last executing test programs:

2.564011603s ago: executing program 2 (id=21):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

2.482822681s ago: executing program 2 (id=22):
timer_create(0x3, 0x0, &(0x7f00000000c0)=<r0=>0x0)
timer_settime(r0, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
rt_sigaction(0xe, &(0x7f00000000c0)={&(0x7f0000000040)="f30f1efc66450f2832c482adbcaf07000000c4e1fd5aa13c9c43713ef2400f1ed3c4c2e93be7f2262e669f8f88a4a2e100430f12957b280000653ed9fa", 0x8000000, 0x0, {[0x8000]}}, 0x0, 0x8, &(0x7f0000000200))

1.552117856s ago: executing program 2 (id=25):
syz_usb_connect(0x3, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000095af324044060f8077c5010203010902120001000000000904"], 0x0)

492.667188ms ago: executing program 0 (id=31):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "adb6c5b29ca2b8382d00", "7e609086", "bb10000000000001"}, 0x28)

353.933949ms ago: executing program 0 (id=32):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @func={0x5, 0x0, 0x0, 0xc, 0x1}]}}, 0x0, 0x96}, 0x28)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000ef0000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10}, 0x94)

352.019576ms ago: executing program 2 (id=33):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x3, 0x2)
connect$bt_sco(r0, &(0x7f0000000040)={0x1f, @none}, 0x8)

347.872975ms ago: executing program 0 (id=34):
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)
ioctl$EVIOCGLED(r0, 0x80284504, &(0x7f0000000000)=""/56)

292.826601ms ago: executing program 0 (id=35):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1000}, 0x4)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)
sendto$inet(r1, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c)
pselect6(0x40, &(0x7f0000000240)={0x2, 0x0, 0x4, 0x3, 0x2, 0x0, 0x100, 0x5}, &(0x7f0000000040)={0x1d, 0xfffffffffffffffe, 0x40, 0x7eff, 0x0, 0xfffffffffffffffe, 0x71e7, 0x8}, 0x0, 0x0, 0x0)

292.392451ms ago: executing program 2 (id=36):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, 0x0)
statx(0xffffffffffffff9c, 0x0, 0x2000, 0x20, 0xfffffffffffffffe)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x58, 0x2c, 0xd27, 0x30bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0xfff1, 0xc}}, [@TCA_CHAIN={0x8, 0xb, 0x7ff}, @filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_UDP_DST_PORT={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @private0}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)

219.14761ms ago: executing program 0 (id=37):
r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x1, 0xffffffff908811b9, 0xab2, 0x8, 0x0, 0x101, 0x0, 0x0, 0x0, 0x800}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x20, 0x0, 0xffffffffffffffff, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
io_setup(0x2, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x140b, &(0x7f0000000700)=[&(0x7f0000000440)={0x18, 0x7000000, 0x4, 0x1, 0x0, r3, &(0x7f0000000180)='\x00', 0xfdfe}])
dup3(r0, r1, 0x6700000000000000)

217.535638ms ago: executing program 2 (id=38):
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x43, 0x92, 0xd5, 0x20, 0x54c, 0x6c3, 0xeb7a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x87, 0x70, 0x7, [{{0x9, 0x4, 0xcb, 0x1, 0x0, 0x4f, 0x3e, 0xaf, 0xb5}}]}}]}}, 0x0)

132.052573ms ago: executing program 1 (id=40):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getsockopt$sock_int(r0, 0x1, 0x8, 0x0, &(0x7f00000000c0))

131.858127ms ago: executing program 1 (id=41):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="660a00000000000079105100000000009500"], &(0x7f0000000000)='GPL\x00'}, 0x94)

131.612704ms ago: executing program 1 (id=42):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = syz_io_uring_setup(0x493, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f00000000c0), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x1f, 0x3}]}, 0x1, 0x1}, 0x1)

51.150734ms ago: executing program 1 (id=43):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0), 0xe8}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
newfstatat(0xffffffff0000005d, 0x0, 0x0, 0x1000)

