last executing test programs:

10m32.305697537s ago: executing program 1 (id=285):
mkdir(&(0x7f0000000080)='./file1\x00', 0x8)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
socket(0x10, 0x803, 0x2)
ioctl$BTRFS_IOC_DEFRAG(r0, 0x50009402, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, 0x0, &(0x7f00000000c0))
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x120, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000540)={0xf0f024, 0x5})
r4 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x3, 0x1000, 0xfc, 0x4}})
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000100)={0x2, @pix={0xe, 0x4e, 0x32315559, 0x4, 0x7, 0x9, 0x2, 0x2, 0x0, 0x6, 0x0, 0x2}})

10m31.192054718s ago: executing program 1 (id=295):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000540)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
r4 = add_key$user(&(0x7f0000000000), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000480)="d25a9850a9a91163f76c53", 0xb, 0xfffffffffffffffe)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc020)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)

10m29.484258205s ago: executing program 1 (id=289):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semget$private(0x0, 0x207, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})

10m19.519153455s ago: executing program 1 (id=300):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="700000001200030200"/56, @ANYRES32=0x0, @ANYBLOB="814b00000000000000000000000000002100010008081c00"], 0x70}}, 0x0)

10m18.078816993s ago: executing program 1 (id=302):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x8c, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0xe8c00)
io_setup(0x3, &(0x7f0000000180)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000000800)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}])
ioctl$IOC_PR_PREEMPT(r3, 0x40046109, 0x0)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[], [], 0x2f})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r5, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x20}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r6}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2}}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x2c)

10m15.284685218s ago: executing program 1 (id=304):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x100000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet6(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000000}}, {@jqfmt_vfsv0}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP")
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xe}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)

9m59.705866842s ago: executing program 32 (id=304):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x100000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
socket$inet6(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24000000)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x10e, &(0x7f0000000280)={[{@errors_remount}, {@nodelalloc}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000000}}, {@jqfmt_vfsv0}, {@quota}]}, 0x3, 0x44d, &(0x7f0000000a40)="$eJzs28tvG8UfAPDvrpP219cvoZRHH0CgICIeSZMW6IEDIJA4gITEpRxDklalboOaINGqgoBQOaJK3BFHJP4CTnBBwAmJK9xRpQrlQuFktPZu/IjtJsGJS/35SNvM7I498/Xs2LM73QAG1lj2TxKxNyJ+jYiRWra5wFjtz82VK7N/rVyZTaJSefOPpFruz5Urs0XR4nV78sx4GpF+ksThNvUuXrp8bqZcnr+Y5yeXzr87uXjp8tNnz8+cmT8zf2H65MkTx6eee3b6mZ7EeVfW1kMfLBw5+Opb116fPXXt7R+/Tor4W+LokbFuBx+rVHpcXX/ta0gnQ31sCBtSioisu4ar438kSlHvvJF45eO+Ng7YUpVch8PLFeAOlkS/WwD0R/FDn13/Ftv2zT7678aLtQugLO6b+VY7MhRp1C6Mhluub3tpLCJOLf/9RbbF1tyHAABo8m02/3mq3fwvjXsbyv0/XxsazddS9kfE3RFxICLuiaiWvS8i7t9g/a2LJGvnP+n1TQW2Ttn87/l8bat5/pcWRUZLeW5fNTOcnD5bnj+WfybjMbwzy091qeO7l3/5rNOxxvlftmX1F3PBvB3Xh3Y2v2ZuZmnm38Tc6MZHEYeG2sWfrK4EJBFxMCIObbKOs098daTTsdb4K0m3d3qhOduDdabKlxGP1/p/OVriLyTd1ycn/xfl+WOTxVmx1k8/X32jU/237v+tlfX/7rbn/2r8o0njeu3ixuu4+tunHa9pJjZ1/td37Mj/vj+ztHRxKmJH8lqt0Y37p+uvLfJF+Sz+8aPtx//+qH8ShyMiO4kfiIgHI+KhvO8ejohHIuJol/h/eOnRdzodux36f66l/0ebi7T0fz2xI1r3tE+Uzn3/TfM71pPr+/47UU2N53vW8/23nnZt7mwGAACA/540IvZGkk6sptN0YqL2f/gPxO60vLC49OTphfcuzNWeERiN4bS401W7H1y7HzqVX9YX+emW/PH8vvHnpV3V/MTsQnmu38HDgNvTYfxnfi/1u3XAlvO8Fgwu4x8Gl/EPg8v4h8HVZvzv6kc7gO3X7vf/w3qyMrKdjQG2Vcv4t+wHA8T1Pwwu4x8GV+P47/r8PXAnWdwVt35IXkJiTSLS26IZvUkkWzwK9vY7wI0n+v3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bv/BAAA///oO+WP")
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xe}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)

3m55.331339823s ago: executing program 4 (id=848):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r3, 0x2285, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
r5 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
write$sndseq(r4, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick=0xdf, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
read$snapshot(r4, 0x0, 0xffffffbf)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r4, 0x0, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r6, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', 0x0})
close_range(r2, 0xffffffffffffffff, 0x0)

3m54.159042923s ago: executing program 4 (id=850):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4011}, 0x0)

3m54.01254194s ago: executing program 4 (id=852):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x51)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1e4062, &(0x7f0000000280)={[], [{@uid_eq}]})

3m51.31124917s ago: executing program 4 (id=855):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x8d40, 0x0)
r1 = epoll_create(0xf032126)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x10})
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xffffffff, 0x1, 0x0, 0x0, "00729a7d820001003d6000"})
syz_open_pts(r0, 0x105a00)

3m51.234912223s ago: executing program 2 (id=856):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
io_setup(0x1, &(0x7f0000000b80))
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000140)={'filter\x00', 0x7, 0x4, 0x3c0, 0x1f0, 0x1f0, 0x0, 0x1f0, 0x1f0, 0xe0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0xe8, 0x0, {0xa00}}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x410)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_vhci(0x0, 0xfffffd0c)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x1f5)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000440), 0x80800, 0x0)
ioctl$FBIOPUTCMAP(r5, 0x4605, &(0x7f00000001c0)={0x9bd, 0x1, &(0x7f00000000c0)=[0xabd], 0x0, 0x0, 0x0})
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000140)=0x2000)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x4000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xe, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x7}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)

3m50.153336433s ago: executing program 4 (id=857):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x543402, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000001900), r1)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f0000000080)='dirsync\x00', 0x0, 0xffffffffffffffff)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000326000/0x18000)=nil, 0x0, 0x0, 0xe0, 0x0, 0x0)
sendmsg$NFC_CMD_DEV_DOWN(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4004000)

3m49.987776095s ago: executing program 2 (id=858):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
r6 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick=0xdf, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
read$snapshot(r5, 0x0, 0xffffffbf)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r5, 0x0, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

3m48.132010673s ago: executing program 4 (id=859):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=r1], 0x15c}, 0x1, 0x0, 0x0, 0x40800}, 0x4000040)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1d)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r2, &(0x7f00000000c0)={0x1f, 0x0, @none, 0x0, 0x3}, 0xe)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x8)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000200), 0x8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r6, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x9dfe, 0x11})
write$binfmt_aout(r6, &(0x7f00000041c0)=ANY=[@ANYBLOB="3a6efef0317d6c847fd85586abeb5819f62844dd160ba40eea03dfc90a8c3184344e326aa17878fd107b6072bc9774ec1d74c5eb856ac55b4ba5cf66007ee19546e360e3268dd26dcf1b28c358c2390a568983d8720e2fb4f7c6dde27ae8840bac6a14348adcf6a62d561c7027d0def2e16add9b81433d682c557441c364804c41696f972d2ffed0f551d5214721740750", @ANYRESOCT=r6], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000180)={0x80000, 0xfffffffd, 0xfffffff9, 0x7fff, 0x19, "6d820aa55b00"})
r7 = syz_open_pts(r6, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000004180)=0x17)

3m45.684776139s ago: executing program 2 (id=862):
syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0})
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0xe559)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)

3m39.716262862s ago: executing program 2 (id=869):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x20a7699, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x101c040, 0x0)

3m39.326903116s ago: executing program 2 (id=870):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
r6 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick=0xdf, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
read$snapshot(r5, 0x0, 0xffffffbf)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r5, 0x0, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

3m36.223199936s ago: executing program 2 (id=874):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
r1 = epoll_create(0xf032126)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xffffffff, 0x1, 0x0, 0x0, "00729a7d820001003d6000"})
syz_open_pts(r0, 0x105a00)

3m35.900095055s ago: executing program 33 (id=874):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
r1 = epoll_create(0xf032126)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0xffffffff, 0x1, 0x0, 0x0, "00729a7d820001003d6000"})
syz_open_pts(r0, 0x105a00)

3m32.742414622s ago: executing program 34 (id=859):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=r1], 0x15c}, 0x1, 0x0, 0x0, 0x40800}, 0x4000040)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1d)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_clone(0x2180, 0x0, 0xe4, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r2, &(0x7f00000000c0)={0x1f, 0x0, @none, 0x0, 0x3}, 0xe)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r4, 0x8)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000200), 0x8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r6, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x9dfe, 0x11})
write$binfmt_aout(r6, &(0x7f00000041c0)=ANY=[@ANYBLOB="3a6efef0317d6c847fd85586abeb5819f62844dd160ba40eea03dfc90a8c3184344e326aa17878fd107b6072bc9774ec1d74c5eb856ac55b4ba5cf66007ee19546e360e3268dd26dcf1b28c358c2390a568983d8720e2fb4f7c6dde27ae8840bac6a14348adcf6a62d561c7027d0def2e16add9b81433d682c557441c364804c41696f972d2ffed0f551d5214721740750", @ANYRESOCT=r6], 0xff2e)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000180)={0x80000, 0xfffffffd, 0xfffffff9, 0x7fff, 0x19, "6d820aa55b00"})
r7 = syz_open_pts(r6, 0x0)
r8 = dup3(r7, r6, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000004180)=0x17)

3m2.6269118s ago: executing program 0 (id=907):
r0 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000100)={0x13})

3m1.758623596s ago: executing program 0 (id=908):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
dup(r0)
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0)
socket(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x88002, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @remote}, {0x2, 0x4e23, @loopback}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)

3m1.55097567s ago: executing program 0 (id=909):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r5, 0x0, 0xd, 0xfffffffffffffffe)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r6, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})
write$FUSE_NOTIFY_RETRIEVE(r8, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x10001}}, 0x30)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="880000000314230c2abd7000ffdbdf250900020073797a3100000000080041007369770014003300766972745f7769666930001a000000000900020073797a3200000000080041007278650014003300776732000000000000000000000000000900020073797a3100000000080041007369770014003300776c616e30000000"], 0x88}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0xa6ffffff}, 0xc004)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)
fcntl$notify(r0, 0x402, 0x80000033)

2m58.76128344s ago: executing program 0 (id=911):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000d1}, 0x404c800)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x8800)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x240400a1}, 0x4890)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000002c0)=0x14)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'aio_iiro_16\x00', [0xd00, 0x4, 0x10001, 0x0, 0x3, 0xcc7, 0x8, 0x7, 0x5, 0xff, 0x2, 0x1, 0x8, 0x2, 0x9, 0x9, 0xbc76146, 0x9, 0x43, 0x40000003, 0x8c, 0x8, 0x5, 0x6, 0x800b, 0x48, 0x5, 0x6, 0xd, 0x0, 0x8000]})

2m56.520798062s ago: executing program 0 (id=916):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff}, 0x50)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004"], 0x44}}, 0x0)
io_uring_setup(0x1ca1, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000840), r5)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r7 = syz_open_dev$ttys(0xc, 0x2, 0x0)
dup3(r6, r7, 0x80000)

2m55.228450345s ago: executing program 0 (id=918):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
r6 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick=0xdf, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
read$snapshot(r5, 0x0, 0xffffffbf)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r5, 0x0, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

2m40.065485355s ago: executing program 35 (id=918):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = fcntl$dupfd(r4, 0x0, r4)
r6 = socket$inet(0x2b, 0x801, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)
write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick=0xdf, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38)
read$snapshot(r5, 0x0, 0xffffffbf)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r5, 0x0, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'ip6gre0\x00', 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

1m21.354775921s ago: executing program 7 (id=1036):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r0, &(0x7f0000004200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
write$FUSE_NOTIFY_STORE(r0, 0x0, 0x28)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x440, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)

1m21.043296462s ago: executing program 7 (id=1039):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x543402, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000001900), r1)
r3 = fsopen(0x0, 0x1)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r3, 0x4, &(0x7f0000000080)='dirsync\x00', 0x0, 0xffffffffffffffff)
r4 = getpgrp(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000326000/0x18000)=nil, 0x0, 0x0, 0xe0, 0x0, 0x0)
sendmsg$NFC_CMD_DEV_DOWN(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4004000)

1m19.598375861s ago: executing program 7 (id=1040):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})

1m10.343946933s ago: executing program 7 (id=1050):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
get_mempolicy(&(0x7f0000000180), 0x0, 0x3, &(0x7f0000ff9000/0x4000)=nil, 0x3)

1m10.112120472s ago: executing program 7 (id=1053):
socket$nl_route(0x10, 0x3, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r6}, &(0x7f0000000080), &(0x7f00000000c0)=r3}, 0x20)
recvmsg$unix(r5, &(0x7f00000003c0)={0x0, 0xffffffffffffff04, &(0x7f0000002380)=[{&(0x7f0000002480)=""/195, 0xc3}], 0x1}, 0x2000)
shutdown(r4, 0x2)

1m8.523230399s ago: executing program 7 (id=1054):
r0 = syz_open_dev$usbfs(&(0x7f00000003c0), 0x76, 0x141b41)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, 0x0)
memfd_secret(0xa51cd372813f45c5)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x2fb}, &(0x7f0000000140)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x6, &(0x7f0000000380)=[{&(0x7f0000000280)=""/194, 0xc2}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

51.358982404s ago: executing program 36 (id=1054):
r0 = syz_open_dev$usbfs(&(0x7f00000003c0), 0x76, 0x141b41)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, 0x0)
memfd_secret(0xa51cd372813f45c5)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0)
r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x2fb}, &(0x7f0000000140)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0x6, &(0x7f0000000380)=[{&(0x7f0000000280)=""/194, 0xc2}], 0x1})
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)

