last executing test programs:

4m13.856855875s ago: executing program 2 (id=1771):
r0 = open(0x0, 0x100, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000002240)={0x0, 0x0, 0x0}, 0x0)
r1 = syz_io_uring_setup(0x7540, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000200)=<r2=>0x0)
r3 = syz_io_uring_setup(0x34ef, &(0x7f0000000400)={0x0, 0x0, 0x1}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000001480))
syz_io_uring_submit(r4, r2, &(0x7f00000001c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r3, 0x0, 0x0})
io_uring_enter(r1, 0x2003, 0x0, 0x0, 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000540))
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000580)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x1e0, 0x212}, 0x0, 0x0, 0x1ff, 0x10001, 0x9, 0x7, 0xffffffffffff0001, 0x5, 0x7fff, 0x59})
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000085000000230000009500000000000000b5f2de90c90b2a3ac2bf6a618dd56e6966dd6c669795099bd02bff4d1a1b83dfc990e957dcb7f3289b489316466007d0df2b99a5f8a91147996dada8c4da571f3d4cf2039214cb53f1011cd7222a88538e5c47f19d9bffa484f427"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00038018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r6 = dup(0xffffffffffffffff)
ioctl$PTP_EXTTS_REQUEST2(r6, 0xc0603d06, &(0x7f0000000180))
r7 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
r8 = syz_usb_connect(0x2, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x69, 0xf7, 0x4a, 0x20, 0x10b8, 0x1bb4, 0x3465, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x5d, 0x0, 0x0, 0x1c, 0x53, 0xc2}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000080)=ANY=[@ANYBLOB="2017cc"], 0x0, 0x0})
r9 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r9, 0x707, &(0x7f0000002480)={&(0x7f0000002440)=[{0x4, 0x2800, 0xfe, &(0x7f00000059c0)="40bda32247968c6139126ec0900855252430ae872defa11473d63346447419885614679af1b21c19f78f62a564a68869c5a8b86f15c9c8165cf8f5cd6c0f5e96258cca71b0defac3b59a3d541d2b4e7a5a8dd8d41264c7d031820d68c2d913a53f12e4ff4c3dd42f29dc12237e3323c0574a81733302ea0708d315785b02dd492ccc5234efbc206c58ed6d57f63304584af4515b49ee44dfb7336259377e65bbe957133e4e6f3289c86bf33b14df8385477c66e9676052bcf06536fb29d93248223bc9e60d9503b1a553159e32f2e677346f77c2f64115b4d97581eff5eb223ed74fbd9e0e52862287180aabd1c81f7613cd651c7e67a686dcc712c63a45"}], 0x1})
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000003dc0)='/sys/kernel/kexec_loaded', 0x880, 0x0)
socket$igmp(0x2, 0x3, 0x2)

4m11.173166395s ago: executing program 2 (id=1778):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x18, r4, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x4000880)
ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, &(0x7f0000001ac0)=""/4096)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x82000)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x39, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
r7 = socket(0x1e, 0x1, 0x0)
connect$tipc(r7, &(0x7f0000000040)=@id, 0x10)

4m9.753469023s ago: executing program 2 (id=1781):
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003f6fdd140402090b975f601020301090224000201005004090400f700c873b808090504105802030d58", @ANYRES16], &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0})

4m8.525451446s ago: executing program 2 (id=1785):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x9, 0xfffffff9, 0xffff, 0x80000000, 0x1, <r2=>0x0}, &(0x7f0000000040)=0x20)
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r3, &(0x7f0000000180)=""/244, 0xf4, 0x8)
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000200))
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0)={0x5, 0x8, 0x7f, 0x3, r2}, 0x10)
unshare(0x2040400)
socket(0x1e, 0x1, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_open_dev$tty1(0xc, 0x4, 0x3)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
r6 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000140)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r5, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r6, 0x47f5, 0x0, 0x0, 0x0, 0x0)

4m7.842053343s ago: executing program 2 (id=1788):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x3000, 0x3, &(0x7f0000165000/0x3000)=nil)
write$binfmt_aout(r1, 0x0, 0xffffffdb)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

4m6.546041073s ago: executing program 2 (id=1793):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
recvmmsg(r2, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0)
io_uring_setup(0x652, &(0x7f0000000600)={0x0, 0x1, 0x40})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
r4 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
writev(r4, &(0x7f0000000340)=[{&(0x7f0000000300)='0', 0x1}], 0x1)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_pidfd_open(0x0, 0x0)

3m50.847944368s ago: executing program 32 (id=1793):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)
recvmmsg(r2, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x20, 0x0)
io_uring_setup(0x652, &(0x7f0000000600)={0x0, 0x1, 0x40})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
r4 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
writev(r4, &(0x7f0000000340)=[{&(0x7f0000000300)='0', 0x1}], 0x1)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_pidfd_open(0x0, 0x0)

8.149888919s ago: executing program 1 (id=2523):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

8.051051614s ago: executing program 1 (id=2524):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) (fail_nth: 1)

7.353034348s ago: executing program 5 (id=2526):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.205300778s ago: executing program 3 (id=2527):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
r2 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000fca000)={0x3, {{0xa, 0x0, 0xa, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000001300e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x4}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8)
semop(0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet(0x2, 0x2, 0x1)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r5, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="08001497733f5d3e", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)}}], 0x2, 0x2004000)
ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000040)={0x5, 0x1, 0x0, 0x8001, 0x1, "f3f0a0e7c6f3a0153af5e3c9309af36ca76c3d"})
writev(r3, &(0x7f0000000340)=[{&(0x7f0000000c80)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0018444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69ba9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb093512785f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa46193218553971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484edac92717591a6467c38af94b14d4bf366d6bb232c24bc8a9d5361dd979a98ff5ea6a331cf27110b4457301454119173622e1ddef43e79842b3dcbce701ec9195770fd820823cd45fe00baa87d3000000000000570d000000", 0x223}], 0x1)
r6 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r6, &(0x7f00000000c0)=[{&(0x7f0000000600)=""/128, 0x80}], 0x1, 0x111, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)

7.061829974s ago: executing program 1 (id=2529):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)

6.331217367s ago: executing program 1 (id=2531):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r1, &(0x7f00000008c0), 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r4, 0x84, 0x1, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
read$FUSE(r3, &(0x7f0000000580)={0x2020}, 0x2020)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, 0x0, 0x0, 0x5}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x100000, 0x9)
r5 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
remap_file_pages(&(0x7f0000509000/0x1000)=nil, 0x1000, 0x8, 0x3, 0x2000)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000001fc0)=@newqdisc={0x10c0, 0x24, 0x20, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0x887f97af9de19276, 0x12}, {0xe, 0xfff2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_tbf={{0x8}, {0x106c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xe708d78077e4cfd3}, @TCA_TBF_PTAB={0x404, 0x3, [0x6b97, 0x7f, 0x3, 0x5, 0xffffff3a, 0xfff, 0x2, 0xfffff801, 0x0, 0x5, 0x7f, 0x20, 0xc0000, 0x0, 0x6, 0xcd2, 0xfff, 0x3, 0xe94b, 0x4, 0x3, 0x3bba, 0x6, 0x4, 0x8, 0x2, 0x0, 0x7, 0x1, 0xff, 0xa0c, 0x4, 0x4, 0x7fff, 0x1, 0x0, 0x4, 0x3ff, 0xb5, 0x9, 0x7, 0x9, 0x10, 0x5, 0x81, 0x4, 0x6, 0x4, 0x6, 0x8, 0x5, 0x5, 0x1, 0xa2, 0xf, 0x9, 0x400, 0x8, 0x2, 0x6, 0xad, 0x8001, 0x400, 0x7, 0x7, 0x1e, 0x800, 0xffffffff, 0x9, 0x101, 0x5, 0x5, 0x66, 0x7, 0x5, 0xffff, 0x5, 0xffffffff, 0xb, 0x7f, 0x3, 0x4, 0x8, 0x2, 0x5, 0xfff, 0x3, 0x7, 0x0, 0x7, 0x7, 0x1, 0x2, 0x2, 0x0, 0x9, 0x5, 0x100, 0x36, 0x3, 0x6, 0x0, 0x8, 0x4, 0x6, 0x5, 0x0, 0x7, 0x7, 0x48000, 0x9, 0xb, 0x6d81, 0x0, 0x0, 0x9, 0x914, 0x4, 0x8000, 0x6, 0x0, 0x2, 0x7, 0x2, 0x2, 0x644, 0x6b0, 0x8, 0x6, 0x0, 0x1, 0x3, 0xd, 0x5, 0x1, 0x3, 0x2000, 0x97, 0x3, 0xa2, 0x1, 0x0, 0x3, 0xc, 0x1, 0x7, 0x9, 0x5, 0xfffffffc, 0x10000, 0x7, 0x4000, 0x0, 0xb658, 0xfffffffc, 0xdd, 0x6edb, 0x1, 0x0, 0x6, 0x7, 0x10001, 0x80000001, 0x9, 0x90, 0x1, 0xfffffffa, 0x5, 0x7f, 0x0, 0xa3, 0x10001, 0x6, 0x7, 0x4, 0x2, 0x5, 0x120, 0x10000, 0x9, 0x40, 0x5e, 0x4, 0x8ee0, 0x8, 0xa, 0x80000000, 0x0, 0x40, 0x4, 0x4, 0x7, 0x0, 0xfafe, 0x6, 0x5, 0x0, 0x36df1a46, 0x7, 0x2, 0x7f, 0x5, 0x1, 0x5, 0x3, 0x5be8, 0x9491, 0x2, 0x5, 0x8, 0xb5, 0x7fffffff, 0x0, 0x2b, 0x0, 0x3, 0x9, 0x8, 0x0, 0x81, 0xe, 0x8, 0x4, 0x2000000, 0x4, 0x4, 0x7, 0x1, 0x8, 0xe7, 0x1, 0x80000001, 0x8, 0x7, 0x9b, 0x38ac, 0x5, 0x3, 0x80, 0x1, 0x4, 0x5, 0xffffff80, 0x2, 0x100, 0x7, 0x116d, 0x7f, 0x8, 0x1ffc0000, 0x1, 0x8, 0x9, 0x25b93dc, 0x7, 0x6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x26, 0x1, 0x9, 0x7, 0x9, 0x7}, {0x8, 0x1, 0x4, 0x2, 0x4, 0xd3}, 0x4, 0x8, 0x1ac}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xccfadf379f72c138}, @TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x7fffffff, 0x1, 0x148a, 0x8001, 0x2, 0xff, 0xf816, 0xfffffffa, 0x4, 0x6, 0x5, 0x3, 0x3, 0x0, 0xb, 0x8c6c, 0x7, 0x5, 0x200, 0x0, 0x10000, 0x200, 0x401, 0xe, 0x4, 0x3ff, 0x10001, 0x7, 0x8000, 0x3, 0x1, 0x4, 0x401, 0x1, 0x2, 0x8ad0, 0xfffffbff, 0x1, 0xfffffffc, 0x6, 0x9, 0x82, 0x4c9, 0x401, 0x7, 0x8, 0xce6, 0x4, 0x0, 0x3, 0xdd, 0x4, 0x2, 0x9, 0x3, 0x2, 0xfffffff8, 0x3ff, 0x4, 0x40, 0x0, 0xb0, 0x0, 0x1, 0x909, 0x0, 0x3, 0x7ac, 0x6, 0x5, 0xfe, 0x6, 0x2, 0xcf, 0x100, 0x3, 0x81, 0xf, 0x4, 0xfffffffd, 0x1000, 0x0, 0x6, 0x4, 0x8, 0x2607, 0x8, 0x0, 0xa6d, 0x2, 0x5e, 0xebd, 0x10000, 0x10000, 0xf0fad1cf, 0x1, 0xfff, 0x0, 0xffffffff, 0xfffffff9, 0x1, 0x9, 0x6, 0xfffffff8, 0x401, 0x7fffffff, 0x4, 0x80, 0xb, 0xf, 0x18, 0x6, 0x7fffffff, 0x1, 0xbf, 0x8, 0x6, 0x6, 0x400, 0xa, 0x4, 0x8, 0x2d2, 0x5, 0xf, 0xe5, 0x6, 0x3, 0x768, 0x8, 0x0, 0x6, 0x7, 0xc54f, 0xee, 0x8, 0x1, 0x10, 0x8000, 0x8001, 0x4, 0x7df, 0x7f, 0xfffffffc, 0x8, 0x9, 0x0, 0x0, 0x9, 0x7, 0x0, 0x2, 0x10001, 0x8a5a, 0x10000, 0x40000, 0x7fffffff, 0x81, 0xaf78, 0xc, 0x91be, 0x5c6, 0x7, 0x6, 0x8, 0xe6, 0x3, 0xa654, 0x5, 0x7, 0x21, 0x1ff, 0xff, 0x1, 0x7, 0x0, 0xfd5, 0x10000, 0x7, 0x9, 0x8, 0xf4, 0x0, 0x8, 0x0, 0xd, 0x6b, 0x4, 0x2, 0x5, 0x8, 0x80000000, 0x9, 0xab0a, 0x8, 0x4, 0x6, 0x770e, 0x4c94, 0xffff, 0x8, 0x3, 0x80000000, 0x3, 0xcde, 0xc, 0xd, 0xffffffff, 0x5, 0xc75e, 0x4, 0xa, 0x101, 0x4, 0x1e3, 0xa85a, 0x7fff, 0x5, 0x5, 0x1, 0x5, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x7ff, 0x9, 0x3ff, 0x3, 0x8fa, 0x4, 0x7ff, 0xb, 0x8c, 0x1, 0xfffe0, 0x7, 0x1, 0x6, 0x2, 0x5, 0xffe8, 0x575ae617, 0x0, 0x2b, 0x1, 0x7, 0x0, 0x4, 0x4, 0xd, 0x80000001, 0x3]}, @TCA_TBF_RTAB={0x404, 0x2, [0x1000, 0x0, 0x7, 0x4, 0x10000, 0x4, 0xaca, 0x4, 0x88, 0x1, 0x9, 0x400, 0x3, 0x1, 0x3, 0x4, 0x3, 0x7, 0x0, 0x80, 0x8001, 0x0, 0xfffffff9, 0x5, 0x2, 0x401, 0x10004, 0x4, 0x81, 0x6, 0x9, 0xc8, 0x9, 0x4, 0x6, 0xff, 0x1ff, 0xffffff01, 0x4, 0xa21, 0x9, 0x3, 0x10001, 0x1, 0x4, 0x3d9, 0x3, 0xc2, 0x9, 0x5, 0x5, 0x8, 0x5, 0x57087658, 0xa, 0x5, 0x3, 0xf, 0x9, 0xffff, 0x5, 0x4, 0x200, 0x1, 0x9a, 0x9, 0x2, 0xffff0c6c, 0xffffffff, 0x3, 0x2, 0x2, 0x3, 0x9, 0x7, 0x6, 0x1, 0x58d, 0x7, 0x10000, 0x1, 0x0, 0x2, 0x1, 0x2, 0x0, 0x6, 0x5, 0x2da4, 0x9, 0x4, 0x10000, 0xb, 0x4, 0x7, 0x4, 0x3, 0xc, 0x2, 0x2, 0x0, 0xffff, 0xde, 0x9, 0x5, 0x29, 0x800, 0x3, 0xe9de, 0xffff, 0x80000000, 0xb7ba, 0xac, 0x6, 0x29, 0x4, 0x1, 0xf2d, 0x2, 0x800, 0x2000ff, 0x1, 0x66be, 0x8, 0x9, 0x3, 0xdb, 0xff, 0x40, 0x9, 0x4, 0x1, 0x0, 0x9, 0x8001, 0x400, 0xfffffffb, 0x80, 0x6, 0x1000000, 0x7, 0x7f, 0x0, 0x400, 0x1, 0x0, 0x2c7, 0x7, 0xcb43, 0x8000, 0xba3, 0xb, 0x9bd, 0x6, 0x0, 0xffff, 0x5, 0x800, 0x401, 0xffff, 0x6, 0x0, 0x8, 0x1000, 0x5, 0x1, 0x5, 0xfffffff7, 0x7, 0xfff, 0x2b7, 0x5, 0x0, 0x1, 0x1000, 0x1, 0xa800, 0xffff, 0x6c, 0x2, 0x4, 0x1, 0x3, 0x101, 0x6, 0x6, 0x2a0e3b8f, 0x7, 0x6, 0x7ff, 0x8, 0xc66, 0x1, 0x6, 0x3f9e, 0xb, 0x22f, 0xa, 0xde8, 0x42bffd08, 0x4, 0x81, 0x40, 0x5, 0x10, 0x8000, 0xfffffba8, 0x8, 0x401, 0x5, 0x4, 0x3ff, 0x6, 0x0, 0x1, 0x1, 0xfffff001, 0x5, 0x5, 0x7, 0x2, 0x9, 0x9, 0xc0, 0x3, 0x101, 0x6, 0x2, 0x1, 0x2, 0x1, 0x80000000, 0x8, 0x7fffffff, 0x0, 0x10, 0x0, 0xcd95, 0x4, 0x4, 0x1071, 0x6, 0xe, 0x0, 0x3, 0x2, 0x7ff, 0x1, 0x4, 0x0, 0x40, 0x5, 0xe, 0x3, 0x0, 0xffff8001]}, @TCA_TBF_BURST={0x8, 0x6, 0x6}, @TCA_TBF_PBURST={0x8, 0x7, 0x1470}, @TCA_TBF_RTAB={0x404, 0x2, [0x6, 0x51ec, 0x5, 0x8001, 0xfffffffe, 0x5, 0x3, 0x0, 0xde3145, 0x1, 0x101, 0x3456, 0x8, 0x8001, 0xff, 0x9, 0x5, 0x0, 0x6, 0xe, 0x9, 0x8000, 0xfffffffb, 0x0, 0x7, 0xe31, 0x7d, 0x3, 0x9, 0x80, 0x2, 0x101, 0x6000, 0x7, 0x10, 0x5, 0x6, 0x3, 0x3, 0x7, 0x4, 0x4, 0xffff, 0x4, 0xad2d, 0x1, 0x6, 0xffffffff, 0x7fffffff, 0x0, 0x0, 0xaab, 0x4, 0x4, 0x7, 0x7f, 0x6, 0x7fff, 0x2, 0xbf, 0x7, 0x4, 0x8, 0x7, 0x8, 0x10001, 0x2, 0x5, 0x5, 0x1, 0x4, 0xaf, 0x40, 0x4, 0x4, 0x0, 0x7, 0x1, 0x4, 0x3, 0x3, 0x15b0, 0x2, 0xa, 0x3f4, 0xe, 0x1, 0x9, 0xc0, 0x8, 0xfffff192, 0xe36, 0x80000000, 0x1, 0x4, 0x8, 0x4, 0x0, 0x4, 0x3, 0x80000000, 0x0, 0x5, 0x8, 0xfffffff7, 0xfffffe80, 0x9bb, 0x10, 0xfffffff7, 0x8000, 0x7, 0x1, 0x8, 0x80000000, 0x2, 0x3, 0x2, 0x5d, 0xc9, 0x9, 0xb4, 0x6, 0x1, 0x6, 0x68, 0x4, 0x6, 0xb, 0xb, 0xb, 0xffffffff, 0xa, 0x29d6, 0x3, 0x5, 0x48d, 0x2, 0x5, 0x7, 0x7, 0x968a9e70, 0x1, 0x6, 0x10000, 0x1, 0xe762, 0x401, 0x4, 0xadd, 0xc03, 0x5, 0x5, 0x1, 0x2, 0x401, 0x6, 0x7, 0x9, 0x1000, 0x7, 0x7, 0x80000001, 0xdf, 0xffffa8c3, 0x7, 0x3, 0xc, 0x4, 0x1000, 0x9ae, 0x5, 0x7, 0x2, 0x10, 0xff, 0x3, 0x8, 0x4, 0x7fffffff, 0x6, 0xd, 0x1, 0x1, 0x8, 0x7, 0x80000001, 0x404, 0x10000, 0xfffffff9, 0x822, 0x4, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x7, 0x5, 0x1, 0xa, 0x7ff, 0xff, 0x4, 0x6, 0x4, 0xe079, 0xd1, 0x1, 0x8, 0x5, 0xc2e, 0x6, 0x400, 0x2, 0x5, 0xc505, 0x6, 0x8, 0x9e7, 0x0, 0xfffff46c, 0x80000000, 0x7, 0x603, 0x4, 0x23, 0xc0b, 0x1, 0x5, 0x1, 0x4, 0xcfd, 0x2, 0x800, 0x7, 0x2, 0x0, 0x3, 0x2, 0x715, 0xa, 0x5, 0x8, 0x8, 0x9, 0xe0, 0x6, 0x5, 0xf, 0x9963, 0xb, 0xecf0, 0x244, 0x0, 0x0, 0x9f14]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1e9f}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0x9}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xffff}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}, @TCA_RATE={0x6, 0x5, {0x7, 0x8}}]}, 0x10c0}, 0x1, 0x0, 0x0, 0x4000}, 0x44810)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}, 0xe00}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

