last executing test programs: 16.802310258s ago: executing program 4 (id=55): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000001340)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, 0x0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xe9, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x10, 0x0, 0x0) 14.324779495s ago: executing program 4 (id=61): msgsnd(0x0, &(0x7f0000000340)=ANY=[], 0x2000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x770d3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) r4 = socket$tipc(0x1e, 0x2, 0x0) r5 = userfaultfd(0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) fstat(r5, 0x0) getresuid(0x0, 0x0, &(0x7f0000000380)) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10) 13.190532819s ago: executing program 4 (id=63): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4fc, 0x5d8, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(r1, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') preadv(r4, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/83, 0x53}], 0x1, 0x8f, 0x3b16) 13.090941582s ago: executing program 3 (id=65): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000180)={0x1}) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f0000000280)={[{0x4fba, 0x5, 0xfd, 0x7, 0x98, 0xf8, 0x4, 0x1, 0x9, 0x5, 0x4, 0x6, 0x9}, {0x10, 0x400, 0x4, 0x9, 0x7, 0x6, 0x33, 0x2, 0x1, 0x7, 0x7f, 0xd, 0x201}, {0x80, 0x4c3e, 0x7f, 0xe, 0x5c, 0x8, 0x4, 0x4, 0x68, 0x7, 0x0, 0x6, 0x1e7}], 0x5}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x4498bda7e2139f51, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x5, 0x7fff, 0x1000200004, 0x4, 0x2, 0x0, 0x1], 0x8080000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 12.621554759s ago: executing program 1 (id=67): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000001340)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xe9, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x10, 0x0, 0x0) arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x5005, 0x4000000002004003) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f00000000c0)={0x400000000000000, 0xffffffff, 0x0, 0xd, 0x7}) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) socket(0x11, 0x3, 0x0) 12.523421392s ago: executing program 0 (id=68): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0) socket$inet_icmp(0x2, 0x2, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) creat(0x0, 0xecf86c37d53049cc) lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0318fe0000e79f00014a"], 0xa, 0x1) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r3, 0x40045542, &(0x7f00000001c0)) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000840)={0x24, &(0x7f0000000600)={0x20, 0x9, 0x1, "d9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000200)={0x0, 0xd, 0x1, "a1"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 10.17688598s ago: executing program 1 (id=70): r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000880)={0x24, r2, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}]}, 0x24}}, 0x18) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r2, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_VLANID={0x4, 0x28, 0x2}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x0, 0x39, 0x7}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xc5}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x44814) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r7, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x1c, 0x2, [@TCA_GRED_LIMIT={0x8, 0x5, 0x800}, @TCA_GRED_DPS={0x10, 0x3, {0x2, 0x8, 0x1, 0x8}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x240400d0}, 0x24008004) syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) fsetxattr(r9, &(0x7f0000000700)=ANY=[@ANYBLOB='s'], 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f00000001c0)={0x4000000, 0x1, 0x0, 'queue0\x00', 0x1c52}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82) syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="0015fe000000132818f0"], 0x0, 0x0, 0x0, 0x0, 0x0}) 10.084369525s ago: executing program 2 (id=71): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000001340)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, 0x0) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xe9, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x10, 0x0, 0x0) 9.939782789s ago: executing program 4 (id=72): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, &(0x7f0000000340)={@desc={0x1, 0x0, @desc3}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, &(0x7f0000000300)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x3f0, r4, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x3a4, 0x8, 0x0, 0x1, [{0x6c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x2e8, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x2a0, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}]}, {0x4}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2c}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x2}}]}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x3f0}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 7.491135459s ago: executing program 0 (id=73): socket$nl_xfrm(0x10, 0x3, 0x6) openat$kvm(0xffffffffffffff9c, 0x0, 0x109881, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000a00)=@abs, 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) symlinkat(0x0, 0xffffffffffffffff, &(0x7f0000000200)='./file0\x00') ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000569000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000900)="65f30fa7e066b94209000066b81286694866ba000000000f30baa100ec65a00000660f3881433f640f07b801088ed8baf80c66b834ff178166efbafe0cb000eeb8000002c0640f01cf", 0x49}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.375256251s ago: executing program 2 (id=74): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x804000, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB, @ANYRESHEX=r0]) 7.288285194s ago: executing program 3 (id=75): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000000440)=""/128, 0x80}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {0x0}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0) 7.164515134s ago: executing program 3 (id=76): socket$nl_rdma(0x10, 0x3, 0x14) socket(0xa, 0x3, 0x87) socket$unix(0x1, 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r1}, &(0x7f0000000280), &(0x7f0000000340)=r2}, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000b00)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0xc2, 0x7, 0x0, 0x3}}}}}}}, 0x0) 6.964563584s ago: executing program 3 (id=77): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x14, r1, 0xe701ac47a3d23ecd}, 0x14}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf9385", 0xa2}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x109102, 0x0) writev(r3, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2) writev(r3, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x58, 0x91, 0x8000000000000000) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x55, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x1}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.84237943s ago: executing program 2 (id=78): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) modify_ldt$write2(0x11, &(0x7f0000000040), 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0x800c000) setsockopt$TIPC_MCAST_BROADCAST(0xffffffffffffffff, 0x10f, 0x85) openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101180, 0x0) socket(0x400000000010, 0x3, 0x0) io_setup(0x81, &(0x7f0000000180)) 5.892532584s ago: executing program 1 (id=79): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009c0000000b"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x2108, r0}, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x800, 0x8000, 0x400246}, &(0x7f0000000340)=0x0, &(0x7f00000006c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r3, 0x0, 0x0, 0x0, 0x2}) unshare(0x20400) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='attr/prev\x00') ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000080)={0x0, 'geneve0\x00', {0x20000001}, 0x4}) renameat2(r6, &(0x7f0000000280)='./file1/file2\x00', r6, &(0x7f0000000240)='./file1/file2\x00', 0x3) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="4400000002eb0104000000000000000700000006300002002c00018014000300fe8000000000000000000000000000aa1400040000000000000000000000000000000000359a23e1a0281a1f65f8ebed7b019a8583fe86758670cb853c77ceb8b86e479e9451202181c9a941108e15ae442745b880a05708607078f53f391924d6c365a210efe617d549dfb17c80a07ef334ec3dcdf3ac7cfc576a914902cd94683e223498bd84c84a665c709ee08203a1c0acf18a90a26fc421d350b1e2f426f6fc55a32a53d38776cfbef416b7ab8a2a7d95fa3c866c143ce2928ca6b2317a2e6a36873e453dc031930eff87491826f1c1b6d6d216"], 0x44}, 0x1, 0x0, 0x0, 0x4008091}, 0x20048800) io_uring_enter(r3, 0x4c6e, 0xc67a, 0x8, 0x0, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) 5.865360383s ago: executing program 2 (id=80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000001340)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xe9, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x10, 0x0, 0x0) arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x5005, 0x4000000002004003) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f00000000c0)={0x400000000000000, 0xffffffff, 0x0, 0xd, 0x7}) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) socket(0x11, 0x3, 0x0) 5.779960882s ago: executing program 0 (id=81): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.652759643s ago: executing program 3 (id=82): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4fc, 0x5d8, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(r1, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet6_mptcp(0xa, 0x1, 0x106) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') preadv(r4, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/83, 0x53}], 0x1, 0x8f, 0x3b16) 3.243884087s ago: executing program 2 (id=83): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0) socket$inet_icmp(0x2, 0x2, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mount$binder(0x0, 0x0, 0x0, 0x80000, &(0x7f00000003c0)=ANY=[]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) creat(0x0, 0xecf86c37d53049cc) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x2, 0x20002) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r3, 0x40045542, &(0x7f00000001c0)) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000840)={0x24, &(0x7f0000000600)={0x20, 0x9, 0x1, "d9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000200)={0x0, 0xd, 0x1, "a1"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 3.235217686s ago: executing program 1 (id=84): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) ioctl$SIOCGSTAMP(r2, 0x8906, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, r3) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x8800}, 0x4044800) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000700)=ANY=[@ANYBLOB="87000000060000000000000000000000010000000000000004000000000000002fffffff00000000d5bf9d07fd942558c800b7160422a61d8f73f53dd51b4640500854718145dbb4eba0ffde92c580dba43ca2f59e0f02f178e65626b6ec802d004d3fc5fde005fd6192a885928782e5548e6a6497ada66ef9a75ac37a9b2726093933c3de89002b35488be09a696bd527bba9d125ca8c0c3d2775ca277d6083e0b1f960c47deafd156ede904c265ba0af5c9d9b7a9101fc5aa9062fa1c9bf830f76031c93a9b16699aa765e710e368d64ddd0cd07c1a4adae186b47b9b3e17db2f9f3f6791bece99270c2cac0a94c4e4571287d48c2c6edfce098be952de9cec63862f010b7ea5947ae53b80b9cd483301c3cb36d75"], 0x87) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, 0x0) openat$ttyS3(0xffffff9c, 0x0, 0x20040, 0x0) r4 = openat$sequencer2(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0) write$sequencer(r4, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x20000000000040) r5 = syz_io_uring_setup(0x49b, &(0x7f0000000200)={0x0, 0x79af, 0x0, 0x7ffe, 0x259, 0x0, r1}, &(0x7f0000000140)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x1, 0x40, 0x1}) io_uring_enter(r5, 0x627, 0xc104effd, 0x43, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000ffff6d9c7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="2a0a050023080000280012800b000100697036746e6c0000180002801400030000000000000003000000"], 0x48}, 0x1, 0x0, 0x0, 0x4000080}, 0x4008000) 2.808461925s ago: executing program 4 (id=85): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x18, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x40000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) fsmount(0xffffffffffffffff, 0x1, 0x102) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) preadv(0xffffffffffffffff, 0x0, 0x0, 0x3, 0x168) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) close_range(r0, 0xffffffffffffffff, 0x0) 2.569715869s ago: executing program 0 (id=86): get_mempolicy(&(0x7f00000000c0), &(0x7f0000000100), 0x3, &(0x7f0000ffd000/0x3000)=nil, 0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) setrlimit(0x6, &(0x7f00000002c0)={0x91, 0x39}) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r1, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0xd, &(0x7f0000000300)=0x7, 0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) modify_ldt$write2(0x11, &(0x7f0000000040), 0x10) setsockopt$TIPC_MCAST_BROADCAST(0xffffffffffffffff, 0x10f, 0x85) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000280)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) accept4$inet6(r2, &(0x7f0000000240)={0xa, 0x0, 0x0, @private0}, 0x0, 0x0) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101180, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r3, 0xc0040d07, &(0x7f0000000040)=0x121) cachestat(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0xf}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_TYPE={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x9c}}, 0x0) openat$vimc0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket(0x9, 0x6, 0x0) io_setup(0x81, &(0x7f0000000180)) 1.016089332s ago: executing program 0 (id=87): socket$nl_rdma(0x10, 0x3, 0x14) socket(0xa, 0x3, 0x87) socket$unix(0x1, 0x1, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r1}, &(0x7f0000000280), &(0x7f0000000340)=r2}, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r2, r4, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) 746.463456ms ago: executing program 1 (id=88): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c8) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', 0xffffffffffffffff, 0x0, 0x9}, 0x18) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0xb3409000) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc22, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f0000000200)) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$AUDIT_DEL_RULE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4810}, 0x400c890) ioctl$sock_proto_private(0xffffffffffffffff, 0x89ef, 0x0) ioctl$TIOCL_SETVESABLANK(0xffffffffffffffff, 0x560e, &(0x7f0000000140)) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='projid_map\x00') 709.555534ms ago: executing program 0 (id=89): syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) r5 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r5, 0x2, &(0x7f0000000100)={0x2}, 0x0) 198.126544ms ago: executing program 3 (id=90): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000001340)=ANY=[], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0xe9, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text16={0x10, 0x0}], 0x1, 0x10, 0x0, 0x0) arch_prctl$ARCH_REQ_XCOMP_GUEST_PERM(0x5005, 0x4000000002004003) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f00000000c0)={0x400000000000000, 0xffffffff, 0x0, 0xd, 0x7}) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) r4 = socket(0x11, 0x3, 0x0) setsockopt$packet_int(r4, 0x107, 0x12, &(0x7f0000000180)=0xe1, 0x4) 149.089095ms ago: executing program 4 (id=91): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x8202, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000000dc0)={{0x1, 0x3, 0x9, 0x800, 0x5, 0x5}, 0x8d, [0x7, 0x93b, 0x6, 0x1, 0x1, 0xb8a, 0x2f, 0x100, 0x5, 0x7, 0x7, 0x5, 0x41d4, 0x83, 0x4, 0xffffffff, 0x9, 0x1000, 0x77e4, 0xffff0c56, 0x3, 0x1, 0x0, 0x40, 0x9, 0x200, 0x69, 0x4, 0x0, 0x6, 0x3, 0x7, 0x8, 0x8, 0xa522, 0x100, 0xfffffff8, 0x80000001, 0x0, 0x40, 0x1, 0x6, 0x1, 0x7fffffff, 0x5eb9, 0x5, 0x9c05, 0x800000c, 0x401, 0x4, 0x75, 0x817, 0xb, 0x3, 0xda90, 0x7, 0xf, 0xbc4b, 0x106, 0xfd, 0x81, 0x6, 0x101, 0x39, 0xffffff7f, 0x6, 0x5, 0x5, 0x77, 0xfffffffd, 0x0, 0x9, 0x73f, 0x5, 0x8, 0x4, 0x3, 0xffffffff, 0x5, 0x26be23d3, 0x7, 0x2, 0x9, 0x8, 0xdd2, 0xdd2, 0x3, 0x4, 0x2, 0xfff, 0x80000001, 0x9, 0x4, 0x0, 0x3, 0x2, 0x2, 0x5, 0x2, 0x1, 0x80000001, 0x7, 0x0, 0x40, 0x5, 0x101, 0x8, 0x9, 0x334c230c, 0x6, 0x4, 0xfffffff9, 0x8, 0x3, 0xffff0000, 0x7, 0x2, 0xffffffff, 0x4, 0x3, 0x4, 0x4, 0x3f, 0x81, 0x3, 0x400, 0x4, 0x984, 0x1, 0x6, 0x7, 0x8001, 0x1ff, 0x2a3, 0x6d, 0x1, 0x10000, 0x5, 0x80000000, 0x1d01e, 0x1, 0x3, 0xfffffffb, 0x8, 0x63, 0x400, 0x5, 0x401, 0x4, 0xfff, 0x0, 0x9, 0x3, 0x8, 0xfffffff9, 0x2, 0x80000000, 0x3, 0xc, 0x1, 0xad, 0x100, 0x144, 0x2, 0xfffffffc, 0x2, 0x5, 0x0, 0x5, 0x9, 0x1, 0x4, 0x1000, 0x974, 0x5, 0x2, 0x8, 0x5, 0x88, 0x1000, 0x0, 0x1, 0x2, 0x5, 0x9, 0x0, 0x57a, 0x0, 0x0, 0x6, 0x9, 0x5c, 0x6, 0x9, 0xd22, 0x2, 0x7, 0x10, 0x8, 0xffffffff, 0x2149, 0xf, 0x26a02622, 0x7fff, 0x8, 0x8, 0x7ff, 0x5, 0x8, 0x81, 0x8, 0xff, 0x5, 0xfffffffa, 0x2, 0x2, 0xffff, 0xf, 0x5, 0x7, 0x5, 0x100, 0x1e06, 0xf, 0xdf2, 0x0, 0xbb, 0xfff, 0x400, 0x2, 0x80000000, 0x7, 0x8, 0xf9b, 0x8, 0x7ff, 0x7, 0x3ff, 0x630a, 0x5, 0xcff, 0x9, 0xb7, 0x1, 0xff, 0x4, 0x5, 0x10, 0x1, 0x92a, 0x3, 0x5, 0xd, 0x5, 0x101, 0x6, 0x7fff, 0x800, 0x3, 0x4, 0x0, 0x7f, 0x200, 0x20, 0x7, 0x1000000, 0x0, 0x7f, 0x53, 0x8, 0x8, 0x5, 0x2, 0xf, 0xd81c, 0x840, 0x1, 0x9, 0x2, 0x81, 0x9, 0x3, 0x5, 0x1000, 0x8, 0x47, 0x94, 0x7, 0x8, 0x8001, 0x56f71053, 0x1, 0x867, 0x3ff, 0x40, 0x6, 0x3, 0xfff, 0x5, 0x197, 0x9, 0x6, 0x5, 0x6, 0x7, 0x0, 0xffff, 0x3, 0x1ff, 0x400, 0x3, 0xd42, 0x9, 0x5, 0x1ff, 0x4, 0x9, 0xbec, 0x5, 0x7, 0x3, 0x5, 0x64000000, 0x2, 0x1e, 0x3a, 0x6, 0x5, 0x18000, 0x2, 0xffff, 0x9, 0x6, 0x9, 0x0, 0xe4f, 0x67c, 0x27b7, 0xe, 0x9, 0x9, 0x5, 0xd, 0x5, 0x7f, 0x76, 0x9, 0xc4fe, 0x9, 0x3, 0x4, 0x8, 0x87, 0x1, 0x4, 0x6, 0x40, 0x9, 0x8, 0x1, 0x6, 0x8, 0xc75e, 0x4, 0x6, 0x1b, 0xfd3, 0x2, 0x3, 0x9, 0x10, 0x4, 0x5d2f, 0x5, 0x1b, 0x3ff, 0x5, 0x8, 0x6, 0xc000000, 0x5c, 0x9, 0x541b, 0xce, 0x6, 0x4, 0x69f, 0x3, 0x5, 0x7, 0x4, 0x200, 0x7, 0x8, 0x2323, 0xfffffff7, 0xffff, 0x7ff, 0x4, 0xd, 0xffffff42, 0x89, 0x80000001, 0x3ff, 0x3, 0x554, 0xde, 0x0, 0x400, 0x3, 0x9, 0x800, 0x7cb3aca3, 0x6, 0x6, 0x4, 0xf8000000, 0x1, 0xfffffff9, 0x9, 0xffffffff, 0x0, 0x3, 0x10000, 0x4, 0x3, 0x8001, 0x8, 0xbb, 0x5, 0xf548, 0x3, 0x36c, 0xffffffff, 0x10, 0x676, 0xe67, 0x88, 0x808, 0x560, 0x6db5, 0xa7b, 0x2, 0x4, 0x9, 0x3, 0x4, 0xffffffff, 0x6, 0xed2, 0x24bdaad2, 0x9, 0x4, 0x3, 0x1, 0xd599, 0x2, 0x6c51, 0x2, 0x0, 0x0, 0x2, 0xfce6, 0xf, 0xcd0, 0x4, 0xf, 0x0, 0x9, 0x5, 0x200, 0x6, 0x5, 0x2, 0x7, 0x17, 0xc36, 0x0, 0x8fbb, 0x3, 0x5, 0x0, 0x8, 0x8, 0x1, 0x8, 0x1000001, 0x45d8, 0x9, 0x0, 0x60000, 0x7, 0x2, 0xfffffff1, 0x3, 0x2, 0xfffffd67, 0x2, 0x4, 0x5, 0x3, 0x800, 0x10, 0xa, 0xb12c, 0x5ce, 0x1, 0xfffffffd, 0xf9c8, 0x0, 0x80f4, 0x10000, 0x3, 0x8, 0x2, 0x7, 0x5, 0x8, 0x401, 0x7, 0x10, 0x0, 0x6b, 0x100, 0x8, 0x2, 0x2, 0x5273, 0xe45f, 0x10, 0x0, 0x8, 0x4, 0x7, 0x7, 0x6, 0x4, 0x8e8b, 0x5, 0x3, 0x7, 0x3, 0xe535, 0x80, 0x5, 0x6, 0x0, 0x3, 0xff, 0x7fffffff, 0x5, 0x1, 0xa, 0x4, 0x1, 0x31, 0x0, 0xee1, 0x10001, 0x3, 0xfffffffc, 0x4, 0x1, 0x6f9, 0x7, 0xb26c, 0xb, 0x0, 0xfffffff3, 0x8, 0x8, 0x3, 0x6, 0xfd, 0x3, 0x3d, 0x6, 0x80000001, 0x5, 0x7, 0x1, 0xffffffff, 0x6, 0x3d29, 0x4, 0x7, 0x8, 0xb04, 0x3, 0xea6, 0x9, 0x101, 0x4, 0x1400, 0xfffffeff, 0x7, 0x2, 0x4, 0x8, 0x7, 0xe, 0x2, 0xc, 0x2, 0x2, 0x64c1, 0x80000000, 0x200, 0x2, 0xfffffffd, 0x1, 0x91, 0x8001, 0x401, 0x781d, 0x80, 0xfffff5b0, 0x8, 0x3, 0x8, 0xfff, 0xcd800000, 0x9, 0x6, 0x0, 0x5b5, 0x7, 0x10, 0x2, 0x5, 0x10001, 0xc, 0x9e9, 0x53, 0xfffffdd5, 0xc, 0xc00, 0x40, 0x401, 0xf2a6, 0x7, 0x3, 0x2, 0x7, 0x3800000, 0x0, 0x3ff, 0x3, 0x7fffffff, 0x4, 0x0, 0x1, 0xf, 0x7, 0xa84d, 0x3, 0xaf, 0xaf72, 0x5f, 0x1, 0xe, 0x6, 0x9, 0x5, 0x7, 0x3, 0x5, 0x3, 0x40, 0x1000, 0x75f1, 0x4, 0x3, 0x1, 0xfffffffd, 0x4, 0x8, 0x10, 0x80, 0x2, 0x6, 0x0, 0xe, 0xc, 0x3, 0x2, 0xd, 0x5, 0xfffff3f2, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x101, 0x8, 0xbd, 0xa, 0x8, 0xffffed34, 0x8000, 0x2, 0x7, 0x7, 0x55f4727b, 0xd, 0x3b, 0x5, 0x8, 0xffffffff, 0x4, 0x81, 0x6, 0xb, 0x2, 0xa53, 0xff, 0x0, 0x2, 0x5, 0x3233, 0xff, 0x6, 0x2, 0x9, 0x1, 0x0, 0x3ff, 0x5, 0x8, 0x40, 0x0, 0x40, 0x88, 0x5, 0x80, 0x4, 0xd0000000, 0x8, 0x4, 0x5, 0x5, 0x7, 0x0, 0x0, 0x76b, 0xbb, 0x2, 0x5, 0x7fff, 0x9, 0xa, 0x5, 0x80, 0x4, 0x8, 0x8, 0x1f, 0x1, 0x3, 0x4, 0xd126, 0x7, 0x5, 0x0, 0x0, 0x8, 0x4, 0x1, 0x5, 0xfffffffa, 0x8, 0x270b, 0x5, 0x7fff, 0x4, 0x5, 0x6, 0x3, 0x4, 0x13f, 0x0, 0xc906, 0x6, 0x100, 0x4, 0x3, 0x3, 0x7f, 0x2b, 0x4, 0x3, 0x3, 0x8001, 0x46f, 0x19f1, 0x6, 0x20, 0x2, 0x2, 0x6, 0x5, 0x5, 0x401, 0x5, 0x6, 0x5, 0x7, 0xb, 0x200, 0x6, 0x9, 0x7, 0x3, 0x1, 0x7f, 0x9, 0xc3b, 0xfdf5, 0x0, 0x3, 0x0, 0xf, 0x1, 0x800, 0x4f35, 0x1, 0x18, 0x5, 0x0, 0x6, 0xaa5, 0x800, 0x9, 0x7, 0x800, 0x8, 0xfffffffb, 0xff, 0x5, 0x1000, 0x8, 0x81, 0x6, 0x80, 0x9, 0x8, 0x5, 0x8, 0x8, 0x100, 0x5, 0x10, 0x3, 0x7, 0x82, 0x4, 0x40, 0xabde, 0x1, 0xb, 0x8, 0x5, 0x8, 0x7f, 0x100, 0x8, 0x9, 0x6, 0x80000001, 0x2, 0x8, 0x2, 0x7fff, 0x3, 0x6, 0x4, 0x5, 0x3, 0x0, 0x1, 0x8, 0x59, 0x1, 0x0, 0x48, 0xaa19, 0xc, 0x401, 0x1, 0x401, 0x8, 0xc11, 0x4, 0x0, 0x7, 0x2, 0x7f, 0x0, 0x1, 0xc0000, 0x7, 0x4, 0xef47, 0x3, 0x1, 0x0, 0x2, 0x1, 0x0, 0xe14f, 0x5, 0x7, 0x8, 0x7fffffff, 0x7f, 0xffffffff, 0xffffff88, 0x400, 0x7fffffff, 0x10, 0x5, 0x9, 0x5, 0x0, 0xff, 0x0, 0x8, 0x3, 0x5, 0xfffffffc, 0x9, 0x11, 0x9, 0xfffffffe, 0x40, 0x3, 0x7, 0x0, 0x1, 0x2, 0x6, 0x81, 0x4, 0x401, 0x6, 0x5, 0x3, 0x0, 0xd, 0x6, 0xc, 0x2, 0x1, 0xfffffe5c, 0x40, 0x0, 0x9, 0x24, 0x1ff, 0x4, 0xe92, 0x5, 0x6e3, 0x4, 0xff, 0x0, 0xdf, 0x5, 0x7, 0x100, 0x3ac9, 0x10001, 0xae27, 0x80, 0x5, 0x7, 0x7fff, 0x0, 0xb, 0x4, 0x1, 0x1, 0x0, 0x9, 0x331d, 0x5, 0xb9, 0x7, 0x4, 0x4, 0x9, 0x6cf3, 0x8, 0x7, 0xf, 0x9, 0x9, 0xffff, 0x8000, 0x1, 0x2, 0x2, 0xdc0, 0x5, 0x100, 0x9, 0x1, 0xfffffff8, 0x800, 0x3, 0x0, 0x9, 0x644d, 0x93, 0xb0, 0x2, 0x3ff, 0x800, 0xfffffff7, 0x2, 0x0, 0xff]}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000dc0)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000d40), 0x21800, r5}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r5}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) semop(0x0, 0x0, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xe, &(0x7f0000000000), 0x4) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r1, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x11}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x3, 'bond_slave_0\x00', {0x53}}) syz_open_procfs(0x0, &(0x7f00000042c0)='net/ptype\x00') 134.723739ms ago: executing program 2 (id=92): bind$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) sendmsg$can_bcm(r4, 0x0, 0x20000000) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800) recvmmsg(r3, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000000440)=""/128, 0x80}], 0x2, &(0x7f00000004c0)=""/193, 0xc1}, 0x7f}, {{&(0x7f00000005c0)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {0x0}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x2, 0x40012100, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendto$inet6(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x6, 0x0, 0x6}, {0x6, 0x0, 0x0, 0xb}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}, {0x56}}], {{0x4, 0x1, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) 0s ago: executing program 1 (id=93): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x14, r1, 0xe701ac47a3d23ecd}, 0x14}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf9385", 0xa2}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040), 0x109102, 0x0) writev(r3, &(0x7f0000000100)=[{&(0x7f0000000080)}, {0x0}], 0x2) writev(r3, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x58, 0x91, 0x8000000000000000) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x55, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x1}) ioctl$KVM_RUN(r4, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. [ 56.176142][ T30] audit: type=1400 audit(1768397345.461:62): avc: denied { mounton } for pid=5799 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 56.199870][ T30] audit: type=1400 audit(1768397345.481:63): avc: denied { mount } for pid=5799 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 56.202310][ T5799] cgroup: Unknown subsys name 'net' [ 56.228553][ T30] audit: type=1400 audit(1768397345.511:64): avc: denied { unmount } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 56.373023][ T5799] cgroup: Unknown subsys name 'cpuset' [ 56.380673][ T5799] cgroup: Unknown subsys name 'rlimit' [ 56.519625][ T30] audit: type=1400 audit(1768397345.801:65): avc: denied { setattr } for pid=5799 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 56.551811][ T30] audit: type=1400 audit(1768397345.801:66): avc: denied { create } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.582928][ T30] audit: type=1400 audit(1768397345.811:67): avc: denied { write } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.603569][ T30] audit: type=1400 audit(1768397345.811:68): avc: denied { read } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.617483][ T5801] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 56.624009][ T30] audit: type=1400 audit(1768397345.821:69): avc: denied { mounton } for pid=5799 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 56.657327][ T30] audit: type=1400 audit(1768397345.821:70): avc: denied { mount } for pid=5799 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 56.680966][ T30] audit: type=1400 audit(1768397345.921:71): avc: denied { relabelto } for pid=5801 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 57.613381][ T5799] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.458252][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.459200][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.465832][ T5824] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.473372][ T5823] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.480093][ T5824] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 59.488814][ T5823] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.494691][ T5824] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.501401][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.510877][ T5824] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 59.520932][ T5825] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.522082][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.530181][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.543224][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.543615][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.550478][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.557736][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 59.571688][ T5825] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.579583][ T5823] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.580321][ T5824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.588640][ T5823] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.594294][ T5824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.600884][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 59.613736][ T5824] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.621672][ T5825] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.651874][ T5825] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.071280][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 60.096590][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 60.117685][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 60.234031][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 60.247073][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 60.321049][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.328913][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.336374][ T5810] bridge_slave_0: entered allmulticast mode [ 60.343944][ T5810] bridge_slave_0: entered promiscuous mode [ 60.364999][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.372116][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.379177][ T5813] bridge_slave_0: entered allmulticast mode [ 60.386178][ T5813] bridge_slave_0: entered promiscuous mode [ 60.399257][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.406382][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.413528][ T5810] bridge_slave_1: entered allmulticast mode [ 60.420196][ T5810] bridge_slave_1: entered promiscuous mode [ 60.437524][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.444615][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.451884][ T5813] bridge_slave_1: entered allmulticast mode [ 60.458442][ T5813] bridge_slave_1: entered promiscuous mode [ 60.477979][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.485172][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.492362][ T5812] bridge_slave_0: entered allmulticast mode [ 60.498932][ T5812] bridge_slave_0: entered promiscuous mode [ 60.529165][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.536346][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.543468][ T5812] bridge_slave_1: entered allmulticast mode [ 60.550018][ T5812] bridge_slave_1: entered promiscuous mode [ 60.572362][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.596756][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.606145][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.613481][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.620678][ T5811] bridge_slave_0: entered allmulticast mode [ 60.627216][ T5811] bridge_slave_0: entered promiscuous mode [ 60.635368][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.659967][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.669138][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.676392][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.683509][ T5811] bridge_slave_1: entered allmulticast mode [ 60.690073][ T5811] bridge_slave_1: entered promiscuous mode [ 60.703559][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.710912][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.718397][ T5809] bridge_slave_0: entered allmulticast mode [ 60.725143][ T5809] bridge_slave_0: entered promiscuous mode [ 60.733440][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.770326][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.777410][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.785153][ T5809] bridge_slave_1: entered allmulticast mode [ 60.792393][ T5809] bridge_slave_1: entered promiscuous mode [ 60.800174][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.810881][ T5813] team0: Port device team_slave_0 added [ 60.824759][ T5810] team0: Port device team_slave_0 added [ 60.844916][ T5813] team0: Port device team_slave_1 added [ 60.852122][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.862577][ T5810] team0: Port device team_slave_1 added [ 60.889850][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.906989][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.917546][ T5812] team0: Port device team_slave_0 added [ 60.945804][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.955921][ T5812] team0: Port device team_slave_1 added [ 60.962446][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.969364][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.995649][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.014573][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.021535][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.047898][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.077460][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.084597][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.110594][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.122254][ T5811] team0: Port device team_slave_0 added [ 61.128231][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.135194][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.161429][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.191110][ T5811] team0: Port device team_slave_1 added [ 61.201984][ T5809] team0: Port device team_slave_0 added [ 61.208831][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.215919][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.242118][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.262797][ T5809] team0: Port device team_slave_1 added [ 61.268776][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.275845][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.302127][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.344749][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.351875][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.378322][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.410521][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.417464][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.443506][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.457906][ T5810] hsr_slave_0: entered promiscuous mode [ 61.464887][ T5810] hsr_slave_1: entered promiscuous mode [ 61.472885][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.479810][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.505875][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.519776][ T5813] hsr_slave_0: entered promiscuous mode [ 61.526125][ T5813] hsr_slave_1: entered promiscuous mode [ 61.532099][ T5813] debugfs: 'hsr0' already exists in 'hsr' [ 61.537845][ T5813] Cannot create hsr debugfs directory [ 61.561125][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.568068][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.594000][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.624155][ T5825] Bluetooth: hci1: command tx timeout [ 61.642631][ T5812] hsr_slave_0: entered promiscuous mode [ 61.648646][ T5812] hsr_slave_1: entered promiscuous mode [ 61.654837][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 61.660903][ T5812] Cannot create hsr debugfs directory [ 61.700435][ T51] Bluetooth: hci2: command tx timeout [ 61.700761][ T5821] Bluetooth: hci4: command tx timeout [ 61.707521][ T5825] Bluetooth: hci3: command tx timeout [ 61.711871][ T5820] Bluetooth: hci0: command tx timeout [ 61.741648][ T5811] hsr_slave_0: entered promiscuous mode [ 61.747618][ T5811] hsr_slave_1: entered promiscuous mode [ 61.754066][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 61.759773][ T5811] Cannot create hsr debugfs directory [ 61.768609][ T5809] hsr_slave_0: entered promiscuous mode [ 61.774867][ T5809] hsr_slave_1: entered promiscuous mode [ 61.781111][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 61.786828][ T5809] Cannot create hsr debugfs directory [ 62.079956][ T5810] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.093245][ T5810] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.107977][ T5810] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.122432][ T5810] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.157173][ T5813] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.171616][ T5813] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.182801][ T5813] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.194351][ T5813] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.246736][ T5812] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.257864][ T5812] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.267184][ T5812] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.281654][ T5812] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.353043][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.364299][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.373936][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.389629][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.456877][ T5809] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.467093][ T5809] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.482325][ T5809] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.492863][ T5809] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.506383][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.546937][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.577640][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.589918][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.609396][ T1358] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.616623][ T1358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.628031][ T1358] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.635107][ T1358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.654024][ T1358] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.661135][ T1358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.669770][ T1358] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.676829][ T1358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.721107][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.769261][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.777669][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.802054][ T3487] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.809110][ T3487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.847039][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 62.847053][ T30] audit: type=1400 audit(1768397352.131:84): avc: denied { sys_module } for pid=5810 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 62.849854][ T4280] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.882376][ T4280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.920026][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.946560][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.968377][ T4280] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.975517][ T4280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.008254][ T2903] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.015390][ T2903] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.035067][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.064674][ T2903] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.071815][ T2903] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.102976][ T3487] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.110088][ T3487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.125327][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.201606][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.244478][ T5809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.377940][ T5813] veth0_vlan: entered promiscuous mode [ 63.409122][ T5813] veth1_vlan: entered promiscuous mode [ 63.447823][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.495636][ T5813] veth0_macvtap: entered promiscuous mode [ 63.535820][ T5813] veth1_macvtap: entered promiscuous mode [ 63.571296][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.606624][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.632308][ T4347] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.641467][ T4347] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.655429][ T5812] veth0_vlan: entered promiscuous mode [ 63.663191][ T4347] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.673541][ T4347] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.696704][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.703733][ T5820] Bluetooth: hci1: command tx timeout [ 63.721723][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.729818][ T5812] veth1_vlan: entered promiscuous mode [ 63.781150][ T5821] Bluetooth: hci2: command tx timeout [ 63.786598][ T5820] Bluetooth: hci3: command tx timeout [ 63.792326][ T5820] Bluetooth: hci0: command tx timeout [ 63.797690][ T5820] Bluetooth: hci4: command tx timeout [ 63.811559][ T4347] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.821854][ T4347] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.862521][ T5810] veth0_vlan: entered promiscuous mode [ 63.878050][ T5812] veth0_macvtap: entered promiscuous mode [ 63.894031][ T4347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.895600][ T5812] veth1_macvtap: entered promiscuous mode [ 63.902073][ T4347] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.919794][ T5810] veth1_vlan: entered promiscuous mode [ 63.930129][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.947497][ T30] audit: type=1400 audit(1768397353.231:85): avc: denied { mounton } for pid=5813 comm="syz-executor" path="/root/syzkaller.quJVko/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 63.974362][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.981924][ T30] audit: type=1400 audit(1768397353.231:86): avc: denied { mount } for pid=5813 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 64.003944][ T30] audit: type=1400 audit(1768397353.231:87): avc: denied { mounton } for pid=5813 comm="syz-executor" path="/root/syzkaller.quJVko/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 64.031278][ T30] audit: type=1400 audit(1768397353.241:88): avc: denied { mount } for pid=5813 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 64.032690][ T5809] veth0_vlan: entered promiscuous mode [ 64.053431][ T30] audit: type=1400 audit(1768397353.241:89): avc: denied { mounton } for pid=5813 comm="syz-executor" path="/root/syzkaller.quJVko/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 64.065036][ T5809] veth1_vlan: entered promiscuous mode [ 64.097714][ T5813] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 64.112628][ T5809] veth0_macvtap: entered promiscuous mode [ 64.115341][ T5809] veth1_macvtap: entered promiscuous mode [ 64.124389][ T30] audit: type=1400 audit(1768397353.241:90): avc: denied { mounton } for pid=5813 comm="syz-executor" path="/root/syzkaller.quJVko/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 64.155883][ T30] audit: type=1400 audit(1768397353.241:91): avc: denied { unmount } for pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 64.162104][ T5811] veth0_vlan: entered promiscuous mode [ 64.182300][ T30] audit: type=1400 audit(1768397353.291:92): avc: denied { mounton } for pid=5813 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 64.206995][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.217807][ T30] audit: type=1400 audit(1768397353.291:93): avc: denied { mount } for pid=5813 comm="syz-executor" name="/" dev="gadgetfs" ino=7253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 64.254382][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.274538][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.290034][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.315027][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.339226][ T5810] veth0_macvtap: entered promiscuous mode [ 64.370502][ T5811] veth1_vlan: entered promiscuous mode [ 64.483785][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 64.649080][ T5925] SELinux: failed to load policy [ 64.790958][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 65.264174][ T5924] syz.0.1 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=3, oom_score_adj=1000 [ 65.274743][ T5924] CPU: 1 UID: 0 PID: 5924 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 65.274757][ T5924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 65.274763][ T5924] Call Trace: [ 65.274767][ T5924] [ 65.274771][ T5924] dump_stack_lvl+0x16c/0x1f0 [ 65.274790][ T5924] dump_header+0x101/0x960 [ 65.274808][ T5924] oom_kill_process+0x176/0x910 [ 65.274825][ T5924] out_of_memory+0x350/0x1700 [ 65.274841][ T5924] ? __lock_acquire+0x436/0x2890 [ 65.274855][ T5924] ? __pfx_out_of_memory+0x10/0x10 [ 65.274874][ T5924] mem_cgroup_out_of_memory+0x118/0x130 [ 65.274885][ T5924] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 65.274898][ T5924] ? do_raw_spin_unlock+0x172/0x230 [ 65.274913][ T5924] try_charge_memcg+0x695/0xd30 [ 65.274929][ T5924] ? __pfx_try_charge_memcg+0x10/0x10 [ 65.274942][ T5924] ? memory_min_write+0xa1/0xe0 [ 65.274959][ T5924] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 65.274971][ T5924] obj_cgroup_charge_account+0x336/0x670 [ 65.274987][ T5924] __memcg_slab_post_alloc_hook+0x2e3/0x880 [ 65.275005][ T5924] __kmalloc_node_track_caller_noprof+0x6e3/0x930 [ 65.275019][ T5924] ? copy_array.constprop.0+0x93/0x120 [ 65.275034][ T5924] ? krealloc_node_align_noprof+0x2ea/0x3d0 [ 65.275045][ T5924] krealloc_node_align_noprof+0x2ea/0x3d0 [ 65.275059][ T5924] copy_array.constprop.0+0x93/0x120 [ 65.275072][ T5924] copy_verifier_state+0xaf6/0x1030 [ 65.275086][ T5924] ? kasan_save_track+0x14/0x30 [ 65.275099][ T5924] do_check_common+0x5859/0xc640 [ 65.275120][ T5924] ? kprobe_prog_func_proto+0x270/0x270 [ 65.275134][ T5924] ? __pfx_do_check_common+0x10/0x10 [ 65.275152][ T5924] bpf_check+0x8b63/0xcb70 [ 65.275172][ T5924] ? __pfx_bpf_check+0x10/0x10 [ 65.275184][ T5924] ? rcu_is_watching+0x12/0xc0 [ 65.275194][ T5924] ? trace_kmalloc+0x2b/0xb0 [ 65.275206][ T5924] ? __kmalloc_noprof+0x35d/0x910 [ 65.275221][ T5924] ? lsm_blob_alloc+0x68/0x90 [ 65.275233][ T5924] ? lsm_blob_alloc+0x68/0x90 [ 65.275241][ T5924] ? __asan_memset+0x23/0x50 [ 65.275249][ T5924] ? selinux_bpf_prog_load+0x67/0x170 [ 65.275264][ T5924] ? bpf_lsm_bpf_prog_load+0x9/0x10 [ 65.275278][ T5924] bpf_prog_load+0x114e/0x2cc0 [ 65.275295][ T5924] ? __pfx_bpf_prog_load+0x10/0x10 [ 65.275309][ T5924] ? avc_has_perm_noaudit+0x306/0x3b0 [ 65.275320][ T5924] ? avc_has_perm+0x1c0/0x1f0 [ 65.275328][ T5924] ? avc_has_perm+0x144/0x1f0 [ 65.275343][ T5924] ? selinux_bpf+0xdd/0x130 [ 65.275352][ T5924] ? bpf_lsm_bpf+0x9/0x10 [ 65.275363][ T5924] __sys_bpf+0x3e72/0x4980 [ 65.275376][ T5924] ? futex_private_hash_put+0x160/0x1b0 [ 65.275391][ T5924] ? __pfx___sys_bpf+0x10/0x10 [ 65.275404][ T5924] ? __pfx_futex_wait+0x10/0x10 [ 65.275416][ T5924] ? vfs_read+0x487/0xcf0 [ 65.275427][ T5924] ? vfs_read+0x23b/0xcf0 [ 65.275441][ T5924] ? do_futex+0x122/0x350 [ 65.275461][ T5924] ? fput+0x70/0xf0 [ 65.275470][ T5924] ? xfd_validate_state+0x61/0x180 [ 65.275480][ T5924] ? __pfx_ksys_read+0x10/0x10 [ 65.275494][ T5924] __x64_sys_bpf+0x78/0xc0 [ 65.275507][ T5924] ? lockdep_hardirqs_on+0x7c/0x110 [ 65.275521][ T5924] do_syscall_64+0xcd/0xf80 [ 65.275535][ T5924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.275545][ T5924] RIP: 0033:0x7f2f62d8f749 [ 65.275553][ T5924] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.275562][ T5924] RSP: 002b:00007f2f60ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 65.275572][ T5924] RAX: ffffffffffffffda RBX: 00007f2f62fe5fa0 RCX: 00007f2f62d8f749 [ 65.275578][ T5924] RDX: 0000000000000094 RSI: 0000200000000840 RDI: 0000000000000005 [ 65.275584][ T5924] RBP: 00007f2f62e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 65.275590][ T5924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.275595][ T5924] R13: 00007f2f62fe6038 R14: 00007f2f62fe5fa0 R15: 00007ffc0c45efe8 [ 65.275608][ T5924] [ 65.275612][ T5924] memory: usage 307196kB, limit 307200kB, failcnt 100 [ 65.686170][ T5924] memory+swap: usage 307372kB, limit 9007199254740988kB, failcnt 0 [ 65.694123][ T5924] kmem: usage 306964kB, limit 9007199254740988kB, failcnt 0 [ 65.694133][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 65.709621][ T5924] Memory cgroup stats for /syz0: [ 65.709774][ T5924] cache 36864 [ 65.718405][ T5924] rss 28672 [ 65.721520][ T5924] rss_huge 0 [ 65.724707][ T5924] shmem 0 [ 65.727616][ T5924] mapped_file 36864 [ 65.731856][ T5924] dirty 36864 [ 65.735113][ T5924] writeback 0 [ 65.738363][ T5924] workingset_refault_anon 0 [ 65.742840][ T5924] workingset_refault_file 0 [ 65.747306][ T5924] swap 278528 [ 65.750565][ T5924] swapcached 0 [ 65.753903][ T5924] pgpgin 331 [ 65.757065][ T5924] pgpgout 315 [ 65.760333][ T5924] pgfault 153 [ 65.763585][ T5924] pgmajfault 2 [ 65.766922][ T5924] inactive_anon 0 [ 65.770976][ T5924] active_anon 28672 [ 65.774763][ T5924] inactive_file 36864 [ 65.778706][ T5924] active_file 0 [ 65.784289][ T5820] Bluetooth: hci1: command tx timeout [ 65.797558][ T5925] batadv_slave_1: entered promiscuous mode [ 65.807934][ T5924] unevictable 0 [ 65.811540][ T5924] hierarchical_memory_limit 314572800 [ 65.817072][ T5924] hierarchical_memsw_limit 9223372036854771712 [ 65.823286][ T5924] total_cache 36864 [ 65.827060][ T5924] total_rss 28672 [ 65.830781][ T5924] total_rss_huge 0 [ 65.834938][ T5924] total_shmem 0 [ 65.838397][ T5924] total_mapped_file 36864 [ 65.842750][ T5924] total_dirty 36864 [ 65.846987][ T5924] total_writeback 0 [ 65.850797][ T5924] total_workingset_refault_anon 0 [ 65.855784][ T5924] total_workingset_refault_file 0 [ 65.860794][ T5924] total_swap 278528 [ 65.864567][ T5924] total_swapcached 0 [ 65.868424][ T5924] total_pgpgin 331 [ 65.872119][ T5924] total_pgpgout 315 [ 65.875890][ T5924] total_pgfault 153 [ 65.879659][ T5924] total_pgmajfault 2 [ 65.883588][ T5924] total_inactive_anon 0 [ 65.887708][ T5924] total_active_anon 28672 [ 65.892016][ T5924] total_inactive_file 36864 [ 65.896487][ T5924] total_active_file 0 [ 65.900445][ T5924] total_unevictable 0 [ 65.904389][ T5924] anon_cost 0 [ 65.907638][ T5924] file_cost 0 [ 65.910947][ T5924] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.1,pid=5922,uid=0 [ 65.925579][ T5924] Memory cgroup out of memory: Killed process 5924 (syz.0.1) total-vm:106460kB, anon-rss:1136kB, file-rss:27304kB, shmem-rss:0kB, UID:0 pgtables:140kB oom_score_adj:1000 [ 66.220555][ T5924] syz.0.1 (5924) used greatest stack depth: 19800 bytes left [ 66.234780][ T5820] Bluetooth: hci4: command tx timeout [ 66.234812][ T51] Bluetooth: hci0: command tx timeout [ 66.247514][ T5821] Bluetooth: hci2: command tx timeout [ 66.253178][ T5825] Bluetooth: hci3: command tx timeout [ 66.434790][ T5928] batadv_slave_1: left promiscuous mode [ 66.441396][ T5810] veth1_macvtap: entered promiscuous mode [ 66.472554][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.510339][ T3487] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.529879][ T3487] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.538878][ T3487] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.549583][ T3487] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.549653][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.579086][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.607196][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.615652][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.724527][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.735208][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.761898][ T3487] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.771723][ T3487] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.781734][ T3487] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.792442][ T3487] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.331894][ T5811] veth0_macvtap: entered promiscuous mode [ 67.350051][ T5811] veth1_macvtap: entered promiscuous mode [ 67.476029][ T205] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.502124][ T205] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.555407][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.566146][ T1010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.579869][ T1010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.592929][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.643787][ T1010] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.715059][ T1010] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.752015][ T205] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.765508][ T205] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.779141][ T1010] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.789353][ T5880] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 67.836431][ T1010] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.858235][ T3013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.866143][ T5821] Bluetooth: hci1: command tx timeout [ 67.875974][ T3013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.892459][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 67.892472][ T30] audit: type=1400 audit(1768397357.181:122): avc: denied { mount } for pid=5950 comm="syz.2.3" name="/" dev="ramfs" ino=8018 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 68.030640][ T24] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 68.122806][ T30] audit: type=1400 audit(1768397357.291:123): avc: denied { create } for pid=5950 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.191732][ T5880] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 68.200557][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 68.234835][ T5880] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 68.241843][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.244064][ T5880] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 68.273657][ T24] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 68.274252][ T30] audit: type=1400 audit(1768397357.371:124): avc: denied { setopt } for pid=5950 comm="syz.2.3" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.286244][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.303629][ T5821] Bluetooth: hci4: command tx timeout [ 68.316441][ T5821] Bluetooth: hci3: command tx timeout [ 68.322209][ T5821] Bluetooth: hci0: command tx timeout [ 68.336339][ T5880] usb 1-1: Manufacturer: syz [ 68.339961][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.344866][ T5880] usb 1-1: config 0 descriptor?? [ 68.350662][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.368721][ T5825] Bluetooth: hci2: command tx timeout [ 68.412871][ T24] usb 4-1: config 0 descriptor?? [ 68.427815][ T30] audit: type=1400 audit(1768397357.371:125): avc: denied { connect } for pid=5950 comm="syz.2.3" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.432717][ T24] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 68.527712][ T1010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.538864][ T30] audit: type=1400 audit(1768397357.401:126): avc: denied { write } for pid=5950 comm="syz.2.3" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.560327][ T5880] rc_core: IR keymap rc-hauppauge not found [ 68.566220][ T5880] Registered IR keymap rc-empty [ 68.577525][ T1010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.593919][ T5880] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 68.607120][ T5880] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5 [ 68.687175][ T5921] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 68.727358][ T30] audit: type=1400 audit(1768397358.011:127): avc: denied { create } for pid=5948 comm="syz.3.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 69.225144][ T5921] usb 3-1: Using ep0 maxpacket: 32 [ 69.281643][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 69.290274][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 69.360357][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 69.399508][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 69.450653][ T30] audit: type=1400 audit(1768397358.141:128): avc: denied { name_bind } for pid=5956 comm="syz.4.5" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 69.502439][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 69.590656][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 69.824246][ T30] audit: type=1400 audit(1768397358.141:129): avc: denied { node_bind } for pid=5956 comm="syz.4.5" saddr=255.255.255.255 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 69.848846][ T5921] usb 3-1: config 0 has an invalid interface number: 191 but max is 0 [ 69.861831][ T5921] usb 3-1: config 0 has no interface number 0 [ 69.877605][ T5921] usb 3-1: config 0 interface 191 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24 [ 69.936346][ T5968] netlink: 64 bytes leftover after parsing attributes in process `syz.4.9'. [ 69.952428][ C0] igorplugusb 1-1:0.0: receive overflow, at least 24 lost [ 69.975473][ T30] audit: type=1400 