14.316671822s ago: executing program 3 (id=1145):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', <r1=>0x0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x4000010)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
accept(r3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x11, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x7d}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0xa, 0x0, 0x0, 0x41000, 0x1e, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r5}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r6, &(0x7f0000000300)=""/102400, 0x19000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x20b, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14}}, 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r8, 0x4b52, &(0x7f0000000000)={0x2, {0x2, 0xffff, 0x880}})
syz_emit_ethernet(0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x5c, 0x24, 0xd0f, 0x470bd30, 0x25dfdbff, {0x60, 0x0, 0x0, r1, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x0, 0x4, 0x3, 0x2, 0x9, 0x1}}, {0x4}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x44080)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)

12.290928481s ago: executing program 3 (id=1148):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r4, 0x0, 0xd, 0xfffffffffffffffe)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x10001}}, 0x30)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="880000000314230c2abd7000ffdbdf250900020073797a3100000000080041007369770014003300766972745f7769666930001a000000000900020073797a3200000000080041007278650014003300776732000000000000000000000000000900020073797a3100000000080041007369770014003300776c616e30000000"], 0x88}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0xa6ffffff}, 0xc004)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000033)

10.832362558s ago: executing program 8 (id=1152):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r0, 0x0, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
write$FUSE_NOTIFY_STORE(r0, 0x0, 0x28)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x440, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)

10.66484185s ago: executing program 5 (id=1153):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x38, 0x1402, 0x1, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x40)

10.355050871s ago: executing program 5 (id=1154):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0xe559)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000100)='proc\x00', 0x0, 0x0)

10.182547463s ago: executing program 3 (id=1155):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000200)="9c30fb4d", 0x4}], 0x1)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00, 0xa00})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='numa_maps\x00')
preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r6, 0x40505330, &(0x7f0000000bc0)={{0xfd, 0x1}, {0xe}, 0x2005, 0xbfbf})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x28, 0x1, 0x7, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x6}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x1}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x804c}, 0xc080)
r8 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c642e, 0x0)
sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1800}, 0x40004)

8.900564538s ago: executing program 5 (id=1156):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x2ffe, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x4b, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0x54, 0x0, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x400}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8894}, 0x8000)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000000)={0x0, 0x399a, 0x5, 0x1, 0x2})
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x211000, 0x1000, 0x100, 0x1}, 0x20)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2)
setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000000)=0x1)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140), 0x0)
accept4(r0, 0x0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8.752986725s ago: executing program 8 (id=1157):
r0 = syz_open_dev$dri(0x0, 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x5, 0x3})

7.978918953s ago: executing program 8 (id=1160):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808000240000000400800014000000000fb0001400000000708000140000044f10800034000000003080007"], 0xa8}}, 0x0)

7.542670516s ago: executing program 8 (id=1162):
recvmmsg(0xffffffffffffffff, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=""/60, 0x3c}, 0x7}], 0x1, 0x1, 0x0)
syz_io_uring_setup(0x3a, 0x0, &(0x7f0000000380), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mq_open(0x0, 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
move_pages(0x0, 0x0, 0x0, 0x0, &(0x7f0000000c00)=[0x0], 0x2)
r1 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', 0x0})
r2 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4f28, 0x3, 'nq\x00', 0x0, 0xc, 0x6c}, {@empty, 0x4e25, 0x2, 0xcd, 0x1}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1800, r3}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000640)={r3, 0x0, 0x0}, 0x20)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000480)=[{&(0x7f00000002c0)=""/23, 0x17}], 0x1, 0x2, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)

6.48049552s ago: executing program 6 (id=1163):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r4, 0x0, 0xd, 0xfffffffffffffffe)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x10001}}, 0x30)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="880000000314230c2abd7000ffdbdf250900020073797a3100000000080041007369770014003300766972745f7769666930001a000000000900020073797a3200000000080041007278650014003300776732000000000000000000000000000900020073797a3100000000080041007369770014003300776c616e30000000"], 0x88}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0xa6ffffff}, 0xc004)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000033)

6.303106041s ago: executing program 8 (id=1164):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0xe559)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, 0x0, &(0x7f0000000100)='proc\x00', 0x0, 0x0)

4.101011801s ago: executing program 8 (id=1165):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
read$FUSE(r0, &(0x7f0000004200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
umount2(0x0, 0x0)
write$FUSE_NOTIFY_STORE(r0, 0x0, 0x28)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x440, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x8, 0x80}}, 0x50)

2.955122756s ago: executing program 6 (id=1166):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000280)="5338a3848b25e2", 0x7}], 0x1}}], 0x1, 0x20008000)
recvmsg(r0, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000200)=""/112, 0x70}], 0x1}, 0x123)
shutdown(r0, 0x1)

2.641775796s ago: executing program 6 (id=1167):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000200)=0x415a, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/33, 0x21}, 0x4}], 0x3d5, 0x45833af92e4b38ff, 0x0)

2.561551939s ago: executing program 3 (id=1168):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x5, 0x3})

2.406961674s ago: executing program 5 (id=1169):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYRES16=r0, @ANYBLOB="010009269b310571da344300000014000300", @ANYRES32=r2], 0x38}, 0x1, 0x0, 0x0, 0x4011}, 0x0)

2.347569742s ago: executing program 6 (id=1170):
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808000240000000400800014000000000fb0001400000000708000140000044f10800034000000003080007"], 0xa8}}, 0x0)

2.224689644s ago: executing program 3 (id=1171):
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x7}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)

2.20507817s ago: executing program 5 (id=1172):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000680)={0x1c, r1, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x44000}, 0x8000)

2.059017337s ago: executing program 6 (id=1173):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0xe559)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, 0x0, &(0x7f0000000100)='proc\x00', 0x0, 0x0)

251.416085ms ago: executing program 6 (id=1174):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = semget$private(0x0, 0x207, 0x0)
semctl$GETALL(r4, 0x0, 0xd, 0xfffffffffffffffe)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0xfffffffd, 0x100, 0x100, 0x10, 0x0, 0xc2}, 0x1c)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20000801}, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000014c0)={'macvtap0\x00', &(0x7f00000013c0)=@ethtool_drvinfo={0x3, "3768ca9bdb9072480b2f1c8f8182ce0898651461231fb740854b22a4379de586", "43a38879022a99b405a660e7cd1d15725e68a25c5152bd0bd227ffb8739f1cfc", "131c5b4bdb8af434447f3cb705650db1c0f8ddb541648cc0b1d318873f8c9a85", "f16051bbcb4dda20aea0d433f8c6f05bce62635e71c972c7929a58603233d497", "1cb283a6b524caa0cfd3fc2d99e7cad81b31b74f347dff63fa93236b8a8a2ccb"}})
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x3, 0x0, 0x10001}}, 0x30)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="880000000314230c2abd7000ffdbdf250900020073797a3100000000080041007369770014003300766972745f7769666930001a000000000900020073797a3200000000080041007278650014003300776732000000000000000000000000000900020073797a3100000000080041007369770014003300776c616e30000000"], 0x88}, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0xa6ffffff}, 0xc004)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
syz_open_dev$vbi(&(0x7f0000000040), 0x3, 0x2)
fcntl$notify(0xffffffffffffffff, 0x402, 0x80000033)

120.472816ms ago: executing program 5 (id=1175):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r2 = syz_open_dev$ttys(0xc, 0x2, 0x0)
dup3(r1, r2, 0x80000)

0s ago: executing program 3 (id=1176):
openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x7, r1, 0x4}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r1, &(0x7f0000001600), &(0x7f0000001680)=""/227}, 0x20)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mq_open(&(0x7f0000000000)='/dev/ptp0\x00', 0x800, 0x100, 0x0)
r3 = syz_open_dev$loop(0x0, 0xb8a, 0x18b80)
ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f0000000340))
r4 = syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82)
ioctl$FE_GET_PROPERTY(r4, 0x80106f53, &(0x7f0000000000)={0x2e, &(0x7f0000000500)=[{0x33, '\x00', @st={0x4, [{0x2, @uvalue=0x2}, {0x2, @svalue=0xc653}, {0x3, @svalue=0x9}, {0x1, @uvalue=0x9}]}, 0xa}]})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0xff00000000000000}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

