last executing test programs:

2m38.699351802s ago: executing program 4 (id=1025):
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[], 0x30}], 0x1, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00')
preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0)
writev(r0, &(0x7f00000003c0), 0x100000000000022d)
syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x18)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0xffff, 0x4462, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xd38f}, 0x1c)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x78, 0xa0, 0x78, 0x32, 0x1c0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0xaa, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xfffffffd, 0x0, 0x8, 0xa, 0x0, 0x2, 0xa})
syz_usb_connect(0x5, 0x27, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb7, 0x5c, 0x7f, 0x40, 0x547, 0x201, 0x1164, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa2, 0xcd, 0xd2}}]}}]}}, 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f00000005c0)={&(0x7f0000000180)=[{0xc, 0xdefc03308203b0f3, 0x1, &(0x7f0000000080)="fa"}, {0x7f, 0x4011, 0x0, 0x0}], 0x2})

2m35.373851466s ago: executing program 4 (id=1040):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x50c, 0x402)
ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r0, 0x800455d1, &(0x7f00000000c0)) (fail_nth: 2)

2m35.050939047s ago: executing program 4 (id=1041):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi3\x00', 0x20800, 0x0)
ioctl$COMEDI_INSN(r1, 0x8028640c, &(0x7f0000000100)={0xe000003, 0xf21, &(0x7f00000001c0)=[0x1, 0x895, 0xfffffff9, 0xff, 0x1, 0xffffffce, 0x401, 0x8, 0x3, 0x2, 0x6, 0x5d, 0x0, 0x7f, 0x3, 0x8, 0xc60, 0x7, 0x2, 0x969, 0xfffffffa, 0x2, 0x1ff, 0x4, 0x2, 0x2, 0x5, 0x3, 0xb, 0xff, 0x8, 0x4, 0x3, 0x7, 0x81, 0x4, 0x3ff, 0x0, 0x9, 0x3, 0x3, 0x200, 0x5, 0x0, 0xc5, 0x7, 0x8, 0xf, 0x5, 0xad8, 0x9, 0x9, 0x5, 0x9, 0x1, 0xfffffff9, 0x8, 0x5, 0x7fff, 0x7, 0x9, 0x5, 0x6, 0xc2, 0x6, 0xbaa, 0x9, 0x5, 0xe, 0xc, 0x8, 0x5, 0x8, 0x6, 0x9, 0x7, 0x5, 0x6, 0xa, 0x1, 0xc9, 0x7, 0x6, 0x1, 0x7, 0x5, 0xfffffffb, 0x0, 0x4, 0x0, 0x9, 0x0, 0xe, 0x6, 0x4, 0x7, 0x2, 0x0, 0xffffffff, 0xffffffff, 0x2, 0x0, 0x1c000, 0x3, 0x80000001, 0x18000, 0xffff8001, 0x0, 0xa6, 0x2, 0x4ed, 0x9, 0x1, 0x2, 0x2, 0x9, 0xf62, 0xfa5, 0x4, 0x800, 0x6, 0x3, 0x10001, 0x5, 0xfffffff8, 0x0, 0x1, 0x4, 0x7fffffff, 0x1, 0x7, 0x5, 0x8, 0x80, 0xf5, 0x3, 0xaef0, 0x8, 0x8000, 0x124, 0x7, 0x7, 0x8, 0x0, 0x9, 0xad, 0x2, 0x6, 0x5, 0x80000000, 0x6, 0xe2d, 0x0, 0xe, 0x5, 0xfc000000, 0x4, 0x8, 0xffffffff, 0x0, 0xfffffff7, 0xffff, 0xffffffff, 0x3, 0x80000000, 0x9, 0x7, 0x8, 0x9, 0xfffffff2, 0x1, 0x88, 0xe, 0x101, 0x4, 0x4, 0x80, 0xff, 0x800, 0x3, 0x2, 0x4, 0x4, 0x0, 0x7f, 0x9, 0xfffff050, 0xffffffff, 0x2, 0xfffffff2, 0x1b, 0x7ff, 0x2, 0x8, 0x5, 0x100, 0x3, 0x2, 0x8, 0x4, 0x3, 0x0, 0x4, 0x2, 0x3f, 0x0, 0xbe, 0x4, 0x101, 0x7, 0x0, 0x7, 0x5b2, 0xe, 0x4, 0x1, 0x1, 0x0, 0x1, 0x5, 0x3, 0xff, 0xb, 0x2, 0x2, 0x40, 0x7, 0x7f, 0xffffffff, 0x6, 0x0, 0x7fff, 0x9, 0x3f, 0xea, 0x9, 0x2, 0x0, 0x89b, 0x1, 0xba5, 0x8000, 0xff, 0x1c00000, 0x3, 0x6, 0x2, 0x0, 0x7, 0x4, 0x3, 0xd26, 0x4, 0x9, 0x0, 0x80000000, 0x0, 0x7, 0x8, 0x5, 0x9, 0x1dfa, 0x8, 0xfffffffa, 0x0, 0x7, 0x1, 0x9000, 0x5, 0x8, 0x4, 0x1, 0xf3, 0x0, 0x1, 0x35b, 0xce, 0x4, 0xffffffff, 0x9, 0x7, 0x3ff, 0x2, 0x7fffffff, 0x3, 0x19, 0x200, 0x7fff, 0x3ff, 0xc83, 0x1, 0xffff, 0x8c, 0x0, 0x9, 0x4, 0x5, 0xffffffff, 0x200, 0x9, 0x3, 0x8001, 0x5a, 0x7, 0x7, 0x1, 0x8, 0x9, 0x10000, 0x6, 0x8, 0x800, 0x90, 0xfffffffa, 0x2, 0x6, 0x2, 0xc, 0x8000, 0x2, 0x80000000, 0x0, 0x4, 0x5, 0xfffffff9, 0xfffffd0b, 0x5806, 0x200, 0xd, 0x3ff, 0x5, 0x8, 0x1e460000, 0x2, 0x3, 0x9, 0x40b, 0x1, 0x8, 0x40, 0x7, 0x8, 0x40, 0x1000000, 0x68000000, 0xef9, 0x7, 0x6, 0x5, 0x9, 0x6, 0x167, 0x869a, 0x2, 0x81, 0x5, 0xfffffff8, 0x80, 0x1, 0x4f, 0x0, 0x8, 0x80000001, 0x8f, 0x9, 0x4, 0x91b, 0x4f, 0x1, 0x0, 0x9, 0x7, 0x7, 0x9, 0x7, 0x80000000, 0xba, 0x77, 0x8, 0xe, 0xa, 0x3, 0x4, 0x8, 0x7, 0xe5, 0x1, 0x87d8, 0x10, 0x6, 0xffffffff, 0x8000, 0x1, 0xffffff80, 0x8, 0xffff, 0xa, 0x2, 0x2, 0x583c, 0x686, 0x2, 0x4, 0x9, 0xfffffffd, 0x4b90ef7a, 0x4, 0xc3, 0x9, 0x6, 0x8069, 0x5, 0x9, 0xfffffff8, 0x3, 0x200, 0x5, 0x8, 0xb, 0x4, 0x0, 0x1, 0x8, 0x9, 0x7fffffff, 0x40, 0xeb, 0x0, 0x2, 0x5b, 0x1, 0x1, 0x0, 0x100, 0xf6df, 0x5, 0xfffffff7, 0x4, 0x7, 0xfcf4, 0x4, 0x3, 0x7, 0x4, 0xffffffff, 0x4, 0x4, 0x8, 0x68, 0x4, 0xd, 0x101, 0xf0c9, 0x5, 0x3, 0x1, 0xef9, 0xfffffc14, 0x55, 0xfffff050, 0x9, 0x80000001, 0x8df, 0x3, 0x82a, 0x6406da30, 0x9, 0x8000, 0x3, 0x10001, 0xe94a, 0xb41, 0x9, 0x3, 0x7, 0x10000000, 0x1, 0x8, 0x4, 0x0, 0x2, 0x401, 0x100, 0x0, 0x7fff, 0x1, 0x401, 0x7fffffff, 0x5, 0x5, 0x466, 0x14, 0x7, 0x4, 0xd, 0x7, 0x7, 0xc00000, 0x4, 0x4, 0x9, 0x6, 0x3, 0x0, 0xfffffffd, 0x6e, 0x7, 0x8000, 0x9, 0x775, 0x4, 0x668, 0x6, 0x8, 0x4, 0x73, 0x4, 0x1, 0x5, 0x8, 0x9, 0x0, 0x101, 0x1, 0xa12, 0xffffdf7c, 0x8, 0x3, 0x9, 0x0, 0x3, 0x6, 0x0, 0xdf, 0x4, 0x8, 0x6, 0x4, 0x6, 0x4, 0x6, 0x8, 0x7, 0x6, 0x6, 0x7, 0x1, 0x4, 0x7, 0x1, 0xffff, 0x9f6, 0x0, 0x0, 0x9, 0x8b9a, 0x6, 0x7, 0x5d6, 0x9, 0x9, 0x8, 0x7f, 0x1, 0xb828, 0x3, 0x1, 0xffffff01, 0x5, 0x6, 0x2, 0xf, 0x1, 0x9, 0x7, 0x181, 0x8, 0x8001, 0x7, 0x4, 0x800, 0x633, 0x3, 0x1, 0x3, 0x13e80000, 0xffffffff, 0x9, 0xb, 0x6e, 0x587, 0x6, 0x400, 0x7fffffff, 0x7, 0x910, 0x400, 0x16e, 0x6, 0x3, 0x69, 0xe, 0x10001, 0x9e, 0x9d, 0x0, 0x8, 0x5, 0x10, 0x5, 0x3e1, 0x7, 0xb0c9, 0x4, 0x81, 0xffffff9c, 0x0, 0x9, 0x6, 0x1, 0x538e774e, 0x4, 0xe683, 0x1b, 0x1ff, 0x4, 0x2f8, 0x3, 0x5, 0x5, 0x53b, 0x1, 0x9, 0x85, 0xa89, 0x6, 0x5, 0x3, 0x1, 0x5, 0x0, 0x9, 0x0, 0x6, 0x1, 0xffff, 0x22, 0x2, 0x100, 0x6, 0x80000001, 0x8b, 0x8, 0xa0e5, 0xa3, 0x1, 0x9, 0x56, 0x4, 0x3, 0x3, 0x1, 0x6, 0x3, 0x2, 0x80, 0x1, 0x4, 0x8, 0x9, 0x20, 0x5, 0x8758, 0x8001, 0x3, 0x0, 0x9, 0x1, 0xdad0, 0x5, 0x2, 0xfffffff8, 0x0, 0x4, 0x4, 0xb497, 0x7ff, 0x7, 0xa, 0x1, 0x7, 0x7, 0x3, 0xe7, 0x9d, 0x80000000, 0x9, 0x6, 0x0, 0xf532, 0x1, 0x7, 0x100, 0x1, 0x8, 0x5, 0x7fffffff, 0x1, 0x4, 0x7, 0x7, 0xfffffff1, 0xf7e, 0x6, 0x0, 0x200, 0xfffffff9, 0x8, 0x8, 0xc, 0xfff, 0x6, 0xe470, 0x101, 0xfff, 0x6, 0xa19a, 0x4, 0xee, 0x216, 0x3ff, 0x5, 0x80, 0x7fff, 0x9d000000, 0x3ef, 0x1bc, 0x6, 0x1, 0x400, 0x5, 0x0, 0x7ff, 0xca, 0x2, 0x3, 0x5, 0xd690, 0x7ff, 0x0, 0x47, 0x93dd, 0x165c, 0x3, 0x80000001, 0x7, 0x7, 0x5, 0x3ff, 0x1, 0x8, 0x1, 0x9, 0x0, 0x5, 0x6, 0x4, 0x1, 0xf, 0x1, 0x401, 0x4, 0x8, 0xb, 0xe8, 0x86a, 0x1000, 0xa, 0x7, 0x9, 0xbff8, 0xb756, 0x6, 0x0, 0x8, 0x2, 0x114, 0x2, 0x6, 0x80000001, 0xc1, 0x800, 0x4, 0x51892aca, 0x4, 0xfffffffe, 0xffffffff, 0xfffffffd, 0x4, 0x4, 0x40, 0x7, 0x2, 0x61, 0xfc03, 0xffffffac, 0x2, 0xd, 0x0, 0x2, 0x75, 0x1, 0x9, 0x1, 0x6, 0x2, 0x8, 0x9, 0x401, 0x6, 0x3fc2d898, 0xff, 0xb, 0x9, 0x5, 0x2, 0x7, 0x400, 0x9, 0xa, 0xdda, 0x80000000, 0xb, 0xfffffe00, 0x80000000, 0x2, 0x1, 0x7, 0x0, 0xf2, 0xf6f, 0x1, 0x1e6, 0x6, 0x6, 0x74c, 0x4, 0x9d19, 0x6, 0x10001, 0xc, 0x8, 0x40, 0xbe68, 0x2, 0x9, 0x5, 0x1, 0x7, 0x7ab0, 0x0, 0x8a, 0x90, 0x2, 0x8000, 0x8, 0x2, 0x10, 0x0, 0x3, 0x10000, 0xeabb, 0x6, 0x7f, 0xf9, 0x6, 0x7, 0x5, 0x8, 0x1ff, 0x0, 0x1, 0xfffffffd, 0x1, 0x2, 0x5, 0x4, 0x1000, 0x6, 0x4, 0x6, 0x7ff, 0x2, 0x8001, 0x8001, 0x2, 0x3, 0xb, 0x9145, 0x17, 0xa887, 0x1, 0x83bc, 0x3123, 0x10, 0x2, 0x8, 0x23, 0x3, 0x1, 0xffff0000, 0xfffffff9, 0x2, 0xfffffff8, 0x3, 0xe2, 0xffffca26, 0x200, 0x8, 0xd, 0x3, 0x6, 0x9, 0x4, 0x5, 0x401, 0x8, 0xe, 0x4, 0x0, 0x7, 0x401, 0xffffffa3, 0x8, 0x1, 0x5, 0x0, 0x2, 0x8, 0x200, 0x8, 0x9316, 0xdd, 0x0, 0x5, 0x8, 0xed, 0x6, 0x6, 0x0, 0x7, 0x7b4, 0xe14, 0x1, 0x9, 0x49, 0x7, 0x800, 0x6, 0xfffffffe, 0x2, 0x0, 0x2, 0x3, 0xd94e, 0x7, 0x54, 0xfffffe00, 0xedc, 0x80000000, 0x8, 0x9, 0x7, 0x80000000, 0x8, 0x8, 0x0, 0x6, 0x7, 0xec0c, 0xc6, 0x8, 0x5b84, 0x2, 0x0, 0x10001, 0x5, 0xdd, 0x80000001, 0xd1f6, 0x9, 0x3, 0x9, 0x7, 0x101, 0x488, 0x43, 0x4, 0xea, 0x0, 0x400, 0x6, 0xfffffffa, 0xfffffb1a, 0x5, 0xfffffffe, 0x7, 0x9, 0x0, 0x4, 0xbe, 0x5, 0x8f6b, 0x5, 0x400, 0x5, 0x9, 0x1ff, 0x2, 0x5ff5, 0x4, 0xb, 0x52, 0x10001, 0xf2b6, 0x6, 0xb, 0x10001, 0x6, 0xbd, 0x3, 0xfff, 0x1, 0x6, 0xdd0, 0x3, 0x50000000, 0x3, 0x3, 0xfff, 0x6, 0x0, 0x7, 0x81, 0x4, 0x7, 0x9, 0x0, 0x81, 0x101, 0x2, 0x0, 0x5, 0x9, 0x9, 0x5, 0x401, 0x6, 0x1, 0x1, 0x4, 0x1, 0xa0, 0x9, 0x7, 0x101, 0xffffffff, 0x4, 0x5, 0x7, 0xdfc8, 0xa, 0x6, 0x10001, 0xd04, 0x1, 0x3cf3, 0x8, 0x6, 0x3, 0xa5b, 0x8, 0x9, 0x4, 0x2, 0x6, 0xb4f, 0x0, 0x9, 0x3, 0x1, 0xb, 0x1000, 0x45, 0x3, 0x9, 0x7f, 0x62, 0x100, 0x7, 0xc, 0x2, 0x3, 0x7fffffff, 0x86b2, 0x1, 0xb, 0x40, 0x8, 0x401, 0xfffffff7, 0x100, 0x2, 0x7f, 0x2, 0x40, 0x4, 0xffff1a1b, 0x9, 0x7fffffff, 0x6, 0x3, 0x5, 0x1000, 0x6, 0x0, 0x200, 0x3, 0x8, 0x101, 0x7fffffff, 0x1, 0x3a1, 0x1f, 0x0, 0x10000, 0xfffff800, 0x5, 0xd, 0x2, 0x4, 0x4, 0xe3, 0x10, 0x9, 0x3, 0x1, 0x2, 0x800, 0x1, 0x7, 0x0, 0x1, 0x7ff, 0x1ff, 0x200, 0x3ff, 0x7fff, 0x90d5, 0x2, 0x4, 0x2, 0x401, 0x2, 0x8, 0x65, 0x4, 0x7fff, 0x6, 0x10, 0x6, 0x0, 0x80000000, 0x3, 0x1, 0x9, 0xeb, 0x7115, 0x7253, 0x8, 0xa, 0x6, 0xc, 0x3, 0x9, 0x80000000, 0x1, 0x6, 0x8, 0x8, 0x10, 0x2, 0x0, 0x1, 0x4, 0xb, 0x2, 0x8, 0x46d, 0x800, 0x6, 0x2, 0x7, 0xffff, 0x9, 0x3, 0x3ff, 0x8, 0x80000001, 0x3, 0x3, 0x0, 0x9, 0x2, 0x3, 0x2, 0x6, 0x8, 0x6, 0x1ff, 0x5, 0x2, 0x2, 0x1ff, 0x2, 0x4, 0x100, 0xc, 0x3, 0x80, 0x200, 0x7ff, 0x1, 0x4, 0x2, 0x6e2, 0x0, 0x7fffffff, 0xffffffff, 0x1, 0x80000001, 0xfffff568, 0x5, 0x9, 0x10, 0x5, 0x1, 0x2, 0xd91, 0xd4eb528, 0x7, 0x8, 0x9, 0x10000, 0x5, 0x1, 0x0, 0x8, 0xd, 0x4, 0x5, 0x101, 0x9, 0x4, 0x2, 0x104b, 0xff, 0x5, 0x4, 0x7, 0x8, 0x8001, 0xc, 0x9, 0x3, 0x80, 0x9a, 0xff, 0x8, 0x2, 0x7f, 0x9, 0x4, 0x791, 0x3, 0x7f, 0xffffffff, 0x9, 0xc286, 0x2d000, 0x768000, 0x6, 0x80000000, 0x1, 0x2, 0x69, 0x5, 0x5e, 0x10001, 0x3, 0x4, 0x220f, 0x3, 0x99e, 0x2, 0x1, 0x6, 0x4, 0x9, 0x179, 0x2, 0xbf84, 0x7883, 0x7098, 0x8, 0x2, 0x5, 0xd, 0x2, 0x7fff, 0x80, 0xffffff00, 0xffffffff, 0x8, 0x0, 0xfffffffe, 0x1ff, 0x0, 0x8, 0x8, 0x6, 0xfffffffb, 0x40, 0x8, 0x70a6, 0x400, 0x5, 0x7, 0x2, 0x5, 0x1, 0xd, 0xfff, 0x2, 0xb, 0x3a1, 0x3, 0x5, 0x3, 0x4, 0x218, 0x6, 0xffffff01, 0x80, 0x6, 0xe157, 0x62a, 0x48, 0x8d1f, 0x0, 0x0, 0x7, 0x85, 0x9, 0x5, 0x1, 0xc31a, 0x2, 0x6, 0x4, 0xa4000000, 0x6, 0xffffffa6, 0x6, 0x4, 0x4, 0x65d, 0x1d424b64, 0x1, 0x1, 0x7, 0x5, 0x4b35e086, 0x3, 0x9, 0xffffff7f, 0x9, 0x59, 0x2, 0x158, 0x3, 0xa, 0x0, 0x7, 0x2, 0x8, 0x3, 0x6, 0x8001, 0x9, 0x3, 0x0, 0x3, 0x4d14, 0x0, 0xda0, 0x2, 0x8001, 0x4, 0x3, 0xffffff93, 0xe0000000, 0x0, 0x7, 0x4, 0x9, 0x7ff, 0x5, 0x5, 0x5, 0x92, 0xc, 0x9c7, 0x8001, 0xffffffff, 0xe4, 0x7, 0xfffffff7, 0x140a, 0x3, 0xe9d, 0x5, 0x7ff, 0x6, 0x400, 0x5, 0x840, 0x9, 0x1, 0x80, 0xf, 0x704, 0x38c7, 0x5, 0x5, 0x2, 0x2, 0xfffffffe, 0xde, 0x8, 0x6cda4b05, 0x7ff, 0xfffffffb, 0xbce, 0xd, 0xde, 0x9, 0x6, 0x8, 0x61, 0x5, 0xf9, 0x1, 0x2, 0x28c3f1c, 0x6, 0x3ff, 0xfffffffb, 0x7, 0x5, 0xfff, 0x0, 0x1, 0x6, 0x900, 0x2, 0x47, 0x2, 0x8000, 0x10001, 0x75, 0x10, 0x4, 0x2, 0x0, 0x2ff, 0x400, 0x4, 0x5, 0x7ff, 0xfffffff8, 0x7f, 0x7, 0x0, 0x8, 0xf, 0xeb, 0xbb, 0x7, 0x7, 0x92, 0x6, 0x4, 0x8d2, 0x800, 0x9, 0x3, 0x1, 0x3, 0x214, 0xca, 0xe, 0x9, 0x3, 0x4, 0xaddf, 0x0, 0x7, 0xfb8, 0x2, 0x1800, 0x7, 0x3, 0xfffffff9, 0xa, 0x401, 0x1, 0x3, 0x7, 0x8, 0x9, 0x5, 0x200, 0x7, 0x7, 0x3, 0x6, 0xff, 0x8, 0x2, 0xffff, 0x9, 0x7f, 0x9, 0x3, 0xd, 0x9, 0xba6b, 0x7, 0x0, 0xc3, 0x8, 0x9, 0x8, 0x4bcfcd33, 0x40, 0x6, 0x196, 0x6, 0x2, 0x3cb1, 0x6, 0x7, 0x3, 0x35ba, 0x1000, 0x6, 0x81, 0x8001, 0x80000000, 0x9, 0xfffffffc, 0xffffe79a, 0x47f, 0x1, 0x6, 0x0, 0x2, 0xde5d, 0x8001, 0x1e2, 0x1, 0x0, 0x68, 0xfffffffd, 0x400, 0x29d, 0x6, 0xffffffff, 0x7fffffff, 0x8, 0x8, 0x5c0, 0xc, 0x401, 0x10000, 0x8, 0xf2e0, 0x0, 0x3, 0x7ff, 0xb771, 0x180aba87, 0x6, 0x5, 0x2, 0x1, 0x5, 0x80000001, 0x80000000, 0xda, 0x8, 0x5fb, 0xff, 0x8, 0xe37d, 0x9, 0x7, 0x200, 0xb13, 0x6, 0x9, 0x6, 0x6, 0x2, 0x6, 0x6a, 0x3ff, 0x62, 0x0, 0x1ff, 0x9, 0xfd58, 0x101, 0x784, 0x2, 0x6, 0x5, 0x400, 0xc07, 0x0, 0x6, 0x2f, 0x0, 0xffff, 0x3a1, 0x80000001, 0x1000, 0x26, 0xacc, 0x9, 0x3, 0x7fff, 0x388, 0x6, 0x10001, 0x7, 0x7c, 0x1, 0x2, 0x0, 0x200, 0x6, 0x0, 0xce2, 0x3, 0xfff, 0x2, 0x7, 0xff, 0x1, 0x401, 0x7, 0x8e2d, 0x8, 0x0, 0x7fffffff, 0xfffffff7, 0x8, 0x10001, 0x5, 0x0, 0x0, 0x3, 0xfd78, 0x7fff, 0x3, 0x1ff, 0x8, 0x8, 0x6, 0x4, 0x1, 0xc0000000, 0x47d, 0x7f, 0x7, 0x1, 0xe6, 0x3, 0x4, 0x100, 0x6, 0x4, 0x1, 0x800, 0x88, 0x1, 0x6, 0x7, 0x6, 0x3, 0x2, 0x8, 0xfffffffc, 0x0, 0x7e43, 0x1, 0xfd0b, 0x10001, 0x7, 0x7fffffff, 0xffffffff, 0x81, 0x4, 0x10, 0x1000, 0xfff, 0x3, 0x0, 0x3, 0x3, 0x2, 0x40, 0x5, 0x2, 0xff, 0xffff, 0x7, 0x8, 0x2, 0xee, 0x2, 0x6174, 0x0, 0x16000, 0x90, 0x401, 0x80, 0xf5d1, 0x400, 0x9, 0x1, 0x4, 0xfffffff8, 0xa3, 0x80000000, 0xac, 0x8000, 0x7fffffff, 0x6, 0x4, 0x2, 0x8, 0x5, 0x0, 0x40, 0x1, 0x81, 0x7, 0x2, 0xc, 0x37e, 0x401, 0xe7, 0xe1, 0xe, 0x3, 0x6, 0x14, 0x0, 0x620, 0x7, 0x5, 0x0, 0x4, 0x3, 0x3, 0x3, 0x7f, 0x6, 0x21bf0000, 0x9, 0x7ff, 0x1, 0x7fff, 0x0, 0xff, 0x0, 0xea33, 0x6, 0x3c, 0x3, 0x9, 0x6, 0x9, 0x2, 0x2, 0xffff, 0x80, 0x1, 0x1, 0x8, 0xebd9, 