50.896581ms ago: executing program 1 (id=44):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000040)={0xc000003, 0xf, &(0x7f0000000180)=[0x1c, 0xa, 0xf909, 0x200005, 0x80, 0x1, 0x7, 0x10, 0xfffffe01, 0x4d, 0x4, 0x2, 0x88, 0x8811, 0x2], 0x1, 0x4000007})

312.908µs ago: executing program 0 (id=45):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{0x0, 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0)
write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

0s ago: executing program 1 (id=46):
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
setreuid(0xee01, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setresuid(0xee01, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:36431' (ED25519) to the list of known hosts.
syzkaller login: [   56.321011][ T5834] cgroup: Unknown subsys name 'net'
[   56.412818][ T5834] cgroup: Unknown subsys name 'cpuset'
[   56.417888][ T5834] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.518042][ T5834] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.619769][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.628535][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.632098][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.635754][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.643847][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.647131][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.658496][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.661693][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.665625][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.668402][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.735483][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.738974][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.742487][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.746312][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.749613][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.931457][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   64.062404][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   64.080977][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.085136][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.087701][ T5854] bridge_slave_0: entered allmulticast mode
[   64.090539][ T5854] bridge_slave_0: entered promiscuous mode
[   64.114911][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.117998][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.121222][ T5854] bridge_slave_1: entered allmulticast mode
[   64.126133][ T5854] bridge_slave_1: entered promiscuous mode
[   64.164039][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.176693][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.186203][ T5859] chnl_net:caif_netlink_parms(): no params data found
[   64.240675][ T5854] team0: Port device team_slave_0 added
[   64.270197][ T5854] team0: Port device team_slave_1 added
[   64.289777][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.292780][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.295529][ T5850] bridge_slave_0: entered allmulticast mode
[   64.298766][ T5850] bridge_slave_0: entered promiscuous mode
[   64.302407][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.305490][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.307884][ T5850] bridge_slave_1: entered allmulticast mode
[   64.310677][ T5850] bridge_slave_1: entered promiscuous mode
[   64.364753][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.367554][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.381015][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.388098][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.390996][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.401148][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.418159][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.421079][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.424792][ T5859] bridge_slave_0: entered allmulticast mode
[   64.428612][ T5859] bridge_slave_0: entered promiscuous mode
[   64.433983][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.436904][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.440103][ T5859] bridge_slave_1: entered allmulticast mode
[   64.444713][ T5859] bridge_slave_1: entered promiscuous mode
[   64.467273][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.488377][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.505668][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.548064][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.553484][ T5850] team0: Port device team_slave_0 added
[   64.559507][ T5854] hsr_slave_0: entered promiscuous mode
[   64.562399][ T5854] hsr_slave_1: entered promiscuous mode
[   64.580378][ T5850] team0: Port device team_slave_1 added
[   64.606999][ T5859] team0: Port device team_slave_0 added
[   64.625420][ T5859] team0: Port device team_slave_1 added
