entered promiscuous mode
[  223.806212][ T6489] device syz_tun left promiscuous mode
[  223.967128][ T6488] delete_channel: no stack
[  224.158126][ T6505] netlink: 'syz.6.476': attribute type 1 has an invalid length.
[  224.209562][   T21] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  224.277701][   T13] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  224.293173][ T6505] device veth3 entered promiscuous mode
[  224.461611][ T6505] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  224.505677][ T6511] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  224.559495][   T21] usb 4-1: Using ep0 maxpacket: 8
[  224.639580][   T13] usb 6-1: Using ep0 maxpacket: 8
[  224.719411][   T21] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  224.738500][   T21] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  224.779697][   T13] usb 6-1: config 0 has too many interfaces: 65, using maximum allowed: 32
[  224.838801][   T13] usb 6-1: config 0 has an invalid interface number: 150 but max is 64
[  224.869565][   T21] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  224.893588][   T21] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  224.936030][   T13] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  224.999601][   T21] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[  225.019455][   T13] usb 6-1: config 0 has 2 interfaces, different from the descriptor's value: 65
[  225.020482][   T21] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  225.294363][   T13] usb 6-1: config 0 has no interface number 0
[  225.324196][   T13] usb 6-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.407607][   T13] usb 6-1: config 0 interface 150 has no altsetting 0
[  225.421245][   T26] kauditd_printk_skb: 72 callbacks suppressed
[  225.421262][   T26] audit: type=1326 audit(2000000114.200:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  225.439488][   T13] usb 6-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  225.450537][   T21] usb 4-1: string descriptor 0 read error: -22
[  225.498475][   T13] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.514616][   T21] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  225.547220][   T13] usb 6-1: config 0 descriptor??
[  225.555858][   T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.601261][   T26] audit: type=1326 audit(2000000114.200:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  225.690994][   T21] adutux 4-1:168.0: interrupt endpoints not found
[  225.755979][   T26] audit: type=1326 audit(2000000114.210:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  225.891958][   T26] audit: type=1326 audit(2000000114.210:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  225.936578][   T13] usb 6-1: USB disconnect, device number 4
[  225.999790][   T26] audit: type=1326 audit(2000000114.210:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  226.080514][   T26] audit: type=1326 audit(2000000114.210:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  226.140509][   T26] audit: type=1326 audit(2000000114.210:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  226.222854][ T4159] udevd[4159]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.150/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  226.259415][   T26] audit: type=1326 audit(2000000114.210:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  226.370870][ T6549] ptrace attach of "./syz-executor exec"[5420] was attempted by "./syz-executor exec"[6549]
[  226.397137][   T26] audit: type=1326 audit(2000000114.210:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  226.451688][   T26] audit: type=1326 audit(2000000114.210:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6530 comm="syz.6.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b72f3d169 code=0x7ffc0000
[  226.880756][ T4210] libceph: connect (1)[c::]:6789 error -101
[  226.884538][ T5807] usb 4-1: USB disconnect, device number 7
[  226.887495][ T4210] libceph: mon0 (1)[c::]:6789 connect error
[  226.899528][ T6557] ceph: No mds server is up or the cluster is laggy
[  228.627106][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.649392][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.669405][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.677352][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.690632][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.699678][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.708328][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.719352][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.727150][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.737581][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.745591][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.754909][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.764498][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.776625][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.795259][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.804865][   T21] hid-generic FFF9:0000:0203.0005: unknown main item tag 0x0
[  228.836243][   T21] hid-generic FFF9:0000:0203.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  229.011727][ T5807] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  229.469720][ T5807] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  229.497510][ T5807] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  229.528122][ T5807] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  229.593167][ T5807] usb 4-1: config 220 has no interface number 2
[  229.622071][ T5807] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  229.665906][ T5807] usb 4-1: config 220 interface 0 has no altsetting 0
[  229.688945][ T5807] usb 4-1: config 220 interface 76 has no altsetting 0
[  229.706516][ T5807] usb 4-1: config 220 interface 1 has no altsetting 0
[  229.880155][ T5807] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  229.906802][ T5807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.937243][ T5807] usb 4-1: Product: syz
[  229.947408][ T5807] usb 4-1: Manufacturer: syz
[  229.990894][ T5807] usb 4-1: SerialNumber: syz
[  230.470746][ T5807] usb 4-1: selecting invalid altsetting 0
[  230.493638][ T5807] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  230.699400][ T5807] usb 4-1: No valid video chain found.