0x4, 0xeed, 0xe, 0xffffffff, 0x0, 0x40000000, 0x2800000, 0x4, 0x2, 0x47, 0x7, 0xfffffff7, 0x3, 0x86, 0xf, 0xea, 0x7, 0x401, 0xfc, 0x1, 0x4, 0x6, 0x4, 0xcde, 0xb46, 0xdde7, 0x1000, 0x6, 0x6, 0xffffffc0, 0x1, 0x80000001, 0x3, 0x1, 0x2, 0x7e5, 0x2, 0x7f, 0x9, 0x7, 0x1, 0x7fffffff, 0x3c, 0xfffffff9, 0x80000000, 0x45, 0x6, 0x2, 0x1, 0xa, 0x8, 0x4, 0xe80, 0x3, 0x8, 0x0, 0x1, 0x4, 0xe7e, 0x1, 0x8, 0x4, 0x9, 0x1, 0xd2, 0xbe0, 0x2, 0x899, 0x3, 0xffffffff, 0x80000001, 0x4, 0x1, 0x1, 0x1, 0x5, 0x893, 0x0, 0x101, 0x3, 0x4, 0xc078, 0x8, 0x2, 0xffffffff, 0x4, 0x7, 0x7, 0x7fffffff, 0x3, 0x8, 0xec2, 0x667, 0x100, 0xae5, 0x5, 0x9, 0x9, 0x9, 0x3, 0x1c56, 0xe612, 0x5, 0x8, 0x6, 0x5, 0x5, 0x4, 0x4, 0xfffffff8, 0x7, 0x1, 0x2, 0x2, 0x7, 0x7, 0x3df, 0x401, 0x180, 0xf, 0x2, 0xdfd3, 0x7, 0x400, 0x2, 0x6, 0xff, 0x3, 0x2, 0x5, 0x1b8995e1, 0x0, 0x7, 0x8, 0xeae, 0x3, 0xd7, 0x6, 0x5, 0xe, 0x1, 0xec7e, 0x6, 0x5, 0x4, 0x0, 0xc9, 0xa, 0x7f, 0x8ee6, 0x10001, 0x4, 0x3ff, 0x8, 0x6, 0x9, 0x4, 0x100, 0xd1e, 0x8000, 0x7, 0x9, 0x0, 0x5, 0x792, 0x4, 0x8, 0x3, 0x7, 0x5, 0xffffff89, 0x1fe7b653, 0x8, 0x10001, 0x1, 0x7ff, 0x9, 0x20, 0x48, 0x8, 0x2, 0xfffeffff, 0x8, 0xfffffff3, 0x80, 0x9, 0x101, 0xd0, 0x7, 0xfffeffff, 0x3, 0x9, 0x5, 0xffffffff, 0x509c, 0xba0, 0x81, 0xfffffffa, 0x6, 0x5, 0xd5, 0x4, 0x8, 0x2, 0x2, 0x3, 0x3, 0xffff5acb, 0x1, 0x400, 0xffffffc9, 0x9, 0xffffffff, 0xd, 0xffff614a, 0xff, 0x2, 0x4, 0x3, 0x0, 0x4, 0x4, 0xc9f, 0x7ff, 0x4, 0x9, 0xaa, 0xbda, 0x5, 0x8, 0x66f, 0x1fb, 0x1, 0xc68e, 0x7f360834, 0x400, 0x6, 0x6, 0xfffff801, 0x10001, 0x4de, 0x80, 0x2, 0x1, 0x3c9, 0xf, 0x9, 0xe4c8, 0x3, 0x0, 0x5, 0x8, 0x6, 0x5, 0x6, 0x40, 0xfffffffe, 0x6, 0x8, 0xa03e32a, 0xfffffffc, 0x3, 0x6, 0x5, 0x3, 0x7, 0x7, 0x5, 0x80000001, 0x0, 0x6, 0x3, 0x2, 0x0, 0x0, 0x4, 0x3, 0x40, 0x2, 0x3, 0xffffff00, 0x9, 0x4, 0x1, 0x4, 0x97e, 0x3, 0x9, 0x3, 0x0, 0x0, 0x2, 0x38c1, 0x4b99128b, 0x3, 0x2, 0x400, 0x0, 0x9, 0x80000000, 0xffff, 0xffffffff, 0x3, 0x7ff, 0x7, 0x2, 0x2, 0x81, 0x7, 0x10001, 0x5e, 0x80000001, 0xfffff000, 0x7fff, 0x0, 0x0, 0x5, 0x80000000, 0xb, 0xfffffffc, 0x8, 0x3, 0x80000000, 0x3, 0xa, 0x40, 0x1, 0x3c1, 0x0, 0x60, 0x5, 0x8, 0x200, 0x7, 0x2, 0x3d8d, 0x3a1, 0x7fffffff, 0xff, 0xe6, 0xa461, 0x8, 0x7fff, 0x7, 0x7, 0xf8b, 0x4a, 0x28000000, 0x4, 0x6, 0x0, 0x5, 0x6, 0x80000001, 0x400000, 0x1, 0x6, 0x8, 0x4, 0x9f4, 0x10, 0x4, 0x3, 0xe, 0x80000001, 0x9e, 0x8, 0x8, 0xfffffff7, 0x101, 0x1000, 0x2, 0x1, 0x8, 0x1, 0x6, 0xffffffc0, 0x5, 0x8, 0x79, 0x323, 0x3, 0x7f, 0x1, 0x9, 0xffffff7d, 0x80, 0x80000000, 0xd, 0xfff, 0x9, 0x2, 0xfffffff7, 0xb, 0x7482, 0x48d, 0x8019, 0x14, 0x0, 0x9, 0x1, 0xfa6, 0x3, 0x28fa932c, 0x8505, 0x9, 0x6, 0x12e, 0xa26, 0x4, 0x6, 0x3, 0x7, 0x6, 0xdb, 0x4fab580f, 0x4, 0x4, 0x3, 0x8, 0x3, 0x1, 0x80000000, 0x8, 0xb1ec, 0x0, 0x1, 0xffffffff, 0x401, 0xfffffffd, 0x2, 0x8, 0x7, 0x100, 0x40, 0xa1, 0xfffffff7, 0x2e5, 0x3, 0x2, 0x7f9d, 0xe, 0x1, 0x8, 0x4, 0x4, 0x370, 0x7, 0xb6c4, 0xf, 0x4, 0x80, 0x0, 0x8, 0xd898, 0x8, 0xabe, 0x3, 0x4, 0xffffffff, 0x8, 0x9, 0x6, 0x2, 0x0, 0x3, 0x3, 0x9, 0x203f, 0x3, 0x2, 0x88c, 0x6, 0xdb, 0x903, 0x5, 0x2c46, 0x7da, 0x7, 0x9, 0x8, 0x5, 0x6, 0xfffffff6, 0x1, 0x80000001, 0x1, 0xd1, 0x2, 0x9, 0x426, 0xffffff8d, 0x56, 0x101, 0x1, 0xa, 0x4, 0x5, 0x4, 0x2, 0x1ff, 0x0, 0x6, 0x0, 0xd, 0x8, 0x26af38bc, 0x1, 0x0, 0x3, 0x3, 0x22, 0x8001, 0xff, 0x4, 0x6, 0x0, 0xb, 0x0, 0x200000, 0x2, 0xb, 0x6, 0x7, 0x7, 0x4000000, 0xe, 0x2, 0x1f3, 0x9, 0x6, 0x4, 0x81, 0x9, 0x9, 0x7ff, 0x7, 0x4, 0x8, 0x2, 0x872c, 0x3, 0x6, 0x4, 0x0, 0x80000000, 0x7, 0x7ff, 0x4, 0xce, 0x100, 0xb7f8, 0x129, 0xa24f, 0x3, 0xb, 0x2, 0x4, 0x9, 0x1, 0x54d800, 0x0, 0x8, 0x40000000, 0x264, 0x7, 0x3ff, 0x0, 0x8, 0x80, 0xf, 0x8, 0xffffffff, 0x2, 0x63, 0x7, 0x4, 0x200, 0x0, 0x8, 0x3ff, 0x4, 0x7ff, 0x7, 0x3, 0xa1, 0x7, 0x249b, 0x7, 0x8, 0xe, 0x1, 0x3, 0xffffffff, 0x2, 0xc, 0x1, 0x7, 0xd937, 0x5, 0x0, 0xfffffbff, 0x8, 0x2, 0x0, 0x100, 0x81d1, 0x0, 0x80, 0x4, 0x80, 0xc78, 0xfffffffb, 0x1, 0x4, 0x8, 0xff, 0x3, 0x1247, 0x800, 0xa, 0x18, 0x101, 0x0, 0x5, 0x4, 0x7, 0xfffffff5, 0x4, 0x74fa, 0x0, 0xf4d0, 0x7, 0xd, 0x2, 0x3, 0x6, 0x1ff, 0x6, 0x68c94a74, 0x0, 0x2, 0x1, 0x4, 0x791, 0x8, 0x5, 0x8, 0x1000, 0x8, 0x5, 0x0, 0x4, 0x6, 0x3ec3, 0x5, 0x401, 0x0, 0x2, 0x9, 0x1, 0x7, 0x8657, 0x7, 0xee4, 0x8, 0x9, 0x5, 0x3, 0x7ff, 0xec, 0x3ff, 0x10000, 0x7, 0x8, 0x8, 0xd320, 0xff, 0x8, 0x4, 0x8, 0xff, 0x5, 0x6, 0x7, 0x9, 0x0, 0x80000001, 0x0, 0xc, 0x488, 0xfffffffe, 0x2, 0x5, 0x100, 0x3, 0x58a, 0x7, 0x7, 0x4, 0x8000, 0x5, 0x7, 0x6, 0xe421, 0x9, 0x8001, 0x81, 0xff, 0xaf4, 0x5, 0x5, 0x401, 0x6, 0x8, 0x1000, 0xa1, 0x8001, 0x8, 0x3, 0x6, 0xff, 0x2, 0x200, 0x1, 0x9, 0x7, 0xbd42, 0x7fffffff, 0x1, 0x3, 0x3, 0x3, 0xe9, 0x0, 0x9, 0x1, 0xbc, 0x2, 0x81, 0x7f, 0xffffff3c, 0xd2, 0x3810, 0x0, 0xc, 0x3, 0x9, 0x100, 0x7, 0x3, 0x2, 0x8000, 0x7, 0x9, 0x7fffffff, 0xbd, 0xf96, 0x5e96b1c8, 0x2, 0x44, 0x4, 0x4, 0x80000001, 0x2, 0x3, 0xfffffff7, 0x6, 0x1, 0x3, 0x3ff, 0x0, 0x0, 0x7, 0x8001, 0x3ff, 0x80000001, 0x7, 0x0, 0x14e4, 0x71, 0x7a79, 0x3, 0x9, 0x1, 0x3ff, 0x3, 0xf, 0x1, 0x1ff, 0x3, 0x4, 0x6, 0x2, 0x0, 0x0, 0x2, 0x2, 0x400, 0x6, 0xfffff62d, 0xe990, 0x7d, 0x4, 0x7, 0x81, 0x3d, 0xd9, 0x5, 0x800, 0xfffffffd, 0x1, 0x9aa3, 0xfffffffa, 0x10, 0x2, 0x88, 0x4, 0x1, 0x2, 0xac7c, 0x7, 0x3, 0x741, 0xa3, 0x3, 0xfffffffe, 0x3, 0x8, 0x7, 0x8, 0x7ff, 0x0, 0x82, 0x3, 0x63, 0xd, 0x7, 0x8, 0x4, 0x8, 0x3, 0xfffffff8, 0x55, 0x0, 0x3d8, 0x3ac, 0x2, 0x1, 0x40, 0x4, 0x4, 0x9, 0x4, 0x6, 0x1c000, 0xc, 0x6, 0x9eb0, 0x1, 0x6, 0x1, 0x9, 0x6, 0x9, 0xc8d, 0xd, 0x8, 0x4, 0x6, 0x0, 0x1c000000, 0x25c, 0xffffffff, 0x8000, 0x5, 0x5, 0x0, 0x0, 0x10, 0xfffffff9, 0xf37a, 0x2, 0xff, 0x9, 0x8, 0x1d7, 0x8, 0x8, 0xffffff81, 0x4, 0xc2, 0x5, 0xce5, 0x6, 0x6e8, 0x6, 0x0, 0x7, 0x3ee, 0x2, 0x0, 0x17b2700b, 0x174, 0x9, 0xa1, 0x0, 0x2, 0x5, 0x0, 0x7, 0x8, 0x2, 0x9, 0x5, 0x4, 0x6, 0x1000, 0x8001, 0x7f, 0x7, 0xd5e7, 0x4, 0x80, 0x97, 0x4, 0x4, 0x2, 0x4, 0xfa, 0xffffff01, 0x1, 0x8, 0x7, 0x7, 0xfffff4bd, 0x3ff, 0x6, 0x3, 0x4, 0x2, 0xfffffff7, 0x101, 0x10000, 0x7fffffff, 0x7, 0x8, 0x1, 0x1, 0x9, 0x8, 0x400, 0xff, 0x8, 0x1, 0x2, 0x7, 0x8, 0x5, 0x7, 0xfffffffb, 0x8, 0x4, 0x3, 0xfff, 0x9, 0x6, 0xc, 0x2, 0x3, 0x0, 0x8000, 0x7fff, 0x3d5f, 0xf, 0x3, 0xc, 0x6, 0x80000000, 0x6, 0x3, 0x7f, 0x8, 0x0, 0x40, 0xfffffffe, 0x2, 0xfff, 0x4, 0x8, 0x5, 0x1, 0x3, 0x8, 0x5, 0x101, 0x6, 0x1, 0x0, 0x10001, 0x9, 0x400, 0xffffabe6, 0x3, 0x0, 0x10, 0x5, 0xed, 0xf, 0x3, 0x2, 0xf, 0x0, 0x0, 0x3, 0xfffffffb, 0xe814, 0x7, 0x1, 0x6, 0x101, 0x7, 0x6, 0xffff0001, 0x8, 0x4, 0x3, 0x0, 0x8, 0x6, 0x6, 0x8, 0xf1, 0xfffffd99, 0x8, 0x33, 0x4, 0x0, 0x0, 0xf5, 0x7, 0x1, 0x9, 0x7, 0x0, 0x7, 0x2, 0x2, 0x3, 0x3, 0x3ff, 0x5, 0x0, 0x5, 0x101, 0x7fff, 0x5, 0x0, 0x0, 0x8, 0xeb, 0x6, 0x7fff, 0x200, 0x9, 0x7f4, 0xe3, 0x4, 0x80, 0x10001, 0x3, 0x3, 0xfffffffb, 0x7, 0x1, 0x7, 0xc, 0x3b3, 0x5, 0x9, 0x1000, 0x4, 0x5dfb, 0xb, 0x3, 0x3, 0x9, 0xfffffb28, 0x8, 0x0, 0x7f, 0x4, 0x3e24, 0x8, 0x1, 0x6, 0x3, 0x8, 0x7, 0x4, 0xf, 0x8, 0xfffffff0, 0x1, 0x721, 0x5, 0x5, 0x4d, 0x200, 0x8, 0x54ea, 0xcc, 0x8000, 0xd, 0x226, 0x1, 0x1, 0x9, 0xffff, 0xe, 0x3, 0xe1, 0xb1, 0x800, 0xbf5, 0x80, 0x9, 0x4, 0x3, 0x0, 0x3, 0x3, 0x1, 0x100, 0x5, 0x3107, 0xffffffff, 0x8000, 0x2, 0xa, 0x4, 0xab9f, 0x7, 0x1, 0x7, 0x5, 0x8, 0x7ff, 0x0, 0x0, 0x8, 0x81, 0xb5907c0, 0x37c, 0x2, 0x101, 0x4, 0xffffffff, 0x4, 0x4, 0x4161, 0x2, 0x8001, 0x8eb, 0x9, 0xff, 0x1ff, 0x8, 0x5, 0xc, 0x3, 0x10, 0x8, 0x3, 0x5, 0xf, 0x80000001, 0x5, 0x5, 0x3ddc, 0x6, 0x0, 0x3, 0x3, 0x1, 0xfffffffd, 0xd, 0x7, 0xa5, 0x7, 0x5, 0x5, 0x7, 0x8, 0x0, 0x5, 0x5, 0x2, 0x4, 0x2, 0x400, 0x5702, 0xfffffff3, 0x9, 0xc, 0x819, 0x6, 0xfff, 0x7, 0x4, 0x17, 0x3, 0x5, 0x5, 0x2, 0x4, 0x100, 0x3, 0x1, 0x2, 0xb3, 0x6a11, 0xe, 0x7ff, 0x3, 0xd, 0x3ff, 0x7, 0x3, 0x5, 0x2, 0x9, 0x4, 0x3, 0xfffffff8, 0x6, 0xffff, 0x1, 0x80, 0x7, 0x4, 0x8000, 0x1ae81fa9, 0x0, 0x468, 0x0, 0x7, 0x6, 0x80, 0x7, 0x5, 0x9, 0x7, 0xab43, 0x3, 0x30ee, 0x9, 0x9, 0x9, 0x6, 0x3, 0x400, 0xc34, 0xb, 0x1010, 0x8000, 0x2, 0x1, 0x434e, 0x10, 0x5, 0x4, 0x2, 0xfc9, 0x9b, 0x4, 0xfffffffb, 0x8, 0x3ff, 0x1, 0x7, 0x80000, 0x0, 0x2, 0x1000, 0x7, 0x80000000, 0x5, 0x1, 0x584, 0x9, 0x80000001, 0x0, 0x2, 0x3, 0x40000000, 0x9, 0xfffff2bf, 0x6, 0xffff8000, 0x101, 0x23, 0x101, 0x9, 0x2e7, 0x1000, 0x6, 0x8, 0x0, 0x2000, 0x3, 0x4, 0x7, 0xfffffffb, 0x980, 0xfffffffd, 0x9, 0xd95, 0xa3b, 0x1, 0x4, 0x4, 0x2, 0xfffffff7, 0xc, 0x9, 0xeb7, 0xf, 0xc, 0x80, 0x3, 0x3ff, 0x9, 0x80000000, 0x7f7, 0x71ea, 0x0, 0xe56b, 0x7, 0x9, 0x8, 0x7f, 0x7, 0x1, 0x8, 0x6, 0x9, 0x9, 0xab, 0x7, 0x3, 0xf, 0x8, 0x7f, 0x2, 0x10, 0x800, 0x8, 0x7, 0x5, 0x4, 0x5, 0x4, 0xd, 0x10001, 0x4, 0xe6, 0x7, 0xa9d7, 0x8, 0x0, 0x80000000, 0x80000000, 0xb, 0x2, 0xfffffffa, 0x10, 0x3, 0x5, 0x8, 0x4, 0x10, 0x0, 0xf796889, 0x7ff, 0x1, 0x8, 0x461, 0x6, 0xc, 0x81, 0x2, 0x6, 0x20000, 0x7, 0x6, 0x0, 0xa1e, 0x10001, 0x2, 0x0, 0xb, 0xce1, 0xfff, 0x80000000, 0x2400000, 0x1, 0x3, 0x7, 0x1, 0xfff, 0x40, 0x401, 0x9, 0xb, 0x8f, 0x5, 0x1, 0x5, 0x80000000, 0x4, 0x3, 0x6, 0x6, 0x80000001, 0x7, 0x22, 0x4, 0x0, 0x9, 0x5, 0x0, 0x800000, 0x43b4, 0x1, 0x8, 0x2, 0x3, 0x1, 0x7, 0x7, 0x1, 0xffffffff, 0x1, 0x2, 0x9, 0x2, 0x39, 0x8, 0x2, 0x3, 0x8000, 0x400, 0x4, 0xa, 0x400, 0x4, 0x6, 0x9, 0x10000, 0x101, 0xc4, 0x8, 0x80000001, 0x2, 0x401, 0x800, 0x7, 0xe6400000, 0x7, 0x3, 0x0, 0x4, 0xa43, 0x7fffffff, 0x27e, 0x1, 0xc, 0xa, 0xa93b, 0x2, 0x66, 0x4, 0xfffff562, 0x8, 0x9, 0x66, 0x5, 0x0, 0xf6b7, 0x0, 0x10001, 0x8, 0x3, 0x6, 0xb, 0x5, 0x10, 0x4, 0x2, 0x10, 0xb, 0x6c5, 0x7, 0x6, 0xfffffffd, 0x6, 0x4, 0x3, 0xd, 0x9, 0x0, 0xfffffff3, 0xff, 0x2, 0xec5, 0x0, 0x3, 0x2d, 0x10000, 0x2, 0x401, 0x4, 0x80, 0x2, 0x600, 0x6, 0x7, 0x1, 0x6, 0x9, 0x78, 0x2, 0x0, 0x6, 0x4, 0x1, 0x7fff, 0x3, 0x8, 0x1, 0x3f0, 0x88ba, 0x3, 0x5, 0x5, 0xe1700, 0x6, 0x6, 0x0, 0xe71, 0x1, 0x3, 0x5, 0x5, 0xe3, 0x7ff, 0x9, 0x2, 0xf86c, 0x2, 0x5, 0xffffceae, 0x8, 0x1, 0x3, 0x2, 0x6, 0x442, 0xef, 0x7fff, 0x7, 0x800, 0x10, 0x10001, 0x7ff, 0x9, 0x8, 0x2, 0x1, 0xd, 0x90ca, 0x0, 0x5, 0x3, 0x100, 0x7, 0x0, 0x7fffffff, 0x90, 0x1, 0x400, 0x80000001, 0xf538, 0x7, 0x5, 0xc, 0x2, 0x2, 0x800, 0x80000000, 0x1, 0xfffffffa, 0x4, 0x240, 0x6, 0x6, 0xc, 0x8, 0x4, 0x7, 0xb, 0x9, 0x10001, 0x5, 0x86, 0x4, 0x2, 0x1, 0x81, 0x3, 0x1ff, 0x9, 0x8000, 0x8a, 0x7, 0xf, 0x101, 0x3, 0x6, 0x9, 0xd, 0x2, 0x6, 0x5, 0xfffffffd, 0x4, 0xc246, 0x2, 0x1, 0x5, 0x2, 0x6, 0x0, 0x6, 0x7, 0x2, 0x81, 0x5, 0x400, 0x100, 0x2, 0x7, 0x8, 0xc4de, 0x3, 0x1, 0x5, 0x6, 0x736, 0xf, 0xcd5, 0x3, 0x7ff, 0x1, 0x0, 0xcb, 0x7fffffff, 0x3539, 0x7ff, 0xca5d, 0x9427, 0x4, 0x16a5d2c7, 0x5, 0x5, 0x3, 0x8, 0xffff, 0x2, 0x7, 0xb885, 0x6, 0x7, 0x9, 0x209, 0x1000, 0x4, 0x9d, 0x8190, 0x1, 0x6, 0x2, 0x5641, 0x6669, 0x5, 0x7, 0x0, 0xffffffc0, 0x2, 0x9, 0x3, 0x2, 0x1, 0x0, 0x62, 0x0, 0x10000, 0xfffffff8, 0xffff, 0x101, 0x6b, 0x8ed, 0xd25, 0xd, 0x912f, 0x81, 0x5ac6, 0x5, 0x0, 0x6c, 0x0, 0x3, 0xe, 0x100, 0x7, 0x10001, 0x0, 0x5, 0xffff69c0, 0x5, 0x3, 0x2, 0xfc4, 0x0, 0x100, 0x2f1, 0x4e18, 0x2aa, 0x2, 0x4, 0x7fffffff, 0xdb, 0x9, 0xffd, 0x4, 0x6, 0x2, 0x5, 0x1, 0x8, 0xd, 0xc1, 0x1, 0x2, 0x8, 0xfffffffc, 0x80000000, 0x1000, 0x8, 0x7, 0x6, 0x5, 0x8, 0x246, 0x3, 0x200, 0x8, 0x7800000, 0x200, 0x6, 0x45, 0x10000, 0x81, 0x2, 0x5, 0x0, 0x1, 0x9, 0x5, 0x80000000, 0x2, 0x20400, 0xe52f, 0x8, 0x8, 0x0, 0x3, 0x8001, 0x4, 0x5, 0x7ff800, 0x4c, 0x57fd, 0x6, 0x8001, 0x401, 0x7, 0x8, 0x81, 0xdae2, 0x7, 0x6, 0x7, 0x3, 0xff, 0x3, 0x4, 0x9, 0x1, 0x5, 0x9, 0x8, 0x35, 0x5d, 0x40, 0x7fff, 0x1000, 0xf4, 0x7, 0x4, 0x7, 0xa, 0x6, 0xf714, 0x8000, 0xfffffffa, 0x7887, 0x10001, 0x80000000, 0x10001, 0x485b2621, 0x1, 0xffffffff, 0x401, 0x8, 0xc, 0x0, 0x1, 0x3, 0x1, 0x6, 0x2, 0x349, 0x7, 0x1, 0x4, 0x1ff, 0x4, 0x5, 0x2, 0x0, 0x100, 0xb289, 0x9, 0xfffffffc, 0x3, 0x6, 0xa347, 0x2, 0x401, 0xdffa, 0x3, 0x6, 0xfffffffe, 0x2, 0x3, 0xd63a, 0x1, 0x1, 0xffff, 0x3, 0x4, 0xd8, 0x99, 0x10000, 0x2, 0x2, 0x8001, 0x4, 0x4, 0x4, 0x80000001, 0x4, 0x37e, 0xd19, 0x734, 0x8, 0x80, 0x7fff, 0xfffffffe, 0x824e, 0x5760, 0x8b, 0xf42, 0x5, 0x2, 0x6, 0x3, 0x4, 0xffffffdf, 0x2, 0x6, 0x2, 0x62, 0xb5, 0x4, 0x7fffffff, 0xffff0000, 0x1, 0x7fffffff, 0xff, 0xe, 0x2, 0xe66, 0x4, 0x0, 0x400, 0x5, 0x8001, 0x7, 0x7, 0x4, 0x4, 0x4, 0x5, 0x9, 0x8, 0x1, 0x4, 0x8, 0x1ff, 0x101, 0x0, 0x401, 0x9, 0x4, 0xa, 0xd0, 0x8, 0x9, 0x4, 0x81, 0x4, 0x0, 0x7ff, 0x1ff, 0xfffffe00, 0x1, 0x80000001, 0xfffffff9, 0x0, 0x4, 0x7fffffff, 0x8, 0x8000, 0x7, 0x5, 0x100, 0x401, 0x40, 0x7, 0x5, 0x9, 0xfffffff7, 0xb0d5, 0x10001, 0x3, 0x1, 0x8, 0x9, 0x9, 0x2, 0x1, 0x4, 0x3, 0x1, 0x8, 0x1000, 0x5, 0x2, 0x100, 0x0, 0x4, 0x5, 0x6, 0xfc, 0x0, 0x9, 0x12, 0x80000001, 0x6, 0x4, 0x7fff, 0x9, 0x6, 0xea47, 0x101, 0x8098, 0x9, 0xc4, 0x9, 0x3, 0x9, 0x0, 0x1, 0x2, 0x81, 0x6, 0x3c, 0x10001, 0x6, 0xd6, 0x6, 0x0, 0xffffffff, 0x9, 0x80, 0xaa, 0x4, 0x5c, 0x101, 0x1, 0xfffffbff, 0x679, 0x8, 0x9, 0x9, 0x10001, 0x1, 0x7, 0x8, 0x3234, 0x80000000, 0x3a15, 0x0, 0x9, 0x8001, 0x0, 0x9dd, 0x0, 0x3c0e, 0x59b5531a, 0xc, 0x10001, 0x1ff, 0x200, 0xaac, 0x3764, 0x7, 0x100, 0x2, 0x7fffffff, 0x7, 0x3, 0x4, 0xa, 0x3, 0x3ff], 0x0, 0x817})

