last executing test programs:

14m54.239102608s ago: executing program 2 (id=189):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_WDS_PEER(r0, 0x0, 0x1088)
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000500), 0x2, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0x5460, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000180)={0x8d7, 0x1, 0x3, "61056d42ca48dcff251fe6ebd697d71a94da2996f8752dcd35930d0d91b75d6f", 0x33424752})
r5 = syz_open_dev$midi(&(0x7f00000001c0), 0xac, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0205710, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c00000000006113500000000000bfa00000000000001503000008004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf670000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a25c3a2feb39e94a5266a10716d4a3cef499fa176018054e9149a1c9d20a809ce3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xffff0000}, 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
unshare(0x62040200)
add_key$user(&(0x7f0000000000), 0x0, &(0x7f0000000300), 0x0, 0x0)

14m49.74008218s ago: executing program 2 (id=199):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x1, 0x803, 0x0)
pipe2(&(0x7f0000001cc0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x800)
socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="7472616e733d668e13ada34f6e6fc6de7e7488ac642c72100000003d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',access=', @ANYRESDEC=r4, @ANYBLOB=',\x00'])
mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000)
mknodat(0xffffffffffffffff, 0x0, 0x22f6c0948578f7ce, 0xb1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioperm(0x0, 0x7, 0x7)
ioctl$KDADDIO(r3, 0x4b34, 0x3)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
setfsuid(r4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
r6 = syz_clone(0xd0804000, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
syz_open_procfs$namespace(r6, 0x0)
r7 = timerfd_create(0x8, 0x80800)
timerfd_gettime(r7, &(0x7f0000000000))

14m47.392513393s ago: executing program 2 (id=206):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x24}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
openat$cgroup_pressure(r2, &(0x7f0000000440)='memory.pressure\x00', 0x2, 0x0)
r3 = fanotify_init(0x8, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r3, 0x455, 0x8000001, r4, 0x0)
r5 = fanotify_init(0x200, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x40100, 0x40)
fanotify_mark(r5, 0x41, 0x8000038, r6, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000300)=@nat={'nat\x00', 0x1b, 0x5, 0x440, 0x130, 0x130, 0xffffffff, 0x2d0, 0x2d0, 0x3a8, 0x3a8, 0xffffffff, 0x3a8, 0x3a8, 0x5, &(0x7f00000000c0), {[{{@uncond, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@inet=@set1={{0x28}, {{0x1, 0x5, 0x1}}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x1, 0x1, 0x2}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x4, @ipv6=@private2, @ipv4=@multicast1, @icmp_id=0x65, @icmp_id=0x67}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x32}, @private=0xa010102, 0xff000000, 0x0, 'bond0\x00', 'geneve1\x00', {0xff}, {0xff}, 0x67, 0x1, 0x41}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @loopback, @port=0x4e21, @port=0x4e20}}}}, {{@uncond, 0x0, 0xb0, 0xf8, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x2, 0x2, 0x6028c6046373d274, 0x2, 0x5, 0x4], 0x3}}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x10, @ipv4=@broadcast, @ipv4=@private=0xa010102, @port=0x4e20, @gre_key=0x1}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'dvmrp0\x00', 'gretap0\x00', {}, {0xff}, 0x62, 0x0, 0x72}, 0x0, 0xa0, 0xd8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0x9]}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x3, @multicast1, @dev={0xac, 0x14, 0x14, 0x1f}, @port=0x4e24, @port=0x4e22}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4a0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000001a0001010000"], 0x34}}, 0x400c840)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x202, 0x0)

14m46.759894145s ago: executing program 2 (id=208):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000005640)=0x1, 0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xf, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="c60bd9f6aee8340c00000000000000006110020000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x1, 0x6}, 0x1c)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
lremovexattr(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)=@known='system.advise\x00')
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, 0x0, 0x310)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2c, 0x0, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x34, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x4, 0x2, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x2c, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, @empty, [], "fb36eeca"}}}}}}}, 0x0)
clock_gettime(0x0, &(0x7f00000002c0))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x8, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @private}, @mcast2, {[], @echo_request}}}}}, 0x0)
r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r2)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0xe41, 0x0)
mount(&(0x7f0000000000), &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0)
mount(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x21a8f5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
ioctl$USBDEVFS_SETCONFIGURATION(0xffffffffffffffff, 0x80045505, 0x0)
preadv2(0xffffffffffffffff, &(0x7f00000007c0)=[{&(0x7f0000000580)=""/168, 0xa8}], 0x1, 0xfffffffa, 0x0, 0x0)

14m46.176063979s ago: executing program 2 (id=211):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=@newtfilter={0x24, 0x2c, 0x2, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0xb, 0xfff3}, {0xffff, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000880}, 0x40040)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_serviced\x00', 0x275a, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, &(0x7f0000000140)={0x21, {{0x29, 0x3, 0x2000000, @empty, 0x8000005}}}, 0xefd1081208756ae9)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x2c, 0x9, 0x70bd27, 0x0, {0x6}}, 0x14}}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

14m44.099495888s ago: executing program 2 (id=217):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'veth1_to_team\x00', &(0x7f0000000500)=@ethtool_gstrings={0x1b, 0x6}})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x70bd28, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x40000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000020c0)=@newnexthop={0x28, 0x68, 0x1, 0x3, 0x80000000, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x6}]}, @NHA_FDB={0x4}]}, 0x28}}, 0x4000)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x2a}], {0x95, 0x0, 0x700}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x118, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffffff, 0xffffffff, 0x210, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, [0xffffff00], [0x0, 0x0, 0xffffffff], 'veth0\x00', 'wg1\x00', {}, {}, 0x2f, 0x3, 0x2, 0x46}, 0x0, 0xd0, 0xf0, 0x0, {0x0, 0x4c00}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x2b}, [0xff, 0xff, 0xffffffff, 0xff], [0xffffff00, 0x80ffff7f, 0x0, 0xff000000], 'veth0_to_bridge\x00', 'veth1_to_team\x00', {0xff}, {0xff}, 0x6c, 0x3, 0x5, 0x2}, 0x0, 0xd8, 0xf8, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[0x4e22, 0x4e21], [0x4e21, 0x4e22], 0x9, 0x0, 0x5384, 0x3}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318)

14m28.766984094s ago: executing program 32 (id=217):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'veth1_to_team\x00', &(0x7f0000000500)=@ethtool_gstrings={0x1b, 0x6}})
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x70bd28, 0x0, {}, [@NHA_FDB={0x4}]}, 0x1c}}, 0x40000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000020c0)=@newnexthop={0x28, 0x68, 0x1, 0x3, 0x80000000, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x6}]}, @NHA_FDB={0x4}]}, 0x28}}, 0x4000)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x2a}], {0x95, 0x0, 0x700}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x118, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffffff, 0xffffffff, 0x210, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, [0xffffff00], [0x0, 0x0, 0xffffffff], 'veth0\x00', 'wg1\x00', {}, {}, 0x2f, 0x3, 0x2, 0x46}, 0x0, 0xd0, 0xf0, 0x0, {0x0, 0x4c00}, [@inet=@rpfilter={{0x28}, {0x3}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @dev={0xfe, 0x80, '\x00', 0x2b}, [0xff, 0xff, 0xffffffff, 0xff], [0xffffff00, 0x80ffff7f, 0x0, 0xff000000], 'veth0_to_bridge\x00', 'veth1_to_team\x00', {0xff}, {0xff}, 0x6c, 0x3, 0x5, 0x2}, 0x0, 0xd8, 0xf8, 0x0, {}, [@common=@inet=@dccp={{0x30}, {[0x4e22, 0x4e21], [0x4e21, 0x4e22], 0x9, 0x0, 0x5384, 0x3}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318)

5m55.3685205s ago: executing program 1 (id=1651):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r4)
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010029bd7000fbdbdf2507000000080005edad6dd301991fa6f02a1100020000000008000100010000000c00170002e765ba03aaaaaa"], 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x300048c0)
sendmsg$NL802154_CMD_SET_CCA_MODE(r4, &(0x7f0000009500)={&(0x7f0000009380)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000094c0)={&(0x7f0000009440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042cbd7000fc33f3000000000008000300", @ANYRES32=0x0, @ANYBLOB="080001000100000008000d000100000008000d000100000008000300", @ANYRES32=0x0, @ANYBLOB="080001000300000008000d00000000000c000600010000000100000008000c00010000000c0006000200000002000000"], 0x6c}, 0x1, 0x0, 0x0, 0x5}, 0x4000000)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000), 0x0)
accept4(r3, 0x0, 0x0, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10)
bind$tipc(r7, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10)
bind$tipc(r7, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x1, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000280)={0x42, 0x3, 0x1}, 0x10)
close_range(r6, r7, 0x0)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000140)=0x7)

5m53.315822583s ago: executing program 1 (id=1654):
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r3, 0xc02464bb, &(0x7f00000000c0)={0x0, 0x0, 0x3ff0, 0xffff, 0x4, 0x7, 0x7262, 0x5, 0x3})
sendmsg$NFQNL_MSG_VERDICT_BATCH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)={0x14, 0x3, 0x3, 0x3}, 0x14}}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/config\x00')
preadv(r4, &(0x7f00000026c0)=[{&(0x7f0000001240)=""/4080, 0xff0}], 0x1, 0x4, 0x73)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000340)={'gre0\x00', <r7=>0x0, 0x80, 0x700, 0x1, 0x7, {{0x18, 0x4, 0x3, 0x0, 0x60, 0x67, 0x0, 0x3, 0x29, 0x0, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_addr={0x44, 0x3c, 0x3e, 0x1, 0x7, [{@local, 0x7}, {@private=0xa010102}, {@private=0xa010102, 0x8}, {@local, 0x4}, {@multicast2}, {@remote, 0x7ff}, {@loopback, 0x1}]}, @lsrr={0x83, 0xf, 0xc8, [@multicast2, @dev={0xac, 0x14, 0x14, 0x3d}, @rand_addr=0x64010101]}, @noop]}}}}})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000003c0)={@empty, @loopback}, &(0x7f0000000400)=0xc)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0xa0, r5, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x81}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0xa0}, 0x1, 0x0, 0x0, 0x2000c040}, 0x800)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
write$tcp_mem(r8, &(0x7f00000025c0)={0x8000000000004, 0x20, 0x4, 0x20, 0x6c}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
read$FUSE(r9, &(0x7f0000000580)={0x2020, 0x0, <r10=>0x0, <r11=>0x0, <r12=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r9, &(0x7f0000003040)=ANY=[@ANYBLOB="5806000000000000", @ANYRES64=r10, @ANYBLOB="0000000000000000020000000000000001800000000000004600000000000000ff000000020000000600000000000000a90f000000000000f9ffffffffffffffff0f00000000000002000000000000000300000000000000040000000000000007ed000000a0000008000000", @ANYRES32=r11, @ANYRES32=0x0, @ANYBLOB="fd55000001000080000000000000000000000000030000000000000006000000050000007663616e30000000060000000000000000000000000000000500000000000000c0ffffffffffffff030000000002000003000000000000000200000000000000050000000000000001ffffffffffffff0f000000000000000700000000000000ffff00000200000001feffff0030000002000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="05000000184c00000000000000000000000000000100010000000000080000000b000000257042202020200001000000000000000000000000000000ffffffff00000000070000000000000025f40000020000000600000000000000070000000000000002000000000000000f00000000000000ffffffffffffffff010000000000000002000000080000006194000000e0000007000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="008000000080ff01000000000100000000000000a9d00000000000000a0000005e9a00002f6465762f6375736500000000000000060000000000000002000000000000005f0000000000000004000000000000000400000001000000000000000000000007000000000000000010000000000000f9ffffffffffffff018000000000000000000000000000000008000000000080830b000000c0000001000080", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="8a020000070000000000000005000000000000000400000000000000010000000a000000000000000000000005000000000000000200000000000000080000000000000001800000000000000d00000006000000060000000000000084010000000000008705000000000000008000000000000008000000000000000000000000000000ffffffff0600000010000000002000000b000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="000000800b000000000000000200000000000000080000000000000001000000a200000028000000000000000200000000000000010000000000000009000000000000000600000000000000f8ffffffff7f0000050000000000000001000000000000000c000000000000000a00000000000000060000000000000006000000000000000300000006000000070000000080000008000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="0500000003000000000000000300000000000000020000000000000001000000090000002c0000000000000006000000000000000000000000000000d55d000000000000030000000000000005000000810000000300000000000000ffffffff000000000500000000000000020000000000000001000000000000000200000000000000060000009e4f5069000000800020000006000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="0600000005000000000000000000000000000000fcffffffffffffff060000000400000026272e3a262800000200000000000000010000000000000001040000000000000500000000000000800000000400000005000000000000000404000000000000050000000000000004000000000000000108000000000000ff0000000000000006000000a2d70000ff7f0000004000007f000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffff7fc60000000000000004000000000000000100000001000000040000004f0f00005c2d2d2c0000000005000000000000000100000000000000ff0700000000000004000000000000003d0000007f0000000600000000000000070000000000000005000000000000000300000000000000ec590000000000000500000000000000040000006c0f0000000000800040000080000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="060000004a6a00000000000002000000000000004f0500000000000008000000ff0300006e6c3830323131000500000000000000020000000000000002000000000000009f04000000000000ff7f00006500000005000000000000004abe000000e81f00e806000000000000b504000000000000000000000000000003000000000000000100010000f8ffff06000000004000003eca4c4bbc8b7c8b9a75f92c700b53b1ad68ba44ea777b668fcc155323f32bd0b024fe7464e36757c671a65109980f62c223b39a6fe5729f1259a46cca11d7c8ea562e6161adb9ba82a0407a2413af400fd3491f9b6f77a56fbdb68baaba4a35a70d4a6531690a31d3f945338cf930e6bf3cb9fe645df61cd9e3f81bfb414f3f89bed20192425c7a483db5969619f9", @ANYRES32=0xee00, @ANYRES32=r12, @ANYBLOB="01000000e262000000000000020000000000000001010000000000000100000003000000ad00000000000000"], 0x658)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr={0x20000009, 0x0, 0x0, 0x2, 0x4}]}}, 0x0, 0x26, 0x0, 0x0, 0x5265, 0x0, @void, @value}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2}}, 0x20)
r13 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SELLOADLUT(r13, 0x541c, &(0x7f0000000040)={0x5, 0x4, 0x3eac, 0x7, 0x3})

5m50.484069559s ago: executing program 1 (id=1662):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000001440)=[{{&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000040)="917e13244a", 0x5}, {&(0x7f00000001c0)}], 0x2, &(0x7f00000003c0), 0x0, 0x40050}}, {{&(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000500)="90f2f301e989e21271ea69e139ebb6f2b181bbe891b47906e96b8256545d0a0ec6222f3a02ddccbcfaa0b546fe63133a747a7aee972cbeb010d7461ef9c18f0f914c09b79a1378bdcad0a103ab14c48054eb9a1604228a390a1ea99f922c33f053ed96ecc8c22d", 0x67}], 0x1, &(0x7f0000000640)=[@cred={{0x1c, 0x1, 0x2, {r4}}}, @rights={{0x18, 0x1, 0x1, [r6, r1]}}, @rights={{0x18, 0x1, 0x1, [r6, 0xffffffffffffffff]}}], 0x50, 0x24002001}}, {{&(0x7f0000000580)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000000b00)=[{&(0x7f0000000740)="2c60064d08f22d3fbb5bae88d74c44da62ce2e5e448d68d5e9edb44be9863fe0f5b1444dceccad12f6315bae2a6829c6d40b1c33ffeeb181aceb12f27fedd05524fe1f82634723e7fcedba7a25436e4a636aae924f68ee317cf4e9ba935f9b7373dfed7f782d055d886f4328ec7ff906dc56bfef433deab6c97ccd04360ed24dc010e5d382323418846afc1cd71d833a48cce0f6625802b1314ad447e5b9818c2855531fce8a34818f0725bea7024f1afb5040cd162b98beb96fa0b6d982f3e7e8bf0caec8af3fdc4203b0cf2384cddc71fe7948015e56d4bdb21acd81b3ce8d934531bb709da3009df552cc78de48391c3f6b9c7341", 0xf6}, {&(0x7f0000000840)="4a009a117e16e7eaa6988d115ab2d4a86eb9c29b63a8150fc604a8e5f2f29f1ce0ee385a9fe168c7d550a6aca6c58f564c97d2822001da2100118b823932ac4c91747ec4c6d24e9846381097a4466a4759ed95b09687e15df37cb33a9cb0aab834f81156348eb21a97e3df2251853532d76eead1de36900b623d6fb39ff47c7e930975ca2ff0b7ca83ccdd238aa4338bf93f29fb935c87aaaf3e71488f7da5e8c2841c9cf78a57d44811f54c99dd8a6b999466e833e3b291ffdebf36f82a79e9b52a679b7ee6f53211d1bc987933222141c92eb7", 0xd4}, {&(0x7f0000000940)="6d0a65db3d63e7349fce5d6affae66e8ea3202baf48b7d5ff890a8fe309b9da37a7e0a61a96885205d45a82cf921a2eebaee3d6cde96c83e8e8381cddac3d75f38141de52ea2bbf277", 0x49}, {&(0x7f00000009c0)="fa3c649204b4c8d1aac691331b47affafcb83e3ce1d4cd52abb86ceda29b066b5d35168fdf47899ac30770433f0b56a012ffc5e5b645fc6d0d9c86373418e2725ad98cb441644185a567db6b0566bdd05d9b0ef08049f5286d8a266e22e622587010bf2c414faf0b3b60b2ebadd94234ddf3f5c5c3e6b6cbccd40c511e9debbe17cbe98086ca31a1b96c777a92a23da9600a42eec183db605d3acb5a7e545327c584a656927e7e57ed3c56b2e82cde16e79585c34cf10114f98230fd9fef45ff3c8afe715953dde80d727b6c9e9bea348783e9aeb5cb286512f73daeaaccd78eb7b227c6f9", 0xe5}, {&(0x7f0000000ac0)}], 0x5, &(0x7f0000000b80)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40, 0x4008080}}, {{&(0x7f0000000bc0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000f80)=[{&(0x7f0000001580)="7dd502ee9c7a450d27789706f74bf49f18703e03d6c6d1f0a2ce321a7dbbbab9a57872ebe12d53da31456e0dff7c225806fbb0428e0bfcf74d70133e54ab0b329b559fad4674027d6b3e69162faf8bb394ddeebd5d85a562fdb2e36ffd31ed3f2506fb14b2b8d0ed32f7e2b8d446f2a2a945d74d4f4619cf249f9eb6bbf6df1841939812a92098c525778b17632f23b8872c12dabdf6c6c174fef081a9483e32c0c19b64b8c6d88dd4d11657d4cb51eb9fcf153d6faf10b855ceca9a77c3775cf10b011718c9841f00497da11ecb5492e54ed0b103079438f156", 0xda}, {&(0x7f0000000e00)="de8e3445cc4b6ec0518d7438a6756e164f8b2161a0ec942a200db6c393a3a36bc90f0d802bf6881ec4aa3501b083b2e84622d3d4b93995f3504317b7ed09cb223ffbee9cd0ae7be5aa93239b5a3a1fbd19c12516da8f01ca28b6ed9e39b6b14c0ad3c36b06c096f8d4086a04e9f64b736c8d7e8d75e253eeabb58722d319d41c966c5c112fecdf3da77bcdd088d95192e35345", 0x93}, {&(0x7f0000000c40)}, {&(0x7f0000000c80)='g', 0x1}, {&(0x7f0000000ec0)="aacd66ae8927809d3b9c1036fde59cf9abf0d459e29d300d7c19987351397e92ee06aa066ccc18926e009b40d1271eaec94a00fe9b65f74467f2f637442f7b1027c83f00a967d23554d98a60b024b1d8fec739660877997c0a72716ca66c2d73c5e940bab6881a68377e66ce2ff94be8945c0a5fb61cebf7f412688fef665f16918a959952dc50a9dd8ad325dd614e3ae82551", 0x93}], 0x5, &(0x7f0000001000)=[@rights={{0x20, 0x1, 0x1, [r2, r3, 0xffffffffffffffff, r3]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0, 0x20008804}}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000010c0)="1781356b7d72b0228c98063cfa044650ea397004c43fa294596e723dade35c60f299e43acf96df7ee17856adaae4e0301cbe9e9d0dcbdccf521fe1d137eb10170e6820636620a5bd0012f5b3000dbcc2024e682d80b78a528ad557c26462cb741429ac760e19d278581290f55c68b3af52c440c78f60ecaac4fe03e1cc4647565104453d3859a60c9a0fa2dcfcc5e07feba339b4e304d5c09bc1a4fe1307214490ff9ce2c9fd188d462e", 0xaa}, {&(0x7f0000001180)="8fdeef0adb3dcd7efb1d8ae3a5628ace6df21052711a2da9a1055a5ae04a9f2c23ae00455025925096a0a7a50f4aaeec6e86c3dfc937730a0ae5e04a05e0d7a0cdb766d3bde24dfac1a34db4ab28eaeae74b0015e0ba0d5e0d55c24d6b2a4957edf183cee17e463cdd9fd6eaa274854ad6bf5012613fc882d883760b2d03cdb7c4c1e28fd5ac7cc9dfd8f8763c6c17fc863979d1e5cf706c3193be67cc37e8cc806e30be62bc5808ab", 0xa9}, {&(0x7f0000001240)="36c1a2379085e47eec9cf6882f", 0xd}, {&(0x7f0000001280)="9fcfb648", 0x4}, {&(0x7f00000012c0)="1e378c0fc7fe34a8a9a80968d2d11c9db2d721dcc7d6109a09e8023100f1d9fc57fd3b1462bd61d6a09f3f71249e0ed15ac50681c77479f9a3c9cc676ee7c5943c0204305ecd1317011d7d9b7158ee6e96edd4403249449a4c0592ab7a65d5633c26bd3089ed6a8d7f46ccf87b11b80b12bbf0fff6d41f85fef37ca84b7f6513514a9d5676022dc1f4525498d2fa5553be1c5e1210976ee6e93544ddd27fd1793851eeba46010651eb87bc6c5478a5994461f96b9f57e17eb055b42664d6e24699b894d461c838b973e7d2bfe1705811e84c07e4cf3a23f1f759746156bdee896518378ac94e49e1128df3d9af5e2a85b2f3cd39cbb9cd9d", 0xf8}], 0x5, 0x0, 0x0, 0x4000000}}], 0x5, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$sysctl(r7, &(0x7f0000000180)='2\x00', 0x2)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000cc0)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000004c0)=0x27)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r9, 0x5b24, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
memfd_secret(0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b"], 0xec)