[  230.860674][ T5807] usb 4-1: selecting invalid altsetting 0
[  230.892842][ T5807] usbtest: probe of 4-1:220.1 failed with error -22
[  231.578807][ T5807] usb 4-1: USB disconnect, device number 8
[  231.788407][   T21] libceph: connect (1)[c::]:6789 error -101
[  231.794656][   T21] libceph: mon0 (1)[c::]:6789 connect error
[  231.830860][ T6630] ceph: No mds server is up or the cluster is laggy
[  232.076578][   T26] kauditd_printk_skb: 82 callbacks suppressed
[  232.076595][   T26] audit: type=1326 audit(2000000120.850:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.237406][   T26] audit: type=1326 audit(2000000121.000:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.272786][   T26] audit: type=1326 audit(2000000121.000:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.308091][   T26] audit: type=1326 audit(2000000121.000:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.484439][   T26] audit: type=1326 audit(2000000121.010:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.507995][   T26] audit: type=1326 audit(2000000121.010:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.546713][   T26] audit: type=1326 audit(2000000121.010:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.730061][   T26] audit: type=1326 audit(2000000121.010:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  232.768715][   T26] audit: type=1326 audit(2000000121.010:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  233.129452][   T26] audit: type=1326 audit(2000000121.010:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6642 comm="syz.3.504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f989b352169 code=0x7ffc0000
[  233.849423][ T4208] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  233.856139][ T6672] netlink: 'syz.5.512': attribute type 10 has an invalid length.
[  234.129395][ T4208] usb 3-1: Using ep0 maxpacket: 32
[  234.329498][ T4208] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  234.391800][ T6675] ubi: mtd0 is already attached to ubi31
[  234.509505][ T4208] usb 3-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77
[  235.079561][ T4208] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.098277][ T4208] usb 3-1: Product: syz
[  235.150433][ T6681] ceph: No mds server is up or the cluster is laggy
[  235.158770][ T4210] libceph: connect (1)[c::]:6789 error -101
[  235.168521][ T4208] usb 3-1: Manufacturer: syz
[  235.170763][ T4210] libceph: mon0 (1)[c::]:6789 connect error
[  235.231170][ T4208] usb 3-1: SerialNumber: syz
[  235.234884][ T6686] fuse: root generation should be zero
[  235.280319][ T4208] usb 3-1: config 0 descriptor??
[  235.321893][ T4208] hdpvr 3-1:0.0: Could not find bulk-in endpoint
[  235.331072][ T4208] hdpvr: probe of 3-1:0.0 failed with error -12
[  236.023876][ T6708] netlink: 'syz.6.523': attribute type 10 has an invalid length.
[  236.223164][ T6708] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.230699][ T6708] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.442035][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.449152][ T6708] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.456537][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.463637][ T6708] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.960543][ T6708] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  237.852311][ T6717] netlink: 'syz.6.525': attribute type 1 has an invalid length.
[  239.099480][ T4210] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  239.451598][ T4208] usb 3-1: USB disconnect, device number 5
[  239.599943][ T4210] usb 7-1: Using ep0 maxpacket: 32
[  239.689393][ T4212] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  239.719462][ T4210] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  239.752488][ T4210] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  239.785142][ T4210] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  239.814636][ T4210] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.880081][ T4210] usb 7-1: config 0 descriptor??
[  240.199603][ T4212] usb 6-1: config 0 has no interfaces?