2m34.994852698s ago: executing program 4 (id=1043):
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x40000000000002, 0x410000)
pselect6(0x40, &(0x7f0000000040)={0x9, 0x62ca, 0x20, 0x0, 0x100000, 0xffffffffffffffff, 0x53, 0xecbc}, 0x0, 0x0, 0x0, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f0000000100)={0x38, 0x5, 0x42, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4000}, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40186f40, &(0x7f0000000080)={0x1, 0x0, 0xfffffffd, 0x0, 'syz1\x00', 0x5})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)

2m34.915007503s ago: executing program 4 (id=1045):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x206bdf}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, 0x0, 0x0)
sendmmsg$inet6(r3, 0x0, 0x0, 0x4000001)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
getpeername$qrtr(r4, 0x0, &(0x7f00000001c0))
dup(r3)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r6, &(0x7f00000015c0)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x1000, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e22, 0x1ff, @mcast2, 0xfffffff8}, 0x1c, 0x0, 0x0, &(0x7f00000014c0)=[@rthdr={{0x18, 0x29, 0x39, {0x67, 0x0, 0x0, 0x4}}}], 0x18}}], 0x2, 0x84)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
ioctl$TIOCGICOUNT(r5, 0x5409, 0x0)
syz_usb_connect(0x5, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e31"], 0x0)

2m31.860748977s ago: executing program 4 (id=1055):
socket$nl_netfilter(0x10, 0x3, 0xc)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, 0x0, &(0x7f0000000080)) (async)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, 0x0, &(0x7f0000000080))
sync()
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000000380)}}], 0x1, 0x2000c044)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000010000000000000000000001800000004000000000000000700000085100000fbffffff18640000030000000000000002000000"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x72, &(0x7f0000000000)=""/114, 0x41000}, 0x94)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) (async)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000180))
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x8044)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
landlock_restrict_self(0xffffffffffffffff, 0x0)
socket(0x1a, 0x3, 0x0)
syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) (async)
r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x1, 0x13, 0x4}) (async)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x1, 0x13, 0x4})
ioctl$DVB_DEMUX_DMX_ADD_PID(r2, 0x40026f33, &(0x7f0000000100)=0x808c)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f0000000000)={0xc, 0x1, 0x2, 0x1, 0x4})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'pim6reg0\x00', &(0x7f0000000040)=@ethtool_cmd={0x3c, 0x6, 0xffffff81, 0x3, 0xe8, 0x6, 0x0, 0x6, 0x1, 0x2, 0xfffffffd, 0xfffffffd, 0x200, 0x10, 0xa2, 0x3, [0x9, 0xfffffff9]}})

2m16.250693292s ago: executing program 32 (id=1055):
socket$nl_netfilter(0x10, 0x3, 0xc)
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, 0x0, &(0x7f0000000080)) (async)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, 0x0, &(0x7f0000000080))
sync()
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000000380)}}], 0x1, 0x2000c044)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000010000000000000000000001800000004000000000000000700000085100000fbffffff18640000030000000000000002000000"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x72, &(0x7f0000000000)=""/114, 0x41000}, 0x94)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4) (async)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) (async)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000180))
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x8044)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
landlock_restrict_self(0xffffffffffffffff, 0x0)
socket(0x1a, 0x3, 0x0)
syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) (async)
r2 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x1, 0x13, 0x4}) (async)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x1, 0x13, 0x4})
ioctl$DVB_DEMUX_DMX_ADD_PID(r2, 0x40026f33, &(0x7f0000000100)=0x808c)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r2, 0x40146f2c, &(0x7f0000000000)={0xc, 0x1, 0x2, 0x1, 0x4})
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'pim6reg0\x00', &(0x7f0000000040)=@ethtool_cmd={0x3c, 0x6, 0xffffff81, 0x3, 0xe8, 0x6, 0x0, 0x6, 0x1, 0x2, 0xfffffffd, 0xfffffffd, 0x200, 0x10, 0xa2, 0x3, [0x9, 0xfffffff9]}})

1m4.643685633s ago: executing program 2 (id=1357):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="280100002f00010000000000fcdbdf250801f2800c00180008ac0f000010000014000100fc00000000000000000000000000000008004400", @ANYRES32=0x0, @ANYBLOB="d90062802400328008004100b20000000800ca00ac1e000108003d00fcffffff0400c58004008a800800a18004000f80c073bf8f025953f538087c2947af34d793a12e66cd988ba2df542272ddf8f3b0634ff9883b7914bc9c92aafa8bb7b0c0552ff62f4a9716d08229fbc0558c09235f84d6771d08666d8b337ac75c741e4e77f4a9bc443c6a07af22469f8689554aa0e81e897ed6146a5b6cb1adf5cecbe76fb07a1c2610d17b8d3c80cfe639ce824597e338c1bb6a7d118257e8e8ac7e1f1c03054e4ec9bce7dfd5f3620229ab929fb9ebb5658776ab26000000100002800c0001"], 0x128}], 0x1, 0x0, 0x0, 0x1}, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8005, 0x0, 0xe1, 0x1, 0xfffffe0000000001, 0xfa11, 0x2}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r3, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="100028bd7000fcc3fc03000000000000000001000000eb95eae1a773055fccdacd755ef036fbcddeb8d904f91536e8245853804da851f1fe9383d4143b03b30d5f1137e39b334b94494445c0040655909e48524884f0d6538c74b641a061717b083c058c81a03115e3d2f417e66712ca8b691a044f312d9940fcce06"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20008814)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}, 0x7}, 0x1c)
socket$kcm(0x29, 0x5, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000003ea500794a"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xd, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000006000000850000001300000018110000", @ANYRESHEX=r5, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa20000000000005d705c96f8ffffffb703000008025533f28f0389dc0000008500000082bc05f00100000000000000"], &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x8, 0x14, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000380)=""/20, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x28181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x10002, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r7, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x261f]}}], 0xffc8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
unshare(0x2e020080)
r8 = syz_clone(0x4201000, 0x0, 0x1e, 0x0, 0x0, 0x0)
wait4(r8, 0x0, 0x40000000, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, &(0x7f0000000080))
r9 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r9, 0xc0984124, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})

1m0.103409845s ago: executing program 2 (id=1373):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x599, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900), 0x404, r3, 0x0, 0x1ba8847c99}, 0x38)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000a40)=[@in6={0xa, 0x4e24, 0x10000, @remote, 0x5}, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e20, 0x1000, @mcast2, 0x10}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e22, 0x1, @loopback, 0x80000000}, @in6={0xa, 0x4e24, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffe}, @in={0x2, 0x4e24, @local}, @in6={0xa, 0x4e21, 0x0, @mcast1, 0xb0000000}, @in6={0xa, 0x4e24, 0x26e831c1, @rand_addr=' \x01\x00', 0x401}, @in6={0xa, 0x4e20, 0x7, @mcast2, 0x10000}], 0xf4)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000880)={0x1b, 0x0, 0x0, 0x93d, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x7fffffff}, 0x50)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000040)=0x4)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x6, &(0x7f0000000140)={r8, @in={{0x2, 0x4e21, @local}}}, &(0x7f0000000080)=0x84)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xa, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000340)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000380)=[0x0], &(0x7f00000003c0), <r10=>0x0, 0x7c, 0x0, 0x0, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x2f, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
r11 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000780)=ANY=[@ANYBLOB="0f0000000400000008000000cc0a000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r11, &(0x7f0000000880), 0x0}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x17, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2a, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x0, &(0x7f0000000640)=[r11, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x4}, 0x94)
r12 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000002c0)='.\x00', &(0x7f0000000140), 0x8000, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r12}, 0x2c, {'wfdno', 0x3d, r12}})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, <r13=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000680)='%-010d \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x14, 0x14, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd0cf, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@map_val={0x18, 0xb, 0x2, 0x0, r9, 0x0, 0x0, 0x0, 0x5}, @jmp={0x5, 0x1, 0xa, 0x7, 0x5, 0x4, 0xfffffffffffffffc}, @btf_id={0x18, 0x9, 0x3, 0x0, 0x2}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000180)='syzkaller\x00', 0x8001, 0x3, &(0x7f00000001c0)=""/3, 0x41000, 0x56, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x7, 0x5}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0x2, 0x8000, 0x6}, 0x10, r10, 0xffffffffffffffff, 0x3, &(0x7f0000000700)=[0xffffffffffffffff, 0xffffffffffffffff, r12, r13], &(0x7f0000000740)=[{0x0, 0x4, 0x2, 0x4}, {0x1, 0x1, 0xa}, {0x4, 0x2, 0x10, 0x8}], 0x10, 0xfff}, 0x94)
r14 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000002000000000000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r4, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r14, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0x0, 0x0}}, 0x10)

53.470916156s ago: executing program 2 (id=1403):
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
pipe(&(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x102)
socket(0x400000000010, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_ENUMINPUT(r1, 0xc050561a, &(0x7f0000000100)={0x2, "e93c65ae3b437714d3c4c3dfe2abb1d326854a5c63e0552d97eb84a75c63037b", 0x3, 0x8, 0x2, 0x400, 0x20100})
r2 = openat$selinux_policy(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x190ec)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$video4linux(0x0, 0xfff, 0x4100)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040563d, &(0x7f0000000080)={0x1, 0x0, 0x102, 0x0, {0x20000000, 0xfffffffc, 0x7}})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
r4 = openat$fb0(0xffffffffffffff9c, 0x0, 0x103c80, 0x0)
ioctl$FBIOPUTCMAP(r4, 0x4605, 0x0)

53.179843686s ago: executing program 2 (id=1408):
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r6, 0xd1bd17c4b9ef5e5b, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x90)
fcntl$getown(r5, 0x9)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/ip_vs_stats\x00')
preadv(r8, &(0x7f0000000280)=[{&(0x7f0000000080)=""/44, 0x2c}], 0x1, 0x3f, 0x6a76)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r9=>0x0, 0x2c, &(0x7f00000002c0)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0xff, 0x0}}, @in6={0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}]}, &(0x7f0000000180)=0x10)
ioctl$VIDIOC_SUBDEV_G_CROP(0xffffffffffffffff, 0xc038563b, &(0x7f0000000080)={0x1, 0x0, {0x8a, 0x80000000, 0x4, 0x1ff}})
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000003c0)=@sack_info={r9, 0x1, 0x1}, 0xc)

52.205834499s ago: executing program 2 (id=1411):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001000000000000f8ffffff00000a54000000060a0b040000000000000000020000022800048044b6d6cc0b000100657874686472000014000280080001400000000208000640000000020900010073797a30000000000900020000087a3200000000140000001100010000000000000000000000000a"], 0x7c}, 0x1, 0x0, 0x0, 0x26020895}, 0x4000800)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f000019"], 0xfe33)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000140)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket(0x28, 0x1, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setrlimit(0xa, &(0x7f0000000300)={0x5, 0x2})
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000240)=""/77, 0x4d, 0x104dbe)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x19, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000001000000ff"], 0x48)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sched_setparam(0x0, &(0x7f0000000340)=0xc)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)

51.224092438s ago: executing program 2 (id=1416):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) (async)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) (async)
vmsplice(r2, &(0x7f00000004c0)=[{&(0x7f0000000300)='8', 0x1}], 0x1, 0x1) (async)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="78010000", @ANYRES16=r4, @ANYBLOB="010025bd7000fbdbdf2501000000040001800400018058010280340001800800010008000000080001000800000008000100060000000800010002000000080001000e00000008000100040000002400018008000100090000000800010002000000080001000e0000000800010000000000340001800800010002000000080001000700000008000100030000000800010008000000080001000700000008000100000000000c0001800800010004000000340001800800010005000000080001000000000008000100070000000800010008000000080001000500000008000100010000000c00018008000100080000000c00018008000100000000004c0001800800010001000000080001000700000008000100020000000800010002000000080001000600000008000100040000000800010001000000080001005a116f690800010008000000240001800800010007000000080001000400000008000100050000000004000300"], 0x178}}, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x7, 0x414000)
setsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f0000000100)=0x4b52, 0x4)

36.160738175s ago: executing program 33 (id=1416):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) (async)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) (async)
vmsplice(r2, &(0x7f00000004c0)=[{&(0x7f0000000300)='8', 0x1}], 0x1, 0x1) (async)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="78010000", @ANYRES16=r4, @ANYBLOB="010025bd7000fbdbdf2501000000040001800400018058010280340001800800010008000000080001000800000008000100060000000800010002000000080001000e00000008000100040000002400018008000100090000000800010002000000080001000e0000000800010000000000340001800800010002000000080001000700000008000100030000000800010008000000080001000700000008000100000000000c0001800800010004000000340001800800010005000000080001000000000008000100070000000800010008000000080001000500000008000100010000000c00018008000100080000000c00018008000100000000004c0001800800010001000000080001000700000008000100020000000800010002000000080001000600000008000100040000000800010001000000080001005a116f690800010008000000240001800800010007000000080001000400000008000100050000000004000300"], 0x178}}, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x7, 0x414000)
setsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f0000000100)=0x4b52, 0x4)

11.133681856s ago: executing program 5 (id=1598):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x11000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0xd, 0x8031, 0xffffffffffffffff, 0xb4e02000)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019c80)=""/102400, 0x19000)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_DIVISOR={0x8}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3d1, 0x3, 0x20000000, 0x6, 0x7b6}, 0x76}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x94}}, 0x2)
ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000000)=r3)

10.443289101s ago: executing program 5 (id=1601):
syz_usb_connect$cdc_ecm(0x5, 0x62, &(0x7f0000000cc0)=ANY=[@ANYBLOB="12011001020000082505a1a4400001020301090250000101031007090400860202060006052406000005240003000d240f0103000000090000000915247c0700a317a88b045e4f01a607c0ffcb7e392a09058202080000e500090503020004bcfe01"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xfffffffffffffff7}]}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x5}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELFLOWTABLE={0x80, 0x18, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0x24, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'netpci0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x174}}, 0x0)
r3 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4})
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r3, 0x40146f2c, &(0x7f0000000080)={0x6, 0x0, 0x2, 0x2})
syz_emit_ethernet(0x46, &(0x7f0000000140)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x4100}}}}}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newlink={0x38, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x40083}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4840)
r4 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r4, 0x0, 0x0, 0x0, 0x1000)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r6 = socket(0x400000000010, 0x3, 0x0)
write(r6, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1, 0x10ffff, 0xfffffffd, 0x1})
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x24, 0x0, 0x0)

10.358195935s ago: executing program 1 (id=1602):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x203, 0x0)
write$dsp(r0, &(0x7f0000000000), 0x0)

10.212565279s ago: executing program 1 (id=1604):
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
memfd_create(&(0x7f00000000c0)='\xe9`\x10\x98[\x82?O3#\xfa\x02\xdc\x96\xa1\xbc\x80\x00+\xb6O', 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000900)={0x1}, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@pptp={0x18, 0x2, {0x3, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000700)="51a1c4915c7222ec89970b23c486b3299cbe0958905b6c84449ce4b094eedadca08a8b33ce9de98f3f0dc7d96b988eebb92b584ca26ebfcfd01a30cf7e5f95c16acd8496ec2e7400e6284f95f2003dcbfec1106191d0da918dcde5b7bf83b3ce6962b7ac3a6ac9068aa1a065fee4384e1c03bb32652ab90a8c7406229fd0128e8399f532b26c98249b428a95", 0x8c}, {0x0}], 0x2, &(0x7f0000000c00)=[{0xb0, 0x0, 0x5, "4b91fc975ed660de3f38ce680ec74743fba753e7ad20a135718fbdd34f28477f0aed8059743bb074bc7853a9d692ec11bac69a7122ce26fc472330f1a51fb8d62d4038940274d6d20abdb26238bc2f2b015d28680e03903eb67edda95ce4d261dc5886b4aa420d2ad48675e72db8b23b1f668311e92e3d20e92d69a4f04b49203690cf536f0bef8f64394b8ddf8a33f8e8b17339e88ab833c6ba29056893d430"}], 0xb0}, 0x0, 0x8010, 0x1})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

9.639878856s ago: executing program 3 (id=1606):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000000c0)={0x2000})
recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x300}, 0x1f00)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r3, 0x80089419, &(0x7f0000000180))
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f00000000c0)=0x1, &(0x7f0000000180)=0x4)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffff7, 0x3}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', <r9=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfd1e, 0x4, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @multicast}, 0x14)

8.651336503s ago: executing program 0 (id=1608):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
symlinkat(&(0x7f0000002740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000880)='./file0\x00')
r4 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0xdcb8, 0x10, 0x1, 0x89}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0xdddd0000, 0x1000, &(0x7f000000d000/0x1000)=nil})
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x77, 0x10000})
io_uring_enter(r4, 0x3518, 0xaddf, 0x2, 0x0, 0x0)

7.451915415s ago: executing program 0 (id=1609):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[], 0x84}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, 0x0)
ptrace(0x10, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2c, 0x40, 0x1, 0x70bd2a, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x14, 0x1, 0x0, 0x1, [@nested={0x10, 0x10, 0x0, 0x1, [@nested={0xc, 0xb, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@loopback}]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c801}, 0x40080b4)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='smaps_rollup\x00')
read$FUSE(r5, &(0x7f00000005c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
io_uring_setup(0x346, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf2})
io_setup(0x80000001, &(0x7f0000000080))
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000003, 0x13, r7, 0x8b24f000)
prlimit64(r6, 0x2, &(0x7f0000000280)={0xab9, 0x867}, &(0x7f0000000300))
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x5c, r2, 0x917, 0x1000, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @loopback={0xffff0000}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44}, 0x0)
ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x40085511, 0x0)

7.271528966s ago: executing program 3 (id=1610):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
symlinkat(&(0x7f0000002740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000880)='./file0\x00')
r4 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0xdcb8, 0x10, 0x1, 0x89}, &(0x7f00000003c0)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0xdddd0000, 0x1000, &(0x7f000000d000/0x1000)=nil})
ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x77, 0x10000})
io_uring_enter(r4, 0x3518, 0xaddf, 0x2, 0x0, 0x0)

7.270493898s ago: executing program 1 (id=1611):
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
timerfd_create(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
syz_open_dev$dvb_demux(0x0, 0xfffffffffffffffd, 0x2000)
r1 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000140)={'full'}, 0xfffffdef)

6.271076826s ago: executing program 3 (id=1612):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c00038008"], 0x34}, 0x1, 0x0, 0x0, 0x4008010}, 0x8000)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x86280, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, 0x0, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000b4d8ffff00000000000000008500000029000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8000000b70300000100000085000000730000009500"/96], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000001900)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x4010aeaa, &(0x7f00000000c0)={0xc89})
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = gettid()
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000001100000000000000000a3c000000120a01020000000000000000020000000900020073797a31000000000800044000000000090001007379"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x20, 0x13, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc085}, 0x40000c0)
timer_create(0x4, &(0x7f00000005c0)={0x0, 0x29, 0x800000000004, @tid=r3}, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x40000, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg1\x00'}]}, 0x50}}, 0x0)
ioprio_get$pid(0x3, 0x0)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)

6.224608131s ago: executing program 5 (id=1613):
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x0, 0x7d8e39db, 0x100000001})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfc, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8, 0x4}, {0x0, 0x8}}}, 0xb8}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7206de90f6007009021200010000000009040000000202"], 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_cred(r2, 0x1, 0x47, 0x0, &(0x7f0000000080)=0x8)

6.132838897s ago: executing program 6 (id=1614):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x35, 0x0, @void}, 0x10)
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000), 0x0)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')

5.016617677s ago: executing program 6 (id=1615):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15)
write$binfmt_register(r0, 0x0, 0x0)
r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="2d63707561636374202b726c696d6974202d63707561637420db8abd5ff738fabd6e63557dd8d274934048e5a9c7fb0104e987e4ac3445fe5afb5076e54e21eb5dda11fdcf247165c195387879489d"], 0x1a)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socket$netlink(0x10, 0x3, 0x13)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[], 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0xcc, 0x2c, 0x107, 0x70bd2b, 0x25dfdbff, {0x6, 0x7c}, [@nested={0xb8, 0x3, 0x0, 0x1, [@generic="c3beb899adffc9c05eb8c1126ae35569f307076b0926b332d3469eb51c22e2ad08d45d9a15c8e07521442eb906e345d5f7f6c5826f5fcaef4b5dd7f7938088ef6434cca8de28558248719d15c75c1e7a98", @generic="6fbf19734b1cdba2c8622e21c82835e31a63b9eda6cd5afcf7d09d6c35db1f3455cea6e21829a8ff488d88ef4d77892be7211d9bbaa724fafb6253858450c6b156518155ecfa7e5d2f00a7394cab8c3dd121484859bc94b7a936aa", @typed={0x8, 0x65, 0x0, 0x0, @uid}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x10000004}, 0xc010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x133d, 0x0, 0x8, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f0000000000)={0xfe, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3b94, 0x0)