5.798909832s ago: executing program 1 (id=2532):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r1, &(0x7f00000008c0), 0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r4, 0x84, 0x1, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
read$FUSE(r3, &(0x7f0000000580)={0x2020}, 0x2020)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, 0x0, 0x0, 0x5}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x100000, 0x9)
r5 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
remap_file_pages(&(0x7f0000509000/0x1000)=nil, 0x1000, 0x8, 0x3, 0x2000)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000001fc0)=@newqdisc={0x10c0, 0x24, 0x20, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0x887f97af9de19276, 0x12}, {0xe, 0xfff2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_tbf={{0x8}, {0x106c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xe708d78077e4cfd3}, @TCA_TBF_PTAB={0x404, 0x3, [0x6b97, 0x7f, 0x3, 0x5, 0xffffff3a, 0xfff, 0x2, 0xfffff801, 0x0, 0x5, 0x7f, 0x20, 0xc0000, 0x0, 0x6, 0xcd2, 0xfff, 0x3, 0xe94b, 0x4, 0x3, 0x3bba, 0x6, 0x4, 0x8, 0x2, 0x0, 0x7, 0x1, 0xff, 0xa0c, 0x4, 0x4, 0x7fff, 0x1, 0x0, 0x4, 0x3ff, 0xb5, 0x9, 0x7, 0x9, 0x10, 0x5, 0x81, 0x4, 0x6, 0x4, 0x6, 0x8, 0x5, 0x5, 0x1, 0xa2, 0xf, 0x9, 0x400, 0x8, 0x2, 0x6, 0xad, 0x8001, 0x400, 0x7, 0x7, 0x1e, 0x800, 0xffffffff, 0x9, 0x101, 0x5, 0x5, 0x66, 0x7, 0x5, 0xffff, 0x5, 0xffffffff, 0xb, 0x7f, 0x3, 0x4, 0x8, 0x2, 0x5, 0xfff, 0x3, 0x7, 0x0, 0x7, 0x7, 0x1, 0x2, 0x2, 0x0, 0x9, 0x5, 0x100, 0x36, 0x3, 0x6, 0x0, 0x8, 0x4, 0x6, 0x5, 0x0, 0x7, 0x7, 0x48000, 0x9, 0xb, 0x6d81, 0x0, 0x0, 0x9, 0x914, 0x4, 0x8000, 0x6, 0x0, 0x2, 0x7, 0x2, 0x2, 0x644, 0x6b0, 0x8, 0x6, 0x0, 0x1, 0x3, 0xd, 0x5, 0x1, 0x3, 0x2000, 0x97, 0x3, 0xa2, 0x1, 0x0, 0x3, 0xc, 0x1, 0x7, 0x9, 0x5, 0xfffffffc, 0x10000, 0x7, 0x4000, 0x0, 0xb658, 0xfffffffc, 0xdd, 0x6edb, 0x1, 0x0, 0x6, 0x7, 0x10001, 0x80000001, 0x9, 0x90, 0x1, 0xfffffffa, 0x5, 0x7f, 0x0, 0xa3, 0x10001, 0x6, 0x7, 0x4, 0x2, 0x5, 0x120, 0x10000, 0x9, 0x40, 0x5e, 0x4, 0x8ee0, 0x8, 0xa, 0x80000000, 0x0, 0x40, 0x4, 0x4, 0x7, 0x0, 0xfafe, 0x6, 0x5, 0x0, 0x36df1a46, 0x7, 0x2, 0x7f, 0x5, 0x1, 0x5, 0x3, 0x5be8, 0x9491, 0x2, 0x5, 0x8, 0xb5, 0x7fffffff, 0x0, 0x2b, 0x0, 0x3, 0x9, 0x8, 0x0, 0x81, 0xe, 0x8, 0x4, 0x2000000, 0x4, 0x4, 0x7, 0x1, 0x8, 0xe7, 0x1, 0x80000001, 0x8, 0x7, 0x9b, 0x38ac, 0x5, 0x3, 0x80, 0x1, 0x4, 0x5, 0xffffff80, 0x2, 0x100, 0x7, 0x116d, 0x7f, 0x8, 0x1ffc0000, 0x1, 0x8, 0x9, 0x25b93dc, 0x7, 0x6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x26, 0x1, 0x9, 0x7, 0x9, 0x7}, {0x8, 0x1, 0x4, 0x2, 0x4, 0xd3}, 0x4, 0x8, 0x1ac}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xccfadf379f72c138}, @TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x7fffffff, 0x1, 0x148a, 0x8001, 0x2, 0xff, 0xf816, 0xfffffffa, 0x4, 0x6, 0x5, 0x3, 0x3, 0x0, 0xb, 0x8c6c, 0x7, 0x5, 0x200, 0x0, 0x10000, 0x200, 0x401, 0xe, 0x4, 0x3ff, 0x10001, 0x7, 0x8000, 0x3, 0x1, 0x4, 0x401, 0x1, 0x2, 0x8ad0, 0xfffffbff, 0x1, 0xfffffffc, 0x6, 0x9, 0x82, 0x4c9, 0x401, 0x7, 0x8, 0xce6, 0x4, 0x0, 0x3, 0xdd, 0x4, 0x2, 0x9, 0x3, 0x2, 0xfffffff8, 0x3ff, 0x4, 0x40, 0x0, 0xb0, 0x0, 0x1, 0x909, 0x0, 0x3, 0x7ac, 0x6, 0x5, 0xfe, 0x6, 0x2, 0xcf, 0x100, 0x3, 0x81, 0xf, 0x4, 0xfffffffd, 0x1000, 0x0, 0x6, 0x4, 0x8, 0x2607, 0x8, 0x0, 0xa6d, 0x2, 0x5e, 0xebd, 0x10000, 0x10000, 0xf0fad1cf, 0x1, 0xfff, 0x0, 0xffffffff, 0xfffffff9, 0x1, 0x9, 0x6, 0xfffffff8, 0x401, 0x7fffffff, 0x4, 0x80, 0xb, 0xf, 0x18, 0x6, 0x7fffffff, 0x1, 0xbf, 0x8, 0x6, 0x6, 0x400, 0xa, 0x4, 0x8, 0x2d2, 0x5, 0xf, 0xe5, 0x6, 0x3, 0x768, 0x8, 0x0, 0x6, 0x7, 0xc54f, 0xee, 0x8, 0x1, 0x10, 0x8000, 0x8001, 0x4, 0x7df, 0x7f, 0xfffffffc, 0x8, 0x9, 0x0, 0x0, 0x9, 0x7, 0x0, 0x2, 0x10001, 0x8a5a, 0x10000, 0x40000, 0x7fffffff, 0x81, 0xaf78, 0xc, 0x91be, 0x5c6, 0x7, 0x6, 0x8, 0xe6, 0x3, 0xa654, 0x5, 0x7, 0x21, 0x1ff, 0xff, 0x1, 0x7, 0x0, 0xfd5, 0x10000, 0x7, 0x9, 0x8, 0xf4, 0x0, 0x8, 0x0, 0xd, 0x6b, 0x4, 0x2, 0x5, 0x8, 0x80000000, 0x9, 0xab0a, 0x8, 0x4, 0x6, 0x770e, 0x4c94, 0xffff, 0x8, 0x3, 0x80000000, 0x3, 0xcde, 0xc, 0xd, 0xffffffff, 0x5, 0xc75e, 0x4, 0xa, 0x101, 0x4, 0x1e3, 0xa85a, 0x7fff, 0x5, 0x5, 0x1, 0x5, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x7ff, 0x9, 0x3ff, 0x3, 0x8fa, 0x4, 0x7ff, 0xb, 0x8c, 0x1, 0xfffe0, 0x7, 0x1, 0x6, 0x2, 0x5, 0xffe8, 0x575ae617, 0x0, 0x2b, 0x1, 0x7, 0x0, 0x4, 0x4, 0xd, 0x80000001, 0x3]}, @TCA_TBF_RTAB={0x404, 0x2, [0x1000, 0x0, 0x7, 0x4, 0x10000, 0x4, 0xaca, 0x4, 0x88, 0x1, 0x9, 0x400, 0x3, 0x1, 0x3, 0x4, 0x3, 0x7, 0x0, 0x80, 0x8001, 0x0, 0xfffffff9, 0x5, 0x2, 0x401, 0x10004, 0x4, 0x81, 0x6, 0x9, 0xc8, 0x9, 0x4, 0x6, 0xff, 0x1ff, 0xffffff01, 0x4, 0xa21, 0x9, 0x3, 0x10001, 0x1, 0x4, 0x3d9, 0x3, 0xc2, 0x9, 0x5, 0x5, 0x8, 0x5, 0x57087658, 0xa, 0x5, 0x3, 0xf, 0x9, 0xffff, 0x5, 0x4, 0x200, 0x1, 0x9a, 0x9, 0x2, 0xffff0c6c, 0xffffffff, 0x3, 0x2, 0x2, 0x3, 0x9, 0x7, 0x6, 0x1, 0x58d, 0x7, 0x10000, 0x1, 0x0, 0x2, 0x1, 0x2, 0x0, 0x6, 0x5, 0x2da4, 0x9, 0x4, 0x10000, 0xb, 0x4, 0x7, 0x4, 0x3, 0xc, 0x2, 0x2, 0x0, 0xffff, 0xde, 0x9, 0x5, 0x29, 0x800, 0x3, 0xe9de, 0xffff, 0x80000000, 0xb7ba, 0xac, 0x6, 0x29, 0x4, 0x1, 0xf2d, 0x2, 0x800, 0x2000ff, 0x1, 0x66be, 0x8, 0x9, 0x3, 0xdb, 0xff, 0x40, 0x9, 0x4, 0x1, 0x0, 0x9, 0x8001, 0x400, 0xfffffffb, 0x80, 0x6, 0x1000000, 0x7, 0x7f, 0x0, 0x400, 0x1, 0x0, 0x2c7, 0x7, 0xcb43, 0x8000, 0xba3, 0xb, 0x9bd, 0x6, 0x0, 0xffff, 0x5, 0x800, 0x401, 0xffff, 0x6, 0x0, 0x8, 0x1000, 0x5, 0x1, 0x5, 0xfffffff7, 0x7, 0xfff, 0x2b7, 0x5, 0x0, 0x1, 0x1000, 0x1, 0xa800, 0xffff, 0x6c, 0x2, 0x4, 0x1, 0x3, 0x101, 0x6, 0x6, 0x2a0e3b8f, 0x7, 0x6, 0x7ff, 0x8, 0xc66, 0x1, 0x6, 0x3f9e, 0xb, 0x22f, 0xa, 0xde8, 0x42bffd08, 0x4, 0x81, 0x40, 0x5, 0x10, 0x8000, 0xfffffba8, 0x8, 0x401, 0x5, 0x4, 0x3ff, 0x6, 0x0, 0x1, 0x1, 0xfffff001, 0x5, 0x5, 0x7, 0x2, 0x9, 0x9, 0xc0, 0x3, 0x101, 0x6, 0x2, 0x1, 0x2, 0x1, 0x80000000, 0x8, 0x7fffffff, 0x0, 0x10, 0x0, 0xcd95, 0x4, 0x4, 0x1071, 0x6, 0xe, 0x0, 0x3, 0x2, 0x7ff, 0x1, 0x4, 0x0, 0x40, 0x5, 0xe, 0x3, 0x0, 0xffff8001]}, @TCA_TBF_BURST={0x8, 0x6, 0x6}, @TCA_TBF_PBURST={0x8, 0x7, 0x1470}, @TCA_TBF_RTAB={0x404, 0x2, [0x6, 0x51ec, 0x5, 0x8001, 0xfffffffe, 0x5, 0x3, 0x0, 0xde3145, 0x1, 0x101, 0x3456, 0x8, 0x8001, 0xff, 0x9, 0x5, 0x0, 0x6, 0xe, 0x9, 0x8000, 0xfffffffb, 0x0, 0x7, 0xe31, 0x7d, 0x3, 0x9, 0x80, 0x2, 0x101, 0x6000, 0x7, 0x10, 0x5, 0x6, 0x3, 0x3, 0x7, 0x4, 0x4, 0xffff, 0x4, 0xad2d, 0x1, 0x6, 0xffffffff, 0x7fffffff, 0x0, 0x0, 0xaab, 0x4, 0x4, 0x7, 0x7f, 0x6, 0x7fff, 0x2, 0xbf, 0x7, 0x4, 0x8, 0x7, 0x8, 0x10001, 0x2, 0x5, 0x5, 0x1, 0x4, 0xaf, 0x40, 0x4, 0x4, 0x0, 0x7, 0x1, 0x4, 0x3, 0x3, 0x15b0, 0x2, 0xa, 0x3f4, 0xe, 0x1, 0x9, 0xc0, 0x8, 0xfffff192, 0xe36, 0x80000000, 0x1, 0x4, 0x8, 0x4, 0x0, 0x4, 0x3, 0x80000000, 0x0, 0x5, 0x8, 0xfffffff7, 0xfffffe80, 0x9bb, 0x10, 0xfffffff7, 0x8000, 0x7, 0x1, 0x8, 0x80000000, 0x2, 0x3, 0x2, 0x5d, 0xc9, 0x9, 0xb4, 0x6, 0x1, 0x6, 0x68, 0x4, 0x6, 0xb, 0xb, 0xb, 0xffffffff, 0xa, 0x29d6, 0x3, 0x5, 0x48d, 0x2, 0x5, 0x7, 0x7, 0x968a9e70, 0x1, 0x6, 0x10000, 0x1, 0xe762, 0x401, 0x4, 0xadd, 0xc03, 0x5, 0x5, 0x1, 0x2, 0x401, 0x6, 0x7, 0x9, 0x1000, 0x7, 0x7, 0x80000001, 0xdf, 0xffffa8c3, 0x7, 0x3, 0xc, 0x4, 0x1000, 0x9ae, 0x5, 0x7, 0x2, 0x10, 0xff, 0x3, 0x8, 0x4, 0x7fffffff, 0x6, 0xd, 0x1, 0x1, 0x8, 0x7, 0x80000001, 0x404, 0x10000, 0xfffffff9, 0x822, 0x4, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x7, 0x5, 0x1, 0xa, 0x7ff, 0xff, 0x4, 0x6, 0x4, 0xe079, 0xd1, 0x1, 0x8, 0x5, 0xc2e, 0x6, 0x400, 0x2, 0x5, 0xc505, 0x6, 0x8, 0x9e7, 0x0, 0xfffff46c, 0x80000000, 0x7, 0x603, 0x4, 0x23, 0xc0b, 0x1, 0x5, 0x1, 0x4, 0xcfd, 0x2, 0x800, 0x7, 0x2, 0x0, 0x3, 0x2, 0x715, 0xa, 0x5, 0x8, 0x8, 0x9, 0xe0, 0x6, 0x5, 0xf, 0x9963, 0xb, 0xecf0, 0x244, 0x0, 0x0, 0x9f14]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1e9f}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0x9}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xffff}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}, @TCA_RATE={0x6, 0x5, {0x7, 0x8}}]}, 0x10c0}, 0x1, 0x0, 0x0, 0x4000}, 0x44810)
r7 = socket(0x10, 0x803, 0x0)
sendto(r7, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}, 0xe00}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

5.377349687s ago: executing program 3 (id=2534):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x3c)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = dup2(0xffffffffffffffff, r1)
r3 = syz_io_uring_setup(0x5988, &(0x7f00000005c0)={0x0, 0xfec4, 0x8, 0x1, 0x2d3}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100b11b700000feffff1a000000180001801400020064756d6d7930"], 0x2c}}, 0x0)
io_uring_enter(r3, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000500)={0x0, @in={{0x2, 0x4, @loopback}}}, &(0x7f0000000400)=0x84)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0x0, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, 0x0, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f00000000c0)={0x48})

4.475755994s ago: executing program 5 (id=2536):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$igmp(0x2, 0x3, 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r2 = accept(r1, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x1d}], 0x1, 0x0)
recvmsg(r2, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0)
mmap$xdp(&(0x7f00007fd000/0x800000)=nil, 0x800000, 0x8, 0x810, r2, 0x100000000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10)

4.361915541s ago: executing program 0 (id=2537):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x13, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x20, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="18000000010000000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4004885)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
r3 = socket(0x23, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40d)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x3, 0xb, &(0x7f0000000f00)=ANY=[@ANYBLOB="18020000010000000000000000000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000faffffffb70200000800ffffb70300000000000085000000b000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=<r5=>0xffffffffffffffff, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x13, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000900000000000000000018110000", @ANYRES32, @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000380)={'ip6tnl0\x00', &(0x7f0000000300)={'syztnl2\x00', <r6=>0x0, 0x2f, 0x1, 0x3, 0x9, 0x20, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x80, 0x7, 0x897f, 0x7b34}})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan1\x00'})
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', r6, @fallback, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
move_mount(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x220)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000240)={0x5, 0x1ff, 0x8004, 0x7, 0x101, 0x10000, 0x28bb, 0x7fff}, &(0x7f0000000280)=0x20)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="24000000200001030000000040000000020000000200000466d95b060000000008001800"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x4044004)

4.341125261s ago: executing program 3 (id=2539):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00', r0, 0x0, 0x400}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000380))
userfaultfd(0x80001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000b00)='\xbf%#\x00', 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)

3.323630046s ago: executing program 3 (id=2540):
r0 = syz_usb_connect(0x1, 0x1b, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x15, 0xd1, 0x43, 0x10, 0x1199, 0x9013, 0xbf3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0xff, 0x0, 0x158, 0x9}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000740)=ANY=[], 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="200801350020dff33701019ce06a6fb0cf49ac103048106ab3bdacc5bd39318c674cedbed67033b10794f7a39b8e89fc7e815bd738fe3e788ccf764bde253ad1c5aaf10fe58dd19beff483a35013e8f0005db86161cc69252fa70b3b5feb93690e56d4b5cb7b399227c2c063e8e642122221516f51878ef0b436011e7031b0030a70dd0481f3e68d0c1e93dcbf670ff873396ba9aa10"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000100)={0x20, 0x31, 0x2, "3bd9"}, 0x0, 0x0})

3.323443413s ago: executing program 4 (id=2541):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)

3.229711825s ago: executing program 0 (id=2542):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034888a8010000000000140000006000000001003a00"], 0xfdef)

3.177446464s ago: executing program 5 (id=2543):
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$media(0x0, 0x4007, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r1)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x5d032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f0000000280)={{&(0x7f0000a5b000/0x2000)=nil, 0x2000}, 0x1})
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f00000001c0)={0x2, @vbi})
r5 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x7, 0x0, 0x0, 0x10000000}, 0x10)
sendmsg$nl_route(r5, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x890b, &(0x7f0000000000))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0x10, 0x1, 0x0)
sendmsg$nl_route_sched(r6, 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r3, 0x7a5, &(0x7f00000000c0)={{@hyper, 0x1ff}, 0x1, 0x1, 0x79c})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x48000)