[  240.400880][ T4212] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  240.439425][ T4212] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.447566][ T4212] usb 6-1: Product: syz
[  240.452615][ T4212] usb 6-1: Manufacturer: syz
[  240.457697][ T4212] usb 6-1: SerialNumber: syz
[  240.506070][ T4212] usb 6-1: config 0 descriptor??
[  240.922041][ T6751] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  241.025372][   T23] usb 6-1: USB disconnect, device number 5
[  243.386386][   T13] usb 7-1: USB disconnect, device number 3
[  243.694545][ T6768] netlink: 36 bytes leftover after parsing attributes in process `syz.3.540'.
[  245.887680][ T4212] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  246.329415][ T4212] usb 1-1: config 0 has no interfaces?
[  246.529591][ T4212] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  246.759654][ T4212] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.767656][ T4212] usb 1-1: Product: syz
[  246.831998][ T4212] usb 1-1: Manufacturer: syz
[  246.836734][ T4212] usb 1-1: SerialNumber: syz
[  246.876506][ T4212] usb 1-1: config 0 descriptor??
[  246.927123][ T6806] netlink: 36 bytes leftover after parsing attributes in process `syz.3.552'.
[  247.187714][ T4212] usb 1-1: USB disconnect, device number 7
[  247.257946][ T6811] netlink: 'syz.6.554': attribute type 10 has an invalid length.
[  247.288410][ T6811] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.295719][ T6811] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.469361][ T4208] Bluetooth: hci5: command 0x0406 tx timeout
[  248.042709][ T6818] netlink: 'syz.0.558': attribute type 10 has an invalid length.
[  248.089545][ T6818] netlink: 40 bytes leftover after parsing attributes in process `syz.0.558'.
[  248.341602][ T6818] team0: Port device geneve0 added
[  249.054046][ T6837] device ip6gretap0 entered promiscuous mode
[  249.074158][ T6837] device macsec1 entered promiscuous mode
[  249.090462][ T6837] device ip6gretap0 left promiscuous mode
[  249.182619][ T6836] delete_channel: no stack
[  249.651739][ T4208] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  249.905179][ T4208] usb 6-1: Using ep0 maxpacket: 32
[  250.035123][ T6849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.568'.
[  251.009706][ T4208] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  251.017879][ T4208] usb 6-1: config 0 has no interface number 0
[  251.050729][ T4208] usb 6-1: config 0 interface 89 has no altsetting 0
[  251.219480][ T4208] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  251.230899][ T4208] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.247584][ T6862] netlink: 'syz.0.571': attribute type 10 has an invalid length.
[  251.262766][ T4208] usb 6-1: Product: syz
[  251.282313][ T4208] usb 6-1: Manufacturer: syz
[  251.288072][ T4208] usb 6-1: SerialNumber: syz
[  251.305659][ T6862] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.313019][ T6862] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.345774][ T4208] usb 6-1: config 0 descriptor??
[  251.412587][ T4208] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  251.435422][ T4208] em28xx 6-1:0.89: Video interface 89 found: bulk
[  251.869865][ T4208] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  252.079552][ T4208] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  252.106006][ T4208] em28xx 6-1:0.89: board has no eeprom
[  252.209396][ T4210] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  252.249546][ T4208] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  252.256833][ T4208] em28xx 6-1:0.89: analog set to bulk mode.