n invalid bInterval 0, changing to 7
[  174.822600][  T967] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  174.852742][  T967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.883693][  T967] usb 3-1: config 0 descriptor??
[  175.272536][  T967] usbhid 3-1:0.0: can't add hid device: -71
[  175.278636][  T967] usbhid: probe of 3-1:0.0 failed with error -71
[  175.358037][  T967] usb 3-1: USB disconnect, device number 5
[  176.482417][  T967] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  176.702380][  T967] usb 3-1: Using ep0 maxpacket: 32
[  176.710501][  T967] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.738750][  T967] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  176.792595][  T967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.859323][  T967] usb 3-1: config 0 descriptor??
[  176.901211][ T6526] netlink: 'syz.3.195': attribute type 27 has an invalid length.
[  176.960757][  T967] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  177.000188][  T967] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  177.066913][ T5814] IPVS: starting estimator thread 0...
[  177.383840][ T5814] usb 3-1: USB disconnect, device number 6
[  177.412589][ T6527] IPVS: using max 18 ests per chain, 43200 per kthread
[  177.586646][ T5814] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  178.568694][ T6541] 9pnet_fd: Insufficient options for proto=fd
[  181.424981][ T6566] (null): rxe_set_mtu: Set mtu to 1024
[  181.831302][ T6566] infiniband : set active
[  181.835810][ T6566] infiniband : added veth0_vlan
[  182.789280][ T6566] RDS/IB: : added
[  182.793202][ T6566] smc: adding ib device  with port count 1
[  182.799107][ T6566] smc:    ib device  port 1 has pnetid 
[  184.163176][ T6562] zonefs (nullb0) ERROR: Not a zoned block device
[  184.196839][ T6582] 9pnet_fd: Insufficient options for proto=fd
[  187.629364][ T6611] 9pnet_fd: Insufficient options for proto=fd
[  189.989281][ T6625] --map-set only usable from mangle table
[  193.403945][ T6638] wlan0 speed is unknown, defaulting to 1000
[  193.410447][ T6638] wlan0 speed is unknown, defaulting to 1000
[  193.423945][ T6638] wlan0 speed is unknown, defaulting to 1000
[  193.515468][ T6638] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  193.634372][ T6638] wlan0 speed is unknown, defaulting to 1000
[  193.653379][ T6638] wlan0 speed is unknown, defaulting to 1000
[  193.672438][ T6638] wlan0 speed is unknown, defaulting to 1000
[  193.688754][ T6638] wlan0 speed is unknown, defaulting to 1000
[  194.508420][ T6644] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  194.754334][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  194.765613][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  196.224205][ T6654] 9pnet_fd: Insufficient options for proto=fd
[  197.085259][ T6666] --map-set only usable from mangle table
[  203.921409][ T6709] 9pnet_fd: Insufficient options for proto=fd
[  204.392362][ T6714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.243'.
[  207.953730][   T28] audit: type=1326 audit(1772416525.445:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.953790][   T28] audit: type=1326 audit(1772416525.445:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.953835][   T28] audit: type=1326 audit(1772416525.445:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.953888][   T28] audit: type=1326 audit(1772416525.445:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.953933][   T28] audit: type=1326 audit(1772416525.445:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.953976][   T28] audit: type=1326 audit(1772416525.445:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.954020][   T28] audit: type=1326 audit(1772416525.445:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.954064][   T28] audit: type=1326 audit(1772416525.445:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.954107][   T28] audit: type=1326 audit(1772416525.445:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  207.954158][   T28] audit: type=1326 audit(1772416525.445:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6738 comm="syz.2.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  208.001586][ T6744] 9pnet_fd: Insufficient options for proto=fd
[  208.354671][    C0] vkms_vblank_simulate: vblank timer overrun
[  208.404903][    C0] vkms_vblank_simulate: vblank timer overrun
[  208.688347][    C0] vkms_vblank_simulate: vblank timer overrun
[  208.719391][ T6752] netlink: 36 bytes leftover after parsing attributes in process `syz.1.257'.
[  208.912253][    C0] vkms_vblank_simulate: vblank timer overrun
[  208.992298][    C0] vkms_vblank_simulate: vblank timer overrun
[  211.728320][ T6777] 9pnet_fd: Insufficient options for proto=fd
[  211.937653][ T6780] --map-set only usable from mangle table
[  212.103789][ T6757] Bluetooth: hci1: command 0x0406 tx timeout
[  212.110196][ T6756] Bluetooth: hci3: command 0x0406 tx timeout
[  212.129289][ T6757] Bluetooth: hci2: command 0x0406 tx timeout
[  212.892497][ T5780] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  213.032359][ T5758] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  213.082473][ T5780] usb 4-1: Using ep0 maxpacket: 8
[  213.093068][ T5780] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  213.120060][ T5780] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  213.131637][ T5780] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  213.145259][ T5780] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  213.170371][ T5780] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  213.179924][ T5780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.228623][ T5758] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  213.245644][ T5758] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  213.261019][ T5758] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  213.271902][ T5758] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  213.281930][ T5758] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.337995][ T5758] usb 1-1: Quirk or no altest; falling back to MIDI 1.0
[  213.423427][ T5780] usb 4-1: GET_CAPABILITIES returned 0
[  213.452022][ T5780] usbtmc 4-1:16.0: can't read capabilities
[  214.033238][ T6783] usbtmc 4-1:16.0: usbtmc488_ioctl_trigger returned -71
[  214.053449][ T5778] udevd[5778]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  214.095529][ T5814] usb 4-1: USB disconnect, device number 4
[  214.169975][ T5758] snd-usb-audio: probe of 1-1:27.0 failed with error -12
[  214.316219][ T5758] usb 1-1: USB disconnect, device number 3
[  214.394698][ T6795] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  217.212346][ T6805] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  217.212346][ T6805]    program syz.1.270 not setting count and/or reply_len properly
[  221.726981][ T6822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.276'.
[  222.302456][ T6825] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  225.929650][ T6848] --map-set only usable from mangle table
[  230.419093][  T787] IPVS: starting estimator thread 0...
[  230.664348][ T6865] IPVS: using max 19 ests per chain, 45600 per kthread
[  234.972569][ T6884] 9pnet_virtio: no channels available for device syz
[  235.532653][ T6886] overlay: Unknown parameter '/'
[  238.912675][ T6901] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  238.912675][ T6901]    program syz.0.293 not setting count and/or reply_len properly
[  241.556543][ T6907] --map-set only usable from mangle table
[  244.787355][ T6938] 9pnet_virtio: no channels available for device syz
[  244.798374][ T6938] overlay: Unknown parameter '/'
[  248.102381][ T6984] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  248.102381][ T6984]    program syz.0.303 not setting count and/or reply_len properly
[  250.176991][ T7010] loop1: detected capacity change from 0 to 512
[  250.258748][ T7010] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  250.442737][ T7010] EXT4-fs (loop1): 1 orphan inode deleted
[  250.448647][ T7010] EXT4-fs (loop1): 1 truncate cleaned up
[  250.455717][ T7010] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  250.897034][ T5832] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  251.169012][ T7020] --map-set only usable from mangle table
[  251.222475][ T5832] usb 1-1: Using ep0 maxpacket: 32
[  251.244598][ T5832] usb 1-1: unable to get BOS descriptor or descriptor too short
[  251.258541][ T5832] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  251.281721][ T5832] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice= 0.40
[  251.296446][ T5832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.316604][ T5832] usb 1-1: Product: syz
[  251.328309][ T5832] usb 1-1: Manufacturer: syz
[  251.338485][ T5832] usb 1-1: SerialNumber: syz
[  251.592130][ T5832] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  251.601541][ T5832] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  251.640708][ T5832] usb 1-1: USB disconnect, device number 4
[  251.739802][ T5778] udevd[5778]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  253.256205][ T7039] 9pnet_virtio: no channels available for device syz
[  253.278664][ T7039] overlay: Unknown parameter '/'
[  254.528493][ T7017] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  254.586345][ T7038] 9pnet_fd: Insufficient options for proto=fd
[  254.617325][ T7017] EXT4-fs (loop1): Remounting filesystem read-only
[  256.283340][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  256.289859][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  258.804285][ T7068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.322'.
[  259.400384][ T7073] 9pnet_fd: Insufficient options for proto=fd
[  259.435486][ T7071] process 'syz.0.321' launched '/dev/fd/9' with NULL argv: empty string added
[  265.882325][ T7105] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  265.882325][ T7105]    program syz.3.332 not setting count and/or reply_len properly
[  268.150664][ T6998] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.568461][ T5083] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  268.579254][ T5083] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  268.589998][ T5083] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  268.600800][ T5083] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  268.616721][ T5083] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  268.624680][ T5083] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  268.873987][ T7113] lo speed is unknown, defaulting to 1000
[  268.969297][ T7113] lo speed is unknown, defaulting to 1000
[  269.545223][ T5780] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  269.584733][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.772511][ T5780] usb 3-1: Using ep0 maxpacket: 32
[  269.780955][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.802050][ T5780] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  269.810876][ T5780] usb 3-1: config 0 has no interface number 0
[  269.847755][ T5780] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  269.897337][ T5780] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  269.915198][ T5780] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.923880][ T5780] usb 3-1: Product: syz
[  269.928177][ T5780] usb 3-1: Manufacturer: syz
[  269.937917][ T5780] usb 3-1: SerialNumber: syz
[  269.969026][ T5780] usb 3-1: config 0 descriptor??
[  270.008585][ T7123] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  270.059450][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.254888][ T7123] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  270.255763][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  270.305692][ T7113] wlan0 speed is unknown, defaulting to 1000
[  270.779587][   T51] Bluetooth: hci4: command tx timeout
[  273.642379][   T51] Bluetooth: hci4: command tx timeout
[  273.780599][ T7113] chnl_net:caif_netlink_parms(): no params data found
[  273.829572][ T5780] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  273.922545][ T5780] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  273.993073][ T5780] asix: probe of 3-1:0.188 failed with error -71
[  274.025037][ T5780] usb 3-1: USB disconnect, device number 7
[  274.763566][ T7165] 9pnet_virtio: no channels available for device syz
[  275.632573][ T7164] overlay: Unknown parameter '/'
[  278.582550][   T51] Bluetooth: hci4: command tx timeout
[  279.355093][ T7180] --map-set only usable from mangle table
[  280.300961][ T7113] bridge0: port 1(bridge_slave_0) entered blocking state
[  280.318923][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.339260][ T7113] bridge_slave_0: entered allmulticast mode
[  280.354396][ T7113] bridge_slave_0: entered promiscuous mode
[  280.462365][  T967] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  280.505641][ T7113] bridge0: port 2(bridge_slave_1) entered blocking state
[  280.522411][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state
[  280.540088][ T7113] bridge_slave_1: entered allmulticast mode
[  280.554243][ T7113] bridge_slave_1: entered promiscuous mode
[  280.649439][ T7113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  280.662602][   T51] Bluetooth: hci4: command tx timeout
[  280.703151][ T7113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  280.851238][  T967] usb 3-1: Using ep0 maxpacket: 8
[  281.742857][ T7198] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  281.742857][ T7198]    program syz.3.341 not setting count and/or reply_len properly
[  287.776939][  T967] usb 3-1: unable to read config index 0 descriptor/start: -71
[  287.784677][  T967] usb 3-1: can't read configurations, error -71
[  288.254296][ T7113] team0: Port device team_slave_0 added
[  288.295689][ T7113] team0: Port device team_slave_1 added
[  288.598588][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_0
[  288.608958][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  289.012894][ T7225] 9pnet_virtio: no channels available for device syz
[  289.632527][ T7224] overlay: Unknown parameter '/'
[  292.735582][ T7113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.799100][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.809077][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.851240][ T7113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.402606][ T5780] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  293.590265][ T7113] hsr_slave_0: entered promiscuous mode
[  293.616938][ T7113] hsr_slave_1: entered promiscuous mode
[  293.692653][ T7113] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  293.712444][ T5780] usb 1-1: Using ep0 maxpacket: 8
[  294.842373][ T7113] Cannot create hsr debugfs directory
[  294.858226][ T5780] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  294.923598][ T5780] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  294.983727][ T5780] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  295.025096][ T5780] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  295.079280][ T5780] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  295.116969][ T5780] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.249676][ T5780] usb 1-1: usb_control_msg returned -71
[  297.267194][ T5780] usbtmc 1-1:16.0: can't read capabilities
[  297.376811][ T5780] usb 1-1: USB disconnect, device number 5
[  299.126442][ T7272] syz.2.363: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  300.078789][ T7272] CPU: 0 PID: 7272 Comm: syz.2.363 Not tainted syzkaller #0
[  300.086157][ T7272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  300.096284][ T7272] Call Trace:
[  300.099616][ T7272]  <TASK>
[  300.102592][ T7272]  dump_stack_lvl+0x18c/0x250
[  300.107354][ T7272]  ? show_regs_print_info+0x20/0x20
[  300.112613][ T7272]  ? load_image+0x400/0x400
[  300.117176][ T7272]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  300.123645][ T7272]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  300.130187][ T7272]  warn_alloc+0x246/0x340
[  300.134585][ T7272]  ? stack_trace_save+0xaa/0x100
[  300.139563][ T7272]  ? zone_watermark_ok_safe+0x230/0x230
[  300.145156][ T7272]  ? kasan_set_track+0x5f/0x70
[  300.149946][ T7272]  ? kasan_set_track+0x4e/0x70
[  300.154748][ T7272]  ? __kasan_kmalloc+0x8f/0xa0
[  300.159542][ T7272]  ? xsk_init_queue+0xad/0x100
[  300.164345][ T7272]  ? xsk_setsockopt+0x4e5/0x760
[  300.169226][ T7272]  ? do_sock_setsockopt+0x175/0x1a0
[  300.174465][ T7272]  ? __x64_sys_setsockopt+0x182/0x200
[  300.179879][ T7272]  __vmalloc_node_range+0x126/0x1330
[  300.185224][ T7272]  ? free_vm_area+0x50/0x50
[  300.189767][ T7272]  vmalloc_user+0x74/0x80
[  300.194134][ T7272]  ? xskq_create+0xbf/0x170
[  300.198672][ T7272]  xskq_create+0xbf/0x170
[  300.203038][ T7272]  xsk_init_queue+0xad/0x100
[  300.207664][ T7272]  xsk_setsockopt+0x4e5/0x760
[  300.212377][ T7272]  ? xsk_poll+0x680/0x680
[  300.216759][ T7272]  ? __fget_files+0x28/0x4b0
[  300.221396][ T7272]  ? __fget_files+0x28/0x4b0
[  300.226018][ T7272]  ? aa_sock_opt_perm+0x74/0x100
[  300.230986][ T7272]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  300.236563][ T7272]  ? security_socket_setsockopt+0x7e/0xa0
[  300.242311][ T7272]  ? xsk_poll+0x680/0x680
[  300.246670][ T7272]  do_sock_setsockopt+0x175/0x1a0
[  300.251731][ T7272]  ? __fdget+0x180/0x210
[  300.256005][ T7272]  __x64_sys_setsockopt+0x182/0x200
[  300.261260][ T7272]  do_syscall_64+0x55/0xa0
[  300.265718][ T7272]  ? clear_bhb_loop+0x40/0x90
[  300.270438][ T7272]  ? clear_bhb_loop+0x40/0x90
[  300.275156][ T7272]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  300.281081][ T7272] RIP: 0033:0x7fc18619c799
[  300.285580][ T7272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  300.305247][ T7272] RSP: 002b:00007fc186f80028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  300.313692][ T7272] RAX: ffffffffffffffda RBX: 00007fc186415fa0 RCX: 00007fc18619c799
[  300.321695][ T7272] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  300.329693][ T7272] RBP: 00007fc186232bd9 R08: 0000000000000004 R09: 0000000000000000
[  300.337720][ T7272] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  300.345738][ T7272] R13: 00007fc186416038 R14: 00007fc186415fa0 R15: 00007ffface40468
[  300.353755][ T7272]  </TASK>
[  300.452759][ T7272] Mem-Info:
[  300.455956][ T7272] active_anon:31165 inactive_anon:0 isolated_anon:0
[  300.455956][ T7272]  active_file:18492 inactive_file:40011 isolated_file:0
[  300.455956][ T7272]  unevictable:768 dirty:58 writeback:0
[  300.455956][ T7272]  slab_reclaimable:10483 slab_unreclaimable:96298
[  300.455956][ T7272]  mapped:30255 shmem:26906 pagetables:598
[  300.455956][ T7272]  sec_pagetables:0 bounce:0
[  300.455956][ T7272]  kernel_misc_reclaimable:0
[  300.455956][ T7272]  free:1319683 free_pcp:6373 free_cma:0
[  300.533440][ T7271] syz.0.362 (7271): /proc/7267/oom_adj is deprecated, please use /proc/7267/oom_score_adj instead.
[  300.570446][ T7272] Node 0 active_anon:124560kB inactive_anon:0kB active_file:73968kB inactive_file:159840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121020kB dirty:232kB writeback:0kB shmem:106088kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11220kB pagetables:2392kB sec_pagetables:0kB all_unreclaimable? no
[  300.680411][   T12] hsr_slave_0: left promiscuous mode
[  300.688337][ T7272] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  300.688552][   T12] hsr_slave_1: left promiscuous mode
[  300.756459][ T7272] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  300.802759][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  300.810345][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  300.812872][ T7272] lowmem_reserve[]: 0 2521 2522 2522 2522