3.176279189s ago: executing program 4 (id=2544):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r1, &(0x7f00000008c0), 0x4)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}]}], {0x14}}, 0x64}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, 0xffffffffffffffff, 0x0)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x1, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020}, 0x2020)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x6, 0x6, 0x0, 0x0, 0x5}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x100000, 0x9)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
remap_file_pages(&(0x7f0000509000/0x1000)=nil, 0x1000, 0x8, 0x3, 0x2000)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000001fc0)=@newqdisc={0x10c0, 0x24, 0x20, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xfff3}, {0x887f97af9de19276, 0x12}, {0xe, 0xfff2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @qdisc_kind_options=@q_tbf={{0x8}, {0x106c, 0x2, [@TCA_TBF_PRATE64={0xc, 0x5, 0xe708d78077e4cfd3}, @TCA_TBF_PTAB={0x404, 0x3, [0x6b97, 0x7f, 0x3, 0x5, 0xffffff3a, 0xfff, 0x2, 0xfffff801, 0x0, 0x5, 0x7f, 0x20, 0xc0000, 0x0, 0x6, 0xcd2, 0xfff, 0x3, 0xe94b, 0x4, 0x3, 0x3bba, 0x6, 0x4, 0x8, 0x2, 0x0, 0x7, 0x1, 0xff, 0xa0c, 0x4, 0x4, 0x7fff, 0x1, 0x0, 0x4, 0x3ff, 0xb5, 0x9, 0x7, 0x9, 0x10, 0x5, 0x81, 0x4, 0x6, 0x4, 0x6, 0x8, 0x5, 0x5, 0x1, 0xa2, 0xf, 0x9, 0x400, 0x8, 0x2, 0x6, 0xad, 0x8001, 0x400, 0x7, 0x7, 0x1e, 0x800, 0xffffffff, 0x9, 0x101, 0x5, 0x5, 0x66, 0x7, 0x5, 0xffff, 0x5, 0xffffffff, 0xb, 0x7f, 0x3, 0x4, 0x8, 0x2, 0x5, 0xfff, 0x3, 0x7, 0x0, 0x7, 0x7, 0x1, 0x2, 0x2, 0x0, 0x9, 0x5, 0x100, 0x36, 0x3, 0x6, 0x0, 0x8, 0x4, 0x6, 0x5, 0x0, 0x7, 0x7, 0x48000, 0x9, 0xb, 0x6d81, 0x0, 0x0, 0x9, 0x914, 0x4, 0x8000, 0x6, 0x0, 0x2, 0x7, 0x2, 0x2, 0x644, 0x6b0, 0x8, 0x6, 0x0, 0x1, 0x3, 0xd, 0x5, 0x1, 0x3, 0x2000, 0x97, 0x3, 0xa2, 0x1, 0x0, 0x3, 0xc, 0x1, 0x7, 0x9, 0x5, 0xfffffffc, 0x10000, 0x7, 0x4000, 0x0, 0xb658, 0xfffffffc, 0xdd, 0x6edb, 0x1, 0x0, 0x6, 0x7, 0x10001, 0x80000001, 0x9, 0x90, 0x1, 0xfffffffa, 0x5, 0x7f, 0x0, 0xa3, 0x10001, 0x6, 0x7, 0x4, 0x2, 0x5, 0x120, 0x10000, 0x9, 0x40, 0x5e, 0x4, 0x8ee0, 0x8, 0xa, 0x80000000, 0x0, 0x40, 0x4, 0x4, 0x7, 0x0, 0xfafe, 0x6, 0x5, 0x0, 0x36df1a46, 0x7, 0x2, 0x7f, 0x5, 0x1, 0x5, 0x3, 0x5be8, 0x9491, 0x2, 0x5, 0x8, 0xb5, 0x7fffffff, 0x0, 0x2b, 0x0, 0x3, 0x9, 0x8, 0x0, 0x81, 0xe, 0x8, 0x4, 0x2000000, 0x4, 0x4, 0x7, 0x1, 0x8, 0xe7, 0x1, 0x80000001, 0x8, 0x7, 0x9b, 0x38ac, 0x5, 0x3, 0x80, 0x1, 0x4, 0x5, 0xffffff80, 0x2, 0x100, 0x7, 0x116d, 0x7f, 0x8, 0x1ffc0000, 0x1, 0x8, 0x9, 0x25b93dc, 0x7, 0x6]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x26, 0x1, 0x9, 0x7, 0x9, 0x7}, {0x8, 0x1, 0x4, 0x2, 0x4, 0xd3}, 0x4, 0x8, 0x1ac}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xccfadf379f72c138}, @TCA_TBF_RTAB={0x404, 0x2, [0x7, 0x7fffffff, 0x1, 0x148a, 0x8001, 0x2, 0xff, 0xf816, 0xfffffffa, 0x4, 0x6, 0x5, 0x3, 0x3, 0x0, 0xb, 0x8c6c, 0x7, 0x5, 0x200, 0x0, 0x10000, 0x200, 0x401, 0xe, 0x4, 0x3ff, 0x10001, 0x7, 0x8000, 0x3, 0x1, 0x4, 0x401, 0x1, 0x2, 0x8ad0, 0xfffffbff, 0x1, 0xfffffffc, 0x6, 0x9, 0x82, 0x4c9, 0x401, 0x7, 0x8, 0xce6, 0x4, 0x0, 0x3, 0xdd, 0x4, 0x2, 0x9, 0x3, 0x2, 0xfffffff8, 0x3ff, 0x4, 0x40, 0x0, 0xb0, 0x0, 0x1, 0x909, 0x0, 0x3, 0x7ac, 0x6, 0x5, 0xfe, 0x6, 0x2, 0xcf, 0x100, 0x3, 0x81, 0xf, 0x4, 0xfffffffd, 0x1000, 0x0, 0x6, 0x4, 0x8, 0x2607, 0x8, 0x0, 0xa6d, 0x2, 0x5e, 0xebd, 0x10000, 0x10000, 0xf0fad1cf, 0x1, 0xfff, 0x0, 0xffffffff, 0xfffffff9, 0x1, 0x9, 0x6, 0xfffffff8, 0x401, 0x7fffffff, 0x4, 0x80, 0xb, 0xf, 0x18, 0x6, 0x7fffffff, 0x1, 0xbf, 0x8, 0x6, 0x6, 0x400, 0xa, 0x4, 0x8, 0x2d2, 0x5, 0xf, 0xe5, 0x6, 0x3, 0x768, 0x8, 0x0, 0x6, 0x7, 0xc54f, 0xee, 0x8, 0x1, 0x10, 0x8000, 0x8001, 0x4, 0x7df, 0x7f, 0xfffffffc, 0x8, 0x9, 0x0, 0x0, 0x9, 0x7, 0x0, 0x2, 0x10001, 0x8a5a, 0x10000, 0x40000, 0x7fffffff, 0x81, 0xaf78, 0xc, 0x91be, 0x5c6, 0x7, 0x6, 0x8, 0xe6, 0x3, 0xa654, 0x5, 0x7, 0x21, 0x1ff, 0xff, 0x1, 0x7, 0x0, 0xfd5, 0x10000, 0x7, 0x9, 0x8, 0xf4, 0x0, 0x8, 0x0, 0xd, 0x6b, 0x4, 0x2, 0x5, 0x8, 0x80000000, 0x9, 0xab0a, 0x8, 0x4, 0x6, 0x770e, 0x4c94, 0xffff, 0x8, 0x3, 0x80000000, 0x3, 0xcde, 0xc, 0xd, 0xffffffff, 0x5, 0xc75e, 0x4, 0xa, 0x101, 0x4, 0x1e3, 0xa85a, 0x7fff, 0x5, 0x5, 0x1, 0x5, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x7ff, 0x9, 0x3ff, 0x3, 0x8fa, 0x4, 0x7ff, 0xb, 0x8c, 0x1, 0xfffe0, 0x7, 0x1, 0x6, 0x2, 0x5, 0xffe8, 0x575ae617, 0x0, 0x2b, 0x1, 0x7, 0x0, 0x4, 0x4, 0xd, 0x80000001, 0x3]}, @TCA_TBF_RTAB={0x404, 0x2, [0x1000, 0x0, 0x7, 0x4, 0x10000, 0x4, 0xaca, 0x4, 0x88, 0x1, 0x9, 0x400, 0x3, 0x1, 0x3, 0x4, 0x3, 0x7, 0x0, 0x80, 0x8001, 0x0, 0xfffffff9, 0x5, 0x2, 0x401, 0x10004, 0x4, 0x81, 0x6, 0x9, 0xc8, 0x9, 0x4, 0x6, 0xff, 0x1ff, 0xffffff01, 0x4, 0xa21, 0x9, 0x3, 0x10001, 0x1, 0x4, 0x3d9, 0x3, 0xc2, 0x9, 0x5, 0x5, 0x8, 0x5, 0x57087658, 0xa, 0x5, 0x3, 0xf, 0x9, 0xffff, 0x5, 0x4, 0x200, 0x1, 0x9a, 0x9, 0x2, 0xffff0c6c, 0xffffffff, 0x3, 0x2, 0x2, 0x3, 0x9, 0x7, 0x6, 0x1, 0x58d, 0x7, 0x10000, 0x1, 0x0, 0x2, 0x1, 0x2, 0x0, 0x6, 0x5, 0x2da4, 0x9, 0x4, 0x10000, 0xb, 0x4, 0x7, 0x4, 0x3, 0xc, 0x2, 0x2, 0x0, 0xffff, 0xde, 0x9, 0x5, 0x29, 0x800, 0x3, 0xe9de, 0xffff, 0x80000000, 0xb7ba, 0xac, 0x6, 0x29, 0x4, 0x1, 0xf2d, 0x2, 0x800, 0x2000ff, 0x1, 0x66be, 0x8, 0x9, 0x3, 0xdb, 0xff, 0x40, 0x9, 0x4, 0x1, 0x0, 0x9, 0x8001, 0x400, 0xfffffffb, 0x80, 0x6, 0x1000000, 0x7, 0x7f, 0x0, 0x400, 0x1, 0x0, 0x2c7, 0x7, 0xcb43, 0x8000, 0xba3, 0xb, 0x9bd, 0x6, 0x0, 0xffff, 0x5, 0x800, 0x401, 0xffff, 0x6, 0x0, 0x8, 0x1000, 0x5, 0x1, 0x5, 0xfffffff7, 0x7, 0xfff, 0x2b7, 0x5, 0x0, 0x1, 0x1000, 0x1, 0xa800, 0xffff, 0x6c, 0x2, 0x4, 0x1, 0x3, 0x101, 0x6, 0x6, 0x2a0e3b8f, 0x7, 0x6, 0x7ff, 0x8, 0xc66, 0x1, 0x6, 0x3f9e, 0xb, 0x22f, 0xa, 0xde8, 0x42bffd08, 0x4, 0x81, 0x40, 0x5, 0x10, 0x8000, 0xfffffba8, 0x8, 0x401, 0x5, 0x4, 0x3ff, 0x6, 0x0, 0x1, 0x1, 0xfffff001, 0x5, 0x5, 0x7, 0x2, 0x9, 0x9, 0xc0, 0x3, 0x101, 0x6, 0x2, 0x1, 0x2, 0x1, 0x80000000, 0x8, 0x7fffffff, 0x0, 0x10, 0x0, 0xcd95, 0x4, 0x4, 0x1071, 0x6, 0xe, 0x0, 0x3, 0x2, 0x7ff, 0x1, 0x4, 0x0, 0x40, 0x5, 0xe, 0x3, 0x0, 0xffff8001]}, @TCA_TBF_BURST={0x8, 0x6, 0x6}, @TCA_TBF_PBURST={0x8, 0x7, 0x1470}, @TCA_TBF_RTAB={0x404, 0x2, [0x6, 0x51ec, 0x5, 0x8001, 0xfffffffe, 0x5, 0x3, 0x0, 0xde3145, 0x1, 0x101, 0x3456, 0x8, 0x8001, 0xff, 0x9, 0x5, 0x0, 0x6, 0xe, 0x9, 0x8000, 0xfffffffb, 0x0, 0x7, 0xe31, 0x7d, 0x3, 0x9, 0x80, 0x2, 0x101, 0x6000, 0x7, 0x10, 0x5, 0x6, 0x3, 0x3, 0x7, 0x4, 0x4, 0xffff, 0x4, 0xad2d, 0x1, 0x6, 0xffffffff, 0x7fffffff, 0x0, 0x0, 0xaab, 0x4, 0x4, 0x7, 0x7f, 0x6, 0x7fff, 0x2, 0xbf, 0x7, 0x4, 0x8, 0x7, 0x8, 0x10001, 0x2, 0x5, 0x5, 0x1, 0x4, 0xaf, 0x40, 0x4, 0x4, 0x0, 0x7, 0x1, 0x4, 0x3, 0x3, 0x15b0, 0x2, 0xa, 0x3f4, 0xe, 0x1, 0x9, 0xc0, 0x8, 0xfffff192, 0xe36, 0x80000000, 0x1, 0x4, 0x8, 0x4, 0x0, 0x4, 0x3, 0x80000000, 0x0, 0x5, 0x8, 0xfffffff7, 0xfffffe80, 0x9bb, 0x10, 0xfffffff7, 0x8000, 0x7, 0x1, 0x8, 0x80000000, 0x2, 0x3, 0x2, 0x5d, 0xc9, 0x9, 0xb4, 0x6, 0x1, 0x6, 0x68, 0x4, 0x6, 0xb, 0xb, 0xb, 0xffffffff, 0xa, 0x29d6, 0x3, 0x5, 0x48d, 0x2, 0x5, 0x7, 0x7, 0x968a9e70, 0x1, 0x6, 0x10000, 0x1, 0xe762, 0x401, 0x4, 0xadd, 0xc03, 0x5, 0x5, 0x1, 0x2, 0x401, 0x6, 0x7, 0x9, 0x1000, 0x7, 0x7, 0x80000001, 0xdf, 0xffffa8c3, 0x7, 0x3, 0xc, 0x4, 0x1000, 0x9ae, 0x5, 0x7, 0x2, 0x10, 0xff, 0x3, 0x8, 0x4, 0x7fffffff, 0x6, 0xd, 0x1, 0x1, 0x8, 0x7, 0x80000001, 0x404, 0x10000, 0xfffffff9, 0x822, 0x4, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x7, 0x5, 0x1, 0xa, 0x7ff, 0xff, 0x4, 0x6, 0x4, 0xe079, 0xd1, 0x1, 0x8, 0x5, 0xc2e, 0x6, 0x400, 0x2, 0x5, 0xc505, 0x6, 0x8, 0x9e7, 0x0, 0xfffff46c, 0x80000000, 0x7, 0x603, 0x4, 0x23, 0xc0b, 0x1, 0x5, 0x1, 0x4, 0xcfd, 0x2, 0x800, 0x7, 0x2, 0x0, 0x3, 0x2, 0x715, 0xa, 0x5, 0x8, 0x8, 0x9, 0xe0, 0x6, 0x5, 0xf, 0x9963, 0xb, 0xecf0, 0x244, 0x0, 0x0, 0x9f14]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1e9f}]}}, @TCA_RATE={0x6, 0x5, {0x3, 0x9}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0xffff}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}, @TCA_RATE={0x6, 0x5, {0x7, 0x8}}]}, 0x10c0}, 0x1, 0x0, 0x0, 0x4000}, 0x44810)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket(0x10, 0x803, 0x0)
sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}, 0xe00}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

2.818714131s ago: executing program 1 (id=2545):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x8000000d75, 0x105001)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESOCT=0x0], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x2, r2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2.783677518s ago: executing program 5 (id=2546):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="6c6f61642065637279707466737bdd7365723a74727573743030303030303030303030363420001fb9268c0ea8e978325383cee435d7bfb2bb1c7a343726f1cbae86c0dd7b0555cbab9e22ef47a608f20cd6dde2a3e9b59e64f183d4684e5bf4be8676eff81e7f7276039742552c5e10a68743af0a86279a04831f1cd8750752153209987cf69019d89422b63a918a98c9c7c1099b7773d4536e5bd9cdf5df71b49492d155f2246d614bbe85f68f13ed6ec7cd97273901d30928cc2f55adb93792ae02fcd83b82380b84ced92fdba7d478f020b2f9cb4e9d27a522918a1f5aca4570665da3e4ef03ece97409fe2d2cd64612440fdf98b69b94"], 0x32, 0xfffffffffffffffc)
add_key(&(0x7f00000002c0)='cifs.spnego\x00', &(0x7f0000000180), &(0x7f0000000100), 0x0, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f000050f000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10)
getitimer(0x0, &(0x7f0000000440))
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r2)
syz_open_dev$video4linux(&(0x7f00000000c0), 0x400, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
pselect6(0x40, &(0x7f0000000140)={0x0, 0x2, 0xc, 0x1000000004, 0x8, 0x9, 0x0, 0x5}, 0x0, &(0x7f0000000280)={0xff, 0xffff, 0x753, 0x22, 0x0, 0x1, 0x5, 0x7}, 0x0, 0x0)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
listen(r3, 0xffffffff)
syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x400, 0x80000213, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f0000000400)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000003c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, r2, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f00000037c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdce09000125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffaf4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2b2f0ed86b00000000fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c7070800000000000000433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf8714d7bb2366fde41f94290c2a5fdecb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1f5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27832b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a540f0c10ec3a11667290b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad95971030000007d00000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c6055bb164ab413d5467ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d7ab3753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c8c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf06db539f97580e079175426c088a0208040982a000000000000000000000000001aad0b6d70c42c3131006d9996b4c651ceaaf0159fe6e7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a1914b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c056d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04de1d9f34335d8fcb9205da65b43831c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23d040000000000000033f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8adc67ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c259d3f28b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d74f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c51000000000000000000000000000000000000000000915c2cde78db002a20e370600f56b3803786ffff268fa1782c240a1d3b62bb5c9c5712bc58a0f276f5224b6efaceab36d1468b0800000000000000cbefec08ac7cb62a9f6abcc97daf83edafe4409ecba3050a321a180af12bc59b1b2f1a9cfdf4bf2d26449544d82fae6473443c68e11c33b531896b7b7ebd03ed5620880ac1a33d3a6fa59d77e98a17d594eaea287f095e0593ac101efc3ad591249a4b0f090c0be8866b80f686fb8049c942c93b240c1e13ffba1f5220b5d08456614329cb66f71cbaefaedabdd0e9754f821cf88cfe247b85fea737bb72e759168acbef4cea2e21bb3fb18b8612183b386d3285984b96e22bf82be189395475b18c27437b73a81ff72818cdd291e906a8e2933237473494d4ddea11f7972eeb0fbee7e8aa90818fa847b700b4225ebb3c662c06e33dc5b94df2b35bc1647d87002b6106f7d4866ce7d68194dd00"/4166], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
removexattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="6f73782e616469616e74756d28656362286369f20a26636f24ca9f23b8ff4ae69ffcc8706865725f8f756c6c292c636f6d70726573735f6e756c6c2d67656e6501000000"])
mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100)='omfs\x00', 0x8004, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB="400100001000010003000000fddbdf25ac1414aa000000000000000000000000e000000200000000000000000000000000000000000000000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb00000000000000ff000000000000000033000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000001000000000000000000000000000000000000000000000000000020000000000000000000090000000000000000000000000000000000000000fdffffff0a000000030000000000000048000200616469616e74756d28656362286369706865cf5f6e756c6c292c636f6d70726573735f6e756c6c2d67656e657269632c626c616b6532622d3531322d67656e650000000008001e0001000100"], 0x140}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ftruncate(0xffffffffffffffff, 0xc17a)

2.417257838s ago: executing program 0 (id=2547):
creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x3000}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x20c01, 0x8)
ioctl$sock_inet_SIOCSARP(r2, 0xc0046686, &(0x7f00000002c0)={{0x2, 0x4e21, @multicast2}, {0x0, @remote}, 0x8, {0x2, 0x0, @multicast2}, 'veth1_virt_wifi\x00'})

2.230181556s ago: executing program 4 (id=2548):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x80)

2.123660892s ago: executing program 4 (id=2549):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, 0x0, 0x0)

2.03041665s ago: executing program 4 (id=2550):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_switch\x00', r0, 0x0, 0x400}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000380))
userfaultfd(0x80001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000b00)='\xbf%#\x00', 0x0)
setresgid(0x0, 0xee01, 0xffffffffffffffff)

1.217437321s ago: executing program 0 (id=2551):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
socket$inet(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x6734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = socket(0x200000000000011, 0x2, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='lp\x00', 0x3)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000100)=@assoc_value, &(0x7f0000000300)=0x8)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000280)={'syz_tun\x00', <r5=>0x0})
prlimit64(0x0, 0x7, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x63, 0x8400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f00000001c0)=[0x0], &(0x7f0000000280), 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={0x0})
bind$packet(r4, &(0x7f0000000080)={0x11, 0x800, r5, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {0x16}}}}}, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r1, 0x57de, 0x0, 0x0, 0x0, 0x0)
r7 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r7, 0x114, 0x1, 0x0, 0x0)

259.805777ms ago: executing program 4 (id=2552):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0xfffffffc}, 0x1c)
recvmmsg(r2, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r2, 0x0, 0x0, 0x20000844, &(0x7f0000000300)={0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, '\x00', 0x39}, 0x800}, 0x1c)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000800)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mm_khugepaged_scan_pmd\x00', r4, 0x0, 0x800}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mm_khugepaged_scan_pmd\x00', r3, 0x0, 0x800}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
bind$alg(r1, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0}}, 0x30000000)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x5c, 0x0, 0xb, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_NAME={0x9, 0x1, '%@+-\x00'}, @NFTA_COMPAT_NAME={0x6, 0x1, '$\x00'}, @NFTA_COMPAT_NAME={0x5, 0x1, '\x00'}, @NFTA_COMPAT_TYPE={0x8}, @NFTA_COMPAT_NAME={0x14, 0x1, '-@}@{a-/A!]#/\\[\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4010)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=ANY=[@ANYBLOB], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="64000000090601020000000000000000020000000900020073797a310000000005000100070000003c0007801800018014000240fe8000000000000000000000000000bb060004404efc970705000700880000000800094000000003060004404e210000c31b4a550e8084d0610f59919b947decc578a39b78d28db2d01acba8522d4373ed6d8fe158a316678b87018828057a0decae061bbc7f0aed916cb119032bd3356ba22f08a20a2127b6afe2f071c1a0acafc118c328021b7fc9f24b6f850996534bafa6735c68e7196924e1cf2917ec3ab3e9af9bcf0ee3d1ee00431e9f0024bb20b306b6d2589a0b84e7147850c27f77cac9c8adfb0e4a8183864c43519cd8b6"], 0x64}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2cf2288a911993f08d3aaea2bc0000de", 0x10)
r7 = accept$alg(r1, 0x0, 0x0)
sendmmsg$alg(r7, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2}], 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x4, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x11)
recvmmsg(r7, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/36, 0x24}], 0x1}, 0xc3}], 0x1, 0x2003, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b040000000000000000020000054c00048018000180080001006f7366000c000280080001400000000430000180080001006e6174002400028008000140000000010800034000000014080002400000000208000440000000150900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0)

236.074532ms ago: executing program 5 (id=2553):
r0 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r0, 0x29, 0x3a, 0x0, 0x300)

178.990942ms ago: executing program 0 (id=2554):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}}, 0x0)

61.205166ms ago: executing program 3 (id=2555):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0)

60.757148ms ago: executing program 5 (id=2556):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {0x0, 0x0, 0x2}, 0x0, [0x0, 0x3, 0x403, 0x100000, 0x8, 0x100, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3ec7c00, 0x0, 0x3, 0x3, 0x10000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xff, 0x0, 0x3, 0x0, 0xa9a4, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffb, 0x0, 0x0, 0x79, 0xfffffffd, 0x0, 0x0, 0x10, 0x2, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x20], [0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x2, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x8, 0x0, 0xfffffffc, 0xfffffffe, 0x8, 0x0, 0x0, 0x8, 0x0, 0x400, 0x0, 0xffffffff, 0x89, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0xfffffffe, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x351e, 0x0, 0xfffffffd, 0xfffffffd, 0x0, 0x6492, 0x8], [0x7fffffff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x200000, 0x0, 0x0, 0x10, 0x0, 0x0, 0x804, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffd, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2, 0x0, 0x4, 0x0, 0xfd32, 0x6, 0x0, 0x0, 0x0, 0x2, 0x2000005, 0x2, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x800, 0x100000]}, 0x45c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, 0x0, 0x0) (async)
bind$inet6(r2, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x4014, 0x0, 0x0)
splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) (async)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000e3fffffb00000001000000280001801400040000000000000000800000ffffac1414aa060001000a00800008000600035d1b"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) (async)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r9, 0x4008ae90, &(0x7f00000001c0)=ANY=[])
ioctl$KVM_GET_CPUID2(r9, 0xc008ae91, &(0x7f00000004c0))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) (async)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7)
socket(0x200000100000011, 0x3, 0x0) (async)
socket(0x200000100000011, 0x3, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000080)={'hsr0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
userfaultfd(0x80001)

17.91731ms ago: executing program 0 (id=2557):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x952, &(0x7f0000000400)={0x0, 0x537, 0x2, 0x1, 0x3d5}, &(0x7f0000000040), &(0x7f0000000240))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = dup2(0xffffffffffffffff, r2)
r4 = syz_io_uring_setup(0x5988, &(0x7f00000005c0)={0x0, 0xfec4, 0x8, 0x1, 0x2d3}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000180))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
unshare(0x64000600)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000e40)=@newlink={0x48, 0x10, 0x403, 0xffffffff, 0x25dfdbff, {0x0, 0x0, 0x3, 0x0, 0xa000, 0x830}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}}, 0x0)
sendmsg$ETHTOOL_MSG_WOL_GET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100b11b700000feffff1a000000180001801400020064756d6d7930"], 0x2c}}, 0x0)
io_uring_enter(r4, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000380)={<r9=>0x0, 0xfffffc85}, &(0x7f00000003c0)=0x8)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000500)={r9, @in={{0x2, 0x4, @loopback}}}, &(0x7f0000000400)=0x84)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x0, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x6, r1, 0x0, &(0x7f0000ff6000/0xa000)=nil, 0xa000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r1})
socket$nl_generic(0x10, 0x3, 0x10)

0s ago: executing program 3 (id=2558):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r0)
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000001100)={0x0, 0x1500, &(0x7f00000010c0)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x70bd67, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x5}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x27}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)

kernel console output (not intermixed with test programs):

900] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  660.826475][   T10] usb 1-1: config 0 descriptor??
[  660.832653][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.834343][   T10] usb 1-1: selecting invalid altsetting 1
[  660.853182][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  660.859713][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  660.877986][ T5900] usb 4-1: config 0 descriptor??
[  661.120304][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  661.377994][ T5900] gspca_main: vc032x-2.14.0 probing 046d:0892
[  661.453400][   T10] DVB: Unable to find symbol cx22700_attach()
[  661.511305][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  661.546056][T13150] syz.1.2118: attempt to access beyond end of device
[  661.546056][T13150] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0
[  661.559464][T13150] hfsplus: unable to find HFS+ superblock
[  661.860104][   T10] DVB: Unable to find symbol tda10046_attach()
[  661.866435][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  661.876657][   T10] usb 1-1: USB disconnect, device number 60
[  662.026650][T13154] fuse: Bad value for 'rootmode'
[  662.150370][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  662.348059][T13160] syz.4.2122: attempt to access beyond end of device
[  662.348059][T13160] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  662.361248][T13160] hfsplus: unable to find HFS+ superblock
[  662.550501][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  662.791189][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.012978][ T5900] gspca_vc032x: reg_w err -71
[  663.026120][ T5900] vc032x 4-1:0.0: probe with driver vc032x failed with error -71
[  663.039538][ T5900] usb 4-1: USB disconnect, device number 70
[  663.190299][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  663.773555][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.782768][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  664.170893][T13181] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  665.197797][   T30] audit: type=1400 audit(2000000457.810:474): avc:  denied  { read } for  pid=13191 comm="syz.0.2134" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  665.220039][   T10] usb 2-1: new full-speed USB device number 65 using dummy_hcd
[  665.242179][   T30] audit: type=1400 audit(2000000457.810:475): avc:  denied  { open } for  pid=13191 comm="syz.0.2134" path="/427/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  665.270306][    C1] net_ratelimit: 3 callbacks suppressed
[  665.270325][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  665.283298][ T5990] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  665.381893][   T10] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  665.393858][   T10] usb 2-1: config 0 has no interface number 0
[  665.413960][   T10] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  665.420639][ T5990] usb 4-1: device descriptor read/64, error -71
[  665.425534][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.487329][   T10] usb 2-1: Product: syz
[  665.562670][   T10] usb 2-1: Manufacturer: syz
[  665.690465][ T5990] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  665.815873][   T10] usb 2-1: SerialNumber: syz
[  665.833348][   T10] usb 2-1: config 0 descriptor??
[  665.844303][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.883008][ T5990] usb 4-1: device descriptor read/64, error -71
[  665.915845][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  665.954708][T13192] orangefs_mount: mount request failed with -4
[  666.011452][ T5990] usb usb4-port1: attempt power cycle
[  666.072668][   T10] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  666.101000][   T10] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  666.120091][   T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  666.165241][   T10] usb 2-1: media controller created
[  666.180700][T13214] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2139'.
[  666.192109][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  666.310288][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  666.460723][ T5990] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  666.571162][ T5990] usb 4-1: device descriptor read/8, error -71
[  666.639822][   T10] DVB: Unable to find symbol dib7000p_attach()
[  666.672737][   T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  666.700346][   T10] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  666.755939][   T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  666.771882][   T10] usb 2-1: media controller created
[  666.793621][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  666.837964][ T5900] libceph: connect (1)[c::]:6789 error -101
[  666.838589][T13229] Y speed is unknown, defaulting to 1000
[  666.854752][ T5990] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  666.860684][   T10] dib0700: the master dib7090 has to be initialized first
[  666.866789][ T5900] libceph: mon0 (1)[c::]:6789 connect error
[  666.869440][   T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  666.905968][T13229] lo speed is unknown, defaulting to 1000
[  667.051650][ T5990] usb 4-1: device descriptor read/8, error -71
[  667.058709][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  667.161923][ T5990] usb usb4-port1: unable to enumerate USB device
[  667.269023][   T10] rc_core: IR keymap rc-dib0700-rc5 not found
[  667.275461][   T10] Registered IR keymap rc-empty
[  667.297606][T13239] Y speed is unknown, defaulting to 1000
[  667.304133][T13239] lo speed is unknown, defaulting to 1000
[  667.337270][   T10] dvb-usb: could not initialize remote control.
[  667.348735][ T5990] libceph: connect (1)[c::]:6789 error -101
[  667.354821][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  667.374545][   T10] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  667.492023][T13243] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  667.554778][ T5956] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  667.560825][ T5990] libceph: mon0 (1)[c::]:6789 connect error
[  667.587479][   T10] usb 2-1: USB disconnect, device number 65
[  667.667253][   T10] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  667.931359][T13251] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2146'.
[  668.086233][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  668.096752][ T5842] libceph: connect (1)[c::]:6789 error -101
[  668.104795][ T5842] libceph: mon0 (1)[c::]:6789 connect error
[  668.170460][T13257] binder: 13255:13257 ioctl c0306201 200000000900 returned -14
[  668.390287][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  668.890331][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  669.089687][T13267] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  669.413084][ T5842] usb 4-1: new full-speed USB device number 75 using dummy_hcd
[  669.667859][T13226] ceph: No mds server is up or the cluster is laggy
[  669.993288][ T5990] libceph: connect (1)[c::]:6789 error -101
[  670.025405][ T5990] libceph: mon0 (1)[c::]:6789 connect error
[  670.176796][ T5842] usb 4-1: config 0 has an invalid interface number: 93 but max is 0
[  670.227522][ T5842] usb 4-1: config 0 has no interface number 0
[  670.330656][ T5990] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  670.375050][ T5842] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  670.425334][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.470314][    C1] net_ratelimit: 3 callbacks suppressed
[  670.470333][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  670.792603][ T5842] usb 4-1: Product: syz
[  670.797242][ T5842] usb 4-1: Manufacturer: syz
[  670.802549][ T5842] usb 4-1: SerialNumber: syz
[  670.814112][ T5842] usb 4-1: config 0 descriptor??
[  670.820247][ T5990] usb 5-1: Using ep0 maxpacket: 32
[  670.831593][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  670.874338][ T5990] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  670.917465][ T5990] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  670.933388][ T5990] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.953796][   T30] audit: type=1400 audit(2000000463.570:476): avc:  denied  { append } for  pid=13291 comm="syz.5.2160" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  670.954387][T13293] FAULT_INJECTION: forcing a failure.
[  670.954387][T13293] name failslab, interval 1, probability 0, space 0, times 0
[  671.001458][ T5990] usb 5-1: config 0 descriptor??
[  671.013183][ T5990] hub 5-1:0.0: USB hub found
[  671.047771][ T5842] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  671.064263][T13293] CPU: 1 UID: 0 PID: 13293 Comm: syz.5.2160 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  671.064290][T13293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  671.064301][T13293] Call Trace:
[  671.064307][T13293]  <TASK>
[  671.064314][T13293]  dump_stack_lvl+0x16c/0x1f0
[  671.064349][T13293]  should_fail_ex+0x512/0x640
[  671.064373][T13293]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  671.064397][T13293]  should_failslab+0xc2/0x120
[  671.064423][T13293]  __kmalloc_cache_noprof+0x6a/0x3e0
[  671.064444][T13293]  ? vkms_atomic_crtc_duplicate_state+0x78/0x1d0
[  671.064471][T13293]  vkms_atomic_crtc_duplicate_state+0x78/0x1d0
[  671.064497][T13293]  drm_atomic_get_crtc_state+0x16e/0x450
[  671.064528][T13293]  drm_atomic_get_plane_state+0x436/0x590
[  671.064558][T13293]  drm_client_modeset_commit_atomic+0x237/0x7e0
[  671.064596][T13293]  ? trace_contention_end+0xdd/0x130
[  671.064613][T13293]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  671.064641][T13293]  ? __mutex_lock+0x1ca/0xb90
[  671.064694][T13293]  drm_client_modeset_commit_locked+0x14d/0x580
[  671.064716][T13293]  drm_client_modeset_commit+0x4f/0x80
[  671.064735][T13293]  __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200
[  671.064762][T13293]  ? __pfx_drm_fbdev_client_restore+0x10/0x10
[  671.064784][T13293]  drm_fbdev_client_restore+0x2c/0x40
[  671.064805][T13293]  drm_client_dev_restore+0x1f6/0x2a0
[  671.064838][T13293]  drm_release+0x2c4/0x360
[  671.064866][T13293]  ? __pfx_drm_release+0x10/0x10
[  671.064890][T13293]  __fput+0x402/0xb70
[  671.064914][T13293]  fput_close_sync+0x118/0x260
[  671.064933][T13293]  ? __pfx_fput_close_sync+0x10/0x10
[  671.064948][T13293]  ? dnotify_flush+0x79/0x4c0
[  671.064981][T13293]  __x64_sys_close+0x8b/0x120
[  671.065000][T13293]  do_syscall_64+0xcd/0x4c0
[  671.065026][T13293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.065044][T13293] RIP: 0033:0x7fc4f578e929
[  671.065059][T13293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.065076][T13293] RSP: 002b:00007fc4f66be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  671.065093][T13293] RAX: ffffffffffffffda RBX: 00007fc4f59b5fa0 RCX: 00007fc4f578e929
[  671.065105][T13293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  671.065115][T13293] RBP: 00007fc4f66be090 R08: 0000000000000000 R09: 0000000000000000
[  671.065125][T13293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.065135][T13293] R13: 0000000000000000 R14: 00007fc4f59b5fa0 R15: 00007ffc8b8d5588
[  671.065161][T13293]  </TASK>
[  671.328157][  T881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  671.342097][ T5842] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  671.352196][ T5842] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  671.361026][ T5842] usb 4-1: media controller created
[  671.368895][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  671.379980][ T5990] hub 5-1:0.0: 1 port detected
[  671.504036][ T5842] DVB: Unable to find symbol dib7000p_attach()
[  671.510368][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  671.519194][ T5842] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  671.528382][ T5842] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  671.538474][ T5842] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  671.543015][ T5956] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  671.550382][ T5842] usb 4-1: media controller created
[  671.563496][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  671.577358][ T5842] dib0700: the master dib7090 has to be initialized first
[  671.584629][ T5842] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  671.731386][T13303] Unknown options in mask 5
[  671.740270][T13303] SELinux: failure in selinux_parse_skb(), unable to parse packet
[  671.770558][ T5956] usb 1-1: Using ep0 maxpacket: 32
[  671.828342][ T5956] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  671.860151][T13302] Bluetooth: hci2: received HCILL_GO_TO_SLEEP_ACK in state 2
[  671.916295][ T5956] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  671.917870][ T8802] Bluetooth: hci2: Frame reassembly failed (-84)
[  672.066201][ T5956] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.101851][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  672.109345][T13300] Y speed is unknown, defaulting to 1000
[  672.117473][T13300] lo speed is unknown, defaulting to 1000
[  672.124144][ T5842] rc_core: IR keymap rc-dib0700-rc5 not found
[  672.132985][ T5842] Registered IR keymap rc-empty
[  672.141368][ T5956] usb 1-1: config 0 descriptor??
[  672.154028][ T5842] dvb-usb: could not initialize remote control.
[  672.176904][ T5956] hub 1-1:0.0: USB hub found
[  672.177381][ T5842] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  672.218080][ T5842] usb 4-1: USB disconnect, device number 75
[  672.282043][ T5842] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  672.390785][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  672.406258][ T5956] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  672.476845][   T30] audit: type=1400 audit(2000000465.090:477): avc:  denied  { bind } for  pid=13314 comm="syz.3.2169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  672.497284][    C0] vkms_vblank_simulate: vblank timer overrun
[  672.550378][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  672.561381][ T5953] usb 2-1: new full-speed USB device number 66 using dummy_hcd
[  672.646214][ T5956] usbhid 1-1:0.0: can't add hid device: -71
[  672.650329][T13322] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2170'.
[  672.652851][ T5956] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  672.711395][ T5956] usb 1-1: USB disconnect, device number 62
[  672.723033][ T5953] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  672.735144][ T5953] usb 2-1: config 0 has no interface number 0
[  672.744217][ T5953] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  672.753767][ T5953] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.764378][ T5953] usb 2-1: config 0 descriptor??
[  672.772909][ T5953] usb 2-1: selecting invalid altsetting 1
[  672.788966][ T5953] dvb_ttusb_budget: ttusb_init_controller: error
[  672.800323][ T5953] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  672.932225][ T5953] DVB: Unable to find symbol cx22700_attach()
[  673.521005][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.529166][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.539974][ T5990] hub 5-1:0.0: hub_ext_port_status failed (err = -32)
[  673.590301][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  673.682154][ T5953] DVB: Unable to find symbol tda10046_attach()
[  673.688664][ T5953] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  673.698966][ T5953] usb 2-1: USB disconnect, device number 66
[  674.020561][ T5847] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  674.049519][   T50] Bluetooth: hci2: command 0x1003 tx timeout
[  674.260449][ T5990] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  674.630301][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  675.041975][ T5842] usb 5-1: USB disconnect, device number 81
[  675.090484][ T5990] usb 1-1: Using ep0 maxpacket: 16
[  675.362845][ T5990] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  675.414778][ T5990] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  675.433708][ T5990] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  675.470427][ T5990] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  675.486670][ T5990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  675.516044][ T5990] usb 1-1: config 0 descriptor??
[  675.670341][    C1] net_ratelimit: 4 callbacks suppressed
[  675.670360][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  676.001303][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  676.093066][ T5990] HID 045e:07da: Invalid code 65791 type 1
[  676.095552][T13358] Y speed is unknown, defaulting to 1000
[  676.231936][T13358] lo speed is unknown, defaulting to 1000
[  676.266004][ T5990] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0023/input/input83
[  676.316529][ T5990] microsoft 0003:045E:07DA.0023: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[  676.395964][ T5990] usb 1-1: USB disconnect, device number 63
[  676.433534][T13366] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2181'.
[  676.456374][T13368] FAULT_INJECTION: forcing a failure.
[  676.456374][T13368] name failslab, interval 1, probability 0, space 0, times 0
[  676.519588][T13368] CPU: 0 UID: 0 PID: 13368 Comm: syz.4.2182 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  676.519615][T13368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  676.519626][T13368] Call Trace:
[  676.519633][T13368]  <TASK>
[  676.519640][T13368]  dump_stack_lvl+0x16c/0x1f0
[  676.519668][T13368]  should_fail_ex+0x512/0x640
[  676.519691][T13368]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  676.519717][T13368]  should_failslab+0xc2/0x120
[  676.519743][T13368]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  676.519765][T13368]  ? ima_match_policy+0x7ed/0x22d0
[  676.519781][T13368]  ? vm_area_dup+0x27/0x8d0
[  676.519805][T13368]  vm_area_dup+0x27/0x8d0
[  676.519827][T13368]  __split_vma+0x18e/0x1070
[  676.519852][T13368]  ? __pfx___split_vma+0x10/0x10
[  676.519889][T13368]  vms_gather_munmap_vmas+0x1c2/0x1310
[  676.519915][T13368]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  676.519939][T13368]  ? mas_walk+0x6a6/0x910
[  676.519972][T13368]  __mmap_region+0x3c7/0x25e0
[  676.519999][T13368]  ? __pfx___mmap_region+0x10/0x10
[  676.520032][T13368]  ? __lock_acquire+0x622/0x1c90
[  676.520053][T13368]  ? kernel_text_address+0x8d/0x100
[  676.520074][T13368]  ? __kernel_text_address+0xd/0x40
[  676.520099][T13368]  ? find_held_lock+0x2b/0x80
[  676.520121][T13368]  ? avc_has_perm_noaudit+0x117/0x3b0
[  676.520174][T13368]  ? __lock_acquire+0xb8a/0x1c90
[  676.520195][T13368]  mmap_region+0x32b/0x3f0
[  676.520220][T13368]  do_mmap+0xa3e/0x1210
[  676.520241][T13368]  ? __pfx_do_mmap+0x10/0x10
[  676.520258][T13368]  ? __pfx_down_write_killable+0x10/0x10
[  676.520290][T13368]  vm_mmap_pgoff+0x281/0x450
[  676.520321][T13368]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  676.520352][T13368]  ? __fget_files+0x20e/0x3c0
[  676.520381][T13368]  ksys_mmap_pgoff+0x32c/0x5c0
[  676.520407][T13368]  ? __pfx_ksys_write+0x10/0x10
[  676.520438][T13368]  __x64_sys_mmap+0x125/0x190
[  676.520468][T13368]  do_syscall_64+0xcd/0x4c0
[  676.520494][T13368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.520511][T13368] RIP: 0033:0x7f5c3e58e929
[  676.520526][T13368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  676.520542][T13368] RSP: 002b:00007f5c3f491038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  676.520560][T13368] RAX: ffffffffffffffda RBX: 00007f5c3e7b5fa0 RCX: 00007f5c3e58e929
[  676.520571][T13368] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 000020000046f000
[  676.520582][T13368] RBP: 00007f5c3f491090 R08: 0000000000000003 R09: 0000000081d12000
[  676.520592][T13368] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  676.520602][T13368] R13: 0000000000000000 R14: 00007f5c3e7b5fa0 R15: 00007ffe1b0e9da8
[  676.520626][T13368]  </TASK>
[  676.730294][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  676.734115][    C0] vkms_vblank_simulate: vblank timer overrun
[  676.798150][    C0] vkms_vblank_simulate: vblank timer overrun
[  676.804118][    C0] hrtimer: interrupt took 283479590 ns
[  676.904180][    C0] vkms_vblank_simulate: vblank timer overrun
[  677.031005][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  677.100612][ T5900] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  677.100705][ T5953] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[  677.318499][ T5953] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  677.330962][ T5900] usb 4-1: unable to get BOS descriptor or descriptor too short
[  677.341970][ T5953] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  677.350409][ T5847] Bluetooth: hci5: command 0x0406 tx timeout
[  677.362671][ T5900] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  677.380385][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  677.392504][ T5900] usb 4-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  677.410532][ T5900] usb 4-1: config 1 interface 0 has no altsetting 0
[  677.495050][ T5900] usb 4-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  677.504310][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.519902][ T5900] usb 4-1: Product: syz
[  677.528290][ T5953] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  677.528671][ T5900] usb 4-1: Manufacturer: syz
[  677.557872][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  677.562455][ T5900] usb 4-1: SerialNumber: syz
[  677.597327][ T5953] usb 6-1: SerialNumber: syz
[  677.644385][ T5953] usb 6-1: 0:2 : does not exist
[  677.750315][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  677.872506][ T5900] smsusb:smsusb_probe: board id=8, interface number 0
[  677.879381][ T5900] smsusb:smsusb_probe: Device initialized with return code -19
[  677.978307][T13396] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  678.081423][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  678.189608][ T5842] usb 6-1: USB disconnect, device number 17
[  678.348055][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  678.399183][ T5900] usb 4-1: USB disconnect, device number 76
[  678.619411][T13397] Y speed is unknown, defaulting to 1000
[  678.642287][T13397] lo speed is unknown, defaulting to 1000
[  678.689841][T13403] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  678.790285][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  678.896987][T13408] SELinux: failed to load policy
[  678.921869][   T30] audit: type=1400 audit(2000000471.500:478): avc:  denied  { load_policy } for  pid=13404 comm="syz.4.2193" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  679.118766][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  679.188033][T13416] fuse: Unknown parameter 'user_id00000000000000000000'
[  679.840303][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  680.330587][ T5900] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  680.510804][ T5900] usb 6-1: Using ep0 maxpacket: 32
[  680.528766][ T5900] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  680.564477][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.631462][ T5900] usb 6-1: config 0 descriptor??
[  680.652390][ T5900] gspca_main: nw80x-2.14.0 probing 055f:d001
[  680.807350][T13448] syz.4.2201: attempt to access beyond end of device
[  680.807350][T13448] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  680.820654][T13448] hfsplus: unable to find HFS+ superblock
[  680.870283][    C1] net_ratelimit: 1 callbacks suppressed
[  680.870297][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  681.191823][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  681.410704][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  681.498760][   T30] audit: type=1400 audit(2000000474.110:479): avc:  denied  { search } for  pid=13421 comm="syz.5.2197" name="/" dev="configfs" ino=1225 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  681.589150][T13457] fuse: Unknown parameter 'user_id00000000000000000000'
[  681.709070][T13461] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2206'.
[  681.728550][   T30] audit: type=1400 audit(2000000474.110:480): avc:  denied  { search } for  pid=13421 comm="syz.5.2197" name="/" dev="configfs" ino=1225 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  681.764489][ T5900] gspca_nw80x: reg_r err -110
[  681.788662][ T5900] nw80x 6-1:0.0: probe with driver nw80x failed with error -110
[  681.910300][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  682.487292][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  682.960279][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  683.275118][   T10] usb 6-1: USB disconnect, device number 18
[  683.398484][T13477] 9pnet_fd: Insufficient options for proto=fd
[  683.643037][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  684.000267][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  684.390489][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  684.714217][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  685.092810][T13480] Y speed is unknown, defaulting to 1000
[  685.099321][T13480] lo speed is unknown, defaulting to 1000
[  685.121034][T13484] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  685.529101][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  685.575753][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  685.678501][T13502] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.070322][    C1] net_ratelimit: 4 callbacks suppressed
[  686.070340][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  686.444652][T13509] /dev/nullb0: Can't open blockdev
[  686.872203][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.110284][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  687.200315][ T5842] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  687.288880][   T10] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  687.296558][ T5953] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  687.360610][ T5842] usb 5-1: Using ep0 maxpacket: 32
[  687.367877][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  687.386757][ T5842] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  687.397589][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.400504][T13521] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  687.409201][ T5842] usb 5-1: config 0 descriptor??
[  687.420038][ T5842] hub 5-1:0.0: USB hub found
[  687.431292][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.460732][   T10] usb 2-1: Using ep0 maxpacket: 32
[  687.479193][ T5953] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  687.523088][T13522] /dev/nullb0: Can't open blockdev
[  687.562819][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  687.574462][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.585509][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  687.826947][ T5953] usb 4-1: config 0 descriptor??
[  687.855373][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.871735][ T5842] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  687.907377][   T10] usb 2-1: config 0 descriptor??
[  687.912656][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  687.935683][   T10] hub 2-1:0.0: USB hub found