[  252.286197][ T4212] em28xx 6-1:0.89: Registering V4L2 extension
[  252.323591][ T4208] usb 6-1: USB disconnect, device number 6
[  252.544113][ T4208] em28xx 6-1:0.89: Disconnecting em28xx
[  252.570560][ T4212] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[  252.615938][ T4212] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  252.659536][ T4210] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.683004][ T4210] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  252.693636][ T4212] em28xx 6-1:0.89: No AC97 audio processor
[  252.699014][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.709936][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.718813][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.727074][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.739111][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.747075][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.755802][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.763598][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.773363][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.781579][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.789605][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.797287][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.805745][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.813806][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.821945][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.831460][ T4212] usb 6-1: Decoder not found
[  252.838346][   T23] hid-generic FFF9:0000:0203.0006: unknown main item tag 0x0
[  252.849616][ T4210] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  252.866330][ T4210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.890463][ T4212] em28xx 6-1:0.89: failed to create media graph
[  252.901502][   T23] hid-generic FFF9:0000:0203.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  252.914924][ T4210] usb 4-1: Product: syz
[  252.924036][ T4210] usb 4-1: Manufacturer: syz
[  252.943801][ T4210] usb 4-1: SerialNumber: syz
[  252.960571][ T4212] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  253.092021][ T6892] ==================================================================
[  253.100513][ T6892] BUG: KASAN: use-after-free in v4l2_fh_open+0xc7/0x430
[  253.107489][ T6892] Read of size 8 at addr ffff88805d438900 by task v4l_id/6892
[  253.114962][ T6892] 
[  253.117299][ T6892] CPU: 0 PID: 6892 Comm: v4l_id Not tainted 5.15.180-syzkaller #0
[  253.125113][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  253.135177][ T6892] Call Trace:
[  253.138468][ T6892]  <TASK>
[  253.141417][ T6892]  dump_stack_lvl+0x1e3/0x2d0
[  253.146118][ T6892]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  253.151754][ T6892]  ? _printk+0xd1/0x120
[  253.155919][ T6892]  ? __wake_up_klogd+0xcc/0x100
[  253.160775][ T6892]  ? panic+0x860/0x860
[  253.164853][ T6892]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  253.170347][ T6892]  print_address_description+0x63/0x3b0
[  253.175920][ T6892]  ? v4l2_fh_open+0xc7/0x430
[  253.180504][ T6892]  kasan_report+0x16b/0x1c0
[  253.185010][ T6892]  ? v4l2_fh_open+0xc7/0x430
[  253.189618][ T6892]  v4l2_fh_open+0xc7/0x430
[  253.194032][ T6892]  em28xx_v4l2_open+0x15d/0xa10
[  253.198882][ T6892]  v4l2_open+0x228/0x360
[  253.203121][ T6892]  chrdev_open+0x54a/0x630
[  253.207557][ T6892]  ? cd_forget+0x160/0x160
[  253.211987][ T6892]  ? do_raw_spin_unlock+0x137/0x8b0
[  253.217180][ T6892]  ? fsnotify_perm+0x47b/0x590
[  253.221937][ T6892]  ? cd_forget+0x160/0x160
[  253.226345][ T6892]  do_dentry_open+0x807/0xfb0
[  253.231022][ T6892]  path_openat+0x2705/0x2f20
[  253.235663][ T6892]  ? do_filp_open+0x460/0x460
[  253.240356][ T6892]  do_filp_open+0x21c/0x460
[  253.244878][ T6892]  ? vfs_tmpfile+0x2e0/0x2e0
[  253.249506][ T6892]  ? _raw_spin_unlock+0x24/0x40
