last executing test programs:

2m33.4471089s ago: executing program 0 (id=285):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0xba0, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0xb1, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x101, 0x2, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x44, 0xf, 0x2, 0xfb}}}}}]}}]}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000001100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4}, 0x94)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000000)="8ee8c9b8ee088ed8660f3801b2d6352ed9ff660f3882040f01cf0fc72d2626652e0f01ca0fc7386635002000000f22e0", 0x30}], 0x1, 0x50, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
pipe(&(0x7f0000000080))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m30.079607733s ago: executing program 0 (id=300):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r3, 0x0, 0x2ca}, 0x18)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6)
io_setup(0x81, &(0x7f0000001440)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f00000008c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x800, r1, 0x0, 0x0, 0x0, 0x0, 0x2}])

2m29.028607638s ago: executing program 0 (id=305):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f00000001c0)={0x7f, 0x0, 0x2, 0x100, 0x18, "61011f6f000000000000000000000000978600"})
read(r1, 0x0, 0x0)

2m28.992494717s ago: executing program 0 (id=306):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000002140)={'wg2\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000006800010300000000000000facab58ef61a8c36aa65d8c1000a00000000000000060007000300000008000500", @ANYRES32=r1, @ANYBLOB="080008800400"], 0x30}}, 0x0)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
connect$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14)
r2 = fsopen(0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c050}, 0x20000000)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
timerfd_create(0x9, 0x0)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000400)="67d8901bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a2", 0x27}], 0x1}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r6}, 0x10)
sendmsg$nl_route_sched(r5, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000005d40)=[{{0x0, 0x0, 0x0, 0x34}, 0x9}], 0x1, 0xc0002063, 0x0)
tkill(0xffffffffffffffff, 0x19)
socket$packet(0x11, 0x3, 0x300)

2m28.360360321s ago: executing program 0 (id=308):
write$sndseq(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0, 0x0, 0x0, 0x0, @tick=0xb, {0xfe, 0x4}, {0x4, 0x6}, @time=@tick=0xcd}, {0x0, 0x0, 0x0, 0x4, @time={0x10001, 0x3ff}, {0x6, 0x4}, {0x0, 0xfe}, @result={0xd, 0x4}}], 0x38)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f00000004c0)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140), 0x10, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2) (fail_nth: 2)

2m27.816740118s ago: executing program 0 (id=312):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000200)=0x40)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000040))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x3, 0x8)
mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, 0x0)

2m12.77036508s ago: executing program 32 (id=312):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000200)=0x40)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000040))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, 0x0)
splice(0xffffffffffffffff, 0x0, r2, 0x0, 0x3, 0x8)
mount$cgroup(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x10012, 0x0)

1m54.789037311s ago: executing program 2 (id=422):
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r1, 0x0, 0x0)
r2 = openat$cgroup_pressure(r0, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r1}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x5, 0x20, 0xffffa}, 0x2f)
close(r2)

1m54.758367956s ago: executing program 2 (id=423):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{0x1}, 'syz1\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket(0x23, 0x5, 0x0)
listen(r4, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
accept4$inet6(r4, 0x0, 0x0, 0x0)

1m53.615561049s ago: executing program 2 (id=426):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
getsockname$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0x6e)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0))
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002100), 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000540)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000640)='syzkaller\x00', 0x7, 0xf9, &(0x7f0000000080)=""/249}, 0x24)
newfstatat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x400)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r5, &(0x7f0000003980)={0x2020, 0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r5, &(0x7f0000000240)={0x78, 0x0, r6, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0xd4, 0xfffffffffffffffa, 0x0, 0xa, 0x5, 0x0, 0x200, 0xa000, 0x0, r7}}}, 0x78)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001980)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000700)="57c2d00d733f84ba6a64ad79dbc2789442e42ac9dee2862f27694a5b52a98c45d73e58cfa01e2e06a2d1c65ca43ed3f3608acf2e060e984b60a0987b34af6f25c2de1fc8249bf9f9e3dee2fa726d64d18806e4985614d852720040e692996d4f65de634e6c4984b1a65293cff7cb7a04e4655409bc3d8b4bef8bf7373406ef8c9037af9413558128e24b24adf138472159108e4ddee5404f91198f20dc8f6e407f20bce4cdac1286355945d7af217f8e4e8f13ca28ef77113d5ee52c5f013058d2c607fae288b1193830431144c1af308e21199ef9ecbb57312b4103dc4db643742b9c712c3b8fd3ea2bde95004eb962b935fa92976bfd6d24ef75d15f7466c109890d88c76b8a2e8fd5c6dd02f2bf9aa6953094ce1f5015cb7bcaf57c6c4e3d70d78f5e1567280a1050094dccd6e087843e1a9b459aa876ee15617c5b63f863c9acc25a17d019d2b34d16b4b70922d40df998403e989e28b52ff29c0595a2ef758e3718e9793bc61435717b9341a7851ec74e43ff2f3e9f93d9c0a427386f176f59b7a2e217eb8bfc66b89518c106024b29e0336acec023d502056f608c9b7bd2a367eefea0aab357ae41e7af1c7d2ca9d3b44ef6bc29133ab85c487eb1f38836e967b9f32a608516df612843324e6542a26c3e68e6709b662e90298a946dc34608bc501d5d343fa5662549fdd14fbe5331855a288bef66e7800f312d5c3d6bd0c740a04a5437bef928b6d53f39f0a1bfde7bed4c033b281e0a8a8c439dd02b696b7436bfc72b7cf7c44836b632ed3efa7d1783fa8b3a2bbe6fd65ed87cf86a10bd3376178fd111d88b26b876d497e52f104a1112edcd2396cc9f6d74dc827997de070c80c253088c63a8cd5e7d29e5d4a05816fa6fa9632f5f90c3241f877fc37797ef622d35e0715a3664e2fa2ccfa23f88beb17a634c2b94e1ed4488e7c8e16bf205ce63c7a301b7fc78ddc55d2482b73cbd03d6f21cb39794d4801c6be30b0c2220987b6ed065ce875313f8b5d8ee8af323f77e7550110e16962f32bedf9df1377f94ea0e52e68bdb8261d1b5c7d3d4559a355eadc658348701d96c12cede0f1553063a1124bf2c58bf52acea8cfae392688fc165751ddf5516d77092c267c7d85e76fe1d7358621bcf4ef3ce5e4d82096e237a1f5ca839c824846c75616a96ee44bf8a5f25569c04d7ad92dfb19f0a50cbe114fcf5014d5c862ddc95a06e3d99127c9c1c5df95da9a1603377280ec872d52bd1d81f845758253aadbb9abd63fe6e7d2279b9b338ac5d9a05a60cbedd12dd890aa424f6d3d692c7db5ef57c649a9f8eca4d1699414999f7665df4c279ab309e6d8b7dd3f354010d7fb4d3b2b9cf25373f9d07512413271628a18aaa5a502150d61a01aa2572af8b83102532a52dd63be30971b7caa32f5735350a087d25a14e550de454ebfa3c0ffd4d886a3bc3543be0120474991c361e5699bba1925e0c0f304e4cdc1b75d77046352075629d8592ef477c547f07994826d6d565d3064145e79983a1e98ba663bcb7146609d327cb58b9c4c3cd83c5f6d32ac993f0f117cfaef047a565cd3233eafdaf79dfaa9a1f18d3f61eb8239bbf1d7e557eea2ae615b7c53a6883eaed3e305fe09483ff319d564dd0e4cc8e0e5727ecb517d4e7f9fab74d38288a9785d9926fb7c9f2532a6c5b1b7caf1d8c4c675ec08d06c776ac8d5ceee4e238afbd7679e0f4d2c9862cf3f17518e07bc1b27f376588730bd0c995e0a2cc66e2e837469ea765014249b24f85b78c5be08a55aab852b264ba63de519f2f340698b7e8b73efd1675fb83f40516f90e9c5164d7016c21cf3fa6f9c62a2dfcc69c096e9c538939a4c8c4b3f6877d00b41a646f89d0261f23ab698695040840588a6a1637cb060573c79c539a2b5339800e7d6bed7719838be9bca40985781f11f94acf5c3208a209d8a943f852e1d3af73fe2420df1d77f7930c483a5c858ef1d573cefa0c51e0e51c5748a1e5322a1d9d845338e10d8ead639df122acbcb3f509acf0127bcd89564c0618a68359dca4d42c614517b9440ec219bd353e69501dc90ba3b929fcff2fcaa0d9f248a9b9e7418bda0ff1eea2efbd459fb1fdcb11fa6f39a1fb603ad122ec72794deb0e9a5605133f823dedaa6642141fd3bcf4aaae603273513008aecf17fe5af2a89eb5c8764f32ae4e1433c090212c21619093cc01f0527157b63fd4890ecc3005c7344eebaf3084c5f414e4fe18e503cda27eaada8c13fb0ce04b51c9d83fc1780e7af7222e9a6d6c01100ef1ec3ea1f038388e6c09b97aeac4a1eec6ac10dfe9977d94ab1580edb3cbc3439b36b65228a12db0cbe9d59567143eed5a3192db2aa301e271dd0c1621e22746b922988d887eb6cc06282ab6f49821f5b737c4bd7b658176c38c71e6e6a6961c473d1ee75574a08209a25f952f1469bdee6db4dd4e125f6ed5eda763d7a7517d1af586efaa0de4226a2b79183f51cf3672bc773c074b9bf5c6fd47f8224cf0e9f7d36b74053947c3e09d981915ada47358963e8c2ed8705acbec7fdab0f195b4968daae74e96829801250ca8272f090689164d1f13d6a87448c3a3d2a9bd3fb3df59d86111a8949b30d3e777226d59162648ca3589852fda8b64e1beb35f92b00b2db79060a7438090da1651ac6a17850974e043b7e946d4e0d0e1bbe70b94e195bf733a0de65d199d1ab2d377ed708b084f2c3ed0295547153a72a6bb8638ea56e0c796e36afc8c4d8714d81d2656eee20cbdc3e1c2ffc5497215a1d078230bb15b414a359a777ac093e9a4ee88af6ec58a3571c9292414812ec23eb3a70cfcca36a71062dc0335e2a3e7b4b5b88d6dd563966b22d42b81a6be645a25cefe33d464df23f9ba41a4a1b710c2c6aca23cf00f7aefcde2dd1bf042e2b0d359bc678d15cb7df57ff53a656fa6a8d6af216054707ff391087ec324db35fe97ca1fc64b28c74bea24d118ade9be030d7bdf2c2559a7c470abfe99ae70552464cdd39c2b461c86293333900dfeb612c6612faaaf661f602f1670bacfc3886566df2aa8a7359542d44bb648c43242397127e01def61f07802423448c9ce9e77c88cd26fa4ed52fae04fd330d329367f8607d701c396a23fa55d621fbae7f581d92e3447da21aeadfc1a506bce03ed00667166eab7c23b2be1b22e239041819d70b2cb4ba57cdd5d12f6d9effd57c32a52f294672e5c12d1b464be7512eeba0897dcfe46906df01eead9a132aad07459f247c4b66b98215b897a310531139ef6685cc8e9790ef7d0636d65e7be4fd812c53c17aad442f2198f55eeca270dd27e50282d3b55db602901762ae8ef9df4754f66009283c365cf9686199716f4e2e14ffd65d7ff90cdadfdb76edf36478a6ad109402b326ad24b5f9a8dff7d8cd866035b15c5375a4d6ef7b1ae72e0dc6cb09470e5b4bff455a8197dbffe0b6705ebf6b1dac077c7c2012096dd651bb045c1e522a2f9b86e23dc7f10295f94b5e7e9de19b8e32e7b2703e7e9def2f9d139a1ebf1b43ebbbb64659743ee303bb0bed50cfb52fcaa2bfd48113fcccc3d4215f98ae03ed49ad2baad87683dee2a70fd7fb08bddeb47f5f3f53cb0f00cfc27c7d72fedcae1524d31d2e0e99eeba4bf7245d116537611ace257f501f5f1991bb78d7e18cb8e74ae7fc0fa8781e615808d8bb9d238e1e17b5255f6938ad06d0fc18736dd96029eec4683fe2cf7d0a753f71a444e99d4f663e65f8ad82aba4e26b7a88df13a55e77a809b8fdbd25e2219f75dc48e70ce41fee7c7ca54d4f36e2335af1525bc6a36b74ddf767575d24d15da037ab43731dd863f3fcdea956ce8ca6b1266d6dd00191e8b33ad1f308cd571d5a98fb8bfcd3fd4f54c10b2a0365d4ac7ad4a0dc367494edb561957a3adb58236a081169a5b7451fd39b14d8cb3637de930fdec18425d9ba3ff8a4588969adcbadd855d50e2c1edcc9afc5b98111760ef8487888ca081e93599539ed0abf3f1a8a1056434a50200fa2dec31546dee92c0d9b638010b384dd8c40a242485321ab8273f4a63700a520c92b7d3777f3ed9abdf7d4d39673ef34d07b9b5089dbf27185863342426708f0a305ca05ea2a11cacea620804056d18be70dabbdd5ccded1c200556dbb364de4be308f5c291adfa2bbc99db3844103317771db81efb0140a185d74360114596e04f55a05e6570428b2a6a7b46bbf44256d6c5e681ac61caabba10cbaddd90e7cc89ea1bfe67d360dca7b3cfe3f137111f54e79eb11dc336b0cb0960d3fac197bcd208c8ca838a2132cb1067ca594fc9fa17b6704b971b6969e0e1d8ac900a209dc49668aba346e09d9f0028560851e5c94bab26ba2cc7ff4acd9d3f6cbb1ba9ec1c823290c97c2c939493b9a2f06167669170db62901ead67ccd40934ac363595e904d7f161c8471443087e1efd42c4ff93faf5c2a2ef3c595b6a5a39805c31e989b7a9c104c586ff47462e157774a162eb1afa8b036213617e01b57e15b1506fb471d0ad7678857a9b39d0e45062e39f456b8adcd8113a86e48fd2bd1ac063880e0aa8888c0bc2c8d8636e45fffe8c19df7c4d7105b8675dcf7803503d1edba2e0aef0a0d0d2197339ac4b21945711825c64bd7a2180cbbea135239e25ef1fd9e9a9bb911f41f8e5c6f0c5cb09b10f7632487d9a18986525ad7f4898a7e08f09c7014cdd3362867cd0b7bed8c6af96534ae3c6f481151c8a2c58bff695dd4632d9fd4c5d17778eac94db60a7b509f7ff067425e0464bb2cd14ab2d1417425fa018dffc8ec60e07dd64b8ed4c9247d935202f8c6d8c3d832599a05960e0ea0f5ffcee9206da02dec0e0e3f7fbbb6a91ca3d278755b4f66e2804ab7bd318776fcf4e1d6f68799622ec18b703c0b76389157ad99555e09131acbae59c40efa26f755619e30a1ab1bd1a0432c839fc0e0d6a42c3134547b4231b2b0d8895b58e08bd767fdbef12216552bfd77c08be55dc4c7d9c8c4d6ebeef39788f88fe8573a3f58b51264e281bab88577d6e68ae580796f6a2c8b79260e37ebd0951d710a0925eccd3a6e20b5a238f8f28c5038dea3665cfae83f83ffe0e408d9c659c69ad7b203e66e22dc8e1f2c43dfc3cb02da7fc9b1977af6a204e285ab5f5ae5b684dc6c907ce3ea86a687e7ddd7c768764e03c7656882a94a92f77e8bf3c647d57b3e49ecb88da30b46cdb2325c2f662b2c5b45a0b23a9becdd94cac5d204fb3176457ae4d6fb851d1e18903bbbe4e6b347fde01402a7fff8626fdeec121ecaff6ecf8731951caf61e28a574b538039a83b4a203704bdb85fa560b18855f6b48962ef79622ec84180bceb46a615a23ff0957f0f4d7710ade512682e454755692ba0ec590bd4d4902c5f3388a734874d8616913e860162dff6063a190172a3a882812e115a19e2a55c25528bbe12b4f50d59cba72db1945ac9b73b8f30793790221698d1714bf4f53ca587147edd8bdfaf47a30d784fbe103ad939f93f9619b61a04d81e645d509cfac1833ef4a7bc0b80d78c3f91285695641cf8d2bfc26151e67f3e90477a3665ef730ac479f7e142a2ced072f82917d5b45d0f6087be5b88c3ff9f78d585780c1365c86e187bec705bd0e645d22724fff9d83ae9eaee9d265ae941ff6e03db8460d8e0362a6ae6e7ef7d02219a2a5be5634a14d3f150f98e48593149ef10252b587d816ecfc7d5a26b328f835bea941390e79f7b816dc2e3b7779273f1146d9847473139a9b57360ef544243f6953a32a93f6a0f26f0f89637bd1df6a02432048b11d7da6c2df643796", 0x1000}, {&(0x7f0000001740)="d9b497d81693302d601ae47209e57154c969c105dfde384d96dbec77cb849c000000000000000000000000008473f788e24d7ff411819f531963eeee8fe7c4604dd678be29ddf714cf91f8ac862fb5dd621d78f1d2dd5b101040a077d9570dfb09f1374e3e7b52b1876b8305e11e310064e7dd0e8d2e0cb5da727f715484967366f36bb8ad98cae02507e53dcd3f61d64e968b0c86d4d5ab4bc574a6fc01038cc6f3cd2db66bc9e3bcf62eb6e9fb72be5f539ee5cef3bb9da68cc0e0e940fe7c8f076d4948b28f", 0xc7}, {&(0x7f0000001a00)="e9d675d7426d976fbb28ab49091f591cf71068c94abaa8e377880d8c9c2f8f96f0f89c53d1589fd690cdb86774b1655e1c54c229a2099d59b8b2fa9ba55c057139e3042d7dd8a70d459665bf463d38943304b796e6333b94110507c2a00f5eb63bd736192f5283d86c2c611bba671b018c1a25703746eb02767f0bd262768576c29f0b2cc532dc6feda27dd672c20fc57301abb5104aae2f2f800b818f1bf4354658c9b0fd3d39e52ba5e1e89f4e0b72be4c9e0e7667d747f484ef5d4da6a91ed76f32c81a689de0a0e9437df4015f309ea554f31ee9a187ab0303d8373fbbf052ed1d80bc651b", 0xe7}, {&(0x7f0000000380)="a939ed1fc29ac1208fd485740c4c30728b0ad746a476fb121b987cb377654862ba557a686a914660aa7261d4bc87072dfbeeb73d91344ac152396b562a73aa0d181dd44fb6ddc91a9ebc", 0x4a}, {&(0x7f0000000400)="2e28fa658e", 0x5}], 0x5, &(0x7f0000001700)=[@rights={{0x18, 0x1, 0x1, [r1, r4]}}], 0x18, 0x24008800}}, {{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000001c00)="f25c9bbe8516b2624ff1584b781c48eca7ec1312b1aa126403e7695866b0cec44a0b96b56d78024e66fece4c5e11a0ff0ef80870924177686cdaddcb8e94a0183633b421dae60ed76eb9424d01b797ee26a7167deaf195b75d89f547feb2f15993c2c54b022f43d72a30ef8119e669ca9222cc1641b43558b23a0bf17e1fd81c43b8174058ba98b043a1c74677425cf77d15b60c32d351ee80ef68f9b8f4759896ca362b9c49cbf6f7d94c5aa622d754eeaed408832a06fefe1d075ae34f8a7e639f788065c3572fa02cbcc652089351f3b5a832816055db235dc38a485196db69387667afdc27e044850fe4787c810ace92ea817123300c", 0xf8}, {&(0x7f0000001840)="f9c6fa2736c8513cb415bcaec9098beb8214f29e5cc7ea67ab1386828828d9bf973afb256c3462ac14e2dd4ecb07c7440468b36b3204ade124ea4c051d49c0a0690d85bf602090b822d4e8e36da667c4a73e8b8088c6f6d4dbf65eead3", 0x5d}], 0x2, &(0x7f0000001900), 0x0, 0x4}}], 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x3bee, &(0x7f0000001900)={0x0, 0x1ce9c, 0x400, 0x43, 0x40004330}, &(0x7f00000006c0)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x1, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2})

1m52.65709612s ago: executing program 2 (id=430):
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x11, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010100, @local}, {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
r1 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
setpgid(0x0, r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x124, r3, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8}, {0x11}}, @pci={{0x8}, {0x11}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x124}, 0x1, 0x0, 0x0, 0x20000000}, 0x20044091)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0x40047211, &(0x7f0000000140)=0x4)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x1)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x4c, &(0x7f0000000680)=[{&(0x7f00000000c0)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1m51.308883569s ago: executing program 2 (id=436):
io_setup(0x58, &(0x7f00000001c0)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
write(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x29}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x14, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r2, 0xf21, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001b000)=""/102400, 0x19000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r4, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0xb, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x5}, 0xe)
setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f00000001c0)=0xf66, 0x4)
shutdown(r4, 0x1)
recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'})

1m49.672341278s ago: executing program 2 (id=442):
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x20800000000f51)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_provisioning(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1, @local}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
setuid(0xee00)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0)
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000007000/0x4000)=nil)
io_uring_setup(0x4a47, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/172)
readv(0xffffffffffffffff, 0x0, 0x0)

1m49.170782836s ago: executing program 33 (id=442):
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x20800000000f51)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_provisioning(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1, @local}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
setuid(0xee00)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x0)
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000007000/0x4000)=nil)
io_uring_setup(0x4a47, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/172)
readv(0xffffffffffffffff, 0x0, 0x0)

36.259640253s ago: executing program 1 (id=694):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000500)={@remote, @local, @val={@void, {0x8100, 0x0, 0x1, 0x1}}, {@llc={0x4, {@llc={0xbc, 0x0, "d3", "789c2222584e025ac76cc58949d62fdb20693d84327f438ad03e4853d2aad5879c3d465076e6692dc3462f0c6fb55b543566db8db2d09d3fd4a176436b04edadcc2251d87dc01143f4b980c088d2cf26591b8f51aa3c11336cd0b5bcf18843d2932bc1fe1002e09867cd43c03c9774b488"}}}}}, &(0x7f0000000080)={0x0, 0x1, [0x2e9, 0x567, 0x865, 0x254]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r3, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 1', 0x1b)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
r5 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976edec860ab49c3a4f51ab0124b50c3362201a307df03000", 0x83, r5)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
preadv(r6, &(0x7f00000002c0)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1, 0x35, 0x88)
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r6, 0xc01064c5, &(0x7f0000000440)={&(0x7f0000000400)=[0x0], 0x1})
keyctl$search(0xa, r5, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1, 0x2e}, 0xffffffffffffffff)
bind$rds(r4, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
close_range(r1, 0xffffffffffffffff, 0x0)
read$FUSE(r0, &(0x7f0000002280)={0x2020}, 0x2020)

35.812434497s ago: executing program 1 (id=695):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000006c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4)
sched_setattr(0x0, &(0x7f0000000700)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x7}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000311ffc)=0x3, 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x127)
write$binfmt_script(r5, &(0x7f0000000740)={'#! ', './file0', [], 0xa, "483e5a8581cbb7c4e56f34b0f54810016fd2776200bbc753edc88d7e5ef5afbe92c9f274f9971e9a004d4f5dfbe613aa9acad19f9f82516cc25c7868932141a506204936087bdef1d169f985"}, 0x57)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r4], 0x48)
r7 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @mcast2, 0x9}, 0x1c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, 0x0}, 0x20)
sendmsg(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0xff80}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-224-arm\x00'}, 0x58)

33.806146689s ago: executing program 1 (id=701):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0xa, 0x3, 0x3a)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000300)={0x6, {{0x2, 0x0, @multicast2}}}, 0xe7)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x7, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000580)=ANY=[@ANYBLOB="060000000000000002004e25e0000032b6863ff0f7461cf50200"/144], 0x90)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
recvmmsg(r0, &(0x7f0000003440)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000280)=""/232, 0xe8}, {&(0x7f0000000040)=""/62, 0x3e}, {&(0x7f00000001c0)}, {&(0x7f0000000380)=""/83, 0x53}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/208, 0xd0}, {&(0x7f0000003580)=""/205, 0xcd}], 0x7, &(0x7f0000001680)=""/89, 0x59}, 0x8000}, {{&(0x7f0000001700)=@l2tp={0x2, 0x0, @initdev}, 0x80, &(0x7f0000002c80)=[{&(0x7f0000001780)=""/96, 0x60}, {&(0x7f0000001800)=""/247, 0xf7}, {&(0x7f0000001900)=""/95, 0x5f}, {&(0x7f0000003740)=""/260, 0x104}, {&(0x7f0000001a80)=""/4096, 0x1000}, {&(0x7f0000002a80)=""/114, 0x72}, {&(0x7f0000002b00)=""/177, 0xb1}, {&(0x7f0000003680)=""/146, 0x92}], 0x8, &(0x7f0000001580)=""/39, 0x27}, 0xe198}, {{&(0x7f0000002d40)=@pppol2tpv3, 0x80, &(0x7f0000003100)=[{&(0x7f0000002dc0)=""/170, 0xaa}, {&(0x7f0000002e80)=""/182, 0xb6}, {&(0x7f0000002f40)=""/94, 0x5e}, {&(0x7f0000002fc0)=""/106, 0x6a}, {&(0x7f0000003040)=""/188, 0xbc}], 0x5}}, {{&(0x7f0000003180)=@generic, 0x80, &(0x7f0000003300)=[{&(0x7f0000003200)=""/89, 0x59}, {&(0x7f0000001500)=""/94, 0x5e}], 0x2, &(0x7f0000003340)=""/237, 0xed}}], 0x4, 0x40002000, &(0x7f0000003540)={0x0, 0x3938700})
r4 = creat(&(0x7f0000000280)='./file1\x00', 0x5b3393367dc26357)
close(r4)
socket$inet_smc(0x2b, 0x1, 0x0)
bind$llc(r4, &(0x7f0000000000)={0x1a, 0x6, 0x0, 0x7, 0x81, 0x42, @multicast}, 0x10)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef)
recvmsg$qrtr(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x38, 0x40)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000000)={0x0, 0xffffff50, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x88}, 0x1, 0x0, 0x0, 0x41}, 0x0)

32.680879001s ago: executing program 1 (id=704):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
io_setup(0x58, &(0x7f00000001c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
write(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x29}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r2, 0xf21, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001b000)=""/102400, 0x19000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f00000000c0)={0xb, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x5}, 0xe)
setsockopt$sock_int(r4, 0x1, 0x28, &(0x7f00000001c0)=0xf66, 0x4)
shutdown(r4, 0x1)
recvmmsg(r4, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'})

32.670903568s ago: executing program 1 (id=707):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)='\\', 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0) (fail_nth: 2)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

31.844567905s ago: executing program 1 (id=710):
sysinfo(&(0x7f0000000340)=""/193)
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
keyctl$chown(0x4, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000140)={0x20000000008, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a2d0000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0xfea2, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES8=r1], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x40)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r3, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x1, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x2b}, 0x60)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000500)={{0x1, 0x5, 0x5, 0x7ff, 'syz0\x00', 0x3}, 0x3, 0x2, 0x5, 0x0, 0x1, 0x8d, 'syz1\x00', &(0x7f00000004c0)=['/dev/cpu/#/msr\x00'], 0xf})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8801}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00'}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
mkdir(0x0, 0x32)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x9, 0x2)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r6=>0x0)
getpgid(r6)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)

29.559300541s ago: executing program 5 (id=719):
io_setup(0x58, &(0x7f00000001c0)=<r0=>0x0)
io_submit(r0, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x29}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r1, 0xf21, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001b000)=""/102400, 0x19000)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r3, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f00000000c0)={0xb, 0x4, 0xfe, 0x2, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x5}, 0xe)
setsockopt$sock_int(r3, 0x1, 0x28, &(0x7f00000001c0)=0xf66, 0x4)
shutdown(r3, 0x1)
recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'})

29.162443232s ago: executing program 5 (id=721):
modify_ldt$write(0x1, &(0x7f0000000000)={0x9, 0x20000800}, 0x10)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x8, 0x20000000, 0x400, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, 0x10)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x84440, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(0xffffffffffffffff, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48)
socket$inet(0x2b, 0x801, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_pressure(r4, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r5, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r6 = openat$cgroup_pressure(r4, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r5}], 0x1, 0x0, 0x0, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000340)={'some', 0x20, 0x5, 0x20, 0xffffa}, 0x2f)
close(r5)
close(r6)
socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000001000)=@generic={&(0x7f0000000fc0)='./file1\x00', r2}, 0x18)
pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5f8, 0x0, 0x0, 0x0, 0x7fffffff, 0x3}, 0x0, 0x0)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10)
r8 = syz_open_dev$loop(&(0x7f0000000080), 0xfffffffffffffffc, 0xeddbee30e66530de)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r8, {0x1, 0x400}}, './file0\x00'})
modify_ldt$write2(0x11, &(0x7f0000000f80)={0x401, 0x20001000, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000100)='io\x00')
modify_ldt$write2(0x11, &(0x7f0000000140)={0x9, 0x20001000, 0x400, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x10)

27.514982019s ago: executing program 5 (id=726):
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r0=>0x0})
connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, r0}, 0x10)
clock_gettime(0x0, &(0x7f0000000280)={<r1=>0x0, <r2=>0x0})
r3 = accept$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000000))
bind$netrom(r3, &(0x7f0000000180)={{0x3, @null, 0x1}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1, 0x121, 0x3, {r1, r2/1000+10000}, {}, {0x3, 0x1, 0x1, 0x1}, 0x1, @can={{0x4, 0x0, 0x0, 0x1}, 0x7, 0x2, 0x0, 0x0, "d467aef0f23fe738"}}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000)

26.985401648s ago: executing program 5 (id=727):
socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x0, 0x4, 0x4, 0x5, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]})

26.103267868s ago: executing program 5 (id=730):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x1, 0xbf27}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f000034e000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x9)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0xffffffffffffffff, 0x3, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x44014)
recvmmsg(r4, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1}}], 0x1, 0x2, 0x0)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r0, 0x0)

24.376534528s ago: executing program 5 (id=734):
sysinfo(&(0x7f0000000340)=""/193)
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
keyctl$chown(0x4, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000140)={0x20000000008, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a2d0000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0xfea2, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES8=r1], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x40)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r3, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x1, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x2b}, 0x60)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000500)={{0x1, 0x5, 0x5, 0x7ff, 'syz0\x00', 0x3}, 0x3, 0x2, 0x5, 0x0, 0x1, 0x8d, 'syz1\x00', &(0x7f00000004c0)=['/dev/cpu/#/msr\x00'], 0xf})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8801}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00'}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
mkdir(0x0, 0x32)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x9, 0x2)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r6=>0x0)
getpgid(r6)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)

16.125122989s ago: executing program 34 (id=710):
sysinfo(&(0x7f0000000340)=""/193)
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
keyctl$chown(0x4, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000140)={0x20000000008, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a2d0000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0xfea2, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES8=r1], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x40)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r3, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x1, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x2b}, 0x60)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000500)={{0x1, 0x5, 0x5, 0x7ff, 'syz0\x00', 0x3}, 0x3, 0x2, 0x5, 0x0, 0x1, 0x8d, 'syz1\x00', &(0x7f00000004c0)=['/dev/cpu/#/msr\x00'], 0xf})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8801}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00'}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
mkdir(0x0, 0x32)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x9, 0x2)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r6=>0x0)
getpgid(r6)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)

14.731094125s ago: executing program 3 (id=762):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
fsopen(&(0x7f0000000080)='sysfs\x00', 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = fsopen(&(0x7f00000004c0)='gfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x10200, 0x0, 0x0, 0x0, 0x0})
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815"], 0x65)

13.765001508s ago: executing program 3 (id=766):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_io_uring_setup(0x7c1c, &(0x7f0000000280)={0x0, 0xcef, 0x20, 0x3, 0xcd, 0x0, r0}, &(0x7f0000000300), &(0x7f0000000380))

13.670699234s ago: executing program 3 (id=768):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfff7fffffffffff5}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$netlink(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r4, 0x0)
accept4$inet(r4, 0x0, 0x0, 0x80000)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={0x0, 0x44}, 0x5}, 0x0)

12.591685626s ago: executing program 3 (id=770):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004000000f8ffffff00000000", @ANYRES32, @ANYRES64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000005f47d04754feb1649ff2c742121326ef59f34b3a49f0f1dfb6bffe799f619a5952af59a62d3c7505640c4322d0aa1006055352a44b3d93c2e4da483db40b4d19d8babb73c345fc11d3d11ad5b0bf3abc12aedb7528a0de798c60b41d5211ddf0b21c9e96faa9fe2ed7abf7d7896d0551eb0a1e4dc35fde6ef123c7aa9652e383a092b8e50e9542a17aaf8daca6c5237e0d5d8570143c17d5"], 0x50)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x0)
r0 = syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x3, 0xb5}, &(0x7f0000ffe000), &(0x7f0000ffe000))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x2, &(0x7f0000000180), 0xfe)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
socket(0x40000000015, 0x5, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x8946, &(0x7f0000000100))

12.402098014s ago: executing program 3 (id=771):
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200000, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
timer_create(0x5, &(0x7f0000000300)={0x0, 0x25, 0x4, @thr={&(0x7f0000000440)="041e849e176b20975e70c2ef0fb618f8e8a8d841f135f5cb12d9d6359ba12e49c106e72b597fdbde500cc05e8c1cab95a36607e505c66c8af0914c52d7d3e4d0de82c21cec656e2547c588b2c0af58da8e5ab3ef1da140402105d958c6b9f490b8ed313c4f7ff4e8cc8be7eb4bea962981d861c754cf349fbd40a8fa475eb952badec855c196f3f2b079d1077cbcb49ea332ac244a64ee3b6bd535eeb2dcd2491344f1a36b69a0515274ad0ad8bd3e534ac1e745f357b11c4d4fc55b0fd438b885c6516bf3bc1585e81e26508724103658f873ae26131a5ab69565044032015608323496e97f36bfac1d80eda68e6e46ed8ee6aaf319ba14ba9cfe23d1cdb77be712efb7e93bfef5a7f23b321279c91fd0f52ba24e0826ce1e2578f83daebd46eb6949", &(0x7f00000002c0)="354e46b29e8cb7609bca4122dfffb055fd0dea437c6e7767c40f525a50010000000847c3555f17b29c2c4fb9346e"}}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4db, @empty, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000000)="e733", 0x2}], 0x1}}], 0x1, 0x44040)

11.851760829s ago: executing program 3 (id=773):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
sync()

9.238060549s ago: executing program 35 (id=734):
sysinfo(&(0x7f0000000340)=""/193)
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
keyctl$chown(0x4, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xb, &(0x7f0000000140)={0x20000000008, 0xfffffffffffffffe}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a2d0000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0xfea2, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES8=r1], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x40)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r3, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x1, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x2b}, 0x60)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000500)={{0x1, 0x5, 0x5, 0x7ff, 'syz0\x00', 0x3}, 0x3, 0x2, 0x5, 0x0, 0x1, 0x8d, 'syz1\x00', &(0x7f00000004c0)=['/dev/cpu/#/msr\x00'], 0xf})
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r3, 0x118, 0x1, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x4)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, 0x0, 0x0)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8801}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00'}, 0x10)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
mkdir(0x0, 0x32)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x9, 0x2)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000100)=<r6=>0x0)
getpgid(r6)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)

8.25258433s ago: executing program 4 (id=780):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400})
sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="0208000002"], 0x10}}, 0x0)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket(0x10, 0x803, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000008c0)=@newlink={0x104, 0x10, 0x401, 0x0, 0x25dfdbfe, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0xfe}, @IFLA_GRE_LINK={0x8}]}}}, @IFLA_AF_SPEC={0xb8, 0x1a, 0x0, 0x1, [@AF_BRIDGE={0x4}, @AF_MPLS={0x4}, @AF_INET6={0x74, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x7}, @IFLA_INET6_TOKEN={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x33}}}, @IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x2}, @IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0xa4}, @IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x9}, @IFLA_INET6_TOKEN={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1f}}}, @IFLA_INET6_TOKEN={0x14, 0x7, @private2}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}]}, @AF_INET6={0xc, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x8}]}, @AF_BRIDGE={0x4}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x0, 0x5}, {0x8, 0x12, 0x0, 0x0, 0x2}, {0x8, 0x1b, 0x0, 0x0, 0x400}, {0x8, 0x0, 0x0, 0x0, 0x6}]}}]}]}, 0x104}}, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x4, 0x103, 0x1ff, 0xb4b, 0xc, 0x8, 0x6, 0x3ff}, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0xffffffffffffffff, 0x4000000}, 0x50)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r8=>0x0})
connect$can_bcm(r7, &(0x7f00000000c0)={0x1d, r8}, 0x10)
sendmsg$can_bcm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f00000000c0)=0x3)
r9 = landlock_create_ruleset(&(0x7f0000000280)={0x2050, 0x0, 0x1}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r9, 0x1, &(0x7f0000000340)={0x2000}, 0x0)
socket$alg(0x26, 0x5, 0x0)

5.529324588s ago: executing program 6 (id=784):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x10010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x7b8a, &(0x7f0000000340)={0x0, 0x817e, 0x200, 0x2, 0x39}, &(0x7f00000000c0), &(0x7f0000001480)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000014c0)=@IORING_OP_WRITE_FIXED={0x5, 0x6, 0x0, @fd=r0, 0x3, 0x7f, 0xb443, 0x1, 0x1})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x4, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000708000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_access\x00', 0x0, 0x9, 0x1)
ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x7)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r5, 0x0, &(0x7f00000003c0))
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, {&(0x7f0000000480)=""/4096, 0x1000, &(0x7f00000001c0)=""/217, 0x2, 0x2}}, 0x48)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001500)=ANY=[@ANYRES64=0x0, @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRESDEC=r2, @ANYBLOB="08001b"], 0x30}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000004700)={'team0\x00', <r10=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r9, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r10}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
r11 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x78)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r10, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)

4.904365081s ago: executing program 4 (id=786):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x1a, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x37d2, 0x0, 0x0, 0x0, 0x3ff}, [@ringbuf_query, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x9}, @ldst={0x3, 0x1, 0x1, 0x1, 0x1, 0x80, 0x4}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @alu={0x4, 0x1, 0x0, 0x7, 0xb, 0xfffffffffffffffc, 0xffffffffffffffff}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8}, @jmp={0x5, 0x0, 0xb, 0x8, 0x9, 0x6, 0xfffffffffffffff0}]}, &(0x7f0000000480)='GPL\x00', 0x187b, 0x9d, &(0x7f0000000700)=""/157, 0x41100, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000007c0)={0x2, 0xb, 0x4, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x5}, 0x94)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0xffffffff, 0x28}, 0x50)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r4}, 0x18)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r7, {0x0, 0xffe0}, {}, {0xa}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$INCFS_IOC_PERMIT_FILL(r1, 0x40046721, &(0x7f0000000300)={r4})
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}, 0x1, 0x0, 0x0, 0x2408c004}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a4fdd99a98e6dfb2d0000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0x60}}, 0x0)
close(0x3)

4.593961568s ago: executing program 6 (id=787):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
fsopen(&(0x7f0000000080)='sysfs\x00', 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = fsopen(&(0x7f00000004c0)='gfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x10200, 0x0, 0x0, 0x0, 0x0})
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_load(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815"], 0x65)

3.643424836s ago: executing program 6 (id=789):
socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000))

3.507729424s ago: executing program 6 (id=790):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000006c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4)
sched_setattr(0x0, &(0x7f0000000700)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x7}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000311ffc)=0x3, 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x127)
write$binfmt_script(r5, &(0x7f0000000740)={'#! ', './file0', [], 0xa, "483e5a8581cbb7c4e56f34b0f54810016fd2776200bbc753edc88d7e5ef5afbe92c9f274f9971e9a004d4f5dfbe613aa9acad19f9f82516cc25c7868932141a506204936087bdef1d169f985"}, 0x57)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r4], 0x48)
r7 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @mcast2, 0x9}, 0x1c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, 0x0}, 0x20)
sendmsg(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0xff80}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x12160)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-224-arm\x00'}, 0x58)

3.409246833s ago: executing program 7 (id=791):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffe)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x10000}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
capset(&(0x7f0000000040)={0x20080522, r0}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000))
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/time\x00')

3.341598188s ago: executing program 4 (id=792):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mount$cgroup(0x0, 0x0, 0x0, 0x2008000, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x1000, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x3)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0xc80)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x0, 0xfdfdffff, 0xffff7fff})
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000)
r8 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x727c, 0x1000, 0x2, 0x362}, &(0x7f0000000240)=<r9=>0x0, &(0x7f0000000300)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x91a2, 0x0, 0x0, 0x1})
io_uring_enter(r8, 0x3512, 0x9281, 0x42, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x356, 0x78, 0x300, 0x0, 0x7, 0x4, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1f7, 0x3d, 0x1, 0x3, 0x4c, 0x202, 0x1, 0xc})

2.647344989s ago: executing program 8 (id=777):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000006c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4)
sched_setattr(0x0, &(0x7f0000000700)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x7}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000311ffc)=0x3, 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x123481, 0x127)
write$binfmt_script(r5, &(0x7f0000000740)={'#! ', './file0', [], 0xa, "483e5a8581cbb7c4e56f34b0f54810016fd2776200bbc753edc88d7e5ef5afbe92c9f274f9971e9a004d4f5dfbe613aa9acad19f9f82516cc25c7868932141a506204936087bdef1d169f985"}, 0x57)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x8, 0x3, 0x4a8, 0x0, 0xffffffff, 0xffffffff, 0x150, 0xffffffff, 0x3d8, 0xffffffff, 0xffffffff, 0x3d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x128, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x508)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES64=r4], 0x48)
r7 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0xfffd, 0x0, @mcast2, 0x9}, 0x1c)
sendmsg(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0xff80}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
setsockopt$inet_int(r2, 0x0, 0xb, &(0x7f00000000c0)=0x1002, 0x4)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10)
recvmsg(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x12160)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-224-arm\x00'}, 0x58)

2.313363554s ago: executing program 7 (id=793):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getdents64(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x3c)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r2, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002f00)}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x4, 0xf000000)
setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xb, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xfffdffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$vsock_stream(0x28, 0x1, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r4, &(0x7f0000000180)='1\x00', 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r5 = dup(0xffffffffffffffff)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0x1000, 0x0)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0xef4, &(0x7f0000000300)={0x0, 0x1c2b, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000140), &(0x7f0000000100))

1.831173724s ago: executing program 4 (id=794):
syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x20800000000f51)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
add_key$fscrypt_provisioning(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setresgid(0xee00, 0xee01, 0x0)
setgroups(0x0, 0x0)
setuid(0xee00)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, 0x0, 0x0)
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000007000/0x4000)=nil)
io_uring_setup(0x4a47, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000440)=""/172)
readv(0xffffffffffffffff, 0x0, 0x0)

1.627165258s ago: executing program 4 (id=795):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x10010, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x7b8a, &(0x7f0000000340)={0x0, 0x817e, 0x200, 0x2, 0x39}, &(0x7f00000000c0), &(0x7f0000001480)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000014c0)=@IORING_OP_WRITE_FIXED={0x5, 0x6, 0x0, @fd=r0, 0x3, 0x7f, 0xb443, 0x1, 0x1})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x4, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000708000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
lsetxattr$system_posix_acl(0x0, &(0x7f0000000440)='system.posix_acl_access\x00', 0x0, 0x9, 0x1)
ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x7)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$setregs(0xd, r5, 0x0, &(0x7f00000003c0))
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, {&(0x7f0000000480)=""/4096, 0x1000, &(0x7f00000001c0)=""/217, 0x2, 0x2}}, 0x48)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001500)=ANY=[@ANYRES64=0x0, @ANYRESDEC=r6, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRESDEC=r2, @ANYBLOB="08001b"], 0x30}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000004700)={'team0\x00', <r10=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r9, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r10}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084)
syz_usb_connect$cdc_ncm(0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x78)
r11 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r11, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r10, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0)

1.30500292s ago: executing program 7 (id=796):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0xa}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc090}, 0x2000004)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r3 = socket$netlink(0x10, 0x3, 0x9)
r4 = dup(r3)
r5 = open(&(0x7f0000000140)='./file1\x00', 0x10f0c2, 0x0)
ftruncate(r5, 0x200004)
sendfile(r4, r5, 0x0, 0x80001d00c0d1)
setgroups(0x4000000000000190, &(0x7f0000000080))
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{0x0, 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r7, &(0x7f0000000000)="2e000400010002", 0x7)

1.187165962s ago: executing program 6 (id=797):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mount$cgroup(0x0, 0x0, 0x0, 0x2008000, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, 0x0, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x1000, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x3)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde9809c8814618e976832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada133b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631def9f126c25ba4f37caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d3130180613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd60200c1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r5 = openat$sndtimer(0xffffff9c, &(0x7f0000000000), 0xc80)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r5, 0xc0145401, &(0x7f0000000040)={0x3, 0x0, 0x0, 0xfdfdffff, 0xffff7fff})
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r7 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x727c, 0x1000, 0x2, 0x362}, &(0x7f0000000240)=<r8=>0x0, &(0x7f0000000300)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x40, 0x0, 0x0, 0x0, 0x91a2, 0x0, 0x0, 0x1})
io_uring_enter(r7, 0x3512, 0x9281, 0x42, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000380)={0x356, 0x78, 0x300, 0x0, 0x7, 0x4, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x8, 0x3, 0x1f7, 0x3d, 0x1, 0x3, 0x4c, 0x202, 0x1, 0xc})

1.135847844s ago: executing program 8 (id=798):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000001c00), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f0000002200)={0x14, r0, 0x100, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x840)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003dc0), 0x0, 0x20040800)
r4 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r5 = shmat(r4, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x500000000, 0x40000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_PROBE_HOST(r6, 0x5385, &(0x7f00000000c0)={0xde, ""/222})
mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil)
shmdt(r5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10)
sendmmsg(r7, &(0x7f0000000180), 0x4000190, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x88}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
poll(0x0, 0x0, 0x7)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000000)={0x6, 'veth1_to_bond\x00', {0x6}, 0xd5b})

946.085546ms ago: executing program 7 (id=799):
r0 = io_uring_setup(0x3c8e, &(0x7f0000000340)={0x0, 0x3, 0x800, 0x2})
r1 = fsopen(&(0x7f00000000c0)='nfsd\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

695.082453ms ago: executing program 7 (id=800):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x2a, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_io_uring_setup(0x234, 0x0, &(0x7f0000000280), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
sendmsg$can_bcm(r0, &(0x7f00000005c0)={&(0x7f0000000180), 0x10, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="04000000000000000000010000000000", @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x38}, 0x2}, 0x0)

183.964709ms ago: executing program 4 (id=801):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
getsockname$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=0x6e)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000004c0))
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002100), 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x11, 0x8, &(0x7f0000000540)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}]}, &(0x7f0000000640)='syzkaller\x00', 0x7}, 0x94)
newfstatat(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', &(0x7f0000000540), 0x400)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0), &(0x7f0000000600)=0xc)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r5, &(0x7f0000003980)={0x2020, 0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_ATTR(r5, &(0x7f0000000240)={0x78, 0x0, r6, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0xd4, 0xfffffffffffffffa, 0x0, 0xa, 0x5, 0x0, 0x200, 0xa000, 0x0, r7}}}, 0x78)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001980)=[{{&(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000440)=[{&(0x7f0000000700)="57c2d00d733f84ba6a64ad79dbc2789442e42ac9dee2862f27694a5b52a98c45d73e58cfa01e2e06a2d1c65ca43ed3f3608acf2e060e984b60a0987b34af6f25c2de1fc8249bf9f9e3dee2fa726d64d18806e4985614d852720040e692996d4f65de634e6c4984b1a65293cff7cb7a04e4655409bc3d8b4bef8bf7373406ef8c9037af9413558128e24b24adf138472159108e4ddee5404f91198f20dc8f6e407f20bce4cdac1286355945d7af217f8e4e8f13ca28ef77113d5ee52c5f013058d2c607fae288b1193830431144c1af308e21199ef9ecbb57312b4103dc4db643742b9c712c3b8fd3ea2bde95004eb962b935fa92976bfd6d24ef75d15f7466c109890d88c76b8a2e8fd5c6dd02f2bf9aa6953094ce1f5015cb7bcaf57c6c4e3d70d78f5e1567280a1050094dccd6e087843e1a9b459aa876ee15617c5b63f863c9acc25a17d019d2b34d16b4b70922d40df998403e989e28b52ff29c0595a2ef758e3718e9793bc61435717b9341a7851ec74e43ff2f3e9f93d9c0a427386f176f59b7a2e217eb8bfc66b89518c106024b29e0336acec023d502056f608c9b7bd2a367eefea0aab357ae41e7af1c7d2ca9d3b44ef6bc29133ab85c487eb1f38836e967b9f32a608516df612843324e6542a26c3e68e6709b662e90298a946dc34608bc501d5d343fa5662549fdd14fbe5331855a288bef66e7800f312d5c3d6bd0c740a04a5437bef928b6d53f39f0a1bfde7bed4c033b281e0a8a8c439dd02b696b7436bfc72b7cf7c44836b632ed3efa7d1783fa8b3a2bbe6fd65ed87cf86a10bd3376178fd111d88b26b876d497e52f104a1112edcd2396cc9f6d74dc827997de070c80c253088c63a8cd5e7d29e5d4a05816fa6fa9632f5f90c3241f877fc37797ef622d35e0715a3664e2fa2ccfa23f88beb17a634c2b94e1ed4488e7c8e16bf205ce63c7a301b7fc78ddc55d2482b73cbd03d6f21cb39794d4801c6be30b0c2220987b6ed065ce875313f8b5d8ee8af323f77e7550110e16962f32bedf9df1377f94ea0e52e68bdb8261d1b5c7d3d4559a355eadc658348701d96c12cede0f1553063a1124bf2c58bf52acea8cfae392688fc165751ddf5516d77092c267c7d85e76fe1d7358621bcf4ef3ce5e4d82096e237a1f5ca839c824846c75616a96ee44bf8a5f25569c04d7ad92dfb19f0a50cbe114fcf5014d5c862ddc95a06e3d99127c9c1c5df95da9a1603377280ec872d52bd1d81f845758253aadbb9abd63fe6e7d2279b9b338ac5d9a05a60cbedd12dd890aa424f6d3d692c7db5ef57c649a9f8eca4d1699414999f7665df4c279ab309e6d8b7dd3f354010d7fb4d3b2b9cf25373f9d07512413271628a18aaa5a502150d61a01aa2572af8b83102532a52dd63be30971b7caa32f5735350a087d25a14e550de454ebfa3c0ffd4d886a3bc3543be0120474991c361e5699bba1925e0c0f304e4cdc1b75d77046352075629d8592ef477c547f07994826d6d565d3064145e79983a1e98ba663bcb7146609d327cb58b9c4c3cd83c5f6d32ac993f0f117cfaef047a565cd3233eafdaf79dfaa9a1f18d3f61eb8239bbf1d7e557eea2ae615b7c53a6883eaed3e305fe09483ff319d564dd0e4cc8e0e5727ecb517d4e7f9fab74d38288a9785d9926fb7c9f2532a6c5b1b7caf1d8c4c675ec08d06c776ac8d5ceee4e238afbd7679e0f4d2c9862cf3f17518e07bc1b27f376588730bd0c995e0a2cc66e2e837469ea765014249b24f85b78c5be08a55aab852b264ba63de519f2f340698b7e8b73efd1675fb83f40516f90e9c5164d7016c21cf3fa6f9c62a2dfcc69c096e9c538939a4c8c4b3f6877d00b41a646f89d0261f23ab698695040840588a6a1637cb060573c79c539a2b5339800e7d6bed7719838be9bca40985781f11f94acf5c3208a209d8a943f852e1d3af73fe2420df1d77f7930c483a5c858ef1d573cefa0c51e0e51c5748a1e5322a1d9d845338e10d8ead639df122acbcb3f509acf0127bcd89564c0618a68359dca4d42c614517b9440ec219bd353e69501dc90ba3b929fcff2fcaa0d9f248a9b9e7418bda0ff1eea2efbd459fb1fdcb11fa6f39a1fb603ad122ec72794deb0e9a5605133f823dedaa6642141fd3bcf4aaae603273513008aecf17fe5af2a89eb5c8764f32ae4e1433c090212c21619093cc01f0527157b63fd4890ecc3005c7344eebaf3084c5f414e4fe18e503cda27eaada8c13fb0ce04b51c9d83fc1780e7af7222e9a6d6c01100ef1ec3ea1f038388e6c09b97aeac4a1eec6ac10dfe9977d94ab1580edb3cbc3439b36b65228a12db0cbe9d59567143eed5a3192db2aa301e271dd0c1621e22746b922988d887eb6cc06282ab6f49821f5b737c4bd7b658176c38c71e6e6a6961c473d1ee75574a08209a25f952f1469bdee6db4dd4e125f6ed5eda763d7a7517d1af586efaa0de4226a2b79183f51cf3672bc773c074b9bf5c6fd47f8224cf0e9f7d36b74053947c3e09d981915ada47358963e8c2ed8705acbec7fdab0f195b4968daae74e96829801250ca8272f090689164d1f13d6a87448c3a3d2a9bd3fb3df59d86111a8949b30d3e777226d59162648ca3589852fda8b64e1beb35f92b00b2db79060a7438090da1651ac6a17850974e043b7e946d4e0d0e1bbe70b94e195bf733a0de65d199d1ab2d377ed708b084f2c3ed0295547153a72a6bb8638ea56e0c796e36afc8c4d8714d81d2656eee20cbdc3e1c2ffc5497215a1d078230bb15b414a359a777ac093e9a4ee88af6ec58a3571c9292414812ec23eb3a70cfcca36a71062dc0335e2a3e7b4b5b88d6dd563966b22d42b81a6be645a25cefe33d464df23f9ba41a4a1b710c2c6aca23cf00f7aefcde2dd1bf042e2b0d359bc678d15cb7df57ff53a656fa6a8d6af216054707ff391087ec324db35fe97ca1fc64b28c74bea24d118ade9be030d7bdf2c2559a7c470abfe99ae70552464cdd39c2b461c86293333900dfeb612c6612faaaf661f602f1670bacfc3886566df2aa8a7359542d44bb648c43242397127e01def61f07802423448c9ce9e77c88cd26fa4ed52fae04fd330d329367f8607d701c396a23fa55d621fbae7f581d92e3447da21aeadfc1a506bce03ed00667166eab7c23b2be1b22e239041819d70b2cb4ba57cdd5d12f6d9effd57c32a52f294672e5c12d1b464be7512eeba0897dcfe46906df01eead9a132aad07459f247c4b66b98215b897a310531139ef6685cc8e9790ef7d0636d65e7be4fd812c53c17aad442f2198f55eeca270dd27e50282d3b55db602901762ae8ef9df4754f66009283c365cf9686199716f4e2e14ffd65d7ff90cdadfdb76edf36478a6ad109402b326ad24b5f9a8dff7d8cd866035b15c5375a4d6ef7b1ae72e0dc6cb09470e5b4bff455a8197dbffe0b6705ebf6b1dac077c7c2012096dd651bb045c1e522a2f9b86e23dc7f10295f94b5e7e9de19b8e32e7b2703e7e9def2f9d139a1ebf1b43ebbbb64659743ee303bb0bed50cfb52fcaa2bfd48113fcccc3d4215f98ae03ed49ad2baad87683dee2a70fd7fb08bddeb47f5f3f53cb0f00cfc27c7d72fedcae1524d31d2e0e99eeba4bf7245d116537611ace257f501f5f1991bb78d7e18cb8e74ae7fc0fa8781e615808d8bb9d238e1e17b5255f6938ad06d0fc18736dd96029eec4683fe2cf7d0a753f71a444e99d4f663e65f8ad82aba4e26b7a88df13a55e77a809b8fdbd25e2219f75dc48e70ce41fee7c7ca54d4f36e2335af1525bc6a36b74ddf767575d24d15da037ab43731dd863f3fcdea956ce8ca6b1266d6dd00191e8b33ad1f308cd571d5a98fb8bfcd3fd4f54c10b2a0365d4ac7ad4a0dc367494edb561957a3adb58236a081169a5b7451fd39b14d8cb3637de930fdec18425d9ba3ff8a4588969adcbadd855d50e2c1edcc9afc5b98111760ef8487888ca081e93599539ed0abf3f1a8a1056434a50200fa2dec31546dee92c0d9b638010b384dd8c40a242485321ab8273f4a63700a520c92b7d3777f3ed9abdf7d4d39673ef34d07b9b5089dbf27185863342426708f0a305ca05ea2a11cacea620804056d18be70dabbdd5ccded1c200556dbb364de4be308f5c291adfa2bbc99db3844103317771db81efb0140a185d74360114596e04f55a05e6570428b2a6a7b46bbf44256d6c5e681ac61caabba10cbaddd90e7cc89ea1bfe67d360dca7b3cfe3f137111f54e79eb11dc336b0cb0960d3fac197bcd208c8ca838a2132cb1067ca594fc9fa17b6704b971b6969e0e1d8ac900a209dc49668aba346e09d9f0028560851e5c94bab26ba2cc7ff4acd9d3f6cbb1ba9ec1c823290c97c2c939493b9a2f06167669170db62901ead67ccd40934ac363595e904d7f161c8471443087e1efd42c4ff93faf5c2a2ef3c595b6a5a39805c31e989b7a9c104c586ff47462e157774a162eb1afa8b036213617e01b57e15b1506fb471d0ad7678857a9b39d0e45062e39f456b8adcd8113a86e48fd2bd1ac063880e0aa8888c0bc2c8d8636e45fffe8c19df7c4d7105b8675dcf7803503d1edba2e0aef0a0d0d2197339ac4b21945711825c64bd7a2180cbbea135239e25ef1fd9e9a9bb911f41f8e5c6f0c5cb09b10f7632487d9a18986525ad7f4898a7e08f09c7014cdd3362867cd0b7bed8c6af96534ae3c6f481151c8a2c58bff695dd4632d9fd4c5d17778eac94db60a7b509f7ff067425e0464bb2cd14ab2d1417425fa018dffc8ec60e07dd64b8ed4c9247d935202f8c6d8c3d832599a05960e0ea0f5ffcee9206da02dec0e0e3f7fbbb6a91ca3d278755b4f66e2804ab7bd318776fcf4e1d6f68799622ec18b703c0b76389157ad99555e09131acbae59c40efa26f755619e30a1ab1bd1a0432c839fc0e0d6a42c3134547b4231b2b0d8895b58e08bd767fdbef12216552bfd77c08be55dc4c7d9c8c4d6ebeef39788f88fe8573a3f58b51264e281bab88577d6e68ae580796f6a2c8b79260e37ebd0951d710a0925eccd3a6e20b5a238f8f28c5038dea3665cfae83f83ffe0e408d9c659c69ad7b203e66e22dc8e1f2c43dfc3cb02da7fc9b1977af6a204e285ab5f5ae5b684dc6c907ce3ea86a687e7ddd7c768764e03c7656882a94a92f77e8bf3c647d57b3e49ecb88da30b46cdb2325c2f662b2c5b45a0b23a9becdd94cac5d204fb3176457ae4d6fb851d1e18903bbbe4e6b347fde01402a7fff8626fdeec121ecaff6ecf8731951caf61e28a574b538039a83b4a203704bdb85fa560b18855f6b48962ef79622ec84180bceb46a615a23ff0957f0f4d7710ade512682e454755692ba0ec590bd4d4902c5f3388a734874d8616913e860162dff6063a190172a3a882812e115a19e2a55c25528bbe12b4f50d59cba72db1945ac9b73b8f30793790221698d1714bf4f53ca587147edd8bdfaf47a30d784fbe103ad939f93f9619b61a04d81e645d509cfac1833ef4a7bc0b80d78c3f91285695641cf8d2bfc26151e67f3e90477a3665ef730ac479f7e142a2ced072f82917d5b45d0f6087be5b88c3ff9f78d585780c1365c86e187bec705bd0e645d22724fff9d83ae9eaee9d265ae941ff6e03db8460d8e0362a6ae6e7ef7d02219a2a5be5634a14d3f150f98e48593149ef10252b587d816ecfc7d5a26b328f835bea941390e79f7b816dc2e3b7779273f1146d9847473139a9b57360ef544243f6953a32a93f6a0f26f0f89637bd1df6a02432048b11d7da6c2df643796", 0x1000}, {&(0x7f0000001740)="d9b497d81693302d601ae47209e57154c969c105dfde384d96dbec77cb849c000000000000000000000000008473f788e24d7ff411819f531963eeee8fe7c4604dd678be29ddf714cf91f8ac862fb5dd621d78f1d2dd5b101040a077d9570dfb09f1374e3e7b52b1876b8305e11e310064e7dd0e8d2e0cb5da727f715484967366f36bb8ad98cae02507e53dcd3f61d64e968b0c86d4d5ab4bc574a6fc01038cc6f3cd2db66bc9e3bcf62eb6e9fb72be5f539ee5cef3bb9da68cc0e0e940fe7c8f076d4948b28f", 0xc7}, {&(0x7f0000001a00)="e9d675d7426d976fbb28ab49091f591cf71068c94abaa8e377880d8c9c2f8f96f0f89c53d1589fd690cdb86774b1655e1c54c229a2099d59b8b2fa9ba55c057139e3042d7dd8a70d459665bf463d38943304b796e6333b94110507c2a00f5eb63bd736192f5283d86c2c611bba671b018c1a25703746eb02767f0bd262768576c29f0b2cc532dc6feda27dd672c20fc57301abb5104aae2f2f800b818f1bf4354658c9b0fd3d39e52ba5e1e89f4e0b72be4c9e0e7667d747f484ef5d4da6a91ed76f32c81a689de0a0e9437df4015f309ea554f31ee9a187ab0303d8373fbbf052ed1d80bc651b", 0xe7}, {&(0x7f0000000380)="a939ed1fc29ac1208fd485740c4c30728b0ad746a476fb121b987cb377654862ba557a686a914660aa7261d4bc87072dfbeeb73d91344ac152396b562a73aa0d181dd44fb6ddc91a9ebc", 0x4a}, {&(0x7f0000000400)="2e28fa658e", 0x5}], 0x5, &(0x7f0000001700)=[@rights={{0x18, 0x1, 0x1, [r1, r4]}}], 0x18, 0x24008800}}, {{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000001c00)="f25c9bbe8516b2624ff1584b781c48eca7ec1312b1aa126403e7695866b0cec44a0b96b56d78024e66fece4c5e11a0ff0ef80870924177686cdaddcb8e94a0183633b421dae60ed76eb9424d01b797ee26a7167deaf195b75d89f547feb2f15993c2c54b022f43d72a30ef8119e669ca9222cc1641b43558b23a0bf17e1fd81c43b8174058ba98b043a1c74677425cf77d15b60c32d351ee80ef68f9b8f4759896ca362b9c49cbf6f7d94c5aa622d754eeaed408832a06fefe1d075ae34f8a7e639f788065c3572fa02cbcc652089351f3b5a832816055db235dc38a485196db69387667afdc27e044850fe4787c810ace92ea817123300c", 0xf8}, {&(0x7f0000001840)="f9c6fa2736c8513cb415bcaec9098beb8214f29e5cc7ea67ab1386828828d9bf973afb256c3462ac14e2dd4ecb07c7440468b36b3204ade124ea4c051d49c0a0690d85bf602090b822d4e8e36da667c4a73e8b8088c6f6d4dbf65eead3", 0x5d}], 0x2, &(0x7f0000001900), 0x0, 0x4}}], 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x3bee, &(0x7f0000001900)={0x0, 0x1ce9c, 0x400, 0x43, 0x40004330}, &(0x7f00000006c0)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0x1, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2})

175.392839ms ago: executing program 7 (id=802):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001b000)=""/102400, 0x19000)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000280)='g', 0x1, 0x4008891, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1c)
setsockopt$sock_int(r1, 0x1, 0x28, &(0x7f00000001c0)=0xf66, 0x4)
shutdown(r1, 0x1)

0s ago: executing program 6 (id=803):
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffe)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x10000}}, {{@in=@multicast1, 0x0, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd}}, 0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
capset(&(0x7f0000000040)={0x20080522, r0}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000))
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/time\x00')

kernel console output (not intermixed with test programs):

332][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  193.757224][ T5958] libceph: connect (1)[c::]:6789 error -101
[  193.772469][ T7544] ceph: No mds server is up or the cluster is laggy
[  193.820505][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  193.827671][ T5958] libceph: mon0 (1)[c::]:6789 connect error
[  193.834116][ T6022] libceph: connect (1)[c::]:6789 error -101
[  193.840164][ T6022] libceph: mon0 (1)[c::]:6789 connect error
[  193.853775][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  193.870897][ T7543] ceph: No mds server is up or the cluster is laggy
[  194.028394][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.194917][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.286775][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.384566][ T5855] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  195.396222][ T5855] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  195.405618][ T5855] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  195.414135][ T5855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  195.424137][ T5855] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  196.605951][ T7582] IPVS: stopping backup sync thread 7585 ...
[  196.625113][   T30] audit: type=1400 audit(1755899171.881:274): avc:  denied  { search } for  pid=5516 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  196.661507][   T49] bridge_slave_1: left allmulticast mode
[  196.667284][   T49] bridge_slave_1: left promiscuous mode
[  196.697334][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.734066][   T30] audit: type=1400 audit(1755899171.881:275): avc:  denied  { search } for  pid=5516 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  196.757722][   T30] audit: type=1400 audit(1755899171.881:276): avc:  denied  { search } for  pid=5516 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  196.783555][   T30] audit: type=1400 audit(1755899171.881:277): avc:  denied  { read } for  pid=5516 comm="dhcpcd" name="n100" dev="tmpfs" ino=4172 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  196.931960][   T49] bridge_slave_0: left allmulticast mode
[  196.956136][   T49] bridge_slave_0: left promiscuous mode
[  197.110732][   T30] audit: type=1400 audit(1755899171.881:278): avc:  denied  { open } for  pid=5516 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=4172 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  197.133769][   T30] audit: type=1400 audit(1755899171.881:279): avc:  denied  { getattr } for  pid=5516 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=4172 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  197.157791][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.480811][ T5855] Bluetooth: hci1: command tx timeout
[  197.868738][   T30] audit: type=1400 audit(1755899173.121:280): avc:  denied  { read open } for  pid=7597 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  198.270820][ T5958] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  198.352963][   T30] audit: type=1400 audit(1755899173.121:281): avc:  denied  { getattr } for  pid=7597 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  198.409572][ T7614] binder: Bad value for 'max'
[  198.490987][ T5958] usb 5-1: Using ep0 maxpacket: 8
[  198.675147][ T5958] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  198.688138][ T5958] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  198.698429][ T5958] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  198.724624][   T30] audit: type=1400 audit(1755899173.271:282): avc:  denied  { read write } for  pid=7600 comm="syz.4.453" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  198.728648][ T5958] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  198.787802][ T5958] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  198.810017][   T30] audit: type=1400 audit(1755899173.271:283): avc:  denied  { open } for  pid=7600 comm="syz.4.453" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  198.810658][ T5958] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.852216][   T30] audit: type=1400 audit(1755899173.271:284): avc:  denied  { ioctl } for  pid=7600 comm="syz.4.453" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  199.062277][   T30] audit: type=1400 audit(1755899174.311:285): avc:  denied  { add_name } for  pid=7591 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  199.123264][   T30] audit: type=1400 audit(1755899174.321:286): avc:  denied  { create } for  pid=7591 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  199.130922][ T5958] usb 5-1: GET_CAPABILITIES returned 0
[  199.187666][   T30] audit: type=1400 audit(1755899174.321:287): avc:  denied  { write } for  pid=7591 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=4208 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  199.200414][ T5958] usbtmc 5-1:16.0: can't read capabilities
[  199.551723][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  199.562274][ T5855] Bluetooth: hci1: command tx timeout
[  199.631118][ T7632] CUSE: unknown device info ""
[  199.636021][ T7632] CUSE: zero length info key specified
[  200.055648][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  200.075449][   T49] bond0 (unregistering): Released all slaves
[  200.098437][ T7601] netlink: 'syz.4.453': attribute type 2 has an invalid length.
[  200.243393][ T7635] netlink: 'syz.5.458': attribute type 1 has an invalid length.
[  200.273348][   T24] usb 5-1: USB disconnect, device number 4
[  201.116137][ T7645] gretap1: entered promiscuous mode
[  201.248590][ T7635] macvlan2: entered promiscuous mode
[  201.277455][ T7635] macvlan2: entered allmulticast mode
[  201.642615][ T5855] Bluetooth: hci1: command tx timeout
[  201.857071][ T7574] chnl_net:caif_netlink_parms(): no params data found
[  202.192072][ T7678] binder: Bad value for 'max'
[  202.194764][ T7675] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  202.274572][   T49] hsr_slave_0: left promiscuous mode
[  202.488917][ T7682] FAULT_INJECTION: forcing a failure.
[  202.488917][ T7682] name failslab, interval 1, probability 0, space 0, times 0
[  202.508715][   T49] hsr_slave_1: left promiscuous mode
[  202.520472][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.530842][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.538049][ T7682] CPU: 1 UID: 0 PID: 7682 Comm: syz.3.466 Not tainted syzkaller #0 PREEMPT(full) 
[  202.538071][ T7682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  202.538080][ T7682] Call Trace:
[  202.538087][ T7682]  <TASK>
[  202.538094][ T7682]  dump_stack_lvl+0x16c/0x1f0
[  202.538118][ T7682]  should_fail_ex+0x512/0x640
[  202.538137][ T7682]  ? fs_reclaim_acquire+0xae/0x150
[  202.538162][ T7682]  ? tomoyo_encode2+0x100/0x3e0
[  202.538184][ T7682]  should_failslab+0xc2/0x120
[  202.538203][ T7682]  __kmalloc_noprof+0xd2/0x510
[  202.538232][ T7682]  tomoyo_encode2+0x100/0x3e0
[  202.538261][ T7682]  tomoyo_encode+0x29/0x50
[  202.538284][ T7682]  tomoyo_realpath_from_path+0x18f/0x6e0
[  202.538311][ T7682]  ? tomoyo_profile+0x47/0x60
[  202.538331][ T7682]  tomoyo_path_number_perm+0x245/0x580
[  202.538352][ T7682]  ? tomoyo_path_number_perm+0x237/0x580
[  202.538375][ T7682]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  202.538398][ T7682]  ? find_held_lock+0x2b/0x80
[  202.538443][ T7682]  ? find_held_lock+0x2b/0x80
[  202.538462][ T7682]  ? hook_file_ioctl_common+0x145/0x410
[  202.538486][ T7682]  ? __fget_files+0x20e/0x3c0
[  202.538509][ T7682]  security_file_ioctl+0x9b/0x240
[  202.538535][ T7682]  __x64_sys_ioctl+0xb7/0x210
[  202.538563][ T7682]  do_syscall_64+0xcd/0x4c0
[  202.538585][ T7682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.538602][ T7682] RIP: 0033:0x7f0ae738ebe9
[  202.538616][ T7682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.538632][ T7682] RSP: 002b:00007f0ae8265038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  202.538648][ T7682] RAX: ffffffffffffffda RBX: 00007f0ae75b5fa0 RCX: 00007f0ae738ebe9
[  202.538659][ T7682] RDX: 0000000000000000 RSI: 0000000040085400 RDI: 0000000000000003
[  202.538670][ T7682] RBP: 00007f0ae8265090 R08: 0000000000000000 R09: 0000000000000000
[  202.538680][ T7682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.538690][ T7682] R13: 00007f0ae75b6038 R14: 00007f0ae75b5fa0 R15: 00007ffc84e92558
[  202.538714][ T7682]  </TASK>
[  202.538730][ T7682] ERROR: Out of memory at tomoyo_realpath_from_path.
[  202.801681][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.809228][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.875801][   T49] veth1_macvtap: left promiscuous mode
[  202.910867][   T49] veth0_macvtap: left promiscuous mode
[  202.930422][   T49] veth1_vlan: left promiscuous mode
[  202.944346][   T49] veth0_vlan: left promiscuous mode
[  203.372924][ T7694] CUSE: unknown device info ""
[  203.377853][ T7694] CUSE: zero length info key specified
[  203.772662][ T5855] Bluetooth: hci1: command tx timeout
[  204.204457][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  204.204473][   T30] audit: type=1400 audit(1755899179.461:291): avc:  denied  { getopt } for  pid=7697 comm="syz.4.471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  204.361225][ T7702] FAULT_INJECTION: forcing a failure.
[  204.361225][ T7702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  204.374621][ T7702] CPU: 0 UID: 0 PID: 7702 Comm: syz.4.473 Not tainted syzkaller #0 PREEMPT(full) 
[  204.374645][ T7702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  204.374655][ T7702] Call Trace:
[  204.374661][ T7702]  <TASK>
[  204.374668][ T7702]  dump_stack_lvl+0x16c/0x1f0
[  204.374692][ T7702]  should_fail_ex+0x512/0x640
[  204.374717][ T7702]  _copy_to_user+0x32/0xd0
[  204.374743][ T7702]  simple_read_from_buffer+0xcb/0x170
[  204.374764][ T7702]  proc_fail_nth_read+0x197/0x240
[  204.374787][ T7702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.374809][ T7702]  ? rw_verify_area+0xcf/0x6c0
[  204.374837][ T7702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.374857][ T7702]  vfs_read+0x1e1/0xcf0
[  204.374879][ T7702]  ? __pfx___mutex_lock+0x10/0x10
[  204.374900][ T7702]  ? __pfx_vfs_read+0x10/0x10
[  204.374924][ T7702]  ? __fget_files+0x20e/0x3c0
[  204.374952][ T7702]  ksys_read+0x12a/0x250
[  204.374968][ T7702]  ? __pfx_ksys_read+0x10/0x10
[  204.374992][ T7702]  do_syscall_64+0xcd/0x4c0
[  204.375013][ T7702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.375031][ T7702] RIP: 0033:0x7fcc3ef8d5fc
[  204.375053][ T7702] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  204.375069][ T7702] RSP: 002b:00007fcc3fe8b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  204.375086][ T7702] RAX: ffffffffffffffda RBX: 00007fcc3f1b5fa0 RCX: 00007fcc3ef8d5fc
[  204.375097][ T7702] RDX: 000000000000000f RSI: 00007fcc3fe8b0a0 RDI: 0000000000000003
[  204.375108][ T7702] RBP: 00007fcc3fe8b090 R08: 0000000000000000 R09: 0000000000000000
[  204.375118][ T7702] R10: 9999999999999999 R11: 0000000000000246 R12: 0000000000000001
[  204.375128][ T7702] R13: 00007fcc3f1b6038 R14: 00007fcc3f1b5fa0 R15: 00007ffd802fe7f8
[  204.375152][ T7702]  </TASK>
[  204.676415][ T7704] SELinux: failed to load policy
[  205.070227][   T49] team0 (unregistering): Port device team_slave_1 removed
[  205.118080][   T30] audit: type=1400 audit(1755899180.371:292): avc:  denied  { write } for  pid=7705 comm="syz.4.474" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  205.157530][   T49] team0 (unregistering): Port device team_slave_0 removed
[  206.216039][ T7574] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.228614][ T7574] bridge0: port 1(bridge_slave_0) entered disabled state
[  206.241272][ T7574] bridge_slave_0: entered allmulticast mode
[  206.248574][ T7574] bridge_slave_0: entered promiscuous mode
[  206.270245][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state
[  206.282604][ T7574] bridge0: port 2(bridge_slave_1) entered disabled state
[  206.298467][ T7574] bridge_slave_1: entered allmulticast mode
[  206.318038][ T7574] bridge_slave_1: entered promiscuous mode
[  206.395620][ T7574] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  206.417072][ T7574] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.571555][ T7574] team0: Port device team_slave_0 added
[  206.603976][ T7574] team0: Port device team_slave_1 added
[  206.716120][ T7574] batman_adv: batadv0: Adding interface: batadv_slave_0
[  206.724671][ T7574] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.768312][ T7574] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  206.794422][ T7574] batman_adv: batadv0: Adding interface: batadv_slave_1
[  206.809531][ T7574] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  206.835801][   T30] audit: type=1400 audit(1755899182.061:293): avc:  denied  { setopt } for  pid=7727 comm="syz.1.479" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  206.857634][   T30] audit: type=1400 audit(1755899182.121:294): avc:  denied  { connect } for  pid=7727 comm="syz.1.479" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  206.864794][ T7574] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  206.877879][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.935255][   T30] audit: type=1400 audit(1755899182.161:295): avc:  denied  { write } for  pid=7727 comm="syz.1.479" laddr=fe80::70b6:97ff:feca:137e lport=60 faddr=ff02::1 fport=65533 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  206.960407][    C1] vkms_vblank_simulate: vblank timer overrun
[  207.361788][ T7747] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  207.503365][   T30] audit: type=1400 audit(1755899182.611:296): avc:  denied  { mounton } for  pid=7746 comm="syz.3.481" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  207.560519][   T30] audit: type=1400 audit(1755899182.621:297): avc:  denied  { unlink } for  pid=7746 comm="syz.3.481" name="#1" dev="tmpfs" ino=588 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  207.996914][ T7574] hsr_slave_0: entered promiscuous mode
[  208.036995][ T7574] hsr_slave_1: entered promiscuous mode
[  208.807731][   T30] audit: type=1400 audit(1755899184.061:298): avc:  denied  { listen } for  pid=7768 comm="syz.5.485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  209.148448][   T30] audit: type=1400 audit(1755899184.401:299): avc:  denied  { connect } for  pid=7776 comm="syz.1.486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  209.514482][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  209.671628][   T24] usb 6-1: device descriptor read/64, error -71
[  209.952116][ T7574] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  209.969037][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  210.339101][ T7574] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  210.420892][   T24] usb 6-1: device descriptor read/64, error -71
[  210.485521][ T7574] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  210.536984][ T7574] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  210.562494][   T24] usb usb6-port1: attempt power cycle
[  210.970722][   T24] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  210.994218][   T24] usb 6-1: device descriptor read/8, error -71
[  211.056197][ T7574] 8021q: adding VLAN 0 to HW filter on device bond0
[  211.077779][ T7819] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  211.086466][ T7819] audit: out of memory in audit_log_start
[  211.113785][ T7574] 8021q: adding VLAN 0 to HW filter on device team0
[  211.180241][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  211.187353][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  211.225539][   T30] audit: type=1400 audit(1755899186.481:300): avc:  denied  { getopt } for  pid=7821 comm="syz.1.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  211.229637][ T1112] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.247357][ T7822] binder: 7821:7822 ioctl c0306201 200000000080 returned -14
[  211.252032][ T1112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  211.280844][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  211.281386][ T7822] binder: 7821:7822 ioctl c0306201 2000000003c0 returned -22
[  211.322094][   T24] usb 6-1: device descriptor read/8, error -71
[  211.431330][   T24] usb usb6-port1: unable to enumerate USB device
[  211.467431][ T7574] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  211.484043][   T30] audit: type=1400 audit(1755899186.741:301): avc:  denied  { create } for  pid=7825 comm="syz.1.494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  211.546265][   T30] audit: type=1400 audit(1755899186.761:302): avc:  denied  { setopt } for  pid=7825 comm="syz.1.494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  211.972385][ T7574] 8021q: adding VLAN 0 to HW filter on device batadv0
[  212.430871][   T30] audit: type=1400 audit(1755899187.677:303): avc:  denied  { mount } for  pid=7844 comm="syz.5.497" name="/" dev="ramfs" ino=17028 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  212.536198][ T5958] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  212.544083][   T30] audit: type=1400 audit(1755899187.757:304): avc:  denied  { setopt } for  pid=7844 comm="syz.5.497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  213.154926][ T5958] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  213.166955][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  213.177917][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  213.202967][ T5958] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  213.218504][ T5958] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  213.246164][ T5958] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.313531][ T5958] usb 4-1: config 0 descriptor??
[  213.598008][ T7574] veth0_vlan: entered promiscuous mode
[  213.770159][ T7574] veth1_vlan: entered promiscuous mode
[  213.872066][ T5958] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  214.061419][ T7574] veth0_macvtap: entered promiscuous mode
[  214.095177][   T30] audit: type=1400 audit(1755899189.357:305): avc:  denied  { create } for  pid=7876 comm="syz.1.502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  214.123392][ T7574] veth1_macvtap: entered promiscuous mode
[  214.166485][ T7574] batman_adv: batadv0: Interface activated: batadv_slave_0
[  214.175000][   T30] audit: type=1400 audit(1755899189.357:306): avc:  denied  { ioctl } for  pid=7876 comm="syz.1.502" path="socket:[17887]" dev="sockfs" ino=17887 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  214.238560][ T7880] FAULT_INJECTION: forcing a failure.
[  214.238560][ T7880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.244065][ T7574] batman_adv: batadv0: Interface activated: batadv_slave_1
[  214.277088][ T7880] CPU: 1 UID: 0 PID: 7880 Comm: syz.5.500 Not tainted syzkaller #0 PREEMPT(full) 
[  214.277112][ T7880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  214.277122][ T7880] Call Trace:
[  214.277127][ T7880]  <TASK>
[  214.277134][ T7880]  dump_stack_lvl+0x16c/0x1f0
[  214.277158][ T7880]  should_fail_ex+0x512/0x640
[  214.277181][ T7880]  _copy_from_user+0x2e/0xd0
[  214.277205][ T7880]  core_sys_select+0x35b/0xc10
[  214.277230][ T7880]  ? __pfx_core_sys_select+0x10/0x10
[  214.277271][ T7880]  ? set_user_sigmask+0x21b/0x2b0
[  214.277292][ T7880]  ? __pfx_set_user_sigmask+0x10/0x10
[  214.277316][ T7880]  do_pselect.constprop.0+0x19f/0x1e0
[  214.277336][ T7880]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  214.277363][ T7880]  __x64_sys_pselect6+0x182/0x240
[  214.277383][ T7880]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  214.277409][ T7880]  do_syscall_64+0xcd/0x4c0
[  214.277429][ T7880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.277447][ T7880] RIP: 0033:0x7fdd3f58ebe9
[  214.277461][ T7880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  214.277478][ T7880] RSP: 002b:00007fdd4038c038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  214.277494][ T7880] RAX: ffffffffffffffda RBX: 00007fdd3f7b5fa0 RCX: 00007fdd3f58ebe9
[  214.277505][ T7880] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000040
[  214.277514][ T7880] RBP: 00007fdd4038c090 R08: 0000000000000000 R09: 0000000000000000
[  214.277524][ T7880] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[  214.277534][ T7880] R13: 00007fdd3f7b6038 R14: 00007fdd3f7b5fa0 R15: 00007ffc926b6cf8
[  214.277558][ T7880]  </TASK>
[  214.287424][   T36] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  214.340793][ T5958] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  214.487542][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  214.496595][   T36] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  214.506259][   T36] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  214.713575][ T5958] usb 2-1: config index 0 descriptor too short (expected 8192, got 36)
[  214.725405][ T5958] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.752464][  T979] usb 4-1: USB disconnect, device number 4
[  214.760927][ T5958] usb 2-1: config 0 has no interfaces?
[  214.784454][ T5958] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  214.802371][   T30] audit: type=1400 audit(1755899190.057:307): avc:  denied  { create } for  pid=7891 comm="syz.4.504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  214.819474][ T5958] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.871552][ T5958] usb 2-1: config 0 descriptor??
[  214.878800][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  214.925872][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  214.996494][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.009952][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.229209][ T5958] usb 2-1: string descriptor 0 read error: -71
[  215.398199][ T5958] usb 2-1: USB disconnect, device number 4
[  217.078576][ T7921] netlink: 24 bytes leftover after parsing attributes in process `syz.1.508'.
[  217.109435][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  217.109451][   T30] audit: type=1400 audit(1755899192.367:313): avc:  denied  { map } for  pid=7920 comm="syz.5.510" path="socket:[18461]" dev="sockfs" ino=18461 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  217.402891][   T30] audit: type=1400 audit(1755899192.537:314): avc:  denied  { read } for  pid=7920 comm="syz.5.510" path="socket:[18461]" dev="sockfs" ino=18461 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  218.113224][ T7926] netlink: 64 bytes leftover after parsing attributes in process `syz.3.511'.
[  218.468372][ T7945] IPVS: set_ctl: invalid protocol: 44 10.1.1.1:20001
[  218.688615][  T976] IPVS: starting estimator thread 0...
[  218.800761][ T7948] IPVS: using max 75 ests per chain, 180000 per kthread
[  220.032210][ T7986] netlink: 256 bytes leftover after parsing attributes in process `syz.6.522'.
[  220.056341][   T30] audit: type=1400 audit(1755899195.317:315): avc:  denied  { ioctl } for  pid=7970 comm="syz.1.517" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  220.081203][    C0] vkms_vblank_simulate: vblank timer overrun
[  220.732240][ T8008] SELinux:  policydb string S does not match my string SE Linux
[  220.801536][ T8008] SELinux: failed to load policy
[  221.040720][ T8013] binder: Bad value for 'max'
[  221.598813][ T8027] binder: Bad value for 'max'
[  221.811238][   T30] audit: type=1400 audit(1755899197.067:316): avc:  denied  { create } for  pid=8026 comm="syz.1.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  221.830620][    C0] vkms_vblank_simulate: vblank timer overrun
[  222.030368][   T30] audit: type=1400 audit(1755899197.287:317): avc:  denied  { mount } for  pid=8026 comm="syz.1.534" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  222.106041][   T30] audit: type=1400 audit(1755899197.287:318): avc:  denied  { search } for  pid=8026 comm="syz.1.534" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  222.190079][   T30] audit: type=1400 audit(1755899197.287:319): avc:  denied  { search } for  pid=8026 comm="syz.1.534" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  222.560705][ T8043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.536'.
[  222.571011][ T8043] vlan0: entered promiscuous mode
[  222.578793][   T30] audit: type=1400 audit(1755899197.287:320): avc:  denied  { search } for  pid=8026 comm="syz.1.534" name="/" dev="configfs" ino=1126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  222.600758][    C0] vkms_vblank_simulate: vblank timer overrun
[  223.485559][   T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  223.687775][   T24] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  223.743758][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  223.780794][   T24] usb 5-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  223.806148][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.871271][   T24] usb 5-1: config 0 descriptor??
[  224.386220][ T8099] binder: Bad value for 'max'
[  224.766412][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  224.776508][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  224.824986][   T24] usb 5-1: USB disconnect, device number 5
[  224.987074][ T8111] netlink: 12 bytes leftover after parsing attributes in process `syz.6.546'.
[  226.325558][   T30] audit: type=1326 audit(1755899201.477:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  226.411631][   T30] audit: type=1326 audit(1755899201.477:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  226.655126][   T30] audit: type=1326 audit(1755899201.477:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  226.766641][  T979] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  226.833314][   T30] audit: type=1326 audit(1755899201.477:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  226.990665][  T979] usb 5-1: Using ep0 maxpacket: 32
[  226.995440][   T30] audit: type=1326 audit(1755899201.477:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.012953][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.018775][    C0] vkms_vblank_simulate: vblank timer overrun
[  227.031434][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.107336][   T30] audit: type=1326 audit(1755899201.477:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.120641][  T979] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  227.134255][   T30] audit: type=1326 audit(1755899201.477:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.242823][ T8137] SELinux:  policydb string SE Li does not match my string SE Linux
[  227.258789][ T8137] SELinux: failed to load policy
[  227.263969][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.289162][  T979] usb 5-1: config 0 descriptor??
[  227.311745][  T979] hub 5-1:0.0: USB hub found
[  227.320997][   T30] audit: type=1400 audit(1755899201.477:328): avc:  denied  { write } for  pid=8116 comm="syz.5.548" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  227.348384][   T30] audit: type=1326 audit(1755899201.477:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.444469][ T8143] loop2: detected capacity change from 0 to 7
[  227.469781][ T8143] Dev loop2: unable to read RDB block 7
[  227.485841][ T8143]  loop2: unable to read partition table
[  227.492112][   T30] audit: type=1326 audit(1755899201.487:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.501755][ T8143] loop2: partition table beyond EOD, truncated
[  227.531433][  T979] hub 5-1:0.0: 1 port detected
[  227.556549][ T8143] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  227.571753][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  227.609711][   T30] audit: type=1326 audit(1755899201.487:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.642543][ T8148] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  227.787801][   T30] audit: type=1326 audit(1755899201.487:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.888393][   T30] audit: type=1326 audit(1755899201.487:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  227.919357][   T24] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  227.940695][  T976] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  228.246714][  T979] hub 5-1:0.0: activate --> -90
[  228.702917][ T8159] netlink: 52 bytes leftover after parsing attributes in process `syz.4.549'.
[  228.805655][   T24] usb 4-1: config 0 interface 0 has no altsetting 0
[  228.812374][  T979] hub 5-1:0.0: hub_ext_port_status failed (err = 0)
[  228.820315][   T30] audit: type=1326 audit(1755899201.487:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  228.843608][   T24] usb 4-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  228.855884][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.865138][   T30] audit: type=1326 audit(1755899201.487:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  228.872695][ T8160] netlink: 4 bytes leftover after parsing attributes in process `syz.4.549'.
[  228.889124][   T24] usb 4-1: config 0 descriptor??
[  228.903550][   T30] audit: type=1326 audit(1755899201.487:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  228.928720][   T30] audit: type=1326 audit(1755899201.487:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8116 comm="syz.5.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd3f58ebe9 code=0x7ffc0000
[  229.026007][  T976] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.054636][  T976] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  229.068423][  T976] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  229.081766][  T976] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  229.090881][  T976] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.112483][  T976] usb 7-1: config 0 descriptor??
[  229.147491][ T8162] netlink: 8 bytes leftover after parsing attributes in process `syz.5.561'.
[  229.440985][  T979] usb 5-1: USB disconnect, device number 6
[  229.498288][   T24] usbhid 4-1:0.0: can't add hid device: -71
[  229.528309][   T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  229.579162][   T24] usb 4-1: USB disconnect, device number 5
[  229.598704][  T976] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  230.217833][    C1] plantronics 0003:047F:FFFF.0004: hid_field_extract() called with n (132) > 32! (udevd)
[  230.833808][ T5904] usb 7-1: USB disconnect, device number 2
[  231.260301][ T8184] SELinux:  policydb string SE Li does not match my string SE Linux
[  231.289971][ T8184] SELinux: failed to load policy
[  231.589876][ T8197] netlink: 64 bytes leftover after parsing attributes in process `syz.4.568'.
[  231.617468][ T8197] netlink: 12 bytes leftover after parsing attributes in process `syz.4.568'.
[  231.727787][ T8198] FAULT_INJECTION: forcing a failure.
[  231.727787][ T8198] name failslab, interval 1, probability 0, space 0, times 0
[  231.767830][ T8198] CPU: 1 UID: 0 PID: 8198 Comm: syz.3.569 Not tainted syzkaller #0 PREEMPT(full) 
[  231.767856][ T8198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  231.767866][ T8198] Call Trace:
[  231.767871][ T8198]  <TASK>
[  231.767878][ T8198]  dump_stack_lvl+0x16c/0x1f0
[  231.767902][ T8198]  should_fail_ex+0x512/0x640
[  231.767921][ T8198]  ? fs_reclaim_acquire+0xae/0x150
[  231.767946][ T8198]  ? tomoyo_encode2+0x100/0x3e0
[  231.767969][ T8198]  should_failslab+0xc2/0x120
[  231.767990][ T8198]  __kmalloc_noprof+0xd2/0x510
[  231.768007][ T8198]  ? d_absolute_path+0x136/0x1a0
[  231.768037][ T8198]  tomoyo_encode2+0x100/0x3e0
[  231.768065][ T8198]  tomoyo_encode+0x29/0x50
[  231.768088][ T8198]  tomoyo_realpath_from_path+0x18f/0x6e0
[  231.768121][ T8198]  tomoyo_path_number_perm+0x245/0x580
[  231.768141][ T8198]  ? tomoyo_path_number_perm+0x237/0x580
[  231.768162][ T8198]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  231.768185][ T8198]  ? find_held_lock+0x2b/0x80
[  231.768231][ T8198]  ? find_held_lock+0x2b/0x80
[  231.768250][ T8198]  ? hook_file_ioctl_common+0x145/0x410
[  231.768272][ T8198]  ? __fget_files+0x20e/0x3c0
[  231.768294][ T8198]  security_file_ioctl+0x9b/0x240
[  231.768320][ T8198]  __x64_sys_ioctl+0xb7/0x210
[  231.768346][ T8198]  do_syscall_64+0xcd/0x4c0
[  231.768371][ T8198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.768388][ T8198] RIP: 0033:0x7f0ae738ebe9
[  231.768402][ T8198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.768418][ T8198] RSP: 002b:00007f0ae8265038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  231.768434][ T8198] RAX: ffffffffffffffda RBX: 00007f0ae75b5fa0 RCX: 00007f0ae738ebe9
[  231.768445][ T8198] RDX: 0000000000000000 RSI: 000000008004f50e RDI: 0000000000000004
[  231.768454][ T8198] RBP: 00007f0ae8265090 R08: 0000000000000000 R09: 0000000000000000
[  231.768464][ T8198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.768474][ T8198] R13: 00007f0ae75b6038 R14: 00007f0ae75b5fa0 R15: 00007ffc84e92558
[  231.768497][ T8198]  </TASK>
[  231.769158][ T8198] ERROR: Out of memory at tomoyo_realpath_from_path.
[  232.283557][ T8218] FAULT_INJECTION: forcing a failure.
[  232.283557][ T8218] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.330870][ T8218] CPU: 0 UID: 0 PID: 8218 Comm: syz.3.574 Not tainted syzkaller #0 PREEMPT(full) 
[  232.330896][ T8218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  232.330906][ T8218] Call Trace:
[  232.330911][ T8218]  <TASK>
[  232.330919][ T8218]  dump_stack_lvl+0x16c/0x1f0
[  232.330944][ T8218]  should_fail_ex+0x512/0x640
[  232.330969][ T8218]  _copy_from_user+0x2e/0xd0
[  232.330993][ T8218]  ucma_bind+0xa6/0x220
[  232.331014][ T8218]  ? __pfx_ucma_bind+0x10/0x10
[  232.331051][ T8218]  ? __pfx_ucma_bind+0x10/0x10
[  232.331072][ T8218]  ucma_write+0x1f8/0x330
[  232.331091][ T8218]  ? __pfx_ucma_write+0x10/0x10
[  232.331109][ T8218]  ? bpf_lsm_file_permission+0x9/0x10
[  232.331132][ T8218]  ? security_file_permission+0x71/0x210
[  232.331159][ T8218]  ? rw_verify_area+0xcf/0x6c0
[  232.331187][ T8218]  ? __pfx_ucma_write+0x10/0x10
[  232.331204][ T8218]  vfs_write+0x29d/0x11d0
[  232.331228][ T8218]  ? __pfx_vfs_write+0x10/0x10
[  232.331244][ T8218]  ? find_held_lock+0x2b/0x80
[  232.331266][ T8218]  ? __fget_files+0x204/0x3c0
[  232.331290][ T8218]  ? __fget_files+0x20e/0x3c0
[  232.331316][ T8218]  ksys_write+0x1f8/0x250
[  232.331334][ T8218]  ? __pfx_ksys_write+0x10/0x10
[  232.331359][ T8218]  do_syscall_64+0xcd/0x4c0
[  232.331382][ T8218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.331400][ T8218] RIP: 0033:0x7f0ae738ebe9
[  232.331414][ T8218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.331431][ T8218] RSP: 002b:00007f0ae8265038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  232.331447][ T8218] RAX: ffffffffffffffda RBX: 00007f0ae75b5fa0 RCX: 00007f0ae738ebe9
[  232.331458][ T8218] RDX: 0000000000000090 RSI: 0000200000000140 RDI: 0000000000000004
[  232.331469][ T8218] RBP: 00007f0ae8265090 R08: 0000000000000000 R09: 0000000000000000
[  232.331479][ T8218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  232.331489][ T8218] R13: 00007f0ae75b6038 R14: 00007f0ae75b5fa0 R15: 00007ffc84e92558
[  232.331512][ T8218]  </TASK>
[  232.841021][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  232.841037][   T30] audit: type=1400 audit(1755899208.097:381): avc:  denied  { bind } for  pid=8225 comm="syz.6.576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  234.240221][ T8256] SELinux:  policydb string SE Li does not match my string SE Linux
[  234.301314][ T8256] SELinux: failed to load policy
[  234.572948][   T30] audit: type=1400 audit(1755899209.827:382): avc:  denied  { create } for  pid=8258 comm="syz.3.582" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  234.641732][ T8267] FAULT_INJECTION: forcing a failure.
[  234.641732][ T8267] name failslab, interval 1, probability 0, space 0, times 0
[  234.733588][ T8267] CPU: 0 UID: 0 PID: 8267 Comm: syz.5.585 Not tainted syzkaller #0 PREEMPT(full) 
[  234.733614][ T8267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  234.733624][ T8267] Call Trace:
[  234.733630][ T8267]  <TASK>
[  234.733637][ T8267]  dump_stack_lvl+0x16c/0x1f0
[  234.733661][ T8267]  should_fail_ex+0x512/0x640
[  234.733681][ T8267]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  234.733702][ T8267]  should_failslab+0xc2/0x120
[  234.733723][ T8267]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  234.733741][ T8267]  ? __alloc_skb+0x2b2/0x380
[  234.733763][ T8267]  __alloc_skb+0x2b2/0x380
[  234.733779][ T8267]  ? __pfx___alloc_skb+0x10/0x10
[  234.733795][ T8267]  ? process_measurement+0x460/0x23e0
[  234.733828][ T8267]  sock_omalloc+0xf5/0x1e0
[  234.733847][ T8267]  msg_zerocopy_realloc+0x200/0x8f0
[  234.733872][ T8267]  tcp_sendmsg_locked+0x342e/0x42a0
[  234.733905][ T8267]  ? avc_has_perm+0x144/0x1f0
[  234.733926][ T8267]  ? __lock_acquire+0xb97/0x1ce0
[  234.733955][ T8267]  ? perf_event_addr_filters_sync+0x28c/0x290
[  234.733983][ T8267]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  234.734010][ T8267]  ? do_raw_spin_lock+0x12c/0x2b0
[  234.734028][ T8267]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  234.734053][ T8267]  ? __local_bh_enable_ip+0xa4/0x120
[  234.734079][ T8267]  tcp_sendmsg+0x2e/0x50
[  234.734100][ T8267]  ? __pfx_tcp_sendmsg+0x10/0x10
[  234.734123][ T8267]  inet_sendmsg+0xb9/0x140
[  234.734150][ T8267]  ____sys_sendmsg+0x973/0xc70
[  234.734173][ T8267]  ? copy_msghdr_from_user+0x10a/0x160
[  234.734192][ T8267]  ? __pfx_____sys_sendmsg+0x10/0x10
[  234.734219][ T8267]  ? __pfx__kstrtoull+0x10/0x10
[  234.734242][ T8267]  ___sys_sendmsg+0x134/0x1d0
[  234.734262][ T8267]  ? __pfx____sys_sendmsg+0x10/0x10
[  234.734294][ T8267]  ? find_held_lock+0x2b/0x80
[  234.734332][ T8267]  __sys_sendmmsg+0x200/0x420
[  234.734353][ T8267]  ? __pfx___sys_sendmmsg+0x10/0x10
[  234.734381][ T8267]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  234.734413][ T8267]  ? fput+0x9b/0xd0
[  234.734437][ T8267]  ? ksys_write+0x1ac/0x250
[  234.734454][ T8267]  ? __pfx_ksys_write+0x10/0x10
[  234.734477][ T8267]  __x64_sys_sendmmsg+0x9c/0x100
[  234.734495][ T8267]  ? lockdep_hardirqs_on+0x7c/0x110
[  234.734512][ T8267]  do_syscall_64+0xcd/0x4c0
[  234.734533][ T8267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.734550][ T8267] RIP: 0033:0x7fdd3f58ebe9
[  234.734563][ T8267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.734581][ T8267] RSP: 002b:00007fdd4038c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  234.734596][ T8267] RAX: ffffffffffffffda RBX: 00007fdd3f7b5fa0 RCX: 00007fdd3f58ebe9
[  234.734607][ T8267] RDX: 0000000000000002 RSI: 0000200000006900 RDI: 0000000000000003
[  234.734616][ T8267] RBP: 00007fdd4038c090 R08: 0000000000000000 R09: 0000000000000000
[  234.734626][ T8267] R10: 0000000004004804 R11: 0000000000000246 R12: 0000000000000001
[  234.734636][ T8267] R13: 00007fdd3f7b6038 R14: 00007fdd3f7b5fa0 R15: 00007ffc926b6cf8
[  234.734658][ T8267]  </TASK>
[  235.226459][ T8269] FAULT_INJECTION: forcing a failure.
[  235.226459][ T8269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.241121][ T8269] CPU: 0 UID: 0 PID: 8269 Comm: syz.4.586 Not tainted syzkaller #0 PREEMPT(full) 
[  235.241145][ T8269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  235.241156][ T8269] Call Trace:
[  235.241162][ T8269]  <TASK>
[  235.241169][ T8269]  dump_stack_lvl+0x16c/0x1f0
[  235.241193][ T8269]  should_fail_ex+0x512/0x640
[  235.241217][ T8269]  _copy_from_iter+0x29f/0x1720
[  235.241247][ T8269]  ? __pfx__copy_from_iter+0x10/0x10
[  235.241270][ T8269]  ? rcu_is_watching+0x12/0xc0
[  235.241292][ T8269]  ? trace_kmalloc+0x2b/0xd0
[  235.241312][ T8269]  ? __kmalloc_noprof+0x242/0x510
[  235.241337][ T8269]  kernfs_fop_write_iter+0x19a/0x510
[  235.241360][ T8269]  vfs_write+0x7d3/0x11d0
[  235.241379][ T8269]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  235.241398][ T8269]  ? __pfx___mutex_lock+0x10/0x10
[  235.241418][ T8269]  ? __pfx_vfs_write+0x10/0x10
[  235.241454][ T8269]  ksys_write+0x12a/0x250
[  235.241472][ T8269]  ? __pfx_ksys_write+0x10/0x10
[  235.241498][ T8269]  do_syscall_64+0xcd/0x4c0
[  235.241520][ T8269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.241544][ T8269] RIP: 0033:0x7fcc3ef8ebe9
[  235.241559][ T8269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  235.241574][ T8269] RSP: 002b:00007fcc3fe8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  235.241591][ T8269] RAX: ffffffffffffffda RBX: 00007fcc3f1b5fa0 RCX: 00007fcc3ef8ebe9
[  235.241602][ T8269] RDX: 0000000000000006 RSI: 0000200000000a40 RDI: 0000000000000006
[  235.241612][ T8269] RBP: 00007fcc3fe8b090 R08: 0000000000000000 R09: 0000000000000000
[  235.241622][ T8269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.241632][ T8269] R13: 00007fcc3f1b6038 R14: 00007fcc3f1b5fa0 R15: 00007ffd802fe7f8
[  235.241656][ T8269]  </TASK>
[  235.681166][   T30] audit: type=1400 audit(1755899210.947:383): avc:  denied  { write } for  pid=8272 comm="syz.1.587" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  235.729871][  T976] IPVS: starting estimator thread 0...
[  235.749337][   T30] audit: type=1400 audit(1755899210.997:384): avc:  denied  { open } for  pid=8272 comm="syz.1.587" path="/129/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  235.862284][ T8279] IPVS: using max 41 ests per chain, 98400 per kthread
[  235.967835][ T8286] binder: 8285:8286 ioctl c0306201 2000000001c0 returned -14
[  235.970670][  T976] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  235.990725][   T30] audit: type=1400 audit(1755899211.227:385): avc:  denied  { map } for  pid=8285 comm="syz.6.591" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  236.311023][  T976] usb 2-1: Using ep0 maxpacket: 16
[  236.326559][  T976] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  236.360939][  T976] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  236.409616][  T976] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  236.417884][   T30] audit: type=1400 audit(1755899211.227:386): avc:  denied  { execute } for  pid=8285 comm="syz.6.591" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  236.472379][ T8298] netlink: 'syz.6.592': attribute type 10 has an invalid length.
[  236.495032][  T976] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  236.514064][  T976] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  236.537910][   T30] audit: type=1400 audit(1755899211.727:387): avc:  denied  { ioctl } for  pid=8294 comm="syz.6.592" path="socket:[19988]" dev="sockfs" ino=19988 ioctlcmd=0x9418 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  236.564650][  T976] usb 2-1: config 0 has no interface number 0
[  236.582347][ T8298] veth0_vlan: left promiscuous mode
[  236.598798][  T976] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  236.662213][ T8298] veth0_vlan: entered promiscuous mode
[  236.675333][  T976] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  236.684582][ T8298] team0: Device veth0_vlan failed to register rx_handler
[  236.692806][  T976] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  236.709027][  T976] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  236.737066][   T30] audit: type=1400 audit(1755899211.997:388): avc:  denied  { unlink } for  pid=5856 comm="syz-executor" name="file0" dev="tmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  236.806930][  T976] usb 2-1: config 0 interface 125 has no altsetting 2
[  236.960730][  T976] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  236.969911][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.496171][   T30] audit: type=1400 audit(1755899212.487:389): avc:  denied  { bind } for  pid=8301 comm="syz.3.593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  237.497408][  T976] usb 2-1: Product: syz
[  237.521631][  T976] usb 2-1: Manufacturer: syz
[  237.527121][  T976] usb 2-1: SerialNumber: syz
[  237.589956][  T976] usb 2-1: config 0 descriptor??
[  237.608024][  T976] usb 2-1: selecting invalid altsetting 2
[  237.829097][  T976] usb 2-1: USB disconnect, device number 5
[  237.871141][ T6022] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  238.053423][ T8316] netlink: 'syz.3.598': attribute type 12 has an invalid length.
[  238.061351][ T8316] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.598'.
[  238.121967][ T6022] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  238.168885][ T6022] usb 5-1: config 0 interface 0 has no altsetting 0
[  238.199870][ T6022] usb 5-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  238.227191][ T6022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.238754][ T6022] usb 5-1: config 0 descriptor??
[  239.086023][ T6022] usbhid 5-1:0.0: can't add hid device: -71
[  239.095968][ T6022] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  239.108487][ T6022] usb 5-1: USB disconnect, device number 7
[  239.355718][ T8339] CUSE: unknown device info ""
[  239.360747][ T8339] CUSE: zero length info key specified
[  239.789285][ T5852] Bluetooth: hci1: command 0x0405 tx timeout
[  240.172881][   T30] audit: type=1400 audit(1755899215.417:390): avc:  denied  { watch watch_reads } for  pid=8341 comm="syz.1.604" path=2F6D656D66643A2D42D54E49C56A9A707070F00884313519FC6274A26D070B18202864656C6574656429 dev="tmpfs" ino=1067 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  240.490899][  T976] usb 2-1: new low-speed USB device number 6 using dummy_hcd
[  240.522497][ T8359] netlink: 'syz.4.608': attribute type 1 has an invalid length.
[  240.530149][ T8359] netlink: 228 bytes leftover after parsing attributes in process `syz.4.608'.
[  240.651713][ T8359] netlink: 96 bytes leftover after parsing attributes in process `syz.4.608'.
[  240.861717][  T976] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  240.872717][  T976] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  240.908829][  T976] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  241.033891][  T976] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  241.106513][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  241.133513][  T976] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  241.180857][  T976] usb 2-1: string descriptor 0 read error: -22
[  241.187574][  T976] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  241.226794][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.274506][  T976] usb 2-1: config 0 descriptor??
[  241.288502][ T8343] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  241.306147][  T976] hub 2-1:0.0: bad descriptor, ignoring hub
[  241.328131][  T976] hub 2-1:0.0: probe with driver hub failed with error -5
[  241.446313][  T976] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input13
[  241.571006][   T30] audit: type=1400 audit(1755899216.837:391): avc:  denied  { read } for  pid=5206 comm="acpid" name="mouse1" dev="devtmpfs" ino=4381 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  241.603691][   T30] audit: type=1400 audit(1755899216.837:392): avc:  denied  { open } for  pid=5206 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=4381 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  241.675634][ T8382] CUSE: unknown device info ""
[  241.680520][ T8382] CUSE: zero length info key specified
[  242.371520][   T30] audit: type=1400 audit(1755899216.857:393): avc:  denied  { ioctl } for  pid=5206 comm="acpid" path="/dev/input/mouse1" dev="devtmpfs" ino=4381 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  242.485333][   T30] audit: type=1400 audit(1755899217.747:394): avc:  denied  { connect } for  pid=8385 comm="syz.3.616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  243.550864][   T30] audit: type=1400 audit(1755899217.747:395): avc:  denied  { bind } for  pid=8385 comm="syz.3.616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  243.619567][ T8396] FAULT_INJECTION: forcing a failure.
[  243.619567][ T8396] name failslab, interval 1, probability 0, space 0, times 0
[  243.686663][   T30] audit: type=1400 audit(1755899217.747:396): avc:  denied  { setopt } for  pid=8385 comm="syz.3.616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  243.711614][ T8396] CPU: 1 UID: 0 PID: 8396 Comm: syz.6.619 Not tainted syzkaller #0 PREEMPT(full) 
[  243.711640][ T8396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  243.711651][ T8396] Call Trace:
[  243.711657][ T8396]  <TASK>
[  243.711664][ T8396]  dump_stack_lvl+0x16c/0x1f0
[  243.711688][ T8396]  should_fail_ex+0x512/0x640
[  243.711707][ T8396]  ? fs_reclaim_acquire+0xae/0x150
[  243.711732][ T8396]  ? tomoyo_encode2+0x100/0x3e0
[  243.711756][ T8396]  should_failslab+0xc2/0x120
[  243.711774][ T8396]  __kmalloc_noprof+0xd2/0x510
[  243.711797][ T8396]  tomoyo_encode2+0x100/0x3e0
[  243.711824][ T8396]  tomoyo_encode+0x29/0x50
[  243.711848][ T8396]  tomoyo_realpath_from_path+0x18f/0x6e0
[  243.711874][ T8396]  ? tomoyo_profile+0x47/0x60
[  243.711893][ T8396]  tomoyo_path_number_perm+0x245/0x580
[  243.711915][ T8396]  ? tomoyo_path_number_perm+0x237/0x580
[  243.711938][ T8396]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  243.711962][ T8396]  ? find_held_lock+0x2b/0x80
[  243.712006][ T8396]  ? find_held_lock+0x2b/0x80
[  243.712026][ T8396]  ? hook_file_ioctl_common+0x145/0x410
[  243.712050][ T8396]  ? __fget_files+0x20e/0x3c0
[  243.712074][ T8396]  security_file_ioctl+0x9b/0x240
[  243.712101][ T8396]  __x64_sys_ioctl+0xb7/0x210
[  243.712130][ T8396]  do_syscall_64+0xcd/0x4c0
[  243.712151][ T8396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  243.712169][ T8396] RIP: 0033:0x7f2410d8ebe9
[  243.712183][ T8396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  243.712201][ T8396] RSP: 002b:00007f2411be4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  243.712217][ T8396] RAX: ffffffffffffffda RBX: 00007f2410fb5fa0 RCX: 00007f2410d8ebe9
[  243.712228][ T8396] RDX: 0000200000000280 RSI: 000000008010aa02 RDI: 0000000000000003
[  243.712238][ T8396] RBP: 00007f2411be4090 R08: 0000000000000000 R09: 0000000000000000
[  243.712248][ T8396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  243.712258][ T8396] R13: 00007f2410fb6038 R14: 00007f2410fb5fa0 R15: 00007ffc469b21d8
[  243.712282][ T8396]  </TASK>
[  243.712776][ T8396] ERROR: Out of memory at tomoyo_realpath_from_path.
[  243.753423][   T30] audit: type=1400 audit(1755899217.747:397): avc:  denied  { write } for  pid=8385 comm="syz.3.616" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  244.035210][  T979] usb 2-1: USB disconnect, device number 6
[  244.408340][ T8409] FAULT_INJECTION: forcing a failure.
[  244.408340][ T8409] name failslab, interval 1, probability 0, space 0, times 0
[  244.421249][ T8409] CPU: 1 UID: 0 PID: 8409 Comm: syz.3.621 Not tainted syzkaller #0 PREEMPT(full) 
[  244.421272][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  244.421283][ T8409] Call Trace:
[  244.421289][ T8409]  <TASK>
[  244.421295][ T8409]  dump_stack_lvl+0x16c/0x1f0
[  244.421320][ T8409]  should_fail_ex+0x512/0x640
[  244.421340][ T8409]  ? __kmalloc_noprof+0xbf/0x510
[  244.421360][ T8409]  ? io_cache_alloc_new+0x45/0xf0
[  244.421380][ T8409]  should_failslab+0xc2/0x120
[  244.421401][ T8409]  __kmalloc_noprof+0xd2/0x510
[  244.421419][ T8409]  ? mark_held_locks+0x49/0x80
[  244.421451][ T8409]  io_cache_alloc_new+0x45/0xf0
[  244.421472][ T8409]  io_msg_alloc_async+0x1c3/0x3a0
[  244.421493][ T8409]  io_connect_prep+0x228/0x350
[  244.421515][ T8409]  io_submit_sqes+0x850/0x25c0
[  244.421548][ T8409]  __do_sys_io_uring_enter+0xd6a/0x1630
[  244.421571][ T8409]  ? __fget_files+0x20e/0x3c0
[  244.421591][ T8409]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  244.421612][ T8409]  ? fput+0x9b/0xd0
[  244.421635][ T8409]  ? ksys_write+0x1ac/0x250
[  244.421653][ T8409]  ? __pfx_ksys_write+0x10/0x10
[  244.421679][ T8409]  do_syscall_64+0xcd/0x4c0
[  244.421708][ T8409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.421726][ T8409] RIP: 0033:0x7f0ae738ebe9
[  244.421741][ T8409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.421758][ T8409] RSP: 002b:00007f0ae8223038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  244.421776][ T8409] RAX: ffffffffffffffda RBX: 00007f0ae75b6180 RCX: 00007f0ae738ebe9
[  244.421787][ T8409] RDX: 0000000000000000 RSI: 00000000000047f6 RDI: 0000000000000005
[  244.421798][ T8409] RBP: 00007f0ae8223090 R08: 0000000000000000 R09: 0000000000000000
[  244.421808][ T8409] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  244.421818][ T8409] R13: 00007f0ae75b6218 R14: 00007f0ae75b6180 R15: 00007ffc84e92558
[  244.421843][ T8409]  </TASK>
[  245.347417][ T8424] IPVS: stopping backup sync thread 8430 ...
[  246.100684][ T8444] FAULT_INJECTION: forcing a failure.
[  246.100684][ T8444] name failslab, interval 1, probability 0, space 0, times 0
[  246.178323][ T8444] CPU: 1 UID: 0 PID: 8444 Comm: syz.5.628 Not tainted syzkaller #0 PREEMPT(full) 
[  246.178348][ T8444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  246.178358][ T8444] Call Trace:
[  246.178364][ T8444]  <TASK>
[  246.178371][ T8444]  dump_stack_lvl+0x16c/0x1f0
[  246.178394][ T8444]  should_fail_ex+0x512/0x640
[  246.178413][ T8444]  ? fs_reclaim_acquire+0xae/0x150
[  246.178438][ T8444]  ? tomoyo_encode2+0x100/0x3e0
[  246.178460][ T8444]  should_failslab+0xc2/0x120
[  246.178480][ T8444]  __kmalloc_noprof+0xd2/0x510
[  246.178497][ T8444]  ? d_absolute_path+0x136/0x1a0
[  246.178524][ T8444]  tomoyo_encode2+0x100/0x3e0
[  246.178552][ T8444]  tomoyo_encode+0x29/0x50
[  246.178574][ T8444]  tomoyo_realpath_from_path+0x18f/0x6e0
[  246.178605][ T8444]  tomoyo_path_number_perm+0x245/0x580
[  246.178624][ T8444]  ? tomoyo_path_number_perm+0x237/0x580
[  246.178665][ T8444]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  246.178711][ T8444]  ? find_held_lock+0x2b/0x80
[  246.178731][ T8444]  ? hook_file_ioctl_common+0x145/0x410
[  246.178754][ T8444]  ? __fget_files+0x20e/0x3c0
[  246.178775][ T8444]  security_file_ioctl+0x9b/0x240
[  246.178800][ T8444]  __x64_sys_ioctl+0xb7/0x210
[  246.178827][ T8444]  do_syscall_64+0xcd/0x4c0
[  246.178848][ T8444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.178866][ T8444] RIP: 0033:0x7fdd3f58ebe9
[  246.178881][ T8444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.178897][ T8444] RSP: 002b:00007fdd4036b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.178914][ T8444] RAX: ffffffffffffffda RBX: 00007fdd3f7b6090 RCX: 00007fdd3f58ebe9
[  246.178925][ T8444] RDX: 0000200000000040 RSI: 0000000040045612 RDI: 0000000000000003
[  246.178936][ T8444] RBP: 00007fdd4036b090 R08: 0000000000000000 R09: 0000000000000000
[  246.178945][ T8444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.178956][ T8444] R13: 00007fdd3f7b6128 R14: 00007fdd3f7b6090 R15: 00007ffc926b6cf8
[  246.178979][ T8444]  </TASK>
[  246.231309][ T8444] ERROR: Out of memory at tomoyo_realpath_from_path.
[  246.406884][ T8452] PKCS7: Unknown OID: [5] (bad)
[  246.411973][ T8452] PKCS7: Only support pkcs7_signedData type
[  246.420960][ T8452] netlink: 'syz.6.630': attribute type 2 has an invalid length.
[  246.430685][ T8452] netlink: 68 bytes leftover after parsing attributes in process `syz.6.630'.
[  246.949791][ T8465] netlink: 20 bytes leftover after parsing attributes in process `syz.1.631'.
[  247.543039][ T8469] SELinux:  policydb version 0 does not match my version range 15-35
[  247.554627][ T8469] SELinux: failed to load policy
[  248.480707][  T979] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  248.829919][ T8485] netlink: 8 bytes leftover after parsing attributes in process `syz.5.639'.
[  248.881417][  T979] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  248.932223][  T979] usb 7-1: config 0 interface 0 has no altsetting 0
[  248.966845][  T979] usb 7-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  248.997530][  T979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.119731][  T979] usb 7-1: config 0 descriptor??
[  250.456005][  T979] usbhid 7-1:0.0: can't add hid device: -71
[  250.539142][  T979] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  250.542563][   T30] audit: type=1400 audit(1755899225.797:398): avc:  denied  { write } for  pid=8508 comm="syz.1.645" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  250.712168][  T979] usb 7-1: USB disconnect, device number 3
[  251.577870][   T30] audit: type=1400 audit(1755899226.817:399): avc:  denied  { create } for  pid=8511 comm="syz.3.647" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  251.807229][   T30] audit: type=1400 audit(1755899226.817:400): avc:  denied  { ioctl } for  pid=8511 comm="syz.3.647" path="socket:[21681]" dev="sockfs" ino=21681 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  252.496673][ T8534] process 'syz.5.653' launched './file2' with NULL argv: empty string added
[  252.517602][   T30] audit: type=1400 audit(1755899227.767:401): avc:  denied  { execute_no_trans } for  pid=8533 comm="syz.5.653" path="/42/file2" dev="tmpfs" ino=237 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  252.534446][ T8535] netlink: 20 bytes leftover after parsing attributes in process `syz.1.649'.
[  252.710635][    T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  252.870743][    T9] usb 7-1: Using ep0 maxpacket: 32
[  252.885530][    T9] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.905575][    T9] usb 7-1: config 0 interface 0 has no altsetting 0
[  252.926932][   T30] audit: type=1400 audit(1755899228.187:402): avc:  denied  { read } for  pid=8538 comm="syz.3.654" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  252.960410][    T9] usb 7-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  252.971237][ T8539] Bluetooth: MGMT ver 1.23
[  252.971249][    T9] usb 7-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  253.005913][    T9] usb 7-1: Product: syz
[  253.011622][   T30] audit: type=1400 audit(1755899228.187:403): avc:  denied  { open } for  pid=8538 comm="syz.3.654" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  253.053658][    T9] usb 7-1: config 0 descriptor??
[  253.278660][ T5958] usb 4-1: new low-speed USB device number 6 using dummy_hcd
[  253.438417][ T5958] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  253.464864][    T9] waterforce 0003:1044:7A4D.0005: unknown main item tag 0x0
[  254.241294][    T9] waterforce 0003:1044:7A4D.0005: unknown main item tag 0x0
[  254.250357][    T9] waterforce 0003:1044:7A4D.0005: unknown main item tag 0x0
[  254.258455][    T9] waterforce 0003:1044:7A4D.0005: unknown main item tag 0x0
[  254.265021][ T5958] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  254.265849][    T9] waterforce 0003:1044:7A4D.0005: unknown main item tag 0x0
[  254.299544][    T9] waterforce 0003:1044:7A4D.0005: hidraw0: USB HID v0.05 Device [syz] on usb-dummy_hcd.6-1/input0
[  254.341027][ T5958] usb 4-1: config 0 has no interface number 0
[  254.355911][ T5958] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  254.370950][    T9] waterforce 0003:1044:7A4D.0005: fw version request failed with -38
[  254.380086][ T8549] netlink: 32 bytes leftover after parsing attributes in process `syz.1.657'.
[  254.392210][ T5958] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  254.442945][    T9] usb 7-1: USB disconnect, device number 4
[  254.458815][ T5958] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  254.479801][ T5958] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.511803][ T8553] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  254.542823][ T8553] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  254.641246][   T30] audit: type=1400 audit(1755899229.767:404): avc:  denied  { create } for  pid=8548 comm="syz.1.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  254.844369][   T30] audit: type=1400 audit(1755899229.777:405): avc:  denied  { bind } for  pid=8548 comm="syz.1.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  254.880331][ T5958] usb 4-1: config 0 descriptor??
[  254.910479][   T30] audit: type=1400 audit(1755899229.777:406): avc:  denied  { setopt } for  pid=8548 comm="syz.1.657" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  255.119622][ T8555] fido_id[8555]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  255.252640][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.259086][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  255.818174][ T5958] usb 4-1: USB disconnect, device number 6
[  256.000786][    T9] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  256.150703][    T9] usb 6-1: Using ep0 maxpacket: 8
[  256.170750][    T9] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  256.203463][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.231039][    T9] usb 6-1: Product: syz
[  256.242411][    T9] usb 6-1: Manufacturer: syz
[  256.248214][    T9] usb 6-1: SerialNumber: syz
[  256.260765][ T6022] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  256.272093][    T9] usb 6-1: config 0 descriptor??
[  256.302067][    T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  256.323773][    T9] usb 6-1: setting power ON
[  256.351954][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  256.395813][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  256.437789][    T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  256.470404][ T6022] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  256.524476][    T9] usb 6-1: media controller created
[  256.539869][ T8567] dvb-usb: bulk message failed: -22 (3/0)
[  256.555231][ T8567] cxusb: i2c rd: len=142 is too big!
[  256.555231][ T8567] 
[  256.649873][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  256.729404][    T9] usb 6-1: selecting invalid altsetting 6
[  256.745002][    T9] usb 6-1: digital interface selection failed (-22)
[  256.766269][    T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  256.775990][ T6022] usb 5-1: config 0 interface 0 has no altsetting 0
[  256.787889][    T9] usb 6-1: setting power OFF
[  256.795334][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  256.804301][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  256.836797][ T6022] usb 5-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  256.844793][    T9] (NULL device *): no alternate interface
[  256.932533][ T6022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.012157][   T30] audit: type=1400 audit(1755899232.257:407): avc:  denied  { read } for  pid=8578 comm="syz.1.665" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  257.045840][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  257.074547][ T6022] usb 5-1: config 0 descriptor??
[  257.194092][    T9] usb 6-1: USB disconnect, device number 7
[  257.227410][   T30] audit: type=1400 audit(1755899232.257:408): avc:  denied  { open } for  pid=8578 comm="syz.1.665" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  258.172058][ T6022] usbhid 5-1:0.0: can't add hid device: -71
[  258.178048][ T6022] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  258.225164][ T8581] input: syz0 as /devices/virtual/input/input16
[  258.234448][ T8577] team0: No ports can be present during mode change
[  258.253162][ T6022] usb 5-1: USB disconnect, device number 8
[  258.288855][ T8577] netlink: 'syz.3.664': attribute type 10 has an invalid length.
[  258.335413][ T8577] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.343687][ T8577] team0: Port device bond0 added
[  258.419209][ T8577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.664'.
[  258.627028][ T8577] team0 (unregistering): Port device team_slave_0 removed
[  258.643749][ T8577] team0 (unregistering): Port device team_slave_1 removed
[  258.687135][ T8577] team0 (unregistering): Port device bond0 removed
[  259.638848][ T8596] FAULT_INJECTION: forcing a failure.
[  259.638848][ T8596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.653953][ T8596] CPU: 0 UID: 0 PID: 8596 Comm: syz.6.669 Not tainted syzkaller #0 PREEMPT(full) 
[  259.653978][ T8596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  259.653989][ T8596] Call Trace:
[  259.653995][ T8596]  <TASK>
[  259.654002][ T8596]  dump_stack_lvl+0x16c/0x1f0
[  259.654026][ T8596]  should_fail_ex+0x512/0x640
[  259.654050][ T8596]  _copy_from_user+0x2e/0xd0
[  259.654074][ T8596]  move_addr_to_kernel+0x65/0x170
[  259.654100][ T8596]  __copy_msghdr+0x386/0x470
[  259.654118][ T8596]  copy_msghdr_from_user+0xc1/0x160
[  259.654136][ T8596]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  259.654159][ T8596]  ? __pfx__kstrtoull+0x10/0x10
[  259.654180][ T8596]  ___sys_sendmsg+0xfe/0x1d0
[  259.654201][ T8596]  ? __pfx____sys_sendmsg+0x10/0x10
[  259.654231][ T8596]  ? find_held_lock+0x2b/0x80
[  259.654269][ T8596]  __sys_sendmmsg+0x200/0x420
[  259.654290][ T8596]  ? __pfx___sys_sendmmsg+0x10/0x10
[  259.654316][ T8596]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  259.654347][ T8596]  ? fput+0x9b/0xd0
[  259.654371][ T8596]  ? ksys_write+0x1ac/0x250
[  259.654389][ T8596]  ? __pfx_ksys_write+0x10/0x10
[  259.654411][ T8596]  __x64_sys_sendmmsg+0x9c/0x100
[  259.654429][ T8596]  ? lockdep_hardirqs_on+0x7c/0x110
[  259.654447][ T8596]  do_syscall_64+0xcd/0x4c0
[  259.654468][ T8596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.654486][ T8596] RIP: 0033:0x7f2410d8ebe9
[  259.654500][ T8596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.654521][ T8596] RSP: 002b:00007f2411be4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  259.654539][ T8596] RAX: ffffffffffffffda RBX: 00007f2410fb5fa0 RCX: 00007f2410d8ebe9
[  259.654550][ T8596] RDX: 0000000000068000 RSI: 0000200000000f40 RDI: 0000000000000003
[  259.654567][ T8596] RBP: 00007f2411be4090 R08: 0000000000000000 R09: 0000000000000000
[  259.654577][ T8596] R10: 000000000000e000 R11: 0000000000000246 R12: 0000000000000001
[  259.654587][ T8596] R13: 00007f2410fb6038 R14: 00007f2410fb5fa0 R15: 00007ffc469b21d8
[  259.654611][ T8596]  </TASK>
[  259.863623][    C0] vkms_vblank_simulate: vblank timer overrun
[  261.135867][ T8614] FAULT_INJECTION: forcing a failure.
[  261.135867][ T8614] name failslab, interval 1, probability 0, space 0, times 0
[  261.234765][ T8616] fuse: Bad value for 'fd'
[  261.270770][ T8614] CPU: 1 UID: 0 PID: 8614 Comm: syz.4.674 Not tainted syzkaller #0 PREEMPT(full) 
[  261.270797][ T8614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  261.270808][ T8614] Call Trace:
[  261.270816][ T8614]  <TASK>
[  261.270823][ T8614]  dump_stack_lvl+0x16c/0x1f0
[  261.270848][ T8614]  should_fail_ex+0x512/0x640
[  261.270868][ T8614]  ? fs_reclaim_acquire+0xae/0x150
[  261.270894][ T8614]  ? tomoyo_encode2+0x100/0x3e0
[  261.270919][ T8614]  should_failslab+0xc2/0x120
[  261.270940][ T8614]  __kmalloc_noprof+0xd2/0x510
[  261.270958][ T8614]  ? d_absolute_path+0x136/0x1a0
[  261.270989][ T8614]  tomoyo_encode2+0x100/0x3e0
[  261.271019][ T8614]  tomoyo_encode+0x29/0x50
[  261.271043][ T8614]  tomoyo_realpath_from_path+0x18f/0x6e0
[  261.271077][ T8614]  tomoyo_path_number_perm+0x245/0x580
[  261.271099][ T8614]  ? tomoyo_path_number_perm+0x237/0x580
[  261.271124][ T8614]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  261.271147][ T8614]  ? find_held_lock+0x2b/0x80
[  261.271193][ T8614]  ? find_held_lock+0x2b/0x80
[  261.271210][ T8614]  ? hook_file_ioctl_common+0x145/0x410
[  261.271234][ T8614]  ? __fget_files+0x20e/0x3c0
[  261.271260][ T8614]  security_file_ioctl+0x9b/0x240
[  261.271288][ T8614]  __x64_sys_ioctl+0xb7/0x210
[  261.271317][ T8614]  do_syscall_64+0xcd/0x4c0
[  261.271339][ T8614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.271358][ T8614] RIP: 0033:0x7fcc3ef8ebe9
[  261.271372][ T8614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.271390][ T8614] RSP: 002b:00007fcc3fe8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  261.271408][ T8614] RAX: ffffffffffffffda RBX: 00007fcc3f1b5fa0 RCX: 00007fcc3ef8ebe9
[  261.271419][ T8614] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  261.271430][ T8614] RBP: 00007fcc3fe8b090 R08: 0000000000000000 R09: 0000000000000000
[  261.271448][ T8614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  261.271458][ T8614] R13: 00007fcc3f1b6038 R14: 00007fcc3f1b5fa0 R15: 00007ffd802fe7f8
[  261.271483][ T8614]  </TASK>
[  261.271535][ T8614] ERROR: Out of memory at tomoyo_realpath_from_path.
[  264.001219][ T8636] SELinux: failed to load policy
[  264.130926][ T5904] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  264.139025][  T976] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  264.293071][ T5904] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  264.307233][  T976] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  264.348239][  T976] usb 6-1: config 0 interface 0 has no altsetting 0
[  264.357229][ T5904] usb 4-1: config 0 interface 0 has no altsetting 0
[  264.364993][  T976] usb 6-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  264.366555][ T8641] team0: No ports can be present during mode change
[  264.374173][ T5904] usb 4-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  264.400819][ T8641] netlink: 4 bytes leftover after parsing attributes in process `syz.6.682'.
[  264.409792][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.417993][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.433042][  T976] usb 6-1: config 0 descriptor??
[  264.440092][ T5904] usb 4-1: config 0 descriptor??
[  264.830013][ T5904] usbhid 4-1:0.0: can't add hid device: -71
[  264.836129][ T5904] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  264.890714][ T5904] usb 4-1: USB disconnect, device number 7
[  264.913075][ T8641] team0 (unregistering): Port device team_slave_0 removed
[  264.952879][  T976] usbhid 6-1:0.0: can't add hid device: -71
[  264.974299][  T976] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  264.986866][ T8641] team0 (unregistering): Port device team_slave_1 removed
[  265.019756][  T976] usb 6-1: USB disconnect, device number 8
[  265.302962][ T8653] FAULT_INJECTION: forcing a failure.
[  265.302962][ T8653] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.316265][ T8653] CPU: 1 UID: 0 PID: 8653 Comm: syz.4.686 Not tainted syzkaller #0 PREEMPT(full) 
[  265.316289][ T8653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  265.316299][ T8653] Call Trace:
[  265.316305][ T8653]  <TASK>
[  265.316312][ T8653]  dump_stack_lvl+0x16c/0x1f0
[  265.316335][ T8653]  should_fail_ex+0x512/0x640
[  265.316358][ T8653]  _copy_from_user+0x2e/0xd0
[  265.316382][ T8653]  copy_msghdr_from_user+0x98/0x160
[  265.316407][ T8653]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  265.316437][ T8653]  ___sys_sendmsg+0xfe/0x1d0
[  265.316458][ T8653]  ? __pfx____sys_sendmsg+0x10/0x10
[  265.316506][ T8653]  __sys_sendmsg+0x16d/0x220
[  265.316524][ T8653]  ? __pfx___sys_sendmsg+0x10/0x10
[  265.316558][ T8653]  do_syscall_64+0xcd/0x4c0
[  265.316579][ T8653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.316597][ T8653] RIP: 0033:0x7fcc3ef8ebe9
[  265.316611][ T8653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.316627][ T8653] RSP: 002b:00007fcc3fe8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  265.316643][ T8653] RAX: ffffffffffffffda RBX: 00007fcc3f1b5fa0 RCX: 00007fcc3ef8ebe9
[  265.316655][ T8653] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  265.316664][ T8653] RBP: 00007fcc3fe8b090 R08: 0000000000000000 R09: 0000000000000000
[  265.316674][ T8653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.316684][ T8653] R13: 00007fcc3f1b6038 R14: 00007fcc3f1b5fa0 R15: 00007ffd802fe7f8
[  265.316706][ T8653]  </TASK>
[  265.476119][    C1] vkms_vblank_simulate: vblank timer overrun
[  265.493050][ T8654] SELinux:  policydb magic number 0x3ae2025c does not match expected magic number 0xf97cff8c
[  265.503337][ T8654] SELinux: failed to load policy
[  265.858170][ T8664] CUSE: unknown device info ""
[  265.863151][ T8664] CUSE: zero length info key specified
[  266.550608][   T30] audit: type=1400 audit(1755899241.777:409): avc:  denied  { append } for  pid=8667 comm="syz.4.690" name="video1" dev="devtmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  266.573838][ T6022] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  266.656884][ T8677] binder: Bad value for 'max'
[  266.990658][ T6022] usb 4-1: Using ep0 maxpacket: 8
[  267.085381][ T6022] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  267.095764][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  267.109479][ T6022] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.121690][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  267.194713][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  267.197632][ T6022] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  267.197672][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  267.197699][ T6022] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.197722][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  267.197746][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  267.198656][ T6022] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  267.198693][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  267.198717][ T6022] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  267.198740][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  267.198764][ T6022] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  267.233147][ T6022] usb 4-1: string descriptor 0 read error: -22
[  267.233252][ T6022] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  267.233274][ T6022] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.299630][ T6022] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  267.501240][ T6022] usb 4-1: USB disconnect, device number 8
[  267.934552][ T8694] team0: No ports can be present during mode change
[  267.936117][ T8694] netlink: 4 bytes leftover after parsing attributes in process `syz.4.696'.
[  269.088813][ T8694] team0 (unregistering): Port device team_slave_0 removed
[  269.163019][ T8694] team0 (unregistering): Port device team_slave_1 removed
[  269.313731][ T8710] syz_tun: entered allmulticast mode
[  269.400764][  T976] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  269.462103][ T8708] syz_tun: left allmulticast mode
[  269.546512][   T30] audit: type=1400 audit(1755899244.807:410): avc:  denied  { bind } for  pid=8711 comm="syz.1.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  269.551500][ T8713] syz.1.701 uses obsolete (PF_INET,SOCK_PACKET)
[  269.573520][  T976] usb 7-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  269.605128][   T30] audit: type=1400 audit(1755899244.867:411): avc:  denied  { read } for  pid=8711 comm="syz.1.701" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  269.605663][  T976] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  269.671745][  T976] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  269.693097][  T976] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  269.702362][  T976] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.721279][ T8707] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  269.732534][ T8715] FAULT_INJECTION: forcing a failure.
[  269.732534][ T8715] name failslab, interval 1, probability 0, space 0, times 0
[  269.746210][ T8715] CPU: 0 UID: 0 PID: 8715 Comm: syz.3.702 Not tainted syzkaller #0 PREEMPT(full) 
[  269.746233][ T8715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  269.746244][ T8715] Call Trace:
[  269.746250][ T8715]  <TASK>
[  269.746257][ T8715]  dump_stack_lvl+0x16c/0x1f0
[  269.746281][ T8715]  should_fail_ex+0x512/0x640
[  269.746304][ T8715]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  269.746326][ T8715]  should_failslab+0xc2/0x120
[  269.746352][ T8715]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  269.746371][ T8715]  ? __alloc_skb+0x2b2/0x380
[  269.746389][ T8715]  ? avc_has_perm+0x144/0x1f0
[  269.746408][ T8715]  __alloc_skb+0x2b2/0x380
[  269.746425][ T8715]  ? __pfx___alloc_skb+0x10/0x10
[  269.746440][ T8715]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  269.746463][ T8715]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  269.746493][ T8715]  netlink_alloc_large_skb+0x69/0x130
[  269.746515][ T8715]  netlink_sendmsg+0x6a1/0xdd0
[  269.746539][ T8715]  ? __pfx_netlink_sendmsg+0x10/0x10
[  269.746569][ T8715]  ____sys_sendmsg+0xa95/0xc70
[  269.746592][ T8715]  ? copy_msghdr_from_user+0x10a/0x160
[  269.746610][ T8715]  ? __pfx_____sys_sendmsg+0x10/0x10
[  269.746645][ T8715]  ___sys_sendmsg+0x134/0x1d0
[  269.746665][ T8715]  ? __pfx____sys_sendmsg+0x10/0x10
[  269.746715][ T8715]  __sys_sendmsg+0x16d/0x220
[  269.746733][ T8715]  ? __pfx___sys_sendmsg+0x10/0x10
[  269.746767][ T8715]  do_syscall_64+0xcd/0x4c0
[  269.746789][ T8715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.746807][ T8715] RIP: 0033:0x7f0ae738ebe9
[  269.746820][ T8715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.746837][ T8715] RSP: 002b:00007f0ae8265038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  269.746854][ T8715] RAX: ffffffffffffffda RBX: 00007f0ae75b5fa0 RCX: 00007f0ae738ebe9
[  269.746866][ T8715] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  269.746876][ T8715] RBP: 00007f0ae8265090 R08: 0000000000000000 R09: 0000000000000000
[  269.746887][ T8715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.746897][ T8715] R13: 00007f0ae75b6038 R14: 00007f0ae75b5fa0 R15: 00007ffc84e92558
[  269.746920][ T8715]  </TASK>
[  270.473038][   T30] audit: type=1326 audit(1755899245.737:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8731 comm="syz.1.707" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6cceb8ebe9 code=0x0
[  270.495634][    C1] vkms_vblank_simulate: vblank timer overrun
[  270.537055][ T8734] FAULT_INJECTION: forcing a failure.
[  270.537055][ T8734] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  270.554726][ T8734] CPU: 0 UID: 0 PID: 8734 Comm: syz.1.707 Not tainted syzkaller #0 PREEMPT(full) 
[  270.554749][ T8734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  270.554759][ T8734] Call Trace:
[  270.554765][ T8734]  <TASK>
[  270.554772][ T8734]  dump_stack_lvl+0x16c/0x1f0
[  270.554795][ T8734]  should_fail_ex+0x512/0x640
[  270.554819][ T8734]  strncpy_from_user+0x3b/0x2e0
[  270.554840][ T8734]  getname_flags.part.0+0x8f/0x550
[  270.554868][ T8734]  getname_flags+0x93/0xf0
[  270.554886][ T8734]  user_path_at+0x24/0x60
[  270.554905][ T8734]  __x64_sys_truncate+0xf6/0x1e0
[  270.554926][ T8734]  ? __pfx___x64_sys_truncate+0x10/0x10
[  270.554952][ T8734]  do_syscall_64+0xcd/0x4c0
[  270.554973][ T8734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  270.554991][ T8734] RIP: 0033:0x7f6cceb8ebe9
[  270.555005][ T8734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  270.555022][ T8734] RSP: 002b:00007f6ccf940038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
[  270.555039][ T8734] RAX: ffffffffffffffda RBX: 00007f6ccedb6090 RCX: 00007f6cceb8ebe9
[  270.555051][ T8734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[  270.555061][ T8734] RBP: 00007f6ccf940090 R08: 0000000000000000 R09: 0000000000000000
[  270.555071][ T8734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  270.555081][ T8734] R13: 00007f6ccedb6128 R14: 00007f6ccedb6090 R15: 00007ffff11f3488
[  270.555105][ T8734]  </TASK>
[  270.722144][  T976] aiptek 7-1:17.0: Aiptek using 400 ms programming speed
[  270.730960][  T976] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input17
[  270.839612][  T976] usb 7-1: USB disconnect, device number 5
[  270.845613][    C0] aiptek 7-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  271.099167][   T30] audit: type=1326 audit(1755899246.357:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8736 comm="syz.3.708" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0ae738ebe9 code=0x0
[  271.164543][ T8738] C: renamed from lo (while UP)
[  271.171687][ T8738] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[  271.497136][ T8742] netlink: 32 bytes leftover after parsing attributes in process `syz.1.710'.
[  271.523725][   T30] audit: type=1400 audit(1755899246.787:414): avc:  denied  { write } for  pid=8743 comm="syz.5.711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  271.566648][ T8744] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  271.584365][ T8746] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  272.305060][   T30] audit: type=1400 audit(1755899247.567:415): avc:  denied  { getopt } for  pid=8739 comm="syz.6.709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  272.676111][   T30] audit: type=1400 audit(1755899247.937:416): avc:  denied  { open } for  pid=8765 comm="syz.6.716" path="/dev/ptyr1" dev="devtmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  272.847134][ T8771] netlink: 4 bytes leftover after parsing attributes in process `syz.4.715'.
[  274.776637][   T30] audit: type=1400 audit(1755899249.597:417): avc:  denied  { write } for  pid=8789 comm="syz.3.722" path="socket:[22693]" dev="sockfs" ino=22693 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  275.164224][ T8800] FAULT_INJECTION: forcing a failure.
[  275.164224][ T8800] name failslab, interval 1, probability 0, space 0, times 0
[  275.176941][ T8800] CPU: 0 UID: 0 PID: 8800 Comm: syz.3.723 Not tainted syzkaller #0 PREEMPT(full) 
[  275.176964][ T8800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  275.176974][ T8800] Call Trace:
[  275.176980][ T8800]  <TASK>
[  275.176986][ T8800]  dump_stack_lvl+0x16c/0x1f0
[  275.177009][ T8800]  should_fail_ex+0x512/0x640
[  275.177035][ T8800]  ? __kmalloc_noprof+0xbf/0x510
[  275.177053][ T8800]  ? io_cache_alloc_new+0x45/0xf0
[  275.177072][ T8800]  should_failslab+0xc2/0x120
[  275.177091][ T8800]  __kmalloc_noprof+0xd2/0x510
[  275.177113][ T8800]  io_cache_alloc_new+0x45/0xf0
[  275.177133][ T8800]  io_rsrc_node_alloc+0x221/0x2b0
[  275.177153][ T8800]  io_sqe_buffer_register+0x104/0x2010
[  275.177189][ T8800]  ? __pfx_io_sqe_buffer_register+0x10/0x10
[  275.177210][ T8800]  ? rcu_is_watching+0x12/0xc0
[  275.177237][ T8800]  ? iovec_from_user+0xbb/0x140
[  275.177261][ T8800]  io_sqe_buffers_register+0x1ed/0x860
[  275.177289][ T8800]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  275.177313][ T8800]  ? __mutex_trylock_common+0xe9/0x250
[  275.177340][ T8800]  ? __pfx___mutex_trylock_common+0x10/0x10
[  275.177370][ T8800]  __io_uring_register+0x22e2/0x2440
[  275.177389][ T8800]  ? trace_contention_end+0xdd/0x130
[  275.177406][ T8800]  ? __pfx___io_uring_register+0x10/0x10
[  275.177430][ T8800]  ? __pfx___mutex_lock+0x10/0x10
[  275.177455][ T8800]  ? __fget_files+0x20e/0x3c0
[  275.177481][ T8800]  __x64_sys_io_uring_register+0x169/0x280
[  275.177504][ T8800]  do_syscall_64+0xcd/0x4c0
[  275.177524][ T8800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.177542][ T8800] RIP: 0033:0x7f0ae738ebe9
[  275.177555][ T8800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.177572][ T8800] RSP: 002b:00007f0ae8223038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  275.177588][ T8800] RAX: ffffffffffffffda RBX: 00007f0ae75b6180 RCX: 00007f0ae738ebe9
[  275.177599][ T8800] RDX: 00002000000002c0 RSI: 0000000000000000 RDI: 0000000000000005
[  275.177608][ T8800] RBP: 00007f0ae8223090 R08: 0000000000000000 R09: 0000000000000000
[  275.177618][ T8800] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[  275.177627][ T8800] R13: 00007f0ae75b6218 R14: 00007f0ae75b6180 R15: 00007ffc84e92558
[  275.177650][ T8800]  </TASK>
[  275.836703][ T8808] CUSE: unknown device info ""
[  275.841647][ T8808] CUSE: zero length info key specified
[  276.949853][  T979] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  277.150104][ T8821] netlink: 4 bytes leftover after parsing attributes in process `syz.6.729'.
[  277.160782][  T979] usb 5-1: Using ep0 maxpacket: 32
[  277.168702][  T979] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.191144][  T979] usb 5-1: config 0 interface 0 has no altsetting 0
[  277.212206][  T979] usb 5-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  277.222525][  T979] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  277.230778][  T979] usb 5-1: Product: syz
[  277.244242][  T979] usb 5-1: config 0 descriptor??
[  277.672182][  T979] waterforce 0003:1044:7A4D.0006: unknown main item tag 0x0
[  277.685754][  T979] waterforce 0003:1044:7A4D.0006: unknown main item tag 0x0
[  277.706175][  T979] waterforce 0003:1044:7A4D.0006: unknown main item tag 0x0
[  277.720609][  T979] waterforce 0003:1044:7A4D.0006: unknown main item tag 0x0
[  277.737180][  T979] waterforce 0003:1044:7A4D.0006: unknown main item tag 0x0
[  277.754697][  T979] waterforce 0003:1044:7A4D.0006: hidraw0: USB HID v0.05 Device [syz] on usb-dummy_hcd.4-1/input0
[  277.819257][ T8828] FAULT_INJECTION: forcing a failure.
[  277.819257][ T8828] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  277.836793][ T5221] udevd[5221]: worker [6116] terminated by signal 33 (Unknown signal 33)
[  277.851708][  T979] waterforce 0003:1044:7A4D.0006: fw version request failed with -38
[  277.860862][ T8828] CPU: 1 UID: 0 PID: 8828 Comm: syz.6.731 Not tainted syzkaller #0 PREEMPT(full) 
[  277.860883][ T8828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  277.860892][ T8828] Call Trace:
[  277.860898][ T8828]  <TASK>
[  277.860903][ T8828]  dump_stack_lvl+0x16c/0x1f0
[  277.860919][ T8828]  should_fail_ex+0x512/0x640
[  277.860934][ T8828]  should_fail_alloc_page+0xe7/0x130
[  277.860951][ T8828]  prepare_alloc_pages+0x3c2/0x610
[  277.860966][ T8828]  ? __lock_acquire+0x62e/0x1ce0
[  277.860986][ T8828]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  277.861000][ T8828]  ? __kasan_check_byte+0x13/0x50
[  277.861014][ T8828]  ? unwind_next_frame+0x3f4/0x20a0
[  277.861026][ T8828]  ? rcu_is_watching+0x12/0xc0
[  277.861040][ T8828]  ? __kasan_check_byte+0x13/0x50
[  277.861052][ T8828]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  277.861064][ T8828]  ? rcu_is_watching+0x12/0xc0
[  277.861077][ T8828]  ? lock_release+0x201/0x2f0
[  277.861092][ T8828]  ? bpf_ksym_find+0x127/0x1c0
[  277.861108][ T8828]  ? kernel_text_address+0x8d/0x100
[  277.861120][ T8828]  ? __kernel_text_address+0xd/0x40
[  277.861132][ T8828]  ? unwind_get_return_address+0x59/0xa0
[  277.861144][ T8828]  ? arch_stack_walk+0xa6/0x100
[  277.861157][ T8828]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  277.861170][ T8828]  ? policy_nodemask+0xea/0x4e0
[  277.861184][ T8828]  alloc_pages_mpol+0x1fb/0x550
[  277.861197][ T8828]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  277.861213][ T8828]  folio_alloc_mpol_noprof+0x36/0x2f0
[  277.861234][ T8828]  vma_alloc_folio_noprof+0xed/0x1e0
[  277.861249][ T8828]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  277.861263][ T8828]  ? rcu_read_unlock+0x2d/0xb0
[  277.861277][ T8828]  do_wp_page+0x1136/0x4f00
[  277.861294][ T8828]  ? __pfx_do_wp_page+0x10/0x10
[  277.861310][ T8828]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  277.861321][ T8828]  ? ___pte_offset_map+0x2ad/0x4f0
[  277.861337][ T8828]  __handle_mm_fault+0x1b2d/0x2a50
[  277.861355][ T8828]  ? mt_find+0x3ef/0xa30
[  277.861369][ T8828]  ? __pfx___handle_mm_fault+0x10/0x10
[  277.861385][ T8828]  ? __pfx_mt_find+0x10/0x10
[  277.861405][ T8828]  ? find_vma+0xbf/0x140
[  277.861416][ T8828]  ? __pfx_find_vma+0x10/0x10
[  277.861430][ T8828]  handle_mm_fault+0x589/0xd10
[  277.861447][ T8828]  ? __bpf_trace_exceptions+0x1/0x40
[  277.861465][ T8828]  do_user_addr_fault+0x7a6/0x1370
[  277.861477][ T8828]  ? rcu_is_watching+0x12/0xc0
[  277.861492][ T8828]  exc_page_fault+0x5c/0xb0
[  277.861503][ T8828]  asm_exc_page_fault+0x26/0x30
[  277.861514][ T8828] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  277.861527][ T8828] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 07 69 03 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  277.861537][ T8828] RSP: 0018:ffffc9001ea1f9f8 EFLAGS: 00050293
[  277.861547][ T8828] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00002000000066f0
[  277.861553][ T8828] RDX: ffff888078a14880 RSI: ffffffff896307f3 RDI: 0000000000000005
[  277.861560][ T8828] RBP: ffffc9001ea1fd98 R08: 0000000000000005 R09: 0000000000000000
[  277.861566][ T8828] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  277.861572][ T8828] R13: 00002000000066c0 R14: ffffc9001ea1fddc R15: 0000000000000000
[  277.861583][ T8828]  ? ____sys_recvmsg+0x2e3/0x6b0
[  277.861600][ T8828]  ____sys_recvmsg+0x2ee/0x6b0
[  277.861617][ T8828]  ? __pfx_____sys_recvmsg+0x10/0x10
[  277.861636][ T8828]  ? __lock_acquire+0x62e/0x1ce0
[  277.861655][ T8828]  ___sys_recvmsg+0x114/0x1a0
[  277.861666][ T8828]  ? __pfx____sys_recvmsg+0x10/0x10
[  277.861679][ T8828]  ? find_held_lock+0x2b/0x80
[  277.861701][ T8828]  do_recvmmsg+0x2fe/0x750
[  277.861714][ T8828]  ? __pfx_do_recvmmsg+0x10/0x10
[  277.861728][ T8828]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  277.861745][ T8828]  ? __fget_files+0x20e/0x3c0
[  277.861761][ T8828]  __x64_sys_recvmmsg+0x22a/0x280
[  277.861774][ T8828]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  277.861790][ T8828]  do_syscall_64+0xcd/0x4c0
[  277.861803][ T8828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.861813][ T8828] RIP: 0033:0x7f2410d8ebe9
[  277.861822][ T8828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.861832][ T8828] RSP: 002b:00007f2411be4038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  277.861841][ T8828] RAX: ffffffffffffffda RBX: 00007f2410fb5fa0 RCX: 00007f2410d8ebe9
[  277.861851][ T8828] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000003
[  277.861860][ T8828] RBP: 00007f2411be4090 R08: 0000000000000000 R09: 0000000000000000
[  277.861871][ T8828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.861880][ T8828] R13: 00007f2410fb6038 R14: 00007f2410fb5fa0 R15: 00007ffc469b21d8
[  277.861903][ T8828]  </TASK>
[  277.867792][ T8805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  278.144535][ T5221] udevd[5221]: worker [6116] failed while handling '/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:1044:7A4D.0006/hidraw/hidraw0'
[  278.276877][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.371126][ T8805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  278.809721][  T979] usb 5-1: USB disconnect, device number 9
[  278.897795][ T8836] netlink: 32 bytes leftover after parsing attributes in process `syz.5.734'.
[  278.981525][ T8838] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  279.026292][ T8839] netlink: 24 bytes leftover after parsing attributes in process `syz.3.735'.
[  282.065649][ T8865] FAULT_INJECTION: forcing a failure.
[  282.065649][ T8865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  282.083978][ T8865] CPU: 1 UID: 0 PID: 8865 Comm: syz.4.742 Not tainted syzkaller #0 PREEMPT(full) 
[  282.084006][ T8865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  282.084017][ T8865] Call Trace:
[  282.084022][ T8865]  <TASK>
[  282.084028][ T8865]  dump_stack_lvl+0x16c/0x1f0
[  282.084051][ T8865]  should_fail_ex+0x512/0x640
[  282.084073][ T8865]  _copy_from_user+0x2e/0xd0
[  282.084096][ T8865]  ucma_bind_ip+0xb8/0x1f0
[  282.084117][ T8865]  ? __pfx_ucma_bind_ip+0x10/0x10
[  282.084134][ T8865]  ? __might_fault+0xe3/0x190
[  282.084148][ T8865]  ? __might_fault+0x13b/0x190
[  282.084172][ T8865]  ? __pfx_ucma_bind_ip+0x10/0x10
[  282.084191][ T8865]  ucma_write+0x1f8/0x330
[  282.084208][ T8865]  ? __pfx_ucma_write+0x10/0x10
[  282.084225][ T8865]  ? bpf_lsm_file_permission+0x9/0x10
[  282.084246][ T8865]  ? security_file_permission+0x71/0x210
[  282.084271][ T8865]  ? rw_verify_area+0xcf/0x6c0
[  282.084298][ T8865]  ? __pfx_ucma_write+0x10/0x10
[  282.084314][ T8865]  vfs_write+0x29d/0x11d0
[  282.084336][ T8865]  ? __pfx_vfs_write+0x10/0x10
[  282.084351][ T8865]  ? find_held_lock+0x2b/0x80
[  282.084372][ T8865]  ? __fget_files+0x204/0x3c0
[  282.084393][ T8865]  ? __fget_files+0x20e/0x3c0
[  282.084417][ T8865]  ksys_write+0x1f8/0x250
[  282.084433][ T8865]  ? __pfx_ksys_write+0x10/0x10
[  282.084457][ T8865]  do_syscall_64+0xcd/0x4c0
[  282.084478][ T8865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.084494][ T8865] RIP: 0033:0x7fcc3ef8ebe9
[  282.084507][ T8865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.084524][ T8865] RSP: 002b:00007fcc3fe8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  282.084540][ T8865] RAX: ffffffffffffffda RBX: 00007fcc3f1b5fa0 RCX: 00007fcc3ef8ebe9
[  282.084550][ T8865] RDX: 0000000000000030 RSI: 00002000000002c0 RDI: 0000000000000003
[  282.084560][ T8865] RBP: 00007fcc3fe8b090 R08: 0000000000000000 R09: 0000000000000000
[  282.084570][ T8865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.084579][ T8865] R13: 00007fcc3f1b6038 R14: 00007fcc3f1b5fa0 R15: 00007ffd802fe7f8
[  282.084601][ T8865]  </TASK>
[  282.301097][    C1] vkms_vblank_simulate: vblank timer overrun
[  282.447530][   T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  282.458828][ T8869] FAULT_INJECTION: forcing a failure.
[  282.458828][ T8869] name failslab, interval 1, probability 0, space 0, times 0
[  282.478579][   T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  282.494666][ T8869] CPU: 0 UID: 0 PID: 8869 Comm: syz.4.743 Not tainted syzkaller #0 PREEMPT(full) 
[  282.494689][ T8869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  282.494699][ T8869] Call Trace:
[  282.494704][ T8869]  <TASK>
[  282.494711][ T8869]  dump_stack_lvl+0x16c/0x1f0
[  282.494735][ T8869]  should_fail_ex+0x512/0x640
[  282.494753][ T8869]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  282.494774][ T8869]  should_failslab+0xc2/0x120
[  282.494795][ T8869]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  282.494813][ T8869]  ? __alloc_skb+0x2b2/0x380
[  282.494834][ T8869]  __alloc_skb+0x2b2/0x380
[  282.494851][ T8869]  ? __pfx___alloc_skb+0x10/0x10
[  282.494871][ T8869]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  282.494897][ T8869]  netlink_alloc_large_skb+0x69/0x130
[  282.494918][ T8869]  netlink_sendmsg+0x6a1/0xdd0
[  282.494941][ T8869]  ? __pfx_netlink_sendmsg+0x10/0x10
[  282.494972][ T8869]  ____sys_sendmsg+0xa95/0xc70
[  282.494997][ T8869]  ? copy_msghdr_from_user+0x10a/0x160
[  282.495016][ T8869]  ? __pfx_____sys_sendmsg+0x10/0x10
[  282.495051][ T8869]  ___sys_sendmsg+0x134/0x1d0
[  282.495072][ T8869]  ? __pfx____sys_sendmsg+0x10/0x10
[  282.495123][ T8869]  __sys_sendmsg+0x16d/0x220
[  282.495142][ T8869]  ? __pfx___sys_sendmsg+0x10/0x10
[  282.495184][ T8869]  do_syscall_64+0xcd/0x4c0
[  282.495205][ T8869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.495223][ T8869] RIP: 0033:0x7fcc3ef8ebe9
[  282.495241][ T8869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.495259][ T8869] RSP: 002b:00007fcc3fe8b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  282.495276][ T8869] RAX: ffffffffffffffda RBX: 00007fcc3f1b5fa0 RCX: 00007fcc3ef8ebe9
[  282.495287][ T8869] RDX: 0000000024044884 RSI: 0000200000000300 RDI: 0000000000000003
[  282.495298][ T8869] RBP: 00007fcc3fe8b090 R08: 0000000000000000 R09: 0000000000000000
[  282.495308][ T8869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.495318][ T8869] R13: 00007fcc3f1b6038 R14: 00007fcc3f1b5fa0 R15: 00007ffd802fe7f8
[  282.495342][ T8869]  </TASK>
[  284.525386][ T8890] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  284.626389][ T8889] IPVS: stopping backup sync thread 8890 ...
[  287.321170][ T8914] netlink: 24 bytes leftover after parsing attributes in process `syz.6.757'.
[  288.429860][ T8923] capability: warning: `syz.3.761' uses 32-bit capabilities (legacy support in use)
[  288.450122][ T8923] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  288.467696][ T8923] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  288.482697][ T8923] overlayfs: failed to get uuid (165/file0, err=-13); falling back to uuid=null.
[  288.579129][ T5852] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  288.590780][ T5852] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  288.599217][ T5852] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  288.608469][ T5852] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  288.617684][ T5852] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  288.809970][ T8937] SELinux: failed to load policy
[  289.221910][   T24] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  289.325547][ T8931] chnl_net:caif_netlink_parms(): no params data found
[  289.384336][   T24] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  289.483044][   T24] usb 7-1: config 0 interface 0 has no altsetting 0
[  289.489694][   T24] usb 7-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  289.499451][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.508909][ T8931] bridge0: port 1(bridge_slave_0) entered blocking state
[  289.509492][   T24] usb 7-1: config 0 descriptor??
[  289.547195][ T8931] bridge0: port 1(bridge_slave_0) entered disabled state
[  289.563535][ T8931] bridge_slave_0: entered allmulticast mode
[  289.574164][ T8931] bridge_slave_0: entered promiscuous mode
[  289.585495][ T8954] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  289.590756][ T8931] bridge0: port 2(bridge_slave_1) entered blocking state
[  289.609757][ T8931] bridge0: port 2(bridge_slave_1) entered disabled state
[  289.619163][ T8931] bridge_slave_1: entered allmulticast mode
[  289.630945][ T8931] bridge_slave_1: entered promiscuous mode
[  289.737863][ T8931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  289.747496][ T8953] IPVS: stopping backup sync thread 8954 ...
[  289.764763][ T8931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.603307][ T8931] team0: Port device team_slave_0 added
[  290.618306][ T8931] team0: Port device team_slave_1 added
[  290.668263][   T24] usbhid 7-1:0.0: can't add hid device: -71
[  290.683954][ T5852] Bluetooth: hci6: command tx timeout
[  290.690115][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  290.710626][   T24] usb 7-1: USB disconnect, device number 6
[  290.725730][ T8931] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.733870][ T8931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.760838][ T8931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.773522][ T8931] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.780716][ T8931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.809299][ T8931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  291.271677][ T8931] hsr_slave_0: entered promiscuous mode
[  291.286933][ T8931] hsr_slave_1: entered promiscuous mode
[  291.299691][ T8931] debugfs: 'hsr0' already exists in 'hsr'
[  291.305645][ T8931] Cannot create hsr debugfs directory
[  292.075237][ T8931] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  292.086909][ T8931] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  292.107261][ T8931] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  292.145772][ T8931] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  292.453494][ T8931] 8021q: adding VLAN 0 to HW filter on device bond0
[  292.540222][ T8931] 8021q: adding VLAN 0 to HW filter on device team0
[  292.577279][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  292.584437][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  292.594839][   T30] audit: type=1400 audit(1755899267.857:418): avc:  denied  { listen } for  pid=8987 comm="syz.4.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  292.603853][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  292.621252][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  292.733827][ T8931] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  292.748714][ T8988] sctp: failed to load transform for md5: -2
[  292.755161][ T8993] sctp: failed to load transform for md5: -2
[  292.761700][ T5852] Bluetooth: hci6: command tx timeout
[  292.794890][ T8998] sctp: failed to load transform for md5: -2
[  293.213272][ T9018] SELinux: failed to load policy
[  293.774382][ T8931] 8021q: adding VLAN 0 to HW filter on device batadv0
[  294.164041][   T30] audit: type=1400 audit(1755899269.407:419): avc:  denied  { sqpoll } for  pid=9029 comm="syz.6.779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  294.380434][ T9035] CUSE: unknown device info ""
[  294.385427][ T9035] CUSE: zero length info key specified
[  294.840937][ T5855] Bluetooth: hci6: command tx timeout
[  294.843535][ T5849] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  294.862832][ T5849] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  294.870432][ T5849] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  294.879202][ T5849] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  294.886898][ T5849] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  294.938104][ T8931] veth0_vlan: entered promiscuous mode
[  294.976730][ T8931] veth1_vlan: entered promiscuous mode
[  295.057580][   T30] audit: type=1400 audit(1755899270.317:420): avc:  denied  { read } for  pid=9039 comm="syz.4.780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  295.224748][ T8931] veth0_macvtap: entered promiscuous mode
[  295.236850][ T8931] veth1_macvtap: entered promiscuous mode
[  295.772267][ T8931] batman_adv: batadv0: Interface activated: batadv_slave_0
[  295.800203][ T8931] batman_adv: batadv0: Interface activated: batadv_slave_1
[  295.841504][ T4300] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  295.852883][ T4300] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  295.866699][ T4300] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  295.881721][ T3607] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  295.890867][ T5904] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  295.899832][ T9037] chnl_net:caif_netlink_parms(): no params data found
[  296.051461][ T5904] usb 5-1: Using ep0 maxpacket: 8
[  296.061711][ T5904] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  296.072661][ T5904] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  296.082974][ T5904] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  296.093185][ T5904] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  296.106758][ T5904] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  296.115892][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.139375][ T9037] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.147992][ T9037] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.155510][ T9037] bridge_slave_0: entered allmulticast mode
[  296.162371][ T9037] bridge_slave_0: entered promiscuous mode
[  296.176444][ T9037] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.183641][ T9037] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.191393][ T9037] bridge_slave_1: entered allmulticast mode
[  296.198102][ T9037] bridge_slave_1: entered promiscuous mode
[  296.235902][ T9037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  296.247684][ T9037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  296.259840][ T3607] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.268659][ T3607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.276185][  T979] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  296.319739][ T9037] team0: Port device team_slave_0 added
[  296.333066][ T4300] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  296.334486][ T9037] team0: Port device team_slave_1 added
[  296.355929][ T4300] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  296.363591][ T5904] usb 5-1: GET_CAPABILITIES returned 0
[  296.369221][ T5904] usbtmc 5-1:16.0: can't read capabilities
[  296.395570][ T9037] batman_adv: batadv0: Adding interface: batadv_slave_0
[  296.403466][ T9037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.429901][ T9037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  296.452871][ T9037] batman_adv: batadv0: Adding interface: batadv_slave_1
[  296.459870][ T9037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  296.486852][ T9037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  296.498720][  T979] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  296.512734][  T979] usb 7-1: config 0 interface 0 has no altsetting 0
[  296.519716][  T979] usb 7-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  296.529101][  T979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.550880][ T9056] FAULT_INJECTION: forcing a failure.
[  296.550880][ T9056] name failslab, interval 1, probability 0, space 0, times 0
[  296.550917][  T979] usb 7-1: config 0 descriptor??
[  296.573882][ T9056] CPU: 1 UID: 0 PID: 9056 Comm: syz.7.756 Not tainted syzkaller #0 PREEMPT(full) 
[  296.573905][ T9056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.573915][ T9056] Call Trace:
[  296.573920][ T9056]  <TASK>
[  296.573927][ T9056]  dump_stack_lvl+0x16c/0x1f0
[  296.573951][ T9056]  should_fail_ex+0x512/0x640
[  296.573979][ T9056]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  296.574001][ T9056]  should_failslab+0xc2/0x120
[  296.574021][ T9056]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  296.574040][ T9056]  ? sock_alloc_inode+0x25/0x1c0
[  296.574065][ T9056]  ? __pfx_sock_alloc_inode+0x10/0x10
[  296.574084][ T9056]  sock_alloc_inode+0x25/0x1c0
[  296.574103][ T9056]  alloc_inode+0x61/0x240
[  296.574128][ T9056]  sock_alloc+0x40/0x280
[  296.574148][ T9056]  __sock_create+0xc1/0x8d0
[  296.574176][ T9056]  mptcp_subflow_create_socket+0xf5/0xed0
[  296.574203][ T9056]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  296.574235][ T9056]  __mptcp_nmpc_sk+0x182/0x7d0
[  296.574258][ T9056]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  296.574281][ T9056]  ? __local_bh_enable_ip+0xa4/0x120
[  296.574304][ T9056]  mptcp_bind+0xa3/0x1e0
[  296.574329][ T9056]  __sys_bind+0x1a4/0x260
[  296.574353][ T9056]  ? __pfx___sys_bind+0x10/0x10
[  296.574375][ T9056]  ? __fget_files+0x20e/0x3c0
[  296.574404][ T9056]  ? __pfx_ksys_write+0x10/0x10
[  296.574428][ T9056]  __x64_sys_bind+0x72/0xb0
[  296.574451][ T9056]  ? lockdep_hardirqs_on+0x7c/0x110
[  296.574468][ T9056]  do_syscall_64+0xcd/0x4c0
[  296.574490][ T9056]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.574507][ T9056] RIP: 0033:0x7f177a98ebe9
[  296.574522][ T9056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.574539][ T9056] RSP: 002b:00007f177b897038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  296.574555][ T9056] RAX: ffffffffffffffda RBX: 00007f177abb5fa0 RCX: 00007f177a98ebe9
[  296.574567][ T9056] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  296.574578][ T9056] RBP: 00007f177b897090 R08: 0000000000000000 R09: 0000000000000000
[  296.574588][ T9056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.574598][ T9056] R13: 00007f177abb6038 R14: 00007f177abb5fa0 R15: 00007fff17d60f38
[  296.574622][ T9056]  </TASK>
[  296.575068][ T9056] socket: no more sockets
[  296.893657][ T9037] hsr_slave_0: entered promiscuous mode
[  296.910530][ T9037] hsr_slave_1: entered promiscuous mode
[  296.917398][ T9037] debugfs: 'hsr0' already exists in 'hsr'
[  296.925516][ T5855] Bluetooth: hci7: command tx timeout
[  296.932153][ T5862] Bluetooth: hci6: command tx timeout
[  296.944937][ T9037] Cannot create hsr debugfs directory
[  297.013754][   T30] audit: type=1400 audit(1755899272.257:421): avc:  denied  { ioctl } for  pid=9039 comm="syz.4.780" path="socket:[25664]" dev="sockfs" ino=25664 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  297.066389][  T979] usbhid 7-1:0.0: can't add hid device: -71
[  297.087042][  T979] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  297.131949][  T979] usb 7-1: USB disconnect, device number 7
[  297.223591][ T9062] team0: No ports can be present during mode change
[  297.238597][ T9062] netlink: 'syz.7.783': attribute type 10 has an invalid length.
[  297.276939][ T9062] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.284671][ T9062] team0: Port device bond0 added
[  297.290313][ T9064] netlink: 4 bytes leftover after parsing attributes in process `syz.7.783'.
[  297.370413][ T9064] team0 (unregistering): Port device team_slave_0 removed
[  297.410156][ T9064] team0 (unregistering): Port device team_slave_1 removed
[  297.423740][ T9064] team0 (unregistering): Port device bond0 removed
[  297.521582][ T9037] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  297.535044][ T9037] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  297.546729][ T9037] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  297.557372][ T9037] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  297.675823][ T9037] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.699030][ T9037] 8021q: adding VLAN 0 to HW filter on device team0
[  297.800285][   T66] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.807389][   T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.828843][   T66] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.835924][   T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[  298.099193][ T9075] netlink: 4 bytes leftover after parsing attributes in process `syz.6.784'.
[  298.283151][ T5862] Bluetooth: hci5: command 0x0406 tx timeout
[  298.325560][ T5904] usb 5-1: USB disconnect, device number 10
[  298.326580][ T9037] 8021q: adding VLAN 0 to HW filter on device batadv0
[  298.923502][ T9100] SELinux: failed to load policy
[  299.002385][ T5852] Bluetooth: hci7: command 0x041b tx timeout
[  299.499009][ T9037] veth0_vlan: entered promiscuous mode
[  299.519143][ T9037] veth1_vlan: entered promiscuous mode
[  299.559097][ T9037] veth0_macvtap: entered promiscuous mode
[  299.574452][ T9037] veth1_macvtap: entered promiscuous mode
[  299.599507][ T9037] batman_adv: batadv0: Interface activated: batadv_slave_0
[  299.615750][ T9037] batman_adv: batadv0: Interface activated: batadv_slave_1
[  299.653790][ T9106] warning: `syz.7.788' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  299.696320][   T36] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  299.715058][   T36] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  299.733904][   T36] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  299.761175][   T36] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  299.982266][ T1112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.011583][ T1112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.119742][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.135292][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  301.090690][ T5852] Bluetooth: hci7: command 0x041b tx timeout
[  302.108401][ T9145] netlink: 'syz.4.795': attribute type 10 has an invalid length.
[  302.154460][ T9145] netlink: 4 bytes leftover after parsing attributes in process `syz.4.795'.
[  303.181766][ T5852] Bluetooth: hci7: command 0x041b tx timeout
[  303.388169][ T9167] CUSE: unknown device info ""
[  303.393148][ T9167] CUSE: zero length info key specified
[  303.881186][   T31] INFO: task syz-executor:5860 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  304.548604][   T31]       Not tainted syzkaller #0
[  304.569685][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  304.623442][   T31] task:syz-executor    state:D stack:23704 pid:5860  tgid:5860  ppid:1      task_flags:0x400140 flags:0x00004004
[  304.657322][   T31] Call Trace:
[  304.680468][   T31]  <TASK>
[  304.704745][   T31]  __schedule+0x1190/0x5de0
[  304.709818][   T31]  ? __lock_acquire+0x62e/0x1ce0
[  304.715249][   T31]  ? __pfx___schedule+0x10/0x10
[  304.720183][   T31]  ? find_held_lock+0x2b/0x80
[  304.725420][   T31]  ? schedule+0x2d7/0x3a0
[  304.729852][   T31]  schedule+0xe7/0x3a0
[  304.734632][   T31]  v9fs_evict_inode+0x26f/0x300
[  304.739543][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  304.746173][   T31]  ? __pfx_var_wake_function+0x10/0x10
[  304.752104][   T31]  ? evict+0x3a2/0x920
[  304.756256][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  304.762889][   T31]  evict+0x3e3/0x920
[  304.767113][   T31]  ? __pfx_evict+0x10/0x10
[  304.772008][   T31]  ? iput+0x519/0x880
[  304.776107][   T31]  iput+0x521/0x880
[  304.779963][   T31]  ? __pfx_v9fs_drop_inode+0x10/0x10
[  304.786669][   T31]  dentry_unlink_inode+0x29c/0x480
[  304.792438][   T31]  __dentry_kill+0x1d0/0x600
[  304.797114][   T31]  dput.part.0+0x4b1/0x9b0
[  304.802004][   T31]  shrink_dcache_for_umount+0x159/0x3e0
[  304.807618][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  304.813911][   T31]  generic_shutdown_super+0x6c/0x390
[  304.819239][   T31]  kill_anon_super+0x3a/0x60
[  304.824564][   T31]  v9fs_kill_super+0x3d/0xa0
[  304.829234][   T31]  deactivate_locked_super+0xc1/0x1a0
[  304.835019][   T31]  deactivate_super+0xde/0x100
[  304.839858][   T31]  cleanup_mnt+0x225/0x450
[  304.844958][   T31]  task_work_run+0x14d/0x240
[  304.849605][   T31]  ? __pfx_task_work_run+0x10/0x10
[  304.855638][   T31]  ? __pfx___x64_sys_umount+0x10/0x10
[  304.862221][   T31]  exit_to_user_mode_loop+0xeb/0x110
[  304.867571][   T31]  do_syscall_64+0x3f6/0x4c0
[  304.873038][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.879014][   T31] RIP: 0033:0x7f27b698ff17
[  304.883746][   T31] RSP: 002b:00007ffc027b7c88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  304.892360][   T31] RAX: 0000000000000000 RBX: 00007f27b6a11c05 RCX: 00007f27b698ff17
[  304.900391][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc027b7d40
[  304.908532][   T31] RBP: 00007ffc027b7d40 R08: 0000000000000000 R09: 0000000000000000
[  304.917277][   T31] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc027b8dd0
[  304.925428][   T31] R13: 00007f27b6a11c05 R14: 0000000000025dc7 R15: 00007ffc027b8e10
[  304.933594][   T31]  </TASK>
[  304.936916][   T31] 
[  304.936916][   T31] Showing all locks held in the system:
[  305.058189][   T31] 1 lock held by khungtaskd/31:
[  305.082473][   T31]  #0: ffffffff8e5c1220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  305.099073][   T31] 2 locks held by getty/5608:
[  305.121161][   T31]  #0: ffff88814dbc70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  305.147106][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  305.158188][   T31] 2 locks held by syz-executor/5845:
[  305.171529][   T31]  #0: ffffffff90382ac8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  305.182470][   T31]  #1: ffffffff8e5cc7b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  305.193388][   T31] 1 lock held by syz-executor/5860:
[  305.198635][   T31]  #0: ffff8880603980e0 (&type->s_umount_key#67){++++}-{4:4}, at: deactivate_super+0xd6/0x100
[  305.209602][   T31] 1 lock held by syz.1.710/8746:
[  305.215167][   T31]  #0: ffff8880603980e0 (&type->s_umount_key#67){++++}-{4:4}, at: super_lock+0x31c/0x3f0
[  305.226033][   T31] 1 lock held by syz.5.734/8838:
[  305.231260][   T31]  #0: ffff8880603980e0 (&type->s_umount_key#67){++++}-{4:4}, at: super_lock+0x31c/0x3f0
[  305.241995][   T31] 1 lock held by syz.3.773/8973:
[  305.247006][   T31]  #0: ffff8880603980e0 (&type->s_umount_key#67){++++}-{4:4}, at: super_lock+0x31c/0x3f0
[  305.250626][ T5852] Bluetooth: hci7: command 0x041b tx timeout
[  305.257499][   T31] 4 locks held by syz.6.803/9172:
[  305.268327][   T31]  #0: ffff888078f78dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90
[  305.278818][   T31]  #1: ffff888078f780b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0
[  305.290095][   T31]  #2: ffffffff905eab28 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260
[  305.300433][   T31]  #3: ffff8880580eb338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730
[  305.310892][   T31] 
[  305.313265][   T31] =============================================
[  305.313265][   T31] 
[  305.323861][   T31] NMI backtrace for cpu 0
[  305.323883][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  305.323903][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  305.323912][   T31] Call Trace:
[  305.323917][   T31]  <TASK>
[  305.323923][   T31]  dump_stack_lvl+0x116/0x1f0
[  305.323947][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  305.323971][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  305.324000][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  305.324026][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  305.324050][   T31]  watchdog+0xf0e/0x1260
[  305.324073][   T31]  ? __pfx_watchdog+0x10/0x10
[  305.324090][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  305.324108][   T31]  ? __kthread_parkme+0x19e/0x250
[  305.324133][   T31]  ? __pfx_watchdog+0x10/0x10
[  305.324150][   T31]  kthread+0x3c2/0x780
[  305.324168][   T31]  ? __pfx_kthread+0x10/0x10
[  305.324186][   T31]  ? rcu_is_watching+0x12/0xc0
[  305.324207][   T31]  ? __pfx_kthread+0x10/0x10
[  305.324226][   T31]  ret_from_fork+0x5d7/0x6f0
[  305.324241][   T31]  ? __pfx_kthread+0x10/0x10
[  305.324259][   T31]  ret_from_fork_asm+0x1a/0x30
[  305.324288][   T31]  </TASK>
[  305.324308][   T31] Sending NMI from CPU 0 to CPUs 1:
[  305.446897][    C1] NMI backtrace for cpu 1
[  305.446910][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  305.446926][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  305.446933][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  305.446951][    C1] Code: 4c 62 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 52 16 00 fb f4 <e9> 4c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  305.446965][    C1] RSP: 0018:ffffc90000197df8 EFLAGS: 000002c2
[  305.446977][    C1] RAX: 00000000015ea77d RBX: 0000000000000001 RCX: ffffffff8b93bc29
[  305.446986][    C1] RDX: 0000000000000000 RSI: ffffffff8de4fd28 RDI: ffffffff8c162900
[  305.446994][    C1] RBP: ffffed1003c56488 R08: 0000000000000001 R09: ffffed10170a6655
[  305.447002][    C1] R10: ffff8880b85332ab R11: 0000000000000000 R12: 0000000000000001
[  305.447011][    C1] R13: ffff88801e2b2440 R14: ffffffff90ab4390 R15: 0000000000000000
[  305.447019][    C1] FS:  0000000000000000(0000) GS:ffff8881247bb000(0000) knlGS:0000000000000000
[  305.447033][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  305.447042][    C1] CR2: 0000200000025000 CR3: 0000000030525000 CR4: 00000000003526f0
[  305.447051][    C1] Call Trace:
[  305.447055][    C1]  <TASK>
[  305.447060][    C1]  default_idle+0x13/0x20
[  305.447075][    C1]  default_idle_call+0x6d/0xb0
[  305.447090][    C1]  do_idle+0x391/0x510
[  305.447108][    C1]  ? __pfx_do_idle+0x10/0x10
[  305.447123][    C1]  ? trace_sched_exit_tp+0x2f/0x120
[  305.447139][    C1]  cpu_startup_entry+0x4f/0x60
[  305.447155][    C1]  start_secondary+0x21d/0x2b0
[  305.447174][    C1]  ? __pfx_start_secondary+0x10/0x10
[  305.447194][    C1]  common_startup_64+0x13e/0x148
[  305.447213][    C1]  </TASK>
[  305.638810][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  305.645673][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  305.654754][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  305.664783][   T31] Call Trace:
[  305.668052][   T31]  <TASK>
[  305.670958][   T31]  dump_stack_lvl+0x3d/0x1f0
[  305.675534][   T31]  vpanic+0x6e8/0x7a0
[  305.679495][   T31]  ? __pfx_vpanic+0x10/0x10
[  305.683975][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  305.689938][   T31]  panic+0xca/0xd0
[  305.693639][   T31]  ? __pfx_panic+0x10/0x10
[  305.698047][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  305.703400][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  305.709549][   T31]  ? watchdog+0xd78/0x1260
[  305.713940][   T31]  ? watchdog+0xd6b/0x1260
[  305.718328][   T31]  watchdog+0xd89/0x1260
[  305.722552][   T31]  ? __pfx_watchdog+0x10/0x10
[  305.727215][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  305.732395][   T31]  ? __kthread_parkme+0x19e/0x250
[  305.737417][   T31]  ? __pfx_watchdog+0x10/0x10
[  305.742070][   T31]  kthread+0x3c2/0x780
[  305.746123][   T31]  ? __pfx_kthread+0x10/0x10
[  305.750696][   T31]  ? rcu_is_watching+0x12/0xc0
[  305.755481][   T31]  ? __pfx_kthread+0x10/0x10
[  305.760053][   T31]  ret_from_fork+0x5d7/0x6f0
[  305.764625][   T31]  ? __pfx_kthread+0x10/0x10
[  305.769195][   T31]  ret_from_fork_asm+0x1a/0x30
[  305.773953][   T31]  </TASK>
[  305.777145][   T31] Kernel Offset: disabled
[  305.781446][   T31] Rebooting in 86400 seconds..