[  688.150282][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  688.269865][ T5842] usbhid 5-1:0.0: can't add hid device: -71
[  688.272801][ T5953] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  688.287572][ T5842] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  688.301571][   T10] hub 2-1:0.0: config failed, can't read hub descriptor (err -22)
[  688.331505][ T5842] usb 5-1: USB disconnect, device number 82
[  688.640240][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  688.720991][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  688.770832][ T5953] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  688.777555][ T5953] [drm] Initialized udl on minor 2
[  688.803342][   T10] usb 2-1: USB disconnect, device number 67
[  688.950491][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  688.989973][   T30] audit: type=1400 audit(2000000481.600:481): avc:  denied  { audit_write } for  pid=13512 comm="syz.3.2223" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  688.991907][T13513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.021448][T13513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.035746][T13513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.049765][T13513] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.071427][ T5953] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9
[  689.081348][ T5953] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  689.088672][   T10] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  689.093614][T13537] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2231'.
[  689.098981][ T5953] usb 4-1: USB disconnect, device number 77
[  689.113423][   T10] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  689.179285][T13539] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  689.190313][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  690.230298][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  690.479062][T13539] /dev/nullb0: Can't open blockdev
[  690.494652][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  690.740369][ T5900] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  690.846673][T13549] FAULT_INJECTION: forcing a failure.
[  690.846673][T13549] name failslab, interval 1, probability 0, space 0, times 0
[  690.859680][T13549] CPU: 1 UID: 0 PID: 13549 Comm: syz.0.2235 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  690.859697][T13549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  690.859704][T13549] Call Trace:
[  690.859708][T13549]  <TASK>
[  690.859713][T13549]  dump_stack_lvl+0x16c/0x1f0
[  690.859732][T13549]  should_fail_ex+0x512/0x640
[  690.859745][T13549]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  690.859760][T13549]  should_failslab+0xc2/0x120
[  690.859776][T13549]  __kmalloc_cache_noprof+0x6a/0x3e0
[  690.859788][T13549]  ? __asan_memset+0x23/0x50
[  690.859799][T13549]  ? __netlink_diag_dump+0x5b5/0x7c0
[  690.859813][T13549]  ? __build_skb_around+0x278/0x3b0
[  690.859826][T13549]  __netlink_diag_dump+0x5b5/0x7c0
[  690.859843][T13549]  netlink_diag_dump+0x1a0/0x240
[  690.859859][T13549]  netlink_dump+0x51e/0xce0
[  690.859879][T13549]  ? __pfx_netlink_dump+0x10/0x10
[  690.859903][T13549]  __netlink_dump_start+0x6d6/0x990
[  690.859922][T13549]  netlink_diag_handler_dump+0x1b1/0x250
[  690.859936][T13549]  ? __pfx_netlink_diag_handler_dump+0x10/0x10
[  690.859950][T13549]  ? __pfx_netlink_diag_dump+0x10/0x10
[  690.859962][T13549]  ? __pfx_netlink_diag_dump_done+0x10/0x10
[  690.859976][T13549]  ? sock_diag_lock_handler+0x10f/0x2e0
[  690.859992][T13549]  sock_diag_rcv_msg+0x435/0x790
[  690.860006][T13549]  netlink_rcv_skb+0x158/0x420
[  690.860016][T13549]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  690.860030][T13549]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  690.860045][T13549]  ? netlink_deliver_tap+0x1ae/0xd30
[  690.860061][T13549]  ? is_vmalloc_addr+0x86/0xa0
[  690.860076][T13549]  netlink_unicast+0x53a/0x7f0
[  690.860088][T13549]  ? __pfx_netlink_unicast+0x10/0x10
[  690.860102][T13549]  netlink_sendmsg+0x8d1/0xdd0
[  690.860114][T13549]  ? __pfx_netlink_sendmsg+0x10/0x10
[  690.860130][T13549]  sock_write_iter+0x4ff/0x5b0
[  690.860141][T13549]  ? __pfx_sock_write_iter+0x10/0x10
[  690.860157][T13549]  ? __pfx_file_has_perm+0x10/0x10
[  690.860182][T13549]  do_iter_readv_writev+0x657/0x950
[  690.860204][T13549]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  690.860223][T13549]  ? selinux_file_permission+0x126/0x660
[  690.860259][T13549]  ? bpf_lsm_file_permission+0x9/0x10
[  690.860285][T13549]  ? security_file_permission+0x71/0x210
[  690.860309][T13549]  ? rw_verify_area+0xcf/0x680
[  690.860329][T13549]  vfs_writev+0x35f/0xde0
[  690.860355][T13549]  ? __pfx_vfs_writev+0x10/0x10
[  690.860394][T13549]  ? __fget_files+0x20e/0x3c0
[  690.860416][T13549]  ? __fget_files+0x170/0x3c0
[  690.860444][T13549]  ? do_writev+0x28c/0x340
[  690.860460][T13549]  do_writev+0x28c/0x340
[  690.860475][T13549]  ? __pfx_do_writev+0x10/0x10
[  690.860493][T13549]  do_syscall_64+0xcd/0x4c0
[  690.860509][T13549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.860520][T13549] RIP: 0033:0x7f594af8e929
[  690.860531][T13549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.860541][T13549] RSP: 002b:00007f5948df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  690.860552][T13549] RAX: ffffffffffffffda RBX: 00007f594b1b5fa0 RCX: 00007f594af8e929
[  690.860559][T13549] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000006
[  690.860564][T13549] RBP: 00007f5948df6090 R08: 0000000000000000 R09: 0000000000000000
[  690.860571][T13549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.860577][T13549] R13: 0000000000000000 R14: 00007f594b1b5fa0 R15: 00007ffe7aca5ae8
[  690.860590][T13549]  </TASK>
[  691.215294][ T5900] usb 6-1: Using ep0 maxpacket: 16
[  691.222785][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  691.233851][ T5900] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  691.243641][ T5900] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  691.256539][ T5900] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  691.265620][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.273706][    C1] net_ratelimit: 2 callbacks suppressed
[  691.273719][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  691.287626][ T5900] usb 6-1: config 0 descriptor??
[  691.380726][T13547] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2234'.
[  691.510626][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  691.740498][ T5953] usb 2-1: new full-speed USB device number 68 using dummy_hcd
[  691.854857][ T5900] HID 045e:07da: Invalid code 65791 type 1
[  691.874559][ T5900] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0024/input/input84
[  692.310281][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  692.340681][ T5900] microsoft 0003:045E:07DA.0024: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  692.376511][ T5900] usb 6-1: USB disconnect, device number 19
[  692.393441][ T5953] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  692.415239][ T5953] usb 2-1: config 0 has no interface number 0
[  692.434387][ T5953] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  692.446147][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.455313][ T5953] usb 2-1: Product: syz
[  692.459688][ T5953] usb 2-1: Manufacturer: syz
[  692.555414][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  692.570685][ T5953] usb 2-1: SerialNumber: syz
[  692.591060][ T5953] usb 2-1: config 0 descriptor??
[  692.681546][T13570] syz.4.2242: attempt to access beyond end of device
[  692.681546][T13570] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  692.697942][T13570] hfsplus: unable to find HFS+ superblock
[  692.769811][T13572] fuse: Unknown parameter 'user_id00000000000000000000'
[  692.815342][ T5953] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  692.855287][ T5953] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  692.880060][ T5953] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  692.899996][ T5953] usb 2-1: media controller created
[  692.910221][   T30] audit: type=1400 audit(2000000485.520:482): avc:  denied  { append } for  pid=13573 comm="syz.3.2244" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  692.933444][    C0] vkms_vblank_simulate: vblank timer overrun
[  692.947716][ T5953] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  693.004180][T13578] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2244'.
[  693.110877][ T5953] DVB: Unable to find symbol dib7000p_attach()
[  693.117922][ T5953] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  693.133723][ T5953] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  693.156427][ T5953] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  693.185992][ T5953] usb 2-1: media controller created
[  693.251060][ T5953] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  693.288278][ T5953] dib0700: the master dib7090 has to be initialized first
[  693.302257][ T5953] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  693.350303][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  693.631285][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  693.650544][ T5953] rc_core: IR keymap rc-dib0700-rc5 not found
[  693.670604][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  693.770286][ T5953] Registered IR keymap rc-empty
[  693.782217][ T5953] dvb-usb: could not initialize remote control.
[  693.796376][ T5953] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  693.819782][ T5953] usb 2-1: USB disconnect, device number 68
[  693.890928][ T5953] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  694.274204][T13605] fuse: Unknown parameter 'user_i00000000000000000000'
[  694.390417][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  694.400284][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  694.495267][T13607] fuse: Unknown parameter 'user_id00000000000000000000'
[  694.719317][T13609] syz.5.2252: attempt to access beyond end of device
[  694.719317][T13609] loop5: rw=2048, sector=2, nr_sectors = 1 limit=0
[  694.732567][T13609] hfsplus: unable to find HFS+ superblock
[  694.968631][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  696.480308][    C1] net_ratelimit: 2 callbacks suppressed
[  696.480328][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  697.042826][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.079761][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  697.510358][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  698.104667][T13633] netlink: 'syz.4.2262': attribute type 10 has an invalid length.
[  698.256175][T13634] fuse: blksize only supported for fuseblk
[  698.256439][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  698.267785][T13633] team0: Device ipvlan1 failed to register rx_handler
[  698.290363][   T30] audit: type=1400 audit(2000000490.840:483): avc:  denied  { ioctl } for  pid=13630 comm="syz.4.2262" path="socket:[36372]" dev="sockfs" ino=36372 ioctlcmd=0x7436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  698.341831][   T10] usb 4-1: new full-speed USB device number 78 using dummy_hcd
[  698.550287][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  698.623937][T13639] binder: 13638:13639 ioctl c0306201 200000000900 returned -11
[  698.638983][T13641] fuse: Unknown parameter 'user_id00000000000000000000'
[  698.650972][   T10] usb 4-1: config 0 has an invalid interface number: 93 but max is 0
[  698.659342][   T10] usb 4-1: config 0 has no interface number 0
[  698.682705][   T10] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  698.707931][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.759075][   T10] usb 4-1: Product: syz
[  698.774523][   T10] usb 4-1: Manufacturer: syz
[  698.779236][   T10] usb 4-1: SerialNumber: syz
[  698.786897][   T10] usb 4-1: config 0 descriptor??
[  698.910401][ T5900] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  698.967171][   T30] audit: type=1400 audit(2000000491.570:484): avc:  denied  { setopt } for  pid=13644 comm="syz.4.2267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  699.057411][   T30] audit: type=1400 audit(2000000491.570:485): avc:  denied  { bind } for  pid=13644 comm="syz.4.2267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  699.070310][   T10] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  699.100607][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  699.120476][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  699.142675][   T30] audit: type=1400 audit(2000000491.640:486): avc:  denied  { write } for  pid=13644 comm="syz.4.2267" path="socket:[36388]" dev="sockfs" ino=36388 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  699.166762][ T5900] usb 1-1: config 0 has no interfaces?
[  699.261714][   T10] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  699.272457][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  699.294199][ T5900] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  699.314529][   T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  699.328861][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.350749][ T5900] usb 1-1: Product: syz
[  699.362060][   T10] usb 4-1: media controller created
[  699.375352][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  699.382255][ T5900] usb 1-1: Manufacturer: syz
[  699.410571][ T5900] usb 1-1: SerialNumber: syz
[  699.550168][ T5900] usb 1-1: config 0 descriptor??
[  699.560705][   T10] DVB: Unable to find symbol dib7000p_attach()
[  699.576381][   T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  699.590398][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  699.604773][T13653] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  699.616000][   T10] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  699.698538][T13654] /dev/nullb0: Can't open blockdev
[  699.932767][   T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  699.973332][ T5953] usb 1-1: USB disconnect, device number 64
[  699.980306][   T10] usb 4-1: media controller created
[  699.987557][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  700.058613][   T10] dib0700: the master dib7090 has to be initialized first
[  700.080505][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.102260][   T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  700.292009][   T10] rc_core: IR keymap rc-dib0700-rc5 not found
[  700.298395][   T10] Registered IR keymap rc-empty
[  700.304906][   T10] dvb-usb: could not initialize remote control.
[  700.311648][   T10] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  700.312637][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  700.336603][   T10] usb 4-1: USB disconnect, device number 78
[  700.353104][   T10] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  700.650660][T13677] No control pipe specified
[  700.820612][T13677] fuse: Unknown parameter 'gugu–°ôè'
[  700.835443][T13679] fuse: Bad value for 'fd'
[  701.220324][ T5842] usb 1-1: new full-speed USB device number 65 using dummy_hcd
[  701.274225][T13696] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  701.380645][T13697] /dev/nullb0: Can't open blockdev
[  701.670489][    C1] net_ratelimit: 7 callbacks suppressed
[  701.670507][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  701.824193][T13693] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  701.830435][T13687] Y speed is unknown, defaulting to 1000
[  701.858693][ T5842] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[  701.868091][ T5842] usb 1-1: config 0 has no interface number 0
[  701.882462][ T5842] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  701.891729][T13687] lo speed is unknown, defaulting to 1000
[  701.898894][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.907959][ T5842] usb 1-1: Product: syz
[  701.912501][ T5842] usb 1-1: Manufacturer: syz
[  701.917227][ T5842] usb 1-1: SerialNumber: syz
[  701.927064][ T5842] usb 1-1: config 0 descriptor??
[  702.255176][ T5842] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  702.282352][ T5842] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  702.299346][ T5842] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  702.313217][ T5842] usb 1-1: media controller created
[  702.343564][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  702.710414][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  702.752774][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  702.798233][ T5842] DVB: Unable to find symbol dib7000p_attach()
[  702.819687][ T5842] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  702.828939][ T5842] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  702.844514][ T5842] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  702.853978][ T5842] usb 1-1: media controller created
[  702.861926][ T5842] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  702.880434][ T5953] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  702.880727][ T5842] dib0700: the master dib7090 has to be initialized first
[  702.896679][ T5842] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  702.983501][ T5842] rc_core: IR keymap rc-dib0700-rc5 not found
[  702.999171][ T5842] Registered IR keymap rc-empty
[  703.006604][ T5842] dvb-usb: could not initialize remote control.
[  703.013610][ T5842] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  703.060478][ T5953] usb 6-1: Using ep0 maxpacket: 32
[  703.093757][ T5842] usb 1-1: USB disconnect, device number 65
[  703.100353][ T5953] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  703.100382][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.124588][ T5953] usb 6-1: config 0 descriptor??
[  703.461933][ T5842] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  703.665348][ T5953] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  703.673653][ T5953] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  703.708566][ T5953] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  703.724085][T13729] fuse: Bad value for 'fd'
[  703.731701][ T5953] usb 6-1: media controller created
[  703.750272][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  703.752143][ T5953] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  703.809395][T13731] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2295'.
[  703.820738][ T5900] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  703.830485][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.838607][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  703.970435][ T5900] usb 2-1: Using ep0 maxpacket: 8
[  703.988310][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  704.009849][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  704.051746][T13739] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  704.055857][ T5900] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  704.109399][ T5900] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  704.154850][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.189446][ T5900] usb 2-1: config 0 descriptor??
[  704.398867][ T5900] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  704.623440][   T10] usb 2-1: USB disconnect, device number 69
[  704.759749][T13755] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2301'.
[  704.790298][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  705.127971][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  705.152023][T13754] netlink: 'syz.0.2302': attribute type 10 has an invalid length.
[  705.160099][T13754] veth1_vlan: entered allmulticast mode
[  705.167114][T13754] veth1_vlan: left promiscuous mode
[  705.214151][T13754] team0: Device veth1_vlan failed to register rx_handler
[  705.558425][T13759] fuse: Bad value for 'fd'
[  705.722005][T13766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2307'.
[  705.830288][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  706.870289][    C1] net_ratelimit: 1 callbacks suppressed
[  706.870310][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  707.127425][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.190861][ T5953] az6027: usb out operation failed. (-110)
[  707.204044][T13778] syz.3.2310 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  707.238581][ T5953] stb0899_attach: Driver disabled by Kconfig
[  707.273073][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  707.312056][ T5953] az6027: no front-end attached
[  707.312056][ T5953] 
[  707.376643][ T5953] az6027: usb out operation failed. (-32)
[  707.410936][ T5953] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  707.441372][ T5953] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input88
[  707.910314][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  708.024684][T13798] fuse: Unknown parameter '0x0000000000000004'
[  708.051681][ T5953] dvb-usb: schedule remote query interval to 400 msecs.
[  708.080388][ T5953] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  708.110622][ T5953] usb 6-1: USB disconnect, device number 20
[  708.309072][ T5953] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  708.340866][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  708.370141][T13814] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2323'.
[  708.592907][T13820] 9pnet_fd: Insufficient options for proto=fd
[  708.850359][ T5953] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  708.950300][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  708.992246][T13823] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2325'.
[  709.014963][ T5953] usb 6-1: unable to get BOS descriptor or descriptor too short
[  709.361000][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  709.361220][ T5953] usb 6-1: unable to read config index 0 descriptor/start: -71
[  709.403253][ T5953] usb 6-1: can't read configurations, error -71
[  709.751262][T13835] fuse: Unknown parameter '0x0000000000000004'
[  710.000256][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  710.022274][T13846] FAULT_INJECTION: forcing a failure.
[  710.022274][T13846] name failslab, interval 1, probability 0, space 0, times 0
[  710.051927][T13846] CPU: 1 UID: 0 PID: 13846 Comm: syz.1.2333 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  710.051944][T13846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  710.051952][T13846] Call Trace:
[  710.051956][T13846]  <TASK>
[  710.051961][T13846]  dump_stack_lvl+0x16c/0x1f0
[  710.051985][T13846]  should_fail_ex+0x512/0x640
[  710.051999][T13846]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  710.052013][T13846]  should_failslab+0xc2/0x120
[  710.052030][T13846]  __kmalloc_cache_noprof+0x6a/0x3e0
[  710.052042][T13846]  ? tcf_ife_init+0x215/0x14e0
[  710.052060][T13846]  tcf_ife_init+0x215/0x14e0
[  710.052080][T13846]  ? __pfx_tcf_ife_init+0x10/0x10
[  710.052104][T13846]  ? __asan_memcpy+0x3c/0x60
[  710.052118][T13846]  tcf_action_init_1+0x45d/0x6c0
[  710.052133][T13846]  ? __pfx_tcf_action_init_1+0x10/0x10
[  710.052153][T13846]  ? __nla_parse+0x40/0x60
[  710.052164][T13846]  tcf_action_init+0x432/0xa50
[  710.052182][T13846]  ? __pfx_tcf_action_init+0x10/0x10
[  710.052219][T13846]  ? __lock_acquire+0x622/0x1c90
[  710.052231][T13846]  ? __lock_acquire+0x622/0x1c90
[  710.052242][T13846]  tcf_action_add+0xee/0x5c0
[  710.052257][T13846]  ? __pfx_tcf_action_add+0x10/0x10
[  710.052290][T13846]  ? __nla_parse+0x40/0x60
[  710.052301][T13846]  tc_ctl_action+0x35b/0x470
[  710.052315][T13846]  ? __pfx_tc_ctl_action+0x10/0x10
[  710.052333][T13846]  ? __pfx_tc_ctl_action+0x10/0x10
[  710.052346][T13846]  rtnetlink_rcv_msg+0x3c9/0xe90
[  710.052363][T13846]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  710.052381][T13846]  ? __lock_acquire+0x622/0x1c90
[  710.052393][T13846]  netlink_rcv_skb+0x158/0x420
[  710.052404][T13846]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  710.052420][T13846]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  710.052435][T13846]  ? netlink_deliver_tap+0x1ae/0xd30
[  710.052451][T13846]  ? is_vmalloc_addr+0x86/0xa0
[  710.052466][T13846]  netlink_unicast+0x53a/0x7f0
[  710.052478][T13846]  ? __pfx_netlink_unicast+0x10/0x10
[  710.052492][T13846]  netlink_sendmsg+0x8d1/0xdd0
[  710.052505][T13846]  ? __pfx_netlink_sendmsg+0x10/0x10
[  710.052520][T13846]  ____sys_sendmsg+0xa95/0xc70
[  710.052533][T13846]  ? copy_msghdr_from_user+0x10a/0x160
[  710.052547][T13846]  ? __pfx_____sys_sendmsg+0x10/0x10
[  710.052564][T13846]  ___sys_sendmsg+0x134/0x1d0
[  710.052579][T13846]  ? __pfx____sys_sendmsg+0x10/0x10
[  710.052591][T13846]  ? __lock_acquire+0x622/0x1c90
[  710.052618][T13846]  __sys_sendmsg+0x16d/0x220
[  710.052632][T13846]  ? __pfx___sys_sendmsg+0x10/0x10
[  710.052655][T13846]  do_syscall_64+0xcd/0x4c0
[  710.052671][T13846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  710.052682][T13846] RIP: 0033:0x7f4ee658e929
[  710.052691][T13846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  710.052703][T13846] RSP: 002b:00007f4ee7327038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  710.052713][T13846] RAX: ffffffffffffffda RBX: 00007f4ee67b6160 RCX: 00007f4ee658e929
[  710.052720][T13846] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006
[  710.052726][T13846] RBP: 00007f4ee7327090 R08: 0000000000000000 R09: 0000000000000000
[  710.052732][T13846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  710.052738][T13846] R13: 0000000000000000 R14: 00007f4ee67b6160 R15: 00007ffd8254abe8
[  710.052752][T13846]  </TASK>
[  710.382475][T12736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.490958][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  710.860275][ T5953] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  711.233979][T13857] syz.3.2336: attempt to access beyond end of device
[  711.233979][T13857] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0
[  711.247159][T13857] hfsplus: unable to find HFS+ superblock
[  711.250214][ T5953] usb 6-1: Using ep0 maxpacket: 16
[  711.417676][ T5953] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  711.632276][T13861] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13861 comm=syz.0.2337
[  711.703311][ T5953] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  711.723997][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2337'.
[  711.835144][ T5953] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  711.844482][T13864] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  711.850213][ T5953] usb 6-1: New USB device strings: Mfr=0, Product=32, SerialNumber=0
[  711.859397][ T5953] usb 6-1: Product: syz
[  711.869481][ T5953] usb 6-1: config 0 descriptor??
[  712.070366][    C1] net_ratelimit: 2 callbacks suppressed
[  712.070387][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  712.110437][ T5900] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  712.174317][   T10] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  712.210024][T13870] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13870 comm=syz.0.2340
[  712.280847][ T5900] usb 5-1: Using ep0 maxpacket: 8
[  712.399498][T13869] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2340'.
[  712.413741][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  712.445690][ T5900] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  712.455995][ T1161] bridge_slave_1: left promiscuous mode