[  253.254351][ T6892]  ? alloc_fd+0x598/0x630
[  253.258678][ T6892]  do_sys_openat2+0x13b/0x4f0
[  253.263376][ T6892]  ? do_sys_open+0x220/0x220
[  253.267970][ T6892]  __x64_sys_openat+0x243/0x290
[  253.272813][ T6892]  ? __ia32_sys_open+0x270/0x270
[  253.277753][ T6892]  ? syscall_enter_from_user_mode+0x2e/0x240
[  253.283739][ T6892]  ? lockdep_hardirqs_on+0x94/0x130
[  253.288931][ T6892]  ? syscall_enter_from_user_mode+0x2e/0x240
[  253.294906][ T6892]  do_syscall_64+0x3b/0x80
[  253.299319][ T6892]  ? clear_bhb_loop+0x15/0x70
[  253.303993][ T6892]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  253.309877][ T6892] RIP: 0033:0x7f74d854e9a4
[  253.314284][ T6892] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[  253.333904][ T6892] RSP: 002b:00007ffda1e7c940 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  253.342326][ T6892] RAX: ffffffffffffffda RBX: 00007ffda1e7cb58 RCX: 00007f74d854e9a4
[  253.350296][ T6892] RDX: 0000000000000000 RSI: 00007ffda1e7df1c RDI: 00000000ffffff9c
[  253.358366][ T6892] RBP: 00007ffda1e7df1c R08: 0000000000000000 R09: 0000000000000000
[  253.366528][ T6892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.374502][ T6892] R13: 00007ffda1e7cb70 R14: 0000559870d30670 R15: 00007f74d8997a80
[  253.382481][ T6892]  </TASK>
[  253.385490][ T6892] 
[  253.387801][ T6892] The buggy address belongs to the page:
[  253.393551][ T6892] page:ffffea0001750e00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d438
[  253.403713][ T6892] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  253.410837][ T6892] raw: 00fff00000000000 ffffea00018f9208 ffff8880b8e409b0 0000000000000000
[  253.419416][ T6892] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  253.427994][ T6892] page dumped because: kasan: bad access detected
[  253.434431][ T6892] page_owner tracks the page as freed
[  253.439802][ T6892] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_COMP|__GFP_ZERO), pid 4212, ts 252306290585, free_ts 253089613290
[  253.455725][ T6892]  get_page_from_freelist+0x3b78/0x3d40
[  253.461299][ T6892]  __alloc_pages+0x272/0x700
[  253.465883][ T6892]  kmalloc_order+0x41/0x150
[  253.470376][ T6892]  kmalloc_order_trace+0x15/0xe0
[  253.475304][ T6892]  em28xx_v4l2_init+0xe2/0x2d50
[  253.480148][ T6892]  em28xx_init_extension+0x11b/0x1c0
[  253.485429][ T6892]  process_one_work+0x8a1/0x10c0
[  253.490360][ T6892]  worker_thread+0xaca/0x1280
[  253.495029][ T6892]  kthread+0x3f6/0x4f0
[  253.499087][ T6892]  ret_from_fork+0x1f/0x30
[  253.503504][ T6892] page last free stack trace:
[  253.508166][ T6892]  free_unref_page_prepare+0xc34/0xcf0
[  253.513621][ T6892]  free_unref_page+0x95/0x2d0
[  253.518292][ T6892]  free_nonslab_page+0xe4/0x150
[  253.523158][ T6892]  kfree+0x1cf/0x270
[  253.527045][ T6892]  em28xx_v4l2_init+0x15d7/0x2d50
[  253.532064][ T6892]  em28xx_init_extension+0x11b/0x1c0
[  253.537363][ T6892]  process_one_work+0x8a1/0x10c0
[  253.542296][ T6892]  worker_thread+0xaca/0x1280
[  253.546966][ T6892]  kthread+0x3f6/0x4f0
[  253.551132][ T6892]  ret_from_fork+0x1f/0x30
[  253.555541][ T6892] 
[  253.557854][ T6892] Memory state around the buggy address:
[  253.563490][ T6892]  ffff88805d438800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  253.571541][ T6892]  ffff88805d438880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  253.579600][ T6892] >ffff88805d438900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  253.587843][ T6892]                    ^
[  253.591923][ T6892]  ffff88805d438980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  253.599977][ T6892]  ffff88805d438a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  253.608026][ T6892] ==================================================================
[  253.616091][ T6892] Disabling lock debugging due to kernel taint
[  253.651495][ T4212] em28xx 6-1:0.89: Registering snapshot button...