[   64.628227][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.630974][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.641588][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.697139][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.699952][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.709756][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.720644][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.724042][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.734628][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.751732][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.754631][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.764268][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.846413][ T5859] hsr_slave_0: entered promiscuous mode
[   64.849513][ T5859] hsr_slave_1: entered promiscuous mode
[   64.852266][ T5859] debugfs: 'hsr0' already exists in 'hsr'
[   64.854610][ T5859] Cannot create hsr debugfs directory
[   64.859571][ T5850] hsr_slave_0: entered promiscuous mode
[   64.862883][ T5850] hsr_slave_1: entered promiscuous mode
[   64.865637][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   64.867813][ T5850] Cannot create hsr debugfs directory
[   65.120385][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.128483][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.139623][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.156312][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.209304][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.217930][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.224208][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.230274][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.317958][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.341777][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.348695][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.357439][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.462242][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.477984][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.488621][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   65.509449][ T5859] 8021q: adding VLAN 0 to HW filter on device team0
[   65.519626][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.522160][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.530653][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.545401][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.547693][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.551902][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.554646][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.572030][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.574527][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.599602][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   65.629569][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.632473][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.649670][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.652800][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.685782][ T5859] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.694624][ T5858] Bluetooth: hci1: command tx timeout
[   65.694629][   T56] Bluetooth: hci0: command tx timeout
[   65.793526][ T5858] Bluetooth: hci2: command tx timeout
[   65.826668][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.861357][ T5859] veth0_vlan: entered promiscuous mode
[   65.886531][ T5859] veth1_vlan: entered promiscuous mode
[   65.900349][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.912348][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.947845][ T5859] veth0_macvtap: entered promiscuous mode
[   65.961626][ T5859] veth1_macvtap: entered promiscuous mode
[   65.971726][ T5850] veth0_vlan: entered promiscuous mode
[   65.987094][ T5854] veth0_vlan: entered promiscuous mode
[   65.999386][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.006876][ T5854] veth1_vlan: entered promiscuous mode
[   66.016150][ T5850] veth1_vlan: entered promiscuous mode
[   66.022358][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.037703][ T5891] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.042268][ T5891] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.061052][ T5854] veth0_macvtap: entered promiscuous mode
[   66.064008][ T5891] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.071035][ T5891] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.085924][ T5854] veth1_macvtap: entered promiscuous mode
[   66.128549][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.136412][ T5850] veth0_macvtap: entered promiscuous mode
[   66.145946][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.152441][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.164308][ T5850] veth1_macvtap: entered promiscuous mode