[  712.463757][   T10] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  712.476318][ T1161] bridge0: port 2(bridge_slave_1) entered disabled state
[  712.484626][   T10] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  712.489777][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.502333][   T10] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  712.507678][ T5900] usb 5-1: Product: syz
[  712.518158][ T5900] usb 5-1: Manufacturer: syz
[  712.524813][ T1161] bridge_slave_0: left promiscuous mode
[  712.525932][ T5900] usb 5-1: SerialNumber: syz
[  712.537625][ T5900] usb 5-1: config 0 descriptor??
[  712.543654][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  712.547880][ T5900] gspca_main: stk014-2.14.0 probing 05e1:0893
[  712.553106][ T1161] bridge0: port 1(bridge_slave_0) entered disabled state
[  712.558025][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  712.579239][T13867] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  712.587686][ T5900] usb 5-1: selecting invalid altsetting 1
[  712.649941][   T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  712.866921][   T10] usb 2-1: USB disconnect, device number 70
[  713.034875][ T5829] usb 5-1: USB disconnect, device number 83
[  713.110444][    C1] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  713.431613][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  713.599472][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  713.613746][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  713.767703][ T1161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  713.778142][ T1161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  713.787670][ T1161] bond0 (unregistering): Released all slaves
[  713.806382][T13874] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2328'.
[  713.943663][ T5953] usbhid 6-1:0.0: can't add hid device: -71
[  713.949642][ T5953] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  713.960692][ T5953] usb 6-1: USB disconnect, device number 23
[  714.004519][ T1161] tipc: Disabling bearer <udp:s>
[  714.031729][ T1161] tipc: Left network mode
[  714.142849][T13892] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2348'.
[  714.240352][ T5829] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  714.754591][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  714.834847][ T5829] usb 1-1: Using ep0 maxpacket: 16
[  714.860778][ T5829] usb 1-1: config 7 has an invalid interface number: 102 but max is 3
[  714.885728][ T5829] usb 1-1: config 7 has an invalid interface number: 130 but max is 3
[  714.910936][ T5829] usb 1-1: config 7 contains an unexpected descriptor of type 0x2, skipping
[  714.952349][ T5829] usb 1-1: config 7 has an invalid interface number: 246 but max is 3
[  714.995782][ T5829] usb 1-1: config 7 has an invalid interface number: 248 but max is 3
[  715.025508][ T5829] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  715.057761][ T5829] usb 1-1: config 7 has 5 interfaces, different from the descriptor's value: 4
[  715.080611][ T5829] usb 1-1: config 7 has no interface number 0
[  715.260378][ T5829] usb 1-1: config 7 has no interface number 1
[  715.266621][ T5829] usb 1-1: config 7 has no interface number 2
[  715.275742][ T5829] usb 1-1: config 7 has no interface number 4
[  715.284249][ T5829] usb 1-1: config 7 interface 102 altsetting 129 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  715.299921][ T5829] usb 1-1: config 7 interface 102 altsetting 129 has an endpoint descriptor with address 0x11, changing to 0x1
[  715.313957][ T5829] usb 1-1: config 7 interface 102 altsetting 129 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  715.327913][ T5829] usb 1-1: config 7 interface 130 altsetting 64 bulk endpoint 0x9 has invalid maxpacket 32
[  715.340909][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[  715.386553][ T5829] usb 1-1: config 7 interface 130 altsetting 64 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  715.440121][ T5829] usb 1-1: config 7 interface 130 altsetting 64 bulk endpoint 0x6 has invalid maxpacket 8
[  715.514190][ T5829] usb 1-1: config 7 interface 130 altsetting 64 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  715.577151][ T5829] usb 1-1: config 7 interface 130 altsetting 64 endpoint 0xD has an invalid bInterval 141, changing to 7
[  715.618346][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has a duplicate endpoint with address 0x6, skipping
[  715.653604][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has a duplicate endpoint with address 0x3, skipping
[  715.673155][ T5829] usb 1-1: config 7 interface 130 altsetting 64 endpoint 0x5 has an invalid bInterval 250, changing to 7
[  715.690083][ T5829] usb 1-1: config 7 interface 130 altsetting 64 endpoint 0x5 has invalid maxpacket 58864, setting to 1024
[  715.701977][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has a duplicate endpoint with address 0xE, skipping
[  715.803460][ T1161] hsr_slave_0: left promiscuous mode
[  715.831952][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  715.852738][ T1161] hsr_slave_1: left promiscuous mode
[  715.866562][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_0
[  715.874668][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has a duplicate endpoint with address 0xF, skipping
[  715.926788][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[  715.947313][ T1161] batman_adv: batadv0: Removing interface: batadv_slave_1
[  716.017404][ T5829] usb 1-1: config 7 interface 130 altsetting 64 has 15 endpoint descriptors, different from the interface descriptor's value: 14
[  716.245405][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has an endpoint descriptor with address 0x98, changing to 0x88
[  716.257801][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0x88, skipping
[  716.771903][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  716.810690][ T5953] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[  716.817899][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0xF, skipping
[  716.934478][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0xF, skipping
[  716.950892][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  716.999540][ T5829] usb 1-1: config 7 interface 246 altsetting 252 bulk endpoint 0x7 has invalid maxpacket 64
[  717.023757][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0x9, skipping
[  717.053180][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0xB, skipping
[  717.067023][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0xF, skipping
[  717.091885][ T5829] usb 1-1: config 7 interface 246 altsetting 252 endpoint 0xA has invalid maxpacket 1536, setting to 64
[  717.118077][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  717.123059][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has an invalid descriptor for endpoint zero, skipping
[  717.146217][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0xF, skipping
[  717.149478][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  717.172506][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has an invalid descriptor for endpoint zero, skipping
[  717.198352][ T5953] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  717.235971][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0x2, skipping
[  717.240390][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.264379][ T5829] usb 1-1: config 7 interface 246 altsetting 252 has a duplicate endpoint with address 0x5, skipping
[  717.436199][ T5953] usb 5-1: config 0 descriptor??
[  717.438056][ T5829] usb 1-1: config 7 interface 248 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  717.456814][ T5829] usb 1-1: too many endpoints for config 7 interface 3 altsetting 5: 137, using maximum allowed: 30
[  717.616247][T13925] binder: 13917:13925 ioctl 4018620d 0 returned -22
[  717.990654][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  717.999306][ T5829] usb 1-1: config 7 interface 3 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 137
[  718.014241][ T5829] usb 1-1: config 7 interface 102 has no altsetting 0
[  718.028127][ T5829] usb 1-1: config 7 interface 130 has no altsetting 0
[  718.035550][ T5829] usb 1-1: config 7 interface 246 has no altsetting 0
[  718.042948][ T5829] usb 1-1: config 7 interface 248 has no altsetting 0
[  718.049958][ T5829] usb 1-1: config 7 interface 3 has no altsetting 0
[  718.058254][ T5829] usb 1-1: string descriptor 0 read error: -71
[  718.066939][ T5829] usb 1-1: New USB device found, idVendor=0ac8, idProduct=307b, bcdDevice=84.e2
[  718.157615][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.172781][ T5829] usb 1-1: can't set config #7, error -71
[  718.222615][ T5829] usb 1-1: USB disconnect, device number 66
[  718.442279][T13935] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  718.740040][ T1161] team0 (unregistering): Port device team_slave_1 removed
[  718.836135][T13938] syz.5.2358: attempt to access beyond end of device
[  718.836135][T13938] loop5: rw=2048, sector=2, nr_sectors = 1 limit=0
[  718.849442][T13938] hfsplus: unable to find HFS+ superblock
[  718.966968][ T1161] team0 (unregistering): Port device team_slave_0 removed
[  719.044183][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  719.357875][ T5953] usbhid 5-1:0.0: can't add hid device: -71
[  719.366155][ T5953] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  719.394486][ T5953] usb 5-1: USB disconnect, device number 84
[  719.593625][T13927] Y speed is unknown, defaulting to 1000
[  719.617488][T13927] lo speed is unknown, defaulting to 1000
[  720.018597][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  720.071853][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  720.145024][ T5829] usb 4-1: new full-speed USB device number 79 using dummy_hcd
[  720.662586][ T1161] IPVS: stop unused estimator thread 0...
[  720.787932][ T5829] usb 4-1: unable to read config index 0 descriptor/start: -71
[  720.990433][ T5829] usb 4-1: can't read configurations, error -71
[  721.113016][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.150530][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  722.297628][T13974] overlay: Unknown parameter 'M0× ¾hÙá7Àu¸™±WõÕ¶ý�ÂŒvúÞd
âá‹P\BužjBp/¹èS'
[  723.438510][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.457886][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.466046][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.474155][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.484601][ T2969] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.494018][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.504008][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.520745][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  723.532512][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  724.035480][   T30] audit: type=1400 audit(2000000516.640:487): avc:  denied  { bind } for  pid=13987 comm="syz.4.2373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  724.170847][T13997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13997 comm=syz.0.2375
[  724.211984][T13997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2375'.
[  724.425951][   T30] audit: type=1400 audit(2000000516.650:488): avc:  denied  { listen } for  pid=13987 comm="syz.4.2373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  724.551781][   T30] audit: type=1400 audit(2000000516.650:489): avc:  denied  { accept } for  pid=13987 comm="syz.4.2373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  724.631494][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  725.191659][T14013] syz.1.2381: attempt to access beyond end of device
[  725.191659][T14013] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0
[  725.204960][T14013] hfsplus: unable to find HFS+ superblock
[  726.133204][T14024] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14024 comm=syz.5.2384
[  726.160778][T14024] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2384'.
[  726.907288][   T30] audit: type=1400 audit(2000000519.520:490): avc:  denied  { ioctl } for  pid=14028 comm="syz.5.2389" path="socket:[38215]" dev="sockfs" ino=38215 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  726.931982][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.376722][   T30] audit: type=1400 audit(2000000519.990:491): avc:  denied  { write } for  pid=14033 comm="syz.4.2390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  727.527425][T14042] netlink: 'syz.4.2392': attribute type 1 has an invalid length.
[  727.535381][T14042] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2392'.
[  727.722849][T14045] ubi: mtd0 is already attached to ubi31
[  727.770118][T14049] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2396'.
[  727.781412][ T5842] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  727.791831][T14047] FAULT_INJECTION: forcing a failure.
[  727.791831][T14047] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  727.809105][T14047] CPU: 0 UID: 0 PID: 14047 Comm: syz.0.2395 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  727.809134][T14047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  727.809143][T14047] Call Trace:
[  727.809149][T14047]  <TASK>
[  727.809157][T14047]  dump_stack_lvl+0x16c/0x1f0
[  727.809182][T14047]  should_fail_ex+0x512/0x640
[  727.809208][T14047]  copy_fpstate_to_sigframe+0x854/0xaf0
[  727.809235][T14047]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  727.809255][T14047]  ? posixtimer_deliver_signal+0xed/0x6a0
[  727.809279][T14047]  ? posixtimer_deliver_signal+0x1af/0x6a0
[  727.809295][T14047]  ? x86_task_fpu+0x5f/0x90
[  727.809315][T14047]  get_sigframe+0x4a8/0x9c0
[  727.809337][T14047]  ? __pfx_get_sigframe+0x10/0x10
[  727.809355][T14047]  ? _raw_spin_unlock_irq+0x23/0x50
[  727.809375][T14047]  ? siginfo_layout+0x177/0x290
[  727.809397][T14047]  x64_setup_rt_frame+0x12e/0xcf0
[  727.809422][T14047]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  727.809448][T14047]  arch_do_signal_or_restart+0x5e4/0x7d0
[  727.809469][T14047]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  727.809496][T14047]  ? __pfx_do_writev+0x10/0x10
[  727.809522][T14047]  exit_to_user_mode_loop+0x84/0x110
[  727.809543][T14047]  do_syscall_64+0x3f6/0x4c0
[  727.809568][T14047]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  727.809584][T14047] RIP: 0033:0x7f594af8e927
[  727.809599][T14047] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  727.809615][T14047] RSP: 002b:00007f5948df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  727.809633][T14047] RAX: 0000000000000014 RBX: 00007f594b1b5fa0 RCX: 00007f594af8e929
[  727.809644][T14047] RDX: 0000000000000001 RSI: 0000200000000640 RDI: 0000000000000004
[  727.809654][T14047] RBP: 00007f5948df6090 R08: 0000000000000000 R09: 0000000000000000
[  727.809664][T14047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  727.809675][T14047] R13: 0000000000000000 R14: 00007f594b1b5fa0 R15: 00007ffe7aca5ae8
[  727.809699][T14047]  </TASK>
[  728.012316][    C0] vkms_vblank_simulate: vblank timer overrun
[  728.090354][ T5842] usb 5-1: Using ep0 maxpacket: 16
[  728.187492][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.279270][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  728.359621][ T5842] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  728.451064][ T5842] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  728.462100][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.474432][ T5842] usb 5-1: config 0 descriptor??
[  728.597690][T14061] net_ratelimit: 4 callbacks suppressed
[  728.597719][T14061] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  728.790854][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  728.986115][ T8810] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.031085][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.039858][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.059805][T14066] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  729.337913][T14062] Y speed is unknown, defaulting to 1000
[  729.379342][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.386957][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.395169][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.398586][T14065] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14065 comm=syz.0.2401
[  729.402911][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.421246][T14065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2401'.
[  729.422623][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.439088][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.446739][ T5842] microsoft 0003:045E:07DA.0025: unknown main item tag 0x0
[  729.504132][T14062] lo speed is unknown, defaulting to 1000
[  729.548225][T14067] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2392'.
[  729.600503][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  729.773908][ T5842] microsoft 0003:045E:07DA.0025: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  729.840244][T14069] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  729.857432][ T5842] microsoft 0003:045E:07DA.0025: no inputs found
[  729.870458][ T5842] microsoft 0003:045E:07DA.0025: could not initialize ff, continuing anyway
[  730.394413][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  730.422089][T14076] /dev/nullb0: Can't open blockdev
[  730.638499][ T5953] usb 1-1: new full-speed USB device number 67 using dummy_hcd
[  730.743432][ T5842] usb 5-1: USB disconnect, device number 85
[  730.836151][ T5953] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  730.849814][ T5953] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  730.902815][ T5953] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  731.051559][ T5953] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  731.096106][ T5953] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  731.138911][T14086] syz.4.2406: attempt to access beyond end of device
[  731.138911][T14086] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  731.152383][T14086] hfsplus: unable to find HFS+ superblock
[  731.482173][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  731.517380][ T5953] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  731.536555][ T5953] usb 1-1: Manufacturer: syz
[  731.553516][ T5953] usb 1-1: config 0 descriptor??
[  731.761633][T14088] Y speed is unknown, defaulting to 1000
[  731.769020][T14088] lo speed is unknown, defaulting to 1000
[  731.873757][T14089] syz.5.2405: attempt to access beyond end of device
[  731.873757][T14089] loop5: rw=2048, sector=2, nr_sectors = 1 limit=0
[  731.899495][T14089] hfsplus: unable to find HFS+ superblock
[  731.960404][ T5953] rc_core: IR keymap rc-hauppauge not found
[  731.991961][ T5953] Registered IR keymap rc-empty
[  732.042999][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  732.206325][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  732.263606][ T5953] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  732.438146][ T5953] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input89
[  732.466641][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  732.631198][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.639383][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  732.686135][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  732.693466][ T5881] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  732.880697][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  732.940327][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  732.972332][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  733.001507][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  733.011314][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  733.026478][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  733.046178][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  733.072965][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  733.083908][ T5881] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  733.109711][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.130284][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  733.152785][ T5881] usb 2-1: config 0 descriptor??
[  733.170680][ T5953] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  733.225909][ T5953] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  733.275747][ T5953] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  733.304020][ T5953] usb 1-1: USB disconnect, device number 67
[  733.670557][ T5829] net_ratelimit: 1 callbacks suppressed
[  733.670575][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  734.045955][T14112] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2413'.
[  734.711283][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  734.722859][ T8797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  734.732054][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  734.735363][T14117] Y speed is unknown, defaulting to 1000
[  734.746704][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  734.826776][T14117] lo speed is unknown, defaulting to 1000
[  735.036790][T14125] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14125 comm=syz.4.2418
[  735.081850][T14125] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2418'.
[  735.350273][ T5881] usbhid 2-1:0.0: can't add hid device: -71
[  735.363987][ T5881] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  735.403437][ T5881] usb 2-1: USB disconnect, device number 71
[  735.698420][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  735.830496][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  736.456489][T14147] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  736.520003][ T5881] libceph: connect (1)[c::]:6789 error -101
[  736.550524][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  736.571493][T14153] ceph: No mds server is up or the cluster is laggy
[  736.892023][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  737.674041][T14179] syz.5.2429: attempt to access beyond end of device
[  737.674041][T14179] loop5: rw=2048, sector=2, nr_sectors = 1 limit=0
[  737.687411][T14179] hfsplus: unable to find HFS+ superblock
[  738.047357][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  738.450273][ T5842] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  738.704382][ T5842] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  738.849273][ T5842] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  739.001945][ T5842] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  739.065211][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  739.110905][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  739.131942][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.356452][T14180] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  740.134872][T14184] 9pnet_fd: Insufficient options for proto=fd
[  740.142859][ T5842] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  740.164674][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  740.188505][T14180] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[  740.195152][T14180] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  740.203217][T14180] vhci_hcd vhci_hcd.0: Device attached
[  740.392365][T14186] vhci_hcd: connection closed
[  740.394398][ T5842] usb 1-1: USB disconnect, device number 68
[  740.394793][   T61] vhci_hcd: stop threads
[  740.444293][   T61] vhci_hcd: release socket
[  740.450848][ T5990] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[  740.458542][   T61] vhci_hcd: disconnect device
[  740.472561][ T2969] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  740.539618][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  740.553011][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.218395][T14200] tipc: Started in network mode
[  741.227383][T14200] tipc: Node identity 4eea2ca4423d, cluster identity 4711
[  741.237438][T14200] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  741.330976][   T30] audit: type=1400 audit(2000000533.940:492): avc:  denied  { read } for  pid=14199 comm="syz.5.2436" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  741.571798][T14200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.580467][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.590750][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  741.671726][T14199] tipc: Resetting bearer <eth:syzkaller0>
[  742.070382][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  742.400777][ T5829] tipc: Node number set to 215428260
[  743.017922][T14217] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  745.111152][ T5829] net_ratelimit: 3 callbacks suppressed
[  745.111170][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  745.124850][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  745.434147][T14199] tipc: Disabling bearer <eth:syzkaller0>
[  745.453631][T14222] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2440'.
[  745.527560][T14214] Y speed is unknown, defaulting to 1000
[  745.534400][T14214] lo speed is unknown, defaulting to 1000
[  745.580492][ T5990] vhci_hcd: vhci_device speed not set
[  745.756519][T14235] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2444'.
[  746.150809][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  746.880904][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  746.887438][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  747.222795][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  747.943032][T14260] FAULT_INJECTION: forcing a failure.
[  747.943032][T14260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.956380][T14260] CPU: 1 UID: 0 PID: 14260 Comm: syz.4.2448 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  747.956405][T14260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  747.956416][T14260] Call Trace:
[  747.956423][T14260]  <TASK>
[  747.956430][T14260]  dump_stack_lvl+0x16c/0x1f0
[  747.956459][T14260]  should_fail_ex+0x512/0x640
[  747.956485][T14260]  _copy_to_user+0x32/0xd0
[  747.956512][T14260]  copy_to_sockptr_offset+0x15c/0x1b0
[  747.956532][T14260]  ? __pfx_copy_to_sockptr_offset+0x10/0x10
[  747.956548][T14260]  ? sockopt_release_sock+0x52/0x60
[  747.956574][T14260]  ? __local_bh_enable_ip+0xa4/0x120
[  747.956595][T14260]  ? lockdep_hardirqs_on+0x7c/0x110
[  747.956622][T14260]  do_ipv6_getsockopt+0xc71/0x2f50
[  747.956640][T14260]  ? rcu_is_watching+0x12/0xc0
[  747.956666][T14260]  ? __pfx_do_ipv6_getsockopt+0x10/0x10
[  747.956683][T14260]  ? rcu_is_watching+0x12/0xc0
[  747.956715][T14260]  ? avc_has_perm+0x11a/0x1c0
[  747.956739][T14260]  ? __lock_acquire+0xb8a/0x1c90
[  747.956764][T14260]  ? ipv6_getsockopt+0x126/0x280
[  747.956781][T14260]  ipv6_getsockopt+0x126/0x280
[  747.956801][T14260]  ? __pfx_ipv6_getsockopt+0x10/0x10
[  747.956819][T14260]  ? __might_fault+0xe3/0x190
[  747.956845][T14260]  ? __might_fault+0x13b/0x190
[  747.956874][T14260]  udpv6_getsockopt+0x61/0xb0
[  747.956894][T14260]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  747.956922][T14260]  do_sock_getsockopt+0x3ff/0x800
[  747.956942][T14260]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  747.956957][T14260]  ? __fget_files+0x204/0x3c0
[  747.956993][T14260]  __sys_getsockopt+0x12f/0x260