5.015412042s ago: executing program 1 (id=1616):
syz_usb_connect$cdc_ecm(0x5, 0x62, &(0x7f0000000cc0)=ANY=[@ANYBLOB="12011001020000082505a1a4400001020301090250000101031007090400860202060006052406000005240003000d240f0103000000090000000915247c0700a317a88b045e4f01a607c0ffcb7e392a09058202080000e500090503020004bcfe01"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xfffffffffffffff7}]}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x5}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELFLOWTABLE={0x80, 0x18, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_HOOK={0x24, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'netpci0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x174}}, 0x0)
r3 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4})
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r3, 0x40146f2c, &(0x7f0000000080)={0x6, 0x0, 0x2, 0x2})
syz_emit_ethernet(0x46, &(0x7f0000000140)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c6dd00", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x89, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x4100}}}}}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newlink={0x38, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x40083}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4840)
r4 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r4, 0x0, 0x0, 0x0, 0x1000)
creat(&(0x7f0000000000)='./file0\x00', 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r5 = socket(0x400000000010, 0x3, 0x0)
write(r5, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1, 0x10ffff, 0xfffffffd, 0x1})
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x24, 0x0, 0x0)

4.108534587s ago: executing program 0 (id=1617):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000980)="91f8a9849519def28691bbc4173c3d6f357d0272b7e95a136b3ffec75b73e6937b7b22a1319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000f2ffffff2e3591ceb1757de97fb25500620d0d30506e7429fa5337b74945da657f794d5b5bf89588e07b14a17f069912dc0c3f201bff8b9a687b85baa11244632642a9be7b42b6b5882b738f05eba73221490e2d5c17cf406be2796eec488a5b5268f507ee8d6f3dd1d64abc785708eb9bd24e352a984b2b1596d35ebe1d3443aa78fb40209dcfa4666bbcc6ca80810e4d7cf28a3ef8da37545132057476c8adc3906a07f6082bc4e4771b1f84d1eb323d4f9320e33ea3d4b4c1c259db0e63f82409d07fa54d3ecdfc9cd635c1bcd7a5efead4eb3486842c600b735d0ea4bdfbff591df5723404b9043715a99351687ea2ca68c86048744bc3165547844a0ace664c981c590e8d39a77910d49e847e4f2265fcf0e73005f8868f931102e648784f4769cbf326644e832eefe099a74de51042491bf8de98e0", 0x185}, {&(0x7f0000000b40)="4490137c227c56ee66c372f3105eb186dd8062fad2d5b5bfb0ba068e74a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9afda48e71255a747b6d03097305fb000040000609f02d34e76992c9df9fe6888c6c9a4825c62025af1dea54e527c68b0ff25000000002da79a78104c2d9e7b160a87b124945aa9ab7581ebd385fb61210c410d799168ffc4b64677af924affd442035db81e38000000000000", 0x9d}], 0x2}}, {{0x0, 0x0, &(0x7f00000002c0)}}], 0x2, 0x2090)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

3.971592182s ago: executing program 0 (id=1618):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = open(0x0, 0x0, 0x6c)
fcntl$notify(r0, 0x402, 0x5)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7b52, &(0x7f0000000000)={0x0, 0x3524, 0x20, 0x3, 0x201, 0x0, r0}, &(0x7f0000000140), &(0x7f00000000c0))
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1a}, @hci_ev_le_ext_adv_report={{}, {0x1, [{0x1a, 0x0, @none, 0x9, 0x9, 0xfb, 0x40, 0x1, 0x7, 0x2}]}}}}, 0x1d)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000001c0)=0x304008000)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)

3.885014251s ago: executing program 6 (id=1619):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000004", @ANYRES32, @ANYBLOB, @ANYBLOB], 0x50)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
recvmsg(0xffffffffffffffff, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in=@private=0xa010101, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

3.129847222s ago: executing program 0 (id=1620):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000200)={0xd13, 0x200, 0x4, 0xadeb, 0x7, "ea710000000000f9000000024200", 0x4000000, 0xfffffffb})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x2)
socket$netlink(0x10, 0x3, 0x10)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r3=>0xffffffffffffffff})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x6}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
setsockopt$sock_int(r4, 0x1, 0x24, &(0x7f0000000100)=0xa, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r4, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r5, 0x2afd, 0x308b, 0xc, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r3, 0xc018643a, &(0x7f0000000200)={0x10000000, 0x7, 0x4})
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1a00000009000000080e0000be0075e66b000000400000c35016e4337ca90902afde2da4fed838a2ddd573dc2cc544fb0dc4837dd2401c87c8b2c0580f"], 0x50)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adbaa402})
r9 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x40000102, 0x0)
write$tun(r8, &(0x7f0000000a40)=ANY=[@ANYBLOB="0a000000ffffffffffffaaaaaaaaaabb86dd6d002000001811ff00000000000000000000ffff00000000ff02001c6700000000000000000000014f194e200018907804000000180000000900000000000000"], 0x52)
r10 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
ioprio_get$pid(0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r10, 0x8001af85, &(0x7f00000001c0)={0x0, 0x1, 0x0, 0x0, 0x0})

3.112879809s ago: executing program 1 (id=1621):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x8000)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x20, 0x10, 0x401, 0x4000, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x49108}}, 0x20}}, 0x0)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f0000000080)=0x14)
syz_usb_connect$cdc_ncm(0x0, 0x6e, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket(0x0, 0x5, 0x3)
setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='port', &(0x7f00000002c0)='0', 0x0)
socket$nl_crypto(0x10, 0x3, 0x15)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r7=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r7, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
pipe2(&(0x7f0000001040)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r8, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
write$cgroup_subtree(r8, 0x0, 0x27)

2.952706903s ago: executing program 6 (id=1622):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000004", @ANYRES32, @ANYBLOB, @ANYBLOB], 0x50)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
recvmsg(0xffffffffffffffff, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in=@private=0xa010101, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

2.863707842s ago: executing program 5 (id=1623):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000004", @ANYRES32, @ANYBLOB, @ANYBLOB], 0x50)
gettid()
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000000900010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
recvmsg(0xffffffffffffffff, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in=@private=0xa010101, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x48000}, 0x0)

1.928396589s ago: executing program 6 (id=1624):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c0000040042800c0001800600060065580000100002800c00038008"], 0x34}, 0x1, 0x0, 0x0, 0x4008010}, 0x8000)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x86280, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, 0x0, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000b4d8ffff00000000000000008500000029000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8000000b70300000100000085000000730000009500"/96], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000001900)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x4010aeaa, &(0x7f00000000c0)={0xc89})
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = gettid()
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000001100000000000000000a3c000000120a01020000000000000000020000000900020073797a31000000000800044000000000090001007379"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x20, 0x13, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0xc085}, 0x40000c0)
timer_create(0x4, &(0x7f00000005c0)={0x0, 0x29, 0x800000000004, @tid=r3}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x40000, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5b5d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg1\x00'}]}, 0x50}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioprio_get$pid(0x3, 0x0)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)

1.923309956s ago: executing program 5 (id=1625):
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x2)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x51582b7d7fa95902)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000100), 0x12)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f00000000c0)=[0x0, 0xee00])
ioctl$I2C_RDWR(r3, 0x707, &(0x7f0000002580)={&(0x7f00000002c0)=[{0x50, 0x1801, 0x0, 0x0}, {0x7, 0x4221, 0x0, 0x0}], 0x2})

1.806864178s ago: executing program 3 (id=1626):
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)={0x0, 0x3})
socket$caif_stream(0x25, 0x1, 0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)

1.743958477s ago: executing program 3 (id=1627):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4)
write(r0, &(0x7f0000000000)="2700000015000707030e0000120f0a0111000100f5a1fadc9d150625b6e3e05660fe0012ff0000", 0x27)

1.742288005s ago: executing program 0 (id=1628):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f903", 0x11}], 0x1}, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
arch_prctl$ARCH_GET_XCOMP_PERM(0x1022, &(0x7f00000000c0))
writev(r3, &(0x7f0000000100)=[{&(0x7f0000000180)="a1", 0x1}], 0x1)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xc, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0xd, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@perf_event={0xfffffffffffffff9}}, 0x18)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r5], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="70080945fe20020704000000"], 0xc)
write$nci(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)

1.543632953s ago: executing program 3 (id=1629):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x101e01, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x15)
write$binfmt_register(r0, 0x0, 0x0)
r1 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="2d63707561636374202b726c696d6974202d63707561637420db8abd5ff738fabd6e63557dd8d274934048e5a9c7fb0104e987e4ac3445fe5afb5076e54e21eb5dda11fdcf247165c195387879489d"], 0x1a)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socket$netlink(0x10, 0x3, 0x13)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a40)=ANY=[], 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0xcc, 0x2c, 0x107, 0x70bd2b, 0x25dfdbff, {0x6, 0x7c}, [@nested={0xb8, 0x3, 0x0, 0x1, [@generic="c3beb899adffc9c05eb8c1126ae35569f307076b0926b332d3469eb51c22e2ad08d45d9a15c8e07521442eb906e345d5f7f6c5826f5fcaef4b5dd7f7938088ef6434cca8de28558248719d15c75c1e7a98", @generic="6fbf19734b1cdba2c8622e21c82835e31a63b9eda6cd5afcf7d09d6c35db1f3455cea6e21829a8ff488d88ef4d77892be7211d9bbaa724fafb6253858450c6b156518155ecfa7e5d2f00a7394cab8c3dd121484859bc94b7a936aa", @typed={0x8, 0x65, 0x0, 0x0, @uid}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x10000004}, 0xc010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x28002)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000100)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x133d, 0x0, 0x8, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r4, 0x18, &(0x7f0000000000)={0xfe, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3b94, 0x0)

748.089002ms ago: executing program 6 (id=1630):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = open(0x0, 0x0, 0x6c)
fcntl$notify(r0, 0x402, 0x5)
preadv(r0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x7b52, &(0x7f0000000000)={0x0, 0x3524, 0x20, 0x3, 0x201, 0x0, r0}, &(0x7f0000000140), &(0x7f00000000c0))
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1a}, @hci_ev_le_ext_adv_report={{}, {0x1, [{0x1a, 0x0, @none, 0x9, 0x9, 0xfb, 0x40, 0x1, 0x7, 0x2}]}}}}, 0x1d)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000001c0)=0x304008000)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)

131.179382ms ago: executing program 5 (id=1631):
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000001140)='hugetlbfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
fchdir(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r6, 0xd1bd17c4b9ef5e5b, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x90)
fcntl$getown(r5, 0x9)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
preadv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000080)=""/44, 0x2c}], 0x1, 0x3f, 0x6a76)
shutdown(r7, 0x0)
r8 = syz_open_dev$vivid(&(0x7f0000000040), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_CROP(r8, 0xc038563b, &(0x7f0000000080)={0x1, 0x0, {0x8a, 0x80000000, 0x4, 0x1ff}})
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000003c0)=@sack_info={0x0, 0x1, 0x1}, 0xc)

0s ago: executing program 1 (id=1632):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0xffffffff7ffffffd, 0x160862)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4)
sendmsg$unix(r2, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r7 = syz_io_uring_setup(0x1110, &(0x7f0000000240)={0x0, 0xdb9c, 0x800, 0x10000000, 0x4}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r6, 0xa289c37, 0x0, 0x40000})
io_uring_enter(r7, 0x47f6, 0x0, 0x20, 0x0, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r10, &(0x7f0000000080)={0xa, 0x0, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @local}, 0x4}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r10, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r10, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x303, 0x39}, '\x00\x00\x00\x00\x00\x00\x00@', "0bf70000000000000000061000000001", "00000004", "ba0200"}, 0x28)
r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82800, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r11, 0x0, {0x0, 0x0, 0x0, 0x4, 0x4000000000000ffd, 0x0, 0x0, 0x1d, 0xc, "faf98357e5a1149989fc8dbec3bd02b82a128bbad0099cebdc25f5abb534464c516bdd8a0f3500", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "715237641a8ccf162e43ac61f700000000009b4100", [0x9, 0xa]}})
ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x7)

kernel console output (not intermixed with test programs):