[   66.176623][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.195280][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.214838][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.240462][  T391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.246006][  T391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.255245][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.276885][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.291080][ T5891] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.295475][ T5891] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.308271][ T5891] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.323428][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.326052][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.335977][ T5891] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.357259][  T391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.360359][  T391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.440308][ T5859] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.463851][  T391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.474843][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.477929][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.481792][  T391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.546579][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.549626][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.003632][   T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   67.152740][   T24] usb 3-1: Using ep0 maxpacket: 32
[   67.161457][   T24] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[   67.164652][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.167177][   T24] usb 3-1: Product: syz
[   67.168501][   T24] usb 3-1: Manufacturer: syz
[   67.170067][   T24] usb 3-1: SerialNumber: syz
[   67.174732][   T24] usb 3-1: config 0 descriptor??
[   67.586834][   T24] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=0] err=-71
[   67.591136][   T24] peak_usb 3-1:0.0: unable to read PCAN-USB Pro bootloader info (err -71)
[   67.644444][   T24] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71
[   67.652060][   T24] usb 3-1: USB disconnect, device number 2
[   67.772929][ T5858] Bluetooth: hci1: command tx timeout
[   67.773364][   T56] Bluetooth: hci0: command tx timeout
[   67.862841][   T56] Bluetooth: hci2: command tx timeout
[   68.146893][ T5933] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   68.231398][ T5937] netlink: 48 bytes leftover after parsing attributes in process `syz.2.9'.
[   68.583445][ T5902] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   68.732853][ T5902] usb 3-1: Using ep0 maxpacket: 32
[   68.736872][ T5902] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[   68.739978][ T5902] usb 3-1: config 0 has no interface number 0
[   68.742688][ T5902] usb 3-1: config 0 interface 89 has no altsetting 0
[   68.748107][ T5902] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[   68.751555][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   68.754927][ T5902] usb 3-1: Product: syz
[   68.756642][ T5902] usb 3-1: Manufacturer: syz
[   68.758470][ T5902] usb 3-1: SerialNumber: syz
[   68.763570][ T5902] usb 3-1: config 0 descriptor??
[   68.770227][ T5902] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[   68.774426][ T5902] em28xx 3-1:0.89: Video interface 89 found: bulk
[   69.375660][ T5902] em28xx 3-1:0.89: unknown em28xx chip ID (0)
[   69.639067][ T5948] capability: warning: `syz.0.14' uses 32-bit capabilities (legacy support in use)
[   69.644004][ T5948] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   69.841666][ T5881] IPVS: starting estimator thread 0...
[   69.853437][   T56] Bluetooth: hci1: command tx timeout
[   69.853493][ T5858] Bluetooth: hci0: command tx timeout
[   69.911447][ T1885] Bluetooth: hci3: Frame reassembly failed (-84)
[   69.933531][   T56] Bluetooth: hci2: command tx timeout
[   69.962816][ T5957] IPVS: using max 46 ests per chain, 110400 per kthread
[   69.988069][ T5902] em28xx 3-1:0.89: failed to get i2c transfer status from bridge register (error=-5)
[   69.992247][ T5902] em28xx 3-1:0.89: board has no eeprom
[   70.052684][ T5902] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67)
[   70.055699][ T5902] em28xx 3-1:0.89: analog set to bulk mode.
[   70.061149][  T795] em28xx 3-1:0.89: Registering V4L2 extension
[   70.069004][ T5902] usb 3-1: USB disconnect, device number 3
[   70.072633][ T5902] em28xx 3-1:0.89: Disconnecting em28xx
[   70.111466][  T795] em28xx 3-1:0.89: Config register raw data: 0xffffffed
[   70.114764][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   70.117940][  T795] em28xx 3-1:0.89: AC97 chip type couldn't be determined
[   70.121369][  T795] em28xx 3-1:0.89: No AC97 audio processor
[   70.129492][  T795] usb 3-1: Decoder not found
[   70.131562][  T795] em28xx 3-1:0.89: failed to create media graph
[   70.134612][  T795] em28xx 3-1:0.89: V4L2 device video103 deregistered
[   70.140368][  T795] em28xx 3-1:0.89: Registering snapshot button...
[   70.145755][  T795] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input4
[   70.153610][  T795] em28xx 3-1:0.89: Remote control support is not available for this card.
[   70.158055][ T5902] em28xx 3-1:0.89: Closing input extension
[   70.161129][ T5902] em28xx 3-1:0.89: Deregistering snapshot button