[  747.957021][T14260]  __x64_sys_getsockopt+0xbd/0x160
[  747.957042][T14260]  ? do_syscall_64+0x91/0x4c0
[  747.957065][T14260]  ? lockdep_hardirqs_on+0x7c/0x110
[  747.957087][T14260]  do_syscall_64+0xcd/0x4c0
[  747.957113][T14260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.957130][T14260] RIP: 0033:0x7f5c3e58e929
[  747.957145][T14260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.957161][T14260] RSP: 002b:00007f5c3f44f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  747.957178][T14260] RAX: ffffffffffffffda RBX: 00007f5c3e7b6160 RCX: 00007f5c3e58e929
[  747.957190][T14260] RDX: 000000000000003b RSI: 0000000000000029 RDI: 0000000000000006
[  747.957200][T14260] RBP: 00007f5c3f44f090 R08: 00002000000002c0 R09: 0000000000000000
[  747.957212][T14260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.957222][T14260] R13: 0000000000000000 R14: 00007f5c3e7b6160 R15: 00007ffe1b0e9da8
[  747.957247][T14260]  </TASK>
[  748.216876][ T5956] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  748.457216][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.012455][   T30] audit: type=1400 audit(2000000541.630:493): avc:  denied  { map } for  pid=14269 comm="syz.3.2453" path="socket:[38603]" dev="sockfs" ino=38603 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  749.016630][T14275] FAULT_INJECTION: forcing a failure.
[  749.016630][T14275] name failslab, interval 1, probability 0, space 0, times 0
[  749.060419][T14270] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2453'.
[  749.066541][T14275] CPU: 1 UID: 0 PID: 14275 Comm: syz.0.2454 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  749.066564][T14275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  749.066573][T14275] Call Trace:
[  749.066580][T14275]  <TASK>
[  749.066586][T14275]  dump_stack_lvl+0x16c/0x1f0
[  749.066611][T14275]  should_fail_ex+0x512/0x640
[  749.066630][T14275]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  749.066653][T14275]  should_failslab+0xc2/0x120
[  749.066674][T14275]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  749.066694][T14275]  ? __alloc_skb+0x2b2/0x380
[  749.066713][T14275]  ? bpf_lsm_capable+0x9/0x10
[  749.066732][T14275]  __alloc_skb+0x2b2/0x380
[  749.066750][T14275]  ? __pfx___alloc_skb+0x10/0x10
[  749.066768][T14275]  ? genl_rcv_msg+0x520/0x800
[  749.066784][T14275]  ? genl_rcv_msg+0x4bb/0x800
[  749.066806][T14275]  netlink_ack+0x15d/0xb80
[  749.066822][T14275]  ? __lock_acquire+0x622/0x1c90
[  749.066841][T14275]  netlink_rcv_skb+0x332/0x420
[  749.066855][T14275]  ? __pfx_genl_rcv_msg+0x10/0x10
[  749.066873][T14275]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  749.066897][T14275]  ? netlink_deliver_tap+0x1ae/0xd30
[  749.066919][T14275]  ? is_vmalloc_addr+0x86/0xa0
[  749.066940][T14275]  genl_rcv+0x28/0x40
[  749.066954][T14275]  netlink_unicast+0x53a/0x7f0
[  749.066972][T14275]  ? __pfx_netlink_unicast+0x10/0x10
[  749.066993][T14275]  netlink_sendmsg+0x8d1/0xdd0
[  749.067012][T14275]  ? __pfx_netlink_sendmsg+0x10/0x10
[  749.067035][T14275]  ____sys_sendmsg+0xa95/0xc70
[  749.067051][T14275]  ? copy_msghdr_from_user+0x10a/0x160
[  749.067071][T14275]  ? __pfx_____sys_sendmsg+0x10/0x10
[  749.067097][T14275]  ___sys_sendmsg+0x134/0x1d0
[  749.067118][T14275]  ? __pfx____sys_sendmsg+0x10/0x10
[  749.067136][T14275]  ? __lock_acquire+0x622/0x1c90
[  749.067178][T14275]  __sys_sendmsg+0x16d/0x220
[  749.067198][T14275]  ? __pfx___sys_sendmsg+0x10/0x10
[  749.067232][T14275]  do_syscall_64+0xcd/0x4c0
[  749.067255][T14275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.067270][T14275] RIP: 0033:0x7f594af8e929
[  749.067283][T14275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  749.067297][T14275] RSP: 002b:00007f5948df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  749.067312][T14275] RAX: ffffffffffffffda RBX: 00007f594b1b5fa0 RCX: 00007f594af8e929
[  749.067322][T14275] RDX: 0000000000040810 RSI: 00002000000002c0 RDI: 0000000000000004
[  749.067331][T14275] RBP: 00007f5948df6090 R08: 0000000000000000 R09: 0000000000000000
[  749.067340][T14275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  749.067349][T14275] R13: 0000000000000000 R14: 00007f594b1b5fa0 R15: 00007ffe7aca5ae8
[  749.067369][T14275]  </TASK>
[  749.514218][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  749.765618][T14270] gretap0: entered promiscuous mode
[  749.785497][T14289] sch_tbf: burst 8 is lower than device team0 mtu (1514) !
[  750.550800][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  751.064707][ T5956] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  751.323763][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  751.953368][ T5956] usb 2-1: Using ep0 maxpacket: 16
[  752.081450][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  753.105315][   T30] audit: type=1400 audit(2000000545.720:494): avc:  denied  { write } for  pid=14323 comm="syz.3.2464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  753.124619][    C0] vkms_vblank_simulate: vblank timer overrun
[  753.268649][T14324] xt_CT: No such helper "snmp"
[  753.334688][   T30] audit: type=1400 audit(2000000545.850:495): avc:  denied  { listen } for  pid=14323 comm="syz.3.2464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  753.398591][T14324] Bluetooth: MGMT ver 1.23
[  753.972345][T14340] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2467'.
[  755.189164][T14352] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2472'.
[  755.217164][T14352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2472'.
[  755.264737][T14355] binder: BINDER_SET_CONTEXT_MGR already set
[  755.278484][T14355] binder: 14354:14355 ioctl 4018620d 200000000040 returned -16
[  755.306654][T14357] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2474'.
[  755.810517][T14365] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  755.834966][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  756.313609][T14365] /dev/nullb0: Can't open blockdev
[  756.630923][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  756.750516][T14370] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2477'.
[  756.948727][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  757.458035][ T5956] usb 2-1: device descriptor read/all, error -110
[  757.580677][ T5953] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  757.590751][ T5956] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  757.741631][ T5953] usb 5-1: Using ep0 maxpacket: 32
[  757.752859][ T5953] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  757.763956][ T5956] usb 2-1: device descriptor read/64, error -32
[  757.774428][ T5953] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  757.788224][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  758.061697][ T5956] usb usb2-port1: attempt power cycle
[  758.085947][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  758.096283][ T5953] usb 5-1: config 0 descriptor??
[  758.128676][ T5953] hub 5-1:0.0: USB hub found
[  758.159418][T14386] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  758.320924][ T5953] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  758.430546][ T5881] usb 1-1: new full-speed USB device number 69 using dummy_hcd
[  758.591830][T14392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2485'.
[  758.629648][ T5881] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[  758.652661][ T5881] usb 1-1: config 0 has no interface number 0
[  758.787484][ T5953] usbhid 5-1:0.0: can't add hid device: -71
[  759.001496][ T5953] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  759.035344][ T5881] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  759.048953][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.067561][ T5881] usb 1-1: Product: syz
[  759.072678][ T5953] usb 5-1: USB disconnect, device number 86
[  759.084922][ T5881] usb 1-1: Manufacturer: syz
[  759.107296][ T5881] usb 1-1: SerialNumber: syz
[  759.113137][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  759.124468][ T5881] usb 1-1: config 0 descriptor??
[  759.519498][ T5881] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  759.555062][ T5881] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  759.597243][ T5881] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  759.606104][ T5881] usb 1-1: media controller created
[  759.619202][ T5881] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  759.671291][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  759.698714][ T5881] DVB: Unable to find symbol dib7000p_attach()
[  759.708678][ T5881] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  759.717622][ T5881] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  759.726731][ T5881] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  759.735661][ T5881] usb 1-1: media controller created
[  759.746929][ T5881] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  759.779757][ T5881] dib0700: the master dib7090 has to be initialized first
[  759.787178][ T5881] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  759.870529][ T5881] rc_core: IR keymap rc-dib0700-rc5 not found
[  760.302662][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  760.315839][T14405] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14405 comm=syz.5.2489
[  760.330761][T14405] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2489'.
[  760.341277][ T5881] Registered IR keymap rc-empty
[  760.353576][ T5881] dvb-usb: could not initialize remote control.
[  760.363850][ T5881] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  760.385314][ T5881] usb 1-1: USB disconnect, device number 69
[  761.255608][ T5881] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  761.351147][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  761.379916][T14414] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2491'.
[  761.573982][T14425] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2496'.
[  761.593147][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  762.290206][ T5953] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  762.974911][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  763.067200][T12736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  763.240365][ T5953] usb 5-1: Using ep0 maxpacket: 8
[  763.251933][ T5953] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  763.262568][ T5953] usb 5-1: config 0 has no interface number 0
[  763.268699][ T5953] usb 5-1: too many endpoints for config 0 interface 31 altsetting 60: 115, using maximum allowed: 30
[  763.280680][ T5953] usb 5-1: config 0 interface 31 altsetting 60 has 0 endpoint descriptors, different from the interface descriptor's value: 115
[  763.294582][ T5953] usb 5-1: config 0 interface 31 has no altsetting 0
[  763.314632][ T5953] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  763.340232][ T5953] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.365388][ T5953] usb 5-1: config 0 descriptor??
[  763.894008][ T5953] usb 5-1: string descriptor 0 read error: -32
[  763.991247][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  764.347802][ T5953] asix 5-1:0.31 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  764.378867][ T5953] asix 5-1:0.31: probe with driver asix failed with error -71
[  764.454563][   T30] audit: type=1400 audit(2000000557.070:496): avc:  denied  { getopt } for  pid=14448 comm="syz.5.2503" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  764.473625][ T5953] usb 5-1: USB disconnect, device number 87
[  764.594016][T14453] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14453 comm=syz.1.2501
[  764.606477][   T30] audit: type=1400 audit(2000000557.210:497): avc:  denied  { write } for  pid=14452 comm="syz.0.2505" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  764.614581][T14453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2501'.
[  764.943081][T14457] FAULT_INJECTION: forcing a failure.
[  764.943081][T14457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  764.956590][T14457] CPU: 1 UID: 0 PID: 14457 Comm: syz.0.2505 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  764.956616][T14457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  764.956627][T14457] Call Trace:
[  764.956635][T14457]  <TASK>
[  764.956644][T14457]  dump_stack_lvl+0x16c/0x1f0
[  764.956674][T14457]  should_fail_ex+0x512/0x640
[  764.956703][T14457]  _copy_from_user+0x2e/0xd0
[  764.956729][T14457]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[  764.956752][T14457]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  764.956780][T14457]  copy_group_source_from_sockptr+0x17c/0x550
[  764.956802][T14457]  ? __pfx_copy_group_source_from_sockptr+0x10/0x10
[  764.956825][T14457]  ? lock_acquire+0x179/0x350
[  764.956843][T14457]  ? find_held_lock+0x2b/0x80
[  764.956869][T14457]  ? mark_held_locks+0x49/0x80
[  764.956895][T14457]  ? finish_task_switch.isra.0+0x221/0xc10
[  764.956918][T14457]  ? lockdep_hardirqs_on+0x7c/0x110
[  764.956941][T14457]  ? finish_task_switch.isra.0+0x221/0xc10
[  764.956964][T14457]  ? rcu_is_watching+0x12/0xc0
[  764.956987][T14457]  ? trace_sched_exit_tp+0xde/0x130
[  764.957013][T14457]  ? __schedule+0x1181/0x5de0
[  764.957043][T14457]  do_ipv6_mcast_group_source+0xb4/0x260
[  764.957064][T14457]  ? __pfx_do_ipv6_mcast_group_source+0x10/0x10
[  764.957106][T14457]  ? preempt_schedule_thunk+0x16/0x30
[  764.957139][T14457]  do_ipv6_setsockopt+0x26bf/0x4400
[  764.957164][T14457]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  764.957205][T14457]  ? __pfx___schedule+0x10/0x10
[  764.957242][T14457]  ? rcu_is_watching+0x12/0xc0
[  764.957277][T14457]  ? irqentry_exit+0x3b/0x90
[  764.957299][T14457]  ? lockdep_hardirqs_on+0x7c/0x110
[  764.957331][T14457]  ? ipv6_setsockopt+0xcb/0x170
[  764.957347][T14457]  ipv6_setsockopt+0xcb/0x170
[  764.957368][T14457]  udpv6_setsockopt+0x7d/0xd0
[  764.957390][T14457]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  764.957417][T14457]  do_sock_setsockopt+0x221/0x470
[  764.957444][T14457]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  764.957487][T14457]  __sys_setsockopt+0x1a0/0x230
[  764.957513][T14457]  __x64_sys_setsockopt+0xbd/0x160
[  764.957534][T14457]  ? do_syscall_64+0x91/0x4c0
[  764.957557][T14457]  ? lockdep_hardirqs_on+0x7c/0x110
[  764.957584][T14457]  do_syscall_64+0xcd/0x4c0
[  764.957610][T14457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  764.957628][T14457] RIP: 0033:0x7f594af8e929
[  764.957643][T14457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  764.957659][T14457] RSP: 002b:00007f5948db4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  764.957677][T14457] RAX: ffffffffffffffda RBX: 00007f594b1b6160 RCX: 00007f594af8e929
[  764.957689][T14457] RDX: 000000000000002e RSI: 0000000000000029 RDI: 0000000000000007
[  764.957700][T14457] RBP: 00007f5948db4090 R08: 0000000000000108 R09: 0000000000000000
[  764.957710][T14457] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001
[  764.957721][T14457] R13: 0000000000000000 R14: 00007f594b1b6160 R15: 00007ffe7aca5ae8
[  764.957746][T14457]  </TASK>
[  765.306801][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  765.356758][T14458] netlink: 'syz.5.2506': attribute type 1 has an invalid length.
[  765.384128][T14465] FAULT_INJECTION: forcing a failure.
[  765.384128][T14465] name failslab, interval 1, probability 0, space 0, times 0
[  765.399554][T14465] CPU: 1 UID: 0 PID: 14465 Comm: syz.3.2507 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  765.399572][T14465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  765.399579][T14465] Call Trace:
[  765.399583][T14465]  <TASK>
[  765.399588][T14465]  dump_stack_lvl+0x16c/0x1f0
[  765.399607][T14465]  should_fail_ex+0x512/0x640
[  765.399621][T14465]  ? __kmalloc_noprof+0xbf/0x510
[  765.399636][T14465]  ? __br_vlan_set_default_pvid+0xa8/0x1170
[  765.399652][T14465]  should_failslab+0xc2/0x120
[  765.399668][T14465]  __kmalloc_noprof+0xd2/0x510
[  765.399685][T14465]  __br_vlan_set_default_pvid+0xa8/0x1170
[  765.399703][T14465]  ? __pfx___br_vlan_set_default_pvid+0x10/0x10
[  765.399719][T14465]  ? trace_contention_end+0x70/0x130
[  765.399730][T14465]  ? __mutex_lock+0x1ca/0xb90
[  765.399747][T14465]  br_changelink+0x4ea/0x1710
[  765.399761][T14465]  ? __pfx_br_changelink+0x10/0x10
[  765.399776][T14465]  ? ns_capable+0xd7/0x110
[  765.399788][T14465]  ? netlink_ns_capable+0xfa/0x130
[  765.399805][T14465]  ? __pfx_br_changelink+0x10/0x10
[  765.399818][T14465]  rtnl_newlink+0x129e/0x2000
[  765.399838][T14465]  ? __pfx_rtnl_newlink+0x10/0x10
[  765.399851][T14465]  ? find_held_lock+0x2b/0x80
[  765.399865][T14465]  ? avc_has_perm_noaudit+0x117/0x3b0
[  765.399878][T14465]  ? avc_has_perm_noaudit+0x149/0x3b0
[  765.399889][T14465]  ? cred_has_capability.isra.0+0x193/0x2f0
[  765.399914][T14465]  ? find_held_lock+0x2b/0x80
[  765.399926][T14465]  ? __pfx_rtnl_newlink+0x10/0x10
[  765.399940][T14465]  ? __pfx_rtnl_newlink+0x10/0x10
[  765.399954][T14465]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  765.399969][T14465]  ? __pfx_rtnl_newlink+0x10/0x10
[  765.399984][T14465]  rtnetlink_rcv_msg+0x95b/0xe90
[  765.400000][T14465]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  765.400018][T14465]  ? __lock_acquire+0x622/0x1c90
[  765.400031][T14465]  netlink_rcv_skb+0x158/0x420
[  765.400041][T14465]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  765.400057][T14465]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  765.400080][T14465]  ? netlink_deliver_tap+0x1ae/0xd30
[  765.400105][T14465]  ? is_vmalloc_addr+0x86/0xa0
[  765.400126][T14465]  netlink_unicast+0x53a/0x7f0
[  765.400144][T14465]  ? __pfx_netlink_unicast+0x10/0x10
[  765.400166][T14465]  netlink_sendmsg+0x8d1/0xdd0
[  765.400185][T14465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  765.400210][T14465]  ____sys_sendmsg+0xa95/0xc70
[  765.400227][T14465]  ? copy_msghdr_from_user+0x10a/0x160
[  765.400241][T14465]  ? __pfx_____sys_sendmsg+0x10/0x10
[  765.400258][T14465]  ___sys_sendmsg+0x134/0x1d0
[  765.400273][T14465]  ? __pfx____sys_sendmsg+0x10/0x10
[  765.400286][T14465]  ? __lock_acquire+0x622/0x1c90
[  765.400318][T14465]  __sys_sendmsg+0x16d/0x220
[  765.400332][T14465]  ? __pfx___sys_sendmsg+0x10/0x10
[  765.400356][T14465]  do_syscall_64+0xcd/0x4c0
[  765.400372][T14465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.400384][T14465] RIP: 0033:0x7fb5d8d8e929
[  765.400393][T14465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  765.400404][T14465] RSP: 002b:00007fb5d9bc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  765.400414][T14465] RAX: ffffffffffffffda RBX: 00007fb5d8fb5fa0 RCX: 00007fb5d8d8e929
[  765.400421][T14465] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  765.400427][T14465] RBP: 00007fb5d9bc0090 R08: 0000000000000000 R09: 0000000000000000
[  765.400433][T14465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  765.400439][T14465] R13: 0000000000000000 R14: 00007fb5d8fb5fa0 R15: 00007fff9ba17b48
[  765.400453][T14465]  </TASK>
[  765.784804][T14458] netlink: 168864 bytes leftover after parsing attributes in process `syz.5.2506'.
[  766.071422][T12736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  766.482112][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.047321][T14486] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  767.235316][T14489] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  767.405482][   T30] audit: type=1400 audit(2000000559.800:498): avc:  denied  { mount } for  pid=14484 comm="syz.1.2514" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  767.698414][   T30] audit: type=1400 audit(2000000559.810:499): avc:  denied  { mounton } for  pid=14484 comm="syz.1.2514" path="/475/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  767.720938][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  767.735941][T14491] netlink: 'syz.4.2515': attribute type 2 has an invalid length.
[  767.757474][T14491] FAULT_INJECTION: forcing a failure.
[  767.757474][T14491] name failslab, interval 1, probability 0, space 0, times 0
[  767.791501][T14491] CPU: 1 UID: 0 PID: 14491 Comm: syz.4.2515 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  767.791530][T14491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  767.791541][T14491] Call Trace:
[  767.791548][T14491]  <TASK>
[  767.791555][T14491]  dump_stack_lvl+0x16c/0x1f0
[  767.791586][T14491]  should_fail_ex+0x512/0x640
[  767.791609][T14491]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  767.791635][T14491]  should_failslab+0xc2/0x120
[  767.791660][T14491]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  767.791684][T14491]  ? __alloc_skb+0x2b2/0x380
[  767.791711][T14491]  __alloc_skb+0x2b2/0x380
[  767.791732][T14491]  ? __pfx___alloc_skb+0x10/0x10
[  767.791754][T14491]  ? genl_rcv_msg+0x4bb/0x800
[  767.791780][T14491]  netlink_ack+0x15d/0xb80
[  767.791799][T14491]  ? __lock_acquire+0x622/0x1c90
[  767.791821][T14491]  netlink_rcv_skb+0x332/0x420
[  767.791838][T14491]  ? __pfx_genl_rcv_msg+0x10/0x10
[  767.791857][T14491]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  767.791885][T14491]  ? netlink_deliver_tap+0x1ae/0xd30
[  767.791911][T14491]  ? is_vmalloc_addr+0x86/0xa0
[  767.791940][T14491]  genl_rcv+0x28/0x40
[  767.791955][T14491]  netlink_unicast+0x53a/0x7f0
[  767.791975][T14491]  ? __pfx_netlink_unicast+0x10/0x10
[  767.791999][T14491]  netlink_sendmsg+0x8d1/0xdd0
[  767.792020][T14491]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.792047][T14491]  ____sys_sendmsg+0xa95/0xc70
[  767.792065][T14491]  ? copy_msghdr_from_user+0x10a/0x160
[  767.792088][T14491]  ? __pfx_____sys_sendmsg+0x10/0x10
[  767.792117][T14491]  ___sys_sendmsg+0x134/0x1d0
[  767.792142][T14491]  ? __pfx____sys_sendmsg+0x10/0x10
[  767.792162][T14491]  ? __lock_acquire+0x622/0x1c90
[  767.792210][T14491]  __sys_sendmsg+0x16d/0x220
[  767.792240][T14491]  ? __pfx___sys_sendmsg+0x10/0x10
[  767.792281][T14491]  do_syscall_64+0xcd/0x4c0
[  767.792307][T14491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.792325][T14491] RIP: 0033:0x7f5c3e58e929
[  767.792339][T14491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  767.792356][T14491] RSP: 002b:00007f5c3f491038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  767.792373][T14491] RAX: ffffffffffffffda RBX: 00007f5c3e7b5fa0 RCX: 00007f5c3e58e929
[  767.792385][T14491] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  767.792395][T14491] RBP: 00007f5c3f491090 R08: 0000000000000000 R09: 0000000000000000
[  767.792406][T14491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  767.792416][T14491] R13: 0000000000000000 R14: 00007f5c3e7b5fa0 R15: 00007ffe1b0e9da8
[  767.792441][T14491]  </TASK>
[  767.879278][   T30] audit: type=1400 audit(2000000560.420:500): avc:  denied  { unmount } for  pid=5840 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  768.430447][T14503] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14503 comm=syz.4.2519
[  768.456124][T14503] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2519'.
[  768.791130][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  769.121300][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  769.271250][   T30] audit: type=1400 audit(2000000561.890:501): avc:  denied  { read } for  pid=14511 comm="syz.3.2521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  769.290755][    C0] vkms_vblank_simulate: vblank timer overrun
[  769.416680][T14521] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  769.690243][ T5900] usb 1-1: new full-speed USB device number 70 using dummy_hcd
[  769.873569][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  770.031551][ T5900] usb 1-1: config 0 has an invalid interface number: 93 but max is 0
[  770.039766][ T5900] usb 1-1: config 0 has no interface number 0
[  770.048569][ T5900] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  770.066001][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.075247][ T5900] usb 1-1: Product: syz
[  770.079526][ T5900] usb 1-1: Manufacturer: syz
[  770.084267][ T5900] usb 1-1: SerialNumber: syz
[  770.092375][ T5900] usb 1-1: config 0 descriptor??
[  770.220550][ T5990] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  770.254400][T14532] FAULT_INJECTION: forcing a failure.
[  770.254400][T14532] name failslab, interval 1, probability 0, space 0, times 0
[  770.270892][T14532] CPU: 1 UID: 0 PID: 14532 Comm: syz.4.2528 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  770.270919][T14532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  770.270930][T14532] Call Trace:
[  770.270936][T14532]  <TASK>
[  770.270944][T14532]  dump_stack_lvl+0x16c/0x1f0
[  770.270973][T14532]  should_fail_ex+0x512/0x640
[  770.270998][T14532]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  770.271024][T14532]  should_failslab+0xc2/0x120
[  770.271050][T14532]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  770.271072][T14532]  ? __alloc_skb+0x2b2/0x380
[  770.271095][T14532]  ? bpf_lsm_capable+0x9/0x10
[  770.271118][T14532]  __alloc_skb+0x2b2/0x380
[  770.271138][T14532]  ? __pfx___alloc_skb+0x10/0x10
[  770.271160][T14532]  ? genl_rcv_msg+0x520/0x800
[  770.271179][T14532]  ? genl_rcv_msg+0x4bb/0x800
[  770.271205][T14532]  netlink_ack+0x15d/0xb80
[  770.271224][T14532]  ? __lock_acquire+0x622/0x1c90
[  770.271243][T14532]  netlink_rcv_skb+0x332/0x420
[  770.271260][T14532]  ? __pfx_genl_rcv_msg+0x10/0x10
[  770.271281][T14532]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  770.271309][T14532]  ? netlink_deliver_tap+0x1ae/0xd30
[  770.271332][T14532]  ? is_vmalloc_addr+0x86/0xa0
[  770.271357][T14532]  genl_rcv+0x28/0x40
[  770.271373][T14532]  netlink_unicast+0x53a/0x7f0
[  770.271393][T14532]  ? __pfx_netlink_unicast+0x10/0x10
[  770.271417][T14532]  netlink_sendmsg+0x8d1/0xdd0
[  770.271438][T14532]  ? __pfx_netlink_sendmsg+0x10/0x10
[  770.271465][T14532]  ____sys_sendmsg+0xa95/0xc70
[  770.271488][T14532]  ? copy_msghdr_from_user+0x10a/0x160
[  770.271511][T14532]  ? __pfx_____sys_sendmsg+0x10/0x10
[  770.271542][T14532]  ___sys_sendmsg+0x134/0x1d0
[  770.271567][T14532]  ? __pfx____sys_sendmsg+0x10/0x10
[  770.271587][T14532]  ? __lock_acquire+0x622/0x1c90
[  770.271635][T14532]  __sys_sendmsg+0x16d/0x220
[  770.271658][T14532]  ? __pfx___sys_sendmsg+0x10/0x10
[  770.271699][T14532]  do_syscall_64+0xcd/0x4c0
[  770.271725][T14532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.271742][T14532] RIP: 0033:0x7f5c3e58e929
[  770.271757][T14532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.271774][T14532] RSP: 002b:00007f5c3f491038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  770.271791][T14532] RAX: ffffffffffffffda RBX: 00007f5c3e7b5fa0 RCX: 00007f5c3e58e929
[  770.271803][T14532] RDX: 0000000000000080 RSI: 0000200000000100 RDI: 0000000000000003
[  770.271813][T14532] RBP: 00007f5c3f491090 R08: 0000000000000000 R09: 0000000000000000
[  770.271823][T14532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  770.271833][T14532] R13: 0000000000000000 R14: 00007f5c3e7b5fa0 R15: 00007ffe1b0e9da8
[  770.271857][T14532]  </TASK>
[  770.275521][T14533] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  770.548022][T14533] [U] J"—e:ÀÆ"