5m45.78272985s ago: executing program 1 (id=1669):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
ioperm(0x0, 0x3ff, 0x9)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
keyctl$clear(0x7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
creat(0x0, 0xd931d3864d39ddd8)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)

5m44.843305529s ago: executing program 1 (id=1672):
syz_open_dev$ttys(0xc, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x9, 0x0, &(0x7f0000000740))
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
modify_ldt$read(0x0, &(0x7f0000000780)=""/233, 0xe9)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20)

5m42.743311985s ago: executing program 1 (id=1675):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2}], 0x10, 0x0, @void, @value}, 0x90)
sendmsg$inet(r2, &(0x7f00000014c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000001140)=[{&(0x7f0000001400)="b7", 0x1}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x84, 0x7b, &(0x7f0000000000)=r5, 0x8)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r6 = accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r6)
recvmmsg(r6, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0xc805)
getsockopt$inet6_int(r0, 0x29, 0x2, 0x0, &(0x7f0000000200))
r7 = syz_open_dev$tty1(0xc, 0x4, 0x2)
write$UHID_INPUT(r7, &(0x7f00000005c0)={0x9, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b073172090890e0878f0e1ac6e7049b3371959b6e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6b922f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa0b9d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c71568f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897f3411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2de8a50ddefeb12c46342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f02f4cded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

5m27.017726055s ago: executing program 33 (id=1675):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2}], 0x10, 0x0, @void, @value}, 0x90)
sendmsg$inet(r2, &(0x7f00000014c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000001140)=[{&(0x7f0000001400)="b7", 0x1}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
close(r4)
recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r5=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r2, 0x84, 0x7b, &(0x7f0000000000)=r5, 0x8)
bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r6 = accept4(r1, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r6)
recvmmsg(r6, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0xc805)
getsockopt$inet6_int(r0, 0x29, 0x2, 0x0, &(0x7f0000000200))
r7 = syz_open_dev$tty1(0xc, 0x4, 0x2)
write$UHID_INPUT(r7, &(0x7f00000005c0)={0x9, {"a2e3ad21ed0d52f91b5a090987f70e06d038e7ff7fc6e5539b5b43078b089b3b073172090890e0878f0e1ac6e7049b3371959b6e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6b922f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa0b9d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c71568f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897f3411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2de8a50ddefeb12c46342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f02f4cded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

35.653212938s ago: executing program 6 (id=2616):
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, &(0x7f0000000000)={[{@noswap}]})
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0xfffffffffffffff3, &(0x7f00000001c0), 0x1, 0x0, 0x0, 0x400c050}, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
semget$private(0x0, 0x6, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x4, 0x2ffffffff}, 0x2e)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

35.398562444s ago: executing program 6 (id=2619):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r0 = inotify_init1(0x800)
inotify_add_watch(r0, 0x0, 0x600010c)
r1 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000140), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000900)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f00000002c0)={0x2, 0x0, 0x6, 0x6})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x17)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

34.717264532s ago: executing program 6 (id=2621):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0x28}}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r2, 0xc02464bb, &(0x7f00000000c0)={0x0, 0x0, 0x3ff0, 0xffff, 0x4, 0x7, 0x7262, 0x5, 0x3})
sendmsg$NFQNL_MSG_VERDICT_BATCH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)={0x14, 0x3, 0x3, 0x3}, 0x14}}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/config\x00')
preadv(r3, &(0x7f00000026c0), 0x0, 0x4, 0x73)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000340)={'gre0\x00', <r6=>0x0, 0x80, 0x700, 0x1, 0x7, {{0x18, 0x4, 0x3, 0x0, 0x60, 0x67, 0x0, 0x3, 0x29, 0x0, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_addr={0x44, 0x3c, 0x3e, 0x1, 0x7, [{@local, 0x7}, {@private=0xa010102}, {@private=0xa010102, 0x8}, {@local, 0x4}, {@multicast2}, {@remote, 0x7ff}, {@loopback, 0x1}]}, @lsrr={0x83, 0xf, 0xc8, [@multicast2, @dev={0xac, 0x14, 0x14, 0x3d}, @rand_addr=0x64010101]}, @noop]}}}}})
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x43, &(0x7f00000003c0)={@empty, @loopback}, &(0x7f0000000400)=0xc)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0xa0, r4, 0x8, 0x70bd2a, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x81}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0xa0}, 0x1, 0x0, 0x0, 0x2000c040}, 0x800)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
write$tcp_mem(r7, &(0x7f00000025c0)={0x8000000000004, 0x20, 0x4, 0x20, 0x6c}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
read$FUSE(r8, &(0x7f0000000580)={0x2020, 0x0, <r9=>0x0, <r10=>0x0, <r11=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r8, &(0x7f0000003040)=ANY=[@ANYBLOB="5806000000000000", @ANYRES64=r9, @ANYBLOB="0000000000000000020000000000000001800000000000004600000000000000ff000000020000000600000000000000a90f000000000000f9ffffffffffffffff0f00000000000002000000000000000300000000000000040000000000000007ed000000a0000008000000", @ANYRES32=r10, @ANYRES32=0x0, @ANYBLOB="fd55000001000080000000000000000000000000030000000000000006000000050000007663616e30000000060000000000000000000000000000000500000000000000c0ffffffffffffff030000000002000003000000000000000200000000000000050000000000000001ffffffffffffff0f000000000000000700000000000000ffff00000200000001feffff0030000002000000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="05000000184c00000000000000000000000000000100010000000000080000000b000000257042202020200001000000000000000000000000000000ffffffff00000000070000000000000025f40000020000000600000000000000070000000000000002000000000000000f00000000000000ffffffffffffffff010000000000000002000000080000006194000000e0000007000000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="008000000080ff01000000000100000000000000a9d00000000000000a0000005e9a00002f6465762f6375736500000000000000060000000000000002000000000000005f0000000000000004000000000000000400000001000000000000000000000007000000000000000010000000000000f9ffffffffffffff018000000000000000000000000000000008000000000080830b000000c0000001000080", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="8a020000070000000000000005000000000000000400000000000000010000000a000000000000000000000005000000000000000200000000000000080000000000000001800000000000000d00000006000000060000000000000084010000000000008705000000000000008000000000000008000000000000000000000000000000ffffffff0600000010000000002000000b000000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="000000800b000000000000000200000000000000080000000000000001000000a200000028000000000000000200000000000000010000000000000009000000000000000600000000000000f8ffffffff7f0000050000000000000001000000000000000c000000000000000a00000000000000060000000000000006000000000000000300000006000000070000000080000008000000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="0500000003000000000000000300000000000000020000000000000001000000090000002c0000000000000006000000000000000000000000000000d55d000000000000030000000000000005000000810000000300000000000000ffffffff000000000500000000000000020000000000000001000000000000000200000000000000060000009e4f5069000000800020000006000000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="0600000005000000000000000000000000000000fcffffffffffffff060000000400000026272e3a262800000200000000000000010000000000000001040000000000000500000000000000800000000400000005000000000000000404000000000000050000000000000004000000000000000108000000000000ff0000000000000006000000a2d70000ff7f0000004000007f000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffff7fc60000000000000004000000000000000100000001000000040000004f0f00005c2d2d2c0000000005000000000000000100000000000000ff0700000000000004000000000000003d0000007f0000000600000000000000070000000000000005000000000000000300000000000000ec590000000000000500000000000000040000006c0f0000000000800040000080000000", @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="060000004a6a00000000000002000000000000004f0500000000000008000000ff0300006e6c3830323131000500000000000000020000000000000002000000000000009f04000000000000ff7f00006500000005000000000000004abe000000e81f00e806000000000000b504000000000000000000000000000003000000000000000100010000f8ffff06000000004000003eca4c4bbc8b7c8b9a75f92c700b53b1ad68ba44ea777b668fcc155323f32bd0b024fe7464e36757c671a65109980f62c223b39a6fe5729f1259a46cca11d7c8ea562e6161adb9ba82a0407a2413af400fd3491f9b6f77a56fbdb68baaba4a35a70d4a6531690a31d3f945338cf930e6bf3cb9fe645df61cd9e3f81bfb414f3f89bed20192425c7a483db5969619f9", @ANYRES32=0xee00, @ANYRES32=r11, @ANYBLOB="01000000e262000000000000020000000000000001010000000000000100000003000000ad00000000000000"], 0x658)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr={0x20000009, 0x0, 0x0, 0x2, 0x4}]}}, 0x0, 0x26, 0x0, 0x0, 0x5265, 0x0, @void, @value}, 0x20)
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SELLOADLUT(r12, 0x541c, &(0x7f0000000040)={0x5, 0x4, 0x3eac, 0x7, 0x3})

33.738459146s ago: executing program 6 (id=2625):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x161090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x21adc51, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x10, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x141301)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f00000002c0), 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
ioctl$USBDEVFS_RELEASE_PORT(r2, 0x80045519, &(0x7f00000001c0)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x101442, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}}, 0x0)
dup(r4)
read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020)
write$FUSE_DIRENT(0xffffffffffffffff, 0x0, 0x70)
ioctl$HIDIOCSFLAG(r1, 0x4004480f, 0x0)

31.083918012s ago: executing program 6 (id=2638):
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x50009404, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, &(0x7f0000000080)=0xb, 0x8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)

29.978556179s ago: executing program 6 (id=2644):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000c0000000000000000005e255377457a95490285000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = socket$inet6(0xa, 0x5, 0xeed)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x93}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet6(r2, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r2, 0x1)
r4 = syz_open_dev$radio(&(0x7f0000000180), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r4, 0xc0405665, &(0x7f0000000140)={0x2, 0x1, 0x0, 0x400, 0x5d, 0x9b5})
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000001e0000ffffffffffe900000007000000", @ANYRES32=0x0, @ANYBLOB="000002000a0002000000000000000000"], 0x28}}, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
bind(r1, &(0x7f0000000480)=@un=@abs={0x1, 0x0, 0x4e21}, 0x80)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, &(0x7f0000000040), &(0x7f00000000c0)=0x30)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x7}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}}, 0x2004004)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r7, 0x0)

29.66837215s ago: executing program 34 (id=2644):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000c0000000000000000005e255377457a95490285000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = socket$inet6(0xa, 0x5, 0xeed)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x93}, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet6(r2, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r2, 0x1)
r4 = syz_open_dev$radio(&(0x7f0000000180), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r4, 0xc0405665, &(0x7f0000000140)={0x2, 0x1, 0x0, 0x400, 0x5d, 0x9b5})
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000001e0000ffffffffffe900000007000000", @ANYRES32=0x0, @ANYBLOB="000002000a0002000000000000000000"], 0x28}}, 0x0)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
bind(r1, &(0x7f0000000480)=@un=@abs={0x1, 0x0, 0x4e21}, 0x80)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, &(0x7f0000000040), &(0x7f00000000c0)=0x30)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x7}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}}, 0x2004004)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r7, 0x0)

7.165482078s ago: executing program 5 (id=2697):
mkdir(&(0x7f0000000580)='./file0\x00', 0x0)
r0 = inotify_init1(0x800)
inotify_add_watch(r0, 0x0, 0x600010c)
r1 = syz_io_uring_setup(0x27f3, &(0x7f0000000340)={0x0, 0x4, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000140), &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_setup(0x7414, &(0x7f00000003c0)={0x0, 0xd326, 0x800, 0x0, 0x2ac}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0)
setxattr$incfs_metadata(&(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000900)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f00000002c0)={0x2, 0x0, 0x6, 0x6})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[@ANYBLOB="02000000040000000800000001000000800000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x17)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

6.983852882s ago: executing program 5 (id=2700):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000380)={"37254072b4e7d8e69029b71b0709be0f21e9e4832c619ed053020d7c8c77a5bf8e3ebaaa02ea0f26228e65db8491213515b7d02890fd896e724711b8afb286304c8c1def1f0114409b9854bb44262e7bee9fccc1027413669111a886b7721d17517fedf34d7231fa43a415c67976ea39467a656edca72f30a74e54ecaa602f41fbf7f725d83b6bd9a639cf1e4937d611328a2990992adabc5622397374d63eb69d69c17357745462d07c4fdf71bcda74931f482af37784c8ff04e4d9d0b231ff557a21c510a3e91a2a532811c71ab9c91883fed710c229f2e388e7da4283f6ececb7380de393be053c147a6a659ef96f4d910db86dde66ad5b54db066e715c0c6698159ab4d0e9fb4fde9c9f0e12de9b39d94209e607ecf9e7f28a29f3559150f87ec8a670e162707e427abd2c8d8dbbd685f9a5908ff6fc85deff8257b0ddceb830db4fc6ad5e7a21e85e00f619362b1053b9fbcaec2a8d5476d0f77693b4db2a728add2260550ec610332cf5bcf5bdd2c2f68d4d357d3f304c484639d4be87cca1125217652d2991fdceec152eabdd1c4ee8ce1a5da632d740b192ad26b1871822ee62635da808b625c50963656a7b2b3dec08f211878de91b1c468a659a27771dacdb9ff427e24faeea1ff563cf34b713472001708756a6d282cf9d82dffe804d266735d39c195454ece75f4e231b1ee24c4d9c88e236e2303fabb687ceea94caf33bb6a4c61405c440ca1f63dc0c031c85a9461716a407c5280766ea398b8b7d32b255949a91fa7dcc1a53ebfe15b75c684520cef2ce2bbae66a460df76ad2993651c63ded96627fb67ada7946fc600d4dc61a67f2007d77ea9516b44a6d5050c66de2a2d3bbb60c92d80135a2d5c50ef6b73fc031a810d38dbfa39b7b84fc8d6cf8775d5ca0ce9627cdd85a0ad33f9ccaa24fa1d4a070a3b67d9f9b5ef76a3a3e07cf2f9d42cb2cfcf5b8dca19f26e5e3f1d776c439195fac7d7c817dbbfb19303a7b240bca32ffe195bc759ee0a1dd8c8882cf25ce30a39a947f24a4cb2baf39205b6d4a2e8f76f1cc0674931188a9ddc0920f8ff33c8dc761bd9e04c085df56a4c1f0eab3b2310fb06890fc610addf5e6b23b6dc619ea9e117d5062328625e2964c303241f72fd6f0211fb3520e8a5542747e867d19e2570f9e49d7eacdf0694bd9ded32fe3a5244c093f7d44fcdf51a42f2dea48eb3e8524ec3685ad9476a80297046241de1a16f8a8f54f8347935aac74cf9bbbae4036862d92869b548db56698a131afeb8a91ba4c3156520af533fd876e59e27ece188c4220bac2041aeb904fae1bf589cea3ac97d5c76e4a233508f4fabcf2b99b2472896db8cc12b0c306522c858a4a4c8ba239713e507df1a77d6ff8643c177a451a697afc6a82b42fa3edaff8b7ccff90b0c22a02c119147e547d029f216f40099ef2b8fbac"})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x0, 0x1, 0x0, 0x0, 0x8, 0xfc, 0x10, 0x0, 0xfc, 0xff, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0xff, 0xfb, 0xff, '\x00', 0x4})

6.577092002s ago: executing program 5 (id=2706):
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="31010000dccd5e08cb0603001b00160000010902240001000064000904"], 0x0)

5.801412176s ago: executing program 4 (id=2717):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)=ANY=[@ANYRES8=r2])

5.651767793s ago: executing program 4 (id=2721):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x5, [@typedef={0x4, 0x0, 0x0, 0x7}, @union={0x0, 0x0, 0x0, 0x5, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x1, 0x7fff}}, @restrict={0x1}]}, {0x0, [0x0, 0x0, 0x0]}}, &(0x7f0000000340)=""/142, 0x59, 0x8e, 0x1, 0x0, 0x0, @void, @value}, 0x28)

5.238650158s ago: executing program 7 (id=2722):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003460200bfa30000000000001702000000feffff7a0a00fe14ffffff79a4f0ff00000000b7060000ff0800007e640200000000005502faff037202000404000001007d60a6040000001000006a0a58fe39000f00850000005a000000bc600000000000009500000000000000a81bbfa32d51a7d0679fd43041097666ab982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c4580034fb000000e3a94bd24d2eb3860d808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b893d3b72cd6c832e986440ff0a7e8620cb231ccd00000000000000000000007777e2704653f620b2272c3c7fea60491073847c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a1f00e891728807982d90e116bba29bb70900000000000000c63ad2e7402f9cb424ac416e66af9ebbfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b464d9e57dfdb06dcf9101000100130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ebdecbd061772daa52a38539295d3fea7a7e669441e1ff04114dfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cbe8925efd0c81af69a3e97588878d7ce18b68bc37e061d33357d6a39d33c702576cc2a8891663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a90000000000a2a283801ff218538cb12c72b56ffb6b7a062581ec749f5700000000009f1f5ab2e02739ccd50523d3360300005cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ffb0e97628a88a5e37032f1e8f6c893e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2816e301fc8a24dba6fca8b270d44fe65e7bd90a5fc16387bcb5e3df18d7d2a33c72cfda827b8926a6dc6bc19ce398cb8fe48b11b7f93e6fdfb040283c9627bd40909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9598eb067b21111dbaa58b19a52f3f12880128d08eb477ad349ca214bc7f80000000000ffb52da89cff41552996e20a585c7d265bd749eeba040fa7111c84142757709d7c475fac2839beb833327db41c6b647c7ee9ad419a6c68dd5c2ce4fa23c280518fc6e54d1b055cae5492e8c4cdd314a49631a15de2bffc920dd74e670794acec7a9da17d809bf956f1af51cf3c0711792d3071dfdaec3c66053cdb00028f6fba8da8f53de39a5999e56fc26ae866674627c8a53d3fd245050060ed40782d1d98bf1e1f5dfd4d1fb399624c12732e300818b222ce029ce01055f941721226e3e5f05d2837240f8f6831b6ef2a02ec64aae1eea9cfac06d8b7042e8ebdc6cb0d4a140e1e631d06afc99d397c5b67b290344e347c953806b298f288884335f624378b3748a4a86bbd0a62127b2c28ce3737661b98bd45965b537ece7bd4e365ffd5567df4d02034c8d488a49c6fb1a0a02eaab2f271d3a14e44211e4ff602d146f72355972860bdd14719d65301964d022819b75696ce47534c9d989d69a445095ff8fbebd2c84635acc333f2aca4623cfe9f9e6c3f9fbb4374c08e1be5eec12c329a87d335fd7a52a4e4e7c2e57fa2f0df9500347b300f84230783cb665f3fa44f5d6fa987aa93c2619ef4977f9e4d38adec323778f3bc987533ffd85fe5417398a3001b394fccbd2faee83b5e2b8a2dd18cf067b619a82c4706531b3ef336a84e825c63b9bc7b98b4ad6a471692224adef86f4c9930169dfa133e22929d5a27e10bfbcfe7c02ca451afd74d26f489e0e09cf1b596ae0c959cf26cb0c8114a9311b7f2fe2ad977074ff5f62f6777a20700414ed03ba3d7404eadd43a62ad1173491a5c099290393e1f85aeb3886fbb7f6646212054a850d58a71c6d6027cd3a5ff22e98672349f9bddb23622e2f19b39e51ced84524567ec1fcb233a2fb85371e9b08b6fd4adcd4db148ed26757123a0e604bcf6ffdcc303956e1805f1746361bd3eeb55d3fefe6ac274c2e6c78963430118942d62a465698e600dadd81a53ffd29358746e8db2499e3fca62b0ff660b0aaeedadeb194a9217e9fed2ce04cc24451871d5bcd76173ab7123cc27eef33dbb4d3c3bf1fc2df68a98345c15667388c5000000000000000000000015000000c0459f900702908d4979288d06c7159ef2663dc7ea9302b10bf2da21e3990ddf20a38adc1fd15124310daf2461224cfbfd5e6265d012d60fc9e39209ce3209720f8d7bf39bf71d0d46ed6d51eede797da70cf0b7463cffc80a7a56eeb25ed0adfb146a3221c20d51f172cf2eefe1e6b28cffc1e40a789d5513626f5c4fbf65a2b5a093634b806b7ee570f70f624ce8c02d4c1ec7a9370f42a807f1d46fe77be0637a8007343b7771788f64b36cab94a99243bc780702f98f34a80f81aeb853f97c3e9586805d1a240d7e870b15defbc6b21fdc98a79759c9b8375313deea0000000009e38e9539d6b9507b6f3f8d29992d080a13aed8879a1f2cf352fb5a376427f89d432f7fe7c0cad2ce38427fc773cef47e00000000000000000000000000000000000d09b8ee6321377ffcb6cc386f8704ae9ce6c11b4bb91d0097ef2b77e0cd28af1222e68c2745eca64fa40db07f6e5925224069d14395f7170ab9c2d396f7510f65ce5b0405d8951a70a37117d13c5b2f684c52bff2dc895f5e06e497adee9de0012dd140c592137c90319f8a578007b57aaba3fb93d29a6584313e5b58f8a71cebf77a0891f3633dba69588ec728e785e6e4431fce5a143451c7a51c22b1b605347db811eb9a461f4ef2612181aa8cafc33a2047b7ba57a5"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x37, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x24)

4.796871208s ago: executing program 5 (id=2723):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001d00010027bdc5ef1d81d242955e00fd", @ANYRES32=0x0, @ANYBLOB="0200d0070a000100aaaaaaaaaa1e0000"], 0x28}, 0x1, 0x0, 0x0, 0x20040100}, 0x800)

4.718571878s ago: executing program 4 (id=2726):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@private1, 0x4e20, 0x0, 0x4e22, 0x6, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x1, 0x0, 0x0, 0x24}, {0x0, 0x4, 0x0, 0x7}, 0x0, 0x0, 0x1, 0x0, 0x6, 0x1}, {{@in=@local, 0x800, 0x32}, 0xa, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4}}, 0xe8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0xffff, 0x0, @mcast2, 0x9}, 0x1c)

4.647735075s ago: executing program 4 (id=2727):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x8, 0x20100)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000040)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x200000000000, 0x404000000000, 0x400011}})

4.62016542s ago: executing program 7 (id=2728):
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x99e, 0x20000)
ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000180)={0x4, 0x2, 0x8, 0x0, "1fd955c292873b955690540a25ea0d9d469e9db40b4aaeb2eab35b44448679f4"})

4.619526411s ago: executing program 5 (id=2729):
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00001009040000022a3e740009058bff7f000010110905", @ANYBLOB="8d"], 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)

4.55466449s ago: executing program 0 (id=2730):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r0, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000080)=@file={0x1}, 0x6e)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
accept4(r0, &(0x7f0000000100)=@nfc, &(0x7f0000000000)=0x80, 0x80000)

4.554521072s ago: executing program 3 (id=2731):
openat$full(0xffffffffffffff9c, 0x0, 0x86480, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f00000000c0)={0x1})

4.518347328s ago: executing program 4 (id=2732):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x9)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x4)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x8000f28, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fcntl$lock(r3, 0x6, &(0x7f0000002000)={0x1})
fcntl$lock(r3, 0x26, &(0x7f0000000080))
fcntl$lock(r3, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3})

4.512577142s ago: executing program 3 (id=2733):
r0 = socket$inet(0x2, 0x803, 0x1)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)='\b\x00', 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2004000)

4.496731009s ago: executing program 7 (id=2734):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'\x00', 0x2})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0x13)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x30a)
r2 = openat$incfs(0xffffffffffffff9c, 0x0, 0x1a10c1, 0x9c37611dc13d0d83)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@ipv6_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}}, 0x18}, 0x1, 0x0, 0x0, 0x40040}, 0x20008800)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x4c42bb4f92, 0x0)
shutdown(r3, 0x0)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200000, 0x1})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20)
ioctl$DMA_BUF_SET_NAME_A(r2, 0x40046201, &(0x7f0000000080)='*%()@-\x00')
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000100), 0x6)
socket$key(0xf, 0x3, 0x2)

4.422792847s ago: executing program 0 (id=2735):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendto(r0, 0x0, 0x0, 0x1, 0x0, 0x0)

4.244560012s ago: executing program 3 (id=2736):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000280)="c021", 0x2}], 0x1)

3.506191742s ago: executing program 0 (id=2737):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000c40)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2901090, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
mount(0x0, &(0x7f0000000d40)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0\x00')
syz_open_dev$tty1(0xc, 0x4, 0x2)

3.370343432s ago: executing program 3 (id=2738):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x101, 0x3})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0)

3.214621728s ago: executing program 0 (id=2739):
r0 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000100)=0x8000ffff, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f00000005c0)}, 0x3422a61a}], 0x1, 0x10102, 0x0)

3.214320446s ago: executing program 7 (id=2740):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getuid()
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

3.18122199s ago: executing program 3 (id=2741):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="84010000100001008000000000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100000000000000000000a00062000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1e060100000000000000000000000000000000330000007f000001000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00000000000000000000000000002000000000000000000000000000000000000000000002000000af"], 0x184}, 0x1, 0x0, 0x0, 0x400884c}, 0x0)

3.002117641s ago: executing program 3 (id=2742):
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0)
r4 = dup(r3)
r5 = fanotify_init(0x0, 0x0)
fanotify_mark(r5, 0x1, 0x40000033, r4, 0x0)
write$nbd(r4, &(0x7f00000000c0)=ANY=[], 0x10)
sendfile(r3, r3, &(0x7f0000000000), 0x2)

2.930825051s ago: executing program 7 (id=2743):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000280))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x0, 0x3, 0x0, 0x100, 0x0, 0x80, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x88000000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.728166779s ago: executing program 5 (id=2744):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT=0x0], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
syz_usb_ep_write(r0, 0x8d, 0xfb, &(0x7f00000001c0)="d0be166e5e8b26a5e6b39aa93e00d43ec7e813e40b8fcad530f5176b71ef3ac478184911afdd2a979d4c5b7fccca3f0c6871b5032e4727642967374587861ca6bd95847cd7fa48e161817931a074a00f2d99471f511f07fc4bd392b89c581899e2ae79abe551ecce24444d0d91595054bea9bb0ce5ca2985043edb126c403549e7c5d36ceba659a4acb46b1361f31359c9f1c4b02f5edbe98e11edb32d0c08ce4e024fcefdee253f92ee9a9acfc0642ca6543d7ee1bab1")

1.310319071s ago: executing program 0 (id=2745):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x9baaa000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000070000000000000000002018", @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x8c000003, 0x0, {[0x3]}}, 0x0, 0x8, &(0x7f0000000440))
r4 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0)
fallocate(r4, 0x0, 0x400000000000000, 0x7)

1.041262376s ago: executing program 4 (id=2746):
syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x61, 0x95, 0x5f, 0x40, 0x7cf, 0x1001, 0x4c86, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x57, 0xfd, 0x0, 0xdb, 0xa8, 0xcc}}]}}]}}, 0x0)

734.818403ms ago: executing program 7 (id=2747):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r1, 0x4b45, 0x2)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})

0s ago: executing program 0 (id=2748):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = signalfd4(r1, &(0x7f00000000c0)={[0x10001]}, 0x8, 0x80000)
sendmsg$nl_route(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@ipv6_getnexthop={0x2c, 0x6a, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NHA_GROUPS={0x4}, @NHA_MASTER={0x8, 0xa, 0x2}, @NHA_OIF={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x404c001)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x14)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0xb5, 0x5, 0x6, 0x0, 0x7fffffff, 0x4, 0xf, 0xc0, 0x40, 0x4, 0x60, 0x6, 0x0, 0x6e8, 0xffffbfc3, 0xf0, 0x6, 0x0, 0x7, '\x00', 0xcb, 0xffffffffffffff59})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000004c0)={0x2, 0x0, @ioapic={0x0, 0x59a35420, 0x20003, 0x10020f5d, 0x0, [{0x0, 0x9}, {}, {}, {0x0, 0x35}, {0x20, 0x6}, {0x0, 0x0, 0x6}, {}, {0x2, 0x6}, {}, {0x73, 0x1, 0x2}, {0x0, 0x0, 0xfe}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x80}, {0x7, 0x0, 0x0, '\x00', 0x39}, {0x0, 0x0, 0x0, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0xff}, {0x0, 0x0, 0xfa}, {}, {}, {0x6, 0x0, 0x0, '\x00', 0x6}, {0x0, 0x0, 0x0, '\x00', 0xfc}, {0x0, 0x5}]}})
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000180)={0x60001, 0x0, [0x6, 0x4, 0x8ee, 0x7, 0xfff, 0x400, 0xcb, 0x10001]})
ioctl$KVM_RUN(r2, 0x8004ae98, 0x20e10000)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x41)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
sendto$inet(r3, &(0x7f00000002c0)="0a4963abd95a47b1d3301f2111b48da4cfbc9869fc0daa9d07c755e3c88cf8d9fae04100f293600779e80ab5fae434f8098b95deee9496aa1d7ae295746d81bcdcd9530e75d9fcbd3bcad448c232c60b808130aba74cdf50c7ce5e39", 0x5c, 0x50, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
getsockopt$bt_BT_SNDMTU(r6, 0x112, 0xc, &(0x7f0000000000)=0x6, &(0x7f0000000040)=0x2)
write$binfmt_misc(r6, &(0x7f0000000300), 0x6)
syz_open_dev$tty1(0xc, 0x4, 0x1)

kernel console output (not intermixed with test programs):

comm="syz-executor" name="file1" dev="tmpfs" ino=2329 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  858.832537][   T29] audit: type=1400 audit(1741334006.669:713): avc:  denied  { read } for  pid=14170 comm="syz.3.2152" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  858.885094][   T29] audit: type=1400 audit(1741334006.669:714): avc:  denied  { open } for  pid=14170 comm="syz.3.2152" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  859.845505][   T29] audit: type=1400 audit(1741334006.689:715): avc:  denied  { ioctl } for  pid=14170 comm="syz.3.2152" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  859.919698][T14179] overlayfs: failed to clone lowerpath
[  861.266243][ T2337] pvrusb2: request_firmware fatal error with code=-110
[  861.283432][ T2337] pvrusb2: Failure uploading firmware1
[  861.299017][ T2337] pvrusb2: Device initialization was not successful.
[  861.319263][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  861.341044][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  861.360626][ T3397] pvrusb2: Device being rendered inoperable
[  861.444633][ T5869] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  862.224717][ T5869] usb 7-1: Using ep0 maxpacket: 8
[  862.236649][ T5869] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  862.323630][ T5869] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  862.394566][ T5869] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  862.518832][ T5869] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  862.685431][ T5869] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  863.104654][ T3397] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  863.107245][ T5869] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  863.131694][ T5869] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.144329][T14213] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2163'.
[  863.375052][ T3397] usb 4-1: Using ep0 maxpacket: 8
[  863.385193][ T3397] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  863.405806][ T3397] usb 4-1: config 0 has no interface number 0
[  863.421279][ T3397] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  863.473441][ T3397] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  863.485857][ T3397] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  863.497682][ T3397] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  863.511687][ T3397] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  863.521624][ T3397] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  863.533220][ T3397] usb 4-1: config 0 descriptor??
[  863.539144][ T3397] usb 4-1: can't set config #0, error -71
[  863.711320][ T3397] usb 4-1: USB disconnect, device number 16
[  863.971174][T14224] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  864.301549][T14225] SELinux: syz.0.2164 (14225) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  864.500368][ T5869] usb 7-1: usb_control_msg returned -71
[  864.579524][ T5869] usbtmc 7-1:16.0: can't read capabilities
[  864.991416][ T5869] usb 7-1: USB disconnect, device number 6
[  865.272817][   T29] audit: type=1400 audit(1741334013.129:716): avc:  denied  { setopt } for  pid=14233 comm="syz.0.2168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  865.746330][   T29] audit: type=1326 audit(1741334013.609:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14229 comm="syz.6.2169" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  865.859816][T14246] FAULT_INJECTION: forcing a failure.
[  865.859816][T14246] name failslab, interval 1, probability 0, space 0, times 0
[  865.880570][T14246] CPU: 0 UID: 0 PID: 14246 Comm: syz.3.2171 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  865.880594][T14246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  865.880601][T14246] Call Trace:
[  865.880605][T14246]  <TASK>
[  865.880610][T14246]  dump_stack_lvl+0x16c/0x1f0
[  865.880633][T14246]  should_fail_ex+0x50a/0x650
[  865.880652][T14246]  ? fs_reclaim_acquire+0xae/0x150
[  865.880670][T14246]  should_failslab+0xc2/0x120
[  865.880683][T14246]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  865.880696][T14246]  ? __alloc_skb+0x2b1/0x380
[  865.880714][T14246]  __alloc_skb+0x2b1/0x380
[  865.880728][T14246]  ? __pfx___alloc_skb+0x10/0x10
[  865.880743][T14246]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  865.880761][T14246]  netlink_alloc_large_skb+0x69/0x130
[  865.880776][T14246]  netlink_sendmsg+0x689/0xd70
[  865.880793][T14246]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.880810][T14246]  ____sys_sendmsg+0xaaf/0xc90
[  865.880822][T14246]  ? copy_msghdr_from_user+0x10b/0x160
[  865.880837][T14246]  ? __pfx_____sys_sendmsg+0x10/0x10
[  865.880853][T14246]  ___sys_sendmsg+0x135/0x1e0
[  865.880868][T14246]  ? __pfx____sys_sendmsg+0x10/0x10
[  865.880887][T14246]  ? __pfx_lock_release+0x10/0x10
[  865.880904][T14246]  ? trace_lock_acquire+0x14e/0x1f0
[  865.880921][T14246]  ? __fget_files+0x206/0x3a0
[  865.880935][T14246]  __sys_sendmsg+0x16e/0x220
[  865.880950][T14246]  ? __pfx___sys_sendmsg+0x10/0x10
[  865.880972][T14246]  do_syscall_64+0xcd/0x250
[  865.880987][T14246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  865.881004][T14246] RIP: 0033:0x7fc19cd8d169
[  865.881014][T14246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  865.881025][T14246] RSP: 002b:00007fc19dcd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  865.881036][T14246] RAX: ffffffffffffffda RBX: 00007fc19cfa5fa0 RCX: 00007fc19cd8d169
[  865.881049][T14246] RDX: 0000000000000004 RSI: 0000400000000480 RDI: 0000000000000007
[  865.881058][T14246] RBP: 00007fc19dcd6090 R08: 0000000000000000 R09: 0000000000000000
[  865.881066][T14246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  865.881076][T14246] R13: 0000000000000000 R14: 00007fc19cfa5fa0 R15: 00007ffe68e8dc28
[  865.881096][T14246]  </TASK>
[  866.589044][T14261] warning: `syz.5.2177' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  866.951558][ T3397] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  867.332212][ T3397] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  867.351896][ T3397] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.613271][ T3397] usb 7-1: config 0 descriptor??
[  868.088012][ T3397] cp210x 7-1:0.0: cp210x converter detected
[  868.344994][T14275] SELinux: syz.0.2179 (14275) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  869.291147][T14280] overlayfs: missing 'lowerdir'
[  869.429736][ T3397] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -71
[  869.456455][ T3397] cp210x 7-1:0.0: failed to get vendor val 0x000e size 678: -71
[  869.766853][ T3397] cp210x 7-1:0.0: GPIO initialisation failed: -71
[  869.860767][ T3397] usb 7-1: cp210x converter now attached to ttyUSB0
[  869.880386][ T3397] usb 7-1: USB disconnect, device number 7
[  869.900352][ T3397] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  869.911719][ T3397] cp210x 7-1:0.0: device disconnected
[  870.765125][T14302] FAULT_INJECTION: forcing a failure.
[  870.765125][T14302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  870.778732][T14302] CPU: 0 UID: 0 PID: 14302 Comm: syz.5.2187 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  870.778756][T14302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  870.778765][T14302] Call Trace:
[  870.778770][T14302]  <TASK>
[  870.778776][T14302]  dump_stack_lvl+0x16c/0x1f0
[  870.778807][T14302]  should_fail_ex+0x50a/0x650
[  870.778834][T14302]  _copy_from_user+0x2e/0xd0
[  870.778850][T14302]  memdup_user+0x71/0xd0
[  870.778875][T14302]  strndup_user+0x78/0xe0
[  870.778896][T14302]  __x64_sys_mount+0x138/0x310
[  870.778915][T14302]  ? __pfx___x64_sys_mount+0x10/0x10
[  870.778938][T14302]  do_syscall_64+0xcd/0x250
[  870.778958][T14302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.778980][T14302] RIP: 0033:0x7f8ba5f8d169
[  870.778996][T14302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.779011][T14302] RSP: 002b:00007f8ba6d2d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  870.779026][T14302] RAX: ffffffffffffffda RBX: 00007f8ba61a6080 RCX: 00007f8ba5f8d169
[  870.779035][T14302] RDX: 0000400000000040 RSI: 0000400000000380 RDI: 0000000000000000
[  870.779045][T14302] RBP: 00007f8ba6d2d090 R08: 0000400000000400 R09: 0000000000000000
[  870.779053][T14302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  870.779062][T14302] R13: 0000000000000000 R14: 00007f8ba61a6080 R15: 00007ffc92da8ee8
[  870.779080][T14302]  </TASK>
[  871.517244][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  871.878851][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  872.232708][T14315] program syz.6.2190 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  872.321254][ T5830] Bluetooth: hci1: unexpected event for opcode 0x1408
[  873.806961][ T5869] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  873.824601][   T29] audit: type=1400 audit(1741334021.669:718): avc:  denied  { block_suspend } for  pid=14340 comm="syz.6.2197" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  874.413781][T14348] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2200'.
[  874.422968][T14348] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2200'.
[  874.432962][T14348] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2200'.
[  874.496390][ T5869] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  874.542504][T14349] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2201'.
[  874.924349][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.934425][   T29] audit: type=1326 audit(1741334022.499:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14346 comm="syz.6.2201" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  874.958463][ T5869] usb 4-1: config 0 descriptor??
[  874.971270][ T5869] cp210x 4-1:0.0: cp210x converter detected
[  875.414871][    T8] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  875.501526][ T5869] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  875.612212][ T5869] usb 4-1: cp210x converter now attached to ttyUSB0
[  875.620144][    T8] usb 6-1: Using ep0 maxpacket: 16
[  875.659804][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  875.755676][    T8] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  875.870858][    T8] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 14
[  875.888763][    T8] usb 6-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  875.900788][T12943] usb 4-1: USB disconnect, device number 17
[  875.913183][    T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.922896][T12943] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  875.937792][    T8] usb 6-1: Product: syz
[  875.948635][    T8] usb 6-1: Manufacturer: syz
[  875.953817][T12943] cp210x 4-1:0.0: device disconnected
[  875.965750][    T8] usb 6-1: SerialNumber: syz
[  875.972519][    T8] usb 6-1: config 0 descriptor??
[  875.980773][T14355] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  875.994485][T14355] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  876.194036][    C0] port100 6-1:0.0: NFC: Urb failure (status -71)
[  876.238386][    C0] port100 6-1:0.0: NFC: Urb failure (status -71)
[  876.343344][    T8] port100 6-1:0.0: NFC: Could not get supported command types
[  876.670019][   T29] audit: type=1326 audit(1741334024.529:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14366 comm="syz.6.2206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f2c58d169 code=0x0
[  876.730432][T14371] bond_slave_1: entered allmulticast mode
[  876.866141][T14376] random: crng reseeded on system resumption
[  876.938749][   T29] audit: type=1400 audit(1741334024.729:721): avc:  denied  { write } for  pid=14375 comm="syz.3.2210" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  876.961929][    C1] vkms_vblank_simulate: vblank timer overrun
[  877.765406][   T29] audit: type=1400 audit(1741334025.629:722): avc:  denied  { ioctl } for  pid=14375 comm="syz.3.2210" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  878.821084][T14390] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2213'.
[  879.064663][   T29] audit: type=1326 audit(1741334026.909:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14385 comm="syz.6.2213" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  879.143115][ T5869] usb 6-1: USB disconnect, device number 19
[  879.382719][T14394] program syz.0.2214 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  879.432116][ T5830] Bluetooth: hci0: unexpected event for opcode 0x1408
[  879.604483][   T29] audit: type=1800 audit(1741334027.459:724): pid=14398 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.2216" name="bus" dev="overlay" ino=2411 res=0 errno=0
[  880.013832][T14408] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  880.443390][ T3397] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  880.633071][T14416] overlayfs: failed to clone lowerpath
[  881.344815][ T3397] usb 7-1: Using ep0 maxpacket: 8
[  881.444647][ T7448] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  881.518581][T14421] FAULT_INJECTION: forcing a failure.
[  881.518581][T14421] name failslab, interval 1, probability 0, space 0, times 0
[  881.531577][T14421] CPU: 0 UID: 0 PID: 14421 Comm: syz.0.2223 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  881.531600][T14421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  881.531609][T14421] Call Trace:
[  881.531626][T14421]  <TASK>
[  881.531632][T14421]  dump_stack_lvl+0x16c/0x1f0
[  881.531659][T14421]  should_fail_ex+0x50a/0x650
[  881.531681][T14421]  ? fs_reclaim_acquire+0xae/0x150
[  881.531701][T14421]  should_failslab+0xc2/0x120
[  881.531716][T14421]  kmem_cache_alloc_lru_noprof+0x73/0x3d0
[  881.531729][T14421]  ? proc_alloc_inode+0x25/0x200
[  881.531743][T14421]  ? __pfx_proc_alloc_inode+0x10/0x10
[  881.531753][T14421]  proc_alloc_inode+0x25/0x200
[  881.531763][T14421]  alloc_inode+0x5d/0x230
[  881.531777][T14421]  new_inode+0x22/0x210
[  881.531790][T14421]  proc_pid_make_inode+0x22/0x160
[  881.531811][T14421]  proc_fdinfo_instantiate+0x57/0x250
[  881.531827][T14421]  proc_fill_cache+0x362/0x470
[  881.531837][T14421]  ? __pfx_proc_fdinfo_instantiate+0x10/0x10
[  881.531852][T14421]  ? __pfx_proc_fill_cache+0x10/0x10
[  881.531862][T14421]  ? __pfx_vsnprintf+0x10/0x10
[  881.531880][T14421]  ? snprintf+0xc8/0x100
[  881.531894][T14421]  ? _raw_spin_unlock+0x3e/0x50
[  881.531906][T14421]  ? fget_task_next+0x2a8/0x580
[  881.531920][T14421]  proc_readfd_common+0x1f0/0x620
[  881.531934][T14421]  ? __pfx_proc_fdinfo_instantiate+0x10/0x10
[  881.531952][T14421]  ? __pfx_proc_readfd_common+0x10/0x10
[  881.531967][T14421]  ? down_read_killable+0xcc/0x380
[  881.531982][T14421]  ? __pfx_down_read_killable+0x10/0x10
[  881.531997][T14421]  ? f2fs_setattr+0xdd0/0x1fa0
[  881.532015][T14421]  iterate_dir+0x293/0xab0
[  881.532033][T14421]  __x64_sys_getdents+0x148/0x2c0
[  881.532049][T14421]  ? __pfx___x64_sys_getdents+0x10/0x10
[  881.532064][T14421]  ? __pfx_filldir+0x10/0x10
[  881.532083][T14421]  do_syscall_64+0xcd/0x250
[  881.532099][T14421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  881.532117][T14421] RIP: 0033:0x7f527f18d169
[  881.532128][T14421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  881.532139][T14421] RSP: 002b:00007f528001b038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  881.532149][T14421] RAX: ffffffffffffffda RBX: 00007f527f3a6080 RCX: 00007f527f18d169
[  881.532156][T14421] RDX: 00000000000000e3 RSI: 0000400000000040 RDI: 0000000000000005
[  881.532161][T14421] RBP: 00007f528001b090 R08: 0000000000000000 R09: 0000000000000000
[  881.532167][T14421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  881.532173][T14421] R13: 0000000000000000 R14: 00007f527f3a6080 R15: 00007ffde97bef78
[  881.532185][T14421]  </TASK>
[  882.100905][ T3397] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  882.115313][ T3397] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  882.138037][T14418] program syz.5.2222 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  882.165649][ T5830] Bluetooth: hci5: unexpected event for opcode 0x1408
[  882.230948][ T3397] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  882.344547][ T3397] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  882.360363][ T3397] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  882.394612][ T3397] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  882.405100][ T7448] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  882.987843][ T7448] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.164054][ T3397] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.237788][ T7448] usb 4-1: config 0 descriptor??
[  883.244316][ T3397] usb 7-1: can't set config #16, error -71
[  883.258717][   T29] audit: type=1326 audit(1741334031.119:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14429 comm="syz.5.2226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba5f8d169 code=0x0
[  883.281513][    C1] vkms_vblank_simulate: vblank timer overrun
[  883.310127][ T3397] usb 7-1: USB disconnect, device number 8
[  883.323153][ T7448] cp210x 4-1:0.0: cp210x converter detected
[  883.506979][ T7448] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  883.538331][ T7448] cp210x 4-1:0.0: querying part number failed
[  884.433675][T14441] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2227'.
[  884.674278][ T7448] usb 4-1: cp210x converter now attached to ttyUSB0
[  884.681707][   T29] audit: type=1326 audit(1741334031.359:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14427 comm="syz.0.2225" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f527f18d169 code=0x0
[  884.722349][ T7448] usb 4-1: USB disconnect, device number 18
[  884.731276][ T7448] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  884.751455][ T7448] cp210x 4-1:0.0: device disconnected
[  884.815642][   T29] audit: type=1326 audit(1741334032.339:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14435 comm="syz.6.2227" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  885.528666][   T29] audit: type=1400 audit(1741334033.389:728): avc:  denied  { bind } for  pid=14456 comm="syz.5.2235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  887.735437][T14469] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  888.309079][T14470] program syz.6.2236 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  888.432271][ T5830] Bluetooth: hci1: unexpected event for opcode 0x1408
[  889.479121][T14481] FAULT_INJECTION: forcing a failure.
[  889.479121][T14481] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  889.492441][T14481] CPU: 0 UID: 0 PID: 14481 Comm: syz.5.2241 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  889.492464][T14481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  889.492474][T14481] Call Trace:
[  889.492481][T14481]  <TASK>
[  889.492487][T14481]  dump_stack_lvl+0x16c/0x1f0
[  889.492516][T14481]  should_fail_ex+0x50a/0x650
[  889.492547][T14481]  _copy_to_user+0x32/0xd0
[  889.492567][T14481]  simple_read_from_buffer+0xd0/0x160
[  889.492595][T14481]  proc_fail_nth_read+0x198/0x270
[  889.492617][T14481]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  889.492641][T14481]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  889.492662][T14481]  vfs_read+0x1df/0xbf0
[  889.492691][T14481]  ? __pfx___mutex_lock+0x10/0x10
[  889.492714][T14481]  ? __pfx_vfs_read+0x10/0x10
[  889.492744][T14481]  ? fdget_pos+0x237/0x390
[  889.492766][T14481]  ksys_read+0x12b/0x250
[  889.492788][T14481]  ? __pfx_ksys_read+0x10/0x10
[  889.492817][T14481]  do_syscall_64+0xcd/0x250
[  889.492839][T14481]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.492862][T14481] RIP: 0033:0x7f8ba5f8bb7c
[  889.492890][T14481] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  889.492906][T14481] RSP: 002b:00007f8ba6d2d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  889.492922][T14481] RAX: ffffffffffffffda RBX: 00007f8ba61a6080 RCX: 00007f8ba5f8bb7c
[  889.492931][T14481] RDX: 000000000000000f RSI: 00007f8ba6d2d0a0 RDI: 0000000000000007
[  889.492940][T14481] RBP: 00007f8ba6d2d090 R08: 0000000000000000 R09: 0000000000000000
[  889.492957][T14481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  889.492967][T14481] R13: 0000000000000000 R14: 00007f8ba61a6080 R15: 00007ffc92da8ee8
[  889.492989][T14481]  </TASK>
[  890.583976][T14498] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2244'.
[  890.593591][   T29] audit: type=1326 audit(1741334038.439:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14488 comm="syz.4.2242" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa8bd18d169 code=0x0
[  890.878616][   T29] audit: type=1326 audit(1741334038.539:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14490 comm="syz.6.2244" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  891.201339][T14505] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  891.279095][T14513] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  892.584816][T14505] netlink: 'syz.4.2247': attribute type 10 has an invalid length.
[  892.842508][T14516] bridge_slave_0: left allmulticast mode
[  892.848981][T14516] bridge_slave_0: left promiscuous mode
[  892.860595][T14516] bridge0: port 1(bridge_slave_0) entered disabled state
[  892.870854][T14516] bridge_slave_1: left allmulticast mode
[  892.880859][T14516] bridge_slave_1: left promiscuous mode
[  892.888585][T14516] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.905324][T14516] bond0: (slave bond_slave_0): Releasing backup interface
[  893.724767][ T7448] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  893.772130][T14516] bond0: (slave bond_slave_1): Releasing backup interface
[  893.776505][ T5871] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  893.837352][T14516] team0: Port device team_slave_0 removed
[  893.847621][T14516] team0: Port device team_slave_1 removed
[  893.853793][T14516] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  893.861465][T14516] batman_adv: batadv0: Removing interface: batadv_slave_0
[  893.871253][T14516] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  893.879226][T14516] batman_adv: batadv0: Removing interface: batadv_slave_1
[  893.891230][T14516] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  893.898867][T14516] batman_adv: batadv0: Removing interface: ip6gretap1
[  893.908703][T14505] mac80211_hwsim hwsim7 wlan1: left allmulticast mode
[  893.917676][ T7448] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  893.925112][T14505] 8021q: adding VLAN 0 to HW filter on device bond0
[  893.926709][ T7448] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  893.946041][ T7448] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  893.947929][T14505] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  893.957954][ T5871] usb 6-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  893.985380][ T7448] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  893.997058][ T5871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.074301][ T7448] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  894.088405][ T5871] usb 6-1: config 0 descriptor??
[  894.106354][ T7448] usb 7-1: config 0 interface 0 has no altsetting 0
[  894.148024][ T5871] pegasus 6-1:0.0: probe with driver pegasus failed with error -71
[  894.157641][ T7448] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  894.167270][ T7448] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  894.187849][ T5871] usb 6-1: USB disconnect, device number 20
[  894.195934][ T7448] usb 7-1: Product: syz
[  894.207202][ T7448] usb 7-1: Manufacturer: syz
[  894.216626][ T7448] usb 7-1: SerialNumber: syz
[  894.226975][ T7448] usb 7-1: config 0 descriptor??
[  894.232646][T14526] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  894.242041][ T7448] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  894.253381][ T7448] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  894.272085][T14539] sp0: Synchronizing with TNC
[  894.562015][T14526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  894.581253][T14526] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  894.934290][   T29] audit: type=1326 audit(1741334042.669:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14546 comm="syz.5.2257" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba5f8d169 code=0x0
[  895.006984][ T9468] usb 7-1: USB disconnect, device number 9
[  895.042993][ T9468] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  895.390325][T14559] overlayfs: failed to clone upperpath
[  895.880899][   T29] audit: type=1400 audit(1741334043.739:732): avc:  denied  { write } for  pid=14552 comm="syz.3.2258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  896.069593][T14572] FAULT_INJECTION: forcing a failure.
[  896.069593][T14572] name failslab, interval 1, probability 0, space 0, times 0
[  896.086282][T14572] CPU: 0 UID: 0 PID: 14572 Comm: syz.0.2265 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  896.086309][T14572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  896.086319][T14572] Call Trace:
[  896.086325][T14572]  <TASK>
[  896.086332][T14572]  dump_stack_lvl+0x16c/0x1f0
[  896.086371][T14572]  should_fail_ex+0x50a/0x650
[  896.086399][T14572]  ? fs_reclaim_acquire+0xae/0x150
[  896.086428][T14572]  should_failslab+0xc2/0x120
[  896.086448][T14572]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  896.086468][T14572]  ? __alloc_skb+0x2b1/0x380
[  896.086498][T14572]  __alloc_skb+0x2b1/0x380
[  896.086520][T14572]  ? __pfx___alloc_skb+0x10/0x10
[  896.086545][T14572]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  896.086574][T14572]  netlink_alloc_large_skb+0x69/0x130
[  896.086597][T14572]  netlink_sendmsg+0x689/0xd70
[  896.086623][T14572]  ? __pfx_netlink_sendmsg+0x10/0x10
[  896.086654][T14572]  ____sys_sendmsg+0xaaf/0xc90
[  896.086674][T14572]  ? copy_msghdr_from_user+0x10b/0x160
[  896.086696][T14572]  ? __pfx_____sys_sendmsg+0x10/0x10
[  896.086725][T14572]  ___sys_sendmsg+0x135/0x1e0
[  896.086750][T14572]  ? __pfx____sys_sendmsg+0x10/0x10
[  896.086784][T14572]  ? __pfx_lock_release+0x10/0x10
[  896.086809][T14572]  ? trace_lock_acquire+0x14e/0x1f0
[  896.086837][T14572]  ? __fget_files+0x206/0x3a0
[  896.086861][T14572]  __sys_sendmsg+0x16e/0x220
[  896.086885][T14572]  ? __pfx___sys_sendmsg+0x10/0x10
[  896.086924][T14572]  do_syscall_64+0xcd/0x250
[  896.086948][T14572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  896.086972][T14572] RIP: 0033:0x7f527f18d169
[  896.087000][T14572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  896.087017][T14572] RSP: 002b:00007f528003c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  896.087034][T14572] RAX: ffffffffffffffda RBX: 00007f527f3a5fa0 RCX: 00007f527f18d169
[  896.087044][T14572] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000004
[  896.087055][T14572] RBP: 00007f528003c090 R08: 0000000000000000 R09: 0000000000000000
[  896.087065][T14572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  896.087075][T14572] R13: 0000000000000000 R14: 00007f527f3a5fa0 R15: 00007ffde97bef78
[  896.087101][T14572]  </TASK>
[  897.159951][ T5830] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  898.341658][   T29] audit: type=1326 audit(1741334046.199:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14598 comm="syz.6.2274" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  898.364550][    C1] vkms_vblank_simulate: vblank timer overrun
[  898.770274][T14607] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2276'.
[  899.341744][T14611] FAULT_INJECTION: forcing a failure.
[  899.341744][T14611] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  899.358620][T14613] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2278'.
[  899.380894][T14611] CPU: 1 UID: 0 PID: 14611 Comm: syz.0.2277 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  899.380919][T14611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  899.380930][T14611] Call Trace:
[  899.380936][T14611]  <TASK>
[  899.380943][T14611]  dump_stack_lvl+0x16c/0x1f0
[  899.380978][T14611]  should_fail_ex+0x50a/0x650
[  899.381010][T14611]  _copy_from_user+0x2e/0xd0
[  899.381030][T14611]  cec_ioctl+0xf01/0x2920
[  899.381055][T14611]  ? __pfx_cec_ioctl+0x10/0x10
[  899.381075][T14611]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  899.381106][T14611]  ? do_vfs_ioctl+0x513/0x1990
[  899.381139][T14611]  ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[  899.381170][T14611]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  899.381198][T14611]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  899.381228][T14611]  ? __pfx_lock_release+0x10/0x10
[  899.381263][T14611]  ? selinux_file_ioctl+0x180/0x270
[  899.381287][T14611]  ? selinux_file_ioctl+0xb4/0x270
[  899.381314][T14611]  ? __pfx_cec_ioctl+0x10/0x10
[  899.381332][T14611]  __x64_sys_ioctl+0x190/0x200
[  899.381363][T14611]  do_syscall_64+0xcd/0x250
[  899.381387][T14611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  899.381410][T14611] RIP: 0033:0x7f527f18d169
[  899.381425][T14611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  899.381441][T14611] RSP: 002b:00007f528003c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  899.381458][T14611] RAX: ffffffffffffffda RBX: 00007f527f3a5fa0 RCX: 00007f527f18d169
[  899.381469][T14611] RDX: 0000400000000d40 RSI: 00000000c0386105 RDI: 0000000000000003
[  899.381480][T14611] RBP: 00007f528003c090 R08: 0000000000000000 R09: 0000000000000000
[  899.381490][T14611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  899.381499][T14611] R13: 0000000000000000 R14: 00007f527f3a5fa0 R15: 00007ffde97bef78
[  899.381523][T14611]  </TASK>
[  899.572253][    C1] vkms_vblank_simulate: vblank timer overrun
[  899.591729][T14615] sp0: Synchronizing with TNC
[  899.985299][   T29] audit: type=1400 audit(1741334047.849:734): avc:  denied  { write } for  pid=14622 comm="syz.0.2284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  900.170095][T14628] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2284'.
[  900.552244][   T29] audit: type=1400 audit(1741334048.029:735): avc:  denied  { setopt } for  pid=14622 comm="syz.0.2284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  901.061495][T14641] overlay: Unknown parameter 'uid<00000000000000000000'
[  902.105928][ T5830] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  903.377584][T14656] program syz.6.2290 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  903.507310][ T5830] Bluetooth: hci1: unexpected event for opcode 0x1408
[  903.729238][T14659] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2293'.
[  904.076819][T14671] program syz.5.2296 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  904.091786][ T5830] Bluetooth: hci5: unexpected event for opcode 0x1408
[  904.198931][T14672] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2295'.
[  904.387642][T14670] sp0: Synchronizing with TNC
[  904.400623][   T29] audit: type=1326 audit(1741334052.229:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14665 comm="syz.6.2295" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  905.478900][T14688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2301'.
[  905.494387][ T5871] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  905.739495][T14689] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2301'.
[  905.784375][ T5871] usb 6-1: Using ep0 maxpacket: 8
[  906.411338][ T5871] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  906.493470][ T5871] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  906.522135][ T5871] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  906.540681][ T5871] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  906.552817][ T5871] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  906.586637][ T5871] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  906.698451][ T5871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.066148][ T5830] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  908.095776][ T5871] usb 6-1: usb_control_msg returned -32
[  908.119145][ T5871] usbtmc 6-1:16.0: can't read capabilities
[  908.315145][T14705] 9pnet_fd: Insufficient options for proto=fd
[  909.001942][ T5830] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  909.305859][   T29] audit: type=1400 audit(1741334056.939:737): avc:  denied  { write } for  pid=14712 comm="syz.6.2307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  911.333909][    T8] usb 6-1: USB disconnect, device number 21
[  911.688483][T14741] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  912.480110][T14746] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  912.893265][   T29] audit: type=1800 audit(1741334060.749:738): pid=14750 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.6.2316" name="bus" dev="overlay" ino=475 res=0 errno=0
[  912.991270][T14752] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2317'.
[  913.219649][   T29] audit: type=1326 audit(1741334061.079:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14749 comm="syz.5.2317" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba5f8d169 code=0x0
[  913.611531][T14755] program syz.6.2318 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  914.257845][ T5830] Bluetooth: hci1: unexpected event for opcode 0x1408
[  914.412340][T14764] sp0: Synchronizing with TNC
[  915.964999][T14777] SELinux: syz.6.2324 (14777) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  916.264415][ T5871] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  916.426718][T14783] overlayfs: failed to clone lowerpath
[  916.644435][ T5871] usb 4-1: Using ep0 maxpacket: 8
[  918.092237][ T5871] usb 4-1: unable to read config index 0 descriptor/all
[  918.099365][ T5871] usb 4-1: can't read configurations, error -71
[  918.156202][T14789] geneve2: entered promiscuous mode
[  918.186421][T14789] geneve2: entered allmulticast mode
[  918.200868][   T29] audit: type=1400 audit(1741334066.059:740): avc:  denied  { create } for  pid=14787 comm="syz.6.2327" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  918.220585][T14789] batman_adv: batadv0: Adding interface: geneve2
[  918.262667][T14798] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2327'.
[  918.273014][   T29] audit: type=1400 audit(1741334066.089:741): avc:  denied  { bind } for  pid=14791 comm="syz.3.2329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  918.294528][T14789] batman_adv: batadv0: Interface activated: geneve2
[  918.389450][T14800] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2330'.
[  918.761100][   T29] audit: type=1326 audit(1741334066.269:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14796 comm="syz.4.2330" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa8bd18d169 code=0x0
[  918.789162][T14794] syz.0.2328: attempt to access beyond end of device
[  918.789162][T14794] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[  919.387847][    T8] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  919.443854][T14817] SELinux: syz.0.2332 (14817) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  919.534503][    T8] usb 7-1: device descriptor read/64, error -71
[  920.176011][    T8] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  920.282800][T14827] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2334'.
[  920.342563][    T8] usb 7-1: device descriptor read/64, error -71
[  920.544587][    T8] usb usb7-port1: attempt power cycle
[  920.619139][T14827] sp0: Synchronizing with TNC
[  920.967768][    T8] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  921.069995][    T8] usb 7-1: device descriptor read/8, error -71
[  921.472304][T14838] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2338'.
[  921.526800][    T8] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  921.594421][    T8] usb 7-1: device descriptor read/8, error -71
[  921.663668][   T29] audit: type=1400 audit(1741334069.519:743): avc:  denied  { ioctl } for  pid=14839 comm="syz.3.2339" path="socket:[42902]" dev="sockfs" ino=42902 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  921.720703][    T8] usb usb7-port1: unable to enumerate USB device
[  921.724868][T14840] veth1_to_batadv: entered promiscuous mode
[  921.752085][T14840] macsec1: entered promiscuous mode
[  923.426546][T14866] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  923.632290][   T29] audit: type=1400 audit(1741334071.279:744): avc:  denied  { setopt } for  pid=14860 comm="syz.5.2345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  923.638632][T14867] program syz.3.2346 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  924.027258][T14864] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2344'.
[  924.048184][   T29] audit: type=1326 audit(1741334071.899:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14859 comm="syz.0.2344" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f527f18d169 code=0x0
[  924.096452][ T5830] Bluetooth: hci3: unexpected event for opcode 0x1408
[  924.613014][   T29] audit: type=1326 audit(1741334072.339:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14871 comm="syz.3.2350" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc19cd8d169 code=0x0
[  925.234486][T14887] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2353'.
[  926.166926][T14907] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2356'.
[  926.240405][T14907] sp0: Synchronizing with TNC
[  926.460211][T14912] overlayfs: failed to clone upperpath
[  927.448875][T14927] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2362'.
[  928.849725][T14946] program syz.0.2367 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  928.877324][ T5830] Bluetooth: hci0: unexpected event for opcode 0x1408
[  930.262282][T14952] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2371'.
[  930.293657][   T29] audit: type=1326 audit(1741334078.149:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14950 comm="syz.6.2371" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  930.842970][T14974] syz.4.2376 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  930.873313][T14974] netlink: 'syz.4.2376': attribute type 2 has an invalid length.
[  931.525976][T14974] netlink: 'syz.4.2376': attribute type 8 has an invalid length.
[  931.648115][T14974] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2376'.
[  931.727559][T14976] FAULT_INJECTION: forcing a failure.
[  931.727559][T14976] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  931.743662][T14976] CPU: 0 UID: 0 PID: 14976 Comm: syz.6.2377 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  931.743687][T14976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  931.743697][T14976] Call Trace:
[  931.743703][T14976]  <TASK>
[  931.743710][T14976]  dump_stack_lvl+0x16c/0x1f0
[  931.743742][T14976]  should_fail_ex+0x50a/0x650
[  931.743769][T14976]  _copy_from_iter+0x2a1/0x1560
[  931.743786][T14976]  ? trace_lock_acquire+0x14e/0x1f0
[  931.743805][T14976]  ? __alloc_skb+0x1fe/0x380
[  931.743829][T14976]  ? __pfx__copy_from_iter+0x10/0x10
[  931.743842][T14976]  ? __virt_addr_valid+0x1a4/0x590
[  931.743864][T14976]  ? __virt_addr_valid+0x5e/0x590
[  931.743878][T14976]  ? __phys_addr+0xc6/0x150
[  931.743892][T14976]  ? __phys_addr_symbol+0x30/0x80
[  931.743906][T14976]  ? __check_object_size+0x488/0x710
[  931.743928][T14976]  tcp_sendmsg_locked+0x1979/0x37c0
[  931.743972][T14976]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  931.743997][T14976]  ? tcp_sendmsg+0x20/0x50
[  931.744019][T14976]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  931.744038][T14976]  ? mark_held_locks+0x9f/0xe0
[  931.744061][T14976]  ? __local_bh_enable_ip+0xa4/0x120
[  931.744088][T14976]  tcp_sendmsg+0x2e/0x50
[  931.744108][T14976]  ? __pfx_tcp_sendmsg+0x10/0x10
[  931.744130][T14976]  inet_sendmsg+0xb9/0x140
[  931.744162][T14976]  __sys_sendto+0x42a/0x4f0
[  931.744190][T14976]  ? __pfx___sys_sendto+0x10/0x10
[  931.744225][T14976]  ? ksys_write+0x1ba/0x250
[  931.744241][T14976]  ? __pfx_ksys_write+0x10/0x10
[  931.744256][T14976]  __x64_sys_sendto+0xe0/0x1c0
[  931.744274][T14976]  ? do_syscall_64+0x91/0x250
[  931.744294][T14976]  ? lockdep_hardirqs_on+0x7c/0x110
[  931.744314][T14976]  do_syscall_64+0xcd/0x250
[  931.744335][T14976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  931.744357][T14976] RIP: 0033:0x7f5f2c58d169
[  931.744373][T14976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  931.744388][T14976] RSP: 002b:00007f5f2a3d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  931.744405][T14976] RAX: ffffffffffffffda RBX: 00007f5f2c7a6080 RCX: 00007f5f2c58d169
[  931.744415][T14976] RDX: 00000000000020c8 RSI: 00004000000012c0 RDI: 0000000000000005
[  931.744424][T14976] RBP: 00007f5f2a3d5090 R08: 0000000000000000 R09: 0000000000000027
[  931.744446][T14976] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  931.744454][T14976] R13: 0000000000000000 R14: 00007f5f2c7a6080 R15: 00007ffe5aefeca8
[  931.744475][T14976]  </TASK>
[  931.989276][    C0] vkms_vblank_simulate: vblank timer overrun
[  932.168051][   T29] audit: type=1400 audit(1741334080.029:748): avc:  denied  { write } for  pid=14979 comm="syz.5.2378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  932.946806][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  932.958971][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  933.004382][T14995] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2384'.
[  933.196282][T14999] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2387'.
[  933.222537][   T29] audit: type=1326 audit(1741334081.079:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14998 comm="syz.4.2387" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa8bd18d169 code=0x0
[  933.245417][    C0] vkms_vblank_simulate: vblank timer overrun
[  933.532334][ T5830] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  933.972464][   T29] audit: type=1400 audit(1741334081.829:750): avc:  denied  { read } for  pid=15001 comm="syz.3.2386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  934.643135][ T5830] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  936.535712][T15033] 9p: Unknown uid 00000000004294967295
[  936.542604][   T29] audit: type=1400 audit(1741334084.389:751): avc:  denied  { getopt } for  pid=15030 comm="syz.6.2394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  937.585271][ T5869] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  937.789781][ T5869] usb 6-1: Using ep0 maxpacket: 32
[  938.828092][ T5869] usb 6-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  939.195850][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.204910][ T5869] usb 6-1: Product: syz
[  939.209253][ T5869] usb 6-1: Manufacturer: syz
[  939.213908][ T5869] usb 6-1: SerialNumber: syz
[  939.220705][ T5869] usb 6-1: config 0 descriptor??
[  939.603786][ T5869] peak_usb 6-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  939.614016][   T29] audit: type=1400 audit(1741334087.469:752): avc:  denied  { write } for  pid=15070 comm="syz.6.2404" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  939.642089][ T5869] peak_usb 6-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  939.687689][T15075] overlayfs: failed to clone upperpath
[  939.862799][ T5869] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -71
[  939.936138][ T5869] usb 6-1: USB disconnect, device number 22
[  940.036597][T15082] netlink: 'syz.3.2406': attribute type 2 has an invalid length.
[  940.044591][T15082] netlink: 'syz.3.2406': attribute type 8 has an invalid length.
[  940.052558][T15082] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2406'.
[  940.733859][T15085] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2407'.
[  941.118799][T15103] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2409'.
[  941.297671][T15107] program syz.6.2412 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  941.326380][ T5830] Bluetooth: hci1: unexpected event for opcode 0x1408
[  941.939549][T15120] program syz.5.2416 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  941.958229][ T5830] Bluetooth: hci5: unexpected event for opcode 0x1408
[  942.014845][ T5871] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  942.175940][T15122] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2417'.
[  942.574267][ T5871] usb 7-1: Using ep0 maxpacket: 8
[  942.596171][ T5871] usb 7-1: config 2 has an invalid interface number: 216 but max is 0
[  942.637427][ T5871] usb 7-1: config 2 has no interface number 0
[  942.694352][ T5871] usb 7-1: New USB device found, idVendor=040a, idProduct=0002, bcdDevice=de.7b
[  942.716285][ T5871] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  942.736663][ T5871] gspca_main: spca501-2.14.0 probing 040a:0002
[  942.758834][   T29] audit: type=1400 audit(1741334090.619:753): avc:  denied  { ioctl } for  pid=15123 comm="syz.0.2418" path="socket:[43997]" dev="sockfs" ino=43997 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  942.857675][   T29] audit: type=1400 audit(1741334090.619:754): avc:  denied  { setopt } for  pid=15123 comm="syz.0.2418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  942.937542][ T5871] gspca_spca501: reg write: error -71
[  942.975490][ T5871] spca501 7-1:2.216: Reg write failed for 0x00,0xaa,0x00
[  942.996552][ T5871] spca501 7-1:2.216: probe with driver spca501 failed with error -22
[  943.021910][ T5871] usb 7-1: USB disconnect, device number 14
[  943.218003][   T29] audit: type=1400 audit(1741334091.079:755): avc:  denied  { append } for  pid=15140 comm="syz.5.2422" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  945.283740][T15163] netlink: 'syz.5.2431': attribute type 5 has an invalid length.
[  945.475295][ T5830] Bluetooth: hci4: unexpected event for opcode 0x1408
[  945.752604][T15171] netlink: 'syz.4.2433': attribute type 2 has an invalid length.
[  946.623345][T15192] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2440'.
[  946.638787][   T29] audit: type=1326 audit(1741334094.499:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15191 comm="syz.4.2440" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa8bd18d169 code=0x0
[  946.664437][   T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  946.930073][   T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  946.945870][   T25] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  946.960828][   T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  946.971233][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.989958][T15175] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  947.011949][   T25] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  947.036457][T15202] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2441'.
[  947.073359][T15202] sp0: Synchronizing with TNC
[  947.185797][ T5869] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  947.964569][ T5869] usb 7-1: Using ep0 maxpacket: 16
[  947.982274][ T5869] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  948.013520][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  948.073798][ T5869] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  948.094650][   T29] audit: type=1400 audit(1741334095.949:757): avc:  denied  { write } for  pid=15174 comm="syz.0.2435" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  948.124433][ T5869] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  948.131543][   T29] audit: type=1400 audit(1741334095.949:758): avc:  denied  { open } for  pid=15174 comm="syz.0.2435" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  948.163898][ T5869] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  948.175412][   T29] audit: type=1400 audit(1741334095.979:759): avc:  denied  { read } for  pid=15174 comm="syz.0.2435" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  948.204677][ T5869] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  948.224779][ T5869] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  948.233295][ T5869] usb 7-1: Manufacturer: syz
[  948.255260][ T5869] usb 7-1: config 0 descriptor??
[  948.339697][   T29] audit: type=1400 audit(1741334096.019:760): avc:  denied  { getopt } for  pid=15174 comm="syz.0.2435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  948.360508][   T29] audit: type=1800 audit(1741334096.179:761): pid=15175 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.2435" name="/" dev="9p" ino=2 res=0 errno=0
[  948.389805][T12943] usb 1-1: USB disconnect, device number 19
[  948.654281][ T5869] rc_core: IR keymap rc-hauppauge not found
[  948.667465][ T5869] Registered IR keymap rc-empty
[  948.681872][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  948.738707][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  948.786015][ T5869] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  948.818355][ T5869] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input40
[  948.928791][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.018991][T15219] netlink: zone id is out of range
[  949.024321][T15219] netlink: zone id is out of range
[  949.029475][T15219] netlink: zone id is out of range
[  949.035251][T15219] netlink: zone id is out of range
[  949.040411][T15219] netlink: zone id is out of range
[  949.046056][T15219] netlink: zone id is out of range
[  949.051264][T15219] netlink: zone id is out of range
[  949.056492][T15219] netlink: zone id is out of range
[  949.061634][T15219] netlink: zone id is out of range
[  949.066845][T15219] netlink: zone id is out of range
[  949.205582][T15180] netlink: 76 bytes leftover after parsing attributes in process `syz.6.2434'.
[  949.511259][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.534411][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.564436][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.617158][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.624747][   T29] audit: type=1400 audit(1741334097.449:762): avc:  denied  { unmount } for  pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  949.674491][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.704653][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.744389][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.773609][T15224] afs: Unknown parameter 'dyn'
[  949.780190][   T29] audit: type=1400 audit(1741334097.629:763): avc:  denied  { ioctl } for  pid=15223 comm="syz.5.2449" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  949.784370][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  949.805379][    C1] vkms_vblank_simulate: vblank timer overrun
[  949.934342][ T5869] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  950.535178][ T5869] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  950.574359][ T5869] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  950.614878][ T5869] usb 7-1: USB disconnect, device number 15
[  951.285905][T15240] SELinux: Z’“l%†Î6ÛÏ|‰O (15240) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  951.305759][   T29] audit: type=1400 audit(1741334099.139:764): avc:  denied  { create } for  pid=15234 comm=5A92936C2586CE36DB0CCF197C894F scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  951.898056][   T29] audit: type=1400 audit(1741334099.139:765): avc:  denied  { bind } for  pid=15234 comm=5A92936C2586CE36DB0CCF197C894F scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  951.919777][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.162672][   T29] audit: type=1400 audit(1741334100.959:766): avc:  denied  { create } for  pid=15258 comm="syz.6.2457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  953.872772][   T29] audit: type=1400 audit(1741334100.959:767): avc:  denied  { bind } for  pid=15258 comm="syz.6.2457" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  954.560853][T15283] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2464'.
[  954.582945][   T29] audit: type=1326 audit(1741334102.439:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15281 comm="syz.4.2464" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa8bd18d169 code=0x0
[  954.852183][T15292] net_ratelimit: 3 callbacks suppressed
[  954.852199][T15292] openvswitch: netlink: IP tunnel TTL not specified.
[  955.018173][   T29] audit: type=1400 audit(1741334102.789:769): avc:  denied  { read write } for  pid=15291 comm="syz.0.2468" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  955.207636][   T29] audit: type=1400 audit(1741334102.789:770): avc:  denied  { open } for  pid=15291 comm="syz.0.2468" path="/489/bus" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  957.094912][T15319] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2477'.
[  957.319050][T15321] SELinux: Z’“l%†Î6ÛÏ|‰O (15321) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  958.159045][T15326] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2480'.
[  958.216921][T15324] kvm: kvm [15323]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  958.910741][T10757] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  958.921824][T10757] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  959.036861][T10757] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  959.235214][T10757] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  959.246909][T10757] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  959.254340][T10757] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  959.408529][   T29] audit: type=1400 audit(1741334107.269:771): avc:  denied  { getopt } for  pid=15338 comm="syz.3.2482" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  959.416978][ T6006] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.429278][T15340] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2482'.
[  959.453269][T15340] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2482'.
[  959.819249][ T6006] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  959.917933][   T29] audit: type=1400 audit(1741334107.779:772): avc:  denied  { write } for  pid=25 comm="kworker/1:0" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=45358 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  959.943356][    C1] vkms_vblank_simulate: vblank timer overrun
[  959.992615][T15333] lo speed is unknown, defaulting to 1000
[  960.034465][   T29] audit: type=1400 audit(1741334107.829:773): avc:  denied  { write } for  pid=15338 comm="syz.3.2482" lport=39608 faddr=::ffff:172.20.255.187 fport=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  960.058823][    C1] vkms_vblank_simulate: vblank timer overrun
[  960.111482][T15346] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2483'.
[  960.157813][   T29] audit: type=1400 audit(1741334107.829:774): avc:  denied  { setopt } for  pid=15338 comm="syz.3.2482" lport=39608 faddr=::ffff:172.20.255.187 fport=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  960.193558][ T6006] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  960.716321][ T6006] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  960.776319][T15357] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  960.883194][T15333] chnl_net:caif_netlink_parms(): no params data found
[  961.022584][T15365] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2488'.
[  961.034972][T15365] netlink: 'syz.6.2488': attribute type 3 has an invalid length.
[  961.209127][   T29] audit: type=1400 audit(1741334109.069:775): avc:  denied  { map } for  pid=15363 comm="syz.0.2489" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  961.336791][   T29] audit: type=1400 audit(1741334109.099:776): avc:  denied  { execute } for  pid=15363 comm="syz.0.2489" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  961.374034][T10757] Bluetooth: hci2: command tx timeout
[  961.744387][T12943] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  961.979233][T15384] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  962.151673][T15383] kvm: kvm [15382]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  962.195848][T12943] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  962.207076][T12943] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  962.217323][T12943] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  962.226584][T12943] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.241516][T15377] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  962.280632][T12943] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  963.417973][T15395] overlayfs: failed to resolve './file1': -2
[  963.424848][T10757] Bluetooth: hci2: command tx timeout
[  963.998711][   T29] audit: type=1800 audit(1741334111.559:777): pid=15377 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.2490" name="/" dev="9p" ino=2 res=0 errno=0
[  964.019572][    C1] vkms_vblank_simulate: vblank timer overrun
[  964.158220][T12943] usb 4-1: USB disconnect, device number 21
[  964.398988][   T29] audit: type=1400 audit(1741334112.249:778): avc:  denied  { relabelfrom } for  pid=15400 comm="syz.0.2497" name="UNIX" dev="sockfs" ino=46466 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  964.405439][T15405] SELinux:  Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped).
[  964.423678][    C1] vkms_vblank_simulate: vblank timer overrun
[  964.520784][   T29] audit: type=1400 audit(1741334112.329:779): avc:  denied  { relabelto } for  pid=15400 comm="syz.0.2497" name="UNIX" dev="sockfs" ino=46466 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=unix_stream_socket permissive=1 trawcon="system_u:object_r:dhcp_state_t:s0"
[  965.194977][T15407] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2498'.
[  965.514635][T10757] Bluetooth: hci2: command tx timeout
[  965.671609][ T6006] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  965.692279][ T6006] bond0 (unregistering): Released all slaves
[  965.703900][T15333] bridge0: port 1(bridge_slave_0) entered blocking state
[  965.722364][T15333] bridge0: port 1(bridge_slave_0) entered disabled state
[  965.737801][T15333] bridge_slave_0: entered allmulticast mode
[  965.761126][T15333] bridge_slave_0: entered promiscuous mode
[  965.774498][ T5869] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  965.795682][T15333] bridge0: port 2(bridge_slave_1) entered blocking state
[  965.809894][T15333] bridge0: port 2(bridge_slave_1) entered disabled state
[  965.818530][T15333] bridge_slave_1: entered allmulticast mode
[  965.830998][T15333] bridge_slave_1: entered promiscuous mode
[  965.842905][ T5872] infiniband syz1: ib_query_port failed (-19)
[  965.880143][T15333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  965.902376][T15402] lo speed is unknown, defaulting to 1000
[  965.937710][T15333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  965.948963][ T5869] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  965.973567][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.012729][ T5869] usb 4-1: config 0 descriptor??
[  966.060095][ T5869] cp210x 4-1:0.0: cp210x converter detected
[  966.311409][T15333] team0: Port device team_slave_0 added
[  966.341641][T15333] team0: Port device team_slave_1 added
[  966.479199][ T5869] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  966.526540][ T5869] usb 4-1: cp210x converter now attached to ttyUSB0
[  966.683495][T15333] batman_adv: batadv0: Adding interface: batadv_slave_0
[  966.719801][ T5869] usb 4-1: USB disconnect, device number 22
[  966.741229][T15333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  966.768967][ T5869] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  966.816735][ T5869] cp210x 4-1:0.0: device disconnected
[  966.901690][T15333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  967.038417][T15333] batman_adv: batadv0: Adding interface: batadv_slave_1
[  967.057037][T15333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  967.087577][T15333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  967.313036][T15333] hsr_slave_0: entered promiscuous mode
[  967.336050][    C1] vkms_vblank_simulate: vblank timer overrun
[  967.354254][   T29] audit: type=1400 audit(1741334115.189:780): avc:  denied  { ioctl } for  pid=15416 comm="syz.3.2502" path="socket:[46526]" dev="sockfs" ino=46526 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  967.385987][T15333] hsr_slave_1: entered promiscuous mode
[  967.392357][T15333] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  967.420512][T15333] Cannot create hsr debugfs directory
[  967.456766][ T6006] hsr_slave_0: left promiscuous mode
[  967.463657][ T6006] hsr_slave_1: left promiscuous mode
[  967.584581][T10757] Bluetooth: hci2: command tx timeout
[  967.660841][ T6006] veth1_macvtap: left promiscuous mode
[  967.667049][ T6006] veth0_macvtap: left promiscuous mode
[  967.672693][ T6006] veth1_vlan: left promiscuous mode
[  967.678196][ T6006] veth0_vlan: left promiscuous mode
[  968.435963][   T29] audit: type=1400 audit(1741334116.289:781): avc:  denied  { write } for  pid=15417 comm="syz.5.2501" path="socket:[45503]" dev="sockfs" ino=45503 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  968.498596][   T29] audit: type=1400 audit(1741334116.289:782): avc:  denied  { nlmsg_read } for  pid=15417 comm="syz.5.2501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  968.949275][T15441] overlayfs: failed to resolve './file1': -2
[  969.367045][   T25] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  969.549589][   T25] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  969.559377][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.584725][   T25] usb 6-1: config 0 descriptor??
[  969.591418][   T25] cp210x 6-1:0.0: cp210x converter detected
[  970.106633][   T25] cp210x 6-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  970.124921][   T25] usb 6-1: cp210x converter now attached to ttyUSB0
[  970.689195][ T5869] usb 6-1: USB disconnect, device number 23
[  970.720738][ T5869] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  970.748477][T15447] kvm: kvm [15446]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  970.806785][ T5869] cp210x 6-1:0.0: device disconnected
[  970.927526][T15333] 8021q: adding VLAN 0 to HW filter on device bond0
[  970.990380][T15333] 8021q: adding VLAN 0 to HW filter on device team0
[  971.003527][ T6111] bridge0: port 1(bridge_slave_0) entered blocking state
[  971.010757][ T6111] bridge0: port 1(bridge_slave_0) entered forwarding state
[  971.037800][ T1101] bridge0: port 2(bridge_slave_1) entered blocking state
[  971.044992][ T1101] bridge0: port 2(bridge_slave_1) entered forwarding state
[  971.084624][    T8] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  971.143315][T15470] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2516'.
[  971.244271][    T8] usb 4-1: Using ep0 maxpacket: 16
[  971.347933][    T8] usb 4-1: config index 0 descriptor too short (expected 1810, got 18)
[  971.472104][T15333] 8021q: adding VLAN 0 to HW filter on device batadv0
[  971.479121][    T8] usb 4-1: New USB device found, idVendor=102c, idProduct=6151, bcdDevice=44.e6
[  971.489207][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  971.832001][    T8] usb 4-1: config 0 descriptor??
[  971.846750][    T8] gspca_main: etoms-2.14.0 probing 102c:6151
[  971.881072][T15480] sit1: entered allmulticast mode
[  972.059521][T15457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  972.068625][T15457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  972.755501][    T8] usb 4-1: USB disconnect, device number 23
[  973.069277][T15333] veth0_vlan: entered promiscuous mode
[  973.090792][T15333] veth1_vlan: entered promiscuous mode
[  973.194120][T15508] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2523'.
[  973.234894][   T29] audit: type=1326 audit(1741334121.089:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15505 comm="syz.6.2523" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  973.503963][T15333] veth0_macvtap: entered promiscuous mode
[  973.653859][T15333] veth1_macvtap: entered promiscuous mode
[  973.680754][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  973.709689][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  973.784258][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  973.823913][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  973.860388][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  973.872089][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  973.885072][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  973.896427][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  974.023364][T15333] batman_adv: batadv0: Interface activated: batadv_slave_0
[  974.047146][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  974.064669][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  974.084380][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  974.123396][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  974.174829][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  974.254102][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  974.286714][T15333] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  974.307066][    T8] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  974.530859][T15333] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  974.577100][T15333] batman_adv: batadv0: Interface activated: batadv_slave_1
[  974.783675][T15531] FAULT_INJECTION: forcing a failure.
[  974.783675][T15531] name failslab, interval 1, probability 0, space 0, times 0
[  974.796427][    T8] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  974.796468][    T8] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  974.796498][    T8] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  974.796518][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  974.820965][T15531] CPU: 1 UID: 0 PID: 15531 Comm: syz.6.2530 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  974.820987][T15531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  974.820996][T15531] Call Trace:
[  974.821002][T15531]  <TASK>
[  974.821009][T15531]  dump_stack_lvl+0x16c/0x1f0
[  974.821042][T15531]  should_fail_ex+0x50a/0x650
[  974.821069][T15531]  ? fs_reclaim_acquire+0xae/0x150
[  974.821097][T15531]  should_failslab+0xc2/0x120
[  974.821117][T15531]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  974.821135][T15531]  ? __alloc_skb+0x2b1/0x380
[  974.821162][T15531]  __alloc_skb+0x2b1/0x380
[  974.821180][T15531]  ? __pfx___alloc_skb+0x10/0x10
[  974.821201][T15531]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  974.821226][T15531]  netlink_alloc_large_skb+0x69/0x130
[  974.821246][T15531]  netlink_sendmsg+0x689/0xd70
[  974.821268][T15531]  ? __pfx_netlink_sendmsg+0x10/0x10
[  974.821294][T15531]  ____sys_sendmsg+0xaaf/0xc90
[  974.821311][T15531]  ? copy_msghdr_from_user+0x10b/0x160
[  974.821331][T15531]  ? __pfx_____sys_sendmsg+0x10/0x10
[  974.821356][T15531]  ___sys_sendmsg+0x135/0x1e0
[  974.821378][T15531]  ? __pfx____sys_sendmsg+0x10/0x10
[  974.821406][T15531]  ? __pfx_lock_release+0x10/0x10
[  974.821429][T15531]  ? trace_lock_acquire+0x14e/0x1f0
[  974.821453][T15531]  ? __fget_files+0x206/0x3a0
[  974.821475][T15531]  __sys_sendmsg+0x16e/0x220
[  974.821495][T15531]  ? __pfx___sys_sendmsg+0x10/0x10
[  974.821529][T15531]  do_syscall_64+0xcd/0x250
[  974.821549][T15531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  974.821572][T15531] RIP: 0033:0x7f5f2c58d169
[  974.821585][T15531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  974.821601][T15531] RSP: 002b:00007f5f2a3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  974.821617][T15531] RAX: ffffffffffffffda RBX: 00007f5f2c7a5fa0 RCX: 00007f5f2c58d169
[  974.821627][T15531] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000003
[  974.821636][T15531] RBP: 00007f5f2a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  974.821645][T15531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  974.821653][T15531] R13: 0000000000000000 R14: 00007f5f2c7a5fa0 R15: 00007ffe5aefeca8
[  974.821672][T15531]  </TASK>
[  974.835594][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  974.858687][T15515] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  975.117100][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  975.155324][T15530] SELinux: syz.0.2529 (15530) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  975.162569][    T8] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  975.170466][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  975.212757][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  975.683568][   T29] audit: type=1400 audit(1741334123.209:784): avc:  denied  { ioctl } for  pid=15536 comm="syz.3.2532" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  975.808545][ T7448] usb 6-1: USB disconnect, device number 24
[  976.047815][T15546] input: syz1 as /devices/virtual/input/input41
[  976.054393][T15546] input: failed to attach handler leds to device input41, error: -6
[  976.311506][T15546] lo speed is unknown, defaulting to 1000
[  977.654542][ T7448] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  977.825826][ T7448] usb 6-1: config 0 has an invalid interface number: 189 but max is 0
[  978.408617][ T7448] usb 6-1: config 0 has no interface number 0
[  979.074106][ T7448] usb 6-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=7d.13
[  979.125083][ T7448] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  979.129414][   T29] audit: type=1400 audit(1741334126.989:785): avc:  denied  { map } for  pid=15567 comm="syz.0.2539" path="socket:[47142]" dev="sockfs" ino=47142 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  979.157972][ T7448] usb 6-1: Product: syz
[  979.162294][ T7448] usb 6-1: Manufacturer: syz
[  979.167900][ T7448] usb 6-1: SerialNumber: syz
[  979.183890][ T7448] usb 6-1: config 0 descriptor??
[  979.193278][ T7448] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  979.208996][ T7448] command write [95] error -22
[  979.360585][   T29] audit: type=1400 audit(1741334127.219:786): avc:  denied  { bind } for  pid=15571 comm="syz.4.2541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  979.383641][T15572] xt_CT: You must specify a L4 protocol and not use inversions on it
[  979.813544][T15578] SELinux: syz.0.2542 (15578) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  981.451596][ T7448] lo speed is unknown, defaulting to 1000
[  981.814059][ T9468] usb 6-1: USB disconnect, device number 25
[  982.057270][   T25] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  982.311174][T15606] FAULT_INJECTION: forcing a failure.
[  982.311174][T15606] name failslab, interval 1, probability 0, space 0, times 0
[  982.336346][T15606] CPU: 0 UID: 0 PID: 15606 Comm: syz.4.2550 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  982.336380][T15606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  982.336390][T15606] Call Trace:
[  982.336396][T15606]  <TASK>
[  982.336403][T15606]  dump_stack_lvl+0x16c/0x1f0
[  982.336436][T15606]  should_fail_ex+0x50a/0x650
[  982.336465][T15606]  ? fs_reclaim_acquire+0xae/0x150
[  982.336494][T15606]  should_failslab+0xc2/0x120
[  982.336514][T15606]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  982.336533][T15606]  ? __alloc_skb+0x2b1/0x380
[  982.336561][T15606]  __alloc_skb+0x2b1/0x380
[  982.336582][T15606]  ? __pfx___alloc_skb+0x10/0x10
[  982.336605][T15606]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  982.336632][T15606]  netlink_alloc_large_skb+0x69/0x130
[  982.336655][T15606]  netlink_sendmsg+0x689/0xd70
[  982.336680][T15606]  ? __pfx_netlink_sendmsg+0x10/0x10
[  982.336709][T15606]  ____sys_sendmsg+0xaaf/0xc90
[  982.336727][T15606]  ? copy_msghdr_from_user+0x10b/0x160
[  982.336766][T15606]  ? __pfx_____sys_sendmsg+0x10/0x10
[  982.336793][T15606]  ___sys_sendmsg+0x135/0x1e0
[  982.336816][T15606]  ? __pfx____sys_sendmsg+0x10/0x10
[  982.336843][T15606]  ? __pfx_lock_release+0x10/0x10
[  982.336867][T15606]  ? trace_lock_acquire+0x14e/0x1f0
[  982.336892][T15606]  ? __fget_files+0x206/0x3a0
[  982.336916][T15606]  __sys_sendmsg+0x16e/0x220
[  982.336938][T15606]  ? __pfx___sys_sendmsg+0x10/0x10
[  982.336974][T15606]  do_syscall_64+0xcd/0x250
[  982.336998][T15606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.337022][T15606] RIP: 0033:0x7f4b96b8d169
[  982.337037][T15606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  982.337053][T15606] RSP: 002b:00007f4b97964038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  982.337077][T15606] RAX: ffffffffffffffda RBX: 00007f4b96da5fa0 RCX: 00007f4b96b8d169
[  982.337087][T15606] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000003
[  982.337097][T15606] RBP: 00007f4b97964090 R08: 0000000000000000 R09: 0000000000000000
[  982.337106][T15606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  982.337115][T15606] R13: 0000000000000000 R14: 00007f4b96da5fa0 R15: 00007fff4a603c58
[  982.337135][T15606]  </TASK>
[  982.637107][   T25] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  982.647079][T15610] FAULT_INJECTION: forcing a failure.
[  982.647079][T15610] name failslab, interval 1, probability 0, space 0, times 0
[  982.656732][   T25] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  982.661300][T15610] CPU: 0 UID: 0 PID: 15610 Comm: syz.4.2552 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  982.661328][T15610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  982.661339][T15610] Call Trace:
[  982.661344][T15610]  <TASK>
[  982.661350][T15610]  dump_stack_lvl+0x16c/0x1f0
[  982.661384][T15610]  should_fail_ex+0x50a/0x650
[  982.661411][T15610]  ? fs_reclaim_acquire+0xae/0x150
[  982.661438][T15610]  should_failslab+0xc2/0x120
[  982.661457][T15610]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  982.661475][T15610]  ? io_submit_one+0x123/0x1da0
[  982.661502][T15610]  io_submit_one+0x123/0x1da0
[  982.661532][T15610]  ? __pfx_io_submit_one+0x10/0x10
[  982.661555][T15610]  ? __might_fault+0x13b/0x190
[  982.661579][T15610]  ? lock_acquire+0x2f/0xb0
[  982.661601][T15610]  ? __might_fault+0xe3/0x190
[  982.661623][T15610]  ? __x64_sys_io_submit+0x1b2/0x340
[  982.661644][T15610]  __x64_sys_io_submit+0x1b2/0x340
[  982.661668][T15610]  ? __pfx___x64_sys_io_submit+0x10/0x10
[  982.661700][T15610]  do_syscall_64+0xcd/0x250
[  982.661721][T15610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.661743][T15610] RIP: 0033:0x7f4b96b8d169
[  982.661757][T15610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  982.661771][T15610] RSP: 002b:00007f4b97964038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  982.661789][T15610] RAX: ffffffffffffffda RBX: 00007f4b96da5fa0 RCX: 00007f4b96b8d169
[  982.661798][T15610] RDX: 0000400000000340 RSI: 0000000000000001 RDI: 00007f4b97943000
[  982.661823][T15610] RBP: 00007f4b97964090 R08: 0000000000000000 R09: 0000000000000000
[  982.661831][T15610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  982.661840][T15610] R13: 0000000000000000 R14: 00007f4b96da5fa0 R15: 00007fff4a603c58
[  982.661859][T15610]  </TASK>
[  982.944314][   T25] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  982.953565][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.006674][T15591] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  983.017500][   T25] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  983.178376][   T29] audit: type=1400 audit(1741334131.029:787): avc:  denied  { listen } for  pid=15618 comm="syz.5.2556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  983.281208][   T25] usb 7-1: USB disconnect, device number 16
[  984.549427][T15634] 8021q: VLANs not supported on ip6tnl0
[  985.108493][T15641] kvm: kvm [15637]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  985.209884][T10757] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  986.234630][   T29] audit: type=1326 audit(1741334133.989:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15657 comm="syz.5.2568" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba5f8d169 code=0x0
[  987.621151][T15673] SELinux: syz.6.2564 (15673) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  988.031738][   T29] audit: type=1800 audit(1741334135.889:789): pid=15680 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.2572" name="bus" dev="overlay" ino=2328 res=0 errno=0
[  988.468681][T15696] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2579'.
[  988.789009][T15699] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2580'.
[  988.816580][   T29] audit: type=1326 audit(1741334136.679:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15698 comm="syz.3.2580" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc19cd8d169 code=0x0
[  988.901639][T15703] FAULT_INJECTION: forcing a failure.
[  988.901639][T15703] name failslab, interval 1, probability 0, space 0, times 0
[  988.933464][T15703] CPU: 1 UID: 0 PID: 15703 Comm: syz.5.2582 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  988.933494][T15703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  988.933505][T15703] Call Trace:
[  988.933511][T15703]  <TASK>
[  988.933518][T15703]  dump_stack_lvl+0x16c/0x1f0
[  988.933551][T15703]  should_fail_ex+0x50a/0x650
[  988.933579][T15703]  ? fs_reclaim_acquire+0xae/0x150
[  988.933607][T15703]  ? video_usercopy+0x1ac/0x1620
[  988.933628][T15703]  should_failslab+0xc2/0x120
[  988.933647][T15703]  __kmalloc_noprof+0xcb/0x510
[  988.933664][T15703]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  988.933691][T15703]  video_usercopy+0x1ac/0x1620
[  988.933711][T15703]  ? __pfx___video_do_ioctl+0x10/0x10
[  988.933728][T15703]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  988.933760][T15703]  ? __pfx_video_usercopy+0x10/0x10
[  988.933788][T15703]  v4l2_ioctl+0x1ba/0x250
[  988.933806][T15703]  ? __pfx_v4l2_ioctl+0x10/0x10
[  988.933822][T15703]  __x64_sys_ioctl+0x190/0x200
[  988.933845][T15703]  do_syscall_64+0xcd/0x250
[  988.933869][T15703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  988.933891][T15703] RIP: 0033:0x7f8ba5f8d169
[  988.933905][T15703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  988.933919][T15703] RSP: 002b:00007f8ba6d4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  988.933934][T15703] RAX: ffffffffffffffda RBX: 00007f8ba61a5fa0 RCX: 00007f8ba5f8d169
[  988.933943][T15703] RDX: 0000400000000240 RSI: 00000000c0d05605 RDI: 0000000000000003
[  988.933951][T15703] RBP: 00007f8ba6d4e090 R08: 0000000000000000 R09: 0000000000000000
[  988.933994][T15703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  988.934003][T15703] R13: 0000000000000000 R14: 00007f8ba61a5fa0 R15: 00007ffc92da8ee8
[  988.934029][T15703]  </TASK>
[  989.411505][T15715] FAULT_INJECTION: forcing a failure.
[  989.411505][T15715] name failslab, interval 1, probability 0, space 0, times 0
[  989.424940][T15715] CPU: 1 UID: 0 PID: 15715 Comm: syz.3.2587 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  989.424972][T15715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  989.424981][T15715] Call Trace:
[  989.424986][T15715]  <TASK>
[  989.424993][T15715]  dump_stack_lvl+0x16c/0x1f0
[  989.425025][T15715]  should_fail_ex+0x50a/0x650
[  989.425052][T15715]  ? fs_reclaim_acquire+0xae/0x150
[  989.425079][T15715]  should_failslab+0xc2/0x120
[  989.425099][T15715]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  989.425115][T15715]  ? __mutex_unlock_slowpath+0x164/0x6a0
[  989.425136][T15715]  ? getname_flags.part.0+0x4c/0x550
[  989.425160][T15715]  getname_flags.part.0+0x4c/0x550
[  989.425182][T15715]  getname_flags+0x93/0xf0
[  989.425205][T15715]  user_path_at+0x24/0x60
[  989.425218][T15715]  __x64_sys_name_to_handle_at+0x1eb/0x310
[  989.425245][T15715]  ? __pfx___x64_sys_name_to_handle_at+0x10/0x10
[  989.425273][T15715]  do_syscall_64+0xcd/0x250
[  989.425294][T15715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  989.425317][T15715] RIP: 0033:0x7fc19cd8d169
[  989.425331][T15715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  989.425345][T15715] RSP: 002b:00007fc19dcd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012f
[  989.425360][T15715] RAX: ffffffffffffffda RBX: 00007fc19cfa5fa0 RCX: 00007fc19cd8d169
[  989.425370][T15715] RDX: 0000400000000240 RSI: 0000400000000040 RDI: ffffffffffffff9c
[  989.425380][T15715] RBP: 00007fc19dcd6090 R08: 0000000000000000 R09: 0000000000000000
[  989.425389][T15715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  989.425398][T15715] R13: 0000000000000000 R14: 00007fc19cfa5fa0 R15: 00007ffe68e8dc28
[  989.425420][T15715]  </TASK>
[  989.682794][ T9468] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  989.954460][ T9468] usb 7-1: Using ep0 maxpacket: 8
[  989.963138][ T9468] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  989.972390][ T9468] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  989.999649][T10757] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  990.194129][ T9468] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  990.209443][ T9468] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  990.228363][ T9468] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  990.249698][ T9468] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  990.260537][ T9468] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.354308][   T29] audit: type=1400 audit(1741334138.209:791): avc:  denied  { mount } for  pid=15727 comm="syz.3.2591" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  990.379883][T15735] fuse: Bad value for 'fd'
[  990.516740][ T9468] usb 7-1: usb_control_msg returned -32
[  990.525443][ T9468] usbtmc 7-1:16.0: can't read capabilities
[  991.362154][T15754] FAULT_INJECTION: forcing a failure.
[  991.362154][T15754] name failslab, interval 1, probability 0, space 0, times 0
[  991.396567][T15754] CPU: 1 UID: 0 PID: 15754 Comm: syz.0.2598 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  991.396617][T15754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  991.396628][T15754] Call Trace:
[  991.396635][T15754]  <TASK>
[  991.396644][T15754]  dump_stack_lvl+0x16c/0x1f0
[  991.396681][T15754]  should_fail_ex+0x50a/0x650
[  991.396710][T15754]  ? fs_reclaim_acquire+0xae/0x150
[  991.396739][T15754]  should_failslab+0xc2/0x120
[  991.396762][T15754]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  991.396782][T15754]  ? alloc_empty_file+0x73/0x1e0
[  991.396808][T15754]  alloc_empty_file+0x73/0x1e0
[  991.396830][T15754]  path_openat+0xe1/0x2d80
[  991.396846][T15754]  ? hlock_class+0x4e/0x130
[  991.396867][T15754]  ? __lock_acquire+0x15a9/0x3c40
[  991.396899][T15754]  ? __pfx_path_openat+0x10/0x10
[  991.396916][T15754]  ? __pfx___lock_acquire+0x10/0x10
[  991.396938][T15754]  ? lock_acquire.part.0+0x11b/0x380
[  991.396961][T15754]  ? find_held_lock+0x2d/0x110
[  991.396982][T15754]  do_filp_open+0x20c/0x470
[  991.397010][T15754]  ? __pfx_do_filp_open+0x10/0x10
[  991.397025][T15754]  ? find_held_lock+0x2d/0x110
[  991.397059][T15754]  ? alloc_fd+0x41f/0x760
[  991.397084][T15754]  do_sys_openat2+0x17a/0x1e0
[  991.397107][T15754]  ? __pfx_do_sys_openat2+0x10/0x10
[  991.397131][T15754]  ? __fget_files+0x206/0x3a0
[  991.397152][T15754]  __x64_sys_openat+0x175/0x210
[  991.397174][T15754]  ? __pfx___x64_sys_openat+0x10/0x10
[  991.397194][T15754]  ? ksys_write+0x1ba/0x250
[  991.397218][T15754]  do_syscall_64+0xcd/0x250
[  991.397244][T15754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  991.397270][T15754] RIP: 0033:0x7f527f18d169
[  991.397287][T15754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  991.397304][T15754] RSP: 002b:00007f528003c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  991.397324][T15754] RAX: ffffffffffffffda RBX: 00007f527f3a5fa0 RCX: 00007f527f18d169
[  991.397335][T15754] RDX: 0000000000000000 RSI: 0000400000000040 RDI: ffffffffffffff9c
[  991.397347][T15754] RBP: 00007f528003c090 R08: 0000000000000000 R09: 0000000000000000
[  991.397358][T15754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  991.397368][T15754] R13: 0000000000000000 R14: 00007f527f3a5fa0 R15: 00007ffde97bef78
[  991.397390][T15754]  </TASK>
[  991.637125][T15757] SELinux: syz.5.2594 (15757) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  991.808903][T15760] dccp_close: ABORT with 20 bytes unread
[  992.610244][T10757] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  992.990618][T15772] 9pnet_virtio: no channels available for device 127.0.0.1
[  993.017020][T15765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2601'.
[  993.079232][T12943] usb 7-1: USB disconnect, device number 17
[  993.228553][   T29] audit: type=1400 audit(1741334141.049:792): avc:  denied  { accept } for  pid=15777 comm="syz.0.2605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  993.336981][   T29] audit: type=1400 audit(1741334141.139:793): avc:  denied  { getopt } for  pid=15776 comm="syz.3.2606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  993.404466][   T29] audit: type=1400 audit(1741334141.149:794): avc:  denied  { sqpoll } for  pid=15776 comm="syz.3.2606" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  993.461464][T15790] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2609'.
[  994.195979][T10757] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  994.298403][T15805] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2608'.
[  994.316754][T15805] sp0: Synchronizing with TNC
[  994.410418][ T9468] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  994.422692][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  994.438070][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  994.474009][ T1293] sp0 selects TX queue 0, but real number of TX queues is 0
[  994.827417][ T9468] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  994.853921][ T9468] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  994.872956][ T9468] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  994.885425][ T9468] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.008369][T15807] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  995.022528][T15794] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  995.035902][T15807] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  995.042109][T15807] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  995.048548][T15807] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  995.061943][T15807] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  995.086905][T15807] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  995.101700][T15807] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  995.127289][ T9468] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  995.145252][T15812] fuse: Bad value for 'fd'
[  995.158258][T15807] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  995.377011][T12943] usb 1-1: USB disconnect, device number 20
[  995.860349][T10757] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  996.205370][   T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  996.394661][   T25] usb 4-1: Using ep0 maxpacket: 8
[  996.686073][T15832] program syz.4.2620 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  996.719957][   T29] audit: type=1326 audit(1741334144.289:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15826 comm="syz.6.2621" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5f2c58d169 code=0x0
[  996.766067][T10757] Bluetooth: hci2: unexpected event for opcode 0x1408
[  996.783598][   T25] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  996.899789][   T25] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  997.034275][   T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  997.041334][T10757] Bluetooth: hci0: command 0x0406 tx timeout
[  997.077563][   T25] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  997.104545][ T5830] Bluetooth: hci5: command 0x0406 tx timeout
[  997.110058][   T25] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  997.110647][ T5830] Bluetooth: hci3: command 0x0406 tx timeout
[  997.131175][T10757] Bluetooth: hci1: command 0x0405 tx timeout
[  997.171244][   T25] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  997.204911][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.253493][T15848] FAULT_INJECTION: forcing a failure.
[  997.253493][T15848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  997.288011][T15848] CPU: 1 UID: 0 PID: 15848 Comm: syz.0.2626 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[  997.288049][T15848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  997.288060][T15848] Call Trace:
[  997.288067][T15848]  <TASK>
[  997.288100][T15848]  dump_stack_lvl+0x16c/0x1f0
[  997.288137][T15848]  should_fail_ex+0x50a/0x650
[  997.288170][T15848]  _copy_from_user+0x2e/0xd0
[  997.288193][T15848]  cec_ioctl+0x2cf/0x2920
[  997.288219][T15848]  ? __pfx_cec_ioctl+0x10/0x10
[  997.288239][T15848]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  997.288270][T15848]  ? do_vfs_ioctl+0x513/0x1990
[  997.288299][T15848]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  997.288327][T15848]  ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[  997.288358][T15848]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  997.288387][T15848]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  997.288417][T15848]  ? __pfx_lock_release+0x10/0x10
[  997.288452][T15848]  ? selinux_file_ioctl+0x180/0x270
[  997.288476][T15848]  ? selinux_file_ioctl+0xb4/0x270
[  997.288503][T15848]  ? __pfx_cec_ioctl+0x10/0x10
[  997.288521][T15848]  __x64_sys_ioctl+0x190/0x200
[  997.288546][T15848]  do_syscall_64+0xcd/0x250
[  997.288571][T15848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.288595][T15848] RIP: 0033:0x7f527f18d169
[  997.288612][T15848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  997.288628][T15848] RSP: 002b:00007f528003c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  997.288648][T15848] RAX: ffffffffffffffda RBX: 00007f527f3a5fa0 RCX: 00007f527f18d169
[  997.288659][T15848] RDX: 0000400000000140 RSI: 00000000c05c6104 RDI: 0000000000000003
[  997.288675][T15848] RBP: 00007f528003c090 R08: 0000000000000000 R09: 0000000000000000
[  997.288685][T15848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  997.288695][T15848] R13: 0000000000000000 R14: 00007f527f3a5fa0 R15: 00007ffde97bef78
[  997.288717][T15848]  </TASK>
[  997.524321][ T9468] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  997.528086][   T25] usb 4-1: usb_control_msg returned -32
[  997.539304][   T25] usbtmc 4-1:16.0: can't read capabilities
[  997.547947][T15851] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[  997.710162][ T9468] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  997.722491][ T9468] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  997.746560][ T9468] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  997.783802][ T9468] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  997.842141][ T9468] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  997.854416][ T9468] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  997.877627][ T9468] usb 7-1: Manufacturer: syz
[  997.894244][ T9468] usb 7-1: config 0 descriptor??
[  998.138546][T15861] program syz.5.2631 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  998.204868][ T5830] Bluetooth: hci5: unexpected event for opcode 0x1408
[  998.489246][ T9468] appleir 0003:05AC:8243.0006: unknown main item tag 0x0
[  998.516106][ T9468] appleir 0003:05AC:8243.0006: No inputs registered, leaving
[  998.543352][ T9468] appleir 0003:05AC:8243.0006: hiddev1,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  998.705793][ T7448] usb 7-1: USB disconnect, device number 18
[  999.269642][ T5830] Bluetooth: hci1: command 0x0405 tx timeout
[  999.345486][ T5830] Bluetooth: hci5: Received unexpected HCI Event 0x00
[ 1000.619987][    T8] usb 4-1: USB disconnect, device number 24
[ 1000.685519][T15887] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1000.692331][T15887] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1500.
[ 1000.712789][T15887] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1000.821844][   T29] audit: type=1326 audit(1741334148.679:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15889 comm="syz.0.2641" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f527f18d169 code=0x0
[ 1001.034981][ T6006] bridge_slave_1: left allmulticast mode
[ 1001.040826][ T6006] bridge_slave_1: left promiscuous mode
[ 1001.060150][ T6006] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1001.073121][ T6006] bridge_slave_0: left allmulticast mode
[ 1001.082003][ T6006] bridge_slave_0: left promiscuous mode
[ 1001.089189][ T6006] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1001.104574][   T29] audit: type=1326 audit(1741334148.959:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15889 comm="syz.0.2641" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f527f18d169 code=0x0
[ 1001.140367][ T6006] batman_adv: batadv0: Interface deactivated: ip6gretap1
[ 1001.169888][ T6006] batman_adv: batadv0: Interface deactivated: geneve2
[ 1001.186131][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[ 1001.217457][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[ 1001.245072][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[ 1001.296504][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[ 1001.329963][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[ 1001.371920][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[ 1001.394340][T12943] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[ 1001.418875][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[ 1001.439243][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[ 1001.485857][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[ 1001.501573][T15894] kvm: kvm [15893]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[ 1002.139307][T12943] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1002.149040][T12943] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1002.165739][ T6006] batman_adv: batadv0: Removing interface: ip6gretap1
[ 1002.172997][T12943] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[ 1002.197218][T12943] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1002.217783][T12943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1002.239408][T12943] usb 1-1: SerialNumber: syz
[ 1002.421755][T15917] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[ 1002.661229][ T6006] batman_adv: batadv0: Removing interface: geneve2
[ 1002.725673][T10757] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1002.752001][T10757] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1002.764601][T10757] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1002.777108][T10757] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1002.777476][ T6006] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1002.807687][T10757] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1002.817319][T10757] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1003.637229][ T6006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1003.663157][ T6006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1003.690343][ T6006] bond0 (unregistering): Released all slaves
[ 1003.768799][T15915] lo speed is unknown, defaulting to 1000
[ 1003.909258][T12943] usb 1-1: USB disconnect, device number 21
[ 1004.004824][ T5830] Bluetooth: hci3: SCO packet for unknown connection handle 200
[ 1004.352222][   T29] audit: type=1400 audit(1741334152.179:798): avc:  denied  { map } for  pid=15935 comm="syz.0.2653" path="/dev/tty1" dev="devtmpfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[ 1005.197730][ T5830] Bluetooth: hci1: command tx timeout
[ 1006.043159][T15915] chnl_net:caif_netlink_parms(): no params data found
[ 1006.772402][T15971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2660'.
[ 1006.880284][   T29] audit: type=1326 audit(1741334154.739:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15969 comm="syz.0.2660" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f527f18d169 code=0x0
[ 1007.265719][ T5830] Bluetooth: hci1: command tx timeout
[ 1007.451999][ T6006] hsr_slave_0: left promiscuous mode
[ 1007.452454][ T6006] hsr_slave_1: left promiscuous mode
[ 1007.452857][ T6006] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1007.452912][ T6006] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1007.453489][ T6006] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1007.453509][ T6006] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1007.526725][ T6006] veth1_macvtap: left promiscuous mode
[ 1007.526840][ T6006] veth0_macvtap: left promiscuous mode
[ 1007.526967][ T6006] veth1_vlan: left promiscuous mode
[ 1007.527056][ T6006] veth0_vlan: left promiscuous mode
[ 1008.311478][ T9468] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[ 1008.508878][T15996] program syz.3.2667 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1008.557339][ T5830] Bluetooth: hci3: unexpected event for opcode 0x1408
[ 1008.586688][ T9468] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1008.598055][ T9468] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1008.624687][ T9468] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1008.638031][ T9468] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1008.742379][T15980] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1008.797306][ T9468] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1008.891156][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1009.038137][ T9468] usb 1-1: USB disconnect, device number 22
[ 1009.184338][ T7448] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1009.335294][ T7448] usb 4-1: device descriptor read/64, error -71
[ 1009.344605][ T5830] Bluetooth: hci1: command tx timeout
[ 1009.430590][ T6006] team0 (unregistering): Port device team_slave_1 removed
[ 1009.496640][ T6006] team0 (unregistering): Port device team_slave_0 removed
[ 1009.594388][ T7448] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1009.751264][ T7448] usb 4-1: device descriptor read/64, error -71
[ 1009.873090][ T7448] usb usb4-port1: attempt power cycle
[ 1010.247782][ T7448] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1010.306940][ T7448] usb 4-1: device descriptor read/8, error -71
[ 1010.527634][T15915] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1010.574419][ T7448] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1010.578992][T15915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1010.608454][ T7448] usb 4-1: device descriptor read/8, error -71
[ 1010.610607][T16012] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2672'.
[ 1010.670254][T15915] bridge_slave_0: entered allmulticast mode
[ 1010.678303][T15915] bridge_slave_0: entered promiscuous mode
[ 1010.689421][T15915] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1010.710418][   T29] audit: type=1400 audit(1741334158.559:800): avc:  denied  { mount } for  pid=16010 comm="syz.4.2671" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1010.815829][ T7448] usb usb4-port1: unable to enumerate USB device
[ 1010.870146][T15915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1011.173866][T15915] bridge_slave_1: entered allmulticast mode
[ 1011.565881][ T5830] Bluetooth: hci1: command tx timeout
[ 1011.602238][   T29] audit: type=1400 audit(1741334158.569:801): avc:  denied  { mounton } for  pid=16010 comm="syz.4.2671" path="/28/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[ 1011.626782][T15915] bridge_slave_1: entered promiscuous mode
[ 1011.730051][T15915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1011.823824][   T29] audit: type=1326 audit(1741334159.679:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16008 comm="syz.5.2672" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ba5f8d169 code=0x0
[ 1011.836102][T15915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1011.967853][T15915] team0: Port device team_slave_0 added
[ 1011.980858][T15915] team0: Port device team_slave_1 added
[ 1012.102256][   T29] audit: type=1400 audit(1741334159.949:803): avc:  denied  { unmount } for  pid=15333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1012.243776][T15915] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1012.329328][T15915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1012.459459][T16034] netlink: 'syz.3.2675': attribute type 1 has an invalid length.
[ 1012.467483][T16034] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2675'.
[ 1012.881218][T15915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1013.146558][T16037] program syz.4.2677 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1013.214301][ T5830] Bluetooth: hci2: unexpected event for opcode 0x1408
[ 1013.403525][T15915] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1013.464523][T15915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1013.565354][T15915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1013.665500][T16041] xt_hashlimit: size too large, truncated to 1048576
[ 1014.473778][T15915] hsr_slave_0: entered promiscuous mode
[ 1014.480957][T15915] hsr_slave_1: entered promiscuous mode
[ 1014.489473][T15915] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1014.497592][T15915] Cannot create hsr debugfs directory
[ 1014.666944][ T5830] Bluetooth: hci3: command 0x0406 tx timeout
[ 1014.828439][T16054] FAULT_INJECTION: forcing a failure.
[ 1014.828439][T16054] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1014.990703][T16054] CPU: 0 UID: 0 PID: 16054 Comm: syz.5.2682 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[ 1014.990741][T16054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1014.990752][T16054] Call Trace:
[ 1014.990759][T16054]  <TASK>
[ 1014.990767][T16054]  dump_stack_lvl+0x16c/0x1f0
[ 1014.990806][T16054]  should_fail_ex+0x50a/0x650
[ 1014.990848][T16054]  _copy_to_user+0x32/0xd0
[ 1014.990869][T16054]  simple_read_from_buffer+0xd0/0x160
[ 1014.990903][T16054]  proc_fail_nth_read+0x198/0x270
[ 1014.990933][T16054]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1014.990960][T16054]  ? rw_verify_area+0xcf/0x680
[ 1014.990986][T16054]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1014.991010][T16054]  vfs_read+0x1df/0xbf0
[ 1014.991040][T16054]  ? __pfx___mutex_lock+0x10/0x10
[ 1014.991066][T16054]  ? __pfx_vfs_read+0x10/0x10
[ 1014.991091][T16054]  ? rcu_is_watching+0x12/0xc0
[ 1014.991117][T16054]  ? __rcu_read_unlock+0x2b4/0x580
[ 1014.991160][T16054]  ? __fget_files+0x206/0x3a0
[ 1014.991186][T16054]  ksys_read+0x12b/0x250
[ 1014.991212][T16054]  ? __pfx_ksys_read+0x10/0x10
[ 1014.991245][T16054]  do_syscall_64+0xcd/0x250
[ 1014.991270][T16054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1014.991299][T16054] RIP: 0033:0x7f8ba5f8bb7c
[ 1014.991317][T16054] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1014.991335][T16054] RSP: 002b:00007f8ba6d2d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1014.991353][T16054] RAX: ffffffffffffffda RBX: 00007f8ba61a6080 RCX: 00007f8ba5f8bb7c
[ 1014.991365][T16054] RDX: 000000000000000f RSI: 00007f8ba6d2d0a0 RDI: 0000000000000006
[ 1014.991375][T16054] RBP: 00007f8ba6d2d090 R08: 0000000000000000 R09: 0000000000000000
[ 1014.991386][T16054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1014.991396][T16054] R13: 0000000000000001 R14: 00007f8ba61a6080 R15: 00007ffc92da8ee8
[ 1014.991421][T16054]  </TASK>
[ 1015.254363][ T7448] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1015.435299][ T7448] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1015.452240][ T7448] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1015.468732][ T7448] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1015.482042][ T7448] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1015.500444][T16048] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1015.510938][ T7448] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1015.703100][ T3397] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1016.292746][ T5830] Bluetooth: hci0: Received unexpected HCI Event 0x00
[ 1016.341393][ T5869] usb 4-1: USB disconnect, device number 29
[ 1016.404560][ T3397] usb 5-1: device descriptor read/64, error -71
[ 1016.671925][ T3397] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1016.818258][ T3397] usb 5-1: device descriptor read/64, error -71
[ 1016.943680][ T3397] usb usb5-port1: attempt power cycle
[ 1017.314858][ T3397] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1017.347902][ T3397] usb 5-1: device descriptor read/8, error -71
[ 1017.614689][ T3397] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1017.676331][ T3397] usb 5-1: device descriptor read/8, error -71
[ 1017.797392][ T3397] usb usb5-port1: unable to enumerate USB device
[ 1020.464896][T16080] program syz.3.2689 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1020.513601][ T5830] Bluetooth: hci3: unexpected event for opcode 0x1408
[ 1020.926636][T15915] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1020.976469][T15915] 8021q: adding VLAN 0 to HW filter on device team0
[ 1020.993000][ T6111] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.000318][ T6111] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1021.031653][ T6067] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.038936][ T6067] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1022.600990][T15915] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1024.055223][T15915] veth0_vlan: entered promiscuous mode
[ 1024.070878][T16122] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4248040714 (33984325712 ns) > initial count (13785393824 ns). Using initial count to start timer.
[ 1024.087351][T15915] veth1_vlan: entered promiscuous mode
[ 1024.096545][T16124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2701'.
[ 1024.109738][T16122] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3623781144 (115960996608 ns) > initial count (105833777824 ns). Using initial count to start timer.
[ 1024.123504][T15915] veth0_macvtap: entered promiscuous mode
[ 1024.154384][T15915] veth1_macvtap: entered promiscuous mode
[ 1024.174027][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1024.185011][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.198386][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1024.209487][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.219956][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1024.230698][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.242765][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1024.257870][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.269543][T15915] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1024.304093][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1024.322004][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.332786][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1024.352184][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.368405][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1024.378962][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.388996][T15915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1024.400104][T15915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.411254][T15915] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1024.514324][ T9468] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[ 1024.516012][ T6135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1024.540413][ T6135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1024.563840][ T6067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1024.574265][ T6067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1024.594689][   T25] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1024.678274][ T9468] usb 1-1: Using ep0 maxpacket: 32
[ 1024.686137][ T9468] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1024.709304][ T9468] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1024.726834][ T9468] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1024.738798][ T9468] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1024.751713][ T9468] usb 1-1: Product: syz
[ 1024.759775][ T9468] usb 1-1: Manufacturer: syz
[ 1024.771297][ T9468] hub 1-1:4.0: USB hub found
[ 1024.787846][   T25] usb 6-1: Using ep0 maxpacket: 8
[ 1024.813355][   T25] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1024.845507][   T25] usb 6-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.1b
[ 1024.857403][   T25] usb 6-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[ 1024.888773][   T25] usb 6-1: Manufacturer: syz
[ 1024.899661][   T25] usb 6-1: config 0 descriptor??
[ 1024.909600][   T25] usb 6-1: selecting invalid altsetting 1
[ 1024.924457][   T25] usb 6-1: Can not set alternate setting to 1, error: -22
[ 1024.935242][   T25] synaptics_usb 6-1:0.0: probe with driver synaptics_usb failed with error -22
[ 1024.984698][ T9468] hub 1-1:4.0: 2 ports detected
[ 1025.050307][T16158] capability: warning: `syz.7.2715' uses 32-bit capabilities (legacy support in use)
[ 1025.123860][   T25] usb 6-1: USB disconnect, device number 26
[ 1025.186528][ T9468] hub 1-1:4.0: hub_hub_status failed (err = -71)
[ 1025.204296][ T9468] hub 1-1:4.0: config failed, can't get hub status (err -71)
[ 1025.251034][ T9468] usb 1-1: USB disconnect, device number 23
[ 1025.322244][T16170] lo speed is unknown, defaulting to 1000
[ 1025.379901][T16171] Bluetooth: MGMT ver 1.23
[ 1026.564113][    T8] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1026.830120][    T8] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1026.942593][T16206] tap0: tun_chr_ioctl cmd 1074025677
[ 1027.004369][    T8] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[ 1027.099662][T16206] tap0: linktype set to 778
[ 1027.125199][    T8] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1027.137325][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1027.329955][    T8] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1027.355489][    T8] usb 6-1: invalid MIDI out EP 0
[ 1027.477953][    T8] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1027.533630][    T8] usb 6-1: USB disconnect, device number 27
[ 1027.758442][T16216] hub 9-0:1.0: USB hub found
[ 1027.774661][T16216] hub 9-0:1.0: 1 port detected
[ 1027.783521][T16219] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2741'.
[ 1027.799711][   T29] audit: type=1400 audit(1741334175.599:804): avc:  denied  { setopt } for  pid=16214 comm="syz.0.2739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1029.144271][   T29] audit: type=1400 audit(1741334176.739:805): avc:  denied  { watch watch_reads } for  pid=16220 comm="syz.3.2742" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=492 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1030.838439][   T29] audit: type=1326 audit(1741334178.039:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16230 comm="syz.0.2745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527f18d169 code=0x7ffc0000
[ 1030.860427][ T7448] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1030.876298][   T29] audit: type=1326 audit(1741334178.039:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16230 comm="syz.0.2745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527f18d169 code=0x7ffc0000
[ 1030.901327][   T29] audit: type=1326 audit(1741334178.049:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16230 comm="syz.0.2745" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f527f18d169 code=0x7ffc0000
[ 1135.934164][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1135.941244][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P6006/1:b..l
[ 1135.950470][    C0] rcu: 	(detected by 0, t=10504 jiffies, g=63489, q=292 ncpus=2)
[ 1135.958207][    C0] task:kworker/u8:9    state:R  running task     stack:23808 pid:6006  tgid:6006  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1135.973173][    C0] Workqueue: bat_events batadv_nc_worker
[ 1135.978855][    C0] Call Trace:
[ 1135.982136][    C0]  <TASK>
[ 1135.985069][    C0]  __schedule+0xf43/0x5890
[ 1135.989494][    C0]  ? __pfx_mark_lock+0x10/0x10
[ 1135.994271][    C0]  ? __pfx_mark_lock+0x10/0x10
[ 1135.999041][    C0]  ? __pfx___schedule+0x10/0x10
[ 1136.004028][    C0]  ? __pfx_mark_lock+0x10/0x10
[ 1136.008807][    C0]  ? mark_held_locks+0x9f/0xe0
[ 1136.013629][    C0]  preempt_schedule_irq+0x51/0x90
[ 1136.018701][    C0]  irqentry_exit+0x36/0x90
[ 1136.023134][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1136.029129][    C0] RIP: 0010:lock_acquire.part.0+0x155/0x380
[ 1136.035029][    C0] Code: b8 ff ff ff ff 65 0f c1 05 00 c9 6b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
[ 1136.054639][    C0] RSP: 0018:ffffc9000489fa40 EFLAGS: 00000206
[ 1136.060712][    C0] RAX: 0000000000000046 RBX: 1ffff92000913f49 RCX: 00000000f05df378
[ 1136.068699][    C0] RDX: 0000000000000001 RSI: ffffffff8b6cfe00 RDI: ffffffff8bd367e0
[ 1136.076689][    C0] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dd8b98
[ 1136.084752][    C0] R10: ffffffff96ec5cc7 R11: 0000000000000002 R12: 0000000000000000
[ 1136.092766][    C0] R13: ffffffff8e1bd0c0 R14: 0000000000000000 R15: 0000000000000000
[ 1136.100774][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[ 1136.106426][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1136.111191][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[ 1136.116395][    C0]  ? batadv_nc_worker+0x164/0x1060
[ 1136.121512][    C0]  ? lock_acquire+0x2f/0xb0
[ 1136.126018][    C0]  ? batadv_nc_worker+0x164/0x1060
[ 1136.131141][    C0]  batadv_nc_worker+0x16a/0x1060
[ 1136.136115][    C0]  ? batadv_nc_worker+0x164/0x1060
[ 1136.141266][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[ 1136.146648][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1136.151422][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[ 1136.156626][    C0]  ? process_one_work+0x921/0x1ba0
[ 1136.161749][    C0]  ? lock_acquire+0x2f/0xb0
[ 1136.166267][    C0]  ? process_one_work+0x921/0x1ba0
[ 1136.171391][    C0]  process_one_work+0x9c5/0x1ba0
[ 1136.176340][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[ 1136.181828][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1136.187219][    C0]  ? assign_work+0x1a0/0x250
[ 1136.191855][    C0]  worker_thread+0x6c8/0xf00
[ 1136.196472][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1136.201595][    C0]  kthread+0x3af/0x750
[ 1136.205664][    C0]  ? __pfx_kthread+0x10/0x10
[ 1136.210285][    C0]  ? lock_acquire+0x2f/0xb0
[ 1136.214881][    C0]  ? __pfx_kthread+0x10/0x10
[ 1136.219487][    C0]  ret_from_fork+0x45/0x80
[ 1136.223914][    C0]  ? __pfx_kthread+0x10/0x10
[ 1136.228527][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1136.233308][    C0]  </TASK>
[ 1136.236330][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10500 jiffies! g63489 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[ 1136.249266][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=50048
[ 1136.257238][    C0] rcu: rcu_preempt kthread starved for 10501 jiffies! g63489 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[ 1136.268603][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1136.278745][    C0] rcu: RCU grace-period kthread stack dump:
[ 1136.284651][    C0] task:rcu_preempt     state:I stack:26128 pid:17    tgid:17    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1136.297050][    C0] Call Trace:
[ 1136.300327][    C0]  <TASK>
[ 1136.303262][    C0]  __schedule+0xf43/0x5890
[ 1136.307861][    C0]  ? __pfx___lock_acquire+0x10/0x10
[ 1136.313599][    C0]  ? __pfx___schedule+0x10/0x10
[ 1136.318455][    C0]  ? schedule+0x298/0x350
[ 1136.322797][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1136.327834][    C0]  ? lock_acquire+0x2f/0xb0
[ 1136.332348][    C0]  ? schedule+0x1fd/0x350
[ 1136.337760][    C0]  schedule+0xe7/0x350
[ 1136.341993][    C0]  schedule_timeout+0x124/0x280
[ 1136.346950][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1136.352369][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1136.357710][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1136.363535][    C0]  ? prepare_to_swait_event+0xf3/0x470
[ 1136.369005][    C0]  rcu_gp_fqs_loop+0x1eb/0xb00
[ 1136.373777][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1136.379061][    C0]  ? rcu_gp_init+0xc82/0x1630
[ 1136.383740][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1136.389206][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1136.395016][    C0]  rcu_gp_kthread+0x271/0x380
[ 1136.399769][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1136.405040][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1136.410259][    C0]  ? __kthread_parkme+0x148/0x220
[ 1136.415282][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1136.420492][    C0]  kthread+0x3af/0x750
[ 1136.424564][    C0]  ? __pfx_kthread+0x10/0x10
[ 1136.429157][    C0]  ? __pfx_kthread+0x10/0x10
[ 1136.433904][    C0]  ret_from_fork+0x45/0x80
[ 1136.438361][    C0]  ? __pfx_kthread+0x10/0x10
[ 1136.442966][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1136.447766][    C0]  </TASK>
[ 1136.451218][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1136.457560][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1136.462804][    C1] NMI backtrace for cpu 1
[ 1136.462829][    C1] CPU: 1 UID: 0 PID: 16236 Comm: syz.7.2747 Not tainted 6.14.0-rc5-syzkaller-00109-g0f52fd4f67c6 #0
[ 1136.462845][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1136.462853][    C1] RIP: 0010:kasan_check_range+0x39/0x1a0
[ 1136.462884][    C1] Code: f8 41 54 44 0f b6 c2 48 01 f0 55 53 0f 82 c6 00 00 00 48 b8 ff ff ff ff ff 7f ff ff 48 39 f8 0f 83 b3 00 00 00 4c 8d 54 37 ff <48> 89 fd 48 b8 00 00 00 00 00 fc ff df 4d 89 d1 48 c1 ed 03 49 c1
[ 1136.462896][    C1] RSP: 0018:ffffc90000a18d38 EFLAGS: 00000083
[ 1136.462909][    C1] RAX: ffff7fffffffffff RBX: ffff88805ed50000 RCX: ffffffff8931cfb3
[ 1136.462918][    C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88805ed50158
[ 1136.462926][    C1] RBP: ffff88803302a810 R08: 0000000000000001 R09: 0000000000000000
[ 1136.462935][    C1] R10: ffff88805ed5015f R11: 0000000000000001 R12: 0000000000000002
[ 1136.462942][    C1] R13: ffff88803302a800 R14: ffff88805ed50340 R15: ffff88803302b400
[ 1136.462951][    C1] FS:  00007fb4bf11c6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1136.462965][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1136.462974][    C1] CR2: 0000400000003c80 CR3: 000000005e3d8000 CR4: 00000000003526f0
[ 1136.462982][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1136.462990][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1136.462998][    C1] Call Trace:
[ 1136.463004][    C1]  <NMI>
[ 1136.463010][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[ 1136.463037][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1136.463056][    C1]  ? nmi_handle+0x1ac/0x5d0
[ 1136.463083][    C1]  ? kasan_check_range+0x39/0x1a0
[ 1136.463100][    C1]  ? default_do_nmi+0x6a/0x160
[ 1136.463122][    C1]  ? exc_nmi+0x170/0x1e0
[ 1136.463140][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1136.463163][    C1]  ? __netif_schedule+0x23/0x2f0
[ 1136.463191][    C1]  ? kasan_check_range+0x39/0x1a0
[ 1136.463208][    C1]  ? kasan_check_range+0x39/0x1a0
[ 1136.463224][    C1]  ? kasan_check_range+0x39/0x1a0
[ 1136.463240][    C1]  </NMI>
[ 1136.463244][    C1]  <IRQ>
[ 1136.463249][    C1]  __netif_schedule+0x23/0x2f0
[ 1136.463272][    C1]  advance_sched+0x6a7/0xc60
[ 1136.463300][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1136.463318][    C1]  __hrtimer_run_queues+0x20a/0xae0
[ 1136.463337][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1136.463350][    C1]  ? read_tsc+0x9/0x20
[ 1136.463367][    C1]  hrtimer_interrupt+0x392/0x8e0
[ 1136.463386][    C1]  __sysvec_apic_timer_interrupt+0x10f/0x400
[ 1136.463409][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1136.463429][    C1]  </IRQ>
[ 1136.463433][    C1]  <TASK>
[ 1136.463438][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1136.463457][    C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80
[ 1136.463479][    C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 96 cc 3c f6 48 89 df e8 ee 4b 3d f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 65 21 2e f6 65 8b 05 a6 f3 a9 74 85 c0 74 16 5b
[ 1136.463491][    C1] RSP: 0018:ffffc90003b37ca8 EFLAGS: 00000246
[ 1136.463502][    C1] RAX: 0000000000000002 RBX: ffff8880b862c680 RCX: 1ffffffff2dd8c73
[ 1136.463510][    C1] RDX: 0000000000000000 RSI: ffffffff8b6cfb00 RDI: ffffffff8bd367e0
[ 1136.463519][    C1] RBP: 0000000000000282 R08: 0000000000000001 R09: fffffbfff2dd8b98
[ 1136.463527][    C1] R10: ffffffff96ec5cc7 R11: 0000000000000001 R12: 0000000000000004
[ 1136.463535][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
[ 1136.463549][    C1]  clock_was_set+0x591/0x850
[ 1136.463565][    C1]  ? __pfx_clock_was_set+0x10/0x10
[ 1136.463578][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1136.463594][    C1]  do_settimeofday64+0x305/0x4c0
[ 1136.463612][    C1]  ? __pfx_do_settimeofday64+0x10/0x10
[ 1136.463626][    C1]  ? bpf_lsm_capable+0x9/0x10
[ 1136.463645][    C1]  ? comedi_unlocked_ioctl+0x2cc6/0x2e60
[ 1136.463666][    C1]  ? capable+0xd4/0x110
[ 1136.463686][    C1]  do_sys_settimeofday64+0x1dc/0x260
[ 1136.463711][    C1]  __x64_sys_clock_settime+0x1bf/0x2a0
[ 1136.463733][    C1]  ? __pfx___x64_sys_clock_settime+0x10/0x10
[ 1136.463753][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1136.463771][    C1]  do_syscall_64+0xcd/0x250
[ 1136.463788][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1136.463806][    C1] RIP: 0033:0x7fb4be38d169
[ 1136.463821][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1136.463833][    C1] RSP: 002b:00007fb4bf11c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3
[ 1136.463846][    C1] RAX: ffffffffffffffda RBX: 00007fb4be5a5fa0 RCX: 00007fb4be38d169
[ 1136.463854][    C1] RDX: 0000000000000000 RSI: 0000400000003c80 RDI: 0000000000000000
[ 1136.463863][    C1] RBP: 00007fb4be40e2a0 R08: 0000000000000000 R09: 0000000000000000
[ 1136.463871][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1136.463879][    C1] R13: 0000000000000000 R14: 00007fb4be5a5fa0 R15: 00007ffd672844d8
[ 1136.463892][    C1]  </TASK>