[   70.173316][ T5902] em28xx 3-1:0.89: Freeing device
[   70.274743][    T9] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[   70.277606][    T9] usb 2-1: config 0 has no interface number 0
[   70.279857][    T9] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.286071][    T9] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   70.289755][    T9] usb 2-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00
[   70.293340][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.298092][    T9] usb 2-1: config 0 descriptor??
[   70.710173][    T9] uclogic 0003:28BD:0905.0001: Interface probing failed: -22
[   70.713708][    T9] uclogic 0003:28BD:0905.0001: interface is invalid, ignoring
[   70.786675][   T33] audit: type=1326 audit(1758629397.665:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5967 comm="syz.2.22" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6cc678ec29 code=0x0
[   70.915052][ T5872] usb 2-1: USB disconnect, device number 2
[   71.379366][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.381909][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.762658][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   71.933123][ T5858] Bluetooth: hci3: Opcode 0x1003 failed: -110
[   71.933698][   T56] Bluetooth: hci0: command tx timeout
[   71.935539][ T5851] Bluetooth: hci3: command 0x1003 tx timeout
[   71.938442][ T5857] Bluetooth: hci1: command tx timeout
[   71.955354][ T5902] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   71.967509][    T9] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77
[   71.971244][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.975162][    T9] usb 3-1: Product: syz
[   71.977104][    T9] usb 3-1: Manufacturer: syz
[   71.979237][    T9] usb 3-1: SerialNumber: syz
[   71.984896][    T9] usb 3-1: config 0 descriptor??
[   71.990324][    T9] usb 3-1: disable ehci-hcd to run US-144
[   72.014987][   T56] Bluetooth: hci2: command tx timeout
[   72.105360][ T5902] usb 2-1: unable to get BOS descriptor or descriptor too short
[   72.109001][ T5902] usb 2-1: not running at top speed; connect to a high speed hub
[   72.113460][ T5902] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   72.117478][ T5902] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   72.123870][ T5902] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   72.127499][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.130683][ T5902] usb 2-1: Product: syz
[   72.132346][ T5902] usb 2-1: Manufacturer: syz
[   72.134552][ T5902] usb 2-1: SerialNumber: syz
[   72.200258][    T9] usb 3-1: USB disconnect, device number 4
[   72.351738][ T5902] usb 2-1: 0:2 : does not exist
[   72.365958][ T5902] usb 2-1: USB disconnect, device number 3
[   72.381741][ T5931] udevd[5931]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   72.567840][ T5987] tls_set_device_offload_rx: netdev not found
[   73.097623][ T6022] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[   73.101102][ T6022] BUG: unable to handle page fault for address: ffffffff8c558dc0
[   73.104147][ T6022] #PF: supervisor instruction fetch in kernel mode
[   73.107117][ T6022] #PF: error_code(0x0011) - permissions violation
[   73.109721][ T6022] PGD e13d067 P4D e13d067 PUD e13e063 PMD 800000000c4001a1 
[   73.112081][ T6022] Oops: Oops: 0011 [#1] SMP KASAN PTI
[   73.114006][ T6022] CPU: 1 UID: 0 PID: 6022 Comm: syz.0.45 Not tainted syzkaller #0 PREEMPT(full) 
[   73.117198][ T6022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   73.120454][ T6022] RIP: 0010:.str.8+0x0/0x20
[   73.122176][ T6022] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <62> 6d 41 74 74 72 69 62 75 74 65 73 00 00 00 00 00 00 00 00 00 00
[   73.128262][ T6022] RSP: 0018:ffffc90003c364e8 EFLAGS: 00010246
[   73.130388][ T6022] RAX: 0000000000000000 RBX: ffffffff8eff9a40 RCX: 0000000000000000
[   73.133112][ T6022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881101f8000
[   73.135664][ T6022] RBP: 0000000000000000 R08: dffffc0000000000 R09: 0000000000000000
[   73.138196][ T6022] R10: ffffed102203f000 R11: ffffffff8c558dc0 R12: ffffc90003c365a0
[   73.140615][ T6022] R13: 0000000000000000 R14: ffff8881101f8000 R15: 0000000000000000
[   73.143020][ T6022] FS:  00007f281cbf86c0(0000) GS:ffff8881a39dd000(0000) knlGS:0000000000000000
[   73.146087][ T6022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.148047][ T6022] CR2: ffffffff8c558dc0 CR3: 000000002861e000 CR4: 00000000000006f0
[   73.150439][ T6022] Call Trace:
[   73.151478][ T6022]  <TASK>
[   73.152427][ T6022]  ? setup_object+0x3b/0xd0
[   73.153850][ T6022]  ? allocate_slab+0x1fd/0x3a0
[   73.155354][ T6022]  ? ___slab_alloc+0xe94/0x1920
[   73.157112][ T6022]  ? __lock_acquire+0xab9/0xd20
[   73.158883][ T6022]  ? zs_malloc+0x88/0x720
[   73.160220][ T6022]  ? __pfx_crypto_acomp_compress+0x10/0x10
[   73.162038][ T6022]  ? __virt_addr_valid+0x1c8/0x5c0
[   73.163640][ T6022]  ? zs_malloc+0x88/0x720
[   73.165141][ T6022]  ? __slab_alloc+0x65/0x100
[   73.166517][ T6022]  ? kmem_cache_alloc_noprof+0x3f9/0x6e0
[   73.168193][ T6022]  ? zs_malloc+0x88/0x720
[   73.169462][ T6022]  ? zs_malloc+0x88/0x720
[   73.170765][ T6022]  ? sg_init_one+0xf5/0x1c0
[   73.172187][ T6022]  ? zswap_store+0x1062/0x1f40
[   73.173789][ T6022]  ? zswap_store+0x6ff/0x1f40
[   73.175403][ T6022]  ? __pfx_zswap_store+0x10/0x10
[   73.177152][ T6022]  ? do_raw_spin_unlock+0x4d/0x240
[   73.178970][ T6022]  ? swap_entry_swapped+0x139/0x1c0
[   73.180609][ T6022]  ? folio_free_swap+0x1ed/0x370
[   73.182282][ T6022]  ? swap_writeout+0x710/0xd70
[   73.184095][ T6022]  ? shrink_folio_list+0x3011/0x4c70
[   73.186112][ T6022]  ? __pfx_shrink_folio_list+0x10/0x10
[   73.188128][ T6022]  ? css_rstat_updated+0x23a/0x4f0
[   73.189875][ T6022]  ? reclaim_folio_list+0xeb/0x500
[   73.191682][ T6022]  ? __pfx_reclaim_folio_list+0x10/0x10
[   73.193410][ T6022]  ? lru_gen_update_size+0x818/0xd20
[   73.195153][ T6022]  ? __mod_zone_page_state+0xd7/0x140
[   73.196874][ T6022]  ? lru_gen_del_folio+0x359/0x540
[   73.198669][ T6022]  ? reclaim_pages+0x454/0x520
[   73.200259][ T6022]  ? __pfx_reclaim_pages+0x10/0x10
[   73.202074][ T6022]  ? madvise_cold_or_pageout_pte_range+0x194b/0x1d00
[   73.204559][ T6022]  ? madvise_cold_or_pageout_pte_range+0x1974/0x1d00
[   73.206998][ T6022]  ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10
[   73.209397][ T6022]  ? memcg_rstat_updated+0xee/0x220
[   73.211186][ T6022]  ? walk_pgd_range+0xfe9/0x1d40
[   73.212913][ T6022]  ? __pfx_walk_pgd_range+0x10/0x10
[   73.214671][ T6022]  ? rcu_is_watching+0x15/0xb0
[   73.216328][ T6022]  ? lru_add+0xa2f/0xd80
[   73.217791][ T6022]  ? lru_add+0x198/0xd80
[   73.219284][ T6022]  ? __walk_page_range+0x14c/0x710
[   73.221122][ T6022]  ? __pfx_lru_add+0x10/0x10
[   73.222848][ T6022]  ? __pfx_folio_batch_move_lru+0x10/0x10
[   73.225126][ T6022]  ? __lock_acquire+0xab9/0xd20
[   73.226828][ T6022]  ? walk_page_range_vma+0x393/0x440
[   73.228652][ T6022]  ? mlock_drain_local+0x79/0x490
[   73.230360][ T6022]  ? __pfx_walk_page_range_vma+0x10/0x10
[   73.232306][ T6022]  ? mlock_drain_local+0x79/0x490
[   73.234038][ T6022]  ? madvise_vma_behavior+0x311f/0x3a10
[   73.235978][ T6022]  ? __lock_acquire+0xab9/0xd20
[   73.237704][ T6022]  ? __pfx_madvise_vma_behavior+0x10/0x10
[   73.239753][ T6022]  ? finish_task_switch+0x18b/0x950
[   73.241690][ T6022]  ? finish_task_switch+0x266/0x950
[   73.243570][ T6022]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.245435][ T6022]  ? finish_task_switch+0x266/0x950
[   73.247205][ T6022]  ? rcu_is_watching+0x15/0xb0
[   73.248803][ T6022]  ? trace_sched_exit_tp+0x36/0x110
[   73.250869][ T6022]  ? __schedule+0x17ae/0x4cc0
[   73.252581][ T6022]  ? mas_prev_slot+0xb31/0xbb0
[   73.254344][ T6022]  ? find_vma_prev+0xe3/0x150
[   73.256125][ T6022]  ? __pfx_find_vma_prev+0x10/0x10
[   73.258035][ T6022]  ? futex_unqueue+0x22/0x240
[   73.259689][ T6022]  ? __futex_wait+0x1d1/0x3d0
[   73.261312][ T6022]  ? __futex_wait+0x34a/0x3d0
[   73.262965][ T6022]  ? madvise_walk_vmas+0x51c/0xa30
[   73.264723][ T6022]  ? __pfx_madvise_walk_vmas+0x10/0x10
[   73.266636][ T6022]  ? blk_start_plug+0x6f/0x1b0
[   73.268346][ T6022]  ? madvise_do_behavior+0x38e/0x550
[   73.270205][ T6022]  ? __pfx_madvise_do_behavior+0x10/0x10
[   73.272155][ T6022]  ? down_read+0x1ad/0x2e0
[   73.273751][ T6022]  ? do_madvise+0x1bc/0x270
[   73.275333][ T6022]  ? __pfx_do_madvise+0x10/0x10
[   73.277061][ T6022]  ? __x64_sys_madvise+0xa7/0xc0
[   73.278792][ T6022]  ? do_syscall_64+0xfa/0xfa0
[   73.280433][ T6022]  ? lockdep_hardirqs_on+0x9c/0x150
[   73.282283][ T6022]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.284434][ T6022]  ? exc_page_fault+0xab/0x100
[   73.286142][ T6022]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.288223][ T6022]  </TASK>
[   73.289312][ T6022] Modules linked in:
[   73.290722][ T6022] CR2: ffffffff8c558dc0
[   73.292177][ T6022] ---[ end trace 0000000000000000 ]---
[   73.294075][ T6022] RIP: 0010:.str.8+0x0/0x20
[   73.295684][ T6022] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <62> 6d 41 74 74 72 69 62 75 74 65 73 00 00 00 00 00 00 00 00 00 00
[   73.302232][ T6022] RSP: 0018:ffffc90003c364e8 EFLAGS: 00010246
[   73.304434][ T6022] RAX: 0000000000000000 RBX: ffffffff8eff9a40 RCX: 0000000000000000
[   73.307287][ T6022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881101f8000
[   73.310022][ T6022] RBP: 0000000000000000 R08: dffffc0000000000 R09: 0000000000000000
[   73.312825][ T6022] R10: ffffed102203f000 R11: ffffffff8c558dc0 R12: ffffc90003c365a0
[   73.315713][ T6022] R13: 0000000000000000 R14: ffff8881101f8000 R15: 0000000000000000
[   73.318674][ T6022] FS:  00007f281cbf86c0(0000) GS:ffff8881a39dd000(0000) knlGS:0000000000000000
[   73.321972][ T6022] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   73.324296][ T6022] CR2: ffffffff8c558dc0 CR3: 000000002861e000 CR4: 00000000000006f0
[   73.327114][ T6022] Kernel panic - not syncing: Fatal exception
[   73.329915][ T6022] Kernel Offset: disabled
[   73.331307][ T6022] Rebooting in 86400 seconds..