[  770.600844][ T5900] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  770.755315][ T5990] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  770.769579][ T5900] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  770.785942][ T5900] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  770.797519][ T5990] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.950743][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  770.960331][ T5900] usb 1-1: media controller created
[  770.977502][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  770.987056][ T5990] usb 6-1: config 0 descriptor??
[  771.011253][ T5990] cp210x 6-1:0.0: cp210x converter detected
[  771.350582][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  771.388209][T14528] [U] 
[  771.592336][ T5900] DVB: Unable to find symbol dib7000p_attach()
[  771.599405][ T5990] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  771.634227][ T5900] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  771.657124][ T5990] cp210x 6-1:0.0: failed to get vendor val 0x370c size 73: -32
[  771.666371][ T5900] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  771.675117][ T5990] cp210x 6-1:0.0: GPIO initialisation failed: -32
[  771.709943][ T5900] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  771.722581][ T5990] usb 6-1: cp210x converter now attached to ttyUSB0
[  771.746459][ T5990] usb 6-1: USB disconnect, device number 24
[  771.753956][ T5900] usb 1-1: media controller created
[  771.786867][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  771.796005][ T5990] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  771.822099][ T5990] cp210x 6-1:0.0: device disconnected
[  771.835887][ T5900] dib0700: the master dib7090 has to be initialized first
[  771.857279][ T5900] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  771.990833][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.110557][ T5900] rc_core: IR keymap rc-dib0700-rc5 not found
[  772.137097][T14555] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  772.189277][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  772.816295][ T5900] Registered IR keymap rc-empty
[  772.918013][ T5900] dvb-usb: could not initialize remote control.
[  772.940418][ T5900] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  772.986567][   T30] audit: type=1400 audit(2000000565.600:502): avc:  denied  { map } for  pid=14559 comm="syz.5.2536" path="socket:[40314]" dev="sockfs" ino=40314 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  773.009615][    C0] vkms_vblank_simulate: vblank timer overrun
[  773.014569][ T5900] usb 1-1: USB disconnect, device number 70
[  773.034598][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  773.063671][ T5900] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  773.082398][   T30] audit: type=1400 audit(2000000565.700:503): avc:  denied  { getopt } for  pid=14561 comm="syz.4.2538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  773.792849][T14570] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2537'.
[  774.071400][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  774.465050][   T30] audit: type=1400 audit(2000000566.940:504): avc:  denied  { setopt } for  pid=14579 comm="syz.5.2543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  774.523935][T14582] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2544'.
[  774.591560][ T5953] usb 4-1: new low-speed USB device number 81 using dummy_hcd
[  774.764785][ T5953] usb 4-1: Invalid ep0 maxpacket: 16
[  774.942619][   T30] audit: type=1400 audit(2000000567.550:505): avc:  denied  { listen } for  pid=14587 comm="syz.5.2546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  775.000565][ T5953] usb 4-1: new low-speed USB device number 82 using dummy_hcd
[  775.110608][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  775.170390][ T5953] usb 4-1: Invalid ep0 maxpacket: 16
[  775.176911][ T5953] usb usb4-port1: attempt power cycle
[  775.205369][T12736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  775.474612][T14592] syz.5.2546: attempt to access beyond end of device
[  775.474612][T14592] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[  775.530312][ T5953] usb 4-1: new low-speed USB device number 83 using dummy_hcd
[  775.550988][ T5953] usb 4-1: Invalid ep0 maxpacket: 16
[  775.710575][ T5953] usb 4-1: new low-speed USB device number 84 using dummy_hcd
[  775.732249][ T5953] usb 4-1: Invalid ep0 maxpacket: 16
[  775.753625][ T5953] usb usb4-port1: unable to enumerate USB device
[  776.152159][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  776.999718][   T30] audit: type=1400 audit(2000000568.860:506): avc:  denied  { cmd } for  pid=14607 comm="syz.0.2551" path="socket:[39742]" dev="sockfs" ino=39742 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  777.022623][    C0] vkms_vblank_simulate: vblank timer overrun
[  777.198331][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  777.327534][T14623] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  777.335930][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  777.392987][T14624] sp0: Synchronizing with TNC
[  777.416795][ T3001] 
[  777.419138][ T3001] =====================================================
[  777.426066][ T3001] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  777.433522][ T3001] 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 Not tainted
[  777.440636][ T3001] -----------------------------------------------------
[  777.447568][ T3001] kworker/u8:7/3001 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  777.455379][ T3001] ffffffff8f79a598 (disc_data_lock){.+.+}-{3:3}, at: sp_get+0x18/0xf0
[  777.463581][ T3001] 
[  777.463581][ T3001] and this task is already holding:
[  777.470943][ T3001] ffffffff9b0c4db8 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30
[  777.479657][ T3001] which would create a new lock dependency:
[  777.485538][ T3001]  (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock){.+.+}-{3:3}
[  777.493205][ T3001] 
[  777.493205][ T3001] but this new dependency connects a HARDIRQ-irq-safe lock:
[  777.502643][ T3001]  (&port_lock_key){-.-.}-{3:3}
[  777.502669][ T3001] 
[  777.502669][ T3001] ... which became HARDIRQ-irq-safe at:
[  777.515233][ T3001]   lock_acquire+0x179/0x350
[  777.519839][ T3001]   _raw_spin_lock_irqsave+0x3a/0x60
[  777.525136][ T3001]   serial8250_handle_irq+0x95/0xcb0
[  777.530422][ T3001]   serial8250_default_handle_irq+0x9a/0x210
[  777.536399][ T3001]   serial8250_interrupt+0x103/0x210
[  777.541680][ T3001]   __handle_irq_event_percpu+0x22c/0x7d0
[  777.547407][ T3001]   handle_irq_event+0xab/0x1e0
[  777.552260][ T3001]   handle_edge_irq+0x28e/0xab0
[  777.557108][ T3001]   __common_interrupt+0xe2/0x250
[  777.562132][ T3001]   common_interrupt+0xba/0xe0
[  777.566892][ T3001]   asm_common_interrupt+0x26/0x40
[  777.571999][ T3001]   _raw_spin_unlock_irqrestore+0x31/0x80
[  777.577720][ T3001]   uart_write+0x2a4/0xb30
[  777.582138][ T3001]   n_tty_write+0x40f/0x1160
[  777.586723][ T3001]   file_tty_write.constprop.0+0x501/0x9b0
[  777.592530][ T3001]   redirected_tty_write+0xd4/0x150
[  777.597728][ T3001]   vfs_write+0x6c7/0x1150
[  777.602141][ T3001]   ksys_write+0x12a/0x250
[  777.606556][ T3001]   do_syscall_64+0xcd/0x4c0
[  777.611147][ T3001]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.617123][ T3001] 
[  777.617123][ T3001] to a HARDIRQ-irq-unsafe lock:
[  777.624133][ T3001]  (disc_data_lock){.+.+}-{3:3}
[  777.624161][ T3001] 
[  777.624161][ T3001] ... which became HARDIRQ-irq-unsafe at:
[  777.636874][ T3001] ...
[  777.636884][ T3001]   lock_acquire+0x179/0x350
[  777.644043][ T3001]   _raw_read_lock+0x5f/0x70
[  777.648632][ T3001]   sp_get+0x18/0xf0
[  777.652529][ T3001]   sixpack_ioctl+0x73/0x440
[  777.657123][ T3001]   tty_ioctl+0x700/0x1640
[  777.661540][ T3001]   __x64_sys_ioctl+0x18b/0x210
[  777.666389][ T3001]   do_syscall_64+0xcd/0x4c0
[  777.670981][ T3001]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.676955][ T3001] 
[  777.676955][ T3001] other info that might help us debug this:
[  777.676955][ T3001] 
[  777.687174][ T3001]  Possible interrupt unsafe locking scenario:
[  777.687174][ T3001] 
[  777.695483][ T3001]        CPU0                    CPU1
[  777.700840][ T3001]        ----                    ----
[  777.706193][ T3001]   lock(disc_data_lock);
[  777.710522][ T3001]                                local_irq_disable();
[  777.717266][ T3001]                                lock(&port_lock_key);
[  777.724113][ T3001]                                lock(disc_data_lock);
[  777.730957][ T3001]   <Interrupt>
[  777.734405][ T3001]     lock(&port_lock_key);
[  777.738907][ T3001] 
[  777.738907][ T3001]  *** DEADLOCK ***
[  777.738907][ T3001] 
[  777.747043][ T3001] 6 locks held by kworker/u8:7/3001:
[  777.752317][ T3001]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  777.763463][ T3001]  #1: ffffc9000c4e7d10 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  777.774515][ T3001]  #2: ffff888025c48ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x34/0x780
[  777.783573][ T3001]  #3: ffff888044d6b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80
[  777.792887][ T3001]  #4: ffffffff9b0c4db8 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30
[  777.802034][ T3001]  #5: ffff888044d6b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80
[  777.811362][ T3001] 
[  777.811362][ T3001] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  777.821768][ T3001] -> (&port_lock_key){-.-.}-{3:3} {
[  777.826984][ T3001]    IN-HARDIRQ-W at:
[  777.830958][ T3001]                     lock_acquire+0x179/0x350
[  777.837110][ T3001]                     _raw_spin_lock_irqsave+0x3a/0x60
[  777.843957][ T3001]                     serial8250_handle_irq+0x95/0xcb0
[  777.850803][ T3001]                     serial8250_default_handle_irq+0x9a/0x210
[  777.858341][ T3001]                     serial8250_interrupt+0x103/0x210
[  777.865188][ T3001]                     __handle_irq_event_percpu+0x22c/0x7d0
[  777.872468][ T3001]                     handle_irq_event+0xab/0x1e0
[  777.878880][ T3001]                     handle_edge_irq+0x28e/0xab0
[  777.885291][ T3001]                     __common_interrupt+0xe2/0x250
[  777.891879][ T3001]                     common_interrupt+0xba/0xe0
[  777.898205][ T3001]                     asm_common_interrupt+0x26/0x40
[  777.904874][ T3001]                     _raw_spin_unlock_irqrestore+0x31/0x80
[  777.912155][ T3001]                     uart_write+0x2a4/0xb30
[  777.918135][ T3001]                     n_tty_write+0x40f/0x1160
[  777.924284][ T3001]                     file_tty_write.constprop.0+0x501/0x9b0
[  777.931656][ T3001]                     redirected_tty_write+0xd4/0x150
[  777.938420][ T3001]                     vfs_write+0x6c7/0x1150
[  777.944401][ T3001]                     ksys_write+0x12a/0x250
[  777.950386][ T3001]                     do_syscall_64+0xcd/0x4c0
[  777.956543][ T3001]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.964085][ T3001]    IN-SOFTIRQ-W at:
[  777.968061][ T3001]                     lock_acquire+0x179/0x350
[  777.974213][ T3001]                     _raw_spin_lock_irqsave+0x3a/0x60
[  777.981062][ T3001]                     serial8250_handle_irq+0x95/0xcb0
[  777.987906][ T3001]                     serial8250_default_handle_irq+0x9a/0x210
[  777.995465][ T3001]                     serial8250_interrupt+0x103/0x210
[  778.002322][ T3001]                     __handle_irq_event_percpu+0x22c/0x7d0
[  778.009614][ T3001]                     handle_irq_event+0xab/0x1e0
[  778.016029][ T3001]                     handle_edge_irq+0x28e/0xab0
[  778.022442][ T3001]                     __common_interrupt+0xe2/0x250
[  778.029029][ T3001]                     common_interrupt+0x61/0xe0
[  778.035358][ T3001]                     asm_common_interrupt+0x26/0x40
[  778.042031][ T3001]                     lock_acquire+0x62/0x350
[  778.048092][ T3001]                     unwind_next_frame+0xd1/0x20a0
[  778.054673][ T3001]                     arch_stack_walk+0x94/0x100
[  778.060999][ T3001]                     stack_trace_save+0x8e/0xc0
[  778.067327][ T3001]                     kasan_save_stack+0x33/0x60
[  778.073658][ T3001]                     kasan_save_track+0x14/0x30
[  778.079984][ T3001]                     kasan_save_free_info+0x3b/0x60
[  778.086655][ T3001]                     __kasan_slab_free+0x51/0x70
[  778.093085][ T3001]                     slab_free_after_rcu_debug+0x10d/0x340
[  778.100369][ T3001]                     rcu_core+0x79c/0x14e0
[  778.106263][ T3001]                     handle_softirqs+0x219/0x8e0
[  778.112674][ T3001]                     __irq_exit_rcu+0x109/0x170
[  778.118998][ T3001]                     irq_exit_rcu+0x9/0x30
[  778.124892][ T3001]                     sysvec_apic_timer_interrupt+0xa4/0xc0
[  778.132179][ T3001]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  778.139807][ T3001]                     pv_native_safe_halt+0xf/0x20
[  778.146307][ T3001]                     default_idle+0x13/0x20
[  778.152292][ T3001]                     default_idle_call+0x6d/0xb0
[  778.158699][ T3001]                     do_idle+0x391/0x510
[  778.164417][ T3001]                     cpu_startup_entry+0x4f/0x60
[  778.170831][ T3001]                     start_secondary+0x21d/0x2b0
[  778.177243][ T3001]                     common_startup_64+0x13e/0x148
[  778.183825][ T3001]    INITIAL USE at:
[  778.187713][ T3001]                    lock_acquire+0x179/0x350
[  778.193776][ T3001]                    _raw_spin_lock_irqsave+0x3a/0x60
[  778.200537][ T3001]                    serial8250_do_set_termios+0x310/0x1710
[  778.207812][ T3001]                    serial8250_set_termios+0x6e/0x80
[  778.214568][ T3001]                    uart_set_options+0x31a/0x5f0
[  778.220981][ T3001]                    serial8250_console_setup+0x189/0x450
[  778.228087][ T3001]                    univ8250_console_setup+0x1eb/0x2e0
[  778.235017][ T3001]                    try_enable_preferred_console+0x2fd/0x530
[  778.242474][ T3001]                    register_console+0x3ab/0x11b0
[  778.248971][ T3001]                    univ8250_console_init+0x5f/0x90
[  778.255649][ T3001]                    console_init+0x14f/0x680
[  778.261718][ T3001]                    start_kernel+0x29f/0x4d0
[  778.267785][ T3001]                    x86_64_start_reservations+0x18/0x30
[  778.270453][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  778.274800][ T3001]                    x86_64_start_kernel+0x130/0x190
[  778.274825][ T3001]                    common_startup_64+0x13e/0x148
[  778.296016][ T3001]  }
[  778.298507][ T3001]  ... key      at: [<ffffffff9b0c4020>] port_lock_key+0x0/0x40
[  778.306138][ T3001] 
[  778.306138][ T3001] the dependencies between the lock to be acquired
[  778.306148][ T3001]  and HARDIRQ-irq-unsafe lock:
[  778.319669][ T3001] -> (disc_data_lock){.+.+}-{3:3} {
[  778.324886][ T3001]    HARDIRQ-ON-R at:
[  778.328881][ T3001]                     lock_acquire+0x179/0x350
[  778.335044][ T3001]                     _raw_read_lock+0x5f/0x70
[  778.341247][ T3001]                     sp_get+0x18/0xf0
[  778.346723][ T3001]                     sixpack_ioctl+0x73/0x440
[  778.352896][ T3001]                     tty_ioctl+0x700/0x1640
[  778.358896][ T3001]                     __x64_sys_ioctl+0x18b/0x210
[  778.365327][ T3001]                     do_syscall_64+0xcd/0x4c0
[  778.369651][T14626] Y speed is unknown, defaulting to 1000
[  778.371492][ T3001]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.371516][ T3001]    SOFTIRQ-ON-R at:
[  778.371529][ T3001]                     lock_acquire+0x179/0x350
[  778.371543][ T3001]                     _raw_read_lock+0x5f/0x70
[  778.371560][ T3001]                     sp_get+0x18/0xf0
[  778.371579][ T3001]                     sixpack_ioctl+0x73/0x440
[  778.371598][ T3001]                     tty_ioctl+0x700/0x1640
[  778.371618][ T3001]                     __x64_sys_ioctl+0x18b/0x210
[  778.377954][T14626] lo speed is unknown, defaulting to 1000
[  778.384877][ T3001]                     do_syscall_64+0xcd/0x4c0
[  778.384911][ T3001]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.384930][ T3001]    INITIAL USE at:
[  778.384941][ T3001]                    lock_acquire+0x179/0x350
[  778.454347][ T3001]                    _raw_write_lock_irq+0x36/0x50
[  778.460846][ T3001]                    sixpack_close+0x1e/0x2f0
[  778.466901][ T3001]                    tty_ldisc_close+0x114/0x1a0
[  778.473216][ T3001]                    tty_ldisc_kill+0x8e/0x150
[  778.479369][ T3001]                    tty_ldisc_release+0x109/0x2e0
[  778.485853][ T3001]                    tty_release_struct+0x23/0xe0
[  778.492265][ T3001]                    tty_release+0xe2d/0x1430
[  778.498315][ T3001]                    __fput+0x402/0xb70
[  778.503840][ T3001]                    task_work_run+0x14d/0x240
[  778.509974][ T3001]                    exit_to_user_mode_loop+0xeb/0x110
[  778.516805][ T3001]                    do_syscall_64+0x3f6/0x4c0
[  778.522945][ T3001]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.530516][ T3001]    INITIAL READ USE at:
[  778.534835][ T3001]                         lock_acquire+0x179/0x350
[  778.541323][ T3001]                         _raw_read_lock+0x5f/0x70
[  778.547816][ T3001]                         sp_get+0x18/0xf0
[  778.553626][ T3001]                         sixpack_ioctl+0x73/0x440
[  778.560114][ T3001]                         tty_ioctl+0x700/0x1640
[  778.566451][ T3001]                         __x64_sys_ioctl+0x18b/0x210
[  778.573195][ T3001]                         do_syscall_64+0xcd/0x4c0
[  778.579688][ T3001]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.587562][ T3001]  }
[  778.590042][ T3001]  ... key      at: [<ffffffff8f79a598>] disc_data_lock+0x18/0xfe0
[  778.598095][ T3001]  ... acquired at:
[  778.601878][ T3001]    lock_acquire+0x179/0x350
[  778.606536][ T3001]    _raw_read_lock+0x5f/0x70
[  778.611210][ T3001]    sp_get+0x18/0xf0
[  778.615179][ T3001]    sixpack_write_wakeup+0x20/0x390
[  778.620453][ T3001]    tty_wakeup+0xe8/0x120
[  778.624853][ T3001]    tty_port_default_wakeup+0x2a/0x40
[  778.630299][ T3001]    serial8250_tx_chars+0x68e/0x860
[  778.635577][ T3001]    __start_tx+0x3e9/0x4a0
[  778.640067][ T3001]    serial8250_start_tx+0x368/0x530
[  778.645349][ T3001]    __uart_start+0x295/0x4c0
[  778.650012][ T3001]    uart_write+0x218/0xb30
[  778.654503][ T3001]    sixpack_receive_buf+0x3d3/0x1c90
[  778.659861][ T3001]    tty_ldisc_receive_buf+0x15a/0x1a0
[  778.665330][ T3001]    tty_port_default_receive_buf+0x70/0xb0
[  778.671231][ T3001]    flush_to_ldisc+0x268/0x780
[  778.676068][ T3001]    process_one_work+0x9cf/0x1b70
[  778.681163][ T3001]    worker_thread+0x6c8/0xf10
[  778.685907][ T3001]    kthread+0x3c5/0x780
[  778.690133][ T3001]    ret_from_fork+0x5d7/0x6f0
[  778.694886][ T3001]    ret_from_fork_asm+0x1a/0x30
[  778.699808][ T3001] 
[  778.702129][ T3001] 
[  778.702129][ T3001] stack backtrace:
[  778.708000][ T3001] CPU: 0 UID: 0 PID: 3001 Comm: kworker/u8:7 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) 
[  778.708017][ T3001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  778.708027][ T3001] Workqueue: events_unbound flush_to_ldisc
[  778.708047][ T3001] Call Trace:
[  778.708052][ T3001]  <TASK>
[  778.708058][ T3001]  dump_stack_lvl+0x116/0x1f0
[  778.708076][ T3001]  check_irq_usage+0x7dc/0x920
[  778.708100][ T3001]  ? check_path.constprop.0+0x24/0x50
[  778.708121][ T3001]  ? __lock_acquire+0x1285/0x1c90
[  778.708132][ T3001]  __lock_acquire+0x1285/0x1c90
[  778.708145][ T3001]  ? lock_acquire+0x179/0x350
[  778.708157][ T3001]  lock_acquire+0x179/0x350
[  778.708168][ T3001]  ? sp_get+0x18/0xf0
[  778.708185][ T3001]  ? ldsem_down_read_trylock+0x11a/0x180
[  778.708198][ T3001]  ? ldsem_down_read_trylock+0x120/0x180
[  778.708212][ T3001]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  778.708232][ T3001]  _raw_read_lock+0x5f/0x70
[  778.708247][ T3001]  ? sp_get+0x18/0xf0
[  778.708263][ T3001]  sp_get+0x18/0xf0
[  778.708278][ T3001]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  778.708296][ T3001]  sixpack_write_wakeup+0x20/0x390
[  778.708314][ T3001]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  778.708332][ T3001]  tty_wakeup+0xe8/0x120
[  778.708351][ T3001]  tty_port_default_wakeup+0x2a/0x40
[  778.708370][ T3001]  serial8250_tx_chars+0x68e/0x860
[  778.708392][ T3001]  __start_tx+0x3e9/0x4a0
[  778.708412][ T3001]  serial8250_start_tx+0x368/0x530
[  778.708433][ T3001]  __uart_start+0x295/0x4c0
[  778.708447][ T3001]  uart_write+0x218/0xb30
[  778.708466][ T3001]  sixpack_receive_buf+0x3d3/0x1c90
[  778.708486][ T3001]  ? ldsem_down_read_trylock+0x120/0x180
[  778.708499][ T3001]  ? __pfx_ldsem_down_read_trylock+0x10/0x10
[  778.708512][ T3001]  ? __pfx_sixpack_receive_buf+0x10/0x10
[  778.708531][ T3001]  tty_ldisc_receive_buf+0x15a/0x1a0
[  778.708549][ T3001]  tty_port_default_receive_buf+0x70/0xb0
[  778.708568][ T3001]  flush_to_ldisc+0x268/0x780
[  778.708587][ T3001]  ? rcu_is_watching+0x12/0xc0
[  778.708605][ T3001]  process_one_work+0x9cf/0x1b70
[  778.708621][ T3001]  ? __pfx_nsim_dev_trap_report_work+0x10/0x10
[  778.708638][ T3001]  ? __pfx_process_one_work+0x10/0x10
[  778.708654][ T3001]  ? assign_work+0x1a0/0x250
[  778.708667][ T3001]  worker_thread+0x6c8/0xf10
[  778.708684][ T3001]  ? __pfx_worker_thread+0x10/0x10
[  778.708698][ T3001]  kthread+0x3c5/0x780
[  778.708710][ T3001]  ? __pfx_kthread+0x10/0x10
[  778.708722][ T3001]  ? rcu_is_watching+0x12/0xc0
[  778.708738][ T3001]  ? __pfx_kthread+0x10/0x10
[  778.708751][ T3001]  ret_from_fork+0x5d7/0x6f0
[  778.708769][ T3001]  ? __pfx_kthread+0x10/0x10
[  778.708782][ T3001]  ret_from_fork_asm+0x1a/0x30
[  778.708799][ T3001]  </TASK>
[  778.776117][T14630] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  778.776835][    C0] vkms_vblank_simulate: vblank timer overrun
[  778.979755][    C0] vkms_vblank_simulate: vblank timer overrun
[  778.990081][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  779.360444][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  780.391552][ T5900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  780.790485][ T5881] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  781.430464][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  781.990338][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  782.470509][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  783.510385][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  784.550394][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  785.030417][ T5953] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  785.590433][ T5829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  786.630932][ T5990] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog