last executing test programs:

9m43.301898685s ago: executing program 0 (id=1):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r2=>0x0, &(0x7f00000006c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0xc})
io_uring_enter(r1, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0)
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)

9m42.759609984s ago: executing program 0 (id=7):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000001, 0x10010, r0, 0xb6ba3000)

9m29.932280615s ago: executing program 3 (id=58):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, 0xfffffffffffffffe, &(0x7f0000000080)=0xffffffffffffff98)

9m29.667551831s ago: executing program 3 (id=60):
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r2 = dup2(r1, r1)
write$tun(r2, &(0x7f0000000180)=ANY=[], 0x46)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

9m28.451423297s ago: executing program 3 (id=61):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500e5000000000000001800000008000300", @ANYRES32], 0x24}}, 0x0)

9m27.41884055s ago: executing program 32 (id=7):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000001, 0x10010, r0, 0xb6ba3000)

9m27.36409546s ago: executing program 3 (id=65):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
setpgid(0x0, r1)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
open(&(0x7f00000000c0)='./file1\x00', 0x1c100, 0x10)
ioctl$AUTOFS_IOC_CATATONIC(r2, 0x9362, 0x0)

9m27.039671265s ago: executing program 3 (id=67):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r1 = socket$pptp(0x18, 0x1, 0x2)
getpeername(r1, 0x0, 0x0)

9m26.135893883s ago: executing program 3 (id=74):
socket$inet6_udp(0xa, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
syz_pidfd_open(0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

9m25.15802678s ago: executing program 33 (id=74):
socket$inet6_udp(0xa, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
syz_pidfd_open(0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

9m21.637473556s ago: executing program 4 (id=84):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
ioctl$TCSETAF(r0, 0x5408, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x0, 0x0, "0000000000000000f7fcfeff000000a88000"})
r1 = syz_open_pts(r0, 0x8182)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
write$vhost_msg_v2(r2, 0x0, 0x0)

9m20.645285461s ago: executing program 4 (id=87):
r0 = syz_io_uring_setup(0x497, &(0x7f00000003c0)={0x0, 0x727b, 0x0, 0x800000, 0x15b}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
io_uring_enter(r0, 0x26c8, 0xe00, 0x1, 0x0, 0x10)

9m19.453234778s ago: executing program 4 (id=92):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x14, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}}], {0x14}}, 0x5c}}, 0x0)

9m19.256229985s ago: executing program 4 (id=93):
syz_open_dev$tty1(0xc, 0x4, 0x3)
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
lseek(r0, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)})
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f00000002c0)={<r1=>0xffffffffffffffff})
getsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000000440)=""/156, &(0x7f0000000180)=0x9c)
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
syz_pidfd_open(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
setpgid(r2, 0x0)
setpgid(0x0, r2)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001)

9m18.941881517s ago: executing program 4 (id=94):
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x1c, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet(0x2, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x40)
ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, &(0x7f0000000280)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioperm(0x9, 0x9, 0x7)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

9m18.93758387s ago: executing program 2 (id=95):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[], 0x10}}, 0x0)

9m18.745976919s ago: executing program 2 (id=96):
r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x6f5e, 0x0)
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000080)=0xffffffe9)
socket$nl_route(0x10, 0x3, 0x0)
r1 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x200, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r4, 0x0, 0x2000000000001}, 0x18)
fcntl$dupfd(r3, 0x0, r3)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = msgget(0x0, 0x40)
msgctl$MSG_INFO(r5, 0xc, &(0x7f00000000c0)=""/173)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x26, &(0x7f0000000000)={0x1, 0x0, 0x56b, 0xfffffffffffffffc})
fcntl$lock(r6, 0x24, &(0x7f0000000040)={0x2, 0x2, 0x1, 0x7})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@fallback, 0x2b, 0x1, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)

9m18.58520521s ago: executing program 4 (id=97):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604000000014060100000000000000000000000000000000fe800000000000000009000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0)

9m18.075934158s ago: executing program 34 (id=97):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xc2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604000000014060100000000000000000000000000000000fe800000000000000009000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='P'], 0x0)

9m18.047704525s ago: executing program 2 (id=101):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x20100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000440), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x2, 0x7fffffff], 0x80a0000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9m17.607445372s ago: executing program 2 (id=103):
syz_open_dev$tty1(0xc, 0x4, 0x3)
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
lseek(r0, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)})
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f00000002c0)={<r1=>0xffffffffffffffff})
getsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000000440)=""/156, &(0x7f0000000180)=0x9c)
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
syz_pidfd_open(0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0)
setpgid(r2, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, &(0x7f0000000480)=ANY=[])
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001)

9m17.370119739s ago: executing program 2 (id=104):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})

9m15.079484058s ago: executing program 2 (id=107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f14258313260608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20048000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r3, 0x4b52, &(0x7f0000000000))

9m14.886190237s ago: executing program 35 (id=107):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f14258313260608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20048000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r3, 0x4b52, &(0x7f0000000000))

12.008321117s ago: executing program 8 (id=4672):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0xe}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0xfffffffffffffd7d, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x2}, {0xfffe}}}]}}]}]}]}}]}, 0x6c}}, 0x0)

11.598677601s ago: executing program 8 (id=4673):
syz_open_dev$midi(&(0x7f0000000200), 0x2, 0x40081)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003200)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x3f, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

11.350875483s ago: executing program 8 (id=4676):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c)
sendmmsg$inet(r1, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000800)="3aae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dea658eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c78f4aa73", 0x2dd}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0768021fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a6e453a8a28cd5c4b733fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826727f5f62", 0x1e9}, {&(0x7f0000000240)="05437c98b91b1455046f57b5fc913814bde2bbeac2104eaea9c9d01a7838d859207067c10aa7352abbdf98e9bf033a3184a11e84639d3b9164d9c5d729f3dd409d39ff041e657c8df70e1607d58c863d5f323f6d5cf367cd939f790732e8d2310e876fcb299cd44b72bda697035b7b475bc35afbb483db39ac864dbee0c9760c22a1d32d83588afd7c994652413b22db76874ca052ef2013317eb7fcc567", 0x9e}, {&(0x7f0000000200)="f610e61fc81cc3edc86f0500194d27a5a42cf1880b0dfd1ecda0fd", 0x1b}], 0x4, 0x0, 0x0, 0x900}}], 0x1, 0x0)

10.302294087s ago: executing program 8 (id=4681):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x80004, 0x0)
r0 = openat$procfs(0xffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000040)={0x3, 0x8, 0x3, 0x3, 0x10001})
write$nbd(0xffffffffffffffff, 0x0, 0x40)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x8, 0x42, 0x40, 0xc0, 0x1, 0x40000000}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r3}, 0x38)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x15, 0xc, &(0x7f0000000840)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESDEC=r1], 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
open(&(0x7f0000000000)='./file0\x00', 0x502, 0x98)