[  253.670038][ T6895] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  253.887151][ T6892] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  253.890032][ T4212] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.89/input/input9
[  253.894377][ T6892] CPU: 1 PID: 6892 Comm: v4l_id Tainted: G    B             5.15.180-syzkaller #0
[  253.894400][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  253.894413][ T6892] Call Trace:
[  253.927351][ T6892]  <TASK>
[  253.930296][ T6892]  dump_stack_lvl+0x1e3/0x2d0
[  253.935003][ T6892]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  253.940659][ T6892]  ? panic+0x860/0x860
[  253.944741][ T6892]  ? rcu_is_watching+0x11/0xa0
[  253.949519][ T6892]  ? preempt_schedule_common+0xa6/0xd0
[  253.955002][ T6892]  panic+0x318/0x860
[  253.958925][ T6892]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  253.965117][ T6892]  ? check_panic_on_warn+0x1d/0xa0
[  253.970254][ T6892]  ? fb_is_primary_device+0xd0/0xd0
[  253.975472][ T6892]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  253.981478][ T6892]  ? _raw_spin_unlock+0x40/0x40
[  253.986352][ T6892]  check_panic_on_warn+0x7e/0xa0
[  253.991302][ T6892]  ? v4l2_fh_open+0xc7/0x430
[  253.996063][ T6892]  end_report+0x6d/0xf0
[  254.000249][ T6892]  kasan_report+0x18e/0x1c0
[  254.004769][ T6892]  ? v4l2_fh_open+0xc7/0x430
[  254.009359][ T6892]  v4l2_fh_open+0xc7/0x430
[  254.013790][ T6892]  em28xx_v4l2_open+0x15d/0xa10
[  254.018676][ T6892]  v4l2_open+0x228/0x360
[  254.022925][ T6892]  chrdev_open+0x54a/0x630
[  254.027338][ T6892]  ? cd_forget+0x160/0x160
[  254.031747][ T6892]  ? do_raw_spin_unlock+0x137/0x8b0
[  254.036945][ T6892]  ? fsnotify_perm+0x47b/0x590
[  254.041710][ T6892]  ? cd_forget+0x160/0x160
[  254.046127][ T6892]  do_dentry_open+0x807/0xfb0
[  254.050827][ T6892]  path_openat+0x2705/0x2f20
[  254.055422][ T6892]  ? do_filp_open+0x460/0x460
[  254.060098][ T6892]  do_filp_open+0x21c/0x460
[  254.064597][ T6892]  ? vfs_tmpfile+0x2e0/0x2e0
[  254.069192][ T6892]  ? _raw_spin_unlock+0x24/0x40
[  254.074058][ T6892]  ? alloc_fd+0x598/0x630
[  254.078382][ T6892]  do_sys_openat2+0x13b/0x4f0
[  254.083170][ T6892]  ? do_sys_open+0x220/0x220
[  254.087757][ T6892]  __x64_sys_openat+0x243/0x290
[  254.092607][ T6892]  ? __ia32_sys_open+0x270/0x270
[  254.097565][ T6892]  ? syscall_enter_from_user_mode+0x2e/0x240
[  254.103580][ T6892]  ? lockdep_hardirqs_on+0x94/0x130
[  254.108791][ T6892]  ? syscall_enter_from_user_mode+0x2e/0x240
[  254.114810][ T6892]  do_syscall_64+0x3b/0x80
[  254.119228][ T6892]  ? clear_bhb_loop+0x15/0x70
[  254.123916][ T6892]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  254.129817][ T6892] RIP: 0033:0x7f74d854e9a4
[  254.134225][ T6892] Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
[  254.153828][ T6892] RSP: 002b:00007ffda1e7c940 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  254.162272][ T6892] RAX: ffffffffffffffda RBX: 00007ffda1e7cb58 RCX: 00007f74d854e9a4
[  254.170254][ T6892] RDX: 0000000000000000 RSI: 00007ffda1e7df1c RDI: 00000000ffffff9c
[  254.178508][ T6892] RBP: 00007ffda1e7df1c R08: 0000000000000000 R09: 0000000000000000
[  254.186502][ T6892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  254.194471][ T6892] R13: 00007ffda1e7cb70 R14: 0000559870d30670 R15: 00007f74d8997a80
[  254.202460][ T6892]  </TASK>
[  254.205700][ T6892] Kernel Offset: disabled
[  254.210024][ T6892] Rebooting in 86400 seconds..