 0x8C has invalid wMaxPacketSize 0
[  350.597914][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  350.612427][    T9] uvcvideo 2-1:220.0: probe with driver uvcvideo failed with error -22
[  350.626982][ T5855] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  350.636600][ T5913] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  350.636810][    T9] usb 2-1: USB disconnect, device number 29
[  350.654679][ T5855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.663484][ T5855] usb 3-1: Product: syz
[  350.667888][ T5855] usb 3-1: Manufacturer: syz
[  350.674431][ T5855] usb 3-1: SerialNumber: syz
[  350.676890][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  350.687895][ T5913] usb 1-1: Product: syz
[  350.690322][ T5855] usb 3-1: config 0 descriptor??
[  350.710538][ T5855] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  350.721706][ T5913] usb 1-1: SerialNumber: syz
[  350.745114][ T5855] em28xx 3-1:0.132: Video interface 132 found:
[  350.751512][ T5913] usb 1-1: config 0 descriptor??
[  350.770007][ T5913] xbox_remote_probe: Unexpected endpoint_in
[  351.107994][ T5855] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[  351.179649][ T5855] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  351.190058][ T5855] em28xx 3-1:0.132: board has no eeprom
[  351.271103][ T5855] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  351.280602][ T5855] em28xx 3-1:0.132: analog set to bulk mode.
[  351.288041][    T9] em28xx 3-1:0.132: Registering V4L2 extension
[  351.309737][ T5855] usb 3-1: USB disconnect, device number 44
[  351.360898][ T5855] em28xx 3-1:0.132: Disconnecting em28xx
[  351.525383][    T9] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[  351.533945][    T9] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  351.542394][    T9] em28xx 3-1:0.132: No AC97 audio processor
[  351.556061][    T9] usb 3-1: Decoder not found
[  351.560884][    T9] em28xx 3-1:0.132: failed to create media graph
[  351.568324][    T9] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  351.579726][    T9] em28xx 3-1:0.132: Remote control support is not available for this card.
[  351.588845][ T5855] em28xx 3-1:0.132: Closing input extension
[  351.612963][ T5855] em28xx 3-1:0.132: Freeing device
[  351.701162][ T5913] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  351.885287][ T5913] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  351.895972][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.905687][ T5913] usb 4-1: Product: syz
[  351.945856][ T5913] usb 4-1: Manufacturer: syz
[  351.955139][ T5913] usb 4-1: SerialNumber: syz
[  351.968897][ T5913] usb 4-1: config 0 descriptor??
[  352.193782][ T9922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  352.203807][ T9922] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.223237][ T5913] airspy 4-1:0.0: usb_control_msg() failed -71 request 09
[  352.237793][ T5913] airspy 4-1:0.0: Could not detect board
[  352.244722][ T5913] airspy 4-1:0.0: probe with driver airspy failed with error -71
[  352.256510][ T5913] usb 4-1: USB disconnect, device number 28
[  352.565766][ T5913] usb 1-1: USB disconnect, device number 32
[  353.001193][ T5913] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  353.352423][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  353.366333][ T5913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.376738][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  353.388453][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  353.402755][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  353.430310][ T5913] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  353.451351][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  353.461046][ T5913] usb 1-1: Product: syz
[  353.467566][ T5913] usb 1-1: SerialNumber: syz
[  353.482697][ T5913] usb 1-1: config 0 descriptor??
[  353.562719][ T5913] rc_core: IR keymap rc-xbox-dvd not found
[  353.571045][ T5913] Registered IR keymap rc-empty
[  353.585827][ T5913] rc rc0: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  353.602892][ T5913] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input52
[  355.219901][ T5855] usb 1-1: USB disconnect, device number 33
[  355.220052][    C1] xbox_remote 1-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[  355.245134][ T9963] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1065'.
[  355.548398][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  355.548409][   T29] audit: type=1400 audit(1771591964.086:770): avc:  denied  { execute } for  pid=9962 comm="syz.3.1065" path="/dev/audio1" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  355.646077][   T29] audit: type=1400 audit(1771591964.186:771): avc:  denied  { getopt } for  pid=9962 comm="syz.3.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  356.005166][ T9971] input: syz1 as /devices/virtual/input/input53
[  356.086942][ T9974] vcan0: tx drop: invalid da for name 0x0000000000000002
[  356.105771][ T9975] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  356.105771][ T9975] The task syz.0.1068 (9975) triggered the difference, watch for misbehavior.
[  356.199009][ T9979] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  356.334834][ T9982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1069'.
[  358.956391][T10007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1076'.
[  359.072505][T10012] input: syz1 as /devices/virtual/input/input54
[  359.199729][T10017] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1080'.
[  359.371129][    T9] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  359.532542][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  359.542786][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[  359.551780][    T9] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  359.560833][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.570327][    T9] usb 1-1: config 0 descriptor??
[  359.780512][    T9] Bluetooth: Can't get state to change to load ram patch err
[  359.790021][    T9] Bluetooth: Loading patch file failed
[  359.795623][    T9] ath3k 1-1:0.0: probe with driver ath3k failed with error -121
[  359.830427][T10023] netlink: 'syz.1.1082': attribute type 1 has an invalid length.
[  359.839536][T10023] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1082'.
[  361.950816][T10028] syz_tun: refused to change device tx_queue_len
[  361.969640][T10028] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  362.004341][T10028] syz_tun: refused to change device tx_queue_len
[  362.010790][T10028] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  362.110758][T10036] fuse: Bad value for 'group_id'
[  362.117314][T10036] fuse: Bad value for 'group_id'
[  362.941077][ T5913] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  362.974195][ T5855] usb 1-1: USB disconnect, device number 34
[  363.127037][T10055] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1089'.
[  363.173090][ T5913] usb 2-1: Using ep0 maxpacket: 16
[  363.193345][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  363.229600][ T5913] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  363.284797][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.334667][ T5913] usb 2-1: Product: syz
[  363.343970][ T5913] usb 2-1: Manufacturer: syz
[  363.351955][ T5913] usb 2-1: SerialNumber: syz
[  363.450474][ T5913] usb 2-1: config 0 descriptor??
[  364.051233][ T5913] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  364.074642][ T5913] em28xx 2-1:0.0: DVB interface 0 found: isoc
[  364.447754][T10069] openvswitch: netlink: Flow actions attr not present in new flow.
[  365.372264][T10081] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  365.481984][ T5913] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  365.806912][ T5913] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  365.836384][ T5913] em28xx 2-1:0.0: board has no eeprom
[  365.931063][ T5913] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  365.962620][ T5913] em28xx 2-1:0.0: dvb set to isoc mode.
[  365.968295][   T24] em28xx 2-1:0.0: Binding DVB extension
[  366.025835][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  366.037214][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  366.049907][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  366.058751][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  366.066796][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  366.113595][ T5806] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  366.121120][ T5806] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  366.129776][ T5806] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  366.152032][ T5806] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  366.161730][ T5806] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  366.826006][T10103] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.1103'.
[  367.625370][T10085] chnl_net:caif_netlink_parms(): no params data found
[  367.631273][   T24] em28xx 2-1:0.0: Registering input extension
[  367.811296][T10085] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.818604][T10085] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.827241][T10085] bridge_slave_0: entered allmulticast mode
[  367.837506][T10085] bridge_slave_0: entered promiscuous mode
[  367.848281][T10085] bridge0: port 2(bridge_slave_1) entered blocking state
[  368.808010][ T5817] Bluetooth: hci5: command tx timeout
[  368.897643][T10129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=21283 sclass=netlink_route_socket pid=10129 comm=syz.2.1107
[  368.901150][T10085] bridge0: port 2(bridge_slave_1) entered disabled state
[  368.935950][T10085] bridge_slave_1: entered allmulticast mode
[  368.950461][T10085] bridge_slave_1: entered promiscuous mode
[  369.121126][ T6658] block nbd0: Possible stuck request ffff888027b60000: control (read@0,1024B). Runtime 90 seconds
[  369.141442][   T24] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  369.149269][ T6658] block nbd0: Possible stuck request ffff888027b60200: control (read@1024,1024B). Runtime 90 seconds
[  369.160181][ T6658] block nbd0: Possible stuck request ffff888027b60400: control (read@2048,1024B). Runtime 90 seconds
[  369.171154][ T6658] block nbd0: Possible stuck request ffff888027b60600: control (read@3072,1024B). Runtime 90 seconds
[  369.194658][T10085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  369.368516][ T5855] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  369.374718][   T24] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  369.450525][T10085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  369.480378][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.498878][ T5913] usb 2-1: USB disconnect, device number 30
[  369.512012][   T24] usb 1-1: Product: syz
[  369.519570][ T5913] em28xx 2-1:0.0: Disconnecting em28xx
[  369.539142][   T24] usb 1-1: Manufacturer: syz
[  369.545655][ T5913] em28xx 2-1:0.0: Closing input extension
[  369.552193][T10085] team0: Port device team_slave_0 added
[  369.561095][   T24] usb 1-1: SerialNumber: syz
[  369.577152][T10085] team0: Port device team_slave_1 added
[  369.603748][ T5855] usb 4-1: config 0 has an invalid interface number: 11 but max is 0
[  369.604856][   T24] usb 1-1: config 0 descriptor??
[  369.618610][ T5855] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.632133][ T5913] em28xx 2-1:0.0: Freeing device
[  369.659911][ T5855] usb 4-1: config 0 has no interface number 0
[  369.672104][ T5855] usb 4-1: config 0 interface 11 altsetting 253 endpoint 0x7 has an invalid bInterval 0, changing to 10
[  369.673858][   T24] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  369.702829][T10085] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.709861][T10085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  369.711927][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  369.746353][ T5855] usb 4-1: config 0 interface 11 altsetting 253 endpoint 0x7 has invalid wMaxPacketSize 0
[  369.753378][   T24] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  369.766162][   T24] usb 1-1: media controller created
[  369.775287][ T5855] usb 4-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  369.783728][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  369.803258][ T5855] usb 4-1: config 0 interface 11 has no altsetting 0
[  369.834823][T10085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.864855][T10125] dvb-usb: bulk message failed: -22 (7/0)
[  369.885226][ T5855] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  370.098659][T10085] batman_adv: batadv0: Adding interface: batadv_slave_1
[  370.107809][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.123093][T10085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  370.152810][   T24] DVB: Unable to find symbol mt352_attach()
[  370.153329][ T5855] usb 4-1: config 0 descriptor??
[  370.167850][T10085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  370.180221][ T5855] keyspan 4-1:0.11: Keyspan 2 port adapter converter detected
[  370.197620][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 87
[  370.244195][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 81
[  370.249758][   T24] DVB: Unable to find symbol nxt6000_attach()
[  370.263721][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 82
[  370.273329][   T24] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  370.285364][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 1
[  370.307664][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 2
[  370.316367][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input56
[  370.322486][T10085] hsr_slave_0: entered promiscuous mode
[  370.334132][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 85
[  370.342460][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 5
[  370.350956][T10085] hsr_slave_1: entered promiscuous mode
[  370.377176][T10085] debugfs: 'hsr0' already exists in 'hsr'
[  370.380691][   T24] dvb-usb: schedule remote query interval to 1000 msecs.
[  370.392341][T10085] Cannot create hsr debugfs directory
[  370.416029][ T5855] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  370.418309][   T29] audit: type=1400 audit(1771591978.946:772): avc:  denied  { ioctl } for  pid=10142 comm="syz.2.1113" path="pid:[4026532798]" dev="nsfs" ino=4026532798 ioctlcmd=0xb702 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  370.434959][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 83
[  370.459530][   T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  370.469745][   T24] dvb-usb: bulk message failed: -22 (7/0)
[  370.482511][   T24] dvb-usb: bulk message failed: -22 (7/0)
[  370.546024][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 84
[  370.555496][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 3
[  370.568417][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 4
[  370.623002][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 86
[  370.643380][ T5855] keyspan 4-1:0.11: found no endpoint descriptor for endpoint 6
[  370.862415][ T5855] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  370.881164][ T5817] Bluetooth: hci5: command 0x041b tx timeout
[  370.986659][  T969] usb 1-1: USB disconnect, device number 35
[  371.037049][  T969] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  372.726756][ T5855] usb 4-1: USB disconnect, device number 29
[  372.752905][ T5855] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  372.814331][ T5855] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  372.861384][T10170] CUSE: unknown device info ""
[  372.866260][T10170] CUSE: unknown device info ""
[  372.875786][T10170] CUSE: unknown device info ""
[  372.880680][T10170] CUSE: unknown device info ""
[  372.886608][T10170] CUSE: unknown device info "�"
[  372.891898][T10170] CUSE: unknown device info ""
[  372.897934][ T5855] keyspan 4-1:0.11: device disconnected
[  372.899543][T10170] CUSE: unknown device info ""
[  372.934261][T10170] CUSE: unknown device info "�"
[  372.940870][T10170] CUSE: DEVNAME unspecified
[  372.950464][T10085] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  372.962841][ T5817] Bluetooth: hci5: command 0x041b tx timeout
[  373.084707][T10085] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  373.144918][T10085] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  373.163245][T10085] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  374.090106][T10189] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1123'.
[  375.041025][ T5817] Bluetooth: hci5: command 0x041b tx timeout
[  375.079266][T10085] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.187201][T10085] 8021q: adding VLAN 0 to HW filter on device team0
[  375.252125][ T6661] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.259295][ T6661] bridge0: port 1(bridge_slave_0) entered forwarding state
[  375.432684][   T29] audit: type=1400 audit(1771591983.926:773): avc:  denied  { append } for  pid=10199 comm="syz.2.1127" name="frontend0" dev="devtmpfs" ino=928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  375.440932][ T6661] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.463236][ T6661] bridge0: port 2(bridge_slave_1) entered forwarding state
[  375.489812][T10204] affs: No valid root block on device nullb0
[  375.847328][T10085] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  375.878485][T10085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  375.923696][   T29] audit: type=1400 audit(1771591984.466:774): avc:  denied  { write } for  pid=10209 comm="syz.0.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  376.765651][   T29] audit: type=1326 audit(1771591984.926:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10214 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700459c629 code=0x7ffc0000
[  376.814378][   T29] audit: type=1326 audit(1771591984.926:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10214 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f700459c629 code=0x7ffc0000
[  376.903186][   T29] audit: type=1326 audit(1771591984.926:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10214 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700459c629 code=0x7ffc0000
[  376.927168][   T29] audit: type=1326 audit(1771591984.926:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10214 comm="syz.1.1131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700459c629 code=0x7ffc0000
[  377.047298][T10225] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1133'.
[  377.121311][ T5817] Bluetooth: hci5: command 0x041b tx timeout
[  377.326312][T10085] 8021q: adding VLAN 0 to HW filter on device batadv0
[  377.745992][    T9] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[  378.083542][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  378.089884][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  378.237021][    T9] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  378.256799][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.305305][    T9] usb 1-1: Product: syz
[  378.309500][    T9] usb 1-1: Manufacturer: syz
[  378.324031][    T9] usb 1-1: SerialNumber: syz
[  378.349527][    T9] usb 1-1: config 0 descriptor??
[  378.362431][T10255] wg1: entered promiscuous mode
[  378.367319][T10255] wg1: entered allmulticast mode
[  378.464983][T10085] veth0_vlan: entered promiscuous mode
[  378.489960][T10085] veth1_vlan: entered promiscuous mode
[  378.501091][  T969] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  378.527084][T10259] openvswitch: netlink: Flow actions attr not present in new flow.
[  378.596234][T10242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.608551][   T29] audit: type=1400 audit(1771591987.146:779): avc:  denied  { write } for  pid=10258 comm="syz.1.1142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  378.635666][T10261] ieee802154 phy0 wpan0: encryption failed: -22
[  378.713895][  T969] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  378.874662][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.902548][T10242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.919334][T10085] veth0_macvtap: entered promiscuous mode
[  378.925218][  T969] usb 4-1: Product: syz
[  378.936548][  T969] usb 4-1: Manufacturer: syz
[  378.953364][T10085] veth1_macvtap: entered promiscuous mode
[  378.959141][  T969] usb 4-1: SerialNumber: syz
[  378.985614][  T969] usb 4-1: config 0 descriptor??
[  379.011944][  T969] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  379.027835][T10085] batman_adv: batadv0: Interface activated: batadv_slave_0
[  379.065216][  T969] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  379.076342][T10085] batman_adv: batadv0: Interface activated: batadv_slave_1
[  379.106931][  T969] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  379.123932][ T6661] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  379.140781][  T969] usb 4-1: media controller created
[  379.172034][    T9] airspy 1-1:0.0: usb_control_msg() failed -71 request 09
[  379.192803][ T6661] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  379.208092][T10250] dvb-usb: bulk message failed: -22 (7/0)
[  379.220067][    T9] airspy 1-1:0.0: Could not detect board
[  379.240490][ T6661] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  379.249946][    T9] airspy 1-1:0.0: probe with driver airspy failed with error -71
[  379.266932][    T9] usb 1-1: USB disconnect, device number 36
[  379.288880][ T6661] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  379.289290][  T969] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  379.360015][T10268] netlink: 'syz.2.1144': attribute type 3 has an invalid length.
[  379.390562][T10268] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1144'.
[  379.536385][T10272] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1145'.
[  379.549064][  T969] DVB: Unable to find symbol mt352_attach()
[  379.609064][ T6661] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.618049][  T969] DVB: Unable to find symbol nxt6000_attach()
[  379.640621][  T969] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  379.650323][ T6661] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.680685][  T969] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input57
[  379.740193][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  379.743030][  T969] dvb-usb: schedule remote query interval to 1000 msecs.
[  379.770628][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  379.795702][  T969] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  379.820622][   T29] audit: type=1400 audit(1771591988.356:780): avc:  denied  { mounton } for  pid=10085 comm="syz-executor" path="/root/syzkaller.tkJOyZ/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  379.872991][  T969] dvb-usb: bulk message failed: -22 (7/0)
[  379.899118][  T969] dvb-usb: bulk message failed: -22 (7/0)
[  379.998374][   T29] audit: type=1400 audit(1771591988.396:781): avc:  denied  { mounton } for  pid=10085 comm="syz-executor" path="/root/syzkaller.tkJOyZ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  380.043937][   T29] audit: type=1400 audit(1771591988.396:782): avc:  denied  { mounton } for  pid=10085 comm="syz-executor" path="/root/syzkaller.tkJOyZ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=26619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  380.105519][T10292] FAULT_INJECTION: forcing a failure.
[  380.105519][T10292] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  380.191986][T10292] CPU: 1 UID: 0 PID: 10292 Comm: syz.5.1097 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  380.192016][T10292] Tainted: [L]=SOFTLOCKUP
[  380.192022][T10292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  380.192032][T10292] Call Trace:
[  380.192038][T10292]  <TASK>
[  380.192045][T10292]  dump_stack_lvl+0x100/0x190
[  380.192088][T10292]  should_fail_ex.cold+0x5/0xa
[  380.192114][T10292]  _copy_to_user+0x32/0xd0
[  380.192140][T10292]  simple_read_from_buffer+0xcb/0x170
[  380.192170][T10292]  proc_fail_nth_read+0x1af/0x230
[  380.192194][T10292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  380.192234][T10292]  ? rw_verify_area+0xce/0x6d0
[  380.192255][T10292]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  380.192277][T10292]  vfs_read+0x1e4/0xb30
[  380.192303][T10292]  ? __pfx_vfs_read+0x10/0x10
[  380.192327][T10292]  ? __fget_files+0x215/0x3d0
[  380.192348][T10292]  ? __fget_files+0x21f/0x3d0
[  380.192372][T10292]  ksys_read+0x12a/0x250
[  380.192396][T10292]  ? __pfx_ksys_read+0x10/0x10
[  380.192427][T10292]  do_syscall_64+0x106/0xf80
[  380.192444][T10292]  ? clear_bhb_loop+0x40/0x90
[  380.192466][T10292]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.192490][T10292] RIP: 0033:0x7f5cfc75cece
[  380.192505][T10292] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  380.192522][T10292] RSP: 002b:00007f5cfd6cffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  380.192540][T10292] RAX: ffffffffffffffda RBX: 00007f5cfd6d06c0 RCX: 00007f5cfc75cece
[  380.192551][T10292] RDX: 000000000000000f RSI: 00007f5cfd6d00a0 RDI: 0000000000000013
[  380.192561][T10292] RBP: 00007f5cfd6d0090 R08: 0000000000000000 R09: 0000000000000000
[  380.192572][T10292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.192582][T10292] R13: 00007f5cfca16038 R14: 00007f5cfca15fa0 R15: 00007ffef01c4378
[  380.192607][T10292]  </TASK>
[  380.518772][T10294] 9pnet_virtio: no channels available for device ./bus
[  380.579426][T10297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1151'.
[  380.731582][ T5855] usb 4-1: USB disconnect, device number 30
[  381.982426][ T5855] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  382.349974][T10310] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'.
[  382.817766][T10312] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10312 comm=syz.5.1155
[  384.145195][T10340] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1164'.
[  384.201568][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  384.201584][   T29] audit: type=1400 audit(1771591992.676:784): avc:  denied  { getopt } for  pid=10337 comm="syz.2.1164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  384.331112][ T5913] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  384.501064][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  384.515613][ T5913] usb 4-1: config 1 interface 0 altsetting 134 bulk endpoint 0x82 has invalid maxpacket 8
[  384.526493][ T5913] usb 4-1: config 1 interface 0 altsetting 134 bulk endpoint 0x3 has invalid maxpacket 1024
[  384.575530][ T5913] usb 4-1: config 1 interface 0 has no altsetting 0
[  384.608655][ T5913] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  384.637444][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.660577][ T5913] usb 4-1: Product: syz
[  384.673060][ T5913] usb 4-1: Manufacturer: syz
[  384.688387][ T5913] usb 4-1: SerialNumber: syz
[  384.714345][T10339] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  384.742889][T10339] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  384.817235][T10346] openvswitch: netlink: Flow actions attr not present in new flow.
[  385.598140][ T5913] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  385.772996][ T5913] usb 4-1: USB disconnect, device number 31
[  385.783888][T10359] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1171'.
[  386.111097][ T5913] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  386.389421][ T5913] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  386.434887][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.471663][ T5913] usb 6-1: Product: syz
[  386.494692][ T5913] usb 6-1: Manufacturer: syz
[  386.536870][ T5913] usb 6-1: SerialNumber: syz
[  386.592081][ T5913] usb 6-1: config 0 descriptor??
[  386.628314][ T5913] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  386.832535][ T5913] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  386.859725][ T5913] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  386.869236][ T5913] usb 6-1: media controller created
[  386.885564][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  387.100310][ T5913] DVB: Unable to find symbol mt352_attach()
[  387.152358][T10378] trusted_key: syz.3.1175 sent an empty control message without MSG_MORE.
[  387.307755][ T5913] DVB: Unable to find symbol nxt6000_attach()
[  387.329481][ T5913] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  387.378365][ T5913] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input58
[  387.466128][ T5913] dvb-usb: schedule remote query interval to 1000 msecs.
[  387.491248][ T5913] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  387.535637][ T5913] dvb-usb: bulk message failed: -22 (7/0)
[  387.551106][ T5913] dvb-usb: bulk message failed: -22 (7/0)
[  388.573287][ T5913] dvb-usb: bulk message failed: -22 (7/0)
[  388.579030][ T5913] dvb-usb: error while querying for an remote control event.
[  388.589338][ T5801] usb 6-1: USB disconnect, device number 2
[  388.871677][ T5801] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  389.431362][ T5913] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  389.548424][T10397] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1182'.
[  389.618570][  T969] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  389.627762][ T5913] usb 4-1: too many configurations: 212, using maximum allowed: 8
[  389.667003][ T5913] usb 4-1: config index 0 descriptor too short (expected 65110, got 72)
[  389.685065][ T5913] usb 4-1: config index 1 descriptor too short (expected 65110, got 72)
[  389.694833][ T5913] usb 4-1: config index 2 descriptor too short (expected 65110, got 72)
[  389.705404][ T5913] usb 4-1: config index 3 descriptor too short (expected 65110, got 72)
[  389.715409][ T5913] usb 4-1: config index 4 descriptor too short (expected 65110, got 72)
[  389.729180][ T5913] usb 4-1: config index 5 descriptor too short (expected 65110, got 72)
[  389.749353][ T5913] usb 4-1: config index 6 descriptor too short (expected 65110, got 72)
[  389.759493][ T5913] usb 4-1: config index 7 descriptor too short (expected 65110, got 72)
[  389.780369][ T5913] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  389.789737][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.799438][ T5913] usb 4-1: Product: syz
[  389.805793][  T969] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  389.817178][  T969] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  389.831581][ T5913] usb 4-1: Manufacturer: syz
[  389.837270][ T5913] usb 4-1: SerialNumber: syz
[  389.843252][  T969] usb 3-1: New USB device found, idVendor=11ff, idProduct=3331, bcdDevice= 0.00
[  389.871708][ T5913] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  389.882404][  T969] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.895104][   T47] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  389.955649][  T969] usb 3-1: config 0 descriptor??
[  390.183472][T10409] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1179'.
[  390.261186][ T5913] usb 4-1: USB disconnect, device number 32