[  300.838275][ T7272] Node 0 DMA32 free:1377260kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:120820kB inactive_anon:0kB active_file:73968kB inactive_file:159020kB unevictable:1536kB writepending:232kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:8100kB local_pcp:1976kB free_cma:0kB
[  300.870808][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  300.886632][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  300.905522][   T12] bridge_slave_1: left allmulticast mode
[  300.911256][   T12] bridge_slave_1: left promiscuous mode
[  300.940194][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.960265][ T7272] lowmem_reserve[]: 0 0 0 0 0
[  300.983293][ T7272] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[  301.013305][   T12] bridge_slave_0: left allmulticast mode
[  301.027663][   T12] bridge_slave_0: left promiscuous mode
[  301.039059][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.082340][ T7272] lowmem_reserve[]: 0 0 0 0 0
[  301.087797][ T7272] Node 1 Normal free:3886000kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:21344kB local_pcp:7488kB free_cma:0kB
[  301.164601][   T12] veth1_macvtap: left promiscuous mode
[  301.170897][   T12] veth0_macvtap: left promiscuous mode
[  301.176279][ T7272] lowmem_reserve[]: 0 0 0 0 0
[  301.181194][ T7272] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  301.194504][   T12] veth1_vlan: left promiscuous mode
[  301.195583][   T12] veth0_vlan: left promiscuous mode
[  301.226329][ T7272] Node 0 DMA32: 19*4kB (ME) 9*8kB (UE) 2*16kB (ME) 2*32kB (UE) 152*64kB (UME) 136*128kB (U) 24*256kB (UME) 22*512kB (UME) 13*1024kB (UM) 8*2048kB (ME) 318*4096kB (M) = 1377012kB
[  301.282512][ T7272] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  301.315239][ T7272] Node 1 Normal: 250*4kB (UME) 55*8kB (UME) 39*16kB (UME) 93*32kB (UME) 24*64kB (UE) 8*128kB (UME) 2*256kB (UE) 2*512kB (ME) 0*1024kB 1*2048kB (E) 946*4096kB (M) = 3886000kB
[  301.383318][ T7272] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  301.414044][ T7272] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  301.453136][ T7272] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  301.482474][ T7272] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  301.513356][ T7272] 77311 total pagecache pages
[  301.525758][ T7272] 0 pages in swap cache
[  301.542353][ T7272] Free swap  = 124720kB
[  301.562750][ T7272] Total swap = 124996kB
[  301.574936][ T7272] 2097051 pages RAM
[  301.583826][ T7272] 0 pages HighMem/MovableOnly
[  301.594851][ T7272] 416922 pages reserved
[  301.607039][ T7272] 0 pages cma reserved
[  303.175035][ T7290] loop9: detected capacity change from 0 to 7
[  303.218481][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.228021][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.249308][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.258593][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.272276][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.281514][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.318827][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.328118][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.362023][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.371464][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.407616][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.416867][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.432260][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.441466][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.454865][ T7290] ldm_validate_partition_table(): Disk read failed.
[  303.492377][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.501593][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.526283][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.535523][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.548150][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.557352][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  303.583304][ T7290] Dev loop9: unable to read RDB block 0
[  303.608574][ T7290]  loop9: unable to read partition table
[  303.622747][ T7290] loop9: partition table beyond EOD, truncated
[  303.629203][ T7290] loop_reread_partitions: partition scan of loop9 (DŸ�iXK׉jÌ”S{³ÑáÎ<ÚB/ŽøØc¼:Šé¦ÛßÝ¡>C(Îí¨z£ìU-1`¶\	uRtœÇOÒ¯öj) failed (rc=-5)
[  303.731610][ T7292] ldm_validate_partition_table(): Disk read failed.
[  303.748894][ T5780] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  303.773150][ T7292] Dev loop9: unable to read RDB block 0
[  303.779377][ T7292]  loop9: unable to read partition table
[  303.945789][ T7292] loop9: partition table beyond EOD, truncated
[  303.975916][ T5780] usb 4-1: Using ep0 maxpacket: 16
[  303.986306][ T5780] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  304.332847][ T7298] 9pnet_virtio: no channels available for device syz
[  304.802869][ T7300] overlay: Unknown parameter '/'
[  305.869584][ T5780] usb 4-1: New USB device found, idVendor=04d0, idProduct=00dd, bcdDevice= 0.00
[  305.890497][ T5780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.909820][ T5780] usb 4-1: config 0 descriptor??
[  306.981682][   T12] team0 (unregistering): Port device team_slave_1 removed
[  307.896061][   T12] team0 (unregistering): Port device team_slave_0 removed
[  308.072079][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  308.242321][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  309.176731][   T12] bond0 (unregistering): Released all slaves
[  309.261222][ T5780] usb 4-1: can't set config #0, error -71
[  309.284965][ T5780] usb 4-1: USB disconnect, device number 5
[  309.911296][ T7113] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  309.975942][ T7113] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  310.062046][ T7113] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  310.098803][ T7113] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  310.212450][ T7330] input: syz0 as /devices/virtual/input/input5
[  310.841438][ T7113] 8021q: adding VLAN 0 to HW filter on device bond0
[  310.954606][ T7113] 8021q: adding VLAN 0 to HW filter on device team0
[  311.014902][ T6976] bridge0: port 1(bridge_slave_0) entered blocking state
[  311.022122][ T6976] bridge0: port 1(bridge_slave_0) entered forwarding state
[  311.309980][ T6996] bridge0: port 2(bridge_slave_1) entered blocking state
[  311.317259][ T6996] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.879654][ T7358] 9pnet_fd: Insufficient options for proto=fd
[  312.898049][ T7359] ipt_ECN: cannot use operation on non-tcp rule
[  313.007018][ T7357] lo speed is unknown, defaulting to 1000
[  313.040271][ T7113] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.110680][ T7357] lo speed is unknown, defaulting to 1000
[  313.267049][ T7359] lo speed is unknown, defaulting to 1000
[  314.021071][    C1] blk_print_req_error: 28 callbacks suppressed
[  314.021090][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.036497][    C1] buffer_io_error: 28 callbacks suppressed
[  314.036507][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  314.050406][    C0] I/O error, dev loop9, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.059647][    C0] Buffer I/O error on dev loop9, logical block 1, async page read
[  314.099843][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.109125][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[  314.117114][    C1] I/O error, dev loop9, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.126320][    C1] Buffer I/O error on dev loop9, logical block 1, async page read
[  314.142253][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.151598][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  314.159599][    C0] I/O error, dev loop9, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.168912][    C0] Buffer I/O error on dev loop9, logical block 1, async page read
[  314.225663][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.235039][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  314.242940][    C0] I/O error, dev loop9, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.252066][    C0] Buffer I/O error on dev loop9, logical block 1, async page read
[  314.265313][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.274526][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  314.282420][    C0] I/O error, dev loop9, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  314.291559][    C0] Buffer I/O error on dev loop9, logical block 1, async page read
[  314.328310][ T7369] ldm_validate_partition_table(): Disk read failed.
[  314.364664][ T7369] Dev loop9: unable to read RDB block 0
[  314.379855][ T7369]  loop9: unable to read partition table
[  314.423864][ T7369] loop9: partition table beyond EOD, truncated
[  314.452436][ T7148] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  314.681771][ T7359] lo speed is unknown, defaulting to 1000
[  314.688128][ T7148] usb 3-1: Using ep0 maxpacket: 16
[  314.706887][ T7148] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  314.770887][ T7148] usb 3-1: New USB device found, idVendor=04d0, idProduct=00dd, bcdDevice= 0.00
[  314.810469][ T7148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.849897][ T7148] usb 3-1: config 0 descriptor??
[  314.918126][ T7113] veth0_vlan: entered promiscuous mode
[  314.972042][ T7113] veth1_vlan: entered promiscuous mode
[  315.074833][ T7113] veth0_macvtap: entered promiscuous mode
[  315.096319][ T7113] veth1_macvtap: entered promiscuous mode
[  315.211735][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.241966][   T23] usb 3-1: USB disconnect, device number 10
[  315.265540][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.406102][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.444452][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.487834][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  315.543352][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  315.598464][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_0
[  315.942766][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.247215][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.257360][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.268619][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.281907][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  316.304674][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  316.331934][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_1
[  316.384497][ T7357] wlan0 speed is unknown, defaulting to 1000
[  316.391755][ T7113] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  316.433856][ T7113] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  316.474121][ T7113] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  316.500428][ T7113] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  316.908778][ T6999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.936212][ T6999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.977771][ T7413] 9pnet_fd: Insufficient options for proto=fd
[  317.007422][ T6999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  317.036437][ T6999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  317.558281][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  317.566896][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  318.768192][ T7359] wlan0 speed is unknown, defaulting to 1000
[  320.422463][ T7451] netlink: 'syz.0.397': attribute type 27 has an invalid length.
[  320.484748][ T5780] IPVS: starting estimator thread 0...
[  320.715449][ T7452] IPVS: using max 17 ests per chain, 40800 per kthread
[  321.134645][   T51] Bluetooth: hci1: unexpected event 0x12 length: 91 > 8
[  321.880088][ T7474] input: syz0 as /devices/virtual/input/input6
[  324.102801][ T7500] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  329.893579][ T7533] tipc: Started in network mode
[  329.914005][ T7533] tipc: Node identity ea9daa20f3e6, cluster identity 4711
[  329.993554][ T7533] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  330.111964][ T7539] fuse: Bad value for 'fd'
[  330.124933][ T7538] syzkaller0: entered promiscuous mode
[  330.130501][ T7538] syzkaller0: entered allmulticast mode
[  330.987800][ T7538] tipc: Resetting bearer <eth:syzkaller0>
[  331.013889][ T7532] tipc: Resetting bearer <eth:syzkaller0>
[  332.149650][ T7532] tipc: Disabling bearer <eth:syzkaller0>
[  332.181566][ T5832] tipc: Node number set to 427534880
[  335.664719][ T7564] --map-set only usable from mangle table
[  336.798236][ T7575] netlink: 8 bytes leftover after parsing attributes in process `syz.4.428'.
[  338.965158][ T7591] netlink: 'syz.4.431': attribute type 4 has an invalid length.
[  339.923838][ T7593] netlink: 'syz.4.431': attribute type 4 has an invalid length.
[  340.313347][    T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  340.512284][    T8] usb 1-1: Using ep0 maxpacket: 8
[  340.523963][    T8] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  340.552427][    T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  340.587161][    T8] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  340.632126][    T8] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  340.661588][    T8] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  342.441918][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.491843][    T8] usb 1-1: can't set config #16, error -71
[  342.542732][    T8] usb 1-1: USB disconnect, device number 6
[  342.903511][ T7621] --map-set only usable from mangle table
[  343.637492][ T7635] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  345.363558][ T5083] Bluetooth: hci2: command 0x1003 tx timeout
[  345.371625][   T51] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  346.192725][ T7654] netlink: 28 bytes leftover after parsing attributes in process `syz.0.444'.
[  346.201761][ T7654] netlink: 28 bytes leftover after parsing attributes in process `syz.0.444'.
[  346.242784][ T7654] netlink: 32 bytes leftover after parsing attributes in process `syz.0.444'.
[  347.212360][ T5758] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  347.512740][ T5758] usb 4-1: Using ep0 maxpacket: 8
[  347.653405][ T5758] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  347.665246][ T5758] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  347.734034][ T5758] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  347.783215][ T5758] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  347.797531][ T5758] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  347.806732][ T5758] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.896814][    T8] IPVS: starting estimator thread 0...
[  348.062495][ T7679] IPVS: using max 26 ests per chain, 62400 per kthread
[  348.081561][ T7683] fuse: Bad value for 'fd'
[  348.201800][ T5758] usb 4-1: GET_CAPABILITIES returned 0
[  348.212295][ T5758] usbtmc 4-1:16.0: can't read capabilities
[  349.447396][ T7669] usbtmc 4-1:16.0: usbtmc488_ioctl_trigger returned -71
[  349.460422][    T8] usb 4-1: USB disconnect, device number 6
[  350.632291][ T7148] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  350.832734][ T7148] usb 4-1: Using ep0 maxpacket: 8
[  350.840913][ T7148] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  350.873487][ T7148] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  350.881669][ T7148] usb 4-1: config 0 has no interface number 0
[  350.912447][ T7148] usb 4-1: config 0 interface 21 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  350.944412][ T7148] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  350.962423][ T7148] usb 4-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  350.978776][ T7148] usb 4-1: Product: syz
[  350.995793][ T7148] usb 4-1: config 0 descriptor??
[  351.001722][ T7701] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  351.105199][ T7712] --map-set only usable from mangle table
[  354.094314][    T8] usb 4-1: USB disconnect, device number 7
[  354.194043][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.461'.
[  354.762556][   T23] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  354.972373][   T23] usb 3-1: Using ep0 maxpacket: 8
[  355.072577][   T23] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  355.092487][   T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  355.112308][   T23] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  355.122704][   T23] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  355.151557][   T23] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  355.169037][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.557804][   T23] usb 3-1: GET_CAPABILITIES returned 0
[  355.592042][   T23] usbtmc 3-1:16.0: can't read capabilities
[  355.904077][ T7747] usbtmc 3-1:16.0: usbtmc488_ioctl_trigger returned -71
[  355.913407][ T5780] usb 3-1: USB disconnect, device number 11
[  357.524158][ T7772] netlink: 'syz.3.470': attribute type 27 has an invalid length.
[  358.292323][ T7782] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  359.335075][ T7788] netlink: 'syz.3.476': attribute type 4 has an invalid length.
[  359.379391][ T7788] syU×: rxe_set_mtu: Set mtu to 256
[  360.344540][ T7788] infiniband syU×: set down
[  360.349574][ T7790] netlink: 'syz.3.476': attribute type 4 has an invalid length.
[  360.358085][ T7790] syU×: rxe_set_mtu: Set mtu to 4096
[  360.365398][ T7790] infiniband syU×: set active
[  360.448945][ T5780] lo speed is unknown, defaulting to 1000
[  360.480355][ T5780] lo speed is unknown, defaulting to 1000
[  360.502268][ T7148] lo speed is unknown, defaulting to 1000
[  360.715448][    T8] lo speed is unknown, defaulting to 1000
[  360.725714][ T7148] lo speed is unknown, defaulting to 1000
[  361.382250][ T7801] siw: device registration error -23
[  362.513428][ T7806] netlink: 'syz.2.481': attribute type 27 has an invalid length.
[  364.642763][ T5758] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  364.852337][ T5758] usb 5-1: Using ep0 maxpacket: 8
[  364.874463][ T5758] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  364.922403][ T5758] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  364.962459][ T5758] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  365.002289][ T5758] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  365.039935][ T5758] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  365.082325][ T5758] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.240750][ T7825] --map-set only usable from mangle table
[  365.382391][ T5758] usb 5-1: GET_CAPABILITIES returned 0
[  365.387970][ T5758] usbtmc 5-1:16.0: can't read capabilities
[  365.569386][ T7818] usbtmc 5-1:16.0: usbtmc488_ioctl_trigger returned -71
[  365.619027][    T8] usb 5-1: USB disconnect, device number 2
[  372.489466][ T7873] --map-set only usable from mangle table
[  373.459574][ T7881] netlink: 'syz.3.492': attribute type 27 has an invalid length.
[  373.884387][ T7887] capability: warning: `syz.0.497' uses 32-bit capabilities (legacy support in use)
[  374.852500][ T5758] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  375.062341][ T5758] usb 4-1: Using ep0 maxpacket: 8
[  375.082334][ T5758] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  375.123032][ T5758] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  375.160904][ T5758] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  375.192409][ T5758] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  375.252296][ T5758] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  375.266342][ T5758] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.509569][ T5758] usb 4-1: GET_CAPABILITIES returned 0
[  375.558244][ T5758] usbtmc 4-1:16.0: can't read capabilities
[  375.739332][ T5758] usb 4-1: USB disconnect, device number 8
[  375.843270][ T7911] siw: device registration error -23
[  378.613314][ T7929] netlink: 'syz.3.506': attribute type 27 has an invalid length.
[  378.997194][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  379.007640][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  381.204419][ T7956] raw_sendmsg: syz.4.504 forgot to set AF_INET. Fix it!
[  383.421716][  T967] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  383.632418][  T967] usb 1-1: Using ep0 maxpacket: 8
[  383.673086][ T7977] netlink: 'syz.3.515': attribute type 27 has an invalid length.
[  383.948093][  T967] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  383.964298][  T967] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  383.982309][  T967] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  383.992547][  T967] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  384.006027][  T967] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  384.015379][  T967] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.241735][  T967] usb 1-1: GET_CAPABILITIES returned 0
[  384.248565][  T967] usbtmc 1-1:16.0: can't read capabilities
[  384.447722][ T7969] usbtmc 1-1:16.0: usbtmc488_ioctl_trigger returned -71
[  384.466024][  T967] usb 1-1: USB disconnect, device number 7
[  389.756219][ T8018] netlink: 'syz.2.524': attribute type 27 has an invalid length.
[  391.699791][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  391.880124][ T8034] fuse: Bad value for 'fd'
[  394.313448][ T8049] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  394.952416][   T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  395.172343][   T23] usb 4-1: Using ep0 maxpacket: 8
[  395.184725][   T23] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  395.222724][   T23] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  395.262761][   T23] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  395.312342][   T23] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  395.367400][   T23] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  395.418405][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.861485][ T8060] mkiss: ax0: crc mode is auto.
[  397.473696][   T23] usb 4-1: GET_CAPABILITIES returned 0
[  397.500867][   T23] usbtmc 4-1:16.0: can't read capabilities
[  397.777873][ T8051] usbtmc 4-1:16.0: usbtmc488_ioctl_trigger returned -71
[  397.807468][ T5758] usb 4-1: USB disconnect, device number 9
[  402.092702][ T8078] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  406.219967][ T7148] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  406.312277][ T5780] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  406.465990][ T7148] usb 3-1: Using ep0 maxpacket: 8
[  406.484346][ T7148] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  406.502295][ T7148] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  406.512541][ T5780] usb 4-1: Using ep0 maxpacket: 16
[  406.532444][ T7148] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  406.552654][ T7148] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  406.569791][ T5780] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  406.579251][ T5780] usb 4-1: config 0 has no interface number 0
[  406.589297][ T7148] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  406.598852][ T5780] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.615890][ T7148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.625458][ T5780] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.654539][ T5780] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  406.679349][ T5780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.708826][ T5780] usb 4-1: config 0 descriptor??
[  406.872491][ T7148] usb 3-1: GET_CAPABILITIES returned 0
[  406.878131][ T7148] usbtmc 3-1:16.0: can't read capabilities
[  407.048914][ T8106] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'.
[  407.115153][ T8088] usbtmc 3-1:16.0: usbtmc488_ioctl_trigger returned -71
[  407.157673][ T5758] usb 3-1: USB disconnect, device number 12
[  409.136734][ T5780] uclogic 0003:28BD:0071.0001: failed retrieving string descriptor #100: -71
[  409.264545][ T5780] uclogic 0003:28BD:0071.0001: failed retrieving pen parameters: -71
[  409.282270][ T5780] uclogic 0003:28BD:0071.0001: pen probing failed: -71
[  409.292799][ T5780] uclogic 0003:28BD:0071.0001: failed probing parameters: -71
[  409.300646][ T5780] uclogic: probe of 0003:28BD:0071.0001 failed with error -71
[  410.909751][ T5780] usb 4-1: USB disconnect, device number 10
[  411.012946][ T8117] syzkaller0: entered promiscuous mode
[  411.018521][ T8117] syzkaller0: entered allmulticast mode
[  413.340003][ T8125] --map-set only usable from mangle table
[  419.563334][ T8157] --map-set only usable from mangle table
[  423.828892][ T8178] warning: `syz.4.561' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  428.742887][ T7148] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  430.576543][ T7148] usb 4-1: Using ep0 maxpacket: 8
[  430.673310][ T7148] usb 4-1: config 0 interface 0 has no altsetting 0
[  430.698776][ T7148] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  430.708052][ T7148] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.723886][ T7148] usb 4-1: Product: syz
[  430.742545][ T7148] usb 4-1: Manufacturer: syz
[  430.747256][ T7148] usb 4-1: SerialNumber: syz
[  430.775115][ T7148] usb 4-1: config 0 descriptor??
[  430.796530][ T7148] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found
[  432.924226][ T7148] snd_usb_toneport 4-1:0.0: set_interface failed
[  432.930927][ T7148] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected
[  434.697280][ T7148] snd_usb_toneport: probe of 4-1:0.0 failed with error -71
[  434.774056][ T7148] usb 4-1: USB disconnect, device number 11
[  440.426598][ T8240] netlink: 'syz.3.582': attribute type 27 has an invalid length.
[  440.617324][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  440.627992][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  445.277065][ T8272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'.
[  445.850855][ T8260] --map-set only usable from mangle table
[  446.069557][ T8276] netlink: 'syz.2.592': attribute type 27 has an invalid length.
[  446.648455][ T8279] netlink: 72 bytes leftover after parsing attributes in process `syz.0.594'.
[  455.743598][ T8325] siw: device registration error -23
[  456.572747][ T8326] netlink: 'syz.2.604': attribute type 27 has an invalid length.
[  459.960457][ T8341] netlink: 'syz.3.611': attribute type 3 has an invalid length.
[  460.001825][ T8341] netlink: 16 bytes leftover after parsing attributes in process `syz.3.611'.
[  464.793311][ T8363] netlink: 'syz.2.617': attribute type 27 has an invalid length.
[  466.792251][ T5813] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  467.013569][ T5813] usb 5-1: Using ep0 maxpacket: 32
[  467.052365][ T5813] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  467.079011][ T5813] usb 5-1: config 0 has no interface number 0
[  467.092283][ T5813] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  467.107785][ T8376] bridge_slave_0: left allmulticast mode
[  467.196088][ T5813] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  467.308501][ T8376] bridge_slave_0: left promiscuous mode
[  467.325280][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.333038][ T8376] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.533304][ T8384] siw: device registration error -23
[  467.984189][ T5813] usb 5-1: Product: syz
[  467.988558][ T5813] usb 5-1: Manufacturer: syz
[  468.012752][ T5813] usb 5-1: SerialNumber: syz
[  468.173155][ T5813] usb 5-1: config 0 descriptor??
[  468.179145][ T8376] bridge_slave_1: left allmulticast mode
[  468.187365][ T8376] bridge_slave_1: left promiscuous mode
[  468.218726][ T8376] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.241180][ T5813] usb 5-1: can't set config #0, error -71
[  468.277803][ T5813] usb 5-1: USB disconnect, device number 3
[  468.817677][ T8376] bond0: (slave bond_slave_0): Releasing backup interface
[  468.858859][ T8376] bond0: (slave bond_slave_1): Releasing backup interface
[  468.980006][ T8376] team0: Port device team_slave_0 removed
[  469.345876][ T8376] team0: Port device team_slave_1 removed
[  469.380649][ T8376] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  469.559955][ T8376] batman_adv: batadv0: Removing interface: batadv_slave_0
[  469.578428][ T8376] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  469.586386][ T8376] batman_adv: batadv0: Removing interface: batadv_slave_1
[  470.388063][ T8376] infiniband : set active
[  471.542051][ T8378] team0: Mode changed to "loadbalance"
[  471.553527][ T8386] netlink: 4 bytes leftover after parsing attributes in process `syz.2.619'.
[  477.418387][ T8424] netlink: 'syz.4.627': attribute type 27 has an invalid length.
[  483.422389][ T5758] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  483.652514][ T5758] usb 3-1: Using ep0 maxpacket: 8
[  483.669914][ T5758] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  483.692250][ T5758] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  483.726789][ T5758] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  483.742173][ T5758] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  483.769072][ T5758] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  483.788659][ T5758] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.023809][ T5758] usb 3-1: GET_CAPABILITIES returned 0
[  484.029410][ T5758] usbtmc 3-1:16.0: can't read capabilities
[  485.478044][ T8350] usb 3-1: USB disconnect, device number 13
[  485.822049][ T8464] lo speed is unknown, defaulting to 1000
[  485.931928][ T8464] lo speed is unknown, defaulting to 1000
[  490.241372][ T8464] wlan0 speed is unknown, defaulting to 1000
[  498.003219][ T8517] syz.4.655 uses obsolete (PF_INET,SOCK_PACKET)
[  498.175668][ T8520] netlink: 'syz.3.650': attribute type 3 has an invalid length.
[  498.188476][ T8520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.650'.
[  501.866547][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  501.879943][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  505.093344][ T8559] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  506.193082][ T8568] netlink: 'syz.0.665': attribute type 3 has an invalid length.
[  506.200822][ T8568] netlink: 16 bytes leftover after parsing attributes in process `syz.0.665'.
[  512.049205][ T8596] netlink: 'syz.2.675': attribute type 3 has an invalid length.
[  512.082326][ T8596] netlink: 16 bytes leftover after parsing attributes in process `syz.2.675'.
[  522.845036][ T8640] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  533.855110][ T8675] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  535.800852][ T8684] fuse: Unknown parameter 'grou00000000000000000000'
[  540.401320][ T8709] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  540.667460][ T8713] netlink: 4 bytes leftover after parsing attributes in process `syz.2.708'.
[  540.884352][ T8717] fuse: Unknown parameter 'grou00000000000000000000'
[  546.672583][ T8747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.717'.
[  547.556567][ T8753] syzkaller0: entered promiscuous mode
[  547.577474][ T8753] syzkaller0: entered allmulticast mode
[  547.690758][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  547.690774][   T28] audit: type=1326 audit(1772416865.195:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  547.768268][   T28] audit: type=1326 audit(1772416865.195:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  547.835986][   T28] audit: type=1326 audit(1772416865.225:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  547.879222][   T28] audit: type=1326 audit(1772416865.225:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  547.940549][ T8760] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  547.954827][   T28] audit: type=1326 audit(1772416865.235:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  548.113916][   T28] audit: type=1326 audit(1772416865.235:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  548.292331][   T28] audit: type=1326 audit(1772416865.235:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  548.317855][   T28] audit: type=1326 audit(1772416865.235:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  548.616756][   T28] audit: type=1326 audit(1772416865.235:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  548.656898][   T28] audit: type=1326 audit(1772416865.235:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.2.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc18619c799 code=0x7ffc0000
[  550.164792][ T8779] netlink: 4 bytes leftover after parsing attributes in process `syz.2.727'.
[  554.352647][ T8791] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  556.182621][ T8804] netlink: 4 bytes leftover after parsing attributes in process `syz.3.734'.
[  556.191722][ T8804] chnl_net:caif_netlink_parms(): no params data found
[  557.492757][ T8815] netlink: 4 bytes leftover after parsing attributes in process `syz.3.737'.
[  561.323710][ T8831] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  563.343141][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  563.349540][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  564.852386][   T23] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  566.625572][   T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  566.653468][   T23] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  566.672278][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.693559][   T23] usb 5-1: config 0 descriptor??
[  566.705260][   T23] pwc: Askey VC010 type 2 USB webcam detected.
[  567.045809][ T8862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.750'.
[  567.145879][   T23] pwc: recv_control_msg error -32 req 02 val 2b00
[  567.158511][   T23] pwc: recv_control_msg error -32 req 02 val 2700
[  567.384440][   T23] pwc: recv_control_msg error -71 req 04 val 1000
[  567.408024][   T23] pwc: recv_control_msg error -71 req 04 val 1300
[  567.426797][   T23] pwc: recv_control_msg error -71 req 04 val 1400
[  567.451265][   T23] pwc: recv_control_msg error -71 req 02 val 2000
[  567.469986][ T8864] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  567.486355][   T23] pwc: recv_control_msg error -71 req 02 val 2100
[  567.523801][   T23] pwc: recv_control_msg error -71 req 04 val 1500
[  567.550719][   T23] pwc: recv_control_msg error -71 req 02 val 2500
[  567.569245][   T23] pwc: recv_control_msg error -71 req 02 val 2400
[  567.814793][   T23] pwc: recv_control_msg error -71 req 02 val 2600
[  567.821832][   T23] pwc: recv_control_msg error -71 req 02 val 2900
[  567.832258][   T23] pwc: recv_control_msg error -71 req 02 val 2800
[  567.842206][   T23] pwc: recv_control_msg error -71 req 04 val 1100
[  567.852390][   T23] pwc: recv_control_msg error -71 req 04 val 1200
[  567.958759][   T23] pwc: Registered as video103.
[  569.346659][   T23] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7
[  569.420245][   T23] usb 5-1: USB disconnect, device number 4
[  570.298656][ T8890] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  570.298656][ T8890]    program syz.3.759 not setting count and/or reply_len properly
[  570.762769][   T23] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  571.232200][   T23] usb 5-1: Using ep0 maxpacket: 32
[  571.248917][   T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.260128][   T23] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  571.273238][   T23] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  571.282730][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.290790][   T23] usb 5-1: Product: syz
[  571.296387][   T23] usb 5-1: Manufacturer: syz
[  571.301101][   T23] usb 5-1: SerialNumber: syz
[  571.309129][   T23] usb 5-1: config 0 descriptor??
[  573.002742][ T5813] usb 5-1: USB disconnect, device number 5
[  575.767537][ T8925] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  575.767537][ T8925]    program syz.4.770 not setting count and/or reply_len properly
[  576.222440][ T5813] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  577.952328][ T5813] usb 3-1: Using ep0 maxpacket: 8
[  577.982527][ T5813] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  577.990844][ T5813] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  578.018345][ T5813] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  578.042050][ T5813] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  578.054673][ T5813] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  579.128052][ T5813] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  579.182211][ T5813] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  579.342576][ T5813] usb 3-1: can't set config #16, error -71
[  579.364200][ T8944] netlink: 'syz.4.774': attribute type 3 has an invalid length.
[  579.371897][ T8944] netlink: 16 bytes leftover after parsing attributes in process `syz.4.774'.
[  579.433329][ T5813] usb 3-1: USB disconnect, device number 14
[  581.278132][   T51] Bluetooth: hci3: unexpected event for opcode 0x0c03
[  581.929956][ T8964] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  581.929956][ T8964]    program syz.3.780 not setting count and/or reply_len properly
[  584.429011][ T8981] netlink: 4 bytes leftover after parsing attributes in process `syz.0.784'.
[  586.263152][ T8976] Bluetooth: hci3: command 0x0406 tx timeout
[  588.360680][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  588.622172][ T9002] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  588.622172][ T9002]    program syz.4.789 not setting count and/or reply_len properly
[  591.233187][ T9006] netlink: 'syz.0.786': attribute type 3 has an invalid length.
[  591.240920][ T9006] netlink: 16 bytes leftover after parsing attributes in process `syz.0.786'.
[  594.732585][ T9027] netlink: 20 bytes leftover after parsing attributes in process `syz.2.788'.
[  594.741598][ T9027] 8021q: VLANs not supported on gre0
[  594.992613][ T9030] netlink: 24 bytes leftover after parsing attributes in process `syz.2.798'.
[  596.094001][ T9037] netlink: 'syz.0.800': attribute type 3 has an invalid length.
[  596.112751][ T9037] netlink: 16 bytes leftover after parsing attributes in process `syz.0.800'.
[  598.352177][ T9048] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  598.352177][ T9048]    program syz.2.802 not setting count and/or reply_len properly
[  609.307970][ T9091] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  609.307970][ T9091]    program syz.3.815 not setting count and/or reply_len properly
[  615.208241][ T9121] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  615.208241][ T9121]    program syz.3.826 not setting count and/or reply_len properly
[  615.644676][ T9127] netlink: 'syz.0.817': attribute type 20 has an invalid length.
[  615.655444][ T9127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.817'.
[  616.012219][ T5780] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  616.252322][ T5780] usb 3-1: Using ep0 maxpacket: 8
[  616.272151][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  616.282641][ T5780] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  616.352225][ T5780] usb 3-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=a1.8c
[  616.368083][ T5780] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.401376][ T5780] usb 3-1: config 0 descriptor??
[  616.437387][ T5780] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  616.461222][ T5780] gspca_stv06xx: st6422 sensor detected
[  616.515240][    T9] usb 1-1: Using ep0 maxpacket: 16
[  616.696639][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  617.069397][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  617.092645][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  617.109197][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  617.129352][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  617.160420][    T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  617.183779][    T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  617.209643][    T9] usb 1-1: Manufacturer: syz
[  617.245126][    T9] usb 1-1: config 0 descriptor??
[  617.412927][ T5780] STV06xx: probe of 3-1:0.0 failed with error -71
[  617.452379][ T5780] usb 3-1: USB disconnect, device number 15
[  617.667419][    T9] rc_core: IR keymap rc-hauppauge not found
[  619.280954][    T9] Registered IR keymap rc-empty
[  619.346359][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  619.412330][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  619.474028][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  619.535896][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8
[  619.674691][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  619.854363][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  620.612752][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  620.652237][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  620.708677][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  620.762370][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  620.803569][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  620.992255][ T9164] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  620.992255][ T9164]    program syz.0.838 not setting count and/or reply_len properly
[  621.011435][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  621.140769][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  621.173124][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  621.301957][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.837'.
[  621.396825][    T9] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  621.568135][    T9] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  621.896378][    T9] usb 1-1: USB disconnect, device number 8
[  624.747200][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  624.753795][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  627.284896][ T9203] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  627.284896][ T9203]    program syz.4.848 not setting count and/or reply_len properly
[  634.633139][ T9253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.860'.
[  635.062020][ T9255] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  635.062020][ T9255]    program syz.2.858 not setting count and/or reply_len properly
[  649.103815][ T8976] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  649.177562][ T8976] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  649.186386][ T8976] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  649.196711][ T8976] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  649.212544][ T8976] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  649.220482][ T8976] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  649.438419][   T78] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.309105][   T51] Bluetooth: hci0: command tx timeout
[  651.390486][   T78] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.517677][ T9325] lo speed is unknown, defaulting to 1000
[  652.945444][   T78] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  653.039809][ T9325] lo speed is unknown, defaulting to 1000
[  653.175311][   T78] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  653.400619][   T51] Bluetooth: hci0: command tx timeout
[  653.798632][   T78] tipc: Left network mode
[  653.860273][ T8976] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  653.904457][ T8976] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  653.950564][ T8976] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  653.961192][ T8976] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  653.969472][ T8976] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  653.979697][ T8976] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  654.226790][ T9343] lo speed is unknown, defaulting to 1000
[  654.696298][ T9343] lo speed is unknown, defaulting to 1000
[  654.713324][ T9325] wlan0 speed is unknown, defaulting to 1000
[  656.609496][   T51] Bluetooth: hci0: command tx timeout
[  656.615166][   T51] Bluetooth: hci2: command tx timeout
[  657.308700][ T9343] wlan0 speed is unknown, defaulting to 1000
[  657.803935][ T9325] chnl_net:caif_netlink_parms(): no params data found
[  658.333466][ T9386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.884'.
[  658.662356][ T8976] Bluetooth: hci2: command tx timeout
[  658.669207][ T9325] bridge0: port 1(bridge_slave_0) entered blocking state
[  658.669402][   T51] Bluetooth: hci0: command tx timeout
[  658.735228][ T9325] bridge0: port 1(bridge_slave_0) entered disabled state
[  658.750627][ T9325] bridge_slave_0: entered allmulticast mode
[  658.769948][ T9325] bridge_slave_0: entered promiscuous mode
[  658.801367][ T9343] chnl_net:caif_netlink_parms(): no params data found
[  658.939152][ T9325] bridge0: port 2(bridge_slave_1) entered blocking state
[  658.966089][ T9325] bridge0: port 2(bridge_slave_1) entered disabled state
[  659.008591][ T9325] bridge_slave_1: entered allmulticast mode
[  659.046672][ T9325] bridge_slave_1: entered promiscuous mode
[  659.109820][   T78] hsr_slave_0: left promiscuous mode
[  659.123349][   T78] hsr_slave_1: left promiscuous mode
[  659.168912][   T78] veth1_macvtap: left promiscuous mode
[  659.176742][   T78] veth0_macvtap: left promiscuous mode
[  659.187848][   T78] veth1_vlan: left promiscuous mode
[  659.213628][   T78] veth0_vlan: left promiscuous mode
[  659.315407][   T78] infiniband : set down
[  659.958281][ T6967] smc: removing ib device 
[  660.742654][ T8976] Bluetooth: hci2: command tx timeout
[  661.838302][   T78] bond0 (unregistering): Released all slaves
[  663.591288][ T8976] Bluetooth: hci2: command tx timeout
[  663.809512][ T8350] infiniband : ib_query_port failed (-19)
[  663.917807][ T9325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  663.950632][ T9325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  664.461930][ T9325] team0: Port device team_slave_0 added
[  664.539932][ T9325] team0: Port device team_slave_1 added
[  664.624437][ T9343] bridge0: port 1(bridge_slave_0) entered blocking state
[  664.648742][ T9343] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.672339][ T9420] siw: device registration error -23
[  664.699557][ T9343] bridge_slave_0: entered allmulticast mode
[  664.729354][ T9343] bridge_slave_0: entered promiscuous mode
[  664.878830][ T9325] batman_adv: batadv0: Adding interface: batadv_slave_0
[  664.916603][ T9325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  666.672198][ T9325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  666.693143][ T9343] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.700445][ T9343] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.733891][ T9343] bridge_slave_1: entered allmulticast mode
[  666.829039][ T9343] bridge_slave_1: entered promiscuous mode
[  666.886726][ T9325] batman_adv: batadv0: Adding interface: batadv_slave_1
[  666.912735][ T9325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  666.960723][ T9325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  667.283373][ T9343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  667.383301][ T9343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  667.630735][ T9343] team0: Port device team_slave_0 added
[  667.665111][ T9343] team0: Port device team_slave_1 added
[  667.724238][ T9325] hsr_slave_0: entered promiscuous mode
[  667.764654][ T9325] hsr_slave_1: entered promiscuous mode
[  667.792220][ T9325] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  667.799872][ T9325] Cannot create hsr debugfs directory
[  668.028231][ T9343] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.036685][ T9343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.066128][ T9343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.162733][ T9343] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.169785][ T9343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.203707][ T9343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  668.349368][   T78] IPVS: stop unused estimator thread 0...
[  668.658982][ T9343] hsr_slave_0: entered promiscuous mode
[  668.692273][ T9343] hsr_slave_1: entered promiscuous mode
[  668.751179][ T9343] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  668.759220][ T9343] Cannot create hsr debugfs directory
[  669.320711][   T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.550433][   T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.693087][ T9325] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  669.742330][ T9325] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  669.799671][   T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  669.863226][ T9325] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  669.891690][ T9325] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  670.469425][   T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  670.707848][ T9462] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  670.918161][ T9343] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  670.960334][ T9343] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  672.709561][ T9343] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  672.736556][ T9343] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  673.320186][ T9325] 8021q: adding VLAN 0 to HW filter on device bond0
[  673.484955][ T9325] 8021q: adding VLAN 0 to HW filter on device team0
[  673.583586][ T9481] siw: device registration error -23
[  673.602781][  T992] bridge0: port 1(bridge_slave_0) entered blocking state
[  673.610152][  T992] bridge0: port 1(bridge_slave_0) entered forwarding state
[  673.627621][  T992] bridge0: port 2(bridge_slave_1) entered blocking state
[  673.635095][  T992] bridge0: port 2(bridge_slave_1) entered forwarding state
[  673.811773][ T9343] 8021q: adding VLAN 0 to HW filter on device bond0
[  674.101026][ T9343] 8021q: adding VLAN 0 to HW filter on device team0
[  674.171459][ T6996] bridge0: port 1(bridge_slave_0) entered blocking state
[  674.178780][ T6996] bridge0: port 1(bridge_slave_0) entered forwarding state
[  674.277939][ T6996] bridge0: port 2(bridge_slave_1) entered blocking state
[  674.285371][ T6996] bridge0: port 2(bridge_slave_1) entered forwarding state
[  675.698242][ T9325] 8021q: adding VLAN 0 to HW filter on device batadv0
[  675.877168][   T78] hsr_slave_0: left promiscuous mode
[  675.895241][   T78] hsr_slave_1: left promiscuous mode
[  675.911986][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  675.920643][   T78] batman_adv: batadv0: Removing interface: batadv_slave_0
[  675.946768][   T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  675.956525][   T78] batman_adv: batadv0: Removing interface: batadv_slave_1
[  675.966601][   T78] bridge_slave_1: left allmulticast mode
[  675.974047][   T78] bridge_slave_1: left promiscuous mode
[  675.980420][   T78] bridge0: port 2(bridge_slave_1) entered disabled state
[  675.992309][   T78] bridge_slave_0: left allmulticast mode
[  675.998220][   T78] bridge_slave_0: left promiscuous mode
[  676.004623][   T78] bridge0: port 1(bridge_slave_0) entered disabled state
[  676.068579][   T78] veth1_macvtap: left promiscuous mode
[  676.074723][   T78] veth0_macvtap: left promiscuous mode
[  676.080480][   T78] veth1_vlan: left promiscuous mode
[  676.092971][   T78] veth0_vlan: left promiscuous mode
[  677.111714][ T9521] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  680.001409][   T78] team0 (unregistering): Port device team_slave_1 removed
[  680.077108][   T78] team0 (unregistering): Port device team_slave_0 removed
[  680.149917][   T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  680.229954][   T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  680.509089][ T9531] Bluetooth: MGMT ver 1.22
[  680.885638][   T78] bond0 (unregistering): Released all slaves
[  681.486627][ T9547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.910'.
[  681.636089][   T78] IPVS: stop unused estimator thread 0...
[  681.669738][ T9343] 8021q: adding VLAN 0 to HW filter on device batadv0
[  681.935033][ T9325] veth0_vlan: entered promiscuous mode
[  682.005910][ T9325] veth1_vlan: entered promiscuous mode
[  682.207566][ T9325] veth0_macvtap: entered promiscuous mode
[  682.255194][ T9325] veth1_macvtap: entered promiscuous mode
[  682.358274][ T9325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.411861][ T9325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.460274][ T9325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  682.478631][ T9325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.490853][ T9325] batman_adv: batadv0: Interface activated: batadv_slave_0
[  682.529285][ T9325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.576367][ T9325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.601682][ T9325] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  682.636892][ T9325] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  682.654870][ T9325] batman_adv: batadv0: Interface activated: batadv_slave_1
[  682.709929][ T9325] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.760899][ T9325] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.775509][ T9325] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.804755][ T9325] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  683.094626][ T9343] veth0_vlan: entered promiscuous mode
[  683.209757][ T6976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  683.217763][ T9343] veth1_vlan: entered promiscuous mode
[  683.252707][ T6976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  683.434469][ T6980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  683.446032][ T6980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  683.515127][ T9343] veth0_macvtap: entered promiscuous mode
[  683.569803][ T9343] veth1_macvtap: entered promiscuous mode
[  683.650615][ T9343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  683.698957][ T9343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.714478][ T9343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  683.733455][ T9343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.755366][ T9343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  683.772404][ T9569] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  683.800711][ T9343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.828624][ T9343] batman_adv: batadv0: Interface activated: batadv_slave_0
[  683.883351][ T9343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  683.916303][ T9343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  683.953892][ T9343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  683.989729][ T9343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  684.023978][ T9343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  684.072193][ T9343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  684.112354][ T9343] batman_adv: batadv0: Interface activated: batadv_slave_1
[  685.327309][ T9343] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  685.352267][ T9343] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  685.361060][ T9343] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  685.391247][ T9343] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  685.733376][ T6976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  685.773907][ T6976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.023925][ T6976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  686.098231][ T6976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  686.188498][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  686.199015][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  688.383331][ T9604] sg_write: data in/out 187/14 bytes for SCSI command 0x0-- guessing data in;
[  688.383331][ T9604]    program syz.0.918 not setting count and/or reply_len properly
[  695.814412][ T9643] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  707.070930][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  707.083921][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  707.093782][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  707.108174][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  707.132597][   T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  707.143191][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  708.302766][ T9724] lo speed is unknown, defaulting to 1000
[  708.310202][ T9724] lo speed is unknown, defaulting to 1000
[  709.069725][  T992] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  709.224241][ T8976] Bluetooth: hci1: command tx timeout
[  709.251583][ T9724] wlan0 speed is unknown, defaulting to 1000
[  709.761895][ T9745] netlink: 168 bytes leftover after parsing attributes in process `syz.5.940'.
[  710.042641][  T992] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.572644][ T8976] Bluetooth: hci1: command tx timeout
[  711.607059][  T992] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  712.000991][  T992] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  713.015998][ T9724] chnl_net:caif_netlink_parms(): no params data found
[  713.622637][ T8976] Bluetooth: hci1: command tx timeout
[  714.438784][ T9724] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.447532][ T9724] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.455522][ T9724] bridge_slave_0: entered allmulticast mode
[  714.466558][ T9724] bridge_slave_0: entered promiscuous mode
[  714.479689][ T9724] bridge0: port 2(bridge_slave_1) entered blocking state
[  714.487478][ T9724] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.498436][ T9724] bridge_slave_1: entered allmulticast mode
[  714.508086][ T9724] bridge_slave_1: entered promiscuous mode
[  715.848470][   T51] Bluetooth: hci1: command tx timeout
[  717.836420][ T9724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  717.881196][ T9724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  718.451833][ T9724] team0: Port device team_slave_0 added
[  718.486825][ T9724] team0: Port device team_slave_1 added
[  719.182578][ T9724] batman_adv: batadv0: Adding interface: batadv_slave_0
[  719.235848][ T9724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  719.288840][ T9724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.224606][ T9724] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.231665][ T9724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.359698][ T9724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  723.334963][   T23] wlan0 speed is unknown, defaulting to 1000
[  724.091347][ T9724] hsr_slave_0: entered promiscuous mode
[  724.109221][ T9724] hsr_slave_1: entered promiscuous mode
[  724.116346][ T9724] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  724.134771][ T9724] Cannot create hsr debugfs directory
[  726.570203][  T992] hsr_slave_0: left promiscuous mode
[  726.646255][  T992] hsr_slave_1: left promiscuous mode
[  726.722523][  T992] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  726.730058][  T992] batman_adv: batadv0: Removing interface: batadv_slave_0
[  726.753766][  T992] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  726.772356][  T992] batman_adv: batadv0: Removing interface: batadv_slave_1
[  726.793212][  T992] bridge_slave_1: left allmulticast mode
[  726.798964][  T992] bridge_slave_1: left promiscuous mode
[  726.812639][  T992] bridge0: port 2(bridge_slave_1) entered disabled state
[  726.843429][  T992] bridge_slave_0: left allmulticast mode
[  726.849174][  T992] bridge_slave_0: left promiscuous mode
[  726.883053][  T992] bridge0: port 1(bridge_slave_0) entered disabled state
[  726.994478][  T992] veth1_macvtap: left promiscuous mode
[  727.009103][  T992] veth0_macvtap: left promiscuous mode
[  727.025171][  T992] veth1_vlan: left promiscuous mode
[  727.030637][  T992] veth0_vlan: left promiscuous mode
[  729.011524][  T992] team0 (unregistering): Port device team_slave_1 removed
[  729.135868][  T992] team0 (unregistering): Port device team_slave_0 removed
[  729.364802][  T992] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  729.511174][  T992] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  732.434990][  T992] bond0 (unregistering): Released all slaves
[  735.336320][ T9724] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  737.024043][ T9724] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  737.217017][ T9724] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  737.292889][ T9724] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  737.821452][  T992] IPVS: stop unused estimator thread 0...
[  737.917113][ T9724] 8021q: adding VLAN 0 to HW filter on device bond0
[  738.016688][ T9724] 8021q: adding VLAN 0 to HW filter on device team0
[  738.095301][ T6999] bridge0: port 1(bridge_slave_0) entered blocking state
[  738.102599][ T6999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  738.277124][ T6976] bridge0: port 2(bridge_slave_1) entered blocking state
[  738.284445][ T6976] bridge0: port 2(bridge_slave_1) entered forwarding state
[  740.550438][ T9724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  741.746294][ T9724] veth0_vlan: entered promiscuous mode
[  741.780797][ T9724] veth1_vlan: entered promiscuous mode
[  741.916125][ T9724] veth0_macvtap: entered promiscuous mode
[  741.990896][ T9724] veth1_macvtap: entered promiscuous mode
[  742.078539][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  742.089507][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  742.100843][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  742.127665][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  742.144432][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  742.159048][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  742.188647][ T9724] batman_adv: batadv0: Interface activated: batadv_slave_0
[  742.240342][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  742.275167][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  742.286023][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  742.297114][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  742.307955][ T9724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  742.320317][ T9724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  742.355281][ T9724] batman_adv: batadv0: Interface activated: batadv_slave_1
[  742.409000][ T9724] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  742.419194][ T9724] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  742.429994][ T9724] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  742.439811][ T9724] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  742.805617][ T6967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  742.865120][ T6967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  743.077358][ T6976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  743.116540][ T6976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  743.273013][ T9971] fuse: Bad value for 'fd'
[  745.392785][ T9983] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  747.631584][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  747.638827][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  749.528051][T10012] fuse: Unknown parameter '0x0000000000000003'
[  753.119485][   T23] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[  753.502793][T10040] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  755.313119][T10065] fuse: Unknown parameter '0x0000000000000003'
[  758.731946][T10092] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  761.415458][T10122] fuse: Unknown parameter '0x0000000000000003'
[  764.491404][ T9138] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  764.916826][ T9138] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  764.935511][ T9138] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.742080][ T9138] usb 4-1: Product: syz
[  765.749078][ T9138] usb 4-1: Manufacturer: syz
[  765.758899][ T9138] usb 4-1: SerialNumber: syz
[  765.802736][ T9138] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  765.964131][    T8] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  766.077677][T10150] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  766.246715][ T9138] usb 4-1: USB disconnect, device number 12
[  767.065681][    T8] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  767.095254][    T8] ath9k_htc: Failed to initialize the device
[  767.141361][ T9138] usb 4-1: ath9k_htc: USB layer deinitialized
[  771.553337][T10182] comedi comedi0: das16m1: I/O port conflict (0xb3,16)
[  772.035501][T10190] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1024'.
[  774.447689][T10208] genirq: Flags mismatch irq 4. 00000000 (aio_iiro_16) vs. 00000000 (ttyS0)
[  775.031016][T10214] fuse: Unknown parameter '0x0000000000000003'
[  776.135158][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  779.435943][T10240] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1033'.
[  780.422366][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  780.964796][T10264] fuse: Unknown parameter '0x0000000000000003'
[  782.579550][T10267] syzkaller0: entered promiscuous mode
[  782.608465][T10267] syzkaller0: entered allmulticast mode
[  783.593277][T10290] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1042'.
[  789.728454][T10317] fuse: Unknown parameter '0x0000000000000003'
[  793.572680][ T5780] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  793.852091][ T5780] usb 4-1: Using ep0 maxpacket: 8
[  793.864564][ T5780] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  793.902449][ T5780] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  793.951358][ T5780] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  793.997374][T10348] fuse: Unknown parameter 'fd0x0000000000000003'
[  793.998134][ T5780] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  795.374854][ T5780] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  795.433642][ T5780] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.482537][ T5780] usb 4-1: can't set config #16, error -71
[  795.506693][ T5780] usb 4-1: USB disconnect, device number 13
[  797.299532][T10375] loop2: detected capacity change from 0 to 7
[  798.537006][T10375] Dev loop2: unable to read RDB block 7
[  798.639158][T10375]  loop2: unable to read partition table
[  798.736237][T10375] loop2: partition table beyond EOD, truncated
[  798.828495][T10375] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  806.804895][T10428] fuse: Unknown parameter 'fd0x0000000000000003'
[  810.293807][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  810.300764][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  812.333623][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  812.357502][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  812.367532][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  812.382346][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  812.390845][   T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  812.400553][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  812.774087][ T6980] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.856508][T10461] lo speed is unknown, defaulting to 1000
[  812.923826][T10461] lo speed is unknown, defaulting to 1000
[  813.036705][ T6980] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.655044][ T6980] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  813.974050][ T6980] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  814.082561][T10478] fuse: Unknown parameter 'fd0x0000000000000003'
[  815.242274][ T8976] Bluetooth: hci1: command tx timeout
[  816.044026][T10498] tmpfs: Bad value for 'mpol'
[  816.079284][   T12] Bluetooth: hci4: Frame reassembly failed (-90)
[  816.638973][T10461] chnl_net:caif_netlink_parms(): no params data found
[  817.302621][   T51] Bluetooth: hci1: command tx timeout
[  817.768418][T10461] bridge0: port 1(bridge_slave_0) entered blocking state
[  817.803367][T10461] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.822316][T10461] bridge_slave_0: entered allmulticast mode
[  817.838381][T10461] bridge_slave_0: entered promiscuous mode
[  818.042710][T10461] bridge0: port 2(bridge_slave_1) entered blocking state
[  818.049954][T10461] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.132484][T10517] Bluetooth: hci4: command 0x1003 tx timeout
[  818.139768][ T8976] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  818.179764][T10461] bridge_slave_1: entered allmulticast mode
[  818.364511][T10461] bridge_slave_1: entered promiscuous mode
[  818.715772][T10461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  818.871880][T10527] wlan0 speed is unknown, defaulting to 1000
[  818.899168][T10461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  818.991719][T10527] wlan0 speed is unknown, defaulting to 1000
[  819.363280][T10461] team0: Port device team_slave_0 added
[  819.369949][T10527] wlan0 speed is unknown, defaulting to 1000
[  819.382261][ T8976] Bluetooth: hci1: command tx timeout
[  819.493574][T10461] team0: Port device team_slave_1 added
[  819.553642][T10527] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  819.842690][T10461] batman_adv: batadv0: Adding interface: batadv_slave_0
[  819.862807][T10538] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1093'.
[  819.894957][T10461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  819.924458][T10461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  819.958188][   T51] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  820.037728][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  820.054117][T10527] wlan0 speed is unknown, defaulting to 1000
[  820.056586][T10461] batman_adv: batadv0: Adding interface: batadv_slave_1
[  820.102396][T10461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  820.212107][T10461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  820.311269][ T6980] hsr_slave_0: left promiscuous mode
[  820.320586][ T6980] hsr_slave_1: left promiscuous mode
[  820.537687][ T6980] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  820.552479][ T6980] batman_adv: batadv0: Removing interface: batadv_slave_0
[  820.589507][ T6980] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  820.626174][ T6980] batman_adv: batadv0: Removing interface: batadv_slave_1
[  820.634464][ T6980] bridge_slave_1: left allmulticast mode
[  820.640195][ T6980] bridge_slave_1: left promiscuous mode
[  820.832672][ T6980] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.931501][ T6980] bridge_slave_0: left allmulticast mode
[  820.965524][ T6980] bridge_slave_0: left promiscuous mode
[  821.013099][ T6980] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.472804][   T51] Bluetooth: hci1: command tx timeout
[  821.565884][ T6980] veth1_macvtap: left promiscuous mode
[  821.571767][ T6980] veth0_macvtap: left promiscuous mode
[  821.598904][ T6980] veth1_vlan: left promiscuous mode
[  821.632274][ T6980] veth0_vlan: left promiscuous mode
[  823.459603][T10564] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  824.103588][T10572] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1102'.
[  824.910937][ T6980] team0 (unregistering): Port device team_slave_1 removed
[  825.145608][ T6980] team0 (unregistering): Port device team_slave_0 removed
[  825.319752][ T6980] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  825.532795][ T6980] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  826.588550][ T6980] bond0 (unregistering): Released all slaves
[  826.787236][T10527] wlan0 speed is unknown, defaulting to 1000
[  826.899953][T10527] wlan0 speed is unknown, defaulting to 1000
[  826.929734][T10461] hsr_slave_0: entered promiscuous mode
[  826.992770][T10461] hsr_slave_1: entered promiscuous mode
[  827.112859][T10527] wlan0 speed is unknown, defaulting to 1000
[  828.099530][T10461] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  828.118050][T10461] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  828.139493][T10461] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  828.166024][T10461] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  828.366437][T10461] 8021q: adding VLAN 0 to HW filter on device bond0
[  828.426820][T10461] 8021q: adding VLAN 0 to HW filter on device team0
[  828.454679][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.462016][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  828.725072][T10586] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1105'.
[  828.738877][ T6996] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.746136][ T6996] bridge0: port 2(bridge_slave_1) entered forwarding state
[  829.646527][T10620] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1110'.
[  830.222184][T10630] siw: device registration error -23
[  830.235032][T10461] 8021q: adding VLAN 0 to HW filter on device batadv0
[  830.852651][T10645] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  831.206249][ T5832] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  831.518607][ T5832] usb 6-1: config index 0 descriptor too short (expected 65183, got 72)
[  831.532419][ T5832] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  831.541698][ T5832] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  831.563075][ T5832] usb 6-1: Product: syz
[  831.567366][ T5832] usb 6-1: Manufacturer: syz
[  831.580575][ T5832] usb 6-1: SerialNumber: syz
[  831.624427][ T5832] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  831.636971][T10461] veth0_vlan: entered promiscuous mode
[  831.658740][ T9482] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  831.701525][T10461] veth1_vlan: entered promiscuous mode
[  831.892824][T10647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  831.937568][T10461] veth0_macvtap: entered promiscuous mode
[  831.952827][T10647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  831.986426][T10461] veth1_macvtap: entered promiscuous mode
[  831.996710][T10647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  832.020148][T10647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  833.804258][ T9482] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  833.811642][ T9482] ath9k_htc: Failed to initialize the device
[  833.851534][ T9482] usb 6-1: ath9k_htc: USB layer deinitialized
[  833.883372][T10647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  833.932816][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  833.950508][T10647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  833.978511][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  834.010431][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  834.022817][    T8] usb 6-1: USB disconnect, device number 2
[  834.048580][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  834.072217][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  834.102692][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  834.116421][T10461] batman_adv: batadv0: Interface activated: batadv_slave_0
[  834.128248][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  834.160472][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  834.192112][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  834.212097][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  834.255017][T10461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  834.302166][T10461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  834.350904][T10461] batman_adv: batadv0: Interface activated: batadv_slave_1
[  834.379502][T10461] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  834.400440][T10461] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  834.422035][T10461] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  834.430845][T10461] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  834.622298][    T8] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  834.679448][T10678] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1124'.
[  834.862768][    T8] usb 6-1: Using ep0 maxpacket: 32
[  834.901346][    T8] usb 6-1: config index 0 descriptor too short (expected 241, got 72)
[  834.933590][    T8] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA1, skipping
[  835.175032][ T6999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.203296][    T8] usb 6-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da
[  835.254422][ T6999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.262456][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  835.400726][    T8] usb 6-1: config 0 descriptor??
[  835.537614][    T8] usb 6-1: can't set config #0, error -71
[  835.652475][T10340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  835.660675][T10340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  835.697778][    T8] usb 6-1: USB disconnect, device number 3
[  836.460623][ T5832] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  836.732219][ T5832] usb 7-1: Using ep0 maxpacket: 16
[  836.830768][ T5832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  836.849712][ T5832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  836.860950][ T5832] usb 7-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  836.870565][ T5832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.908852][ T5832] usb 7-1: config 0 descriptor??
[  837.497831][ T5832] kye 0003:0458:5016.0002: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  837.518001][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.546842][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.556696][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.587490][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.605274][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.627917][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.654769][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.682716][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.748995][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.760490][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.779364][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.786606][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.793940][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.800725][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.878461][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.895580][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.913126][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.920057][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.952113][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  837.972052][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  838.000565][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.822126][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.828968][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.862139][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.868967][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.902136][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.923833][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.930660][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.982081][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  839.998644][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.052077][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.058899][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.102506][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.132428][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.139241][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.192824][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.199654][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.209430][T10729] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1132'.
[  840.242564][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.249399][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.310987][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.384375][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.391822][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.403120][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.410193][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.439198][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.446659][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.453809][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.460599][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.467978][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.475185][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.522341][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.529169][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.596908][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.652906][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.660704][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.716934][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.779749][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.817565][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.858710][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.872288][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.879444][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.888083][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.895555][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.912509][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.919627][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.934079][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.941648][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.949600][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.960153][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.967716][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.974906][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.982195][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.990607][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  840.999891][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.007223][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.014690][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.021751][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.068604][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.112063][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.119208][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.126768][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.135388][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.142957][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.150143][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.157485][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.165412][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.187791][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.198346][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.209714][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.220865][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.233324][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.240149][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.252065][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.259143][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.268440][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.275664][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.282583][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.289355][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.352135][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.358944][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.406845][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.441870][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.455365][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.492356][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.499178][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.545359][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.569936][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.603624][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.643624][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.699990][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.747558][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.786386][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.821151][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.846385][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.872089][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.878877][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.982393][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  841.989206][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.012844][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.019668][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.027601][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.034791][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.041565][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.048705][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.057338][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.064511][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.071279][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.079203][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.131194][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.146260][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.192195][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.199000][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.426145][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.442104][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.470317][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  842.487927][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.452947][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.459777][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.469395][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.492069][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.498882][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.547177][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.686216][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.752291][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.759076][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.827245][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.857703][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.910376][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.939100][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  843.965615][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.014818][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.021717][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.059244][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.099025][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.142138][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.182550][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.189323][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.268126][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.302183][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.354009][ T5832] kye 0003:0458:5016.0002: unknown main item tag 0x0
[  844.474379][ T5832] kye 0003:0458:5016.0002: hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.6-1/input0
[  844.525928][ T5832] kye 0003:0458:5016.0002: tablet-enabling feature report not found
[  844.558424][ T5832] kye 0003:0458:5016.0002: tablet enabling failed
[  845.295038][T10757] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  845.360292][ T5832] usb 7-1: USB disconnect, device number 3
[  845.656717][T10755] fido_id[10755]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  846.010008][T10769] siw: device registration error -23
[  849.758003][T10797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1145'.
[  851.226902][T10819] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1151'.
[  851.506018][T10826] siw: device registration error -23
[  862.610033][T10938] ==================================================================
[  862.618235][T10938] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370
[  862.625973][T10938] Read of size 8 at addr ffff888026139e18 by task syz.3.1176/10938
[  862.633960][T10938] 
[  862.636332][T10938] CPU: 0 PID: 10938 Comm: syz.3.1176 Not tainted syzkaller #0
[  862.643851][T10938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  862.653963][T10938] Call Trace:
[  862.657287][T10938]  <TASK>
[  862.660266][T10938]  dump_stack_lvl+0x18c/0x250
[  862.665037][T10938]  ? __lock_acquire+0x7d40/0x7d40
[  862.670138][T10938]  ? show_regs_print_info+0x20/0x20
[  862.675412][T10938]  ? load_image+0x400/0x400
[  862.679994][T10938]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  862.685519][T10938]  ? __virt_addr_valid+0x18c/0x540
[  862.690700][T10938]  ? __virt_addr_valid+0x469/0x540
[  862.695877][T10938]  print_report+0xa8/0x210
[  862.700451][T10938]  ? dvb_device_open+0xca/0x370
[  862.705366][T10938]  kasan_report+0x117/0x150
[  862.709948][T10938]  ? chrdev_open+0x3e3/0x6a0
[  862.714612][T10938]  ? dvb_device_open+0xca/0x370
[  862.719635][T10938]  dvb_device_open+0xca/0x370
[  862.724379][T10938]  ? do_raw_spin_unlock+0x121/0x230
[  862.729655][T10938]  chrdev_open+0x5cc/0x6a0
[  862.734204][T10938]  ? cd_forget+0x160/0x160
[  862.738718][T10938]  ? cd_forget+0x160/0x160
[  862.743199][T10938]  do_dentry_open+0x8c6/0x1500
[  862.748027][T10938]  path_openat+0x27f1/0x3230
[  862.752688][T10938]  ? do_sys_openat2+0xda/0x1d0
[  862.757540][T10938]  ? verify_lock_unused+0x140/0x140
[  862.762808][T10938]  ? do_filp_open+0x430/0x430
[  862.767572][T10938]  ? __virt_addr_valid+0x18c/0x540
[  862.772751][T10938]  do_filp_open+0x1f5/0x430
[  862.777308][T10938]  ? vfs_tmpfile+0x490/0x490
[  862.781960][T10938]  ? _raw_spin_unlock+0x28/0x40
[  862.786875][T10938]  ? alloc_fd+0x58f/0x630
[  862.791269][T10938]  do_sys_openat2+0x134/0x1d0
[  862.796007][T10938]  ? do_sys_open+0xe0/0xe0
[  862.800485][T10938]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  862.806531][T10938]  ? lock_chain_count+0x20/0x20
[  862.811446][T10938]  __x64_sys_openat+0x139/0x160
[  862.816377][T10938]  do_syscall_64+0x55/0xa0
[  862.820862][T10938]  ? clear_bhb_loop+0x40/0x90
[  862.825594][T10938]  ? clear_bhb_loop+0x40/0x90
[  862.830327][T10938]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  862.836279][T10938] RIP: 0033:0x7fa96655cfce
[  862.840755][T10938] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  862.860430][T10938] RSP: 002b:00007fa967506b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  862.868910][T10938] RAX: ffffffffffffffda RBX: 00007fa9675076c0 RCX: 00007fa96655cfce
[  862.876942][T10938] RDX: 0000000000000e82 RSI: 00007fa967506c00 RDI: ffffffffffffff9c
[  862.884998][T10938] RBP: 00007fa967506c00 R08: 0000000000000000 R09: 0000000000000000
[  862.893025][T10938] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  862.901139][T10938] R13: 00007fa966816128 R14: 00007fa966816090 R15: 00007ffd30eae978
[  862.909189][T10938]  </TASK>
[  862.912253][T10938] 
[  862.914620][T10938] Allocated by task 1:
[  862.918725][T10938]  kasan_set_track+0x4e/0x70
[  862.923410][T10938]  __kasan_kmalloc+0x8f/0xa0
[  862.928065][T10938]  dvb_register_device+0x2fd/0x2210
[  862.933346][T10938]  dvb_register_frontend+0x649/0x930
[  862.938711][T10938]  vidtv_bridge_probe+0x9ab/0xf80
[  862.943804][T10938]  platform_probe+0x13b/0x1c0
[  862.948566][T10938]  really_probe+0x25b/0xb20
[  862.953207][T10938]  __driver_probe_device+0x18c/0x330
[  862.958538][T10938]  driver_probe_device+0x4f/0x420
[  862.963614][T10938]  __driver_attach+0x44e/0x6e0
[  862.968435][T10938]  bus_for_each_dev+0x235/0x2b0
[  862.973353][T10938]  bus_add_driver+0x340/0x630
[  862.978089][T10938]  driver_register+0x23a/0x310
[  862.982912][T10938]  vidtv_bridge_init+0x3d/0x70
[  862.987733][T10938]  do_one_initcall+0x242/0x790
[  862.992556][T10938]  do_initcall_level+0x137/0x1f0
[  862.997557][T10938]  do_initcalls+0x69/0xd0
[  863.001935][T10938]  kernel_init_freeable+0x3ed/0x580
[  863.007188][T10938]  kernel_init+0x1d/0x1c0
[  863.011574][T10938]  ret_from_fork+0x48/0x80
[  863.016051][T10938]  ret_from_fork_asm+0x11/0x20
[  863.020888][T10938] 
[  863.023247][T10938] Freed by task 10757:
[  863.027395][T10938]  kasan_set_track+0x4e/0x70
[  863.032043][T10938]  kasan_save_free_info+0x2e/0x50
[  863.037118][T10938]  ____kasan_slab_free+0x126/0x1e0
[  863.042286][T10938]  slab_free_freelist_hook+0x130/0x1a0
[  863.047832][T10938]  __kmem_cache_free+0xba/0x1e0
[  863.052746][T10938]  dvb_device_open+0x2ee/0x370
[  863.057564][T10938]  chrdev_open+0x5cc/0x6a0
[  863.062134][T10938]  do_dentry_open+0x8c6/0x1500
[  863.066990][T10938]  path_openat+0x27f1/0x3230
[  863.071655][T10938]  do_filp_open+0x1f5/0x430
[  863.076214][T10938]  do_sys_openat2+0x134/0x1d0
[  863.080945][T10938]  __x64_sys_openat+0x139/0x160
[  863.085840][T10938]  do_syscall_64+0x55/0xa0
[  863.090319][T10938]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  863.096273][T10938] 
[  863.098638][T10938] The buggy address belongs to the object at ffff888026139e00
[  863.098638][T10938]  which belongs to the cache kmalloc-256 of size 256
[  863.112742][T10938] The buggy address is located 24 bytes inside of
[  863.112742][T10938]  freed 256-byte region [ffff888026139e00, ffff888026139f00)
[  863.126514][T10938] 
[  863.128872][T10938] The buggy address belongs to the physical page:
[  863.135345][T10938] page:ffffea0000984e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26138
[  863.145559][T10938] head:ffffea0000984e00 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  863.154645][T10938] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  863.162717][T10938] page_type: 0xffffffff()
[  863.167105][T10938] raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000
[  863.175751][T10938] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  863.184382][T10938] page dumped because: kasan: bad access detected
[  863.190839][T10938] page_owner tracks the page as allocated
[  863.196601][T10938] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 16678531043, free_ts 0
[  863.216398][T10938]  post_alloc_hook+0x1c1/0x200
[  863.221230][T10938]  get_page_from_freelist+0x1951/0x19e0
[  863.226869][T10938]  __alloc_pages+0x1f0/0x460
[  863.231512][T10938]  alloc_page_interleave+0x24/0x1e0
[  863.236760][T10938]  alloc_slab_page+0x5d/0x160
[  863.241494][T10938]  new_slab+0x87/0x2d0
[  863.245617][T10938]  ___slab_alloc+0xc5d/0x12f0
[  863.250364][T10938]  __kmem_cache_alloc_node+0x19e/0x250
[  863.255886][T10938]  kmalloc_trace+0x2a/0xe0
[  863.260449][T10938]  bus_add_driver+0x162/0x630
[  863.265228][T10938]  driver_register+0x23a/0x310
[  863.270039][T10938]  usb_register_driver+0x206/0x3d0
[  863.275213][T10938]  do_one_initcall+0x242/0x790
[  863.280042][T10938]  do_initcall_level+0x137/0x1f0
[  863.285122][T10938]  do_initcalls+0x69/0xd0
[  863.289517][T10938]  kernel_init_freeable+0x3ed/0x580
[  863.294777][T10938] page_owner free stack trace missing
[  863.300190][T10938] 
[  863.302550][T10938] Memory state around the buggy address:
[  863.308223][T10938]  ffff888026139d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  863.316340][T10938]  ffff888026139d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  863.324453][T10938] >ffff888026139e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  863.332559][T10938]                             ^
[  863.337493][T10938]  ffff888026139e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  863.345613][T10938]  ffff888026139f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  863.353811][T10938] ==================================================================
[  863.363665][T10938] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  863.370931][T10938] CPU: 0 PID: 10938 Comm: syz.3.1176 Not tainted syzkaller #0
[  863.378430][T10938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  863.388566][T10938] Call Trace:
[  863.391904][T10938]  <TASK>
[  863.394874][T10938]  dump_stack_lvl+0x18c/0x250
[  863.399642][T10938]  ? show_regs_print_info+0x20/0x20
[  863.404907][T10938]  ? load_image+0x400/0x400
[  863.409650][T10938]  panic+0x2dc/0x730
[  863.413599][T10938]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  863.419811][T10938]  ? bpf_jit_dump+0xd0/0xd0
[  863.424380][T10938]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[  863.430482][T10938]  ? _raw_spin_unlock+0x40/0x40
[  863.435390][T10938]  ? dvb_device_open+0xca/0x370
[  863.440335][T10938]  check_panic_on_warn+0x84/0xa0
[  863.445341][T10938]  ? dvb_device_open+0xca/0x370
[  863.450258][T10938]  end_report+0x6f/0x130
[  863.454663][T10938]  kasan_report+0x128/0x150
[  863.459289][T10938]  ? chrdev_open+0x3e3/0x6a0
[  863.463939][T10938]  ? dvb_device_open+0xca/0x370
[  863.468861][T10938]  dvb_device_open+0xca/0x370
[  863.473592][T10938]  ? do_raw_spin_unlock+0x121/0x230
[  863.478858][T10938]  chrdev_open+0x5cc/0x6a0
[  863.483344][T10938]  ? cd_forget+0x160/0x160
[  863.487825][T10938]  ? cd_forget+0x160/0x160
[  863.492312][T10938]  do_dentry_open+0x8c6/0x1500
[  863.497139][T10938]  path_openat+0x27f1/0x3230
[  863.501792][T10938]  ? do_sys_openat2+0xda/0x1d0
[  863.506621][T10938]  ? verify_lock_unused+0x140/0x140
[  863.511876][T10938]  ? do_filp_open+0x430/0x430
[  863.516610][T10938]  ? __virt_addr_valid+0x18c/0x540
[  863.521791][T10938]  do_filp_open+0x1f5/0x430
[  863.526359][T10938]  ? vfs_tmpfile+0x490/0x490
[  863.531034][T10938]  ? _raw_spin_unlock+0x28/0x40
[  863.535939][T10938]  ? alloc_fd+0x58f/0x630
[  863.540347][T10938]  do_sys_openat2+0x134/0x1d0
[  863.545081][T10938]  ? do_sys_open+0xe0/0xe0
[  863.549637][T10938]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  863.555673][T10938]  ? lock_chain_count+0x20/0x20
[  863.560592][T10938]  __x64_sys_openat+0x139/0x160
[  863.565593][T10938]  do_syscall_64+0x55/0xa0
[  863.570681][T10938]  ? clear_bhb_loop+0x40/0x90
[  863.575413][T10938]  ? clear_bhb_loop+0x40/0x90
[  863.580155][T10938]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  863.586114][T10938] RIP: 0033:0x7fa96655cfce
[  863.590580][T10938] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  863.610277][T10938] RSP: 002b:00007fa967506b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  863.618752][T10938] RAX: ffffffffffffffda RBX: 00007fa9675076c0 RCX: 00007fa96655cfce
[  863.626781][T10938] RDX: 0000000000000e82 RSI: 00007fa967506c00 RDI: ffffffffffffff9c
[  863.634821][T10938] RBP: 00007fa967506c00 R08: 0000000000000000 R09: 0000000000000000
[  863.642842][T10938] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  863.650859][T10938] R13: 00007fa966816128 R14: 00007fa966816090 R15: 00007ffd30eae978
[  863.658893][T10938]  </TASK>
[  863.662547][T10938] Kernel Offset: disabled
[  863.666891][T10938] Rebooting in 86400 seconds..