7.935241378s ago: executing program 8 (id=4689):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
bind$xdp(r0, &(0x7f0000002000)={0x2c, 0x2, 0x0, 0x3e, r1}, 0x10)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="2d5a8bfaec0503d4ee82255ccc79459d336c02f6846ffa083727a27fef8e41f33ff61428dc81376619b5746876cab40bea6b76e7a18d9f0f45c5f33c3f3e548879927a89cca1b9829ff887d45cae3a0012b8eec038b982c41410eb0cffe4204a0387ae9ad2d2eb6f904feaea4325a355611cfdb7ac6c3495a4bcfa6a2c3285bf50ca4a25c77f383bdb14c2f038ba311fefcbe3d334550fb18a5f462cec0e41bf00e3ef37c78bb0086cbdc72b561eb2e285a15002dbb8b7a858d33bdfef916ce90eca18739db369eb9aa302efdba714da8bbd0baaeb55eb585585542cdfe62755b7dd303c01c44de59f83de2b9edf1e60279b16bc7ee4c277e23701b7d58fdad36e8d91c111be46581f230b4cbbe8b9ad764cd3e067d7b7c5e1082a55c86f7cbc77e049085b2749b2ead86b176e4c8d2498a331f1118c5ed72ab0fc4228c8214e0e48fd1f265ccfd3311eff1f9548d1217c02de43ebc6c896afbf6065592ce3bafbc138524c4ffa429c33265cc8ebfc69e1adf360f97ec2edbab35cdc965dfadfa522a591734e25f91a44023ceeaac091534ec097d7a6f9a8efe84829719e41c101ee103c7b8c6d7fb630da2ffdd692d13e9212539b8484ea7fbccc74ecd6b44e08852505badf79984da7ffd06e78b05b453e89bbeb44fb0e72d527ee63aee52eebf2e4049705c41ead90017d7a512146287226941b20b4a603d1f5d9e6c559d55c5f6de7e9159e121dbbabdcdae8f359f66c218fb24d20c3b56ca3b4a2639b4b54e0775f29c731a3fd33331a76c280df2bea7fb0778648bc55257c42cb1a4ae173a21e33a782943d733e570595aea49f391ced7df117548032f44d611d1fcafe7c08fcca48ef9bb719d41c2cde9eca1727feb7bcc14757316a3fb315eb0adf3b60f5d6cfe231e4dca32f1cd2a74a68e44b1c09471f135d6abf0d7d417a42323923ced88d39902998a177bda4d7ac9e5479f0ae49f5fe51818fa13dd9131d219658ed2de42587f415396aa610998f2b166a053cd272ef751e5447122c03f33800268f63503a237fd62235c65fa995ced4facfc61959a7b64f7ef4bced8cbc10222a18aaee1fcc282163cafc4bf899a7de76ac61499fa1bdf6e6599a9b6e46d202230ee0be421b38ba66b85c7e5cb73e26085f8b62b4141f8728515f12019e1738bc5b278074c56be74033511b21e97a727c8a5f9c186af9777574f52d957082122dcadefe3c376f73a33e41094ad7cd404b50e963a200b57cbf4329e59c5b5a42f8700613e30af94109d5562262792e77df91e7e75c40080f8ca071449bc999762d483c30a4eee68e89be2d138a4b64af3c0211c3540227d85801dc16d1bb669a16b243fa98ef40edb5b5fe05c50f8702434c4d2663e874aec996463c6d946fd1391096b02198e88f5e568300d6c4848b4fe7273af633cc6fbf6a5e37feea56cfc20a0b42a5c6266c805823bac41f8d4eb43c6c4673a4b6a8dd303fe922ade7af649cb21c2919390a9ee62a08131ea21840adc9cc023e2aab908ea6bf2d41e52918ed6423677933cd1729cfda6423e540aae3f043a1296b6eb9350d38e07abed7d1ea7249b1b67d17322050d01589c9787f4e5a904c5cfb25e047f3e46de5222121c2af122bd3a3b2b0f35ea0a81d3a862d77217e992cc74f678617223cad5ba21afdc58e6af17e7b4ee3a506f34069d2931ac62d47f86f1983d7204a32544ae0b738cd5ab3efb940ad752ebbb59cd28d98cd6e0441f020ab2d68cbe90fa44be7f7191c2f5748c418dde668ee87d579baed4358b5c47e03a89ddb98fd4209fda85a277460ca20cc6de67c0f35e39d3fcfc070530140f648b50dbd3236d8e5b5e63be12191cd67b9ef128440d8794dc452b5a16f250c9e378d52b1132efc4b1ec8a7a3fd04ef82154de056ee5054fb15dff8df06bdca1dc8b1c1d4175c967445105954d10f0fc94acf39b68105d188593584333312eb6fad6371cdbbbf16e88bed86600d9dac851661dd3cc64f9bac0b2b81ad2564274b5bcc040f065f3fc055f7e254f8954304140782b9a2390bb61fd82d7a99ddf96468f3ef43113b767552969d71190265b76c1358c4e16a21ff959631a19c6f5a686b7884d75aca2810decbfd9fe0520f3b322a80838a2e633e1c2a79df01786f605750b84e2b04b7204ca6022973fca4ab0c8c67caee2349a6b839aa6bebc862f2f8246fc293e0f14a375581036becf081e4fd6b0cc2f7465fe7f932890884794215838558c0ae6de81efd624c5290bdf52e95e4d5b1eaf280d76eb0ceddf438bcf1d4b83e8eec3aaacbd7ea0421ac84f08a480ae48edb7c23c3f94dc59a44b3c5712800789fa3b2b938bed137505d2b247a4c4a9bd5ceddb900cb9a502d10dbd620a7ef84fbf49081d52419e5d08ddd5a1873f6d3ea6a822400ffdad29899bfaf73ce3d8ff182b3ca8ef1c39fc34b93767b9a13401427c440edd2e5f801655e60dc4c5b4ba84e504421b758e0b4c743fd1a1b6be27702e751960b431f1d7a7fd68a9ab198a5c6dbbee137283e6d6c69eedba5345e551e4421f3dfc1c957bbf413c48f64871521789487707278c69eb71c33a6999d7e497dc3d7d022f008addc112c116637f6d29c9247de134eb860cd3e5af369ee474883e7a20c40ba02160ec19dcb717cd3f4f3f0293195242fa814042ad751c774728a797a8c483e0562a2cca698053c1b66c0310affdb6e5767ab6db583ac415119f1760bed5f405c5cfb63b2ccfd5dc9d119fc82a86f98551d92f02410fdddd450f0a661ce041fa39aaba50cda470d3080dec7345a54abe2a7630a7fac84bf95c30a0dff1225f7b1aebb41daec68ceff2b0f502e7433f395aeea75c1ba88229b44fa5c6fa2647e44db139eca1f2b7142b6c23d4879603bb5617e94de0d5353d1b17dfb960eb1c11c67d0d1e1cae94699cc9397b79150dacbbc7361261d5445f237210d2ab8120fe721072394b77df46894595b8fd56f034318e90e3cad94f1655911b9bcc0bd15c628c0248e134295f3ff69cf8ea536b4b7a6c11b4e04955f9f1d9bac2ad39d81ec929b0d29999ae5a865bcc2cffc8fb42af6e486ca12a4c83461c6a72b3c88e4f3d1a9c1f13adc6defbf0110746e39b1d01a5129f996a2af48bc52f06a32764d8d8dd984c5dc4e8bca0ffbbc7e4cd226cc278b35ed16bed6e8aca4a1c18120eef0966dd5327f252462477d43cbd1497654ddd3358d24883d9ddde40f1bc8c5610370841b1cb13e84162cc6d0818987350c22362b12c0f315dbc5dbc33c224bf8d57410f2621b9c45d6857b0bed5aae750db0dd4c6cf50bfd6d5e0c816a9d8951402a1c50ad8169fd94427b42c58399c6d72b1f213e009af4f650e5ef67d2f48c7dc3ef74a8ee453ab84118f2f0e4ff2b8130169ccac37198b337205cae506e8d70acba86aab28caa8117b1231d9c4b631fa3aeceb3c236182e25299392f1ed986106071097314a9b9bd0f30d853e8b4044c00f04b45b2923b572a6a41cb5293cc8dfdbeff56a1375a33bac7b220056a6f6a292035b17a3c3fd55897548c68ad7886ef432cef353da3da8deaea09df078569c042258dfc0763d54be89302b11a6d24f4086028b82520fb6d967b78b611a7e9661a92b1a8f12d407d2289e85a82bd0b7c742055acd2396ba8d101e91ce2e9f387e909fe6da3109e1937b1e12515f23c8f1b739d4c40a287cae3bf59e901fff2ba0de0a36a304428e9febe42a01dea2eacae9416a72ddabb98d2e69c70ea9edfc57cd81fc4217ec353caf01a1a61b925102f866b4090b6447cfd8eeff2a3a49e30fe0a4fff77fe1a225dbdb2fac338526c7438631b69ead8781b86801f530b04b1544be2c22aff4ac89b0ce4353526905e59e18f7f01c221e42354a5269e0e28afa29f38bcab3923fe8d64fbf81433991b0bb9df6fc4c28ba175871d87bb5ce6cf5bf4572bb873c044f0aeb2981e34a005df55d354db0353f6433f76adde2c124793a1da43aca0e62a744992ed8efa8571a26857aa65a21cfc3507471ab75525cedb559c430b5d03a5c4e923f7fbec50d0eb10fc40b3d7986245f4c6888a53df7fe7fdcc11261e70d8cca04baff938f8446bd9048baba31085f20746c5f0e00d816dca934804ea2877cca51b5c0e31dfeefb9e91e41189d67412a09af16b4cb709e6fee71b2766a71c8397578516b656633bb620dfc8bc15de4ea5f75f6845ea44805442125adef9377e98b5d8e73f3a0bfbd330467daf10d9f7a95cd6fd4827fa1b062898fa454437bf185b9e0d98c9d10a5db80364bca446205739b23a1e7e860647ed30e2b72524da94a5f70dcbcd67d8df08f0d57583011d5487669c5a45905125186590322dbe481e820a6a6c29c136fa4301ade06baddca45f0d5ce913b5b763d293da4afaa450b17ff4933e4478fbba9ad9e6e5eafe9fdeb82b7d65bc92f6690d03a49923810558b5e0f5bf47e7d000a5e132217c174445565d57d29f02e71d7205b8ec10330fea51d972fc5c81b1b36775816082f979b5b1fe3601c9c8e8fa0c3504bfa30e3603d5a0f3a7cbd27d744b27cdbf318acbed70697519605453df106123e1a6148c9146154986e288d8a70b6fed1667cc1e0b199067c704a6d41ba751b53102ebca01b3ce90226847808646c95f3eb231b6af0b0f329bd997db5a4d3ff18edf0203e351fcfa8c8ae2be6953472bbb3f40bb6ab3f8f2128d11a3bba133f0204e2e0df189cc8d2cb8af81d0941a37c2165112ed452008930bcc607fa6fe3ad1def902d89c7330e6042f6f86c3a75665ec603b6e392b417a0d907d42e6534db72adbad4266c6601d7b8bf8d9cde807088f76b07c06840d0806eb89aa545292284bf050e732e547ed54417b3ec7e7a7c5e8454a56f5092ea8cb27e74e0672c2951647e29dadbdea86d2a4d9e53ab01c9d21e902fc9c6ff4c317b3c0398561364e880e2b079d79a27d6dcc3d586abc043477981bd36746f5570840536bef104a158e2461296717d247b6004565ffb8eb9bb5258c65032f0b472c4f3667a17e3ff65b45c91e2411b5990f054e0c2a05fc175d2db7fb32ca32e4c11b46f08bae1614e2add96133ab383c1e78f4e3f21ed3010a35c76ad88714b526d3a5ba799e6f7bf9d5696e7b42c8c264162a28831baaef180f40489ad681af6c0a674cc7b65e8b8ab704d15546f70ed1e67f7643bbc8d0b8482024b8f320b5bdccb1014f5e1a34c6c795428660f026d93dd5dcabf2330dc62894bfe48fde6b931ba55dc2a222a27a3906ba5b98476321b6d27217fd58ad93b616aac91b139729d91de6f8ef49402e2741b8dd821f4cbaf7c4662ac782b255dc438164e54c417044e9bf5e13a8247777726dacea4341d8ba03bad17070dd0f07da13179d29ac00aefa41aaf4688e99eb395205f6d6d71999b3718f7f2d618117334977a92b15ed52e45e7d5df7a22be9cf0e008c41257d99b2426068c48de100b8e3019b624ce2f2849c35b74fe5ecc4478b2968a97cfcb759fc73c8cd21bda084646dadee926a4f606768749a89e11be2a23985631c922a73ba93f3619dcc4621c8da57697420859210aa43ec06feb649b9f1362fe9553f9d552b77203085d9a4da629f03fbf339bd8ccae6c411f6d8f131232575d28af2a2690529080f02a5a74fe59d1255039f09b8d565a4838930f88d6129389f2312a2ebcf0fe7d8b6dea3484cea9a1628349218b8ccefdea2b6c37676acc2a082fb73b19705e98079c1de7776cb830e79c0081a2da4059714f19587d10223fc50ea8434f1c7919a77acd7c5b20ac9fe8ad9d348e2c5bdb57fac1ec0c31a1688e22aab4f1a81826f3a47bd364505d35975c105a152aa8e42b2422a100ad3d3184d286884552143051b79294aba34bfc5cc332f0b6aa3bf186776ceb8861336ed97b85b9a7d548bf7b7a907256c7c6a2427d92aff68ba18544b95a75564029387fd2569943f8d54e64cc621123105eb56bcfaea06e38af31a05ef38302d2b6178121d52309865c5ec1147159c07b4d4e1ece24f6a1f63a492c617870c96dcabf43b73055d749e465cdbb965b18091eee65bd423f249d934ae904c2129b93d116353fe014e1afbcab5f74766a806451855bc28494653b9a863b9707c2a0fce3eb4b55c4220078651a94d3b9c6e92f4995dd56ec17d144b07bfb1b955b557d14774e64f400e0075781381b33d73a60f6b96cddbda0962b2a609e6bca56a109847bc13798be711d3779d5a8c6541bd247fe3b7477a1378cdafece044db3f31810bc95f8fb4ae7a8815303faac03651a13924308c06c8e86506b7d186a717a1bda1d7cdea2b8b682d37f954f488a8e0d65f868a81b1af4b8f7331ba84414a7ada82e81e06e76ddfa0aca0ca9a53a5de0bcdcbb77284bab522ffb6f803e95f116ac1670c50acd36d80f170e8e7e05163f050dc89dd93bf9160a545174472376e1fcbb945e9294f796a09ca78452683b8bd39049d118acc24ef0dc18ef88899dd7c27a3585e914e6f6bc8bb1950c061c722134243cf151785bc19dada45b90d97cb83bc60885a908d0c13be9e54f1929fe1f76fb9886808caf0442aca4539a42078bfee82418d611f4c432fcbc5242c35a396c17c1b93b98b277a9c8ef0143643e120c0de4b7c6beb0a582789b81a9d3a0b8f96a332c89764283d84ec5e6b8350683a2b4eebcb214a7ad430ff9ebcfc1d850717a8d38b8e35e67fea4b8f14938cc3eeacbee30616c09e848ebae3cefb8f2a904f2b3d1252019ec914278942d9b914f95574031cf21f412aa7500f3955db7b9ef9403750058d75e53d16803d4463f7884df1e361d34ce646e20b3427a45cd307283f1ff00cca6c841fb9b06543bf1a254b21ff421331facb2f08a484904ea25e049597c8b0a2140e8ed2906d574e73165ec5591c89b5dc08e5943ff7399f76b1df90947a9479b1aab40abf8ebadfa1455b6dcac672f495a64b6230fd3fe948ce6c16cb87e11ac7affc9047ef33fa64585c1dce3bab4fecc0c7d81b5ea73aed3ef63fafc880b6e2ba09d0df6d626e817075d5f330d91cec4bcf4829c20192bc0ef7f728f52dd3e074bafda4f8cd8465311a9124baad61bd73ca76a0d0d1b80cb7a5e429067ed4707b64d38613008c8af3ffcedfeb8cda26def8bef7cf947af23939d18adbf56715f90c2df716eb037d536cd36bc2b832c57f4a319f392e1ab37e02dfb392bd52b02801665c8ea28edfcb153f267dcfbd671d4eaa0d56335f7ce5eccda6b9f74621a1b322f1f3a60b00196a65327b36419394e776b2e1c1479f5f902c5918adfa5b112bfaf786eeea1abae7c8c9d3e3fe737c23092143376808b5e26cf896fb5202572533facacaac10ec26cab819f74cd372c95d50a9b6560da69c1b22d5c15759b7ab1d8118e672bea9af7e8a30458ccaa1586ed2720d5465e139fe3dfc0bc95107061471cdf28a42aa8149848a147a1710407021d13e611b36ad3624de35c4dc5a02ba8ae724b2d8cd85f15094e1893c98052cee135d0c1c11a73297775fb517abbb471a8b100cb51d8815acac16703b56f8aadae334601a84fc306efa08aeb2afbad94632b5f209603cf5e5ca634bd74ed2e525580ddd2f2ee65241788f5e867b44d7ecd71f5858d269ffda98d93860d8f1c26c47df1199f95991b54808bc26c0ab67b40745b8dfed41838e2c5594413d2c6022abe3c1f132e9f7c8c69e50729325d37e7502519d53d7e1bf0bc8f62d216fc9c88b197cfa1571ce8368cc1b4b625559cab7e8397c6c7bf537bc8b9d604f4bdb04cab86d349e4a33f92eaa07378eac07ed8d51aea9c15ef4c4b0e0a16f9c794701a1b74b58beb15cc165a4dc1a13a0886f55cba2b977447b61c01e1295a4221e19321201f1df0d25c9e14bc4433678e48a5081de7c81f79a6370843bf0d6e3e5192c1ddc0bad14a11ada8006e4f6549da3a877a991351610eb0c5bb6228d266baa27eab2b9bf4455fc54aed3c74c12590835e498c11efdc63dde52a62d8f3a3c978152018182b3e4cbd00fff317d06f8e9475b4c7506dcc5547d8ace2b71024aa0e2220936d2bd05163b8f15bc429378fec52ac39d167200758884056dc14d3329b1d47f477a217eabb651fa97e05451cd6e861996648ab439c9aa6fa032e9083b8c0f87890c88c50dd5a6e6be8c4a4361f3b4c3181c570407dd1d2d835a87dd4b24f55a649c3e478bc002f30894d06411dc4dd8277f796976b8b2884ed371013225bbd95955827741331777da30b1b3370fb4d0bb914d97660f7e06759ba54b5697a4f7cfb67035867f39e53306eb55b31ba660769ce6993b2f44a7173576766ed20992d04e6b4aff20c138102537a142ceeac3804fb0a4eaddeddb6bcc69007c5531f0ba6851854d8d836a51e8d644c7b79e071f19986090d2404b562a17e1ec1da775c171373bcf5d2c3d7dd64a587d66e42b6963d892df898766648f37c8d10ca249e28368c388f4e70a80b2992a0a390a2d51a17a0c1774fec2d399a2b0a99c802012fff6300c4275d1305b9a9d0f8144df64da9016f16369e813dafc7cff55c5a60602141fcaa62d9fc0b93df6524d8692be3c7ded5354b63014686e98ef2b5947eda93e0cd232d3fdea943d3bc92a6f2835c55aca33dcd087b7260bc68def6ce96ef5d536b61006a595219382d8b8365eb92eab44e677109971bc4dfd077a56ff1f27e9b80edffb5ecac7bde5dc2a74c30a24b9cd1b0d4356ec424350e364d0dc929d657a8626a22111d4a0f360fe33be72a1f2c4f5c1b9843145ddff70d583a9b433cab33b10d93531aab7bb8a53c738aae79222481b135eca9441f47068299deabdc9c4f77e5d4ea286e8300eb5956368d0499691dbab1499baef30bb6c4a9bb0159635dc1774203fda828bf804e8f526ffb55abd8700915232964b7f219a7bb221efa6428089263ab753eb421a1952bc780289a85ebb9b510dec67a826ccce1cdfbb29a3a55f4e1068ca2c077544efac686d77c67c927430c3ac78c7c8b1f834be9a689fdab38f1401797dba32a284f5c5f9ed13d34d8a001cfeeeb7de12aaeae7706004f96a293e52106fd945428e7e98915070b1584a323bd8f00b9803ce189c9c0af032752d979df57a5098458c7de034db79f43d27bcb720078b05e5f364f2d789343fb6fc8b2cab810b1745fa36aaccf5d27fc7f06ab821268d83e697870632814319533373f24584b35b2ba9dd9b52a4a2e559c90b1b87549530a64fdbba5587242535fd0d600fa6e8497369a5587627182c62da4a47bc6ea99f7aaa765e3b74b7d9c48e779c8b13a2535d03ef8ac4bf3fc9e6eda5628034e7e453fbd6153b8b8e9f693c5dfa37f6a0a2542e6f86ebd2ae926822d7b31963c8879557dfa2a869ba3c5dc2dfcb60bc0a0c9816c2c4c58bdc09c2d76a007e68c38fd8b88709e5c49341630e333e13413c3e60c0d768d4c98bcb297e819ceb0f8b229d3037ac95639344bf42ee7f77922a6ac039837356dfd7c0ba3c5393548369bd71b4824326eaeb80a9c249504a08bfc164af220047cdf054d928a8d929a2fb621665122062dbd5cdde82b8289e0d510246e0bc30d34d8e96703f75c75328f99437be474315d8cb55066badbc0ee852c8ef28e1de7f5b58dda97742db5f708c6be3279d700ba147f1519485020336c260d825920870739fdb288f22b980fb7bcbf147b1a95fcc3d8d1899749d928eea8d47cccc1fbbdd5729a3f2f73d2ae352eb3e043405bcb7fa12b2a80d6a3f0178a18cbc5794fd65f0caddaff57616dfed94884a48b27b181c55200d9ecdfbb082dcd2952089938e134eecb40c2f95cb7808fc7da09282787edb1939e75bc8e284c01239a895246be025c8e0168ae83f5adc62f4f81ddbf6ba9b5fce3ddd111eb61c42777a8c303abe291aa9ef383ef1d6c26c4f8698375cc76a7e078ac948f2e84de084fdb380d38d2e1810ce8118999554c06f8d583bd37003b407dd7b41a3b14f10a5ae7c2e8fdd087cc322ddc399fe38cc542bc957b38b0fda34a3ee5c6a97d25629d26a75de211fe1cc4ca63880caa8f85f3bd489c39cf30eac81784e4456a775dee3045df2a1875623a4fbf227cf90cd237721a6dff29d26a16306e4033cc644e35cba3cc4e45cfd0cefc9c8d8a0f35bf31a8319b54fb549554c7089b9334a9867d51d71aae1f342d5602ef2d394e6c8a8aa6c15121d8c8b3abe3416367dcc276c048c65311ad70df0ecf0cf817a1a27e1dc50fedea83de8a8bb7746e23be2f335c9cda9a7f08d72b9debc35d49e9ec4c9815040c38c11375dd7f2897b20479343b86b51c317e0e90f9465d8c425857e1831931714284c60f68036134304558e53d2d42813a42a3017ab21feab6132f3a2f8c5670a1076dab6136cd6836b52d7ee54639758085438831dcd8157ccae47784a35364babff9299e4eaa389931199b4901f12185a0d228473d4a147d88e55bd11f8ed2957b7f2f3efb3e444f0aec9bef1f68cffbdac04698cc277706f2ffdd263586b84c645f1721ee3008b398918fdfb9b06b98078447c0edd7c058524825a1124e9af37fa9cb77302aded60eca394c866397c3bc18f8277d9277921abd06b61b1445f43cd7f0b5b2c023832f6d67f86d9b6ff9985edee1ec2572486b43d3be834d5b60d208b1187ca7cc8b17133f55314ee640268d5337d7dcdf1742cb543d63ae3c09e312ac05b5d585d9437bf16bd560ef739f12c878178757e1f675a8671becae2bf03f87de4bc40b4b7a3aa6e2f28f015332b10b9fe426ebd45d7a26e769bb05eb2866bb34c56b079a5bd23352bcb08c379b400512b0d8438ee5371171ccbf2921c1e150fffb5885286f933f4393088ba21c47b15d1a35de27dbd02e58859aa080f87d0a857e92d0f52c549c04cd9368c94a8024e184773cb3431d854c2855e93ac9f24d5e45d11c2acfb03755e7f279b368e2e31b3653a7d7e2e102ac67f363c195272e2896bec544f669f2d25ae8638ac30da6ed52404b32b8ee9f0f2909ef6b4e2db3a6ea88b8a6f2f2c025959efb7b94005eb307aae01af8a19ee6178270be09d93837793b43bcdab98b9c04b6bfea7ac2217c11aeec277bc199b67ac24b7352299e7fec85aa151029d14441b56bb6031cdc72a1a90ef537c6d2bce7ffc7c366a88f8bc87cd8ef4e91b5ad9d85ed84f9b85f029252ad5ff13d564d842ef310feaba90974e40889e7cb753eb44ef96bc4c25b021fe50e9957a9c3cc9904aa920fc8a8e82a826b945559b57591fa1a26c380afe65d930f9bd9a3d93f57324d28c2741e728cbd106dccdf66863e49db8a0df1398ba8594fa5102b8157e4b987f4339820df5a7aa2b1c47ed0211437ee3d81dcbffa500dc4b743d49028581234c7e9db2e951d5bf3e3c448ce58bf94a2f7ef95eda07daae00bef1794d27330927b2460778fdee580efe431ee244aae452cd60100b6c9f0cd5e79e170a7b149abfcc26b77d33c35311c95e3ba0752eabce3d1310a8aa45ecd1659e4e855919d153ebeb434581a6d352508771b030acd3fee51badf6767a7931bbba2cf195bd98fd096a6be14d7172cf1dbe3a82bae73a29223c623c090cbc5fffe8f3291", 0x2000, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x48)
read$eventfd(0xffffffffffffffff, &(0x7f0000000100), 0xfffffd79)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x80801)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000002040)={0xaa, 0x22c})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000})

6.955709833s ago: executing program 1 (id=4691):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0x1c0, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40)

6.955280215s ago: executing program 1 (id=4692):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x58, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="fe"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x28, 0x51, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "6faf125684f1f50ed2159f2c5d"}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4c0c0}, 0x40080)

6.897455219s ago: executing program 5 (id=4694):
socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x624e82, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
syz_open_procfs(0xffffffffffffffff, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r3)
r4 = socket(0x2, 0x80805, 0x0)
close(0x3)
r5 = socket(0x2, 0x80805, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000200)={<r7=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x7a, &(0x7f0000000340)={r7, @in6={{0xa, 0x4e23, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, &(0x7f0000000100)=0x84)
sendmmsg$inet_sctp(r5, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000001040)={r7, 0x1, 0x3, 0x7fff}, &(0x7f0000001080)=0x10)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000440)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01(E\xd0@\b\xdb,\x91Q\x81\xabw\xf1yg\x12y\xb1 \xdaS&\xf7\xa1\xb0q\x1e\x87C\x83\xf2\xd4\x02\xbe\xfe\x00\xf1o\x8d3\xc6\xb2\xf5\xd3\xe92\x84n\x86\f\xc0']})

6.852251727s ago: executing program 1 (id=4695):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x6, 0x0, 0x3aa6, 0x7, 0xffffffffffffffff, 0x7, 0x6}, 0x0, &(0x7f0000000080)={0xd, 0x3cae, 0xfefffffffffffffa, 0x7, 0x9, 0x9, 0x400, 0x4001}, 0x0, 0x0)

6.620330778s ago: executing program 8 (id=4697):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000cf8bed20d90f21004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000280)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB]}, &(0x7f0000000500)={0x34, &(0x7f00000000c0)=ANY=[@ANYBLOB="00058200000037d97757f071c8d0494b7293ad51c43df3075d0a16b144b5fc421295293c9e91722a0d65dbdb08f831710e945adc3eaf96da9f8b8fab23b79c4b2075c6630609e22e177181038c3f1778afb031f40c270dfc101a86da"], &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x81}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000440)={0xc0, 0xa1, 0x4, 0x7}, &(0x7f0000000480)={0x40, 0xa0, 0x4, 0x7}, &(0x7f00000004c0)={0xc0, 0xa2, 0x2f, "62df5fb6002862f4c0681446fe3b9413c27ed94b899765fcb937537bb2bba44fc634f806a93be684f7f222b8e84040"}})
syz_open_dev$media(&(0x7f0000000080), 0x5, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000280)={@link_local, @random="1704b45adbde", @val={@void}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa}}}}}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000180)={0x1, 0x9, 0x4, &(0x7f0000000040)={0x51, "c6c1f7b51030c4b7c54bf28facb1ed3ee2dfe17a04bc517b5452b3b94bce47509d"}})

5.919009227s ago: executing program 1 (id=4699):
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340), 0x801, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
name_to_handle_at(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', &(0x7f00000003c0)=ANY=[@ANYBLOB="100000000200000008000000000000000200000008000000"], &(0x7f0000000300), 0x1000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000200)={0x48})
ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r4, 0x3b8b, &(0x7f0000000040)={0x10, 0x1})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00)
r5 = socket$kcm(0xa, 0x5, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r6, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
sendto$inet6(r6, &(0x7f0000000540)="673e01611100000000000000000000000000312616a80a23", 0x18, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x27b6a97, @private2={0xfc, 0x2, '\x00', 0xff}, 0x807e}, 0x1c)
getsockopt$bt_hci(r6, 0x84, 0x6d, &(0x7f00000006c0)=""/4097, &(0x7f0000000040)=0x1001)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x890b, &(0x7f0000000000))
socket$kcm(0xa, 0x2, 0x0)
ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f00000001c0)={0x8})
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x4, {0x9, @sliced={0x6, [0x79ff, 0xc9, 0x0, 0x40, 0x7, 0x860, 0x6, 0x0, 0x3, 0x4, 0x7ff, 0x9, 0x7, 0x1, 0xbefb, 0xff, 0x2, 0x3, 0x2, 0x8000, 0x2, 0xfff9, 0x0, 0x2, 0x2, 0x6da, 0x61, 0x7, 0x6, 0x800, 0x2, 0x9, 0x8000, 0x1e, 0x3, 0x1, 0xfff3, 0x49, 0x0, 0x250, 0xfeff, 0xc000, 0xd, 0xc628, 0x0, 0x9, 0xfff, 0x8000], 0x10000}}, 0xfffffffd})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)

4.889075699s ago: executing program 7 (id=4705):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="ef000072e81144d502e9b2757a580e0d5568c425f86ea128d34e59c0c65cbdf969759a2399d9a16ac1d0ca985d6d3c172a190c8d8791b41eba02a15cce7b663e0ea00e2b1c51a1eed7a5d3587b6a61e7c40fa012c4eec6627a70a361fe52edcb783d0a387f199e3403aa6ca40ae7fb356b76b9efe54952"], 0xc8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xfffffffe, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0xc6}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00'})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYBLOB="330300000000000000001c0000002000018008000300000000001400"], 0x34}}, 0x200080c0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x4881)
rseq(&(0x7f0000000600)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
unshare(0x20000400)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)

3.301847678s ago: executing program 6 (id=4706):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r2 = socket$inet(0x2, 0x2, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

3.206889353s ago: executing program 7 (id=4707):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0xfffffffe, 0x0, 0x100}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000080)=0x8, 0x4)

3.153771825s ago: executing program 6 (id=4708):
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x100)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x840)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)

2.952432889s ago: executing program 7 (id=4709):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, 0x0, 0x44080)
sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xfff2, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
sendmmsg$inet(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b00)="68ddaa732d69a6f7eb258957", 0xc}], 0x1}}], 0x1, 0x4)

2.920748183s ago: executing program 6 (id=4710):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(0x0)
r1 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x13}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)

2.835546529s ago: executing program 5 (id=4711):
syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1a, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
sendmmsg$sock(r3, &(0x7f00000044c0), 0x4000000000001c0, 0x0)

2.834575968s ago: executing program 1 (id=4712):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f0000000980)={0x2020}, 0x2020)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x6)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
socket$inet6_sctp(0xa, 0x801, 0x84)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}}, 0x14}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="8400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000540012800c0001006d6163766c616e0044000280060002000100000008000100010000000800030003000000080007000500000008000100100000000600020001000000100005800a000400aaaaaaaaaa2e000008000500", @ANYRES32, @ANYBLOB="08000a00fb"], 0x84}}, 0x20008040)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0)

2.688299654s ago: executing program 1 (id=4713):
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000400)={0x1, 0x40, 0x6, &(0x7f0000000080)={0x1f, "b30a69283a9587dfa6434e07f695f3984820a74426495306bbced9189f724c0546"}})
ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000006c0)={&(0x7f00000003c0)=[{0x63, 0x5000, 0x0, 0x0}, {0x205, 0x1001, 0x0, 0x0}], 0x2})

2.660625453s ago: executing program 6 (id=4714):
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000002000)={0x2c, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

2.09304096s ago: executing program 7 (id=4715):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000000000000000000000000000202"], &(0x7f0000000100)=""/141, 0x1a, 0x8d, 0x1, 0x7}, 0x28)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x8201, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

1.951476923s ago: executing program 7 (id=4716):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a80)={0x18, 0x2, &(0x7f0000000200)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x1ff00, 0x0, 0x0, 0x0, 0x8}], &(0x7f00000004c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r5}, 0x10)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
readv(r6, &(0x7f0000000040)=[{&(0x7f0000000100)=""/144, 0x90}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth1_vlan\x00'})
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)

1.919814793s ago: executing program 5 (id=4717):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000080)={0xc, 0x6, 0xfa00, {0xfffffffffffffffe}}, 0x10)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10)

1.868557168s ago: executing program 6 (id=4718):
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x2, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = dup(r2)
r4 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r4, 0x200004)
sendfile(r3, r4, 0x0, 0x80001d00c0d1)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f00000000c0)=0x4ed0, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/ip6_flowlabel\x00')
mq_notify(r5, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x52, 0x0, 0x0)

1.782165272s ago: executing program 5 (id=4719):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000540)={0xa, 0x4e21, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000000000)=0x1, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000340)={r2, 0x3}, 0x8)

835.647699ms ago: executing program 5 (id=4720):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0xfffffffe, 0x0, 0x100}, 0x1c)

414.988489ms ago: executing program 7 (id=4721):
syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x10000c)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000580)='mmap_lock_acquire_returned\x00', r2}, 0x18)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

299.701425ms ago: executing program 5 (id=4722):
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd\x00')
fstat(r3, &(0x7f0000002900))
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket(0x15, 0x5, 0x0)
getsockopt(r4, 0x200000000114, 0x2710, &(0x7f0000000600)=""/102389, &(0x7f0000000000)=0x18ff5)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$NFULNL_MSG_CONFIG(r5, 0x0, 0x20)
unshare(0x62040200)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000019800)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1407aa00000000000000000000000000000000000a0000000000000000000060002e0b0eff98389e96e93e7149232fc225d31b7668730ebbfcd5a1945c7cd0e371bffd6f796ec143474155ea392d65940f75c9e8926331a9a3ee9a953ad5b63e0fad8ed3ffc02615aa42aa17dc1ca0001869", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400000000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff00000000000000000000000000000000000300"/180], 0xfc}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f0000019600)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x202}, 0xc, &(0x7f00000005c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000040)=0x6, 0x4)
sendmsg$NL80211_CMD_SET_MAC_ACL(r4, &(0x7f00000197c0)={&(0x7f0000019640)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000019780)={&(0x7f0000019680)={0xe0, 0x0, 0x800, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x1, 0x3}}}}, [@NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_MAC_ADDRS={0x10, 0xa6, 0x0, 0x1, [{0xa}]}, @NL80211_ATTR_MAC_ADDRS={0x34, 0xa6, 0x0, 0x1, [{0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}, {0xa}, {0xa, 0x6, @broadcast}]}, @NL80211_ATTR_ACL_POLICY={0x8}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}, @NL80211_ATTR_MAC_ADDRS={0x4c, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @broadcast}, {0xa}, {0xa, 0x6, @device_b}, {0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}]}, @NL80211_ATTR_ACL_POLICY={0x8, 0xa5, 0x1}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4000}, 0x8800)

0s ago: executing program 6 (id=4723):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f0000000980)={0x2020}, 0x2020)
openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x6)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
socket$inet6_sctp(0xa, 0x801, 0x84)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}}, 0x14}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="8400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000540012800c0001006d6163766c616e0044000280060002000100000008000100010000000800030003000000080007000500000008000100100000000600020001000000100005800a000400aaaaaaaaaa2e000008000500", @ANYRES32, @ANYBLOB="08000a00fb"], 0x84}}, 0x20008040)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0)

kernel console output (not intermixed with test programs):

95 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16455 comm="syz.8.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15838ebe9 code=0x7ffc0000
[  510.488680][T16476] random: crng reseeded on system resumption
[  510.904167][ T5967] usb 8-1: Using ep0 maxpacket: 32
[  510.925566][ T5967] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  510.935521][ T5967] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  510.945056][   T30] audit: type=1326 audit(1757328095.653:5220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16455 comm="syz.8.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa15838ebe9 code=0x7ffc0000
[  511.080898][ T5967] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  511.142865][ T5967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  511.152650][ T5967] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  511.162473][ T5967] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  511.176128][   T30] audit: type=1326 audit(1757328095.653:5221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16455 comm="syz.8.3689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa15838ebe9 code=0x7ffc0000
[  511.219006][ T5967] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  511.228207][ T5967] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.379656][T16482] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3697'.
[  511.487082][ T5967] usb 8-1: config 0 descriptor??
[  511.730942][ T5967] usblp 8-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  511.764636][ T5967] usb 8-1: USB disconnect, device number 17
[  511.841158][ T5967] usblp0: removed
[  512.403200][ T5967] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  512.673115][ T5967] usb 8-1: Using ep0 maxpacket: 32
[  512.677577][T16513] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3709'.
[  512.695620][ T5967] usb 8-1: config index 0 descriptor too short (expected 29220, got 36)
[  512.778668][T16516] comedi comedi0: Minor 3 specified more than once!
[  513.191346][ T5967] usb 8-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  513.254843][ T5967] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 81
[  513.267415][ T5967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  513.278720][ T5967] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  513.289022][ T5967] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  513.302634][ T5967] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  513.323212][ T5967] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.458756][ T5967] usb 8-1: config 0 descriptor??
[  513.488060][ T5967] usb 8-1: can't set config #0, error -71
[  513.556645][ T5967] usb 8-1: USB disconnect, device number 18
[  514.250922][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  514.250938][   T30] audit: type=1326 audit(1757328100.863:5248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.289281][   T30] audit: type=1326 audit(1757328100.863:5249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.320060][   T30] audit: type=1326 audit(1757328100.863:5250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.346006][   T30] audit: type=1326 audit(1757328100.863:5251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.369541][    C1] vkms_vblank_simulate: vblank timer overrun
[  514.376959][   T30] audit: type=1326 audit(1757328100.863:5252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.400409][    C1] vkms_vblank_simulate: vblank timer overrun
[  514.420022][   T30] audit: type=1326 audit(1757328100.863:5253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.537671][   T30] audit: type=1326 audit(1757328100.863:5254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.575462][   T30] audit: type=1326 audit(1757328100.863:5255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.591913][ T5902] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0
[  514.614409][ T5966] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  514.623792][ T5902] hid-generic 0000:0000:0000.0011: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  514.629796][   T30] audit: type=1326 audit(1757328100.863:5256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.658005][   T30] audit: type=1326 audit(1757328100.863:5257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16531 comm="syz.5.3715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  514.774429][ T5966] usb 6-1: config 0 has an invalid interface number: 29 but max is 0
[  514.783000][ T5966] usb 6-1: config 0 has no interface number 0
[  514.789128][ T5966] usb 6-1: config 0 interface 29 has no altsetting 0
[  514.792084][T16545] netlink: 'syz.7.3720': attribute type 10 has an invalid length.
[  514.810890][T16545] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  514.818111][ T5966] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  514.845895][ T5966] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  514.876657][ T5966] usb 6-1: Product: syz
[  514.882900][ T5966] usb 6-1: Manufacturer: syz
[  514.892916][ T5966] usb 6-1: SerialNumber: syz
[  514.912537][ T5966] usb 6-1: config 0 descriptor??
[  514.936018][T16544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  515.778126][T16563] comedi comedi0: Minor 3 specified more than once!
[  516.727569][T16570] lo speed is unknown, defaulting to 1000
[  516.988418][T16569] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  517.957561][T16557] syz.1.3723: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  517.993136][T16557] CPU: 1 UID: 0 PID: 16557 Comm: syz.1.3723 Not tainted syzkaller #0 PREEMPT(full) 
[  517.993163][T16557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  517.993174][T16557] Call Trace:
[  517.993180][T16557]  <TASK>
[  517.993187][T16557]  dump_stack_lvl+0x16c/0x1f0
[  517.993214][T16557]  warn_alloc+0x248/0x3a0
[  517.993235][T16557]  ? __pfx_warn_alloc+0x10/0x10
[  517.993266][T16557]  ? hash_netport4_resize+0x1d8/0x1c50
[  517.993284][T16557]  ? __vmalloc_node_noprof+0xad/0xf0
[  517.993314][T16557]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  517.993349][T16557]  ? hash_netport4_resize+0x1d8/0x1c50
[  517.993373][T16557]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  517.993404][T16557]  ? ___kmalloc_large_node+0xed/0x160
[  517.993435][T16557]  __kvmalloc_node_noprof+0x30a/0x620
[  517.993452][T16557]  ? hash_netport4_resize+0x1d8/0x1c50
[  517.993470][T16557]  ? __kmalloc_noprof+0x242/0x510
[  517.993486][T16557]  ? hash_netport4_resize+0x1d8/0x1c50
[  517.993509][T16557]  ? hash_netport4_resize+0x1d8/0x1c50
[  517.993525][T16557]  hash_netport4_resize+0x1d8/0x1c50
[  517.993544][T16557]  ? __pfx_hash_netport4_add+0x10/0x10
[  517.993562][T16557]  ? __pfx_hash_netport4_uadt+0x10/0x10
[  517.993588][T16557]  ? __pfx___mutex_lock+0x10/0x10
[  517.993623][T16557]  ? __pfx_hash_netport4_resize+0x10/0x10
[  517.993646][T16557]  call_ad.constprop.0+0x36d/0x940
[  517.993676][T16557]  ? __pfx_hash_netport4_resize+0x10/0x10
[  517.993697][T16557]  ? __pfx_call_ad.constprop.0+0x10/0x10
[  517.993724][T16557]  ? __pfx___nla_validate_parse+0x10/0x10
[  517.993764][T16557]  ? __nla_parse+0x40/0x60
[  517.993794][T16557]  ip_set_ad.constprop.0.isra.0+0x3ce/0x870
[  517.993819][T16557]  ? __pfx_ip_set_ad.constprop.0.isra.0+0x10/0x10
[  517.993840][T16557]  ? rcu_sync_func+0x10/0x1a0
[  517.993889][T16557]  ? find_held_lock+0x2b/0x80
[  517.993918][T16557]  nfnetlink_rcv_msg+0x9fc/0x1200
[  517.993946][T16557]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  517.993972][T16557]  ? __lock_acquire+0x62e/0x1ce0
[  517.994021][T16557]  ? avc_has_perm_noaudit+0x149/0x3b0
[  517.994047][T16557]  netlink_rcv_skb+0x155/0x420
[  517.994070][T16557]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  517.994090][T16557]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  517.994123][T16557]  ? ns_capable+0xd7/0x110
[  517.994148][T16557]  nfnetlink_rcv+0x1b3/0x430
[  517.994165][T16557]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  517.994181][T16557]  ? netlink_deliver_tap+0x1ae/0xd30
[  517.994201][T16557]  ? selinux_netlink_send+0x578/0x830
[  517.994223][T16557]  ? is_vmalloc_addr+0x86/0xa0
[  517.994244][T16557]  netlink_unicast+0x5aa/0x870
[  517.994271][T16557]  ? __pfx_netlink_unicast+0x10/0x10
[  517.994294][T16557]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  517.994326][T16557]  netlink_sendmsg+0x8d1/0xdd0
[  517.994354][T16557]  ? __pfx_netlink_sendmsg+0x10/0x10
[  517.994389][T16557]  ____sys_sendmsg+0xa98/0xc70
[  517.994417][T16557]  ? copy_msghdr_from_user+0x10a/0x160
[  517.994439][T16557]  ? __pfx_____sys_sendmsg+0x10/0x10
[  517.994472][T16557]  ? __pfx_futex_wake_mark+0x10/0x10
[  517.994496][T16557]  ___sys_sendmsg+0x134/0x1d0
[  517.994520][T16557]  ? __pfx____sys_sendmsg+0x10/0x10
[  517.994575][T16557]  __sys_sendmsg+0x16d/0x220
[  517.994597][T16557]  ? __pfx___sys_sendmsg+0x10/0x10
[  517.994618][T16557]  ? __x64_sys_futex+0x1e0/0x4c0
[  517.994662][T16557]  do_syscall_64+0xcd/0x4c0
[  517.994687][T16557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.994706][T16557] RIP: 0033:0x7efe9998ebe9
[  517.994720][T16557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.994737][T16557] RSP: 002b:00007efe9a76e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  517.994755][T16557] RAX: ffffffffffffffda RBX: 00007efe99bc6090 RCX: 00007efe9998ebe9
[  517.994766][T16557] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004
[  517.994777][T16557] RBP: 00007efe99a11e19 R08: 0000000000000000 R09: 0000000000000000
[  517.994787][T16557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  517.994797][T16557] R13: 00007efe99bc6128 R14: 00007efe99bc6090 R15: 00007ffc3a8f1bf8
[  517.994821][T16557]  </TASK>
[  517.994844][T16557] Mem-Info:
[  518.398434][ T5966] peak_usb 6-1:0.29 can0: unable to request usb[type=0 value=1] err=-71
[  518.406823][ T5966] peak_usb 6-1:0.29: unable to read PCAN-USB X6 firmware info (err -71)
[  518.536725][T16557] active_anon:7246 inactive_anon:0 isolated_anon:0
[  518.536725][T16557]  active_file:3981 inactive_file:40759 isolated_file:0
[  518.536725][T16557]  unevictable:771 dirty:406 writeback:0
[  518.536725][T16557]  slab_reclaimable:13179 slab_unreclaimable:110880
[  518.536725][T16557]  mapped:30797 shmem:1994 pagetables:1786
[  518.536725][T16557]  sec_pagetables:0 bounce:0
[  518.536725][T16557]  kernel_misc_reclaimable:0
[  518.536725][T16557]  free:1291856 free_pcp:20513 free_cma:0
[  518.582024][    C1] vkms_vblank_simulate: vblank timer overrun
[  518.621114][T16557] Node 0 active_anon:26084kB inactive_anon:0kB active_file:15924kB inactive_file:162836kB unevictable:1548kB isolated(anon):0kB isolated(file):0kB mapped:123188kB dirty:1624kB writeback:0kB shmem:4040kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13708kB pagetables:7000kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  518.652970][    C1] vkms_vblank_simulate: vblank timer overrun
[  518.672116][ T5966] peak_usb 6-1:0.29: probe with driver peak_usb failed with error -71
[  518.692086][ T5966] usb 6-1: USB disconnect, device number 22
[  518.802491][T16557] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  518.847374][T16557] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  518.876163][    C1] vkms_vblank_simulate: vblank timer overrun
[  518.889887][T16557] lowmem_reserve[]: 0 2479 2481 2481 2481
[  518.898150][T16557] Node 0 DMA32 free:1270936kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:37956kB inactive_anon:0kB active_file:15924kB inactive_file:161512kB unevictable:1548kB writepending:1624kB present:3129332kB managed:2539344kB mlocked:12kB bounce:0kB free_pcp:47640kB local_pcp:29084kB free_cma:0kB
[  518.930621][    C1] vkms_vblank_simulate: vblank timer overrun
[  519.148880][T16557] lowmem_reserve[]: 0 0 1 1 1
[  519.170724][T16557] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[  519.199819][    C1] vkms_vblank_simulate: vblank timer overrun
[  519.274971][T16597] 9pnet_fd: p9_fd_create_tcp (16597): problem connecting socket to 127.0.0.1
[  519.394130][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  519.394146][   T30] audit: type=1400 audit(1757328106.003:5269): avc:  denied  { nlmsg_write } for  pid=16587 comm="syz.5.3733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  519.423515][T16595] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3733'.
[  519.434356][T16557] lowmem_reserve[]: 0 0 0 0 0
[  519.443023][T16557] Node 1 Normal free:3885856kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21780kB local_pcp:13172kB free_cma:0kB
[  519.533278][T16557] lowmem_reserve[]: 0 0 0 0 0
[  519.543667][T16557] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  519.692877][T16557] Node 0 DMA32: 1177*4kB (UME) 624*8kB (UME) 413*16kB (UME) 260*32kB (UME) 66*64kB (UME) 309*128kB (UM) 551*256kB (UM) 384*512kB (UM) 190*1024kB (UE) 5*2048kB (UE) 161*4096kB (UM) = 1270324kB
[  519.730817][T16557] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  519.812868][T16557] Node 1 Normal: 168*4kB (UE) 42*8kB (UME) 41*16kB (UME) 91*32kB (UME) 29*64kB (UME) 8*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 945*4096kB (M) = 3885856kB
[  519.966932][T16557] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  519.980448][T16557] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  520.001052][T16557] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  520.070824][T16557] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  520.108209][T16557] 48979 total pagecache pages
[  520.129879][T16557] 0 pages in swap cache
[  520.153255][T16557] Free swap  = 124996kB
[  520.160440][T16557] Total swap = 124996kB
[  520.164984][T16557] 2097051 pages RAM
[  520.168868][T16557] 0 pages HighMem/MovableOnly
[  520.173832][T16557] 430253 pages reserved
[  520.178258][T16557] 0 pages cma reserved
[  520.197992][   T30] audit: type=1400 audit(1757328106.813:5270): avc:  denied  { map } for  pid=16603 comm="syz.6.3738" path="socket:[52044]" dev="sockfs" ino=52044 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  520.215929][ T5936] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  520.221093][    C1] vkms_vblank_simulate: vblank timer overrun
[  520.290739][ T5936] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  521.072211][T16632] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3743'.
[  521.140964][T16634] netem: change failed
[  521.554456][T16646] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3748'.
[  521.568084][ T5936] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  521.611568][ T5966] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0
[  521.659057][ T5966] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  521.735645][ T5936] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  521.840422][ T5936] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  521.860563][ T5936] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  521.892863][ T5936] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  521.919081][ T5936] usb 7-1: config 0 descriptor??
[  522.009076][T16654] lo speed is unknown, defaulting to 1000
[  522.362344][ T5936] cm6533_jd 0003:0D8C:0022.0014: unknown main item tag 0x0
[  522.369756][ T5936] cm6533_jd 0003:0D8C:0022.0014: unknown main item tag 0x0
[  522.380964][ T5936] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.0014/input/input18
[  522.403343][ T5936] cm6533_jd 0003:0D8C:0022.0014: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[  522.573722][ T5966] usb 7-1: USB disconnect, device number 15
[  522.721380][T16665] 9pnet_virtio: no channels available for device syz
[  523.013724][   T30] audit: type=1400 audit(1757328109.633:5271): avc:  denied  { read } for  pid=16673 comm="syz.5.3759" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  523.289272][T16683] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3763'.
[  523.728418][T16690] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.799077][T16687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  523.968786][   T30] audit: type=1400 audit(1757328110.573:5272): avc:  denied  { create } for  pid=16692 comm="syz.7.3767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  523.994420][   T30] audit: type=1400 audit(1757328110.583:5273): avc:  denied  { write } for  pid=16692 comm="syz.7.3767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  524.022647][T16694] lo speed is unknown, defaulting to 1000
[  524.243141][T16700] netlink: 40 bytes leftover after parsing attributes in process `syz.8.3766'.
[  524.651308][T16707] ALSA: mixer_oss: invalid OSS volume ''
[  526.002499][T16720] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  526.009036][T16720] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  526.028727][T16720] vhci_hcd vhci_hcd.0: Device attached
[  526.264158][T16727] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3771'.
[  526.283088][ T5966] usb 36-1: SetAddress Request (2) to port 0
[  526.377105][T16718] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  526.391086][ T5966] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[  526.889801][T16722] vhci_hcd: connection reset by peer
[  526.908831][T12146] vhci_hcd: stop threads
[  526.997081][T12146] vhci_hcd: release socket
[  527.025649][T12146] vhci_hcd: disconnect device
[  527.640878][   T30] audit: type=1400 audit(1757328114.253:5274): avc:  denied  { create } for  pid=16742 comm="syz.7.3780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  527.689754][T16752] lo speed is unknown, defaulting to 1000
[  527.826887][   T30] audit: type=1400 audit(1757328114.443:5275): avc:  denied  { unmount } for  pid=15151 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  528.018693][ T5852] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  528.030256][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[  528.030279][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  528.030288][ T5852] Workqueue: hci5 hci_rx_work
[  528.030308][ T5852] Call Trace:
[  528.030313][ T5852]  <TASK>
[  528.030318][ T5852]  dump_stack_lvl+0x16c/0x1f0
[  528.030335][ T5852]  sysfs_warn_dup+0x7f/0xa0
[  528.030353][ T5852]  sysfs_create_dir_ns+0x24b/0x2b0
[  528.030369][ T5852]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  528.030384][ T5852]  ? find_held_lock+0x2b/0x80
[  528.030402][ T5852]  ? do_raw_spin_unlock+0x172/0x230
[  528.030416][ T5852]  kobject_add_internal+0x2c4/0x9b0
[  528.030434][ T5852]  kobject_add+0x16e/0x240
[  528.030451][ T5852]  ? __pfx_kobject_add+0x10/0x10
[  528.030468][ T5852]  ? do_raw_spin_unlock+0x172/0x230
[  528.030479][ T5852]  ? kobject_put+0xab/0x5a0
[  528.030497][ T5852]  device_add+0x288/0x1aa0
[  528.030513][ T5852]  ? __pfx_dev_set_name+0x10/0x10
[  528.030523][ T5852]  ? __pfx_device_add+0x10/0x10
[  528.030537][ T5852]  ? mgmt_send_event_skb+0x2fb/0x460
[  528.030553][ T5852]  hci_conn_add_sysfs+0x17e/0x230
[  528.030567][ T5852]  le_conn_complete_evt+0x1075/0x1d70
[  528.030578][ T5852]  ? preempt_count_sub+0xb0/0x160
[  528.030594][ T5852]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  528.030605][ T5852]  ? hci_event_packet+0x459/0x11c0
[  528.030619][ T5852]  hci_le_conn_complete_evt+0x23c/0x370
[  528.030633][ T5852]  hci_le_meta_evt+0x354/0x5e0
[  528.030645][ T5852]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  528.030657][ T5852]  hci_event_packet+0x682/0x11c0
[  528.030668][ T5852]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  528.030680][ T5852]  ? __pfx_hci_event_packet+0x10/0x10
[  528.030692][ T5852]  ? kcov_remote_start+0x3c9/0x6d0
[  528.030703][ T5852]  ? lockdep_hardirqs_on+0x7c/0x110
[  528.030719][ T5852]  hci_rx_work+0x2c5/0x16b0
[  528.030732][ T5852]  ? rcu_is_watching+0x12/0xc0
[  528.030747][ T5852]  process_one_work+0x9cc/0x1b70
[  528.030764][ T5852]  ? __pfx_process_one_work+0x10/0x10
[  528.030779][ T5852]  ? assign_work+0x1a0/0x250
[  528.030791][ T5852]  worker_thread+0x6c8/0xf10
[  528.030808][ T5852]  ? __pfx_worker_thread+0x10/0x10
[  528.030820][ T5852]  kthread+0x3c2/0x780
[  528.030830][ T5852]  ? __pfx_kthread+0x10/0x10
[  528.030842][ T5852]  ? rcu_is_watching+0x12/0xc0
[  528.030854][ T5852]  ? __pfx_kthread+0x10/0x10
[  528.030864][ T5852]  ret_from_fork+0x5d4/0x6f0
[  528.030874][ T5852]  ? __pfx_kthread+0x10/0x10
[  528.030885][ T5852]  ret_from_fork_asm+0x1a/0x30
[  528.030905][ T5852]  </TASK>
[  528.030923][ T5852] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  528.288016][ T5852] Bluetooth: hci5: failed to register connection device
[  528.755474][T16777] netlink: 40 bytes leftover after parsing attributes in process `syz.7.3790'.
[  529.302988][ T5852] Bluetooth: hci1: command 0x0406 tx timeout
[  529.497392][   T30] audit: type=1326 audit(1757328116.113:5276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.552143][   T30] audit: type=1326 audit(1757328116.113:5277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.583537][ T5967] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  529.590300][   T30] audit: type=1326 audit(1757328116.143:5278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.634301][   T30] audit: type=1326 audit(1757328116.143:5279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.782605][   T30] audit: type=1326 audit(1757328116.143:5280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.870645][   T30] audit: type=1326 audit(1757328116.143:5281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.917609][ T5967] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  529.918272][   T30] audit: type=1326 audit(1757328116.143:5282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.955667][   T30] audit: type=1326 audit(1757328116.143:5283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16795 comm="syz.1.3798" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  529.980327][ T5967] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  530.000339][ T5967] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  530.024267][ T5967] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  530.082156][ T5967] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  530.111951][ T5967] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.132667][ T5967] usb 9-1: config 0 descriptor??
[  531.023403][T16829] netlink: 'syz.6.3809': attribute type 1 has an invalid length.
[  531.117376][T16833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3806'.
[  531.168017][ T5977] IPVS: starting estimator thread 0...
[  531.178354][T16834] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  531.182397][ T5967] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0
[  531.197134][    C0] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  531.209035][ T5967] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  531.385220][T16836] IPVS: using max 46 ests per chain, 110400 per kthread
[  531.524007][T16846] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3811'.
[  531.916122][ T5966] usb 36-1: device descriptor read/8, error -110
[  531.926342][ T5967] usb 9-1: USB disconnect, device number 14
[  532.035021][T16854] netlink: 'syz.6.3816': attribute type 4 has an invalid length.
[  532.304910][ T5966] usb usb36-port1: attempt power cycle
[  532.307322][T16861] 9pnet_fd: Insufficient options for proto=fd
[  532.343439][ T5902] kernel write not supported for file /sg0 (pid: 5902 comm: kworker/0:4)
[  533.292448][T16875] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3823'.
[  533.513688][T16887] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3824'.
[  533.696620][ T5966] usb usb36-port1: unable to enumerate USB device
[  533.799200][T16883] lo speed is unknown, defaulting to 1000
[  534.681948][T16904] 9pnet_fd: Insufficient options for proto=fd
[  534.869040][T16908] netlink: 'syz.5.3836': attribute type 10 has an invalid length.
[  534.889414][T16908] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  534.934561][T16907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  537.227353][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  537.233725][   T30] audit: type=1400 audit(1757328635.833:5300): avc:  denied  { read } for  pid=16939 comm="syz.8.3849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  538.370518][T16957] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3851'.
[  539.680703][T16986] overlayfs: failed to clone upperpath
[  539.908422][ T5863] Bluetooth: hci1: unexpected event for opcode 0x0803
[  539.913926][T17001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  540.530608][T17014] lo: entered promiscuous mode
[  540.564949][T17014] lo: entered allmulticast mode
[  540.582334][T17014] tunl0: entered promiscuous mode
[  540.621728][T17014] tunl0: entered allmulticast mode
[  540.708118][T17014] gre0: entered promiscuous mode
[  540.755968][T17014] gre0: entered allmulticast mode
[  540.889362][T17014] gretap0: entered promiscuous mode
[  540.949175][T17014] gretap0: entered allmulticast mode
[  540.965653][T17014] erspan0: entered promiscuous mode
[  540.981070][T17014] erspan0: entered allmulticast mode
[  540.996563][T17014] ip_vti0: entered promiscuous mode
[  541.008264][T17014] ip_vti0: entered allmulticast mode
[  541.023186][T17014] ip6_vti0: entered promiscuous mode
[  541.035850][T17014] ip6_vti0: entered allmulticast mode
[  541.050029][T17014] sit0: entered promiscuous mode
[  541.061262][T17014] sit0: entered allmulticast mode
[  541.095109][T17014] ip6tnl0: entered promiscuous mode
[  541.120610][T17014] ip6tnl0: entered allmulticast mode
[  541.151447][T17014] ip6gre0: entered promiscuous mode
[  541.281651][T17014] ip6gre0: entered allmulticast mode
[  541.297087][T17014] syz_tun: entered promiscuous mode
[  541.308378][T17014] syz_tun: entered allmulticast mode
[  541.343527][T17014] ip6gretap0: entered promiscuous mode
[  541.402814][T17014] ip6gretap0: entered allmulticast mode
[  541.419275][T17014] bridge0: entered promiscuous mode
[  541.425639][T17014] bridge0: entered allmulticast mode
[  541.432631][T17014] vcan0: entered promiscuous mode
[  541.439385][T17014] vcan0: entered allmulticast mode
[  541.448430][T17014] bond0: entered promiscuous mode
[  541.455300][T17014] bond_slave_0: entered promiscuous mode
[  541.461307][T17014] bond_slave_1: entered promiscuous mode
[  541.475209][T17014] mac80211_hwsim hwsim21 wlan1: entered promiscuous mode
[  541.490297][T17014] bond0: entered allmulticast mode
[  541.498269][T17014] bond_slave_0: entered allmulticast mode
[  541.513634][T17014] bond_slave_1: entered allmulticast mode
[  541.519692][T17014] mac80211_hwsim hwsim21 wlan1: entered allmulticast mode
[  541.538907][T17014] 8021q: adding VLAN 0 to HW filter on device bond0
[  541.552330][T17014] team0: entered promiscuous mode
[  541.558012][T17014] team_slave_0: entered promiscuous mode
[  541.568289][T17014] team_slave_1: entered promiscuous mode
[  541.579361][T17014] team0: entered allmulticast mode
[  541.813069][ T5966] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  542.003612][ T5966] usb 8-1: Using ep0 maxpacket: 8
[  542.065815][ T5966] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  542.140859][ T5966] usb 8-1: config 179 has no interface number 0
[  542.227661][ T5966] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  542.380002][T17014] team_slave_0: entered allmulticast mode
[  542.385883][T17014] team_slave_1: entered allmulticast mode
[  542.392413][T17014] 8021q: adding VLAN 0 to HW filter on device team0
[  542.400396][T17014] dummy0: entered promiscuous mode
[  542.405546][T17014] dummy0: entered allmulticast mode
[  542.413371][T17014] nlmon0: entered promiscuous mode
[  542.418487][T17014] nlmon0: entered allmulticast mode
[  542.425036][ T5966] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  542.437714][ T5966] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  542.453575][ T5966] usb 8-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  542.479892][T17014] caif0: entered promiscuous mode
[  542.490242][T17014] caif0: entered allmulticast mode
[  542.500741][T17014] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  542.521223][ T5966] usb 8-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  542.580865][ T5966] usb 8-1: config 179 interface 65 has no altsetting 0
[  542.580902][ T5966] usb 8-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  542.580923][ T5966] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.631810][ T5966] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input20
[  542.678300][ T5205] input input20: unable to receive magic message: -110
[  542.714297][   T30] audit: type=1400 audit(1757328641.333:5301): avc:  denied  { bind } for  pid=17042 comm="syz.5.3887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  542.718711][ T5205] input input20: unable to receive magic message: -32
[  542.724702][ T5205] input input20: unable to receive magic message: -32
[  542.726572][ T5205] input input20: unable to receive magic message: -32
[  542.846908][   T30] audit: type=1400 audit(1757328641.463:5302): avc:  denied  { setopt } for  pid=17047 comm="syz.8.3888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  543.031270][ T5902] usb 8-1: USB disconnect, device number 19
[  543.031297][    C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  543.945954][ T5852] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  543.947725][ T5852] Bluetooth: hci1: Injecting HCI hardware error event
[  543.952415][ T5852] Bluetooth: hci1: hardware error 0x00
[  544.191145][T17072] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3898'.
[  544.339294][T17079] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  544.346964][    C1] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  544.663011][ T5858] Bluetooth: hci4: command 0x0405 tx timeout
[  544.909166][T17101] comedi comedi0: Minor 3 specified more than once!
[  545.448439][T17110] overlayfs: failed to clone upperpath
[  545.622991][ T5902] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  546.103081][ T5852] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  546.224869][ T5902] usb 8-1: unable to get BOS descriptor or descriptor too short
[  546.273779][ T5902] usb 8-1: config 4 has an invalid interface number: 180 but max is 0
[  546.281986][ T5902] usb 8-1: config 4 has no interface number 0
[  546.312912][ T5902] usb 8-1: config 4 interface 180 has no altsetting 0
[  546.325981][ T5902] usb 8-1: New USB device found, idVendor=2c7c, idProduct=0125, bcdDevice=eb.29
[  546.348640][ T5902] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.417280][ T5902] usb 8-1: Product: syz
[  546.490304][ T5902] usb 8-1: Manufacturer: syz
[  546.534377][ T5902] usb 8-1: SerialNumber: syz
[  546.566161][T17129] 9pnet_fd: Insufficient options for proto=fd
[  546.877038][ T5902] qmi_wwan 8-1:4.180: skipping garbage
[  546.882894][ T5902] qmi_wwan 8-1:4.180: bogus CDC Union: master=0, slave=1
[  546.896474][ T5902] qmi_wwan 8-1:4.180: probe with driver qmi_wwan failed with error -22
[  547.324772][ T5902] usb 8-1: USB disconnect, device number 20
[  547.356326][ T5936] IPVS: starting estimator thread 0...
[  547.368363][T17142] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  547.390876][   T30] audit: type=1400 audit(1757328902.000:5303): avc:  denied  { create } for  pid=17144 comm="syz.6.3923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  547.411295][    C0] vkms_vblank_simulate: vblank timer overrun
[  547.462859][T17143] IPVS: using max 46 ests per chain, 110400 per kthread
[  548.362995][ T5966] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  548.523102][ T5966] usb 7-1: Using ep0 maxpacket: 32
[  548.533733][ T5966] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  548.542252][ T5966] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  548.555363][ T5966] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  548.575633][ T5967] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  548.592756][ T5966] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  548.610982][ T5966] usb 7-1: config 0 interface 0 has no altsetting 0
[  548.625091][ T5966] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  548.640330][ T5966] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  548.641281][T17173] IPVS: ovf: FWM 3 0x00000003 - no destination available
[  548.651321][ T5966] usb 7-1: Product: syz
[  548.660977][ T5966] usb 7-1: Manufacturer: syz
[  548.669754][ T5966] usb 7-1: SerialNumber: syz
[  548.677210][ T5966] usb 7-1: config 0 descriptor??
[  548.688305][ T5966] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  548.702185][ T5966] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  548.743309][ T5967] usb 9-1: Using ep0 maxpacket: 16
[  548.755142][ T5967] usb 9-1: config 0 has an invalid interface number: 105 but max is 0
[  548.769795][ T5967] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  548.780808][ T5967] usb 9-1: config 0 has no interface number 0
[  548.795050][ T5967] usb 9-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  548.807593][ T5967] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.816470][ T5967] usb 9-1: Product: syz
[  548.820673][ T5967] usb 9-1: Manufacturer: syz
[  548.828760][ T5967] usb 9-1: SerialNumber: syz
[  548.837321][ T5967] usb 9-1: config 0 descriptor??
[  548.844658][ T5967] usb 9-1: Found UVC 0.00 device syz (046c:14e8)
[  548.854382][ T5967] usb 9-1: No valid video chain found.
[  549.105068][ T5967] usb 9-1: USB disconnect, device number 15
[  549.390657][T17188] mkiss: ax0: crc mode is auto.
[  551.173506][ T5902] usb 7-1: USB disconnect, device number 16
[  551.196602][ T5902] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  551.223135][T17212] random: crng reseeded on system resumption
[  551.863860][T17223] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3952'.
[  552.004275][T17208] warn_alloc: 1 callbacks suppressed
[  552.004286][T17208] syz.8.3947: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  552.029919][T17208] CPU: 1 UID: 0 PID: 17208 Comm: syz.8.3947 Not tainted syzkaller #0 PREEMPT(full) 
[  552.029949][T17208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  552.029959][T17208] Call Trace:
[  552.029965][T17208]  <TASK>
[  552.029972][T17208]  dump_stack_lvl+0x16c/0x1f0
[  552.030001][T17208]  warn_alloc+0x248/0x3a0
[  552.030021][T17208]  ? __pfx_warn_alloc+0x10/0x10
[  552.030044][T17208]  ? alloc_vmap_area+0x127/0x29c0
[  552.030066][T17208]  ? __get_vm_area_node+0x1ca/0x330
[  552.030091][T17208]  ? hash_netport4_resize+0x1d8/0x1c50
[  552.030109][T17208]  ? __vmalloc_node_noprof+0xad/0xf0
[  552.030139][T17208]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  552.030175][T17208]  ? hash_netport4_resize+0x1d8/0x1c50
[  552.030198][T17208]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  552.030227][T17208]  ? ___kmalloc_large_node+0xed/0x160
[  552.030257][T17208]  __kvmalloc_node_noprof+0x30a/0x620
[  552.030275][T17208]  ? hash_netport4_resize+0x1d8/0x1c50
[  552.030292][T17208]  ? __kmalloc_noprof+0x242/0x510
[  552.030308][T17208]  ? hash_netport4_resize+0x1d8/0x1c50
[  552.030330][T17208]  ? hash_netport4_resize+0x1d8/0x1c50
[  552.030346][T17208]  hash_netport4_resize+0x1d8/0x1c50
[  552.030364][T17208]  ? __pfx_hash_netport4_add+0x10/0x10
[  552.030382][T17208]  ? __pfx_hash_netport4_uadt+0x10/0x10
[  552.030408][T17208]  ? __pfx___mutex_lock+0x10/0x10
[  552.030442][T17208]  ? __pfx_hash_netport4_resize+0x10/0x10
[  552.030466][T17208]  call_ad.constprop.0+0x36d/0x940
[  552.030496][T17208]  ? __pfx_hash_netport4_resize+0x10/0x10
[  552.030516][T17208]  ? __pfx_call_ad.constprop.0+0x10/0x10
[  552.030548][T17208]  ? __pfx___nla_validate_parse+0x10/0x10
[  552.030588][T17208]  ? __nla_parse+0x40/0x60
[  552.030617][T17208]  ip_set_ad.constprop.0.isra.0+0x3ce/0x870
[  552.030641][T17208]  ? __pfx_ip_set_ad.constprop.0.isra.0+0x10/0x10
[  552.030661][T17208]  ? rcu_sync_func+0x10/0x1a0
[  552.030705][T17208]  ? find_held_lock+0x2b/0x80
[  552.030734][T17208]  nfnetlink_rcv_msg+0x9fc/0x1200
[  552.030760][T17208]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  552.030781][T17208]  ? __lock_acquire+0x62e/0x1ce0
[  552.030832][T17208]  ? avc_has_perm_noaudit+0x149/0x3b0
[  552.030858][T17208]  netlink_rcv_skb+0x155/0x420
[  552.030882][T17208]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  552.030901][T17208]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  552.030943][T17208]  ? ns_capable+0xd7/0x110
[  552.030967][T17208]  nfnetlink_rcv+0x1b3/0x430
[  552.030985][T17208]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  552.031002][T17208]  ? netlink_deliver_tap+0x1ae/0xd30
[  552.031023][T17208]  ? selinux_netlink_send+0x578/0x830
[  552.031046][T17208]  ? is_vmalloc_addr+0x86/0xa0
[  552.031068][T17208]  netlink_unicast+0x5aa/0x870
[  552.031096][T17208]  ? __pfx_netlink_unicast+0x10/0x10
[  552.031121][T17208]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  552.031153][T17208]  netlink_sendmsg+0x8d1/0xdd0
[  552.031181][T17208]  ? __pfx_netlink_sendmsg+0x10/0x10
[  552.031215][T17208]  ____sys_sendmsg+0xa98/0xc70
[  552.031244][T17208]  ? copy_msghdr_from_user+0x10a/0x160
[  552.031266][T17208]  ? __pfx_____sys_sendmsg+0x10/0x10
[  552.031299][T17208]  ? __pfx_futex_wake_mark+0x10/0x10
[  552.031323][T17208]  ___sys_sendmsg+0x134/0x1d0
[  552.031347][T17208]  ? __pfx____sys_sendmsg+0x10/0x10
[  552.031402][T17208]  __sys_sendmsg+0x16d/0x220
[  552.031425][T17208]  ? __pfx___sys_sendmsg+0x10/0x10
[  552.031446][T17208]  ? __x64_sys_futex+0x1e0/0x4c0
[  552.031490][T17208]  do_syscall_64+0xcd/0x4c0
[  552.031516][T17208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  552.031535][T17208] RIP: 0033:0x7fa15838ebe9
[  552.031550][T17208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  552.031567][T17208] RSP: 002b:00007fa1591f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  552.031583][T17208] RAX: ffffffffffffffda RBX: 00007fa1585c5fa0 RCX: 00007fa15838ebe9
[  552.031595][T17208] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004
[  552.031605][T17208] RBP: 00007fa158411e19 R08: 0000000000000000 R09: 0000000000000000
[  552.031615][T17208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  552.031626][T17208] R13: 00007fa1585c6038 R14: 00007fa1585c5fa0 R15: 00007ffc9bf6ae18
[  552.031651][T17208]  </TASK>
[  552.031740][T17208] Mem-Info:
[  552.469588][T17208] active_anon:8906 inactive_anon:0 isolated_anon:0
[  552.469588][T17208]  active_file:3981 inactive_file:40776 isolated_file:0
[  552.469588][T17208]  unevictable:770 dirty:184 writeback:0
[  552.469588][T17208]  slab_reclaimable:13433 slab_unreclaimable:113646
[  552.469588][T17208]  mapped:32640 shmem:4243 pagetables:1774
[  552.469588][T17208]  sec_pagetables:0 bounce:0
[  552.469588][T17208]  kernel_misc_reclaimable:0
[  552.469588][T17208]  free:1288224 free_pcp:22297 free_cma:0
[  552.518119][T17208] Node 0 active_anon:35624kB inactive_anon:0kB active_file:15924kB inactive_file:162904kB unevictable:1544kB isolated(anon):0kB isolated(file):0kB mapped:130560kB dirty:736kB writeback:0kB shmem:15436kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14036kB pagetables:6952kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  552.550445][T17208] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  552.637220][T17208] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  552.711066][T17208] lowmem_reserve[]: 0 2479 2481 2481 2481
[  552.717378][T17208] Node 0 DMA32 free:1264172kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23996kB inactive_anon:0kB active_file:15924kB inactive_file:161580kB unevictable:1544kB writepending:736kB present:3129332kB managed:2539344kB mlocked:8kB bounce:0kB free_pcp:67004kB local_pcp:42920kB free_cma:0kB
[  552.750444][T17208] lowmem_reserve[]: 0 0 1 1 1
[  552.755210][T17208] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[  552.787495][T17208] lowmem_reserve[]: 0 0 0 0 0
[  552.798779][T17208] Node 1 Normal free:3885856kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:21780kB local_pcp:8608kB free_cma:0kB
[  553.181440][T17239] mkiss: ax0: crc mode is auto.
[  553.605836][T17208] lowmem_reserve[]: 0 0 0 0 0
[  553.610611][T17208] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  553.624037][T17208] Node 0 DMA32: 3443*4kB (UME) 1590*8kB (UM) 604*16kB (UM) 17*32kB (UME) 7*64kB (UME) 283*128kB (UME) 553*256kB (UM) 384*512kB (UM) 189*1024kB (UM) 5*2048kB (UME) 160*4096kB (UM) = 1270684kB
[  553.642894][    C0] vkms_vblank_simulate: vblank timer overrun
[  553.653051][T17208] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  553.665355][T17208] Node 1 Normal: 168*4kB (UE) 42*8kB (UME) 41*16kB (UME) 91*32kB (UME) 29*64kB (UME) 8*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 945*4096kB (M) = 3885856kB
[  553.683662][T17208] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  553.693238][T17208] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  553.703170][T17208] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  553.712899][T17208] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  553.722632][T17208] 46126 total pagecache pages
[  553.727496][T17208] 0 pages in swap cache
[  553.731648][T17208] Free swap  = 124996kB
[  553.735835][T17208] Total swap = 124996kB
[  553.740361][T17208] 2097051 pages RAM
[  553.745368][T17208] 0 pages HighMem/MovableOnly
[  553.751235][T17208] 430253 pages reserved
[  553.755802][T17208] 0 pages cma reserved
[  554.024889][ T5858] Bluetooth: hci5: command 0x0405 tx timeout
[  554.985490][ T5852] Bluetooth: hci2: command 0x0406 tx timeout
[  555.233240][T17272] 9pnet_fd: Insufficient options for proto=fd
[  557.879568][T17318] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3984'.
[  557.987068][ T2953] bridge_slave_1: left allmulticast mode
[  558.002845][ T2953] bridge_slave_1: left promiscuous mode
[  558.028350][ T2953] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.055378][ T2953] bridge_slave_0: left allmulticast mode
[  558.058118][T17330] overlayfs: failed to clone lowerpath
[  558.073213][ T2953] bridge_slave_0: left promiscuous mode
[  558.089564][ T2953] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.324218][ T2953] dvmrp1 (unregistering): left allmulticast mode
[  558.639306][ T2953] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  558.649554][ T2953] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  558.659651][ T2953] bond0 (unregistering): Released all slaves
[  558.687335][T17321] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  558.798658][ T2953] : left promiscuous mode
[  558.930038][ T2953] tipc: Left network mode
[  559.222459][T17356] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3998'.
[  559.339032][ T2953] hsr_slave_0: left promiscuous mode
[  559.374210][ T2953] hsr_slave_1: left promiscuous mode
[  559.385943][ T2953] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  559.393615][ T2953] batman_adv: batadv0: Removing interface: batadv_slave_0
[  559.410294][ T2953] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  559.422397][ T2953] batman_adv: batadv0: Removing interface: batadv_slave_1
[  559.476811][ T2953] veth1_macvtap: left promiscuous mode
[  559.495255][ T2953] veth0_macvtap: left promiscuous mode
[  559.517628][ T2953] veth1_vlan: left promiscuous mode
[  559.535582][ T2953] veth0_vlan: left promiscuous mode
[  560.434952][T17390] misc userio: No port type given on /dev/userio
[  560.458885][ T5863] Bluetooth: hci2: unexpected event for opcode 0x0803
[  560.463133][T17390] input: syz1 as /devices/virtual/input/input21
[  560.471010][   T30] audit: type=1400 audit(1757329629.072:5304): avc:  denied  { read } for  pid=17389 comm="syz.6.4012" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  560.501411][   T30] audit: type=1400 audit(1757329629.072:5305): avc:  denied  { open } for  pid=17389 comm="syz.6.4012" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  560.563637][T17392] misc userio: The device must be registered before sending interrupts
[  560.574531][T17392] misc userio: The device must be registered before sending interrupts
[  560.901238][T17389] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  560.960902][ T2953] team0 (unregistering): Port device team_slave_1 removed
[  560.997292][ T2953] team0 (unregistering): Port device team_slave_0 removed
[  561.425069][ T5967] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  561.993155][ T5967] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[  562.001270][ T5967] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  562.032136][ T5967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  562.054626][ T5967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  562.082949][ T5967] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  562.098144][ T5967] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  562.112263][ T5967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.124155][ T5967] usb 2-1: config 0 descriptor??
[  562.135667][T17395] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  562.563561][ T5967] usbhid 2-1:0.0: can't add hid device: -71
[  562.585840][ T5967] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  562.595999][ T5967] usb 2-1: USB disconnect, device number 15
[  562.643982][T17423] 9pnet_fd: Insufficient options for proto=fd
[  562.957311][T17440] syz_tun: entered allmulticast mode
[  563.077662][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  563.400655][ T5967] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  563.552818][ T5902] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  563.603327][T17449] mkiss: ax0: crc mode is auto.
[  564.523283][ T5863] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  564.532684][ T5863] Bluetooth: hci2: Injecting HCI hardware error event
[  564.541759][ T5863] Bluetooth: hci2: hardware error 0x00
[  564.644493][ T5902] usb 9-1: Using ep0 maxpacket: 16
[  564.653641][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  564.664840][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 25454, setting to 1024
[  564.769596][ T5902] usb 9-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  564.782984][ T5967] usb 8-1: Using ep0 maxpacket: 16
[  564.789424][ T5967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  564.801569][ T5967] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 25454, setting to 1024
[  565.243101][ T5902] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.246863][ T5967] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  565.260454][ T5902] usb 9-1: Product: syz
[  565.264761][ T5902] usb 9-1: Manufacturer: syz
[  565.269389][ T5967] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.269426][ T5902] usb 9-1: SerialNumber: syz
[  565.287162][ T5902] usb 9-1: config 0 descriptor??
[  565.297996][ T5902] hub 9-1:0.0: bad descriptor, ignoring hub
[  565.305193][ T5902] hub 9-1:0.0: probe with driver hub failed with error -5
[  565.312385][ T5967] usb 8-1: Product: syz
[  565.314884][ T5902] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input22
[  565.325766][ T5967] usb 8-1: Manufacturer: syz
[  565.330530][ T5967] usb 8-1: SerialNumber: syz
[  565.337450][ T5967] usb 8-1: config 0 descriptor??
[  565.346727][ T5967] hub 8-1:0.0: bad descriptor, ignoring hub
[  565.359055][ T5967] hub 8-1:0.0: probe with driver hub failed with error -5
[  565.372312][ T5967] input: syz syz as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input23
[  565.532342][   T30] audit: type=1400 audit(1757330119.148:5306): avc:  denied  { read write } for  pid=17444 comm="syz.8.4031" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  565.590365][   T30] audit: type=1400 audit(1757330119.178:5307): avc:  denied  { open } for  pid=17444 comm="syz.8.4031" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  565.775622][T17470] netlink: 'syz.6.4039': attribute type 4 has an invalid length.
[  565.809655][T17470] netlink: 'syz.6.4039': attribute type 4 has an invalid length.
[  566.057904][T17465] lo speed is unknown, defaulting to 1000
[  566.591947][ T5863] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  566.697371][T17485] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4042'.
[  567.073200][ T5902] usb 8-1: USB disconnect, device number 21
[  567.174137][ T5936] usb 9-1: USB disconnect, device number 16
[  567.241498][T17491] batman_adv: batadv0: Adding interface: dummy0
[  567.248410][T17491] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.276301][T17491] batman_adv: batadv0: Interface activated: dummy0
[  567.293262][T17491] batadv0: mtu less than device minimum
[  567.299487][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.310566][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.321703][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.332882][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.344000][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.355121][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.366236][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.377375][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.388478][T17491] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  567.421349][T17492] netlink: 'syz.5.4044': attribute type 10 has an invalid length.
[  567.431003][T17492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  567.443634][T17492] batadv0: entered promiscuous mode
[  567.449019][T17492] batadv0: entered allmulticast mode
[  567.458927][T17492] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  567.799844][   T30] audit: type=1326 audit(1757330121.418:5308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17495 comm="syz.5.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  567.954216][   T30] audit: type=1326 audit(1757330121.508:5309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17495 comm="syz.5.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  568.024487][   T30] audit: type=1326 audit(1757330121.508:5310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17495 comm="syz.5.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  568.069374][   T30] audit: type=1326 audit(1757330121.508:5311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17495 comm="syz.5.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  568.630817][   T30] audit: type=1326 audit(1757330121.668:5312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17495 comm="syz.5.4046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff8fdd8ebe9 code=0x7ffc0000
[  569.092629][T17534] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4056'.
[  569.573019][ T5902] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  569.721072][T17550] netlink: 'syz.1.4063': attribute type 10 has an invalid length.
[  569.762647][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  569.774483][T17550] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  569.792030][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  569.801828][T17549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  569.812556][ T5902] usb 7-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  569.821835][ T5902] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.834252][ T5902] usb 7-1: config 0 descriptor??
[  570.415833][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.488528][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.508903][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.798280][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.819098][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.850277][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.859695][ T5902] cp2112 0003:10C4:EA90.0016: unknown main item tag 0x0
[  570.876619][ T5902] cp2112 0003:10C4:EA90.0016: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.6-1/input0
[  570.949293][ T5902] cp2112 0003:10C4:EA90.0016: Part Number: 0x00 Device Version: 0x00
[  571.276465][T17579] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4074'.
[  571.384634][T17590] netlink: 'syz.5.4078': attribute type 10 has an invalid length.
[  571.411670][T17586] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  571.430152][T17542] cp2112 0003:10C4:EA90.0016: Error starting transaction: -38
[  571.447466][ T5902] cp2112 0003:10C4:EA90.0016: error reading lock byte: -71
[  571.455235][T17585] lo speed is unknown, defaulting to 1000
[  571.461113][ T5902] usb 7-1: USB disconnect, device number 17
[  572.196340][T17599] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  572.208313][T17599] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  572.217724][T17599] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  572.373154][ T2907] net_ratelimit: 22 callbacks suppressed
[  572.373170][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  572.916528][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  573.217779][T17629] netlink: 'syz.7.4091': attribute type 4 has an invalid length.
[  573.297573][   T30] audit: type=1400 audit(1757330126.888:5313): avc:  denied  { read } for  pid=17627 comm="syz.6.4093" path="socket:[57228]" dev="sockfs" ino=57228 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  573.302983][    C1] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17
[  573.444901][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  574.673939][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  574.814339][T17652] netlink: 'syz.6.4100': attribute type 10 has an invalid length.
[  574.850439][T17652] syz_tun: entered promiscuous mode
[  574.858814][T17652] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  575.212894][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  575.242062][   T30] audit: type=1400 audit(1757330128.858:5314): avc:  denied  { create } for  pid=17671 comm="syz.5.4108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  575.268198][T17672] =======================================================
[  575.268198][T17672] WARNING: The mand mount option has been deprecated and
[  575.268198][T17672]          and is ignored by this kernel. Remove the mand
[  575.268198][T17672]          option from the mount to silence this warning.
[  575.268198][T17672] =======================================================
[  575.309260][T17672] 9pnet_fd: Insufficient options for proto=fd
[  575.828858][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  576.129130][T17685] netlink: 'syz.5.4113': attribute type 4 has an invalid length.
[  576.195751][T17686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  576.526474][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  577.077894][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  577.238296][T17699] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  577.278752][   T30] audit: type=1400 audit(1757330386.893:5315): avc:  denied  { create } for  pid=17704 comm="syz.7.4120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  577.306890][   T30] audit: type=1400 audit(1757330386.923:5316): avc:  denied  { ioctl } for  pid=17704 comm="syz.7.4120" path="socket:[57391]" dev="sockfs" ino=57391 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  577.368512][T17707] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4121'.
[  577.483105][T17713] netlink: 'syz.8.4124': attribute type 10 has an invalid length.
[  577.491182][T17713] syz_tun: entered promiscuous mode
[  577.505883][T17713] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  578.062495][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  578.602883][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  579.180505][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  579.244006][T17748] netlink: 'syz.1.4136': attribute type 10 has an invalid length.
[  579.324669][T17751] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4135'.
[  579.397168][T17748] syz_tun: entered promiscuous mode
[  579.405496][T17748] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  579.876826][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  580.424027][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  580.612475][T17775] netlink: 'syz.1.4146': attribute type 10 has an invalid length.
[  580.686113][T17774] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  580.950595][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  581.602159][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  582.826116][T17821] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4162'.
[  583.114924][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  583.213615][ T5977] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  583.343135][ T5966] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  583.383226][ T5977] usb 9-1: Using ep0 maxpacket: 16
[  583.396247][ T5977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  583.483759][ T5977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 25454, setting to 1024
[  583.528530][ T5966] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  583.549481][ T5966] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  583.562976][ T5977] usb 9-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  583.572024][ T5977] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.592057][ T5966] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  583.601410][ T5977] usb 9-1: Product: syz
[  583.612913][ T5966] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.627861][ T5977] usb 9-1: Manufacturer: syz
[  583.642872][ T5977] usb 9-1: SerialNumber: syz
[  583.650593][ T5966] usb 8-1: config 0 descriptor??
[  583.656409][ T5977] usb 9-1: config 0 descriptor??
[  583.675590][ T5977] hub 9-1:0.0: bad descriptor, ignoring hub
[  583.681496][ T5977] hub 9-1:0.0: probe with driver hub failed with error -5
[  583.704490][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  583.706676][ T5977] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input24
[  584.248168][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  584.440272][T17852] 9pnet_fd: Insufficient options for proto=fd
[  584.692304][T17861] comedi comedi0: Minor 3 specified more than once!
[  584.755261][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  585.142067][T17875] fuse: Bad value for 'fd'
[  585.263203][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  585.355477][T17880] syz_tun: entered allmulticast mode
[  585.513002][T17884] 9pnet_fd: Insufficient options for proto=fd
[  586.172647][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  586.175504][   T30] audit: type=1400 audit(1757330907.789:5317): avc:  denied  { mount } for  pid=17893 comm="syz.5.4190" name="/" dev="autofs" ino=58571 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  586.185898][ T5902] usb 8-1: USB disconnect, device number 22
[  586.496241][T17906] fuse: Bad value for 'fd'
[  586.497610][T17908] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  586.497610][T17908] The task syz.7.4193 (17908) triggered the difference, watch for misbehavior.
[  586.672944][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  586.861780][ T5967] usb 9-1: USB disconnect, device number 17
[  586.948659][   T30] audit: type=1326 audit(1757330908.559:5318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  586.992904][   T30] audit: type=1326 audit(1757330908.559:5319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  587.016277][    C1] vkms_vblank_simulate: vblank timer overrun
[  587.032968][   T30] audit: type=1326 audit(1757330908.559:5320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  587.067134][   T30] audit: type=1326 audit(1757330908.639:5321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  587.158605][   T30] audit: type=1326 audit(1757330908.639:5322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9b6fd8ec23 code=0x7ffc0000
[  587.181891][    C1] vkms_vblank_simulate: vblank timer overrun
[  587.214883][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  587.287973][   T30] audit: type=1326 audit(1757330908.729:5323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9b6fd8ec23 code=0x7ffc0000
[  587.321664][   T30] audit: type=1326 audit(1757330908.729:5324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  587.378831][   T30] audit: type=1326 audit(1757330908.989:5325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17920 comm="syz.6.4199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  587.418345][T17938] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4204'.
[  587.687463][T17945] random: crng reseeded on system resumption
[  587.776528][T17946] comedi comedi0: Minor 3 specified more than once!
[  587.995613][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  588.233263][   T30] audit: type=1400 audit(1757330909.849:5326): avc:  denied  { unmount } for  pid=17948 comm="syz.5.4208" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  588.499608][T17956] macvtap0: refused to change device tx_queue_len
[  588.633958][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  589.027246][T17975] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4220'.
[  589.045663][T17977] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  589.198086][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  589.633240][ T5967] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  589.738411][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  589.792902][ T5967] usb 8-1: Using ep0 maxpacket: 32
[  589.808225][ T5967] usb 8-1: config index 0 descriptor too short (expected 156, got 27)
[  589.819594][ T5967] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  589.840087][ T5967] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  589.933171][ T5967] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  589.971280][ T5967] usb 8-1: config 0 interface 0 has no altsetting 0
[  589.981509][ T5967] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  589.993129][ T5967] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  590.005461][ T5967] usb 8-1: Product: syz
[  590.013434][ T5967] usb 8-1: Manufacturer: syz
[  590.039279][ T5967] usb 8-1: SerialNumber: syz
[  590.077105][ T5967] usb 8-1: config 0 descriptor??
[  590.091147][T18002] lo speed is unknown, defaulting to 1000
[  590.098181][ T5967] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  590.110793][ T5967] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  590.331806][T18007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4232'.
[  590.356207][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  590.585854][T18012] Mount JFS Failure: -22
[  590.590117][T18012] jfs_mount failed w/return code = -22
[  590.887250][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  591.438770][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  591.768114][T18040] lo speed is unknown, defaulting to 1000
[  591.994721][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  592.316703][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  592.316718][   T30] audit: type=1326 audit(1757330913.929:5328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.354652][   T30] audit: type=1326 audit(1757330913.929:5329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.390269][ T5902] usb 8-1: USB disconnect, device number 23
[  592.404937][ T5902] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  592.418647][   T30] audit: type=1326 audit(1757330913.969:5330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.447841][   T30] audit: type=1326 audit(1757330913.969:5331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.481912][   T30] audit: type=1326 audit(1757330913.969:5332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.533519][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  592.540815][   T30] audit: type=1326 audit(1757330913.999:5333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.580405][   T30] audit: type=1326 audit(1757330913.999:5334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.650675][   T30] audit: type=1326 audit(1757330913.999:5335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.734205][   T30] audit: type=1326 audit(1757330913.999:5336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  592.822978][ T5967] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  592.877303][   T30] audit: type=1326 audit(1757330913.999:5337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18048 comm="syz.1.4247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  593.065987][ T5967] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[  593.086083][ T5967] usb 2-1: config 0 has no interface number 0
[  593.092196][ T5967] usb 2-1: config 0 interface 29 has no altsetting 0
[  593.132939][ T5967] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  593.147353][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  593.171957][ T5967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  593.183010][ T5967] usb 2-1: Product: syz
[  593.187211][ T5967] usb 2-1: Manufacturer: syz
[  593.224948][ T5967] usb 2-1: SerialNumber: syz
[  593.237972][ T5967] usb 2-1: config 0 descriptor??
[  593.388157][T18066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  593.703380][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  594.017804][T18079] netlink: 'syz.5.4259': attribute type 10 has an invalid length.
[  594.036639][T18079] syz_tun: left allmulticast mode
[  594.053463][T18079] syz_tun: entered allmulticast mode
[  594.243680][T18079] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  594.254623][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  594.783172][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  595.343645][ T5967] peak_usb 2-1:0.29 can0: unable to request usb[type=0 value=1] err=-71
[  595.352462][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  595.396911][ T5967] peak_usb 2-1:0.29: unable to read PCAN-USB X6 firmware info (err -71)
[  595.763282][ T5967] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -71
[  595.797077][ T5967] usb 2-1: USB disconnect, device number 16
[  596.206215][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  596.913693][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  596.948002][T18140] fuse: Bad value for 'group_id'
[  596.966108][T18140] fuse: Bad value for 'group_id'
[  597.451660][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  597.573191][T18155] netlink: 'syz.6.4287': attribute type 4 has an invalid length.
[  598.078969][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  599.085013][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  599.252958][ T5902] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  599.939993][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  599.994964][ T5902] usb 8-1: unable to get BOS descriptor or descriptor too short
[  600.013783][ T5902] usb 8-1: config 4 has an invalid interface number: 180 but max is 0
[  600.021965][ T5902] usb 8-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  600.029413][T18199] netlink: 'syz.5.4302': attribute type 10 has an invalid length.
[  600.050566][ T5902] usb 8-1: config 4 has no interface number 0
[  600.061725][ T5902] usb 8-1: New USB device found, idVendor=2c7c, idProduct=0125, bcdDevice=eb.29
[  600.070982][ T5902] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.079013][ T5902] usb 8-1: Product: syz
[  600.083270][ T5902] usb 8-1: Manufacturer: syz
[  600.087853][ T5902] usb 8-1: SerialNumber: syz
[  600.441392][ T5902] usb 8-1: USB disconnect, device number 24
[  600.476211][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  600.637851][T18214] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4304'.
[  600.817521][T18213] Mount JFS Failure: -22
[  600.817552][T18213] jfs_mount failed w/return code = -22
[  601.003182][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  601.597562][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  602.731179][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  602.788190][ T5967] usb 9-1: new full-speed USB device number 18 using dummy_hcd
[  603.309402][ T5967] usb 9-1: config 0 has an invalid interface number: 29 but max is 0
[  603.328540][ T5967] usb 9-1: config 0 has no interface number 0
[  603.337934][ T5967] usb 9-1: config 0 interface 29 has no altsetting 0
[  603.353423][ T5967] usb 9-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  603.395476][ T5967] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.427203][ T5967] usb 9-1: Product: syz
[  603.440185][ T5967] usb 9-1: Manufacturer: syz
[  603.459635][ T5967] usb 9-1: SerialNumber: syz
[  603.484109][ T5967] usb 9-1: config 0 descriptor??
[  604.085079][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  604.229748][ T5967] usb 9-1: can't set config #0, error -71
[  604.257275][ T5967] usb 9-1: USB disconnect, device number 18
[  604.304166][T18275] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4330'.
[  604.323521][T18276] netlink: 'syz.5.4331': attribute type 10 has an invalid length.
[  604.401435][T18275] macvtap1: entered promiscuous mode
[  604.406979][T18275] bond0: entered promiscuous mode
[  604.411998][T18275] bond_slave_0: entered promiscuous mode
[  604.418258][T18275] bond_slave_1: entered promiscuous mode
[  604.433565][T18275] macvtap1: entered allmulticast mode
[  604.438961][T18275] bond0: entered allmulticast mode
[  604.462978][T18275] bond_slave_0: entered allmulticast mode
[  604.469122][T18275] bond_slave_1: entered allmulticast mode
[  604.501802][T18275] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  604.666577][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  605.072665][T18302] fuse: Unknown parameter 'grou00000000000000000000'
[  605.351584][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  605.378740][T18311] netlink: 'syz.8.4344': attribute type 10 has an invalid length.
[  605.470500][T18319] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4346'.
[  605.911800][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  606.476934][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  606.503859][T18349] Mount JFS Failure: -22
[  606.524851][T18349] jfs_mount failed w/return code = -22
[  607.122805][T18361] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4363'.
[  607.495688][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  607.910676][T18369] mkiss: ax0: crc mode is auto.
[  608.035143][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  608.064970][ T5863] Bluetooth: hci5: link tx timeout
[  608.070404][ T5863] Bluetooth: hci5: killing stalled connection 10:aa:aa:aa:aa:aa
[  608.079956][ T5863] Bluetooth: hci5: link tx timeout
[  608.085494][ T5863] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa
[  608.093679][ T5863] Bluetooth: hci5: killing stalled connection 00:00:00:00:00:00
[  608.502965][    C1] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17
[  608.755055][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  609.074313][T18404] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4378'.
[  609.357525][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  609.410162][T18405] veth1_vlan: default FDB implementation only supports local addresses
[  609.421967][T18407] sctp: [Deprecated]: syz.7.4384 (pid 18407) Use of struct sctp_assoc_value in delayed_ack socket option.
[  609.421967][T18407] Use struct sctp_sack_info instead
[  609.752839][ T5902] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  609.859415][T18433] netlink: 'syz.7.4393': attribute type 4 has an invalid length.
[  609.872864][ T5977] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  609.882381][T18431] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4390'.
[  609.893494][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  609.923662][ T5902] usb 9-1: unable to get BOS descriptor or descriptor too short
[  609.942070][ T5902] usb 9-1: config 4 has an invalid interface number: 180 but max is 0
[  609.966138][ T5902] usb 9-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  609.980176][ T5902] usb 9-1: config 4 has no interface number 0
[  609.987820][ T5902] usb 9-1: config 4 interface 180 has no altsetting 0
[  609.997246][ T5902] usb 9-1: New USB device found, idVendor=2c7c, idProduct=0125, bcdDevice=eb.29
[  610.010102][ T5902] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.022532][ T5902] usb 9-1: Product: syz
[  610.031061][ T5902] usb 9-1: Manufacturer: syz
[  610.035955][ T5902] usb 9-1: SerialNumber: syz
[  610.103292][ T5863] Bluetooth: hci5: command 0x0405 tx timeout
[  610.111527][ T5977] usb 2-1: config 0 has an invalid interface number: 29 but max is 0
[  610.119880][ T5977] usb 2-1: config 0 has no interface number 0
[  610.126460][ T5977] usb 2-1: config 0 interface 29 has no altsetting 0
[  610.139149][ T5977] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[  610.148418][ T5977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.156589][ T5977] usb 2-1: Product: syz
[  610.160903][ T5977] usb 2-1: Manufacturer: syz
[  610.165589][ T5977] usb 2-1: SerialNumber: syz
[  610.180810][ T5977] usb 2-1: config 0 descriptor??
[  610.207018][T18439] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4394'.
[  610.583860][ T5902] qmi_wwan 9-1:4.180: bogus CDC Union: master=0, slave=1
[  610.593754][ T5902] qmi_wwan 9-1:4.180: probe with driver qmi_wwan failed with error -22
[  610.623271][ T5902] usb 9-1: USB disconnect, device number 19
[  610.656214][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  611.185599][T18461] netlink: 'syz.8.4404': attribute type 4 has an invalid length.
[  611.261833][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  611.383923][ T5967] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  611.533272][ T5967] usb 8-1: Using ep0 maxpacket: 32
[  611.550702][ T5967] usb 8-1: config index 0 descriptor too short (expected 156, got 27)
[  611.609835][ T5967] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  611.688808][ T5967] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  611.766515][ T5967] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  611.820877][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  611.835615][ T5967] usb 8-1: config 0 interface 0 has no altsetting 0
[  611.845868][ T5967] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  611.855407][ T5967] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  611.863969][ T5967] usb 8-1: Product: syz
[  611.868325][ T5967] usb 8-1: Manufacturer: syz
[  611.873401][ T5967] usb 8-1: SerialNumber: syz
[  611.879452][ T5967] usb 8-1: config 0 descriptor??
[  611.886453][ T5967] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  611.897646][ T5967] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  612.203090][ T5863] Bluetooth: hci5: command 0x0405 tx timeout
[  612.343355][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  612.545577][ T5977] peak_usb 2-1:0.29 can0: unable to request usb[type=0 value=1] err=-71
[  612.572829][ T5977] peak_usb 2-1:0.29: unable to read PCAN-USB X6 firmware info (err -71)
[  612.600585][   T30] kauditd_printk_skb: 65 callbacks suppressed
[  612.600598][   T30] audit: type=1326 audit(1757330934.209:5403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  612.718831][   T30] audit: type=1326 audit(1757330934.209:5404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  612.769218][T18492] macvtap0: refused to change device tx_queue_len
[  612.805193][ T5977] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -71
[  612.837587][ T5977] usb 2-1: USB disconnect, device number 17
[  612.849426][   T30] audit: type=1326 audit(1757330934.209:5405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  612.907112][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  612.929362][   T30] audit: type=1326 audit(1757330934.209:5406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  612.979867][   T30] audit: type=1326 audit(1757330934.209:5407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  613.024551][   T30] audit: type=1326 audit(1757330934.209:5408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  613.052322][   T30] audit: type=1326 audit(1757330934.209:5409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  613.082982][   T30] audit: type=1326 audit(1757330934.209:5410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  613.110366][   T30] audit: type=1326 audit(1757330934.209:5411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  613.141334][   T30] audit: type=1326 audit(1757330934.209:5412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18490 comm="syz.1.4415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe9998ebe9 code=0x7ffc0000
[  613.440901][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  613.964626][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  614.051910][ T5977] usb 8-1: USB disconnect, device number 25
[  614.059755][ T5977] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  614.201633][T18531] macvtap0: refused to change device tx_queue_len
[  614.342840][ T5863] Bluetooth: hci5: command 0x0405 tx timeout
[  614.482861][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  615.096958][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  615.292479][T18555] sctp: [Deprecated]: syz.7.4438 (pid 18555) Use of struct sctp_assoc_value in delayed_ack socket option.
[  615.292479][T18555] Use struct sctp_sack_info instead
[  615.438190][T18562] comedi comedi0: Minor 3 specified more than once!
[  615.646233][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  616.184884][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  616.424932][ T5863] Bluetooth: hci5: command 0x0405 tx timeout
[  617.146980][T18604] netlink: 'syz.5.4458': attribute type 10 has an invalid length.
[  617.214919][T18608] netlink: 40 bytes leftover after parsing attributes in process `syz.7.4460'.
[  617.461687][T18619] random: crng reseeded on system resumption
[  618.064619][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  618.404446][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  618.404460][   T30] audit: type=1400 audit(1757330940.019:5430): avc:  denied  { override_creds } for  pid=18628 comm="syz.1.4467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  619.257807][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  619.648136][   T30] audit: type=1400 audit(1757330941.259:5431): avc:  denied  { read } for  pid=18651 comm="syz.1.4474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  619.700170][   T30] audit: type=1400 audit(1757330941.309:5432): avc:  denied  { name_bind } for  pid=18651 comm="syz.1.4474" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  619.780079][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  620.303485][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  620.330768][T18658] netlink: 'syz.6.4477': attribute type 4 has an invalid length.
[  620.632650][T18669] lo speed is unknown, defaulting to 1000
[  620.632846][ T5977] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  620.931531][ T5977] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  620.946017][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  620.960497][ T5977] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  620.974364][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  620.989559][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  621.002014][ T5977] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  621.017997][ T5977] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  621.027433][ T5977] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.038139][ T5977] usb 8-1: config 0 descriptor??
[  621.055620][T18661] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  621.647792][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  621.662738][ T5977] plantronics 0003:047F:FFFF.0017: reserved main item tag 0xd
[  621.693927][ T5977] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  621.896249][ T5977] usb 8-1: USB disconnect, device number 26
[  622.312332][   T78] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  623.345209][   T78] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  623.597953][T18710] lo speed is unknown, defaulting to 1000
[  623.698861][T18718] overlayfs: missing 'lowerdir'
[  624.479070][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  624.508091][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  625.998712][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  626.523504][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  627.480926][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  628.065398][T12158] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  629.361955][T18794] overlayfs: missing 'workdir'
[  629.470895][T18803] netlink: 'syz.6.4526': attribute type 4 has an invalid length.
[  629.516070][T18805] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4527'.
[  629.528995][T18805] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4527'.
[  629.538220][ T5902] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  629.725650][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  629.751659][ T5902] usb 2-1: Using ep0 maxpacket: 32
[  629.794239][ T5902] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  629.802336][ T5902] usb 2-1: config 0 has no interface number 0
[  629.828768][ T5902] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  629.840580][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.862919][ T5902] usb 2-1: Product: syz
[  629.867202][ T5902] usb 2-1: Manufacturer: syz
[  629.902036][ T5902] usb 2-1: SerialNumber: syz
[  629.919400][ T5902] usb 2-1: config 0 descriptor??
[  629.935032][ T5902] quatech2 2-1:0.1: Quatech 2nd gen USB to Serial Driver converter detected
[  629.996753][T18818] sch_tbf: burst 19872 is lower than device lo mtu (11337746) !
[  630.164441][ T5902] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  630.174165][T18822] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  630.212483][ T5902] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  630.244485][T18815] kvm: pic: non byte read
[  630.302851][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  630.542461][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  630.543316][ T5977] usb 2-1: USB disconnect, device number 18
[  630.560576][ T5977] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  630.579213][ T5977] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  630.600128][ T5977] quatech2 2-1:0.1: device disconnected
[  630.844762][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  631.098759][T18857] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4549'.
[  631.189168][T18859] netlink: 'syz.1.4550': attribute type 10 has an invalid length.
[  631.561907][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  632.197161][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  632.676609][T18883] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4555'.
[  633.045681][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  633.706978][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  634.002225][T18901] 9pnet_fd: Insufficient options for proto=fd
[  634.307970][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  634.833290][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  635.162831][ T5936] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  635.353835][ T5936] usb 9-1: config index 0 descriptor too short (expected 45, got 36)
[  635.361968][ T5936] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  635.386857][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  635.412997][ T5936] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  635.437137][ T5936] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  635.462815][ T5936] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  635.502972][ T5936] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  635.512028][ T5936] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.544764][ T5936] usb 9-1: config 0 descriptor??
[  635.550794][T18922] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  635.566788][T18844] Set syz1 is full, maxelem 65536 reached
[  635.880223][T18944] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4577'.
[  635.925306][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  635.982234][ T5936] plantronics 0003:047F:FFFF.0018: reserved main item tag 0xd
[  636.028148][ T5936] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  636.620975][   T78] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  636.716703][ T5936] usb 9-1: USB disconnect, device number 20
[  637.194653][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  637.722624][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  638.289781][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  639.033531][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  639.108707][T19012] netlink: 'syz.6.4602': attribute type 4 has an invalid length.
[  639.187906][T19013] overlayfs: missing 'lowerdir'
[  639.958493][T19016] netlink: 'syz.6.4605': attribute type 2 has an invalid length.
[  640.076037][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  640.217735][T19026] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4610'.
[  640.526400][ T5977] usb 9-1: new full-speed USB device number 21 using dummy_hcd
[  640.685190][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  640.704336][ T5977] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  640.715567][ T5977] usb 9-1: config 0 has no interfaces?
[  640.722648][ T5977] usb 9-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  640.731783][ T5977] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.739845][ T5977] usb 9-1: Product: syz
[  640.744069][ T5977] usb 9-1: Manufacturer: syz
[  640.748683][ T5977] usb 9-1: SerialNumber: syz
[  640.756284][ T5977] usb 9-1: config 0 descriptor??
[  640.977971][ T5936] usb 9-1: USB disconnect, device number 21
[  641.525604][ T5999] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  642.201295][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  642.523306][T19055] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4618'.
[  642.595477][T19057] netlink: 'syz.1.4619': attribute type 4 has an invalid length.
[  642.661309][T19061] 9pnet_fd: Insufficient options for proto=fd
[  643.057856][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  643.107566][T19076] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4626'.
[  643.301263][T19082] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  643.310185][T19082] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  643.591437][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  643.693361][T19088] netlink: 'syz.6.4632': attribute type 4 has an invalid length.
[  644.000068][T19108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4641'.
[  644.037269][T19108] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4641'.
[  644.950769][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  645.072838][ T5977] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  645.222789][   T30] audit: type=1326 audit(1757330966.829:5433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.279598][   T30] audit: type=1326 audit(1757330966.839:5434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.280866][ T5977] usb 9-1: config index 0 descriptor too short (expected 45, got 36)
[  645.313080][ T5977] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  645.326901][ T5977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  645.349503][ T5977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  645.357182][   T30] audit: type=1326 audit(1757330966.859:5435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.374883][ T5977] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  645.418102][ T5977] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  645.427605][ T5977] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.430647][   T30] audit: type=1326 audit(1757330966.859:5436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.460744][ T5977] usb 9-1: config 0 descriptor??
[  645.470904][   T30] audit: type=1326 audit(1757330966.869:5437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.495336][T19102] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  645.504880][   T30] audit: type=1326 audit(1757330966.869:5438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.533222][   T30] audit: type=1326 audit(1757330966.869:5439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.560980][   T30] audit: type=1326 audit(1757330966.869:5440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.590388][   T30] audit: type=1326 audit(1757330966.879:5441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.618431][   T30] audit: type=1326 audit(1757330966.879:5442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19125 comm="syz.6.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6fd8ebe9 code=0x7ffc0000
[  645.619410][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  645.957714][ T5977] plantronics 0003:047F:FFFF.0019: reserved main item tag 0xd
[  646.002354][ T5977] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  646.170461][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  646.315299][ T5936] usb 9-1: USB disconnect, device number 22
[  646.365351][T19153] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4658'.
[  646.434351][T19153] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4658'.
[  646.577457][ T5863] Bluetooth: to_multiplier 0 < 10
[  646.723597][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  646.963215][ T5936] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  647.072912][ T5977] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  647.103052][ T5936] usb 2-1: device descriptor read/64, error -71
[  647.242810][ T5977] usb 8-1: Using ep0 maxpacket: 16
[  647.254175][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  647.267882][ T5977] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 25454, setting to 1024
[  647.283218][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  647.301538][ T5977] usb 8-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  647.319974][T19184] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4672'.
[  647.322884][ T5977] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  647.355440][ T5936] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  647.359025][ T5977] usb 8-1: Product: syz
[  647.376390][ T5977] usb 8-1: Manufacturer: syz
[  647.389994][ T5977] usb 8-1: SerialNumber: syz
[  647.391496][T19185] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4672'.
[  647.407579][ T5977] usb 8-1: config 0 descriptor??
[  647.418857][ T5977] hub 8-1:0.0: bad descriptor, ignoring hub
[  647.432499][ T5977] hub 8-1:0.0: probe with driver hub failed with error -5
[  647.454844][ T5977] input: syz syz as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input28
[  647.455196][T19184] netlink: 60 bytes leftover after parsing attributes in process `syz.8.4672'.
[  647.503331][ T5936] usb 2-1: device descriptor read/64, error -71
[  647.643271][ T5936] usb usb2-port1: attempt power cycle
[  647.681898][T19187] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4673'.
[  648.022943][ T5936] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  648.183152][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  648.246126][ T5936] usb 2-1: device descriptor read/8, error -71
[  648.582814][ T5863] Bluetooth: hci4: command 0x0405 tx timeout
[  648.749962][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  648.812848][ T5936] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  649.490430][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  649.542463][ T5936] usb 2-1: device descriptor read/8, error -71
[  649.732833][ T5936] usb usb2-port1: unable to enumerate USB device
[  650.316002][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  650.342820][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  650.342838][   T30] audit: type=1400 audit(1757330971.939:5472): avc:  denied  { lock } for  pid=19218 comm="syz.1.4685" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  650.523070][ T5936] usb 8-1: USB disconnect, device number 27
[  651.414318][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  652.322437][T19238] netlink: 'syz.7.4693': attribute type 4 has an invalid length.
[  652.376550][T19241] netlink: 'syz.7.4693': attribute type 4 has an invalid length.
[  652.400936][T19242] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4686'.
[  652.684619][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  652.862997][ T5936] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  653.042878][ T5936] usb 9-1: Using ep0 maxpacket: 32
[  653.073582][ T5936] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  653.095488][ T5936] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.123589][ T5936] usb 9-1: config 0 descriptor??
[  653.234873][ T2953] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  653.350122][ T5936] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  653.368213][T19257] overlayfs: failed to clone upperpath
[  653.440364][ T5936] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  653.507103][ T5936] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  653.527968][ T5936] usb 9-1: media controller created
[  653.561300][ T5936] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  653.573253][T19262] vlan0: entered allmulticast mode
[  653.578353][T19262] hsr0: entered allmulticast mode
[  653.597079][T19262] hsr_slave_0: entered allmulticast mode
[  653.611269][T19262] hsr_slave_1: entered allmulticast mode
[  653.667906][ T5936] DVB: Unable to find symbol dib7000p_attach()
[  653.695337][ T5936] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  653.776101][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  653.824837][ T5936] rc_core: IR keymap rc-dib0700-rc5 not found
[  653.838917][ T5936] Registered IR keymap rc-empty
[  653.850079][ T5936] dvb-usb: could not initialize remote control.
[  653.872537][ T5936] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  654.326038][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  654.874595][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  655.246397][T19282] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  655.420992][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  655.985372][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  656.001919][T19285] netlink: 'syz.6.4706': attribute type 4 has an invalid length.
[  656.019100][T19285] netlink: 'syz.6.4706': attribute type 4 has an invalid length.
[  656.381807][T19295] overlayfs: failed to clone upperpath
[  656.564965][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  657.002925][ T5966] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  657.093091][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  657.195342][ T5966] usb 2-1: Using ep0 maxpacket: 8
[  657.207410][ T5966] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  657.221760][ T5966] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  657.311985][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.321750][ T5966] usb 2-1: Product: syz
[  657.332241][ T5966] usb 2-1: Manufacturer: syz
[  657.355289][ T5966] usb 2-1: SerialNumber: syz
[  657.379743][ T5966] usb 2-1: config 0 descriptor??
[  657.400407][ T5966] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  657.436891][ T5966] usb 2-1: setting power ON
[  657.443245][ T5966] dvb-usb: bulk message failed: -22 (2/0)
[  657.474061][ T5966] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  657.496949][ T5966] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  657.514236][ T5966] usb 2-1: media controller created
[  657.557180][ T5966] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  657.619434][ T5966] usb 2-1: selecting invalid altsetting 6
[  657.621547][ T2978] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  657.655470][ T5966] usb 2-1: digital interface selection failed (-22)
[  657.675127][   T30] audit: type=1400 audit(1757330979.289:5473): avc:  denied  { create } for  pid=19316 comm="syz.6.4718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  657.702222][ T5966] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  657.731296][ T5966] usb 2-1: setting power OFF
[  657.765259][   T30] audit: type=1400 audit(1757330979.329:5474): avc:  denied  { write } for  pid=19316 comm="syz.6.4718" path="socket:[62686]" dev="sockfs" ino=62686 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  657.770453][ T5966] dvb-usb: bulk message failed: -22 (2/0)
[  657.817787][ T5966] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  657.818023][   T30] audit: type=1400 audit(1757330979.409:5475): avc:  denied  { setopt } for  pid=19316 comm="syz.6.4718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  657.861201][ T5966] (NULL device *): no alternate interface
[  657.976229][ T5966] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  658.223726][ T2907] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  658.776800][ T7151] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  658.891162][T19333] lo speed is unknown, defaulting to 1000
[  658.986073][T19324] ------------[ cut here ]------------
[  658.991689][T19324] usb 9-1: BOGUS control dir, pipe 80001780 doesn't match bRequestType c0
[  659.242595][T19324] WARNING: CPU: 0 PID: 19324 at drivers/usb/core/urb.c:411 usb_submit_urb+0x13a7/0x1770
[  659.252464][T19324] Modules linked in:
[  659.256752][T19324] CPU: 0 UID: 0 PID: 19324 Comm: syz.1.4713 Not tainted syzkaller #0 PREEMPT(full) 
[  659.266160][T19324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  659.276418][T19324] RIP: 0010:usb_submit_urb+0x13a7/0x1770
[  659.282046][T19324] Code: e8 ae 4f 7a fa 48 8b 7c 24 40 e8 44 5f d4 fe 48 8b 54 24 30 45 89 e8 44 89 f9 48 89 c6 48 c7 c7 40 08 74 8c e8 aa f2 38 fa 90 <0f> 0b 90 90 e9 a0 ef ff ff e8 7b 4f 7a fa 0f b6 2d 6c 8b 52 09 31
[  659.301690][T19324] RSP: 0018:ffffc90004b07978 EFLAGS: 00010282
[  659.307802][T19324] RAX: 0000000000000000 RBX: ffff88807e05b200 RCX: ffffc9001c729000
[  659.315800][T19324] RDX: 0000000000080000 RSI: ffffffff817a3395 RDI: 0000000000000001
[  659.323790][T19324] RBP: ffff88805233b058 R08: 0000000000000001 R09: 0000000000000000
[  659.331739][T19324] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880332f3220
[  659.339711][T19324] R13: 00000000000000c0 R14: 0000000000000001 R15: 0000000080001780
[  659.347764][T19324] FS:  00007efe9a76e6c0(0000) GS:ffff8881246b5000(0000) knlGS:0000000000000000
[  659.356689][T19324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  659.363334][T19324] CR2: 0000200000061000 CR3: 0000000066415000 CR4: 00000000003526f0
[  659.371312][T19324] Call Trace:
[  659.374608][T19324]  <TASK>
[  659.377514][T19324]  ? lockdep_init_map_type+0x50/0x280
[  659.382891][T19324]  ? __init_swait_queue_head+0xca/0x150
[  659.388422][T19324]  usb_start_wait_urb+0x104/0x4b0
[  659.393487][T19324]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  659.399036][T19324]  ? __asan_memset+0x23/0x50
[  659.403638][T19324]  usb_control_msg+0x326/0x4a0
[  659.408390][T19324]  ? __pfx_usb_control_msg+0x10/0x10
[  659.413721][T19324]  dib0700_ctrl_rd+0x1b2/0x350
[  659.418512][T19324]  dib0700_i2c_xfer+0xa9a/0xe40
[  659.423432][T19324]  __i2c_transfer+0x6b6/0x2190
[  659.428200][T19324]  ? task_blocks_on_rt_mutex.constprop.0.isra.0+0x1cb7/0x1cc0
[  659.433451][   T12] batman_adv: batadv0: Local translation table size (60) exceeds maximum packet size (-320); Ignoring new local tt entry: 01:00:5e:00:00:01
[  659.435694][T19324]  ? __pfx___i2c_transfer+0x10/0x10
[  659.455198][T19324]  i2c_transfer+0x1da/0x380
[  659.459713][T19324]  i2cdev_ioctl_rdwr+0x373/0x710
[  659.464723][T19324]  i2cdev_ioctl+0x5ff/0x820
[  659.468919][ T5966] usb 9-1: USB disconnect, device number 23
[  659.469222][T19324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  659.480136][T19324]  ? selinux_file_ioctl+0x180/0x270
[  659.485408][T19324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  659.490450][T19324]  __x64_sys_ioctl+0x18b/0x210
[  659.495292][T19324]  do_syscall_64+0xcd/0x4c0
[  659.499819][T19324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.505758][T19324] RIP: 0033:0x7efe9998ebe9
[  659.510165][T19324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  659.529812][T19324] RSP: 002b:00007efe9a76e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  659.538271][T19324] RAX: ffffffffffffffda RBX: 00007efe99bc6090 RCX: 00007efe9998ebe9
[  659.546341][T19324] RDX: 00002000000006c0 RSI: 0000000000000707 RDI: 0000000000000004
[  659.554329][T19324] RBP: 00007efe99a11e19 R08: 0000000000000000 R09: 0000000000000000
[  659.562276][T19324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  659.570238][T19324] R13: 00007efe99bc6128 R14: 00007efe99bc6090 R15: 00007ffc3a8f1bf8
[  659.578234][T19324]  </TASK>
[  659.581232][T19324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  659.588480][T19324] CPU: 0 UID: 0 PID: 19324 Comm: syz.1.4713 Not tainted syzkaller #0 PREEMPT(full) 
[  659.597823][T19324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  659.607863][T19324] Call Trace:
[  659.611115][T19324]  <TASK>
[  659.614019][T19324]  dump_stack_lvl+0x3d/0x1f0
[  659.618598][T19324]  vpanic+0x6e8/0x7a0
[  659.622568][T19324]  ? __pfx_vpanic+0x10/0x10
[  659.627052][T19324]  ? usb_submit_urb+0x13a7/0x1770
[  659.632049][T19324]  panic+0xca/0xd0
[  659.635759][T19324]  ? __pfx_panic+0x10/0x10
[  659.640192][T19324]  check_panic_on_warn+0xab/0xb0
[  659.645104][T19324]  __warn+0xf6/0x3c0
[  659.648967][T19324]  ? usb_submit_urb+0x13a7/0x1770
[  659.653975][T19324]  report_bug+0x3c3/0x580
[  659.658274][T19324]  ? usb_submit_urb+0x13a7/0x1770
[  659.663278][T19324]  handle_bug+0x184/0x210
[  659.667602][T19324]  exc_invalid_op+0x17/0x50
[  659.672149][T19324]  asm_exc_invalid_op+0x1a/0x20
[  659.676990][T19324] RIP: 0010:usb_submit_urb+0x13a7/0x1770
[  659.682605][T19324] Code: e8 ae 4f 7a fa 48 8b 7c 24 40 e8 44 5f d4 fe 48 8b 54 24 30 45 89 e8 44 89 f9 48 89 c6 48 c7 c7 40 08 74 8c e8 aa f2 38 fa 90 <0f> 0b 90 90 e9 a0 ef ff ff e8 7b 4f 7a fa 0f b6 2d 6c 8b 52 09 31
[  659.702183][T19324] RSP: 0018:ffffc90004b07978 EFLAGS: 00010282
[  659.708231][T19324] RAX: 0000000000000000 RBX: ffff88807e05b200 RCX: ffffc9001c729000
[  659.716183][T19324] RDX: 0000000000080000 RSI: ffffffff817a3395 RDI: 0000000000000001
[  659.724138][T19324] RBP: ffff88805233b058 R08: 0000000000000001 R09: 0000000000000000
[  659.732077][T19324] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880332f3220
[  659.740027][T19324] R13: 00000000000000c0 R14: 0000000000000001 R15: 0000000080001780
[  659.747976][T19324]  ? __warn_printk+0x1a5/0x350
[  659.752720][T19324]  ? usb_submit_urb+0x13a6/0x1770
[  659.757722][T19324]  ? lockdep_init_map_type+0x50/0x280
[  659.763064][T19324]  ? __init_swait_queue_head+0xca/0x150
[  659.768586][T19324]  usb_start_wait_urb+0x104/0x4b0
[  659.773589][T19324]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  659.779117][T19324]  ? __asan_memset+0x23/0x50
[  659.783694][T19324]  usb_control_msg+0x326/0x4a0
[  659.788430][T19324]  ? __pfx_usb_control_msg+0x10/0x10
[  659.793688][T19324]  dib0700_ctrl_rd+0x1b2/0x350
[  659.798427][T19324]  dib0700_i2c_xfer+0xa9a/0xe40
[  659.803255][T19324]  __i2c_transfer+0x6b6/0x2190
[  659.807991][T19324]  ? task_blocks_on_rt_mutex.constprop.0.isra.0+0x1cb7/0x1cc0
[  659.815423][T19324]  ? __pfx___i2c_transfer+0x10/0x10
[  659.820591][T19324]  i2c_transfer+0x1da/0x380
[  659.825084][T19324]  i2cdev_ioctl_rdwr+0x373/0x710
[  659.829995][T19324]  i2cdev_ioctl+0x5ff/0x820
[  659.834469][T19324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  659.839474][T19324]  ? selinux_file_ioctl+0x180/0x270
[  659.844666][T19324]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  659.849675][T19324]  __x64_sys_ioctl+0x18b/0x210
[  659.854417][T19324]  do_syscall_64+0xcd/0x4c0
[  659.858907][T19324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.864768][T19324] RIP: 0033:0x7efe9998ebe9
[  659.869154][T19324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  659.888732][T19324] RSP: 002b:00007efe9a76e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  659.897119][T19324] RAX: ffffffffffffffda RBX: 00007efe99bc6090 RCX: 00007efe9998ebe9
[  659.905062][T19324] RDX: 00002000000006c0 RSI: 0000000000000707 RDI: 0000000000000004
[  659.913002][T19324] RBP: 00007efe99a11e19 R08: 0000000000000000 R09: 0000000000000000
[  659.920957][T19324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  659.928909][T19324] R13: 00007efe99bc6128 R14: 00007efe99bc6090 R15: 00007ffc3a8f1bf8
[  659.936869][T19324]  </TASK>
[  659.940110][T19324] Kernel Offset: disabled
[  659.944507][T19324] Rebooting in 86400 seconds..