[  390.361912][T10412] netlink: 190972 bytes leftover after parsing attributes in process `syz.5.1186'.
[  390.387254][  T969] gembird 0003:11FF:3331.0007: item fetching failed at offset 2/5
[  390.396935][  T969] gembird 0003:11FF:3331.0007: probe with driver gembird failed with error -22
[  390.668080][ T5801] usb 3-1: USB disconnect, device number 45
[  391.288508][   T47] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  391.316556][   T47] ath9k_htc: Failed to initialize the device
[  391.337873][ T5913] usb 4-1: ath9k_htc: USB layer deinitialized
[  391.368225][T10424] openvswitch: netlink: Flow actions attr not present in new flow.
[  391.701083][ T5801] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  391.784546][   T29] audit: type=1400 audit(1771592000.326:785): avc:  denied  { setopt } for  pid=10427 comm="syz.2.1190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  392.038212][ T5801] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  392.061907][ T5801] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.087797][ T5801] usb 1-1: Product: syz
[  392.101019][ T5801] usb 1-1: Manufacturer: syz
[  392.123103][ T5801] usb 1-1: SerialNumber: syz
[  392.158273][ T5801] usb 1-1: config 0 descriptor??
[  392.187042][ T5801] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  392.237443][ T5801] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  392.266056][ T5801] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  392.286309][ T5801] usb 1-1: media controller created
[  392.315364][ T5801] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  392.396004][T10421] dvb-usb: bulk message failed: -22 (7/0)
[  392.439065][ T5801] DVB: Unable to find symbol mt352_attach()
[  392.475042][ T5801] DVB: Unable to find symbol nxt6000_attach()
[  392.481376][ T5801] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  392.496550][ T5801] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input59
[  392.509140][ T5801] dvb-usb: schedule remote query interval to 1000 msecs.
[  392.517319][ T5801] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  392.545986][ T5801] dvb-usb: bulk message failed: -22 (7/0)
[  392.558990][ T5801] dvb-usb: bulk message failed: -22 (7/0)
[  392.742642][T10437] netlink: 'syz.5.1192': attribute type 10 has an invalid length.
[  392.858552][T10449] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  392.912769][T10437] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1192'.
[  393.376673][T10451] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  393.382129][T10453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1196'.
[  393.418952][T10437] openvswitch: netlink: Flow key attr not present in new flow.
[  393.478857][T10457] wg1: entered promiscuous mode
[  393.483876][T10457] wg1: entered allmulticast mode
[  393.521330][ T5855] dvb-usb: bulk message failed: -22 (7/0)
[  393.527162][ T5855] dvb-usb: error while querying for an remote control event.
[  393.665556][   T24] usb 1-1: USB disconnect, device number 37
[  393.819977][   T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  394.041792][T10467] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1199'.
[  395.195607][T10490] FAULT_INJECTION: forcing a failure.
[  395.195607][T10490] name failslab, interval 1, probability 0, space 0, times 0
[  395.222693][T10490] CPU: 0 UID: 0 PID: 10490 Comm: syz.0.1208 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  395.222723][T10490] Tainted: [L]=SOFTLOCKUP
[  395.222729][T10490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  395.222739][T10490] Call Trace:
[  395.222745][T10490]  <TASK>
[  395.222751][T10490]  dump_stack_lvl+0x100/0x190
[  395.222784][T10490]  should_fail_ex.cold+0x5/0xa
[  395.222806][T10490]  ? tomoyo_encode2+0xfb/0x3c0
[  395.222828][T10490]  should_failslab+0xc2/0x120
[  395.222855][T10490]  __kmalloc_noprof+0xe0/0x850
[  395.222876][T10490]  ? d_absolute_path+0x136/0x1b0
[  395.222905][T10490]  tomoyo_encode2+0xfb/0x3c0
[  395.222928][T10490]  tomoyo_encode+0x29/0x50
[  395.222946][T10490]  tomoyo_realpath_from_path+0x18c/0x690
[  395.222972][T10490]  tomoyo_path_number_perm+0x23c/0x580
[  395.222999][T10490]  ? tomoyo_path_number_perm+0x22e/0x580
[  395.223028][T10490]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  395.223080][T10490]  ? find_held_lock+0x2b/0x80
[  395.223101][T10490]  ? __fget_files+0x215/0x3d0
[  395.223116][T10490]  ? hook_file_ioctl_common+0x146/0x410
[  395.223144][T10490]  ? __fget_files+0x21f/0x3d0
[  395.223162][T10490]  security_file_ioctl+0xd3/0x230
[  395.223182][T10490]  __x64_sys_ioctl+0xb7/0x210
[  395.223208][T10490]  do_syscall_64+0x106/0xf80
[  395.223224][T10490]  ? clear_bhb_loop+0x40/0x90
[  395.223246][T10490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.223263][T10490] RIP: 0033:0x7fcb6b99c629
[  395.223278][T10490] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  395.223294][T10490] RSP: 002b:00007fcb69bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  395.223310][T10490] RAX: ffffffffffffffda RBX: 00007fcb6bc15fa0 RCX: 00007fcb6b99c629
[  395.223321][T10490] RDX: 0000000000000000 RSI: 0000000000004610 RDI: 0000000000000003
[  395.223331][T10490] RBP: 00007fcb69bf6090 R08: 0000000000000000 R09: 0000000000000000
[  395.223340][T10490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.223349][T10490] R13: 00007fcb6bc16038 R14: 00007fcb6bc15fa0 R15: 00007ffe29d87d18
[  395.223374][T10490]  </TASK>
[  395.223481][T10490] ERROR: Out of memory at tomoyo_realpath_from_path.
[  395.528589][T10492] netlink: 'syz.0.1209': attribute type 3 has an invalid length.
[  395.537917][T10492] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1209'.
[  396.181215][ T5855] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  396.434327][ T5855] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  396.451934][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.470766][ T5855] usb 4-1: Product: syz
[  396.485174][ T5855] usb 4-1: Manufacturer: syz
[  396.495272][ T5855] usb 4-1: SerialNumber: syz
[  396.508667][ T5855] usb 4-1: config 0 descriptor??
[  396.523341][ T5855] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  396.545616][ T5855] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  396.569996][ T5855] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  396.598601][ T5855] usb 4-1: media controller created
[  396.646957][ T5855] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  396.725320][T10500] dvb-usb: bulk message failed: -22 (7/0)
[  396.756579][ T5855] DVB: Unable to find symbol mt352_attach()
[  396.898999][ T5855] DVB: Unable to find symbol nxt6000_attach()
[  396.905335][ T5855] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  396.918763][ T5855] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input60
[  396.933516][ T5855] dvb-usb: schedule remote query interval to 1000 msecs.
[  396.941381][ T5855] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  396.951822][ T5855] dvb-usb: bulk message failed: -22 (7/0)
[  396.957699][ T5855] dvb-usb: bulk message failed: -22 (7/0)
[  397.734375][T10528] tipc: Started in network mode
[  397.794828][T10528] tipc: Node identity da29344b1faa, cluster identity 4711
[  397.821213][T10528] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  397.843609][T10531] syzkaller0: entered promiscuous mode
[  397.863751][T10531] syzkaller0: entered allmulticast mode
[  397.923088][T10528] tipc: Resetting bearer <eth:syzkaller0>
[  397.947486][T10526] tipc: Resetting bearer <eth:syzkaller0>
[  397.984754][T10526] tipc: Disabling bearer <eth:syzkaller0>
[  398.001217][ T5855] dvb-usb: bulk message failed: -22 (7/0)
[  398.021801][ T5855] dvb-usb: error while querying for an remote control event.
[  398.181054][   T24] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  398.242156][T10542] openvswitch: netlink: Flow actions attr not present in new flow.
[  398.518491][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  398.530596][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.541364][   T24] usb 1-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00
[  398.550768][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.589191][   T24] usb 1-1: config 0 descriptor??
[  398.683853][ T5855] usb 4-1: USB disconnect, device number 33
[  398.729488][   T29] audit: type=1400 audit(1771592007.266:786): avc:  denied  { bind } for  pid=10546 comm="syz.5.1227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  398.731288][ T5855] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  399.437263][ T6658] block nbd0: Possible stuck request ffff888027b60000: control (read@0,1024B). Runtime 120 seconds
[  399.447988][ T6658] block nbd0: Possible stuck request ffff888027b60200: control (read@1024,1024B). Runtime 120 seconds
[  399.458943][ T6658] block nbd0: Possible stuck request ffff888027b60400: control (read@2048,1024B). Runtime 120 seconds
[  399.469886][ T6658] block nbd0: Possible stuck request ffff888027b60600: control (read@3072,1024B). Runtime 120 seconds
[  399.501447][   T24] asus 0003:048D:CE50.0008: hidraw0: USB HID v0.07 Device [HID 048d:ce50] on usb-dummy_hcd.0-1/input0
[  399.569561][   T24] asus 0003:048D:CE50.0008: Asus input not registered
[  399.657392][   T24] asus 0003:048D:CE50.0008: probe with driver asus failed with error -12
[  399.671674][   T29] audit: type=1400 audit(1771592008.216:787): avc:  denied  { unmount } for  pid=5804 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  399.918966][T10574] netlink: 'syz.2.1233': attribute type 3 has an invalid length.
[  399.931201][T10574] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1233'.
[  399.959376][   T29] audit: type=1400 audit(1771592008.496:788): avc:  denied  { kexec_image_load } for  pid=10564 comm="syz.1.1231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  399.989959][T10578] FAULT_INJECTION: forcing a failure.
[  399.989959][T10578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.037837][T10578] CPU: 0 UID: 0 PID: 10578 Comm: syz.5.1234 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  400.037863][T10578] Tainted: [L]=SOFTLOCKUP
[  400.037867][T10578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  400.037873][T10578] Call Trace:
[  400.037877][T10578]  <TASK>
[  400.037881][T10578]  dump_stack_lvl+0x100/0x190
[  400.037903][T10578]  should_fail_ex.cold+0x5/0xa
[  400.037917][T10578]  _copy_to_user+0x32/0xd0
[  400.037934][T10578]  simple_read_from_buffer+0xcb/0x170
[  400.037952][T10578]  proc_fail_nth_read+0x1af/0x230
[  400.037968][T10578]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  400.037983][T10578]  ? rw_verify_area+0xce/0x6d0
[  400.037997][T10578]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  400.038011][T10578]  vfs_read+0x1e4/0xb30
[  400.038032][T10578]  ? __pfx_vfs_read+0x10/0x10
[  400.038054][T10578]  ? __fget_files+0x215/0x3d0
[  400.038076][T10578]  ? __fget_files+0x21f/0x3d0
[  400.038091][T10578]  ksys_read+0x12a/0x250
[  400.038112][T10578]  ? __pfx_ksys_read+0x10/0x10
[  400.038132][T10578]  do_syscall_64+0x106/0xf80
[  400.038144][T10578]  ? clear_bhb_loop+0x40/0x90
[  400.038157][T10578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.038171][T10578] RIP: 0033:0x7f5cfc75cece
[  400.038186][T10578] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  400.038202][T10578] RSP: 002b:00007f5cfd6cffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  400.038218][T10578] RAX: ffffffffffffffda RBX: 00007f5cfd6d06c0 RCX: 00007f5cfc75cece
[  400.038226][T10578] RDX: 000000000000000f RSI: 00007f5cfd6d00a0 RDI: 0000000000000004
[  400.038232][T10578] RBP: 00007f5cfd6d0090 R08: 0000000000000000 R09: 0000000000000000
[  400.038238][T10578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.038245][T10578] R13: 00007f5cfca16038 R14: 00007f5cfca15fa0 R15: 00007ffef01c4378
[  400.038259][T10578]  </TASK>
[  400.676839][   T29] audit: type=1400 audit(1771592009.216:789): avc:  denied  { remount } for  pid=10579 comm="syz.2.1235" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  400.727076][T10583] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1236'.
[  400.847769][T10590] openvswitch: netlink: Flow actions attr not present in new flow.
[  401.126753][   T24] usb 1-1: USB disconnect, device number 38
[  401.453974][T10601] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10601 comm=syz.5.1239
[  402.070818][   T29] audit: type=1400 audit(1771592010.606:790): avc:  denied  { connect } for  pid=10605 comm="syz.2.1242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  402.533123][   T29] audit: type=1400 audit(1771592011.076:791): avc:  denied  { read } for  pid=10623 comm="syz.1.1248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  404.012587][ T5913] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  404.379203][ T5913] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  404.421854][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.502067][ T5913] usb 4-1: Product: syz
[  404.601047][ T5913] usb 4-1: Manufacturer: syz
[  404.701107][ T5913] usb 4-1: SerialNumber: syz
[  404.805930][ T5913] usb 4-1: config 0 descriptor??
[  406.032442][ T5913] airspy 4-1:0.0: usb_control_msg() failed -110 request 09
[  406.039679][ T5913] airspy 4-1:0.0: Could not detect board
[  406.047960][T10628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  406.085401][T10628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  406.094427][ T5913] airspy 4-1:0.0: probe with driver airspy failed with error -110
[  406.311847][ T5913] usb 4-1: USB disconnect, device number 34
[  406.466744][   T29] audit: type=1326 audit(1771592015.006:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10653 comm="syz.5.1257" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5cfc79c629 code=0x0
[  407.545074][   T29] audit: type=1400 audit(1771592016.076:793): avc:  denied  { listen } for  pid=10664 comm="syz.0.1260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  407.601671][T10665] netlink: 27 bytes leftover after parsing attributes in process `syz.0.1260'.
[  407.682794][T10672] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1261'.
[  407.810647][T10669] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1261'.
[  407.891101][  T969] usb 3-1: new full-speed USB device number 46 using dummy_hcd
[  408.070280][   T29] audit: type=1400 audit(1771592016.606:794): avc:  denied  { write } for  pid=10678 comm="syz.5.1263" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  408.133882][  T969] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  408.167312][  T969] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  408.185630][  T969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.203226][  T969] usb 3-1: Product: syz
[  408.215239][  T969] usb 3-1: Manufacturer: syz
[  408.326836][  T969] usb 3-1: SerialNumber: syz
[  408.345262][  T969] usb 3-1: config 0 descriptor??
[  408.835941][T10687] sctp: [Deprecated]: syz.1.1256 (pid 10687) Use of int in max_burst socket option.
[  408.835941][T10687] Use struct sctp_assoc_value instead
[  408.879934][T10687] 9p: Bad value for 'rfdno'
[  409.267522][   T29] audit: type=1326 audit(1771592017.806:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10689 comm="syz.5.1266" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5cfc79c629 code=0x0
[  409.693043][T10699] input: syz1 as /devices/virtual/input/input61
[  410.707482][   T29] audit: type=1400 audit(1771592019.206:796): avc:  denied  { ioctl } for  pid=10703 comm="syz.3.1269" path="socket:[28530]" dev="sockfs" ino=28530 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  410.949829][ T5863] usb 3-1: USB disconnect, device number 46
[  411.131191][   T29] audit: type=1400 audit(1771592019.626:797): avc:  denied  { write } for  pid=10714 comm="syz.2.1272" path="socket:[28975]" dev="sockfs" ino=28975 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  411.170704][ T5913] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  411.232113][T10719] fuse: Unknown parameter '00000000000000000000'
[  411.240611][T10719] input: syz1 as /devices/virtual/input/input62
[  412.480238][ T5913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  412.593434][ T5913] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  412.646848][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.696452][ T5913] usb 6-1: Product: syz
[  412.712556][ T5913] usb 6-1: Manufacturer: syz
[  412.735163][ T5913] usb 6-1: SerialNumber: syz
[  412.820483][ T5913] usb 6-1: config 0 descriptor??
[  413.195577][ T5913] hub 6-1:0.0: bad descriptor, ignoring hub
[  413.220940][ T5913] hub 6-1:0.0: probe with driver hub failed with error -5
[  413.264007][ T5913] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input63
[  413.433957][   T29] audit: type=1400 audit(1771592021.936:798): avc:  denied  { read } for  pid=10711 comm="syz.5.1271" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  413.922344][   T29] audit: type=1400 audit(1771592021.936:799): avc:  denied  { open } for  pid=10711 comm="syz.5.1271" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  413.922922][ T5801] usb 6-1: USB disconnect, device number 3
[  415.508172][T10763] openvswitch: netlink: Flow actions attr not present in new flow.
[  415.765902][T10770] sctp: [Deprecated]: syz.5.1284 (pid 10770) Use of int in max_burst socket option.
[  415.765902][T10770] Use struct sctp_assoc_value instead
[  415.803919][T10770] 9p: Bad value for 'rfdno'
[  417.033350][T10790] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  418.131973][   T29] audit: type=1400 audit(1771592026.666:800): avc:  denied  { unmount } for  pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  421.688534][T10836] geneve2: entered promiscuous mode
[  421.695551][T10836] geneve2: entered allmulticast mode
[  421.995857][T10851] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1305'.
[  422.054418][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  422.069980][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  422.861093][   T29] audit: type=1400 audit(1771592031.396:801): avc:  denied  { mount } for  pid=10855 comm="syz.5.1307" name="/" dev="bdev" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bdev_t tclass=filesystem permissive=1
[  422.981656][T10856] nbd: socks must be embedded in a SOCK_ITEM attr
[  423.009430][T10856] block nbd1: shutting down sockets
[  423.071464][T10856] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1307'.
[  424.812942][T10899] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  424.964727][T10901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1304'.
[  425.185761][T10906] sctp: [Deprecated]: syz.2.1316 (pid 10906) Use of int in max_burst socket option.
[  425.185761][T10906] Use struct sctp_assoc_value instead
[  425.202215][T10906] 9p: Bad value for 'rfdno'
[  426.231221][  T969] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  426.392002][  T969] usb 4-1: Using ep0 maxpacket: 8
[  426.420405][  T969] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  426.458290][  T969] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  426.478800][  T969] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  426.498428][  T969] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  426.519298][  T969] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  426.768463][  T969] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  426.790467][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.014971][  T969] usb 4-1: GET_CAPABILITIES returned 0
[  427.020520][  T969] usbtmc 4-1:16.0: can't read capabilities
[  427.468799][ T5863] usb 4-1: USB disconnect, device number 35
[  427.760769][T10895] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  427.810843][T10928] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  427.909122][T10929] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1324'.
[  427.998961][T10932] FAULT_INJECTION: forcing a failure.
[  427.998961][T10932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  428.012278][T10932] CPU: 0 UID: 0 PID: 10932 Comm: syz.5.1326 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  428.012297][T10932] Tainted: [L]=SOFTLOCKUP
[  428.012301][T10932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  428.012307][T10932] Call Trace:
[  428.012311][T10932]  <TASK>
[  428.012315][T10932]  dump_stack_lvl+0x100/0x190
[  428.012336][T10932]  should_fail_ex.cold+0x5/0xa
[  428.012350][T10932]  _copy_to_user+0x32/0xd0
[  428.012367][T10932]  simple_read_from_buffer+0xcb/0x170
[  428.012385][T10932]  proc_fail_nth_read+0x1af/0x230
[  428.012400][T10932]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  428.012415][T10932]  ? rw_verify_area+0xce/0x6d0
[  428.012430][T10932]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  428.012443][T10932]  vfs_read+0x1e4/0xb30
[  428.012461][T10932]  ? __pfx_vfs_read+0x10/0x10
[  428.012476][T10932]  ? __fget_files+0x215/0x3d0
[  428.012490][T10932]  ? __fget_files+0x21f/0x3d0
[  428.012503][T10932]  ksys_read+0x12a/0x250
[  428.012519][T10932]  ? __pfx_ksys_read+0x10/0x10
[  428.012538][T10932]  do_syscall_64+0x106/0xf80
[  428.012549][T10932]  ? clear_bhb_loop+0x40/0x90
[  428.012562][T10932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.012573][T10932] RIP: 0033:0x7f5cfc75cece
[  428.012583][T10932] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  428.012594][T10932] RSP: 002b:00007f5cfd6cffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  428.012605][T10932] RAX: ffffffffffffffda RBX: 00007f5cfd6d06c0 RCX: 00007f5cfc75cece
[  428.012611][T10932] RDX: 000000000000000f RSI: 00007f5cfd6d00a0 RDI: 0000000000000006
[  428.012618][T10932] RBP: 00007f5cfd6d0090 R08: 0000000000000000 R09: 0000000000000000
[  428.012624][T10932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.012630][T10932] R13: 00007f5cfca16038 R14: 00007f5cfca15fa0 R15: 00007ffef01c4378
[  428.012643][T10932]  </TASK>
[  428.362825][   T29] audit: type=1400 audit(1771592036.906:802): avc:  denied  { watch watch_reads } for  pid=10936 comm="syz.5.1328" path="/46/file0" dev="tmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  428.550980][T10939] dvmrp9: entered allmulticast mode
[  428.912830][T10956] sctp: [Deprecated]: syz.1.1329 (pid 10956) Use of int in max_burst socket option.
[  428.912830][T10956] Use struct sctp_assoc_value instead
[  428.929015][T10956] 9p: Bad value for 'rfdno'
[  429.921166][ T6658] block nbd0: Possible stuck request ffff888027b60000: control (read@0,1024B). Runtime 150 seconds
[  429.931925][ T6658] block nbd0: Possible stuck request ffff888027b60200: control (read@1024,1024B). Runtime 150 seconds
[  429.943009][ T6658] block nbd0: Possible stuck request ffff888027b60400: control (read@2048,1024B). Runtime 150 seconds
[  429.954138][ T6658] block nbd0: Possible stuck request ffff888027b60600: control (read@3072,1024B). Runtime 150 seconds
[  430.255775][   T29] audit: type=1400 audit(1771592038.796:803): avc:  denied  { write } for  pid=10963 comm="syz.2.1333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  430.261069][ T5863] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  430.361757][   T29] audit: type=1400 audit(1771592038.836:804): avc:  denied  { ioctl } for  pid=10963 comm="syz.2.1333" path="socket:[29932]" dev="sockfs" ino=29932 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  431.014761][ T5863] usb 1-1: Using ep0 maxpacket: 8
[  431.034703][ T5863] usb 1-1: config 1 interface 0 altsetting 134 bulk endpoint 0x82 has invalid maxpacket 8
[  431.070909][ T5863] usb 1-1: config 1 interface 0 altsetting 134 bulk endpoint 0x3 has invalid maxpacket 1024
[  431.094626][T10981] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1339'.
[  431.106303][ T5863] usb 1-1: config 1 interface 0 has no altsetting 0
[  431.127618][ T5863] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  431.145510][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.159041][ T5863] usb 1-1: Product: syz
[  431.163485][ T5863] usb 1-1: Manufacturer: syz
[  431.168198][ T5863] usb 1-1: SerialNumber: syz
[  431.231102][T10962] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  431.251664][T10962] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  431.331139][  T969] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  431.396986][T10988] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1341'.
[  431.406203][T10988] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1341'.
[  431.415323][T10988] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1341'.
[  431.873227][   T29] audit: type=1400 audit(1771592040.406:805): avc:  denied  { listen } for  pid=10990 comm="syz.1.1342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  431.894397][   T29] audit: type=1400 audit(1771592040.406:806): avc:  denied  { accept } for  pid=10990 comm="syz.1.1342" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  432.101099][  T969] usb 3-1: Using ep0 maxpacket: 8
[  432.111735][  T969] usb 3-1: config 1 interface 0 altsetting 134 bulk endpoint 0x82 has invalid maxpacket 8
[  432.148697][  T969] usb 3-1: config 1 interface 0 altsetting 134 bulk endpoint 0x3 has invalid maxpacket 1024
[  432.311099][  T969] usb 3-1: config 1 interface 0 has no altsetting 0
[  432.320289][  T969] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  432.329394][  T969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.337480][  T969] usb 3-1: Product: syz
[  432.344624][  T969] usb 3-1: Manufacturer: syz
[  432.350632][T10962] binder: BINDER_SET_CONTEXT_MGR already set
[  432.361506][T10962] binder: 10961:10962 ioctl 4018620d 200000000100 returned -16
[  432.379610][  T969] usb 3-1: SerialNumber: syz
[  432.444606][T11001] program syz.3.1343 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  432.964584][T10993] netlink: 666 bytes leftover after parsing attributes in process `syz.0.1332'.
[  432.974715][T10982] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  433.011230][T10982] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  433.013702][T11003] loop5: detected capacity change from 0 to 7
[  433.045395][ T5863] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  433.059011][T11003]  loop5: [CUMANA/ADFS] p1 [ADFS] p1
[  433.064493][T11003] loop5: partition table partially beyond EOD, truncated
[  433.082577][T11003] loop5: p1 size 2989602745 extends beyond EOD, truncated
[  433.130348][ T5863] usb 1-1: USB disconnect, device number 39
[  433.171495][ T8977] udevd[8977]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  433.222537][T11006] 9p: Bad value for 'rfdno'
[  433.591045][   T29] audit: type=1400 audit(1771592042.006:807): avc:  denied  { getopt } for  pid=11007 comm="syz.3.1346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  434.184243][T11012] netlink: 666 bytes leftover after parsing attributes in process `syz.2.1338'.
[  434.278393][  T969] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  434.305243][  T969] usb 3-1: USB disconnect, device number 47
[  434.481759][   T29] audit: type=1400 audit(1771592043.026:808): avc:  denied  { getopt } for  pid=11024 comm="syz.5.1349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  436.201901][T11046] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1353'.
[  436.210862][T11046] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1353'.
[  436.220376][T11046] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1353'.
[  436.258893][T11048] xt_ecn: cannot match TCP bits for non-tcp packets
[  436.266780][   T29] audit: type=1400 audit(1771592044.806:809): avc:  denied  { bind } for  pid=11047 comm="syz.1.1354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  437.234903][T11054] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11054 comm=syz.1.1356
[  437.270367][T11018] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  439.524013][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  439.536282][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  440.769321][T11096] netlink: 'syz.2.1357': attribute type 1 has an invalid length.
[  440.787382][T11096] netlink: 'syz.2.1357': attribute type 1 has an invalid length.
[  440.807433][T11095] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1368'.
[  441.112365][T11105] netlink: 'syz.5.1371': attribute type 39 has an invalid length.
[  441.166826][   T29] audit: type=1400 audit(1771592049.586:810): avc:  denied  { bind } for  pid=11098 comm="syz.5.1371" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  441.798183][T11110] netlink: 'syz.1.1370': attribute type 4 has an invalid length.
[  441.856456][T11112] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  442.264085][T11122] sctp: [Deprecated]: syz.2.1373 (pid 11122) Use of int in max_burst socket option.
[  442.264085][T11122] Use struct sctp_assoc_value instead
[  442.319397][T11122] 9p: Bad value for 'rfdno'
[  443.674052][T11137] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1377'.
[  444.082232][T11144] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22
[  444.090754][T11144] netdevsim netdevsim3: Direct firmware load for . failed with error -22
[  444.102270][T11144] netdevsim netdevsim3: Falling back to sysfs fallback for: .
[  444.373556][   T29] audit: type=1400 audit(1771592052.636:811): avc:  denied  { firmware_load } for  pid=11140 comm="syz.3.1380" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  444.598174][T11137] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  445.348157][T11130] tipc: Disabling bearer <eth:syzkaller0>
[  445.404625][T11156] netlink: 'syz.3.1383': attribute type 1 has an invalid length.
[  445.437319][T11156] netlink: 'syz.3.1383': attribute type 1 has an invalid length.
[  445.604025][T11164] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1386'.
[  445.613023][T11164] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1386'.
[  445.622134][T11164] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1386'.
[  445.902436][T11169] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1385'.
[  446.428580][T11172] FAULT_INJECTION: forcing a failure.
[  446.428580][T11172] name failslab, interval 1, probability 0, space 0, times 0
[  446.441776][T11172] CPU: 0 UID: 0 PID: 11172 Comm: syz.5.1388 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  446.441803][T11172] Tainted: [L]=SOFTLOCKUP
[  446.441809][T11172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  446.441819][T11172] Call Trace:
[  446.441825][T11172]  <TASK>
[  446.441831][T11172]  dump_stack_lvl+0x100/0x190
[  446.441863][T11172]  should_fail_ex.cold+0x5/0xa
[  446.441887][T11172]  ? video_usercopy+0x1a3/0x1740
[  446.441903][T11172]  should_failslab+0xc2/0x120
[  446.441935][T11172]  __kmalloc_noprof+0xe0/0x850
[  446.441965][T11172]  video_usercopy+0x1a3/0x1740
[  446.441984][T11172]  ? __pfx___video_do_ioctl+0x10/0x10
[  446.442002][T11172]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  446.442025][T11172]  ? __pfx_video_usercopy+0x10/0x10
[  446.442058][T11172]  v4l2_ioctl+0x1bd/0x250
[  446.442077][T11172]  ? __pfx_v4l2_ioctl+0x10/0x10
