last executing test programs:

10.37478926s ago: executing program 0 (id=1600):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a30000000002c000000030a01080000000000000000010000000900010073797a30000000000900030073797a32000000001c000000060a0104000000000000000001000000140000f3100001"], 0x88}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001800dd8d0000000000000000020000000000000600000000060015000100000018001680140001"], 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000a0)
sendmmsg(r0, 0x0, 0x0, 0x0)

9.870804269s ago: executing program 0 (id=1603):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004e904}, 0x800)

9.536986378s ago: executing program 0 (id=1616):
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x2d41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0x1, 0x202, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x11)
fallocate(r2, 0x41, 0x0, 0x7)

9.300174822s ago: executing program 0 (id=1607):
openat$kvm(0xffffffffffffff9c, 0x0, 0xc081, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000140)={0x4000000, 0x4000002, 0x2})
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, 0x0, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r2, &(0x7f0000002140)={0xa, 0x4e22, 0x8, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

7.757812771s ago: executing program 3 (id=1619):
bpf$PROG_LOAD(0x5, 0x0, 0xfe3f)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141101)
r0 = syz_usb_connect(0x5, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x103a, 0x1000, 0x103a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)

7.050686292s ago: executing program 0 (id=1621):
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_procfs(0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x7, @empty, 0xe}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r3 = memfd_create(&(0x7f00000004c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g&\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05N\xb9\x1dOr\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r3, 0xffff)
close(0x3)
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f00000001c0)={r3, 0x1, 0x0, 0x8000})
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r4, 0x32d7, 0x0, 0x46, 0x0, 0x0)

6.90474996s ago: executing program 1 (id=1623):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x34, r1, 0x201, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wpan4\x00'})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r2)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000140)={'wpan1\x00', <r4=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r2, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x41009000}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYRES16=r3, @ANYBLOB="10002cbd7000fedbdf25180000000c000600020000000000000008000300", @ANYRES32=r4, @ANYBLOB="c8defc689eb78a26ef0300775e7c44667804eb108c17fd0000fac78090be848b4801986b43b258e525091d5618c4d6f800000000000000001794f8be"], 0x28}, 0x1, 0x0, 0x0, 0x40894}, 0x20000010)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="018500000008000300"/19, @ANYRES32=r6, @ANYBLOB="28003080240003001fa3e426ec11becbf9b7b342b24f6739cd7e1516bd54e60b130e5cb7eb7038d6"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r8, 0x400448c8, &(0x7f0000000280)={r9, r9, 0x3, 0x8, &(0x7f0000000100)="81839c93f294064c", 0x9, 0xb, 0x6, 0x5508, 0xc336, 0x1, 0xb, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r8, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r7)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r11, 0x8933, 0x0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010003000000fddbdf251800006700100030800c0001800800010003000000080003001ab7e5b11bb73a932dfec0102d4021df0862f4007f57a86cbe60f663eec42d31a0ea7819e1ccde95f97374932e7e2c4caea5810014ad4e5bfd42686617b3aaf74c89d53043945514930dd1a1fb18763b43aeb7ac278d432512f1436ca8736978968d6e82294f246531070e9545b9a91668a70a4fed0f1063f100e17b5695b618e501f9cf80d5ce050107d2425ff2724e6a46d84e5fbfd0f1f9ea9d4d5b80f06c16d04d767574dab76630c340006c4806cd9f993b12fc3756dfb355e1e863d179411c99191af110441c0541a170cb03e771520ce00378806763fc6e084e843e052ec69e2d19230daf218eb43f69c9b328f975f8fe82c3f3e8fa703abb6e670922408f3bad42c31904bfc01ab01b31d5893acf399c48c2d7b562e527334e6e39bcd5861661a070566aaa0e4591cb8a7a1e3541ed89d803c74734ee96b690b787f36d2b7cbb6ec2d50563f37a430b20aab6ccfbbbb874ffb5156c7bbcd2c1a0618613adea793b9dd81b5b65817e2d9b271c3ce3c406b621359930446083f27422901c355c18989941293fc6", @ANYRES32, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x4050}, 0x44880)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wpan0\x00'})
sendmsg$NL802154_CMD_GET_SEC_KEY(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0x24000000)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x0)
unshare(0x2020400)
bpf$BPF_PROG_QUERY(0x9, &(0x7f00000005c0)={@ifindex, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000088000000000000008dffffff18110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b702000014000000b7030000000500008500000086000000bf09000000000000550901000c0000009500400000000000bf91000052bc0000b702000003000000850000002a000000b7000000000000009500000000000000ddc632091ea479600a8a9c7011fc25f7bdde57ca59121777afc4129d9024803cd2eebbff84"], &(0x7f0000000080)='GPL\x00', 0xb, 0x1001, &(0x7f0000001cc0)=""/4097, 0x41100, 0x25}, 0x94)

6.348058233s ago: executing program 1 (id=1627):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x3e, 0x20000005, 0xc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, 0x0, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4)

6.005119073s ago: executing program 3 (id=1630):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x2004e904}, 0x800)

5.739505378s ago: executing program 1 (id=1631):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
syz_usb_disconnect(0xffffffffffffffff)
ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x4f}, {0x0, 0x7, 0x3, 0x8}}, {{@in6=@mcast2, 0x404d3, 0x2b}, 0x0, @in=@empty}}, 0xe8)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40345410, &(0x7f00000004c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x80605414, 0xffffffffffffffff)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x21, &(0x7f0000000300)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5}, @IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)

5.619554205s ago: executing program 3 (id=1634):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000050c0)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000007100)={0x78, 0x0, r0, {0xa0, 0x6, 0x0, {0x4, 0x0, 0x9, 0x8, 0x0, 0x4, 0xfffff92f, 0x0, 0x4, 0xc000, 0x3ff, 0xee00, 0x0, 0x80000003, 0x4}}}, 0x78)
r1 = syz_io_uring_setup(0xe42, &(0x7f00000005c0)={0x0, 0x2119, 0x100, 0x0, 0x15b}, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x80000, 0x0, 0x32}, &(0x7f0000000500)='./file0\x00', 0x1d})
io_uring_enter(r1, 0x6f58, 0x0, 0x0, 0x0, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r4 = socket$inet6(0xa, 0x3, 0x38)
setsockopt$inet6_int(r4, 0x29, 0x7, &(0x7f0000000040)=0xfffffffd, 0x4)
ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x15)
socket$packet(0x11, 0x3, 0x300)

5.391534798s ago: executing program 3 (id=1636):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000a80)={{0x5, 0x6, 0x401, 0x7, 'syz1\x00', 0x81}, 0x1, [0x6, 0xfffffffffffffffa, 0x95, 0x907a, 0xffffffff, 0x60, 0x1, 0xf, 0x1, 0x4, 0xfffffffffffffffd, 0x63, 0xfff, 0x100000002, 0xfffffffffffffffa, 0xc8, 0xb6da, 0x80000a5, 0xb7, 0xb6, 0x8000000000000002, 0x4000000008, 0x7, 0xfff, 0x6, 0xfb, 0x1, 0x4f51, 0x0, 0x37c7, 0xc, 0xbb33, 0x0, 0x63, 0x4, 0x4, 0x8, 0xffffffffffff7fff, 0x6, 0x8, 0x5, 0x0, 0x8, 0x401, 0x3, 0xc1be, 0xffffffff, 0x8000000000000001, 0x3, 0x0, 0x7, 0x72, 0x9, 0x2000000002, 0x6a44d0ea, 0xffffffffffffffff, 0x9, 0x5f0, 0xfffffffffffff2e2, 0x4, 0x6, 0xfffffffffffffffd, 0x7, 0xf1, 0x26e69303, 0x5, 0x2, 0x5, 0x2, 0x1, 0x9, 0x7, 0xdffffffffffffd, 0xd, 0x81, 0x8, 0x7fff, 0x6, 0xe, 0x3ff, 0xffffffffffffcc1c, 0x10000, 0xfffffffffffffffb, 0x6, 0x2, 0x1, 0xf, 0x79d, 0xfffffffffffff000, 0x8d6, 0x0, 0x5, 0x4, 0xafae, 0x1, 0xf, 0x6, 0xb, 0x1, 0x10003, 0x1, 0x10000, 0x1ff, 0xc, 0x0, 0x7, 0x7, 0x0, 0xfc0, 0x7, 0xaad, 0x8000000000007, 0x2, 0x8, 0x200e2, 0x6, 0x6, 0x8, 0xa, 0x0, 0x9, 0x5, 0x40, 0x8000, 0x83d0, 0xf0, 0x100000000, 0x140000000]})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x2)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r1, 0x0, 0x8814)
ioctl$KVM_CAP_XEN_HVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000480)={0x26, 0x0, 0x1c8})
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x21800, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r2, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0xfffffffd, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x7, 0xe})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x62d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_emit_ethernet(0x7e, 0x0, 0x0)

4.798670782s ago: executing program 1 (id=1638):
socket(0x15, 0x80000, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080)
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x800)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, 0x0, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0)

4.723472267s ago: executing program 0 (id=1639):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f00000004c0)={'syzkaller0\x00', @link_local})
write$tun(r0, 0x0, 0xc2)
write$cgroup_devices(r1, &(0x7f0000000280)=ANY=[], 0xffdd)

4.639233732s ago: executing program 2 (id=1640):
bpf$PROG_LOAD(0x5, 0x0, 0xfe3f)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141101)
r0 = syz_usb_connect(0x5, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x103a, 0x1000, 0x103a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)

3.670889367s ago: executing program 3 (id=1641):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xfffffffd, 0x3e, 0x20000005, 0xc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r6)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r7 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, 0x0, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4)

3.044332704s ago: executing program 4 (id=1643):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="b75db6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

2.94927018s ago: executing program 2 (id=1644):
socket$inet_udp(0x2, 0x2, 0x0)
socket$kcm(0x10, 0x400000002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$kcm(0x10, 0x2, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$netlink(0x10, 0x3, 0xa)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x3c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xc0}, 0x10000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0xffffffffffffffc5, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x40488c0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0)=<r8=>0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r10)
sendmsg$NFC_CMD_DEV_UP(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="010029bd7000fed6df250200000008000100", @ANYRES32=r8], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x4008004)
write$nci(r7, &(0x7f0000000400)=ANY=[@ANYBLOB="414601", @ANYRES32=r6], 0x4)

2.834115256s ago: executing program 4 (id=1645):
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x2d41, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000240)={0x50, 0x0, r1, {0x7, 0x1f, 0x1, 0x202, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101081, 0x11)
fallocate(r2, 0x41, 0x0, 0x7)

2.678674555s ago: executing program 4 (id=1646):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000050c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000007100)={0x78, 0x0, r2, {0xa0, 0x6, 0x0, {0x4, 0x0, 0x9, 0x8, 0x0, 0x4, 0xfffff92f, 0x0, 0x4, 0xc000, 0x3ff, 0xee00, 0x0, 0x80000003, 0x4}}}, 0x78)
r3 = syz_io_uring_setup(0xe42, &(0x7f00000005c0)={0x0, 0x2119, 0x100, 0x0, 0x15b}, &(0x7f0000000140)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x80000, 0x0, 0x32}, &(0x7f0000000500)='./file0\x00', 0x1d})
io_uring_enter(r3, 0x6f58, 0x0, 0x0, 0x0, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r6 = socket$inet6(0xa, 0x3, 0x38)
setsockopt$inet6_int(r6, 0x29, 0x7, &(0x7f0000000040)=0xfffffffd, 0x4)
ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x15)
socket$packet(0x11, 0x3, 0x300)

2.632629688s ago: executing program 2 (id=1647):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x3, 0x0, 0x5}, 'syz0\x00', 0x42})

2.563444791s ago: executing program 2 (id=1648):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ff"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

2.191266963s ago: executing program 2 (id=1649):
syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in=@local, 0x0, 0x5, 0x0, 0x4, 0x2}, {0x0, 0x8, 0xffffffffffffff8b, 0x0, 0x0, 0xf9df, 0x0, 0xfffffffffffffffc}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in=@empty, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000200)={'gre0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x2f00, 0x40, 0x4, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x4, 0x2f, 0x0, @local, @multicast1}}}})

1.648807785s ago: executing program 4 (id=1650):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10190}}, 0x20}}, 0x0)

1.20678308s ago: executing program 1 (id=1651):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000a80)={{0x5, 0x6, 0x401, 0x7, 'syz1\x00', 0x81}, 0x1, [0x6, 0xfffffffffffffffa, 0x95, 0x907a, 0xffffffff, 0x60, 0x1, 0xf, 0x1, 0x4, 0xfffffffffffffffd, 0x63, 0xfff, 0x100000002, 0xfffffffffffffffa, 0xc8, 0xb6da, 0x80000a5, 0xb7, 0xb6, 0x8000000000000002, 0x4000000008, 0x7, 0xfff, 0x6, 0xfb, 0x1, 0x4f51, 0x0, 0x37c7, 0xc, 0xbb33, 0x0, 0x63, 0x4, 0x4, 0x8, 0xffffffffffff7fff, 0x6, 0x8, 0x5, 0x0, 0x8, 0x401, 0x3, 0xc1be, 0xffffffff, 0x8000000000000001, 0x3, 0x0, 0x7, 0x72, 0x9, 0x2000000002, 0x6a44d0ea, 0xffffffffffffffff, 0x9, 0x5f0, 0xfffffffffffff2e2, 0x4, 0x6, 0xfffffffffffffffd, 0x7, 0xf1, 0x26e69303, 0x5, 0x2, 0x5, 0x2, 0x1, 0x9, 0x7, 0xdffffffffffffd, 0xd, 0x81, 0x8, 0x7fff, 0x6, 0xe, 0x3ff, 0xffffffffffffcc1c, 0x10000, 0xfffffffffffffffb, 0x6, 0x2, 0x1, 0xf, 0x79d, 0xfffffffffffff000, 0x8d6, 0x0, 0x5, 0x4, 0xafae, 0x1, 0xf, 0x6, 0xb, 0x1, 0x10003, 0x1, 0x10000, 0x1ff, 0xc, 0x0, 0x7, 0x7, 0x0, 0xfc0, 0x7, 0xaad, 0x8000000000007, 0x2, 0x8, 0x200e2, 0x6, 0x6, 0x8, 0xa, 0x0, 0x9, 0x5, 0x40, 0x8000, 0x83d0, 0xf0, 0x100000000, 0x140000000]})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
fsetxattr$trusted_overlay_upper(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x2)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_REG(r1, 0x0, 0x8814)
ioctl$KVM_CAP_XEN_HVM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000480)={0x26, 0x0, 0x1c8})
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x21800, 0x0)
r2 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182)
ioctl$CEC_RECEIVE(r2, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0xfffffffd, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x7, 0xe})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x62d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_emit_ethernet(0x7e, 0x0, 0x0)

1.058792549s ago: executing program 2 (id=1652):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x0, 0x0)
preadv(r2, &(0x7f0000001840)=[{&(0x7f0000001640)=""/16, 0x10}], 0x1, 0x2, 0x5)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, 0xffffffffffffffff, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

1.058504628s ago: executing program 4 (id=1653):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$fb(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0xd8000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000a40)='d'})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="97713b46fbaa2b1044f2d408ffca802db4d770eb9874f493e0ef367e4bde497c403b450c72ff2417d079bb892435a1e107fa5c0ecd207d9e6f2a209bf148e6bc56955cb53347d1499097488fcad724a1"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

977.849404ms ago: executing program 3 (id=1654):
bpf$PROG_LOAD(0x5, 0x0, 0xfe3f)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141101)
r0 = syz_usb_connect(0x5, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x103a, 0x1000, 0x103a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)

769.257395ms ago: executing program 4 (id=1655):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x1, 0x0)
r1 = memfd_create(&(0x7f0000000800)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd \xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\x83P\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\xd66hv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfa\x87$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\xb9F,e\xfa\xd7\xa2\xeb\xb1\xc9\xbe#\x92\xf3\x19\xe6\x83(\xfe\xf8i\xb9\xc1\xa0w\xea\xbf\xe5\x8d\xe9\x14\x130\xc3\xa5|/_\t\x98\xc3\xa7\x95!\xdf*\a\xd7\xfcv|\xb3Zc\xcf~\xf6\xe2\xa86Q\x9a$\x80\x85\x8b\t\xbf\xe6(\x12\xe0\xe1e\x81x]a\x145\xa7\xd2\n\x11h\xb9\xf5g\xc4%&\xbaRy\x8f\x85Q\xb9W\xe5\x06\xe2\xb3ryk}\x86\xc6\x04\x03i\x10\xa8\xc4\xcd`\xb8\xcfT))\xb7\x15\b%\xc8uC(C\x01\x1by\xbf \x10\xe8k\xea\x80\xd0P|\x11\xe5\xb9\x1d^\x92j\xb0\xa7\x1d', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, r1, 0x4000000)
fcntl$addseals(r1, 0x409, 0x2)
r2 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="2072dc"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r5, 0x439, 0xfffffffe, 0x20000, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040090}, 0x4004000)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r7, 0x0, 0x0)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000340)={r1, 0x0, 0x2000, 0x1000})

0s ago: executing program 1 (id=1656):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$kcm(0x11, 0x3, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x282e82, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2b, 0x402, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x151f8}]}}]}, 0x44}}, 0x802)
close(r3)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
setsockopt$sock_attach_bpf(r2, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r2, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000314000e00002fb96dffff1144ee", 0x13}, {&(0x7f00000004c0)="f058fe7dad777f8f", 0x8}], 0x2}, 0x5)

kernel console output (not intermixed with test programs):

3 entered promiscuous mode
[  186.595553][ T6261] bond2: (slave veth3): Enslaving as a backup interface with a down link
[  186.753018][ T6265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.529'.
[  187.162076][ T6274] input: syz0 as /devices/virtual/input/input9
[  187.190402][ T6277] SET target dimension over the limit!
[  187.558423][ T6281] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  187.631618][ T6281] netlink: 20 bytes leftover after parsing attributes in process `syz.2.536'.
[  187.687614][ T6281] netlink: 20 bytes leftover after parsing attributes in process `syz.2.536'.
[  187.776980][ T6279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.900375][ T6279] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.005112][ T6290] netlink: 'syz.1.541': attribute type 1 has an invalid length.
[  188.013591][ T4326] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  188.150581][ T6296] netlink: 312 bytes leftover after parsing attributes in process `syz.2.540'.
[  188.198541][ T6292] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  188.333401][ T6290] device veth3 entered promiscuous mode
[  188.378900][ T6290] bond2: (slave veth3): Enslaving as a backup interface with a down link
[  188.603445][ T6305] netlink: 312 bytes leftover after parsing attributes in process `syz.4.542'.
[  189.281082][   T27] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  189.330179][ T6320] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  189.475006][   T27] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  189.510990][   T27] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  189.575224][   T27] usb 1-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  189.597596][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.621122][   T27] usb 1-1: Product: syz
[  189.625381][   T27] usb 1-1: Manufacturer: syz
[  189.650388][   T27] usb 1-1: SerialNumber: syz
[  189.683868][   T27] usb 1-1: config 0 descriptor??
[  189.692104][ T6318] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  189.699487][ T6318] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  189.751997][   T27] option 1-1:0.0: GSM modem (1-port) converter detected
[  189.798673][   T27] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB0
[  190.008593][   T27] usb 1-1: USB disconnect, device number 2
[  190.048701][   T27] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  190.081742][   T27] option 1-1:0.0: device disconnected
[  190.272567][ T6344] netlink: 20 bytes leftover after parsing attributes in process `syz.4.550'.
[  190.413960][ T6344] netlink: 20 bytes leftover after parsing attributes in process `syz.4.550'.
[  192.632153][ T6341] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  192.870060][ T6363] netlink: 12 bytes leftover after parsing attributes in process `syz.4.552'.
[  193.232224][ T6378] netlink: 312 bytes leftover after parsing attributes in process `syz.4.556'.
[  193.377521][ T6379] netlink: 'syz.1.558': attribute type 4 has an invalid length.
[  193.414455][ T6385] netlink: 'syz.1.558': attribute type 4 has an invalid length.
[  193.448088][ T6379] netlink: 28 bytes leftover after parsing attributes in process `syz.1.558'.
[  193.479489][ T6379] netlink: 165 bytes leftover after parsing attributes in process `syz.1.558'.
[  193.619552][ T6386] netlink: 312 bytes leftover after parsing attributes in process `syz.0.560'.
[  194.539628][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  194.553885][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  195.041945][ T6416] device syzkaller0 entered promiscuous mode
[  195.075191][ T6414] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  195.536871][ T6429] device syzkaller0 entered promiscuous mode
[  195.807801][ T6439] netlink: 20 bytes leftover after parsing attributes in process `syz.1.573'.
[  196.237074][ T6451] netlink: 76 bytes leftover after parsing attributes in process `syz.0.574'.
[  196.539528][ T6458] netlink: 312 bytes leftover after parsing attributes in process `syz.1.578'.
[  196.879609][ T6465] netlink: 'syz.2.580': attribute type 1 has an invalid length.
[  197.135594][ T6465] device veth7 entered promiscuous mode
[  197.177143][ T6465] bond3: (slave veth7): Enslaving as a backup interface with a down link
[  197.207560][ T6467] netlink: 28 bytes leftover after parsing attributes in process `syz.2.580'.
[  197.247526][ T6467] 8021q: adding VLAN 0 to HW filter on device bond3
[  197.546840][ T6477] netlink: 'syz.2.585': attribute type 4 has an invalid length.
[  197.656738][ T6480] netlink: 'syz.2.585': attribute type 1 has an invalid length.
[  197.693196][ T6479] netlink: 'syz.2.585': attribute type 4 has an invalid length.
[  197.706812][ T6480] netlink: 16 bytes leftover after parsing attributes in process `syz.2.585'.
[  198.556006][ T6511] netlink: 'syz.4.595': attribute type 1 has an invalid length.
[  198.639327][ T6511] device veth5 entered promiscuous mode
[  198.666200][ T6511] bond3: (slave veth5): Enslaving as a backup interface with a down link
[  198.685454][ T6519] __nla_validate_parse: 2 callbacks suppressed
[  198.685470][ T6519] netlink: 28 bytes leftover after parsing attributes in process `syz.4.595'.
[  198.723307][ T6519] 8021q: adding VLAN 0 to HW filter on device bond3
[  198.820059][ T6526] netlink: 'syz.0.600': attribute type 4 has an invalid length.
[  198.914568][ T6529] netlink: 'syz.0.600': attribute type 4 has an invalid length.
[  198.939462][ T6526] netlink: 'syz.0.600': attribute type 1 has an invalid length.
[  198.961970][ T6526] netlink: 16 bytes leftover after parsing attributes in process `syz.0.600'.
[  198.996755][ T6533] netlink: 165 bytes leftover after parsing attributes in process `syz.0.600'.
[  199.315853][ T6537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.602'.
[  200.345576][ T6556] netlink: 'syz.3.612': attribute type 1 has an invalid length.
[  200.461165][ T6534] syz.4.601 (6534): drop_caches: 2
[  200.716597][ T6561] device veth3 entered promiscuous mode
[  200.766084][ T6561] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  200.838545][ T6556] netlink: 28 bytes leftover after parsing attributes in process `syz.3.612'.
[  200.852511][ T6556] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.889310][ T6564] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  201.362226][ T6571] netlink: 12 bytes leftover after parsing attributes in process `syz.3.614'.
[  201.381563][ T6567] netlink: 'syz.1.613': attribute type 4 has an invalid length.
[  201.457111][ T6572] netlink: 'syz.1.613': attribute type 4 has an invalid length.
[  201.473315][ T6574] netlink: 'syz.1.613': attribute type 1 has an invalid length.
[  201.583965][ T6567] netlink: 165 bytes leftover after parsing attributes in process `syz.1.613'.
[  201.621099][ T6574] netlink: 16 bytes leftover after parsing attributes in process `syz.1.613'.
[  202.649397][ T6603] netlink: 'syz.2.625': attribute type 1 has an invalid length.
[  202.700090][ T6601] input: syz0 as /devices/virtual/input/input10
[  202.762744][ T6605] SET target dimension over the limit!
[  203.105769][ T6607] device veth9 entered promiscuous mode
[  203.165809][ T6607] bond4: (slave veth9): Enslaving as a backup interface with a down link
[  203.199076][ T6608] netlink: 28 bytes leftover after parsing attributes in process `syz.2.625'.
[  203.217856][ T6608] 8021q: adding VLAN 0 to HW filter on device bond4
[  203.881485][ T6618] netlink: 'syz.2.629': attribute type 4 has an invalid length.
[  203.941953][ T6621] netlink: 'syz.2.629': attribute type 4 has an invalid length.
[  203.986766][ T6618] netlink: 'syz.2.629': attribute type 1 has an invalid length.
[  204.036355][ T6618] netlink: 165 bytes leftover after parsing attributes in process `syz.2.629'.
[  204.272046][ T4319] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[  204.473892][ T4319] usb 5-1: unable to get BOS descriptor or descriptor too short
[  204.488984][ T4319] usb 5-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  204.515738][ T4319] usb 5-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  204.644662][ T4319] usb 5-1: config 1 interface 0 has no altsetting 0
[  204.738480][ T4319] usb 5-1: string descriptor 0 read error: -22
[  204.799929][ T4319] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  204.851376][ T4319] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.915225][ T6622] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  204.951370][ T6622] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  205.775385][ T6643] netlink: 'syz.0.648': attribute type 1 has an invalid length.
[  205.788337][ T6622] netlink: 20 bytes leftover after parsing attributes in process `syz.4.628'.
[  206.030389][ T6648] device veth9 entered promiscuous mode
[  206.059810][ T6648] bond4: (slave veth9): Enslaving as a backup interface with a down link
[  206.100192][ T6643] netlink: 28 bytes leftover after parsing attributes in process `syz.0.648'.
[  206.142026][ T6643] 8021q: adding VLAN 0 to HW filter on device bond4
[  206.283523][ T6655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.405765][ T6655] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.851174][ T4268] Bluetooth: hci2: command 0x0406 tx timeout
[  206.851183][ T4271] Bluetooth: hci0: command 0x0406 tx timeout
[  206.851213][ T4271] Bluetooth: hci3: command 0x0406 tx timeout
[  206.857240][ T4268] Bluetooth: hci1: command 0x0406 tx timeout
[  206.969458][ T6638] syz.2.634 (6638): drop_caches: 2
[  207.679641][ T6673] netlink: 20 bytes leftover after parsing attributes in process `syz.1.643'.
[  207.709231][ T6673] netlink: 20 bytes leftover after parsing attributes in process `syz.1.643'.
[  208.934326][   T27] usb 5-1: USB disconnect, device number 3
[  211.476946][ T6691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  211.518404][ T6691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  211.521255][ T4333] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  213.131064][ T6676] netlink: 12 bytes leftover after parsing attributes in process `syz.2.644'.
[  213.247394][ T6696] netlink: 'syz.4.651': attribute type 4 has an invalid length.
[  213.345888][ T6697] netlink: 'syz.4.651': attribute type 4 has an invalid length.
[  213.381607][ T6694] netlink: 'syz.4.651': attribute type 1 has an invalid length.
[  213.423445][ T6694] netlink: 165 bytes leftover after parsing attributes in process `syz.4.651'.
[  214.660060][ T6729] device syzkaller0 entered promiscuous mode
[  214.968608][ T6735] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  215.055125][ T6736] netlink: 20 bytes leftover after parsing attributes in process `syz.1.663'.
[  215.131451][ T6736] netlink: 20 bytes leftover after parsing attributes in process `syz.1.663'.
[  215.573851][ T6742] netlink: 16 bytes leftover after parsing attributes in process `syz.1.665'.
[  216.058848][ T6752] netlink: 'syz.3.666': attribute type 1 has an invalid length.
[  216.075261][ T6752] netlink: 'syz.3.666': attribute type 2 has an invalid length.
[  216.115340][ T6752] netlink: 165 bytes leftover after parsing attributes in process `syz.3.666'.
[  217.795609][ T6740] netlink: 12 bytes leftover after parsing attributes in process `syz.0.664'.
[  217.810364][ T6749] netlink: 'syz.3.666': attribute type 4 has an invalid length.
[  217.857756][ T6751] netlink: 'syz.3.666': attribute type 4 has an invalid length.
[  218.355493][ T6782] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  218.372127][ T6782] netlink: 20 bytes leftover after parsing attributes in process `syz.4.675'.
[  218.382055][ T6782] netlink: 20 bytes leftover after parsing attributes in process `syz.4.675'.
[  218.998309][ T6792] binder: BINDER_SET_CONTEXT_MGR already set
[  219.006194][ T6792] binder: 6787:6792 ioctl 4018620d 200000000100 returned -16
[  219.109232][ T6800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.679'.
[  219.726116][ T6806] netlink: 'syz.3.681': attribute type 4 has an invalid length.
[  219.832183][ T6807] netlink: 'syz.3.681': attribute type 4 has an invalid length.
[  219.863499][ T6806] netlink: 'syz.3.681': attribute type 1 has an invalid length.
[  219.907754][ T6806] netlink: 'syz.3.681': attribute type 2 has an invalid length.
[  219.921057][ T4310] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  219.965371][ T6806] netlink: 165 bytes leftover after parsing attributes in process `syz.3.681'.
[  220.123168][ T6795] syz.2.678 (6795): drop_caches: 2
[  220.138164][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  221.163965][ T6825] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  221.253998][ T6825] netlink: 20 bytes leftover after parsing attributes in process `syz.2.687'.
[  221.295734][ T6825] netlink: 20 bytes leftover after parsing attributes in process `syz.2.687'.
[  222.076061][ T6841] netlink: 'syz.1.691': attribute type 1 has an invalid length.
[  222.187198][ T6850] device veth5 entered promiscuous mode
[  222.227805][ T6850] bond3: (slave veth5): Enslaving as a backup interface with a down link
[  222.270472][ T6861] netlink: 'syz.0.693': attribute type 4 has an invalid length.
[  222.330228][ T6852] netlink: 28 bytes leftover after parsing attributes in process `syz.1.691'.
[  222.350474][ T6861] netlink: 'syz.0.693': attribute type 4 has an invalid length.
[  222.386349][ T6859] netlink: 'syz.0.693': attribute type 1 has an invalid length.
[  222.424787][ T6859] netlink: 'syz.0.693': attribute type 2 has an invalid length.
[  222.460357][ T6859] netlink: 165 bytes leftover after parsing attributes in process `syz.0.693'.
[  222.736899][ T6873] netlink: 12 bytes leftover after parsing attributes in process `syz.1.695'.
[  223.215344][ T6889] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  223.244728][ T6887] netlink: 20 bytes leftover after parsing attributes in process `syz.4.700'.
[  223.474096][ T6892] __nla_validate_parse: 1 callbacks suppressed
[  223.474114][ T6892] netlink: 16 bytes leftover after parsing attributes in process `syz.3.702'.
[  223.911038][  T125] usb 2-1: new low-speed USB device number 3 using dummy_hcd
[  224.121267][ T6906] netlink: 'syz.3.706': attribute type 4 has an invalid length.
[  224.137348][  T125] usb 2-1: unable to get BOS descriptor or descriptor too short
[  224.152704][  T125] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  224.178197][  T125] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  224.215906][  T125] usb 2-1: config 1 interface 0 has no altsetting 0
[  224.263786][  T125] usb 2-1: string descriptor 0 read error: -22
[  224.270289][  T125] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  224.283207][  T125] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.294803][ T6901] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  224.304728][ T6901] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  224.387331][ T6906] netlink: 165 bytes leftover after parsing attributes in process `syz.3.706'.
[  224.607094][ T6901] netlink: 20 bytes leftover after parsing attributes in process `syz.1.701'.
[  225.550194][ T6926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  225.563732][ T6926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.239147][ T6944] netlink: 16 bytes leftover after parsing attributes in process `syz.4.716'.
[  226.549802][ T6950] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  226.634152][ T6950] netlink: 20 bytes leftover after parsing attributes in process `syz.3.719'.
[  226.691033][ T6950] netlink: 20 bytes leftover after parsing attributes in process `syz.3.719'.
[  226.967932][ T6961] validate_nla: 3 callbacks suppressed
[  226.967945][ T6961] netlink: 'syz.0.722': attribute type 1 has an invalid length.
[  227.010541][ T6962] device syzkaller0 entered promiscuous mode
[  227.131386][ T6961] device veth11 entered promiscuous mode
[  227.159918][ T6961] bond5: (slave veth11): Enslaving as a backup interface with a down link
[  227.240072][ T6967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.722'.
[  227.893597][ T6982] netlink: 312 bytes leftover after parsing attributes in process `syz.4.727'.
[  228.027630][   T27] usb 2-1: USB disconnect, device number 3
[  229.060988][ T7001] netlink: 76 bytes leftover after parsing attributes in process `syz.3.733'.
[  229.092659][ T7002] netlink: 'syz.1.732': attribute type 4 has an invalid length.
[  229.145581][ T7005] netlink: 'syz.1.732': attribute type 4 has an invalid length.
[  229.183932][ T7002] netlink: 'syz.1.732': attribute type 1 has an invalid length.
[  229.230450][ T7002] netlink: 'syz.1.732': attribute type 2 has an invalid length.
[  229.302472][ T7002] netlink: 165 bytes leftover after parsing attributes in process `syz.1.732'.
[  229.354225][ T7009] device syzkaller0 entered promiscuous mode
[  229.881832][ T7019] netlink: 12 bytes leftover after parsing attributes in process `syz.4.738'.
[  231.130796][ T7057] netlink: 'syz.3.747': attribute type 4 has an invalid length.
[  231.182689][ T7057] netlink: 'syz.3.747': attribute type 4 has an invalid length.
[  231.219628][ T7057] netlink: 'syz.3.747': attribute type 1 has an invalid length.
[  231.240038][ T7057] netlink: 'syz.3.747': attribute type 2 has an invalid length.
[  231.283758][ T7057] netlink: 165 bytes leftover after parsing attributes in process `syz.3.747'.
[  231.565008][ T7060] device syzkaller0 entered promiscuous mode
[  231.773009][ T4310] hid-generic 0005:0006:5508.0009: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  231.897772][ T7064] netlink: 24 bytes leftover after parsing attributes in process `syz.1.750'.
[  231.947334][ T7077] netlink: 16 bytes leftover after parsing attributes in process `syz.0.751'.
[  232.383594][ T7089] netlink: 88 bytes leftover after parsing attributes in process `syz.1.755'.
[  232.419070][ T7076] fido_id[7076]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  232.817270][ T7096] netlink: 312 bytes leftover after parsing attributes in process `syz.2.757'.
[  233.451005][ T4349] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  233.658042][ T4349] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  233.690554][ T4349] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.746943][ T4349] usb 1-1: Product: syz
[  233.834917][ T4349] usb 1-1: Manufacturer: syz
[  233.858694][ T4349] usb 1-1: SerialNumber: syz
[  233.991132][ T4349] hub 1-1:24.0: bad descriptor, ignoring hub
[  234.009340][ T4349] hub: probe of 1-1:24.0 failed with error -5
[  234.164272][ T4349] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  234.204230][ T4349] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  234.254799][ T4349] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  234.294462][ T4349] usb 1-1: media controller created
[  234.422988][ T4349] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  234.508191][ T7120] netlink: 12 bytes leftover after parsing attributes in process `syz.3.763'.
[  234.844728][ T7114] syz.2.762 (7114): drop_caches: 2
[  234.866267][ T4349] DVB: Unable to find symbol dib7000p_attach()
[  234.890529][ T4349] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  235.311047][ T4349] rc_core: IR keymap rc-dib0700-rc5 not found
[  235.318198][ T4349] Registered IR keymap rc-empty
[  235.372806][ T7135] netlink: 88 bytes leftover after parsing attributes in process `syz.0.768'.
[  235.384502][ T4349] dvb-usb: could not initialize remote control.
[  235.429844][ T4349] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  235.511488][ T4349] usb 1-1: USB disconnect, device number 3
[  235.658177][ T4349] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  235.744586][ T7144] netlink: 312 bytes leftover after parsing attributes in process `syz.1.771'.
[  236.127589][ T7154] netlink: 16 bytes leftover after parsing attributes in process `syz.3.775'.
[  236.708112][ T7165] netlink: 88 bytes leftover after parsing attributes in process `syz.1.780'.
[  236.718705][ T7164] netlink: 'syz.3.779': attribute type 4 has an invalid length.
[  236.802913][ T7169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.781'.
[  236.857691][ T7170] netlink: 'syz.3.779': attribute type 4 has an invalid length.
[  236.911075][ T7164] netlink: 'syz.3.779': attribute type 1 has an invalid length.
[  236.962196][ T7170] netlink: 165 bytes leftover after parsing attributes in process `syz.3.779'.
[  236.981505][ T7164] netlink: 'syz.3.779': attribute type 2 has an invalid length.
[  237.724002][ T7185] netlink: 'syz.1.786': attribute type 7 has an invalid length.
[  237.767793][ T7185] netlink: 'syz.1.786': attribute type 8 has an invalid length.
[  237.780630][ T7190] netlink: 312 bytes leftover after parsing attributes in process `syz.3.787'.
[  238.221066][ T4310] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  238.442231][ T4310] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  238.467524][ T4310] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  238.480993][ T4310] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.490517][ T4310] usb 2-1: Product: syz
[  238.498579][ T4310] usb 2-1: Manufacturer: syz
[  238.503696][ T4310] usb 2-1: SerialNumber: syz
[  238.534648][ T4310] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  238.848394][ T7193] syz.2.788 (7193): drop_caches: 2
[  238.944157][ T4310] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  239.008437][ T4310] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  239.078605][ T4310] usb 2-1: media controller created
[  239.166174][ T4310] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  239.218600][ T7203] device syzkaller0 entered promiscuous mode
[  239.269238][ T7207] netlink: 'syz.4.795': attribute type 4 has an invalid length.
[  239.372572][ T7207] netlink: 'syz.4.795': attribute type 1 has an invalid length.
[  239.401031][ T7207] netlink: 'syz.4.795': attribute type 2 has an invalid length.
[  239.483519][ T7207] netlink: 165 bytes leftover after parsing attributes in process `syz.4.795'.
[  239.857279][ T4310] usb 2-1: USB disconnect, device number 4
[  243.053228][ T7210] netlink: 'syz.4.795': attribute type 4 has an invalid length.
[  243.091060][ T7235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.802'.
[  244.085062][ T7261] netlink: 4 bytes leftover after parsing attributes in process `syz.1.808'.
[  244.320012][ T7280] binder_alloc: 7275: binder_alloc_buf, no vma
[  244.596065][ T7282] netlink: 76 bytes leftover after parsing attributes in process `syz.0.814'.
[  244.974869][ T7284] netlink: 'syz.0.815': attribute type 4 has an invalid length.
[  245.026368][ T7287] netlink: 'syz.0.815': attribute type 4 has an invalid length.
[  245.079168][ T7284] netlink: 'syz.0.815': attribute type 1 has an invalid length.
[  245.141760][ T7284] netlink: 'syz.0.815': attribute type 2 has an invalid length.
[  245.225778][ T7287] netlink: 165 bytes leftover after parsing attributes in process `syz.0.815'.
[  245.356173][ T7288] device syzkaller0 entered promiscuous mode
[  245.397956][ T7293] netlink: 12 bytes leftover after parsing attributes in process `syz.3.818'.
[  248.001241][ T4319] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  248.208500][ T4319] usb 2-1: unable to get BOS descriptor or descriptor too short
[  248.237594][ T4319] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  248.278504][ T4319] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  248.407913][ T4319] usb 2-1: config 1 interface 0 has no altsetting 0
[  248.439709][ T4319] usb 2-1: string descriptor 0 read error: -22
[  248.449969][ T4319] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  248.514921][ T4319] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.634798][ T7346] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  248.711284][ T7346] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  249.074992][ T7363] netlink: 20 bytes leftover after parsing attributes in process `syz.1.824'.
[  249.316356][ T7364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  249.327121][ T7364] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.430460][ T7352] netlink: 76 bytes leftover after parsing attributes in process `syz.3.825'.
[  250.978079][ T7385] netlink: 'syz.3.830': attribute type 4 has an invalid length.
[  251.014155][ T7385] netlink: 'syz.3.830': attribute type 4 has an invalid length.
[  251.037461][ T7385] netlink: 'syz.3.830': attribute type 1 has an invalid length.
[  251.045628][ T7385] netlink: 'syz.3.830': attribute type 2 has an invalid length.
[  251.055456][ T7385] netlink: 165 bytes leftover after parsing attributes in process `syz.3.830'.
[  251.502656][ T7391] netlink: 24 bytes leftover after parsing attributes in process `syz.0.833'.
[  251.626679][ T7397] netlink: 76 bytes leftover after parsing attributes in process `syz.3.834'.
[  251.648437][ T4319] usb 2-1: USB disconnect, device number 5
[  252.163775][ T7406] device syzkaller0 entered promiscuous mode
[  252.677811][ T7431] netlink: 'syz.2.842': attribute type 1 has an invalid length.
[  252.695977][ T7431] netlink: 'syz.2.842': attribute type 2 has an invalid length.
[  252.723741][ T7431] netlink: 165 bytes leftover after parsing attributes in process `syz.2.842'.
[  255.290009][ T7421] netlink: 76 bytes leftover after parsing attributes in process `syz.0.839'.
[  255.299249][ T7422] netlink: 20 bytes leftover after parsing attributes in process `syz.1.841'.
[  255.322209][ T7426] netlink: 'syz.2.842': attribute type 4 has an invalid length.
[  255.375586][ T7428] netlink: 'syz.2.842': attribute type 4 has an invalid length.
[  255.715468][ T4326] hid-generic 0005:0006:5508.000A: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  255.742704][ T7458] netlink: 24 bytes leftover after parsing attributes in process `syz.3.848'.
[  255.771979][ T7464] netlink: 76 bytes leftover after parsing attributes in process `syz.4.847'.
[  255.972939][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  255.979657][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  256.135010][ T7471] fido_id[7471]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  256.204874][ T7481] netlink: 12 bytes leftover after parsing attributes in process `syz.4.853'.
[  256.320954][ T4326] usb 1-1: new low-speed USB device number 4 using dummy_hcd
[  256.413786][ T7484] netlink: 20 bytes leftover after parsing attributes in process `syz.3.855'.
[  256.525944][ T4326] usb 1-1: unable to get BOS descriptor or descriptor too short
[  256.578578][ T4326] usb 1-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  256.589407][ T4326] usb 1-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  256.631671][ T4326] usb 1-1: config 1 interface 0 has no altsetting 0
[  256.674214][ T4326] usb 1-1: string descriptor 0 read error: -22
[  256.747420][ T7490] netlink: 'syz.4.856': attribute type 4 has an invalid length.
[  256.758431][ T4326] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  256.802145][ T4326] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.868031][ T7496] netlink: 'syz.4.856': attribute type 1 has an invalid length.
[  256.882953][ T7475] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  256.890688][ T7475] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  256.937256][ T7496] netlink: 'syz.4.856': attribute type 2 has an invalid length.
[  256.939443][ T7492] netlink: 'syz.4.856': attribute type 4 has an invalid length.
[  257.034574][ T7495] device syzkaller0 entered promiscuous mode
[  257.065400][ T7487] netlink: 165 bytes leftover after parsing attributes in process `syz.4.856'.
[  257.414178][ T7502] netlink: 20 bytes leftover after parsing attributes in process `syz.0.850'.
[  257.871155][    T7] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  258.072478][    T7] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  258.116288][    T7] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  258.159100][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.204272][    T7] usb 5-1: Product: syz
[  258.227863][    T7] usb 5-1: Manufacturer: syz
[  258.256855][    T7] usb 5-1: SerialNumber: syz
[  258.310075][    T7] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  258.723334][    T7] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  258.783331][    T7] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  258.869428][    T7] usb 5-1: media controller created
[  259.013798][    T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  260.469264][ T4256] usb 1-1: USB disconnect, device number 4
[  261.468072][ T7504] netlink: 'syz.4.859': attribute type 7 has an invalid length.
[  261.475913][ T7504] netlink: 'syz.4.859': attribute type 8 has an invalid length.
[  261.493589][ T7511] netlink: 76 bytes leftover after parsing attributes in process `syz.2.860'.
[  261.769859][  T128] usb 5-1: USB disconnect, device number 4
[  261.911499][ T7537] netlink: 76 bytes leftover after parsing attributes in process `syz.2.864'.
[  261.932767][ T4310] hid-generic 0005:0006:5508.000B: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  261.984121][ T7534] netlink: 24 bytes leftover after parsing attributes in process `syz.0.863'.
[  262.020662][ T7544] netlink: 12 bytes leftover after parsing attributes in process `syz.4.866'.
[  262.214719][ T7547] fido_id[7547]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  262.435356][ T7557] netlink: 'syz.2.870': attribute type 4 has an invalid length.
[  262.493418][ T7562] netlink: 'syz.2.870': attribute type 4 has an invalid length.
[  262.577746][ T7557] netlink: 'syz.2.870': attribute type 1 has an invalid length.
[  262.602079][ T7557] netlink: 'syz.2.870': attribute type 2 has an invalid length.
[  262.659987][ T7557] netlink: 165 bytes leftover after parsing attributes in process `syz.2.870'.
[  262.910377][ T7573] netlink: 76 bytes leftover after parsing attributes in process `syz.2.874'.
[  263.284858][ T7580] device syzkaller0 entered promiscuous mode
[  263.408524][ T7586] netlink: 76 bytes leftover after parsing attributes in process `syz.2.879'.
[  263.811884][ T4256] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  264.018914][ T4256] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  264.041482][ T4256] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  264.065511][ T4256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.074589][ T4256] usb 5-1: Product: syz
[  264.078976][ T4256] usb 5-1: Manufacturer: syz
[  264.088153][ T4256] usb 5-1: SerialNumber: syz
[  264.112352][ T4256] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  264.522279][ T4256] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  264.538090][ T4256] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  264.559557][ T4256] usb 5-1: media controller created
[  264.586857][ T4256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  266.170394][ T7588] netlink: 'syz.4.878': attribute type 7 has an invalid length.
[  266.179342][ T7588] netlink: 'syz.4.878': attribute type 8 has an invalid length.
[  266.206687][ T7598] netlink: 12 bytes leftover after parsing attributes in process `syz.0.882'.
[  266.384346][    T7] usb 5-1: USB disconnect, device number 5
[  266.491374][ T7602] netlink: 'syz.2.884': attribute type 4 has an invalid length.
[  266.564164][ T7602] netlink: 'syz.2.884': attribute type 4 has an invalid length.
[  266.603138][ T7602] netlink: 'syz.2.884': attribute type 1 has an invalid length.
[  266.611991][ T7602] netlink: 'syz.2.884': attribute type 2 has an invalid length.
[  266.622369][ T7602] netlink: 165 bytes leftover after parsing attributes in process `syz.2.884'.
[  266.948822][ T7620] device syzkaller0 entered promiscuous mode
[  267.375592][ T7632] netlink: 312 bytes leftover after parsing attributes in process `syz.1.893'.
[  267.506947][ T7636] netlink: 76 bytes leftover after parsing attributes in process `syz.3.894'.
[  269.541109][ T7642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.895'.
[  269.773742][ T7645] device veth13 entered promiscuous mode
[  269.817501][ T7648] netlink: 8 bytes leftover after parsing attributes in process `syz.3.897'.
[  269.856929][ T7650] netlink: 28 bytes leftover after parsing attributes in process `syz.0.896'.
[  269.910250][ T7653] netlink: 'syz.1.899': attribute type 4 has an invalid length.
[  270.045105][ T7648] device syzkaller0 entered promiscuous mode
[  270.069852][ T7658] netlink: 'syz.1.899': attribute type 4 has an invalid length.
[  270.082347][ T7662] netlink: 165 bytes leftover after parsing attributes in process `syz.1.899'.
[  272.282196][ T7653] netlink: 'syz.1.899': attribute type 1 has an invalid length.
[  272.289990][ T7653] netlink: 'syz.1.899': attribute type 2 has an invalid length.
[  272.624745][ T7690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.908'.
[  272.633869][ T7688] netlink: 76 bytes leftover after parsing attributes in process `syz.4.907'.
[  272.696466][ T7692] netlink: 312 bytes leftover after parsing attributes in process `syz.3.909'.
[  272.784744][ T7694] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  272.818592][ T7694] netlink: 20 bytes leftover after parsing attributes in process `syz.2.910'.
[  272.859078][ T7694] netlink: 20 bytes leftover after parsing attributes in process `syz.2.910'.
[  273.118066][ T7691] binder_alloc: 7680: binder_alloc_buf, no vma
[  273.180593][ T7702] netlink: 'syz.2.912': attribute type 7 has an invalid length.
[  273.189257][ T7702] netlink: 'syz.2.912': attribute type 8 has an invalid length.
[  273.320514][ T7691] syz.1.905 (7691): drop_caches: 2
[  273.531070][ T4256] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  273.724299][ T4256] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  273.767397][ T4256] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  273.809759][ T4256] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.824821][ T4256] usb 3-1: Product: syz
[  273.829290][ T4256] usb 3-1: Manufacturer: syz
[  273.837315][ T4256] usb 3-1: SerialNumber: syz
[  273.881248][ T7712] netlink: 'syz.3.916': attribute type 4 has an invalid length.
[  273.898723][ T4256] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  273.935759][ T7714] netlink: 'syz.3.916': attribute type 4 has an invalid length.
[  273.984200][ T7712] netlink: 'syz.3.916': attribute type 1 has an invalid length.
[  274.009757][ T7712] netlink: 'syz.3.916': attribute type 2 has an invalid length.
[  274.070630][   T27] hid-generic 0005:0006:5508.000C: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  274.142603][ T7716] netlink: 24 bytes leftover after parsing attributes in process `syz.0.917'.
[  274.299022][ T4256] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  274.345343][ T4256] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  274.369303][ T4256] usb 3-1: media controller created
[  274.434985][ T7718] fido_id[7718]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  274.485438][ T4256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  274.530168][ T7722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.919'.
[  274.836323][ T7722] device syzkaller0 entered promiscuous mode
[  275.097477][ T4256] usb 3-1: USB disconnect, device number 2
[  276.973817][    T7] hid-generic 0005:0006:5508.000D: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  277.286556][ T7759] fido_id[7759]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  278.795461][ T7776] netlink: 'syz.0.936': attribute type 7 has an invalid length.
[  278.803389][ T7776] netlink: 'syz.0.936': attribute type 8 has an invalid length.
[  278.966984][ T7779] binder_alloc: 7771: binder_alloc_buf, no vma
[  279.056110][ T7783] syz.4.934 (7783): drop_caches: 2
[  279.140915][    T7] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  279.191044][   T27] usb 4-1: new low-speed USB device number 3 using dummy_hcd
[  279.344078][    T7] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  279.378195][    T7] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  279.389619][   T27] usb 4-1: unable to get BOS descriptor or descriptor too short
[  279.406805][    T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.421019][   T27] usb 4-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  279.444048][    T7] usb 1-1: Product: syz
[  279.460593][    T7] usb 1-1: Manufacturer: syz
[  279.468435][   T27] usb 4-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  279.507896][    T7] usb 1-1: SerialNumber: syz
[  279.515483][   T27] usb 4-1: config 1 interface 0 has no altsetting 0
[  279.539158][   T27] usb 4-1: string descriptor 0 read error: -22
[  279.564821][   T27] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  279.588989][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.603729][    T7] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  279.644921][ T7780] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  279.671362][ T7780] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  279.956513][ T7780] netlink: 20 bytes leftover after parsing attributes in process `syz.3.935'.
[  279.982728][    T7] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  280.021911][    T7] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  280.050671][    T7] usb 1-1: media controller created
[  280.139808][    T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  280.737094][    T7] usb 1-1: USB disconnect, device number 5
[  280.763432][ T7806] netlink: 8 bytes leftover after parsing attributes in process `syz.1.946'.
[  281.022647][ T7806] device syzkaller0 entered promiscuous mode
[  281.117639][ T4319] hid-generic 0005:0006:5508.000E: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  281.178479][ T7809] netlink: 24 bytes leftover after parsing attributes in process `syz.2.947'.
[  281.291265][ T7813] fido_id[7813]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  281.527463][ T7819] binder: BINDER_SET_CONTEXT_MGR already set
[  281.565842][ T7819] binder: 7814:7819 ioctl 4018620d 200000000040 returned -16
[  281.711185][ T4319] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  281.917659][ T4319] usb 5-1: Using ep0 maxpacket: 16
[  281.936978][ T4319] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  281.949900][ T4319] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  281.964127][ T4319] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  281.978315][ T4319] usb 5-1: config 1 interface 0 has no altsetting 0
[  282.007639][ T4319] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  282.034954][ T4319] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.057247][ T4319] usb 5-1: Product: syz
[  282.067872][ T4319] usb 5-1: Manufacturer: syz
[  282.080486][ T4319] usb 5-1: SerialNumber: syz
[  282.326918][ T4319] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  282.636582][ T7817] usblp0:failed reading printer status (-32)
[  282.688406][    T7] usb 5-1: USB disconnect, device number 6
[  282.720391][    T7] usblp0: removed
[  283.153275][ T4310] usb 4-1: USB disconnect, device number 3
[  283.751468][ T7841] netlink: 312 bytes leftover after parsing attributes in process `syz.4.954'.
[  285.598484][ T7868] binder_alloc: 7856: binder_alloc_buf, no vma
[  285.628962][ T7869] netlink: 24 bytes leftover after parsing attributes in process `syz.1.960'.
[  285.835208][ T7874] binder: BINDER_SET_CONTEXT_MGR already set
[  285.883605][ T7874] binder: 7859:7874 ioctl 4018620d 200000000040 returned -16
[  286.355247][ T7868] syz.4.959 (7868): drop_caches: 2
[  287.937404][ T7888] netlink: 24 bytes leftover after parsing attributes in process `syz.4.968'.
[  288.146349][ T7900] netlink: 312 bytes leftover after parsing attributes in process `syz.2.970'.
[  288.162588][ T7899] netlink: 8 bytes leftover after parsing attributes in process `syz.0.971'.
[  288.695607][ T7906] device syzkaller0 entered promiscuous mode
[  289.526374][ T7924] syz.2.977 (7924): drop_caches: 2
[  293.090454][ T7950] fuse: Bad value for 'fd'
[  293.961023][ T4319] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  294.171535][ T4319] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  294.275361][ T4319] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  294.344588][ T4319] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.406668][ T4319] usb 4-1: Product: syz
[  294.423392][ T4319] usb 4-1: Manufacturer: syz
[  294.474569][ T4319] usb 4-1: SerialNumber: syz
[  294.489934][ T4319] usb 4-1: config 0 descriptor??
[  294.549675][ T4319] hub 4-1:0.0: bad descriptor, ignoring hub
[  294.559935][ T4319] hub: probe of 4-1:0.0 failed with error -5
[  294.609096][ T4319] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input12
[  297.451215][ T4319] usb 4-1: USB disconnect, device number 4
[  297.495049][ T8005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.998'.
[  297.811641][ T8005] device syzkaller0 entered promiscuous mode
[  298.503887][ T4256] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  298.697925][ T4256] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  298.744458][ T4256] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  298.770097][ T4256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.809894][ T4256] usb 5-1: Product: syz
[  298.820070][ T4256] usb 5-1: Manufacturer: syz
[  298.849491][ T4256] usb 5-1: SerialNumber: syz
[  298.891340][ T4256] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  299.295118][ T4256] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  299.325004][ T4256] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  299.346058][ T4256] usb 5-1: media controller created
[  299.414450][ T4256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  301.671880][ T8017] netlink: 'syz.4.1001': attribute type 7 has an invalid length.
[  301.680048][ T8017] netlink: 'syz.4.1001': attribute type 8 has an invalid length.
[  301.785890][ T4319] usb 5-1: USB disconnect, device number 7
[  302.575513][ T8052] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1014'.
[  302.843009][ T8064] process 'syz.1.1015' launched '/dev/fd/6' with NULL argv: empty string added
[  303.271045][ T4256] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  303.336395][ T8076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1018'.
[  303.531269][ T4256] usb 5-1: unable to get BOS descriptor or descriptor too short
[  303.574644][ T4256] usb 5-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  303.593685][ T8076] device syzkaller0 entered promiscuous mode
[  303.711811][ T4256] usb 5-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  303.910574][ T4256] usb 5-1: config 1 interface 0 has no altsetting 0
[  304.032589][ T4256] usb 5-1: string descriptor 0 read error: -22
[  304.038868][ T4256] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  304.113238][ T4256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.170085][ T8071] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  304.190635][ T8071] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  304.576866][ T8071] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1017'.
[  306.559269][   T26] audit: type=1326 audit(1769721983.932:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  306.667100][   T26] audit: type=1326 audit(1769721983.982:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15e855b78e code=0x7ffc0000
[  306.852438][   T26] audit: type=1326 audit(1769721984.112:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.025720][   T26] audit: type=1326 audit(1769721984.112:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.131100][   T26] audit: type=1326 audit(1769721984.162:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.185875][   T26] audit: type=1326 audit(1769721984.162:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.240998][ T4319] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  307.299345][   T26] audit: type=1326 audit(1769721984.162:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.349117][   T26] audit: type=1326 audit(1769721984.192:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15e855b78e code=0x7ffc0000
[  307.435304][   T26] audit: type=1326 audit(1769721984.192:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.489363][ T4319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  307.520954][ T4319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.530792][ T4319] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  307.541075][   T26] audit: type=1326 audit(1769721984.192:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8107 comm="syz.1.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  307.572895][ T4319] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.604775][ T4319] usb 2-1: config 0 descriptor??
[  307.818670][ T4349] usb 5-1: USB disconnect, device number 8
[  307.897387][ T4319] usbhid 2-1:0.0: can't add hid device: -71
[  307.907292][ T4319] usbhid: probe of 2-1:0.0 failed with error -71
[  307.949623][ T4319] usb 2-1: USB disconnect, device number 6
[  308.543647][ T4319] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  308.585815][ T8126] binder: 8119:8126 ioctl 4018620d 0 returned -22
[  308.750702][ T4319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.778299][ T4319] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.807625][ T4319] usb 2-1: New USB device found, idVendor=047f, idProduct=3333, bcdDevice= 0.40
[  308.836608][ T4319] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.888963][ T4319] usb 2-1: config 0 descriptor??
[  310.807808][ T4319] usbhid 2-1:0.0: can't add hid device: -71
[  310.819388][ T8126] binder: 8119:8126 ioctl d000941e 0 returned -22
[  310.832729][ T4319] usbhid: probe of 2-1:0.0 failed with error -71
[  310.860605][ T4319] usb 2-1: USB disconnect, device number 7
[  311.276185][ T4319] hid-generic 0005:0006:5508.000F: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  311.300533][ T8135] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1027'.
[  311.459215][ T8138] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1028'.
[  311.560508][ T8140] fido_id[8140]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  312.090036][ T8144] syz.0.1029 sent an empty control message without MSG_MORE.
[  312.962407][ T8168] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1036'.
[  313.944650][ T8180] device syzkaller0 entered promiscuous mode
[  314.103053][ T8190] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1043'.
[  316.325812][ T8213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1051'.
[  316.366839][ T8213] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1051'.
[  316.915918][ T4326] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  317.134065][ T4326] usb 2-1: Using ep0 maxpacket: 16
[  317.150657][ T4326] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  317.164578][ T4326] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  317.183885][ T4326] usb 2-1: Product: syz
[  317.188142][ T4326] usb 2-1: Manufacturer: syz
[  317.193172][ T4326] usb 2-1: SerialNumber: syz
[  317.210112][ T4326] usb 2-1: config 0 descriptor??
[  317.416554][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  317.423322][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  318.346151][ T4326] usb 2-1: USB disconnect, device number 8
[  318.778999][ T8239] netlink: 'syz.4.1059': attribute type 4 has an invalid length.
[  318.809275][ T8239] netlink: 'syz.4.1059': attribute type 4 has an invalid length.
[  318.840970][ T8239] netlink: 'syz.4.1059': attribute type 1 has an invalid length.
[  318.870987][ T8239] netlink: 'syz.4.1059': attribute type 2 has an invalid length.
[  319.038003][ T8242] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1062'.
[  319.075314][ T8242] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1062'.
[  319.522269][ T8256] xt_CT: You must specify a L4 protocol and not use inversions on it
[  319.592957][ T8256] libceph: resolve '4' (ret=-3): failed
[  320.704801][ T8277] device syzkaller0 entered promiscuous mode
[  322.606715][ T8293] block device autoloading is deprecated and will be removed.
[  323.428178][ T8296] netlink: 'syz.2.1073': attribute type 1 has an invalid length.
[  323.438060][ T8296] netlink: 'syz.2.1073': attribute type 2 has an invalid length.
[  323.477015][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1075'.
[  323.502947][ T8305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1075'.
[  325.427552][ T8298] netlink: 'syz.2.1073': attribute type 4 has an invalid length.
[  325.452607][ T8301] netlink: 'syz.2.1073': attribute type 4 has an invalid length.
[  325.776296][ T8340] netlink: 'syz.2.1082': attribute type 7 has an invalid length.
[  325.793473][ T8340] netlink: 'syz.2.1082': attribute type 8 has an invalid length.
[  326.113133][ T8354] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'.
[  326.220956][ T4326] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  326.412653][ T4326] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  326.435703][ T4326] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  326.458015][ T4326] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.478494][ T8365] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1090'.
[  326.491080][ T4326] usb 3-1: Product: syz
[  326.501143][    T7] usb 4-1: new low-speed USB device number 5 using dummy_hcd
[  326.530413][ T4326] usb 3-1: Manufacturer: syz
[  326.544746][ T4326] usb 3-1: SerialNumber: syz
[  326.596878][ T4326] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  326.735813][    T7] usb 4-1: unable to get BOS descriptor or descriptor too short
[  326.754301][    T7] usb 4-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  326.783655][ T4326] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  326.827221][ T4326] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  326.837384][    T7] usb 4-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  326.874177][ T4326] usb 3-1: media controller created
[  326.884499][    T7] usb 4-1: config 1 interface 0 has no altsetting 0
[  326.925317][    T7] usb 4-1: string descriptor 0 read error: -22
[  326.968002][    T7] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  326.978075][ T4326] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  327.006718][    T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.077804][ T8360] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  327.102256][ T8360] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  327.464094][ T4326] usb 3-1: USB disconnect, device number 3
[  327.557638][ T8369] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1088'.
[  327.703302][ T8368] device syzkaller0 entered promiscuous mode
[  327.781527][ T4333] hid-generic 0005:0006:5508.0010: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  327.834263][ T8371] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1092'.
[  327.918234][ T8375] fido_id[8375]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  329.670226][ T4256] usb 4-1: USB disconnect, device number 5
[  330.676223][ T4326] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  330.874650][ T4326] usb 1-1: Using ep0 maxpacket: 8
[  330.883902][ T4326] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  330.893131][ T4326] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.918833][ T4326] pvrusb2: Hardware description: Terratec Grabster AV400
[  330.926125][ T4326] pvrusb2: **********
[  330.930163][ T4326] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  330.940937][ T4326] pvrusb2: Important functionality might not be entirely working.
[  330.948893][ T4326] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  330.960760][ T4326] pvrusb2: **********
[  331.134675][ T2310] pvrusb2: Invalid write control endpoint
[  331.349154][ T2310] pvrusb2: Invalid write control endpoint
[  331.355564][ T2310] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  331.370334][ T2310] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  331.378372][ T2310] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  331.391083][ T2310] pvrusb2: Device being rendered inoperable
[  331.440148][ T8399] pvrusb2: Attempted to execute control transfer when device not ok
[  331.468443][ T2310] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  331.487269][ T4326] usb 1-1: USB disconnect, device number 6
[  331.504337][ T2310] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  331.548243][ T2310] pvrusb2: Attached sub-driver cx25840
[  331.558988][ T2310] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  331.569929][ T2310] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  331.617541][ T8383] netlink: 'syz.4.1093': attribute type 1 has an invalid length.
[  331.635458][ T8381] netlink: 'syz.4.1093': attribute type 4 has an invalid length.
[  331.656195][ T8383] netlink: 'syz.4.1093': attribute type 2 has an invalid length.
[  331.713494][ T8382] netlink: 'syz.4.1093': attribute type 4 has an invalid length.
[  331.947335][ T8409] netlink: 'syz.4.1102': attribute type 7 has an invalid length.
[  331.957952][ T8409] netlink: 'syz.4.1102': attribute type 8 has an invalid length.
[  332.387716][ T8420] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1103'.
[  332.442821][ T4256] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  332.632588][ T4256] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  332.660178][ T4256] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  332.699047][ T8407] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.708008][ T8407] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.733859][ T4256] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.811659][ T4256] usb 5-1: Product: syz
[  332.838994][ T4256] usb 5-1: Manufacturer: syz
[  332.864398][ T4256] usb 5-1: SerialNumber: syz
[  332.912150][ T4256] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  333.105583][ T4256] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  333.147063][ T4256] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  333.170508][ T4256] usb 5-1: media controller created
[  333.208263][ T4256] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  333.548995][ T4256] usb 5-1: USB disconnect, device number 9
[  334.509204][ T8407] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  334.677434][ T8407] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  334.950948][ T4333] usb 2-1: new low-speed USB device number 9 using dummy_hcd
[  335.167078][ T4333] usb 2-1: unable to get BOS descriptor or descriptor too short
[  335.186178][ T4333] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  335.236696][ T4333] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  335.285659][ T4333] usb 2-1: config 1 interface 0 has no altsetting 0
[  335.335199][ T4333] usb 2-1: string descriptor 0 read error: -22
[  335.373600][ T4333] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  335.448196][ T4333] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.517268][ T8407] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  335.535405][ T8440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  335.552008][ T8407] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  335.565323][ T8440] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  335.574395][ T8407] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  335.595708][ T8407] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  335.986200][ T8437] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1104'.
[  336.007222][ T8446] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1105'.
[  337.126360][ T8470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1111'.
[  337.299106][ T8470] device syzkaller0 entered promiscuous mode
[  338.005570][ T8481] binder: BINDER_SET_CONTEXT_MGR already set
[  338.204054][ T8481] binder: 8478:8481 ioctl 4018620d 200000000040 returned -16
[  338.654627][ T4365] usb 2-1: USB disconnect, device number 9
[  338.956914][  T125] hid-generic 0005:0006:5508.0011: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  339.412412][ T8502] fido_id[8502]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  340.524408][ T8519] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1120'.
[  342.360009][ T8488] device syzkaller0 entered promiscuous mode
[  343.778959][ T8518] Set syz1 is full, maxelem 65536 reached
[  344.206065][ T8553] binder: BINDER_SET_CONTEXT_MGR already set
[  344.212739][ T8553] binder: 8548:8553 ioctl 4018620d 200000000040 returned -16
[  346.170695][ T8562] loop7: detected capacity change from 0 to 7
[  346.198935][ T4375] Dev loop7: unable to read RDB block 7
[  346.263824][ T4375]  loop7: unable to read partition table
[  346.284712][ T4375] loop7: partition table beyond EOD, truncated
[  346.318533][ T8562] Dev loop7: unable to read RDB block 7
[  346.342886][ T8562]  loop7: unable to read partition table
[  346.359795][ T8562] loop7: partition table beyond EOD, truncated
[  346.372812][ T8562] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  348.655432][ T8600] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  348.826546][ T8598] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1141'.
[  349.249560][ T8607] netlink: 'syz.3.1142': attribute type 10 has an invalid length.
[  349.264810][ T8607] device syz_tun entered promiscuous mode
[  349.288590][ T8607] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  349.313827][ T8607] netlink: 'syz.3.1142': attribute type 10 has an invalid length.
[  349.342437][   T26] kauditd_printk_skb: 84 callbacks suppressed
[  349.342453][   T26] audit: type=1326 audit(1769722026.722:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8594 comm="syz.2.1141" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3ff919aeb9 code=0x0
[  349.370214][    C0] vkms_vblank_simulate: vblank timer overrun
[  349.404424][ T8607] 8021q: adding VLAN 0 to HW filter on device bond0
[  349.455607][ T8607] team0: Port device bond0 added
[  350.064992][ T8631] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1147'.
[  350.106712][ T8632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1148'.
[  350.577429][ T8636] fuse: Bad value for 'fd'
[  350.859264][ T8636] fuse: Bad value for 'fd'
[  350.940085][ T8636] x_tables: duplicate underflow at hook 4
[  353.257907][    C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  355.596868][ T8649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1152'.
[  355.639483][ T8658] device syzkaller0 entered promiscuous mode
[  356.634558][ T8443] usb 3-1: new low-speed USB device number 4 using dummy_hcd
[  356.847432][ T8443] usb 3-1: unable to get BOS descriptor or descriptor too short
[  356.868955][ T8443] usb 3-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  356.893226][ T8443] usb 3-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[  356.906216][ T8443] usb 3-1: config 1 interface 0 has no altsetting 0
[  356.941011][ T8443] usb 3-1: string descriptor 0 read error: -22
[  356.963102][ T8443] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  356.979386][ T8443] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.007041][ T8702] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  357.026336][ T8702] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  359.556855][ T8685] netlink: 'syz.3.1157': attribute type 7 has an invalid length.
[  359.582239][ T8685] netlink: 'syz.3.1157': attribute type 8 has an invalid length.
[  359.643481][ T4310] usb 3-1: USB disconnect, device number 4
[  359.911264][ T8731] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1165'.
[  359.937579][ T8724] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1166'.
[  362.602235][ T8761] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1174'.
[  362.611763][ T8761] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1174'.
[  363.196008][ T8760] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  363.437345][ T8767] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1178'.
[  363.508496][ T8767] device syzkaller0 entered promiscuous mode
[  363.515886][ T8769] netlink: 'syz.2.1177': attribute type 7 has an invalid length.
[  363.526174][ T8769] netlink: 'syz.2.1177': attribute type 8 has an invalid length.
[  363.831082][ T8444] hid-generic 0005:0006:5508.0012: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  364.036468][ T8783] fido_id[8783]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  366.656610][ T8812] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1189'.
[  366.687446][ T8812] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1189'.
[  366.731972][ T8813] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1188'.
[  369.221829][ T8809] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  370.205389][ T8855] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1199'.
[  370.389220][ T8855] device syzkaller0 entered promiscuous mode
[  370.401010][ T4310] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  370.602664][ T4310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.633283][ T4310] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.668393][ T4310] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  370.705459][ T4310] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.748907][ T4310] usb 4-1: config 0 descriptor??
[  370.964782][ T4310] usbhid 4-1:0.0: can't add hid device: -71
[  370.984447][ T4310] usbhid: probe of 4-1:0.0 failed with error -71
[  371.002433][ T4310] usb 4-1: USB disconnect, device number 6
[  371.816142][ T8876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1203'.
[  371.845537][ T8876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1203'.
[  374.203382][ T8875] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  374.602750][ T8897] device veth7 entered promiscuous mode
[  374.675633][ T8897] bond4: (slave veth7): Enslaving as an active interface with an up link
[  374.688809][ T8902] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1210'.
[  374.710586][ T8902] 8021q: adding VLAN 0 to HW filter on device bond4
[  374.723792][ T8914] netlink: 'syz.1.1214': attribute type 4 has an invalid length.
[  374.758763][ T8905] netlink: 'syz.1.1214': attribute type 4 has an invalid length.
[  374.818447][ T8905] netlink: 'syz.1.1214': attribute type 1 has an invalid length.
[  374.895577][ T8905] netlink: 'syz.1.1214': attribute type 2 has an invalid length.
[  374.946075][ T8911] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1214'.
[  375.318498][ T8923] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  375.392738][ T8923] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1220'.
[  375.470031][ T8923] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1220'.
[  375.518627][ T8913] syz.2.1213 (8913): drop_caches: 2
[  375.718659][ T8935] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1224'.
[  378.886917][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  378.899593][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  379.148525][ T8966] device veth9 entered promiscuous mode
[  379.169513][ T8967] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1228'.
[  379.466728][ T8974] netlink: 'syz.3.1230': attribute type 4 has an invalid length.
[  379.511463][ T8974] netlink: 'syz.3.1230': attribute type 4 has an invalid length.
[  379.557508][ T8981] netlink: 'syz.3.1230': attribute type 1 has an invalid length.
[  379.595113][ T8981] netlink: 'syz.3.1230': attribute type 2 has an invalid length.
[  379.638447][ T8974] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1230'.
[  379.919967][ T8994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1237'.
[  380.473879][ T9004] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1240'.
[  380.781714][ T9012] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1243'.
[  381.083665][ T9012] device syzkaller0 entered promiscuous mode
[  381.577897][ T9031] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1248'.
[  381.597505][ T9031] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1248'.
[  385.924679][ T9030] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  385.940912][ T9044] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1253'.
[  386.223617][ T9059] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1255'.
[  386.430924][ T4347] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  386.583719][ T9070] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1261'.
[  386.621123][ T4347] usb 3-1: Using ep0 maxpacket: 8
[  386.628499][ T4347] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  386.672049][ T4347] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.745808][ T4347] pvrusb2: Hardware description: Terratec Grabster AV400
[  386.763305][ T4347] pvrusb2: **********
[  386.771882][ T4347] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  386.801811][ T4347] pvrusb2: Important functionality might not be entirely working.
[  386.809866][ T4347] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  386.822079][ T4347] pvrusb2: **********
[  386.945496][ T9077] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  386.985539][ T2310] pvrusb2: Invalid write control endpoint
[  387.057190][ T9083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1267'.
[  387.079869][ T9085] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1268'.
[  387.137936][ T9077] device veth5 entered promiscuous mode
[  387.148041][ T9082] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1266'.
[  387.186955][ T9082] 8021q: adding VLAN 0 to HW filter on device bond3
[  387.197768][ T9054] pvrusb2: Invalid write control endpoint
[  387.214090][ T2310] pvrusb2: Invalid write control endpoint
[  387.219907][ T2310] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  387.236691][ T9091] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1269'.
[  387.249808][ T8442] usb 3-1: USB disconnect, device number 5
[  387.300845][ T2310] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  387.323434][ T2310] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  387.347657][ T9085] device syzkaller0 entered promiscuous mode
[  387.360851][ T2310] pvrusb2: Device being rendered inoperable
[  387.367267][ T2310] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  387.387100][ T2310] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  387.418617][ T2310] pvrusb2: Attached sub-driver cx25840
[  387.439086][ T2310] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  387.468938][ T2310] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  387.824631][ T9107] netlink: 312 bytes leftover after parsing attributes in process `syz.0.1274'.
[  388.332693][ T9127] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1276'.
[  388.357195][ T9125] netlink: 'syz.2.1276': attribute type 1 has an invalid length.
[  388.374968][ T9125] netlink: 'syz.2.1276': attribute type 2 has an invalid length.
[  390.103605][ T9117] netlink: 'syz.2.1276': attribute type 4 has an invalid length.
[  390.149677][ T9120] netlink: 'syz.2.1276': attribute type 4 has an invalid length.
[  390.411256][ T9138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1282'.
[  390.693647][ T9142] device veth11 entered promiscuous mode
[  390.742061][ T9142] bond5: (slave veth11): Enslaving as an active interface with an up link
[  390.942669][ T9150] 8021q: adding VLAN 0 to HW filter on device bond5
[  391.876110][ T9181] syz.1.1289 (9181): drop_caches: 2
[  392.279505][ T9187] __nla_validate_parse: 1 callbacks suppressed
[  392.279519][ T9187] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1291'.
[  392.518641][ T9190] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1292'.
[  392.809815][ T9190] device syzkaller0 entered promiscuous mode
[  393.286833][ T9200] netlink: 'syz.4.1294': attribute type 1 has an invalid length.
[  393.321233][ T9200] netlink: 'syz.4.1294': attribute type 2 has an invalid length.
[  393.438759][ T9200] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1294'.
[  394.261664][   T26] audit: type=1326 audit(1769722071.642:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.339649][   T26] audit: type=1326 audit(1769722071.662:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.419634][   T26] audit: type=1326 audit(1769722071.662:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15e855b78e code=0x7ffc0000
[  394.446672][   T26] audit: type=1326 audit(1769722071.662:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.555471][   T26] audit: type=1326 audit(1769722071.682:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.636325][   T26] audit: type=1326 audit(1769722071.692:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.811055][ T4310] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  394.845576][   T26] audit: type=1326 audit(1769722071.692:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.905153][   T26] audit: type=1326 audit(1769722071.692:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  394.942664][   T26] audit: type=1326 audit(1769722071.692:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15e855b78e code=0x7ffc0000
[  394.967516][   T26] audit: type=1326 audit(1769722071.692:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9208 comm="syz.1.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f15e859aeb9 code=0x7ffc0000
[  395.276053][ T4310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.311783][ T4310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.322279][ T4310] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  395.341020][ T4310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.357484][ T4310] usb 2-1: config 0 descriptor??
[  395.752806][ T4310] usbhid 2-1:0.0: can't add hid device: -71
[  395.759651][ T4310] usbhid: probe of 2-1:0.0 failed with error -71
[  395.811412][ T4310] usb 2-1: USB disconnect, device number 10
[  396.420917][ T4310] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  396.696942][ T4310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.737390][ T4310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.752491][ T4310] usb 2-1: New USB device found, idVendor=047f, idProduct=3333, bcdDevice= 0.40
[  396.812645][ T4310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.831979][ T4310] usb 2-1: config 0 descriptor??
[  397.995378][ T9198] netlink: 'syz.4.1294': attribute type 4 has an invalid length.
[  398.016531][ T9199] netlink: 'syz.4.1294': attribute type 4 has an invalid length.
[  398.035118][ T9210] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1296'.
[  398.055564][ T9221] netlink: 'syz.3.1299': attribute type 1 has an invalid length.
[  398.115116][ T9223] device veth7 entered promiscuous mode
[  398.147109][ T9224] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1299'.
[  399.049244][ T4310] usbhid 2-1:0.0: can't add hid device: -71
[  399.059464][ T4310] usbhid: probe of 2-1:0.0 failed with error -71
[  399.085287][ T4310] usb 2-1: USB disconnect, device number 11
[  399.277685][ T9249] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  399.329889][ T9249] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1305'.
[  399.377496][ T9249] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1305'.
[  400.028833][ T9271] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1310'.
[  400.215715][ T9273] netlink: 'syz.0.1311': attribute type 4 has an invalid length.
[  400.255061][ T9273] netlink: 'syz.0.1311': attribute type 4 has an invalid length.
[  400.309528][ T9273] netlink: 'syz.0.1311': attribute type 1 has an invalid length.
[  400.328540][ T9273] netlink: 'syz.0.1311': attribute type 2 has an invalid length.
[  400.345380][ T9273] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1311'.
[  400.584181][ T9277] netlink: 'syz.0.1313': attribute type 1 has an invalid length.
[  400.766863][ T9277] device veth13 entered promiscuous mode
[  400.804281][ T9277] bond6: (slave veth13): Enslaving as an active interface with an up link
[  400.823845][ T9279] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1313'.
[  400.882448][ T9279] 8021q: adding VLAN 0 to HW filter on device bond6
[  400.905217][ T9282] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1314'.
[  401.149184][ T9282] device syzkaller0 entered promiscuous mode
[  402.296337][ T9309] binder_alloc: 9305: binder_alloc_buf, no vma
[  402.928053][ T9324] netlink: 'syz.0.1324': attribute type 1 has an invalid length.
[  402.945816][ T9324] netlink: 'syz.0.1324': attribute type 2 has an invalid length.
[  402.959309][  T125] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  402.982540][ T9324] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1324'.
[  403.150855][  T125] usb 5-1: Using ep0 maxpacket: 8
[  403.158750][  T125] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  403.186959][  T125] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  403.216452][  T125] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  403.247623][  T125] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  403.268442][  T125] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  403.322460][  T125] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  403.356918][  T125] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.598880][  T125] usb 5-1: GET_CAPABILITIES returned 0
[  403.604794][  T125] usbtmc 5-1:16.0: can't read capabilities
[  403.810277][ T8443] usb 5-1: USB disconnect, device number 10
[  406.187362][  T125] hid-generic 0005:0006:5508.0013: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  406.342178][ T9352] fido_id[9352]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  406.691649][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bond6: link becomes ready
[  406.706593][ T9319] netlink: 'syz.0.1324': attribute type 4 has an invalid length.
[  406.732750][ T9322] netlink: 'syz.0.1324': attribute type 4 has an invalid length.
[  406.875643][ T9361] device syzkaller0 entered promiscuous mode
[  407.100046][ T9371] binder: 9370:9371 ioctl c0306201 200000000300 returned -11
[  410.324016][ T9380] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.331413][ T9380] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.139658][ T9424] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1346'.
[  411.253737][ T9380] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  411.768953][ T9380] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  411.778736][ T9380] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  411.788151][ T9380] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  411.797383][ T9380] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  412.023040][ T9395] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1341'.
[  412.035088][ T9401] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1344'.
[  412.061365][ T9401] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1344'.
[  412.248488][ T9414] device syzkaller0 entered promiscuous mode
[  412.325038][ T9437] binder: 9436:9437 ioctl c0306201 200000000300 returned -11
[  412.347349][   T14] hid-generic 0005:0006:5508.0014: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  412.412365][ T9434] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1347'.
[  412.647687][ T9440] fido_id[9440]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  412.671418][ T9447] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1350'.
[  412.680544][ T9447] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1350'.
[  412.727233][   T26] kauditd_printk_skb: 68 callbacks suppressed
[  412.727255][   T26] audit: type=1326 audit(1769722090.102:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  412.837786][   T26] audit: type=1326 audit(1769722090.152:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  412.880390][   T26] audit: type=1326 audit(1769722090.162:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc3f615b78e code=0x7ffc0000
[  412.962742][   T26] audit: type=1326 audit(1769722090.162:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.134593][   T26] audit: type=1326 audit(1769722090.162:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.289871][   T26] audit: type=1326 audit(1769722090.182:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.401283][ T8444] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  413.411158][   T26] audit: type=1326 audit(1769722090.182:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.564921][   T26] audit: type=1326 audit(1769722090.182:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.594288][   T26] audit: type=1326 audit(1769722090.182:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.649627][ T8444] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.668424][   T26] audit: type=1326 audit(1769722090.182:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9443 comm="syz.0.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3f619aeb9 code=0x7ffc0000
[  413.695236][ T8444] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.731946][ T8444] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  413.762879][ T8444] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.794681][ T8444] usb 1-1: config 0 descriptor??
[  413.830337][ T9470] syz.4.1354 (9470): drop_caches: 2
[  414.040403][ T8444] usbhid 1-1:0.0: can't add hid device: -71
[  414.057539][ T8444] usbhid: probe of 1-1:0.0 failed with error -71
[  414.097478][ T8444] usb 1-1: USB disconnect, device number 7
[  414.763836][  T128] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  415.087687][  T128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.200398][  T128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  415.221873][  T128] usb 1-1: New USB device found, idVendor=047f, idProduct=3333, bcdDevice= 0.40
[  415.263027][  T128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.306446][  T128] usb 1-1: config 0 descriptor??
[  416.912229][  T128] usbhid 1-1:0.0: can't add hid device: -71
[  416.924726][  T128] usbhid: probe of 1-1:0.0 failed with error -71
[  416.950834][  T128] usb 1-1: USB disconnect, device number 8
[  418.310422][ T9498] binder: 9497:9498 ioctl c0306201 200000000300 returned -11
[  418.627296][ T9445] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  419.032974][ T9515] netlink: 'syz.3.1365': attribute type 7 has an invalid length.
[  419.064198][ T9515] netlink: 'syz.3.1365': attribute type 8 has an invalid length.
[  419.380865][   T27] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  419.582971][   T27] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  419.631193][   T27] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  419.660005][   T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.687233][   T27] usb 4-1: Product: syz
[  419.697355][   T27] usb 4-1: Manufacturer: syz
[  419.710726][   T27] usb 4-1: SerialNumber: syz
[  419.766605][   T27] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  420.156379][   T27] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  420.177394][   T27] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  420.196900][   T27] usb 4-1: media controller created
[  420.264111][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  420.623667][   T27] usb 4-1: USB disconnect, device number 7
[  421.337529][ T9543] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  421.393666][ T9543] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1373'.
[  421.416737][ T9543] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1373'.
[  421.549725][  T128] hid-generic 0005:0006:5508.0015: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  421.583419][ T9545] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1374'.
[  421.623818][ T9549] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1375'.
[  421.701121][ T9549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1375'.
[  421.981861][ T9550] fido_id[9550]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  422.001792][ T9553] device syzkaller0 entered promiscuous mode
[  422.659923][ T9575] xt_CT: You must specify a L4 protocol and not use inversions on it
[  422.681779][ T9575] libceph: resolve '4' (ret=-3): failed
[  423.264863][ T9585] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1386'.
[  423.300336][ T9585] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1386'.
[  424.748050][ T9591] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1387'.
[  424.760319][ T9591] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1387'.
[  426.196966][ T9584] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  426.770541][ T9617] netlink: 312 bytes leftover after parsing attributes in process `syz.1.1394'.
[  427.988899][ T9635] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  428.039155][ T9635] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1402'.
[  428.075465][ T9635] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1402'.
[  428.868711][ T9646] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1404'.
[  428.899151][ T9646] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1404'.
[  429.101550][ T9654] binder_alloc: 9653: binder_alloc_buf, no vma
[  429.135883][ T9654] binder: 9653:9654 ioctl c0306201 200000000300 returned -11
[  429.148678][ T9651] device syzkaller0 entered promiscuous mode
[  433.779036][ T9710] binder_alloc: 9709: binder_alloc_buf, no vma
[  433.796594][ T9710] binder: 9709:9710 ioctl c0306201 200000000300 returned -11
[  434.199474][ T9663] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1412'.
[  434.224488][ T9664] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1412'.
[  434.770892][ T8444] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  434.870294][ T9727] device syzkaller0 entered promiscuous mode
[  434.930935][ T8444] usb 5-1: device descriptor read/64, error -71
[  435.220902][ T8444] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  435.381002][ T8444] usb 5-1: device descriptor read/64, error -71
[  435.381326][ T4365] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  435.535025][ T8444] usb usb5-port1: attempt power cycle
[  435.599177][ T4365] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  435.628633][ T4365] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  435.660483][ T4365] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.680932][ T4365] usb 3-1: Product: syz
[  435.685179][ T4365] usb 3-1: Manufacturer: syz
[  435.689824][ T4365] usb 3-1: SerialNumber: syz
[  435.727326][ T4365] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  435.944523][ T8444] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  436.004209][ T8444] usb 5-1: device descriptor read/8, error -71
[  436.125938][ T4365] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  436.156577][ T4365] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  436.175414][ T4365] usb 3-1: media controller created
[  436.200987][ T9750] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1436'.
[  436.221616][ T9750] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1436'.
[  436.231220][ T4365] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  436.250703][ T9752] binder_alloc: 9751: binder_alloc_buf, no vma
[  436.282597][ T9752] binder: 9751:9752 ioctl c0306201 200000000300 returned -11
[  436.291141][ T8444] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  436.331747][ T8444] usb 5-1: device descriptor read/8, error -71
[  436.451503][ T8444] usb usb5-port1: unable to enumerate USB device
[  436.511881][ T4365] usb 3-1: USB disconnect, device number 6
[  436.576848][ T9757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1438'.
[  436.586159][ T9757] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1438'.
[  436.689976][ T9757] device syzkaller0 entered promiscuous mode
[  436.814020][ T9762] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1440'.
[  436.830989][ T9762] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1440'.
[  438.846176][ T9798] netlink: 312 bytes leftover after parsing attributes in process `syz.4.1448'.
[  439.755910][ T9767] device veth13 entered promiscuous mode
[  439.766921][ T9768] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1442'.
[  439.787503][ T9786] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1447'.
[  439.798829][ T9787] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1447'.
[  440.270703][ T9821] fuse: Bad value for 'group_id'
[  440.298401][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  440.305049][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  440.390910][ T8444] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  440.461144][  T128] usb 1-1: new low-speed USB device number 9 using dummy_hcd
[  440.592787][ T8444] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  440.617202][ T8444] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  440.643052][ T8444] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.655716][ T8444] usb 4-1: Product: syz
[  440.659968][ T8444] usb 4-1: Manufacturer: syz
[  440.673190][  T128] usb 1-1: unable to get BOS descriptor or descriptor too short
[  440.701986][  T128] usb 1-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[  440.722139][ T8444] usb 4-1: SerialNumber: syz
[  440.732174][  T128] usb 1-1: config 1 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  440.769434][ T8444] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  440.778516][  T128] usb 1-1: config 1 interface 0 has no altsetting 0
[  440.812282][ T9830] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1459'.
[  440.827979][  T128] usb 1-1: string descriptor 0 read error: -22
[  440.837529][ T9830] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1459'.
[  440.850671][  T128] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  440.889988][  T128] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.920665][ T9817] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  441.147119][  T128] usb 1-1: USB disconnect, device number 9
[  441.169336][ T8444] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  441.188658][ T9832] device veth7 entered promiscuous mode
[  441.196653][ T8444] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  441.255023][ T9833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1460'.
[  441.268026][ T8444] usb 4-1: media controller created
[  441.314659][ T8444] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  441.482045][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1462'.
[  441.500955][ T9839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1462'.
[  441.638380][ T9839] device syzkaller0 entered promiscuous mode
[  441.761154][ T8444] usb 4-1: USB disconnect, device number 8
[  442.141798][ T9851] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1464'.
[  442.336576][ T9859] fuse: Bad value for 'group_id'
[  444.610914][ T9878] SET target dimension over the limit!
[  445.465317][ T9866] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1470'.
[  445.481171][ T9867] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1470'.
[  445.520411][ T9870] device veth9 entered promiscuous mode
[  445.570681][ T9871] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1471'.
[  445.761084][ T9880] netlink: 'syz.1.1474': attribute type 4 has an invalid length.
[  445.833952][ T9882] netlink: 'syz.1.1474': attribute type 4 has an invalid length.
[  445.879982][ T9880] netlink: 'syz.1.1474': attribute type 1 has an invalid length.
[  445.895357][ T9880] netlink: 'syz.1.1474': attribute type 2 has an invalid length.
[  445.939522][ T9880] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1474'.
[  446.029677][ T9889] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1478'.
[  446.045594][ T9889] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1478'.
[  446.080912][ T8444] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  446.250937][ T4366] usb 3-1: new low-speed USB device number 7 using dummy_hcd
[  446.283157][ T8444] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  446.309637][ T8444] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  446.336711][ T8444] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.370089][ T8444] usb 5-1: Product: syz
[  446.393539][ T8444] usb 5-1: Manufacturer: syz
[  446.403389][ T8444] usb 5-1: SerialNumber: syz
[  446.433394][ T8444] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  446.448152][ T4366] usb 3-1: unable to get BOS descriptor or descriptor too short
[  446.474317][ T4366] usb 3-1: unable to read config index 0 descriptor/start: -71
[  446.498486][ T4366] usb 3-1: can't read configurations, error -71
[  446.829976][ T8444] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  446.853803][ T8444] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  446.889492][ T8444] usb 5-1: media controller created
[  446.954559][ T8444] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  447.286987][ T8444] usb 5-1: USB disconnect, device number 15
[  447.739872][ T9913] device veth9 entered promiscuous mode
[  447.816953][ T9914] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1485'.
[  448.177074][ T9918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1487'.
[  448.205172][ T9918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1487'.
[  448.465310][ T9918] device syzkaller0 entered promiscuous mode
[  448.759584][ T9930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1491'.
[  449.012033][ T9945] netlink: 'syz.2.1489': attribute type 1 has an invalid length.
[  449.027636][ T9945] netlink: 'syz.2.1489': attribute type 2 has an invalid length.
[  450.370129][   T26] kauditd_printk_skb: 80 callbacks suppressed
[  450.370144][   T26] audit: type=1326 audit(1769722127.742:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.451760][   T26] audit: type=1326 audit(1769722127.782:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4fe515b78e code=0x7ffc0000
[  450.520667][   T26] audit: type=1326 audit(1769722127.782:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.543088][    C1] vkms_vblank_simulate: vblank timer overrun
[  450.577215][   T26] audit: type=1326 audit(1769722127.792:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.601839][   T26] audit: type=1326 audit(1769722127.792:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.630672][   T26] audit: type=1326 audit(1769722127.792:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.662351][   T26] audit: type=1326 audit(1769722127.792:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.685374][   T26] audit: type=1326 audit(1769722127.792:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4fe515b78e code=0x7ffc0000
[  450.728923][   T26] audit: type=1326 audit(1769722127.792:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.757564][   T26] audit: type=1326 audit(1769722127.792:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9954 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f4fe519aeb9 code=0x7ffc0000
[  450.780290][    C1] vkms_vblank_simulate: vblank timer overrun
[  450.791564][ T8444] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  451.087821][ T8444] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  451.114869][ T8444] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  451.158173][ T8444] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  451.170147][ T8444] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.186963][ T8444] usb 5-1: config 0 descriptor??
[  451.442211][ T8444] usbhid 5-1:0.0: can't add hid device: -71
[  451.454859][ T8444] usbhid: probe of 5-1:0.0 failed with error -71
[  451.469914][ T8444] usb 5-1: USB disconnect, device number 16
[  452.081913][ T8444] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  452.304653][ T8444] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  452.320242][ T8444] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  452.332122][ T8444] usb 5-1: New USB device found, idVendor=047f, idProduct=3333, bcdDevice= 0.40
[  452.346294][ T8444] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.357131][ T8444] usb 5-1: config 0 descriptor??
[  453.054708][ T9935] netlink: 'syz.2.1489': attribute type 4 has an invalid length.
[  453.076324][ T9939] netlink: 'syz.2.1489': attribute type 4 has an invalid length.
[  453.323025][ T9965] __nla_validate_parse: 2 callbacks suppressed
[  453.323043][ T9965] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1497'.
[  453.550924][   T27] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  453.569501][ T9973] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  453.599089][ T9973] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1500'.
[  453.661564][ T9973] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1500'.
[  453.762864][   T27] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  453.788823][   T27] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  453.828209][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.878571][   T27] usb 1-1: Product: syz
[  453.910251][   T27] usb 1-1: Manufacturer: syz
[  453.949292][   T27] usb 1-1: SerialNumber: syz
[  454.007895][   T27] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  454.027267][ T8444] usbhid 5-1:0.0: can't add hid device: -71
[  454.062874][ T8444] usbhid: probe of 5-1:0.0 failed with error -71
[  454.095474][ T8444] usb 5-1: USB disconnect, device number 17
[  454.414232][   T27] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  454.459560][   T27] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  454.485312][   T27] usb 1-1: media controller created
[  454.515030][ T9988] ptrace attach of "./syz-executor exec"[4279] was attempted by " Àÿ      Ðÿ      ð¥      Àÿ      Àÿ      Ðÿ      àÿ             ./file0  °ÿ      Àÿ                 ÿÿÿÿ                                                                                                                                                                                                                                                                                                                                                                                                                      /sys/kernel/debug/binder/stats                                                                                                  8             
€      \x09       Û       
    þÿÿú  ÿÿÿÿ        cgroup.controllers                                                                                                                                                                                         
[  454.557622][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  454.644959][    C1] vkms_vblank_simulate: vblank timer overrun
[  455.346362][ T9991] sctp: failed to load transform for md5: -2
[  455.434973][   T27] usb 1-1: USB disconnect, device number 10
[  456.631138][T10028] Cannot find add_set index 0 as target
[  456.756174][T10030] netlink: 'syz.0.1508': attribute type 4 has an invalid length.
[  456.816935][T10031] netlink: 'syz.0.1508': attribute type 4 has an invalid length.
[  456.867717][T10030] netlink: 'syz.0.1508': attribute type 1 has an invalid length.
[  456.899282][T10030] netlink: 'syz.0.1508': attribute type 2 has an invalid length.
[  456.960126][T10031] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1508'.
[  457.683437][T10042] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1510'.
[  458.445383][T10055] binder: 10054:10055 ioctl c0306201 200000000300 returned -11
[  459.673867][T10050] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.681195][T10050] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.191793][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x2c
[  460.252109][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x84d
[  460.289976][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4e
[  460.318184][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x803
[  460.359574][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xf6
[  460.418933][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xa
[  460.484123][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x2c
[  460.537598][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x84d
[  460.624772][T10073] kvm [10071]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x4e
[  461.299721][T10050] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  461.407527][T10050] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  461.470988][ T4349] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  461.662595][ T4349] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  461.689533][ T4349] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  461.744133][ T4349] usb 4-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  461.753731][ T4349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.770998][ T4349] usb 4-1: Product: syz
[  461.777640][ T4349] usb 4-1: Manufacturer: syz
[  461.792910][ T4349] usb 4-1: SerialNumber: syz
[  461.811733][ T4349] usb 4-1: config 0 descriptor??
[  461.817875][T10087] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  461.826082][T10087] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  461.848010][ T4349] option 4-1:0.0: GSM modem (1-port) converter detected
[  461.869959][ T4349] usb 4-1: GSM modem (1-port) converter now attached to ttyUSB0
[  462.106780][ T4349] usb 4-1: USB disconnect, device number 9
[  462.136260][ T4349] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  462.166345][ T4349] option 4-1:0.0: device disconnected
[  462.702167][T10050] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  462.722424][T10050] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  462.740879][T10050] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  462.752732][T10050] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  462.971183][T10105] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1522'.
[  463.296169][T10112] binder: 10111:10112 ioctl c0306201 200000000300 returned -11
[  464.126303][T10143] syz.3.1528 (10143): /proc/10125/oom_adj is deprecated, please use /proc/10125/oom_score_adj instead.
[  464.851043][ T4366] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  465.072973][ T4366] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  465.110833][ T4366] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  465.156241][ T4366] usb 2-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  465.191082][ T4366] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.231029][ T4366] usb 2-1: Product: syz
[  465.235273][ T4366] usb 2-1: Manufacturer: syz
[  465.281314][ T4366] usb 2-1: SerialNumber: syz
[  465.337618][ T4366] usb 2-1: config 0 descriptor??
[  465.346372][T10152] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  465.381030][T10152] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  465.419486][ T4366] option 2-1:0.0: GSM modem (1-port) converter detected
[  465.448806][ T4366] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB0
[  465.755017][ T4366] usb 2-1: USB disconnect, device number 12
[  465.808634][ T4366] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  465.846396][ T4366] option 2-1:0.0: device disconnected
[  466.860961][ T4366] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  467.053313][ T4366] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  467.089808][ T4366] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  467.117816][ T4366] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.141389][ T4366] usb 4-1: Product: syz
[  467.160864][ T4366] usb 4-1: Manufacturer: syz
[  467.165556][ T4366] usb 4-1: SerialNumber: syz
[  467.194824][ T4366] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  467.465946][T10220] fuse: Unknown parameter 'grou00000000000000000000'
[  467.601501][ T4366] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  467.632146][ T4366] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  467.640507][ T4366] usb 4-1: media controller created
[  467.687529][ T4366] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  467.708645][T10222] netlink: 'syz.2.1556': attribute type 4 has an invalid length.
[  467.831553][T10225] netlink: 'syz.2.1556': attribute type 4 has an invalid length.
[  467.882900][T10222] netlink: 'syz.2.1556': attribute type 1 has an invalid length.
[  467.901326][T10222] netlink: 'syz.2.1556': attribute type 2 has an invalid length.
[  468.087517][ T4366] usb 4-1: USB disconnect, device number 10
[  468.591236][T10248] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  468.625735][T10248] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1565'.
[  468.649532][T10248] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1565'.
[  468.767830][T10254] device syzkaller0 entered promiscuous mode
[  468.774217][ T9408] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  468.866351][ T4366] hid-generic 0005:0006:5508.0016: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  468.899932][T10256] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1568'.
[  468.978686][ T9408] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  469.000866][ T9408] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  469.019604][ T9408] usb 3-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[  469.036471][ T9408] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.076103][ T9408] usb 3-1: Product: syz
[  469.080363][ T9408] usb 3-1: Manufacturer: syz
[  469.109739][ T9408] usb 3-1: SerialNumber: syz
[  469.121750][ T9408] usb 3-1: config 0 descriptor??
[  469.138250][T10245] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  469.151150][T10245] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  469.163278][T10262] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1569'.
[  469.199212][ T9408] option 3-1:0.0: GSM modem (1-port) converter detected
[  469.220492][T10258] fido_id[10258]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  469.245282][ T9408] usb 3-1: GSM modem (1-port) converter now attached to ttyUSB0
[  469.481574][ T9408] usb 3-1: USB disconnect, device number 9
[  469.491617][ T9408] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  469.533045][ T9408] option 3-1:0.0: device disconnected
[  469.819899][T10278] binder: BINDER_SET_CONTEXT_MGR already set
[  469.826975][T10278] binder: 10277:10278 ioctl 4018620d 200000000040 returned -16
[  469.839652][T10278] binder: 10277:10278 ioctl c0306201 200000000300 returned -11
[  469.920868][  T125] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  470.112582][  T125] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  470.133305][  T125] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  470.146633][  T125] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.154839][  T125] usb 1-1: Product: syz
[  470.159105][  T125] usb 1-1: Manufacturer: syz
[  470.167766][  T125] usb 1-1: SerialNumber: syz
[  470.177627][  T125] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  470.581407][  T125] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  470.633647][  T125] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  470.679380][  T125] usb 1-1: media controller created
[  470.711807][  T125] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  470.936528][  T125] usb 1-1: USB disconnect, device number 11
[  471.051221][ T4366] hid-generic 0005:0006:5508.0017: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  471.075161][T10302] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1582'.
[  471.104798][    T7] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  471.310981][    T7] usb 5-1: Using ep0 maxpacket: 32
[  471.322757][    T7] usb 5-1: config 0 interface 0 has no altsetting 0
[  471.344778][T10309] fido_id[10309]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  471.378838][    T7] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  471.467752][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.561919][    T7] usb 5-1: Product: syz
[  471.587738][    T7] usb 5-1: Manufacturer: syz
[  471.608561][    T7] usb 5-1: SerialNumber: syz
[  471.625944][    T7] usb 5-1: config 0 descriptor??
[  472.066971][    T7] gs_usb 5-1:0.0: Couldn't get device config: (err=-71)
[  472.081691][    T7] gs_usb: probe of 5-1:0.0 failed with error -71
[  472.104165][    T7] usb 5-1: USB disconnect, device number 18
[  472.728361][T10348] ptrace attach of "./syz-executor exec"[4274] was attempted by " Àÿ      Ðÿ      ð¥      Àÿ      Àÿ      Ðÿ      àÿ             ./file0  °ÿ      Àÿ                 ÿÿÿÿ                                                                                                                                                                                                                                                                                                                                                                                                                      /sys/kernel/debug/binder/stats                                                                                                  8             
€      \x09       Û       
    þÿÿú  ÿÿÿÿ        cgroup.controllers                                                                                                                                                                                         
[  473.450883][    T7] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  473.833383][T10365] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1598'.
[  473.947216][    T7] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  474.000489][    T7] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  474.042060][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.050233][    T7] usb 5-1: Product: syz
[  474.065594][    T7] usb 5-1: Manufacturer: syz
[  474.070578][    T7] usb 5-1: SerialNumber: syz
[  474.130079][    T7] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  474.152289][T10369] fuse: Bad value for 'fd'
[  474.515791][    T7] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  474.547385][    T7] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  474.587441][    T7] usb 5-1: media controller created
[  474.655715][    T7] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  474.861302][T10389] fuse: Unknown parameter 'group_i00000000000000000000'
[  475.126197][    T7] usb 5-1: USB disconnect, device number 19
[  475.563694][T10401] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1609'.
[  475.752185][T10405] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  475.799307][T10405] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1612'.
[  475.836644][T10405] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1612'.
[  476.288223][T10421] fuse: Bad value for 'fd'
[  476.930475][T10428] fuse: Unknown parameter 'group_i00000000000000000000'
[  476.937700][ T4349] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  477.132391][ T4349] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  477.160224][ T4349] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  477.184533][ T4349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.219468][ T4349] usb 4-1: Product: syz
[  477.224029][ T4349] usb 4-1: Manufacturer: syz
[  477.228646][ T4349] usb 4-1: SerialNumber: syz
[  477.253025][ T4349] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  477.551861][T10438] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  477.573031][T10438] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1624'.
[  477.596994][T10438] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1624'.
[  477.637135][    T7] hid-generic 0005:0006:5508.0018: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  477.658232][ T4349] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  477.683849][T10440] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1623'.
[  477.726064][ T4349] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  477.785444][ T4349] usb 4-1: media controller created
[  477.891909][ T4349] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  478.133484][T10445] fido_id[10445]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory
[  478.212591][T10453] device syzkaller0 entered promiscuous mode
[  478.271924][ T4349] usb 4-1: USB disconnect, device number 11
[  478.707149][T10471] fuse: Unknown parameter 'group_i00000000000000000000'
[  478.783604][T10467] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  479.549022][T10486] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  480.080847][  T128] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  480.282341][  T128] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  480.300327][  T128] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  480.322553][  T128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.331828][  T128] usb 3-1: Product: syz
[  480.339176][  T128] usb 3-1: Manufacturer: syz
[  480.345713][  T128] usb 3-1: SerialNumber: syz
[  480.379537][  T128] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  480.778787][  T128] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  480.829259][  T128] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  480.858508][  T128] usb 3-1: media controller created
[  480.893461][  T128] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  481.145282][T10512] binder: 10511:10512 ioctl c0306201 200000000300 returned -11
[  481.336946][  T128] usb 3-1: USB disconnect, device number 10
[  481.534485][T10523] fuse: Unknown parameter 'group_id00000000000000000000'
[  482.899651][T10488] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  482.908823][T10488] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  482.918430][T10488] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  482.927619][T10488] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  483.351768][T10543] binder: 10542:10543 ioctl c0306201 200000000300 returned -11
[  483.619775][T10549] syz.2.1652 (10549): drop_caches: 2
[  483.660946][ T4366] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  483.875813][ T4366] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  483.912117][ T4366] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  483.930880][ T4366] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.939380][ T4366] usb 4-1: Product: syz
[  483.947703][ T4366] usb 4-1: Manufacturer: syz
[  483.953041][ T4366] usb 4-1: SerialNumber: syz
[  483.960931][   T14] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  483.974200][ T4366] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  484.178360][   T14] usb 5-1: Using ep0 maxpacket: 32
[  484.186606][   T14] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  484.219845][   T14] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.262684][   T14] usb 5-1: config 0 descriptor??
[  484.403703][ T4366] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  484.421307][ T4366] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  484.431360][ T4366] usb 4-1: media controller created
[  484.471419][ T4366] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  484.481704][   T14] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  484.523981][   T14] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  484.553569][   T14] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  484.580888][   T14] usb 5-1: media controller created
[  484.633900][   T14] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  484.741003][T10561] ------------[ cut here ]------------
[  484.747063][T10561] usb 4-1: BOGUS control dir, pipe 80000c80 doesn't match bRequestType c0
[  484.881834][T10561] WARNING: CPU: 0 PID: 10561 at drivers/usb/core/urb.c:413 usb_submit_urb+0x11ae/0x1920
[  484.892009][T10561] Modules linked in:
[  484.896006][T10561] CPU: 0 PID: 10561 Comm: syz.4.1655 Not tainted syzkaller #0
[  484.903679][T10561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  484.914123][T10561] RIP: 0010:usb_submit_urb+0x11ae/0x1920
[  484.919811][T10561] Code: ff df 0f b6 44 05 00 84 c0 0f 85 6f 06 00 00 45 0f b6 07 48 c7 c7 e0 97 2e 8b 48 8b 74 24 18 4c 89 e2 44 89 f1 e8 c2 a9 27 fb <0f> 0b 49 bc 00 00 00 00 00 fc ff df e9 93 f3 ff ff 89 e9 80 e1 07
[  484.939755][T10561] RSP: 0018:ffffc9000535f648 EFLAGS: 00010246
[  484.945930][T10561] RAX: 8dab929566a37f00 RBX: ffff8880240ed300 RCX: 0000000000080000
[  484.954006][T10561] RDX: ffffc90011fde000 RSI: 0000000000004814 RDI: 0000000000004815
[  484.962055][T10561] RBP: 1ffff1100535071d R08: ffffc9000535f2c7 R09: 1ffff92000a6be58
[  484.970142][T10561] R10: dffffc0000000000 R11: fffff52000a6be59 R12: ffff888078dc66b8
[  484.978204][T10561] R13: ffff8880788220f8 R14: 0000000080000c80 R15: ffff888029a838e8
[  484.986302][T10561] FS:  00007f4fe60866c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  484.995314][T10561] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  485.002081][T10561] CR2: 00007f0af9252440 CR3: 000000001df9f000 CR4: 00000000003506f0
[  485.010125][T10561] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  485.018185][T10561] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  485.026246][T10561] Call Trace:
[  485.029598][T10561]  <TASK>
[  485.032737][T10561]  usb_start_wait_urb+0x128/0x4e0
[  485.037815][T10561]  ? usb_api_blocking_completion+0xb0/0xb0
[  485.043732][T10561]  usb_control_msg+0x22f/0x3e0
[  485.048553][T10561]  gl861_ctrl_msg+0x211/0x3d0
[  485.053345][T10561]  ? gl861_i2c_functionality+0x10/0x10
[  485.058826][T10561]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  485.064794][T10561]  ? _raw_spin_unlock+0x40/0x40
[  485.069757][T10561]  ? try_to_take_rt_mutex+0x7f7/0xaa0
[  485.075242][T10561]  gl861_i2c_master_xfer+0x430/0x640
[  485.080661][T10561]  ? gl861_init+0x40/0x40
[  485.085169][T10561]  __i2c_transfer+0x880/0x22b0
[  485.090088][T10561]  ? i2c_cmd+0x110/0x110
[  485.094460][T10561]  ? i2c_transfer+0x117/0x3a0
[  485.099181][T10561]  i2c_transfer+0x25d/0x3a0
[  485.103771][T10561]  ? aa_file_perm+0x112/0xf00
[  485.108496][T10561]  ? __i2c_transfer+0x22b0/0x22b0
[  485.113601][T10561]  ? memset+0x1e/0x40
[  485.117625][T10561]  i2c_transfer_buffer_flags+0x10a/0x1a0
[  485.123316][T10561]  ? i2c_transfer+0x3a0/0x3a0
[  485.128020][T10561]  ? common_file_perm+0x171/0x1c0
[  485.133090][T10561]  i2cdev_read+0x84/0x170
[  485.137452][T10561]  ? i2cdev_dev_release+0x20/0x20
[  485.142625][T10561]  vfs_read+0x2de/0xa00
[  485.146811][T10561]  ? kernel_read+0x1e0/0x1e0
[  485.151461][T10561]  ? __fget_files+0x28/0x4b0
[  485.156166][T10561]  ? __fget_files+0x28/0x4b0
[  485.160876][T10561]  ? __fget_files+0x43d/0x4b0
[  485.165628][T10561]  ? __fdget_pos+0x1d4/0x360
[  485.170284][T10561]  ? ksys_read+0x71/0x250
[  485.174796][T10561]  ksys_read+0x14c/0x250
[  485.179074][T10561]  ? vfs_write+0xa30/0xa30
[  485.183722][T10561]  ? lockdep_hardirqs_on+0x94/0x140
[  485.188954][T10561]  do_syscall_64+0x4c/0xa0
[  485.193427][T10561]  ? clear_bhb_loop+0x60/0xb0
[  485.198146][T10561]  ? clear_bhb_loop+0x60/0xb0
[  485.202964][T10561]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  485.208974][T10561] RIP: 0033:0x7f4fe519aeb9
[  485.213450][T10561] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  485.233219][T10561] RSP: 002b:00007f4fe6086028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  485.241684][T10561] RAX: ffffffffffffffda RBX: 00007f4fe5416180 RCX: 00007f4fe519aeb9
[  485.249691][T10561] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
[  485.257752][T10561] RBP: 00007f4fe5208c1f R08: 0000000000000000 R09: 0000000000000000
[  485.265884][T10561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  485.274106][T10561] R13: 00007f4fe5416218 R14: 00007f4fe5416180 R15: 00007ffdaf79ea58
[  485.282245][T10561]  </TASK>
[  485.285277][T10561] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  485.292568][T10561] CPU: 0 PID: 10561 Comm: syz.4.1655 Not tainted syzkaller #0
[  485.300039][T10561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  485.310129][T10561] Call Trace:
[  485.313418][T10561]  <TASK>
[  485.316375][T10561]  dump_stack_lvl+0x188/0x24e
[  485.321087][T10561]  ? memcpy+0x3c/0x60
[  485.325083][T10561]  ? show_regs_print_info+0x12/0x12
[  485.330295][T10561]  ? load_image+0x400/0x400
[  485.334824][T10561]  panic+0x2e5/0x730
[  485.338747][T10561]  ? bpf_jit_dump+0xd0/0xd0
[  485.343276][T10561]  __warn+0x2f8/0x4f0
[  485.347278][T10561]  ? usb_submit_urb+0x11ae/0x1920
[  485.352340][T10561]  ? usb_submit_urb+0x11ae/0x1920
[  485.357465][T10561]  report_bug+0x2ba/0x4f0
[  485.362096][T10561]  ? usb_submit_urb+0x11ae/0x1920
[  485.367181][T10561]  handle_bug+0x3a/0x70
[  485.371379][T10561]  exc_invalid_op+0x16/0x40
[  485.375917][T10561]  asm_exc_invalid_op+0x16/0x20
[  485.380796][T10561] RIP: 0010:usb_submit_urb+0x11ae/0x1920
[  485.386482][T10561] Code: ff df 0f b6 44 05 00 84 c0 0f 85 6f 06 00 00 45 0f b6 07 48 c7 c7 e0 97 2e 8b 48 8b 74 24 18 4c 89 e2 44 89 f1 e8 c2 a9 27 fb <0f> 0b 49 bc 00 00 00 00 00 fc ff df e9 93 f3 ff ff 89 e9 80 e1 07
[  485.406130][T10561] RSP: 0018:ffffc9000535f648 EFLAGS: 00010246
[  485.412244][T10561] RAX: 8dab929566a37f00 RBX: ffff8880240ed300 RCX: 0000000000080000
[  485.420369][T10561] RDX: ffffc90011fde000 RSI: 0000000000004814 RDI: 0000000000004815
[  485.428379][T10561] RBP: 1ffff1100535071d R08: ffffc9000535f2c7 R09: 1ffff92000a6be58
[  485.436382][T10561] R10: dffffc0000000000 R11: fffff52000a6be59 R12: ffff888078dc66b8
[  485.444376][T10561] R13: ffff8880788220f8 R14: 0000000080000c80 R15: ffff888029a838e8
[  485.452385][T10561]  ? usb_submit_urb+0x11ae/0x1920
[  485.457455][T10561]  usb_start_wait_urb+0x128/0x4e0
[  485.462507][T10561]  ? usb_api_blocking_completion+0xb0/0xb0
[  485.468348][T10561]  usb_control_msg+0x22f/0x3e0
[  485.473139][T10561]  gl861_ctrl_msg+0x211/0x3d0
[  485.477846][T10561]  ? gl861_i2c_functionality+0x10/0x10
[  485.483327][T10561]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  485.489240][T10561]  ? _raw_spin_unlock+0x40/0x40
[  485.494106][T10561]  ? try_to_take_rt_mutex+0x7f7/0xaa0
[  485.499515][T10561]  gl861_i2c_master_xfer+0x430/0x640
[  485.504824][T10561]  ? gl861_init+0x40/0x40
[  485.509177][T10561]  __i2c_transfer+0x880/0x22b0
[  485.513984][T10561]  ? i2c_cmd+0x110/0x110
[  485.518300][T10561]  ? i2c_transfer+0x117/0x3a0
[  485.523003][T10561]  i2c_transfer+0x25d/0x3a0
[  485.527531][T10561]  ? aa_file_perm+0x112/0xf00
[  485.532237][T10561]  ? __i2c_transfer+0x22b0/0x22b0
[  485.537286][T10561]  ? memset+0x1e/0x40
[  485.541294][T10561]  i2c_transfer_buffer_flags+0x10a/0x1a0
[  485.546961][T10561]  ? i2c_transfer+0x3a0/0x3a0
[  485.551670][T10561]  ? common_file_perm+0x171/0x1c0
[  485.556733][T10561]  i2cdev_read+0x84/0x170
[  485.561110][T10561]  ? i2cdev_dev_release+0x20/0x20
[  485.566187][T10561]  vfs_read+0x2de/0xa00
[  485.570400][T10561]  ? kernel_read+0x1e0/0x1e0
[  485.575045][T10561]  ? __fget_files+0x28/0x4b0
[  485.579678][T10561]  ? __fget_files+0x28/0x4b0
[  485.584306][T10561]  ? __fget_files+0x43d/0x4b0
[  485.589026][T10561]  ? __fdget_pos+0x1d4/0x360
[  485.593752][T10561]  ? ksys_read+0x71/0x250
[  485.598130][T10561]  ksys_read+0x14c/0x250
[  485.602415][T10561]  ? vfs_write+0xa30/0xa30
[  485.606865][T10561]  ? lockdep_hardirqs_on+0x94/0x140
[  485.612101][T10561]  do_syscall_64+0x4c/0xa0
[  485.616548][T10561]  ? clear_bhb_loop+0x60/0xb0
[  485.621259][T10561]  ? clear_bhb_loop+0x60/0xb0
[  485.626071][T10561]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  485.631989][T10561] RIP: 0033:0x7f4fe519aeb9
[  485.636428][T10561] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  485.656073][T10561] RSP: 002b:00007f4fe6086028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  485.664526][T10561] RAX: ffffffffffffffda RBX: 00007f4fe5416180 RCX: 00007f4fe519aeb9
[  485.672529][T10561] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a
[  485.680525][T10561] RBP: 00007f4fe5208c1f R08: 0000000000000000 R09: 0000000000000000
[  485.688523][T10561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  485.696521][T10561] R13: 00007f4fe5416218 R14: 00007f4fe5416180 R15: 00007ffdaf79ea58
[  485.704530][T10561]  </TASK>
[  485.708194][T10561] Kernel Offset: disabled
[  485.712629][T10561] Rebooting in 86400 seconds..