VM DIAGNOSIS:
12:10:00  Registers:
info registers vcpu 0

CPU#0
RAX=2b5d9d4a2b661200 RBX=ffffffff8196a397 RCX=2b5d9d4a2b661200 RDX=0000000000000001
RSI=ffffffff8c03aac0 RDI=ffffffff8196a397 RBP=ffffffff8e007ea8 RSP=ffffffff8e007d80
R8 =ffff88804b032fdb R9 =1ffff110096065fb R10=dffffc0000000000 R11=ffffed10096065fc
R12=ffffffff8fc45d30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1c12a38
RIP=ffffffff8b841dd3 RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b83dd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c39ef8b CR3=0000000027fee000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f120fba7498 00007f120fba7470 XMM03=00007f120fba74a8 00007f120fba74a0
XMM04=00007f121070d100 00007f120fba7460 XMM05=00007f120fba7478 00007f120fba74c0
XMM06=00007f120fba74b8 00007f120fba74b0 XMM07=00007f120fba74a8 00007f120fba74a0
XMM08=0000000000000000 00007f120fa12f0f XMM09=0000000000000000 00007f120fa12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000005b58 RDI=0000000000005b59 RBP=00000000000003f8 RSP=ffffc90003c35b30
R8 =ffff888107160237 R9 =1ffff11020e2c046 R10=dffffc0000000000 R11=ffffffff855472f0
R12=dffffc0000000000 R13=ffffffff99d388f3 R14=ffffffff9a02d140 R15=0000000000000000
RIP=ffffffff8554736c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f281cbf86c0 ffffffff 00c00000
GS =0000 ffff8881a39dd000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=ffffffff8c558dc0 CR3=000000002861e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