[  446.442097][T11172]  __x64_sys_ioctl+0x18e/0x210
[  446.442123][T11172]  do_syscall_64+0x106/0xf80
[  446.442142][T11172]  ? clear_bhb_loop+0x40/0x90
[  446.442170][T11172]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.442188][T11172] RIP: 0033:0x7f5cfc79c629
[  446.442204][T11172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  446.442221][T11172] RSP: 002b:00007f5cfd6d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  446.442240][T11172] RAX: ffffffffffffffda RBX: 00007f5cfca15fa0 RCX: 00007f5cfc79c629
[  446.442251][T11172] RDX: 0000200000000100 RSI: 00000000c0d05605 RDI: 0000000000000003
[  446.442262][T11172] RBP: 00007f5cfd6d0090 R08: 0000000000000000 R09: 0000000000000000
[  446.442272][T11172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  446.442282][T11172] R13: 00007f5cfca16038 R14: 00007f5cfca15fa0 R15: 00007ffef01c4378
[  446.442307][T11172]  </TASK>
[  447.361230][  T969] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  447.536319][  T969] usb 6-1: Using ep0 maxpacket: 8
[  447.559077][  T969] usb 6-1: config 0 has no interfaces?
[  447.576919][  T969] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  447.593142][  T969] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.613149][  T969] usb 6-1: Product: syz
[  447.621441][  T969] usb 6-1: Manufacturer: syz
[  447.632223][  T969] usb 6-1: SerialNumber: syz
[  447.643583][  T969] usb 6-1: config 0 descriptor??
[  447.791044][  T969] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  447.840026][T11190] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  447.868952][ T5863] usb 6-1: USB disconnect, device number 4
[  447.946008][  T969] usb 1-1: Using ep0 maxpacket: 32
[  447.989720][  T969] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  448.151146][  T969] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.163884][  T969] usb 1-1: config 0 has no interface number 0
[  448.189431][  T969] usb 1-1: config 0 interface 132 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  448.239624][  T969] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  448.258995][  T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.274894][  T969] usb 1-1: Product: syz
[  448.290089][  T969] usb 1-1: Manufacturer: syz
[  448.299324][  T969] usb 1-1: SerialNumber: syz
[  448.333237][  T969] usb 1-1: config 0 descriptor??
[  448.368302][T11204] vxcan1: tx drop: invalid sa for name 0xfffffffffffffffe
[  448.544687][   T29] audit: type=1400 audit(1771592057.086:812): avc:  denied  { setopt } for  pid=11212 comm="syz.3.1402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  448.661021][  T969] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  448.765457][T11216] SELinux: failed to load policy
[  448.817565][  T969] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  448.839587][  T969] usb 6-1: New USB device found, idVendor=0471, idProduct=030c, bcdDevice=e4.df
[  448.851646][  T969] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.862650][  T969] usb 6-1: config 0 descriptor??
[  448.891127][ T5863] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  448.963772][  T969] pwc: Philips PCVC690K (Vesta Pro Scan) USB webcam detected.
[  449.008251][T11237] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  449.020738][T11237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1410'.
[  449.440999][ T5863] usb 4-1: Using ep0 maxpacket: 32
[  449.447704][ T5863] usb 4-1: config 0 interface 0 has no altsetting 0
[  449.464240][ T5863] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  449.481388][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.502717][ T5863] usb 4-1: Product: syz
[  449.517514][ T5863] usb 4-1: Manufacturer: syz
[  449.539791][ T5863] usb 4-1: SerialNumber: syz
[  449.560456][ T5863] usb 4-1: config 0 descriptor??
[  450.037916][ T5863] gs_usb 4-1:0.0: Couldn't get device config: (err=-32)
[  450.046634][ T5863] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -32
[  450.186365][   T29] audit: type=1400 audit(1771592058.696:813): avc:  denied  { execute } for  pid=11246 comm="syz.2.1411" path="/dev/sg0" dev="devtmpfs" ino=815 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  450.437151][T11259] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.469069][T11259] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.602197][ T5863] usb 1-1: USB disconnect, device number 40
[  451.031068][ T5863] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  451.211260][ T5863] usb 1-1: Using ep0 maxpacket: 8
[  451.224708][ T5863] usb 1-1: config 1 interface 0 altsetting 134 bulk endpoint 0x82 has invalid maxpacket 8
[  451.246590][ T5863] usb 1-1: config 1 interface 0 altsetting 134 bulk endpoint 0x3 has invalid maxpacket 1024
[  451.266763][ T5863] usb 1-1: config 1 interface 0 has no altsetting 0
[  451.287484][ T5863] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  451.321481][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.350056][ T5863] usb 1-1: Product: syz
[  451.362245][ T5863] usb 1-1: Manufacturer: syz
[  451.373596][ T5863] usb 1-1: SerialNumber: syz
[  451.389492][T11264] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  451.417546][T11264] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  451.539069][T11274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.611107][T11274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.634529][T11276] 9p: Bad value for 'rfdno'
[  451.663401][T11276] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1419'.
[  451.679695][   T24] usb 4-1: USB disconnect, device number 36
[  451.694240][T11274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  451.870558][  T969] pwc: send_video_command error -71
[  451.939154][  T969] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  452.086373][  T969] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  452.152550][  T969] usb 6-1: USB disconnect, device number 5
[  452.216077][T11264] binder: BINDER_SET_CONTEXT_MGR already set
[  452.222122][T11264] binder: 11263:11264 ioctl 4018620d 200000000100 returned -16
[  452.647847][T11292] autofs: Unknown parameter 'fd00000000000000000000'
[  452.797637][ T5863] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  452.931597][ T5863] usb 1-1: USB disconnect, device number 41
[  453.011207][   T29] audit: type=1326 audit(1771592061.546:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11293 comm="syz.1.1423" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f700459c629 code=0x0
[  453.861466][ T5913] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  454.010405][T11317] netlink: 'syz.5.1432': attribute type 3 has an invalid length.
[  454.031021][T11317] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1432'.
[  454.044099][ T5913] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  454.084298][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.121461][ T5913] usb 4-1: Product: syz
[  454.131206][ T5913] usb 4-1: Manufacturer: syz
[  454.142409][ T5913] usb 4-1: SerialNumber: syz
[  454.156726][ T5913] usb 4-1: config 0 descriptor??
[  454.172394][ T5913] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  454.198314][ T5913] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  454.321176][ T5913] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  454.331042][ T5913] usb 4-1: media controller created
[  454.467187][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  454.789115][ T5863] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  454.862368][ T5913] DVB: Unable to find symbol mt352_attach()
[  454.923684][ T5913] DVB: Unable to find symbol nxt6000_attach()
[  454.946828][ T5913] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  454.962457][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  454.980859][ T5913] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input64
[  454.990996][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  454.997544][ T5913] dvb-usb: schedule remote query interval to 1000 msecs.
[  455.072609][ T5913] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  455.083554][ T5913] dvb-usb: bulk message failed: -22 (7/0)
[  455.092137][ T5913] dvb-usb: bulk message failed: -22 (7/0)
[  455.122829][ T5863] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  455.138321][ T5913] usb 4-1: USB disconnect, device number 37
[  455.171070][ T5863] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  455.194767][ T5863] usb 1-1: Manufacturer: syz
[  455.218809][ T5863] usb 1-1: config 0 descriptor??
[  455.305728][ T5913] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  455.601531][   T29] audit: type=1326 audit(1771592064.136:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11336 comm="syz.3.1439" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa31b59c629 code=0x0
[  456.498898][T11350] autofs: Unknown parameter 'fd00000000000000000000'
[  456.630623][ T5863] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0009/input/input65
[  457.180523][ T5863] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0009/input/input66
[  457.202283][ T5863] input: syz Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0009/input/input67
[  457.268061][ T5863] input: syz Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0009/input/input68
[  457.287447][T11358] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1445'.
[  457.449466][ T5863] uclogic 0003:256C:006D.0009: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.0-1/input0
[  457.494264][ T5863] usb 1-1: USB disconnect, device number 42
[  457.515818][T11358] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.524154][T11358] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.562353][   T29] audit: type=1400 audit(1771592066.106:816): avc:  denied  { getopt } for  pid=11364 comm="syz.3.1447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  457.858308][T11370] fido_id[11370]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  458.886408][T11384] openvswitch: netlink: Flow actions attr not present in new flow.
[  459.031297][T11396] autofs: Unknown parameter 'fd00000000000000000000'
[  459.960613][T11403] befs: (loop2): No write support. Marking filesystem read-only
[  459.969161][T11403] befs: (loop2): unable to read superblock
[  460.035271][ T6658] block nbd0: Possible stuck request ffff888027b60000: control (read@0,1024B). Runtime 180 seconds
[  460.046065][ T6658] block nbd0: Possible stuck request ffff888027b60200: control (read@1024,1024B). Runtime 180 seconds
[  460.057046][ T6658] block nbd0: Possible stuck request ffff888027b60400: control (read@2048,1024B). Runtime 180 seconds
[  460.068032][ T6658] block nbd0: Possible stuck request ffff888027b60600: control (read@3072,1024B). Runtime 180 seconds
[  460.311815][T11415] FAULT_INJECTION: forcing a failure.
[  460.311815][T11415] name failslab, interval 1, probability 0, space 0, times 0
[  460.325012][T11415] CPU: 1 UID: 0 PID: 11415 Comm: syz.0.1458 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  460.325041][T11415] Tainted: [L]=SOFTLOCKUP
[  460.325046][T11415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  460.325057][T11415] Call Trace:
[  460.325063][T11415]  <TASK>
[  460.325069][T11415]  dump_stack_lvl+0x100/0x190
[  460.325100][T11415]  should_fail_ex.cold+0x5/0xa
[  460.325123][T11415]  should_failslab+0xc2/0x120
[  460.325149][T11415]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  460.325171][T11415]  ? do_getname_kernel+0x5d/0x250
[  460.325195][T11415]  do_getname_kernel+0x5d/0x250
[  460.325216][T11415]  kern_path+0x1f/0x50
[  460.325240][T11415]  lookup_bdev+0xd8/0x280
[  460.325263][T11415]  ? __pfx_lookup_bdev+0x10/0x10
[  460.325284][T11415]  ? cred_has_capability.isra.0+0x186/0x300
[  460.325306][T11415]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  460.325324][T11415]  ? __do_sys_fsconfig+0x4e1/0xcb0
[  460.325351][T11415]  get_tree_bdev_flags+0xbe/0x620
[  460.325374][T11415]  ? __pfx_befs_fill_super+0x10/0x10
[  460.325402][T11415]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  460.325426][T11415]  ? cap_capable+0x107/0x460
[  460.325453][T11415]  ? bpf_lsm_capable+0x9/0x10
[  460.325468][T11415]  ? security_capable+0x80/0x260
[  460.325495][T11415]  vfs_get_tree+0x92/0x320
[  460.325516][T11415]  vfs_cmd_create+0xd7/0x2a0
[  460.325539][T11415]  __do_sys_fsconfig+0x55a/0xcb0
[  460.325562][T11415]  ? __pfx___do_sys_fsconfig+0x10/0x10
[  460.325584][T11415]  ? fput+0x79/0x100
[  460.325612][T11415]  do_syscall_64+0x106/0xf80
[  460.325629][T11415]  ? clear_bhb_loop+0x40/0x90
[  460.325651][T11415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.325668][T11415] RIP: 0033:0x7fcb6b99c629
[  460.325683][T11415] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  460.325700][T11415] RSP: 002b:00007fcb69bb4028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  460.325718][T11415] RAX: ffffffffffffffda RBX: 00007fcb6bc16180 RCX: 00007fcb6b99c629
[  460.325729][T11415] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000008
[  460.325739][T11415] RBP: 00007fcb69bb4090 R08: 0000000000000000 R09: 0000000000000000
[  460.325749][T11415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.325759][T11415] R13: 00007fcb6bc16218 R14: 00007fcb6bc16180 R15: 00007ffe29d87d18
[  460.325782][T11415]  </TASK>
[  460.591029][ T5801] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  460.684211][T11413] sctp: [Deprecated]: syz.1.1461 (pid 11413) Use of struct sctp_assoc_value in delayed_ack socket option.
[  460.684211][T11413] Use struct sctp_sack_info instead
[  460.824056][T11426] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1467'.
[  460.861114][ T5801] usb 4-1: Using ep0 maxpacket: 32
[  460.890001][ T5801] usb 4-1: unable to get BOS descriptor or descriptor too short
[  460.912434][ T5801] usb 4-1: config 0 has an invalid interface number: 8 but max is 1
[  460.920450][ T5801] usb 4-1: config 0 has an invalid interface number: 250 but max is 1
[  461.283154][ T5801] usb 4-1: config 0 has no interface number 0
[  461.542219][ T5801] usb 4-1: config 0 has no interface number 1
[  461.564977][ T5801] usb 4-1: config 0 interface 8 has no altsetting 0
[  461.580508][ T5801] usb 4-1: config 0 interface 250 has no altsetting 0
[  461.593556][ T5801] usb 4-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=e8.9f
[  461.607150][ T5801] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.629882][ T5801] usb 4-1: Product: syz
[  461.636255][ T5801] usb 4-1: Manufacturer: syz
[  461.647428][ T5801] usb 4-1: SerialNumber: syz
[  461.790462][T11430] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  461.796462][T11430] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  461.816798][ T5801] usb 4-1: config 0 descriptor??
[  462.594763][T11409] fuse: Unknown parameter 'rootm'
[  462.792398][ T5801] videodev: could not get a free minor
[  462.797887][ T5801] dsbr100 4-1:0.250: couldn't register video device
[  462.861561][ T5801] dsbr100 4-1:0.250: probe with driver dsbr100 failed with error -23
[  462.901232][ T5801] usb 4-1: USB disconnect, device number 38
[  463.038315][T11460] fuse: Bad value for 'fd'
[  464.363077][T11487] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1484'.
[  464.372227][T11487] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1484'.
[  464.381601][T11487] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1484'.
[  465.391700][T11500] FAULT_INJECTION: forcing a failure.
[  465.391700][T11500] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  465.404996][T11500] CPU: 0 UID: 0 PID: 11500 Comm: syz.3.1487 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  465.405022][T11500] Tainted: [L]=SOFTLOCKUP
[  465.405027][T11500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  465.405033][T11500] Call Trace:
[  465.405037][T11500]  <TASK>
[  465.405041][T11500]  dump_stack_lvl+0x100/0x190
[  465.405062][T11500]  should_fail_ex.cold+0x5/0xa
[  465.405078][T11500]  _copy_to_user+0x32/0xd0
[  465.405096][T11500]  simple_read_from_buffer+0xcb/0x170
[  465.405114][T11500]  proc_fail_nth_read+0x1af/0x230
[  465.405130][T11500]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  465.405146][T11500]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  465.405160][T11500]  vfs_read+0x1e4/0xb30
[  465.405178][T11500]  ? __pfx_vfs_read+0x10/0x10
[  465.405193][T11500]  ? __fget_files+0x215/0x3d0
[  465.405206][T11500]  ? __fget_files+0x21f/0x3d0
[  465.405220][T11500]  ksys_read+0x12a/0x250
[  465.405235][T11500]  ? __pfx_ksys_read+0x10/0x10
[  465.405254][T11500]  do_syscall_64+0x106/0xf80
[  465.405265][T11500]  ? clear_bhb_loop+0x40/0x90
[  465.405279][T11500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.405290][T11500] RIP: 0033:0x7fa31b55cece
[  465.405300][T11500] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  465.405311][T11500] RSP: 002b:00007fa31c4dffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  465.405321][T11500] RAX: ffffffffffffffda RBX: 00007fa31c4e06c0 RCX: 00007fa31b55cece
[  465.405328][T11500] RDX: 000000000000000f RSI: 00007fa31c4e00a0 RDI: 0000000000000004
[  465.405334][T11500] RBP: 00007fa31c4e0090 R08: 0000000000000000 R09: 0000000000000000
[  465.405340][T11500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.405346][T11500] R13: 00007fa31b816128 R14: 00007fa31b816090 R15: 00007ffe151b2058
[  465.405360][T11500]  </TASK>
[  466.651195][T11506] veth1_to_batadv: vlans aren't supported yet for dev_uc|mc_add()
[  466.754336][T11506] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11506 comm=syz.5.1488
[  466.791126][   T29] audit: type=1400 audit(1771592075.246:817): avc:  denied  { create } for  pid=11504 comm="syz.5.1488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1
[  466.934221][ T5806] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  466.957474][ T5806] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  466.967507][ T5806] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  466.975245][ T5806] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  466.982831][ T5806] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  466.999617][ T5817] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  467.032938][ T5817] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  467.052746][ T5817] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  467.085710][ T5817] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  467.101121][ T5817] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  467.126182][T11522] FAULT_INJECTION: forcing a failure.
[  467.126182][T11522] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  467.139389][T11522] CPU: 0 UID: 0 PID: 11522 Comm: syz.3.1496 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  467.139418][T11522] Tainted: [L]=SOFTLOCKUP
[  467.139424][T11522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  467.139434][T11522] Call Trace:
[  467.139440][T11522]  <TASK>
[  467.139447][T11522]  dump_stack_lvl+0x100/0x190
[  467.139479][T11522]  should_fail_ex.cold+0x5/0xa
[  467.139502][T11522]  _copy_to_user+0x32/0xd0
[  467.139528][T11522]  bpf_test_finish.isra.0+0x510/0x660
[  467.139561][T11522]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  467.139592][T11522]  ? skb_checksum+0x7f4/0x950
[  467.139623][T11522]  bpf_prog_test_run_skb+0x21a7/0x3230
[  467.139660][T11522]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  467.139682][T11522]  ? fput+0x79/0x100
[  467.139704][T11522]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  467.139722][T11522]  __sys_bpf+0x1725/0x4b90
[  467.139745][T11522]  ? __pfx___sys_bpf+0x10/0x10
[  467.139760][T11522]  ? proc_fail_nth_write+0x9f/0x220
[  467.139784][T11522]  ? find_held_lock+0x2b/0x80
[  467.139816][T11522]  ? find_held_lock+0x2b/0x80
[  467.139837][T11522]  ? ksys_write+0x190/0x250
[  467.139866][T11522]  ? __mutex_unlock_slowpath+0x15c/0x790
[  467.139887][T11522]  ? __fget_files+0x215/0x3d0
[  467.139916][T11522]  ? fput+0x79/0x100
[  467.139934][T11522]  ? ksys_write+0x1ac/0x250
[  467.139958][T11522]  ? __pfx_ksys_write+0x10/0x10
[  467.139987][T11522]  __x64_sys_bpf+0x7b/0xc0
[  467.140005][T11522]  ? lockdep_hardirqs_on+0x78/0x100
[  467.140022][T11522]  do_syscall_64+0x106/0xf80
[  467.140039][T11522]  ? clear_bhb_loop+0x40/0x90
[  467.140062][T11522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.140079][T11522] RIP: 0033:0x7fa31b59c629
[  467.140095][T11522] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  467.140111][T11522] RSP: 002b:00007fa31c501028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  467.140129][T11522] RAX: ffffffffffffffda RBX: 00007fa31b815fa0 RCX: 00007fa31b59c629
[  467.140141][T11522] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  467.140152][T11522] RBP: 00007fa31c501090 R08: 0000000000000000 R09: 0000000000000000
[  467.140162][T11522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.140172][T11522] R13: 00007fa31b816038 R14: 00007fa31b815fa0 R15: 00007ffe151b2058
[  467.140196][T11522]  </TASK>
[  467.584234][T11533] netlink: 'syz.1.1501': attribute type 29 has an invalid length.
[  467.612105][   T29] audit: type=1400 audit(1771592076.156:818): avc:  denied  { bind } for  pid=11532 comm="syz.1.1501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  467.701972][   T29] audit: type=1400 audit(1771592076.186:819): avc:  denied  { write } for  pid=11532 comm="syz.1.1501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  467.904848][T11515] chnl_net:caif_netlink_parms(): no params data found
[  468.163360][T11515] bridge0: port 1(bridge_slave_0) entered blocking state
[  468.195138][T11515] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.208036][T11515] bridge_slave_0: entered allmulticast mode
[  468.227281][T11515] bridge_slave_0: entered promiscuous mode
[  468.245966][T11515] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.258695][T11515] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.266286][T11515] bridge_slave_1: entered allmulticast mode
[  468.290294][T11515] bridge_slave_1: entered promiscuous mode
[  468.365377][T11515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  468.382605][T11515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  468.419822][T11549] netlink: 100 bytes leftover after parsing attributes in process `syz.0.1504'.
[  468.457489][T11515] team0: Port device team_slave_0 added
[  468.470099][T11515] team0: Port device team_slave_1 added
[  468.508556][T11515] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.522964][T11515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  468.555232][T11515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.568144][T11515] batman_adv: batadv0: Adding interface: batadv_slave_1
[  468.575292][T11515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  468.611138][ T5863] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  468.612140][T11515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.668590][T11515] hsr_slave_0: entered promiscuous mode
[  468.675376][T11515] hsr_slave_1: entered promiscuous mode
[  468.681999][T11515] debugfs: 'hsr0' already exists in 'hsr'
[  468.687817][T11515] Cannot create hsr debugfs directory
[  468.761133][ T5863] usb 6-1: Using ep0 maxpacket: 8
[  468.778749][ T5863] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  468.795353][ T5863] usb 6-1: config 0 has no interface number 0
[  468.810462][ T5863] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  468.847151][ T5863] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  468.879481][ T5863] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  468.903752][ T5863] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  468.933714][ T5863] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  468.953069][ T5863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.987174][ T5863] usb 6-1: config 0 descriptor??
[  468.991479][T11515] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  469.011591][T11515] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  469.023101][T11515] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  469.034174][T11515] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  469.061425][ T5863] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  469.131277][ T5817] Bluetooth: hci6: command tx timeout
[  469.220568][T11515] 8021q: adding VLAN 0 to HW filter on device bond0
[  469.256858][ T5863] usb 6-1: USB disconnect, device number 6
[  469.262821][    C0] ldusb 6-1:0.55: usb_submit_urb failed (-19)
[  469.282561][ T5863] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  469.300219][T11577] netlink: 11 bytes leftover after parsing attributes in process `syz.1.1511'.
[  469.309207][T11577] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1511'.
[  469.318670][T11577] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1511'.
[  469.336471][T11515] 8021q: adding VLAN 0 to HW filter on device team0
[  469.379758][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  469.386914][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  469.437284][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  469.444447][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  469.521119][ T5801] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  469.677331][T11515] 8021q: adding VLAN 0 to HW filter on device batadv0
[  469.701461][ T5801] usb 1-1: config 64 has an invalid interface number: 60 but max is 0
[  469.722437][ T5801] usb 1-1: config 64 has no interface number 0
[  469.736874][ T5801] usb 1-1: config 64 interface 60 has no altsetting 0
[  469.749582][ T5801] usb 1-1: New USB device found, idVendor=1b71, idProduct=3002, bcdDevice=76.b3
[  469.779417][ T5801] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.797674][ T5801] usb 1-1: Product: syz
[  469.806504][ T5801] usb 1-1: Manufacturer: syz
[  469.812728][ T5801] usb 1-1: SerialNumber: syz
[  470.513765][ T5801] usb 1-1: USB disconnect, device number 43
[  470.789686][T11515] veth0_vlan: entered promiscuous mode
[  470.817624][T11515] veth1_vlan: entered promiscuous mode
[  470.949493][T11515] veth0_macvtap: entered promiscuous mode
[  470.973064][   T29] audit: type=1400 audit(1771592079.516:820): avc:  denied  { bind } for  pid=11605 comm="syz.5.1519" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  471.006406][T11515] veth1_macvtap: entered promiscuous mode
[  471.205058][ T5817] Bluetooth: hci6: command tx timeout
[  471.946886][T11618] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1520'.
[  472.753930][T11617] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1521'.
[  472.763441][T11617] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1521'.
[  472.772653][T11617] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1521'.
[  472.795582][T11515] batman_adv: batadv0: Interface activated: batadv_slave_0
[  472.827843][T11515] batman_adv: batadv0: Interface activated: batadv_slave_1
[  472.871309][ T6661] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  472.882127][ T6422] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  472.906817][ T6127] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  472.953840][ T6127] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  473.292367][ T5817] Bluetooth: hci6: command tx timeout
[  473.616897][ T6127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  473.636609][ T6127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  473.672459][ T6661] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  473.680848][ T6661] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  473.951237][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  474.076064][T11645] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1528'.
[  474.085592][T11645] FAULT_INJECTION: forcing a failure.
[  474.085592][T11645] name failslab, interval 1, probability 0, space 0, times 0
[  474.098802][T11645] CPU: 0 UID: 0 PID: 11645 Comm: syz.6.1528 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  474.098829][T11645] Tainted: [L]=SOFTLOCKUP
[  474.098835][T11645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  474.098844][T11645] Call Trace:
[  474.098849][T11645]  <TASK>
[  474.098855][T11645]  dump_stack_lvl+0x100/0x190
[  474.098886][T11645]  should_fail_ex.cold+0x5/0xa
[  474.098906][T11645]  ? fib_create_info+0x5bf/0x4640
[  474.098927][T11645]  should_failslab+0xc2/0x120
[  474.098952][T11645]  __kmalloc_noprof+0xe0/0x850
[  474.098977][T11645]  fib_create_info+0x5bf/0x4640
[  474.099000][T11645]  ? __lock_acquire+0x4a5/0x2630
[  474.099029][T11645]  ? _printk+0xcf/0x110
[  474.099048][T11645]  ? __pfx_fib_create_info+0x10/0x10
[  474.099069][T11645]  ? lock_acquire+0x1cf/0x380
[  474.099099][T11645]  fib_table_insert+0x169/0x1c70
[  474.099123][T11645]  ? trace_contention_end+0x140/0x180
[  474.099146][T11645]  ? __mutex_lock+0x26a/0x1b90
[  474.099174][T11645]  ? __pfx_fib_table_insert+0x10/0x10
[  474.099207][T11645]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  474.099232][T11645]  ? rtm_to_fib_config+0x879/0x13b0
[  474.099255][T11645]  ? inet_rtm_newroute+0x172/0x210
[  474.099275][T11645]  inet_rtm_newroute+0x172/0x210
[  474.099295][T11645]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  474.099324][T11645]  ? rcu_is_watching+0x12/0xc0
[  474.099347][T11645]  ? __pfx_inet_rtm_newroute+0x10/0x10
[  474.099368][T11645]  rtnetlink_rcv_msg+0x95e/0xe90
[  474.099389][T11645]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  474.099409][T11645]  ? __pfx___schedule+0x10/0x10
[  474.099442][T11645]  netlink_rcv_skb+0x159/0x420
[  474.099461][T11645]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  474.099480][T11645]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  474.099509][T11645]  ? rcu_is_watching+0x12/0xc0
[  474.099534][T11645]  netlink_unicast+0x5aa/0x870
[  474.099557][T11645]  ? __pfx_netlink_unicast+0x10/0x10
[  474.099576][T11645]  ? security_netlink_send+0x9c/0x210
[  474.099603][T11645]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  474.099631][T11645]  netlink_sendmsg+0x8b0/0xda0
[  474.099654][T11645]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.099676][T11645]  ? __pfx_netlink_sendmsg+0x10/0x10
[  474.099700][T11645]  ____sys_sendmsg+0xa54/0xc30
[  474.099724][T11645]  ? __pfx_____sys_sendmsg+0x10/0x10
[  474.099755][T11645]  ? kvm_sched_clock_read+0x11/0x20
[  474.099784][T11645]  ? sched_clock+0x38/0x60
[  474.099809][T11645]  ? sched_clock_cpu+0x6c/0x570
[  474.099838][T11645]  ___sys_sendmsg+0x190/0x1e0
[  474.099863][T11645]  ? __pfx____sys_sendmsg+0x10/0x10
[  474.099885][T11645]  ? __schedule+0x2fa6/0x60e0
[  474.099938][T11645]  __sys_sendmsg+0x170/0x220
[  474.099955][T11645]  ? __pfx___sys_sendmsg+0x10/0x10
[  474.099972][T11645]  ? irqentry_exit+0x180/0x670
[  474.100002][T11645]  do_syscall_64+0x106/0xf80
[  474.100019][T11645]  ? clear_bhb_loop+0x40/0x90
[  474.100041][T11645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.100059][T11645] RIP: 0033:0x7fedfd99c629
[  474.100074][T11645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  474.100091][T11645] RSP: 002b:00007fedfe8a2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  474.100109][T11645] RAX: ffffffffffffffda RBX: 00007fedfdc16090 RCX: 00007fedfd99c629
[  474.100120][T11645] RDX: 0000000000000040 RSI: 0000200000000c00 RDI: 0000000000000006
[  474.100131][T11645] RBP: 00007fedfe8a2090 R08: 0000000000000000 R09: 0000000000000000
[  474.100141][T11645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.100151][T11645] R13: 00007fedfdc16128 R14: 00007fedfdc16090 R15: 00007ffe5e73c178
[  474.100175][T11645]  </TASK>
[  474.613604][   T10] usb 6-1: unable to get BOS descriptor or descriptor too short
[  474.625506][   T10] usb 6-1: config 12 has an invalid interface number: 251 but max is 0
[  474.625531][   T10] usb 6-1: config 12 has no interface number 0
[  474.625555][   T10] usb 6-1: config 12 interface 251 has no altsetting 0
[  474.627558][   T10] usb 6-1: New USB device found, idVendor=0506, idProduct=00df, bcdDevice=83.04
[  474.627585][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  474.627605][   T10] usb 6-1: Product: syz
[  474.627620][   T10] usb 6-1: Manufacturer: syz
[  474.627635][   T10] usb 6-1: SerialNumber: syz
[  474.843189][   T10] gspca_main: spca501-2.14.0 probing 0506:00df
[  474.849737][   T10] gspca_spca501: reg write: error -71
[  474.855177][   T10] spca501 6-1:12.251: Reg write failed for 0x00,0xaa,0x00
[  474.862628][   T10] spca501 6-1:12.251: probe with driver spca501 failed with error -22
[  474.874073][   T10] usb 6-1: USB disconnect, device number 7
[  474.941032][   T47] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  474.951039][    T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  475.091157][   T47] usb 4-1: Using ep0 maxpacket: 8
[  475.097715][   T47] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  475.106244][   T47] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  475.114999][   T47] usb 4-1: config 0 has no interface number 0
[  475.124696][   T47] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  475.131129][    T9] usb 7-1: Using ep0 maxpacket: 32
[  475.143060][   T47] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 102, changing to 10
[  475.143891][    T9] usb 7-1: config 0 interface 0 has no altsetting 0
[  475.164031][   T47] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 24624, setting to 1024
[  475.165766][    T9] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  475.184798][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.187606][   T47] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  475.202507][    T9] usb 7-1: Product: syz
[  475.203460][   T47] usb 4-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  475.206765][    T9] usb 7-1: Manufacturer: syz
[  475.206783][    T9] usb 7-1: SerialNumber: syz
[  475.225978][    T9] usb 7-1: config 0 descriptor??
[  475.226513][   T47] usb 4-1: Product: syz
[  475.242207][   T47] usb 4-1: Manufacturer: syz
[  475.249988][   T47] usb 4-1: config 0 descriptor??
[  475.361223][ T5817] Bluetooth: hci6: command tx timeout
[  475.440449][T11660] loop5: detected capacity change from 0 to 7
[  475.457392][T11660] Dev loop5: unable to read RDB block 7
[  475.463174][T11660]  loop5: unable to read partition table
[  475.469041][T11660] loop5: partition table beyond EOD, truncated
[  475.475688][T11660] loop_reread_partitions: partition scan of loop5 (�������g�C�j̖�P=��!MX���	���%��`�搘ȵ4FLQk݊5) failed (rc=-5)
[  475.588459][T11662] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  475.637492][T11666] openvswitch: netlink: Flow key attr not present in new flow.
[  475.665013][    T9] gs_usb 7-1:0.0: Couldn't get device config: (err=-32)
[  475.712599][    T9] gs_usb 7-1:0.0: probe with driver gs_usb failed with error -32
[  476.067916][   T47] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input69
[  476.120037][T11671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  476.130429][T11671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.194855][T11673] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  476.241819][T11676] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11676 comm=syz.1.1538
[  476.324868][T11679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1537'.
[  476.367497][   T10] usb 4-1: USB disconnect, device number 39
[  476.367636][    C1] keyspan_remote 4-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  476.393016][T11682] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11682 comm=syz.5.1539
[  477.284007][T11702] FAULT_INJECTION: forcing a failure.
[  477.284007][T11702] name failslab, interval 1, probability 0, space 0, times 0
[  477.300534][T11702] CPU: 0 UID: 0 PID: 11702 Comm: syz.5.1546 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  477.300564][T11702] Tainted: [L]=SOFTLOCKUP
[  477.300570][T11702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  477.300579][T11702] Call Trace:
[  477.300585][T11702]  <TASK>
[  477.300591][T11702]  dump_stack_lvl+0x100/0x190
[  477.300620][T11702]  should_fail_ex.cold+0x5/0xa
[  477.300641][T11702]  should_failslab+0xc2/0x120
[  477.300665][T11702]  __kmalloc_cache_noprof+0x7a/0x6f0
[  477.300683][T11702]  ? alloc_bprm+0x86/0x710
[  477.300708][T11702]  alloc_bprm+0x86/0x710
[  477.300732][T11702]  do_execveat_common.isra.0+0x19c/0x580
[  477.300755][T11702]  ? do_getname+0x191/0x390
[  477.300775][T11702]  __x64_sys_execveat+0xdf/0x130
[  477.300799][T11702]  do_syscall_64+0x106/0xf80
[  477.300815][T11702]  ? clear_bhb_loop+0x40/0x90
[  477.300834][T11702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.300851][T11702] RIP: 0033:0x7f5cfc79c629
[  477.300866][T11702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  477.300882][T11702] RSP: 002b:00007f5cfd6af028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  477.300899][T11702] RAX: ffffffffffffffda RBX: 00007f5cfca16090 RCX: 00007f5cfc79c629
[  477.300910][T11702] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c
[  477.300920][T11702] RBP: 00007f5cfd6af090 R08: 0000000000000000 R09: 0000000000000000
[  477.300933][T11702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  477.300942][T11702] R13: 00007f5cfca16128 R14: 00007f5cfca16090 R15: 00007ffef01c4378
[  477.300962][T11702]  </TASK>
[  478.449584][   T10] usb 7-1: USB disconnect, device number 2
[  478.585273][T11722] netlink: 'syz.0.1552': attribute type 32 has an invalid length.
[  478.667274][T11722] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1552'.
[  478.919133][T11723] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1550'.
[  479.021422][T11734] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=71 sclass=netlink_route_socket pid=11734 comm=syz.5.1550
[  479.081309][T11722] bond1: Setting coupled_control to off (0)
[  479.136866][T11737] loop5: detected capacity change from 0 to 7
[  479.158415][T11737] Dev loop5: unable to read RDB block 7
[  479.164490][T11737]  loop5: unable to read partition table
[  479.171865][T11737] loop5: partition table beyond EOD, truncated
[  479.180542][T11737] loop_reread_partitions: partition scan of loop5 (�������g�C�j̖�P=��!MX���	���%��`�搘ȵ4FLQk݊5) failed (rc=-5)
[  480.019879][   T29] audit: type=1400 audit(1771592088.556:821): avc:  denied  { mount } for  pid=11745 comm="syz.5.1556" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  480.095298][   T29] audit: type=1400 audit(1771592088.596:822): avc:  denied  { mounton } for  pid=11745 comm="syz.5.1556" path="/102/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  480.140024][T11750] FAULT_INJECTION: forcing a failure.
[  480.140024][T11750] name failslab, interval 1, probability 0, space 0, times 0
[  480.155565][T11750] CPU: 1 UID: 0 PID: 11750 Comm: syz.0.1557 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  480.155594][T11750] Tainted: [L]=SOFTLOCKUP
[  480.155600][T11750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  480.155609][T11750] Call Trace:
[  480.155615][T11750]  <TASK>
[  480.155622][T11750]  dump_stack_lvl+0x100/0x190
[  480.155653][T11750]  should_fail_ex.cold+0x5/0xa
[  480.155677][T11750]  should_failslab+0xc2/0x120
[  480.155704][T11750]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  480.155729][T11750]  ? kasprintf+0xc7/0x100
[  480.155758][T11750]  kvasprintf+0xbc/0x150
[  480.155781][T11750]  ? __pfx_kvasprintf+0x10/0x10
[  480.155802][T11750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.155830][T11750]  kasprintf+0xc7/0x100
[  480.155852][T11750]  ? __pfx_kasprintf+0x10/0x10
[  480.155878][T11750]  ? rcu_is_watching+0x12/0xc0
[  480.155897][T11750]  ? trace_contention_end+0x140/0x180
[  480.155915][T11750]  ? __mutex_lock+0x26a/0x1b90
[  480.155935][T11750]  logfc+0x11c/0x4e0
[  480.155952][T11750]  ? __fs_parse+0x278/0x960
[  480.155973][T11750]  ? __pfx_logfc+0x10/0x10
[  480.155995][T11750]  ? fuse_parse_param+0x117/0xaf0
[  480.156020][T11750]  ? __pfx_fuse_parse_param+0x10/0x10
[  480.156057][T11750]  vfs_parse_fs_param+0x2ee/0x3b0
[  480.156077][T11750]  __do_sys_fsconfig+0x617/0xcb0
[  480.156101][T11750]  ? __pfx___do_sys_fsconfig+0x10/0x10
[  480.156123][T11750]  ? fput+0x79/0x100
[  480.156153][T11750]  do_syscall_64+0x106/0xf80
[  480.156169][T11750]  ? clear_bhb_loop+0x40/0x90
[  480.156190][T11750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  480.156207][T11750] RIP: 0033:0x7fcb6b99c629
[  480.156223][T11750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  480.156238][T11750] RSP: 002b:00007fcb69bf6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  480.156256][T11750] RAX: ffffffffffffffda RBX: 00007fcb6bc15fa0 RCX: 00007fcb6b99c629
[  480.156267][T11750] RDX: 0000200000000240 RSI: 0000000000000005 RDI: 0000000000000003
[  480.156277][T11750] RBP: 00007fcb69bf6090 R08: 0000000000000003 R09: 0000000000000000
[  480.156288][T11750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  480.156298][T11750] R13: 00007fcb6bc16038 R14: 00007fcb6bc15fa0 R15: 00007ffe29d87d18
[  480.156320][T11750]  </TASK>
[  480.436277][T11756] IPv6: NLM_F_CREATE should be specified when creating new route
[  480.692326][T11760] Context (ID=0x4de) not attached to queue pair (handle=0x1:0x1)
[  481.067645][   T29] audit: type=1400 audit(1771592089.606:823): avc:  denied  { unmount } for  pid=10085 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  481.435030][   T10] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  481.621250][   T10] usb 1-1: Using ep0 maxpacket: 8
[  481.669265][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  481.721704][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  481.766315][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  481.850357][   T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 49
[  481.911199][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  481.948912][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  482.126154][T11785] openvswitch: netlink: Flow actions attr not present in new flow.
[  482.146925][   T10] usb 1-1: config 0 descriptor??
[  482.253560][T11766] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  483.556343][ T5817] Bluetooth: hci7: Opcode 0x0c03 failed: -71
[  483.564421][   T10] usb 1-1: USB disconnect, device number 44
[  483.618420][   T29] audit: type=1400 audit(1771592092.156:824): avc:  denied  { create } for  pid=11800 comm="syz.0.1567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  485.680159][T11812] loop8: detected capacity change from 0 to 8
[  485.831308][T11812] Dev loop8: unable to read RDB block 8
[  485.855012][T11812]  loop8: unable to read partition table
[  485.870086][T11812] loop8: partition table beyond EOD, truncated
[  485.878701][T11812] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  486.135672][T11825] 9p: Bad value for 'rfdno'
[  486.191361][   T29] audit: type=1400 audit(1771592094.726:825): avc:  denied  { map } for  pid=11824 comm="syz.0.1574" path="socket:[34084]" dev="sockfs" ino=34084 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  487.061811][T11842] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  487.738231][T11846] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1580'.
[  488.448331][T11860] syzkaller0: entered promiscuous mode
[  488.467972][T11860] syzkaller0: entered allmulticast mode
[  488.641172][ T5801] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  488.828858][T11875] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1586'.
[  488.841256][ T5801] usb 7-1: Using ep0 maxpacket: 8
[  488.881917][   T29] audit: type=1400 audit(1771592097.416:826): avc:  denied  { watch } for  pid=11873 comm="syz.3.1587" path="/309/file1" dev="tmpfs" ino=1659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  488.905411][ T5801] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  488.930809][ T5801] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  488.993391][ T5801] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  489.003522][   T29] audit: type=1400 audit(1771592097.416:827): avc:  denied  { watch_sb } for  pid=11873 comm="syz.3.1587" path="/309/file1" dev="tmpfs" ino=1659 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  489.029395][ T5801] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 49
[  489.050892][ T5801] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  489.064943][ T5801] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.091666][ T5801] usb 7-1: config 0 descriptor??
[  489.112501][T11855] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  489.459662][T11883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=11883 comm=syz.3.1589
[  489.504746][T11883] loop5: detected capacity change from 0 to 7
[  489.527650][T11883] Dev loop5: unable to read RDB block 7
[  489.548296][T11883]  loop5: unable to read partition table
[  489.561761][T11883] loop5: partition table beyond EOD, truncated
[  489.580193][T11883] loop_reread_partitions: partition scan of loop5 (�������g�C�j̖�P=��!MX���	���%��`�搘ȵ4FLQk݊5) failed (rc=-5)
[  490.083410][ T6658] block nbd0: Possible stuck request ffff888027b60000: control (read@0,1024B). Runtime 210 seconds
[  490.083552][ T6658] block nbd0: Possible stuck request ffff888027b60200: control (read@1024,1024B). Runtime 210 seconds
[  490.083576][ T6658] block nbd0: Possible stuck request ffff888027b60400: control (read@2048,1024B). Runtime 210 seconds
[  490.083598][ T6658] block nbd0: Possible stuck request ffff888027b60600: control (read@3072,1024B). Runtime 210 seconds
[  490.337084][   T24] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  490.385978][ T5806] Bluetooth: hci7: Opcode 0x0c03 failed: -71
[  490.394546][  T969] usb 7-1: USB disconnect, device number 3
[  490.479390][    T9] IPVS: starting estimator thread 0...
[  490.573296][T11906] IPVS: using max 57 ests per chain, 136800 per kthread
[  490.581300][   T24] usb 1-1: Using ep0 maxpacket: 8
[  490.588130][   T24] usb 1-1: config index 0 descriptor too short (expected 6427, got 27)
[  490.588215][   T24] usb 1-1: config 0 has an invalid interface number: 21 but max is 0
[  490.588294][   T24] usb 1-1: config 0 has no interface number 0
[  490.588497][   T24] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  490.588559][   T24] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 102, changing to 10
[  490.588624][   T24] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 24624, setting to 1024
[  490.637549][   T24] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  490.637643][   T24] usb 1-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  490.637729][   T24] usb 1-1: Product: syz
[  490.637783][   T24] usb 1-1: Manufacturer: syz
[  490.702378][   T24] usb 1-1: config 0 descriptor??
[  490.872303][T11909] futex_wake_op: syz.6.1596 tries to shift op by 32; fix this program
[  491.335926][T11924] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  491.358736][   T29] audit: type=1400 audit(1771592099.896:828): avc:  denied  { name_bind } for  pid=11918 comm="syz.3.1599" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  491.384829][   T24] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.21/input/input70
[  491.421851][T11925] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1600'.
[  491.641142][    T9] usb 1-1: USB disconnect, device number 45
[  491.641192][    C1] keyspan_remote 1-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  491.861525][   T24] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  492.071371][   T24] usb 6-1: Using ep0 maxpacket: 8
[  492.163096][   T24] usb 6-1: config 1 interface 0 altsetting 134 bulk endpoint 0x82 has invalid maxpacket 8
[  492.191131][   T24] usb 6-1: config 1 interface 0 altsetting 134 bulk endpoint 0x3 has invalid maxpacket 1024
[  492.216050][   T24] usb 6-1: config 1 interface 0 has no altsetting 0
[  492.240896][   T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  492.240911][T11940] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11940 comm=syz.3.1605
[  492.301154][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.329461][   T24] usb 6-1: Product: syz
[  492.339734][   T24] usb 6-1: Manufacturer: syz
[  492.361539][   T24] usb 6-1: SerialNumber: syz
[  492.384155][T11928] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  492.399638][   T29] audit: type=1400 audit(1771592100.936:829): avc:  denied  { read } for  pid=11941 comm="syz.3.1606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  492.406303][T11928] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  492.514347][T11946] syzkaller0: entered promiscuous mode
[  492.534753][T11946] syzkaller0: entered allmulticast mode
[  494.570548][   T24] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -71
[  494.679964][   T24] usb 6-1: USB disconnect, device number 8
[  496.911731][   T29] audit: type=1400 audit(1771592104.876:830): avc:  denied  { write } for  pid=11965 comm="syz.6.1614" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  497.492540][ T5801] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  497.500783][T11977] openvswitch: netlink: Flow actions attr not present in new flow.
[  497.512708][T11978] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  497.740989][ T5801] usb 6-1: device descriptor read/64, error -71
[  497.868045][T11983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1612'.
[  497.998145][T11985] wg1: entered promiscuous mode
[  498.010055][T11985] wg1: entered allmulticast mode
[  498.056138][ T5801] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  498.229778][ T5801] usb 6-1: device descriptor read/64, error -71
[  498.342427][ T5801] usb usb6-port1: attempt power cycle
[  498.711101][ T5801] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  498.771503][ T5801] usb 6-1: device descriptor read/8, error -71
[  499.023259][ T5801] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  499.077125][ T5801] usb 6-1: device descriptor read/8, error -71
[  499.221265][ T5801] usb usb6-port1: unable to enumerate USB device
[  500.143207][T12016] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  500.219785][T12019] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1624'.
[  500.238322][T12019] wg1: entered promiscuous mode
[  500.247581][T12019] wg1: entered allmulticast mode
[  500.352433][   T24] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  500.543324][   T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  500.553788][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  500.693902][   T24] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  500.703657][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.870185][   T24] usb 6-1: config 0 descriptor??
[  500.896987][   T24] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  500.903933][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  500.934376][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  500.956463][   T24] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  500.967052][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  500.967132][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  500.986786][   T24] usb 6-1: media controller created
[  501.004138][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  501.050548][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  501.070655][   T24] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  501.099603][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input71
[  501.149399][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  501.156562][   T24] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  501.190391][T12036] dvb-usb: bulk message failed: -22 (2/0)
[  501.311373][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  501.317114][   T24] dvb-usb: error while querying for an remote control event.
[  501.325630][  T969] usb 6-1: USB disconnect, device number 13
[  501.349943][  T969] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  502.242721][   T30] INFO: task syz.4.1055:9910 blocked for more than 143 seconds.
[  502.298535][   T30]       Tainted: G             L      syzkaller #0
[  502.374715][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  502.459369][   T30] task:syz.4.1055      state:D stack:28136 pid:9910  tgid:9909  ppid:5809   task_flags:0x400140 flags:0x00080002
[  502.499890][   T30] Call Trace:
[  502.503476][   T30]  <TASK>
[  502.506469][   T30]  __schedule+0xfee/0x60e0
[  502.511386][   T30]  ? __lock_acquire+0x4a5/0x2630
[  502.516394][   T30]  ? __pfx___schedule+0x10/0x10
[  502.521726][   T30]  ? find_held_lock+0x2b/0x80
[  502.527761][   T30]  ? schedule+0x2bf/0x390
[  502.534836][   T30]  schedule+0xdd/0x390
[  502.539056][   T30]  schedule_preempt_disabled+0x13/0x30
[  502.551100][   T30]  __mutex_lock+0xc9a/0x1b90
[  502.565598][   T30]  ? sync_bdevs+0x153/0x480
[  502.570159][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  502.575526][   T30]  ? __mutex_unlock_slowpath+0x15c/0x790
[  502.581389][   T30]  ? iput.part.0+0x1a0/0xf50
[  502.585990][   T30]  ? sync_bdevs+0x153/0x480
[  502.590494][   T30]  sync_bdevs+0x153/0x480
[  502.595520][   T30]  ksys_sync+0xb0/0xf0
[  502.599588][   T30]  ? __pfx_ksys_sync+0x10/0x10
[  502.604821][   T30]  ? do_syscall_64+0x95/0xf80
[  502.609497][   T30]  __do_sys_sync+0xe/0x20
[  502.614170][   T30]  do_syscall_64+0x106/0xf80
[  502.618765][   T30]  ? clear_bhb_loop+0x40/0x90
[  502.623710][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.629601][   T30] RIP: 0033:0x7fd0e2d9c629
[  502.634375][   T30] RSP: 002b:00007fd0e3ced028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  502.644093][   T30] RAX: ffffffffffffffda RBX: 00007fd0e3015fa0 RCX: 00007fd0e2d9c629
[  502.653268][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  502.661791][   T30] RBP: 00007fd0e3015fa0 R08: 0000000000000000 R09: 0000000000000000
[  502.669762][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  502.678127][   T30] R13: 00007fd0e3016038 R14: 00007fd0e3015fa0 R15: 00007fff51f98798
[  502.686588][   T30]  </TASK>
[  502.689702][   T30] 
[  502.689702][   T30] Showing all locks held in the system:
[  502.698059][   T30] 5 locks held by kworker/u8:1/13:
[  502.703589][   T30] 1 lock held by khungtaskd/30:
[  502.708439][   T30]  #0: ffffffff8e7e93e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  502.724613][   T30] 2 locks held by getty/5562:
[  502.729306][   T30]  #0: ffff888033f5d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  502.739552][   T30]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500
[  502.763589][   T30] 1 lock held by udevd/5793:
[  502.768207][   T30]  #0: ffff888027a70358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  502.782567][   T30] 3 locks held by kworker/u8:8/6127:
[  502.788146][   T30]  #0: ffff88813fe9c148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  502.800571][   T30]  #1: ffffc90004cdfd08 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  502.812405][   T30]  #2: ffffffff8e7f4ec0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0
[  502.822622][   T30] 3 locks held by kworker/1:6/7363:
[  502.827809][   T30]  #0: ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  502.838673][   T30]  #1: ffffc9000446fd08 (key_gc_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  502.848369][   T30]  #2: ffffffff8e7f4ff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  502.858716][   T30] 1 lock held by syz.4.1055/9910:
[  502.864144][   T30]  #0: ffff888027a70358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x153/0x480
[  502.873725][   T30] 1 lock held by syz.0.1628/12022:
[  502.878901][   T30]  #0: ffff8880293bc100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_rfkill+0x51/0x2b0
[  502.889021][   T30] 4 locks held by syz.0.1628/12023:
[  502.894284][   T30]  #0: ffffffff906bb4b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  502.902535][   T30]  #1: ffffffff906bb568 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x57b/0x800
[  502.911673][   T30]  #2: ffff8880293bc100 (&dev->mutex){....}-{4:4}, at: nfc_dev_up+0x2f/0x3a0
[  502.920432][   T30]  #3: ffff888070fae350 (&ndev->req_lock){+.+.}-{4:4}, at: nci_dev_up+0x9a/0x680
[  502.929578][   T30] 2 locks held by syz.3.1629/12029:
[  502.934969][   T30]  #0: ffffffff906bb4b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  502.943171][   T30]  #1: ffffffff906bb568 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x57b/0x800
[  502.952325][   T30] 1 lock held by syz.5.1631/12040:
[  502.957409][   T30]  #0: ffffffff8e7f4ff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  502.967707][   T30] 2 locks held by syz.5.1631/12045:
[  502.973071][   T30]  #0: ffffffff906bb4b0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40
[  502.981288][   T30]  #1: ffffffff906bb568 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x57b/0x800
[  502.990455][   T30] 
[  502.993593][   T30] =============================================
[  502.993593][   T30] 
[  503.002153][   T30] NMI backtrace for cpu 1
[  503.002170][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  503.002194][   T30] Tainted: [L]=SOFTLOCKUP
[  503.002200][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  503.002210][   T30] Call Trace:
[  503.002215][   T30]  <TASK>
[  503.002222][   T30]  dump_stack_lvl+0x100/0x190
[  503.002254][   T30]  nmi_cpu_backtrace.cold+0x12d/0x151
[  503.002272][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  503.002300][   T30]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  503.002327][   T30]  sys_info+0x141/0x190
[  503.002346][   T30]  watchdog+0xd25/0x1050
[  503.002376][   T30]  ? __pfx_watchdog+0x10/0x10
[  503.002399][   T30]  ? __kthread_parkme+0x18c/0x230
[  503.002425][   T30]  ? kthread+0x13a/0x450
[  503.002438][   T30]  ? __pfx_watchdog+0x10/0x10
[  503.002459][   T30]  kthread+0x370/0x450
[  503.002473][   T30]  ? __pfx_kthread+0x10/0x10
[  503.002490][   T30]  ret_from_fork+0x754/0xd80
[  503.002507][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  503.002525][   T30]  ? __switch_to+0x7b4/0x1120
[  503.002546][   T30]  ? __pfx_kthread+0x10/0x10
[  503.002562][   T30]  ret_from_fork_asm+0x1a/0x30
[  503.002593][   T30]  </TASK>
[  503.002599][   T30] Sending NMI from CPU 1 to CPUs 0:
[  503.128191][    C0] NMI backtrace for cpu 0
[  503.128208][    C0] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  503.128228][    C0] Tainted: [L]=SOFTLOCKUP
[  503.128232][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  503.128241][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  503.128266][    C0] RIP: 0010:kfree_skbmem+0x0/0x210
[  503.128284][    C0] Code: ac 48 89 ef e8 51 14 1d f9 eb b5 e8 4a 14 1d f9 e9 27 ff ff ff 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <41> 54 55 53 48 89 fb e8 84 b4 b0 f8 48 8d 7b 7e 48 b8 00 00 00 00
[  503.128297][    C0] RSP: 0018:ffffc90000127b60 EFLAGS: 00000293
[  503.128307][    C0] RAX: 0000000000000000 RBX: ffff8880357e1500 RCX: 0000000000000006
[  503.128315][    C0] RDX: ffff88801e6b0000 RSI: ffffffff895a1c89 RDI: ffff8880357e1500
[  503.128324][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  503.128332][    C0] R10: 0000000000000001 R11: 000000000000760b R12: ffff8880357e15e4
[  503.128340][    C0] R13: ffff88805cbbe670 R14: dffffc0000000000 R15: 0000000000000000
[  503.128349][    C0] FS:  0000000000000000(0000) GS:ffff888124348000(0000) knlGS:0000000000000000
[  503.128362][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  503.128371][    C0] CR2: 0000001b33405ff8 CR3: 00000000736fd000 CR4: 00000000003526f0
[  503.128379][    C0] Call Trace:
[  503.128384][    C0]  <TASK>
[  503.128388][    C0]  consume_skb+0xd1/0x110
[  503.128403][    C0]  nsim_dev_trap_report_work+0x8cf/0xd10
[  503.128426][    C0]  process_one_work+0x9d7/0x1920
[  503.128444][    C0]  ? __pfx_process_one_work+0x10/0x10
[  503.128460][    C0]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  503.128479][    C0]  worker_thread+0x5da/0xe40
[  503.128495][    C0]  ? kthread+0x13a/0x450
[  503.128506][    C0]  ? __pfx_worker_thread+0x10/0x10
[  503.128518][    C0]  kthread+0x370/0x450
[  503.128529][    C0]  ? __pfx_kthread+0x10/0x10
[  503.128541][    C0]  ret_from_fork+0x754/0xd80
[  503.128555][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  503.128568][    C0]  ? __switch_to+0x7b4/0x1120
[  503.128583][    C0]  ? __pfx_kthread+0x10/0x10
[  503.128595][    C0]  ret_from_fork_asm+0x1a/0x30
[  503.128614][    C0]  </TASK>
[  503.345202][T12023] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  503.357162][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  503.364015][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  503.374667][   T30] Tainted: [L]=SOFTLOCKUP
[  503.378961][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  503.388993][   T30] Call Trace:
[  503.392245][   T30]  <TASK>
[  503.395149][   T30]  dump_stack_lvl+0x100/0x190
[  503.399818][   T30]  vpanic+0x552/0x970
[  503.403773][   T30]  ? __pfx_vpanic+0x10/0x10
[  503.408251][   T30]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  503.414392][   T30]  panic+0xd1/0xe0
[  503.418111][   T30]  ? __pfx_panic+0x10/0x10
[  503.422525][   T30]  ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[  503.428678][   T30]  ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[  503.434838][   T30]  ? nmi_trigger_cpumask_backtrace+0x200/0x230
[  503.440976][   T30]  ? watchdog.cold+0x198/0x1ca
[  503.445723][   T30]  ? watchdog+0xd35/0x1050
[  503.450126][   T30]  watchdog.cold+0x1a9/0x1ca
[  503.454703][   T30]  ? __pfx_watchdog+0x10/0x10
[  503.459373][   T30]  ? __kthread_parkme+0x18c/0x230
[  503.464407][   T30]  ? kthread+0x13a/0x450
[  503.468641][   T30]  ? __pfx_watchdog+0x10/0x10
[  503.473316][   T30]  kthread+0x370/0x450
[  503.477384][   T30]  ? __pfx_kthread+0x10/0x10
[  503.481972][   T30]  ret_from_fork+0x754/0xd80
[  503.486547][   T30]  ? __pfx_ret_from_fork+0x10/0x10
[  503.491640][   T30]  ? __switch_to+0x7b4/0x1120
[  503.496305][   T30]  ? __pfx_kthread+0x10/0x10
[  503.500879][   T30]  ret_from_fork_asm+0x1a/0x30
[  503.505641][   T30]  </TASK>
[  503.509006][   T30] Kernel Offset: disabled
[  503.513333][   T30] Rebooting in 86400 seconds..