audit(1768397358.561:130): avc: denied { write } for pid=5956 comm="syz.4.5" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 69.981894][ T5921] usb 3-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 70.028926][ T30] audit: type=1400 audit(1768397358.561:131): avc: denied { open } for pid=5956 comm="syz.4.5" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 70.040265][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.168134][ T5944] usb 1-1: USB disconnect, device number 2 [ 70.231001][ T24] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 70.247852][ T24] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 70.257940][ T5921] usb 3-1: Product: syz [ 70.266696][ T5921] usb 3-1: Manufacturer: syz [ 70.309970][ T5921] usb 3-1: SerialNumber: syz [ 70.758255][ T5921] usb 3-1: config 0 descriptor?? [ 70.763719][ T24] usb 4-1: USB disconnect, device number 2 [ 70.806549][ T5954] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 70.883957][ T5921] asix 3-1:0.191: probe with driver asix failed with error -71 [ 70.912678][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.980038][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.002111][ T5921] usb 3-1: USB disconnect, device number 2 [ 71.672638][ T5996] netlink: 68 bytes leftover after parsing attributes in process `syz.2.13'. [ 72.096401][ T5995] netlink: 40 bytes leftover after parsing attributes in process `syz.1.12'. [ 73.886273][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 73.890294][ T30] audit: type=1400 audit(1768397363.171:140): avc: denied { read write } for pid=6012 comm="syz.3.20" name="video0" dev="devtmpfs" ino=930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 74.016578][ T6016] dvmrp6: entered allmulticast mode [ 74.059188][ T30] audit: type=1400 audit(1768397363.171:141): avc: denied { open } for pid=6012 comm="syz.3.20" path="/dev/video0" dev="devtmpfs" ino=930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 74.238271][ T30] audit: type=1400 audit(1768397363.261:142): avc: denied { ioctl } for pid=6012 comm="syz.3.20" path="/dev/video0" dev="devtmpfs" ino=930 ioctlcmd=0x5668 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 74.475461][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 74.685774][ T30] audit: type=1400 audit(1768397363.281:143): avc: denied { read write } for pid=6011 comm="syz.0.19" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 74.801505][ T30] audit: type=1400 audit(1768397363.281:144): avc: denied { open } for pid=6011 comm="syz.0.19" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 74.845670][ T30] audit: type=1400 audit(1768397363.281:145): avc: denied { create } for pid=6011 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 74.868452][ T30] audit: type=1400 audit(1768397363.281:146): avc: denied { write } for pid=6011 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 74.893290][ T30] audit: type=1400 audit(1768397363.281:147): avc: denied { nlmsg_write } for pid=6011 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 74.913987][ T30] audit: type=1400 audit(1768397363.291:148): avc: denied { create } for pid=6011 comm="syz.0.19" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 74.956527][ T9] usb 3-1: config 0 interface 0 altsetting 14 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.999207][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 75.010116][ T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00 [ 75.023036][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.050362][ T30] audit: type=1400 audit(1768397363.291:149): avc: denied { ioctl } for pid=6011 comm="syz.0.19" path="socket:[9249]" dev="sockfs" ino=9249 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 75.105146][ T9] usb 3-1: config 0 descriptor?? [ 75.168204][ T6035] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 76.129003][ T89] cfg80211: failed to load regulatory.db [ 77.146189][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 77.146770][ T5825] block nbd1: Receive control failed (result -32) [ 77.163089][ T6053] block nbd1: shutting down sockets [ 77.778514][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 77.841001][ T9] usb 3-1: USB disconnect, device number 3 [ 78.189740][ T6065] syz.2.31 uses obsolete (PF_INET,SOCK_PACKET) [ 79.464769][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 79.464784][ T30] audit: type=1400 audit(1768397368.751:178): avc: denied { read } for pid=6072 comm="syz.1.36" name="binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 79.548370][ T30] audit: type=1400 audit(1768397368.751:179): avc: denied { open } for pid=6072 comm="syz.1.36" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 79.608378][ T30] audit: type=1400 audit(1768397368.761:180): avc: denied { ioctl } for pid=6072 comm="syz.1.36" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 79.704596][ T30] audit: type=1400 audit(1768397368.761:181): avc: denied { set_context_mgr } for pid=6072 comm="syz.1.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 79.726362][ T6078] tipc: Started in network mode [ 79.746661][ T6078] tipc: Node identity 62123c8c1913, cluster identity 4711 [ 79.755811][ T6078] tipc: Enabled bearer , priority 0 [ 79.764797][ T30] audit: type=1400 audit(1768397368.771:182): avc: denied { map } for pid=6072 comm="syz.1.36" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 79.803106][ T6082] syzkaller0: entered promiscuous mode [ 79.817451][ T6082] syzkaller0: entered allmulticast mode [ 79.859440][ T30] audit: type=1400 audit(1768397368.771:183): avc: denied { call } for pid=6072 comm="syz.1.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 79.933143][ T30] audit: type=1400 audit(1768397368.771:184): avc: denied { transfer } for pid=6072 comm="syz.1.36" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 80.143826][ T6083] tipc: Resetting bearer [ 80.144369][ T30] audit: type=1400 audit(1768397369.081:185): avc: denied { map } for pid=6079 comm="syz.3.38" path="socket:[9523]" dev="sockfs" ino=9523 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 80.187330][ T30] audit: type=1400 audit(1768397369.091:186): avc: denied { read } for pid=6079 comm="syz.3.38" path="socket:[9523]" dev="sockfs" ino=9523 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 80.234333][ T6077] tipc: Resetting bearer [ 80.427767][ T6089] Zero length message leads to an empty skb [ 81.667354][ T6077] tipc: Disabling bearer [ 82.287782][ T5893] tipc: Node number set to 2063678604 [ 82.660406][ T5893] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 83.461463][ T6117] netlink: 24 bytes leftover after parsing attributes in process `syz.3.46'. [ 83.626210][ T30] audit: type=1400 audit(1768397372.001:187): avc: denied { node_bind } for pid=6099 comm="syz.0.42" saddr=255.255.255.255 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 83.707523][ T5893] usb 3-1: config 0 interface 0 altsetting 14 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.718680][ T5893] usb 3-1: config 0 interface 0 has no altsetting 0 [ 83.726325][ T5893] usb 3-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00 [ 83.781648][ T9] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 83.839699][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.872204][ T5893] usb 3-1: config 0 descriptor?? [ 84.125266][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 84.199935][ T9] usb 5-1: config 0 has no interfaces? [ 84.210962][ T9] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 84.234987][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.262133][ T9] usb 5-1: config 0 descriptor?? [ 84.520327][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 84.540803][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 84.680305][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 84.691961][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 84.697195][ T89] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 84.708618][ T9] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 84.719339][ T10] usb 4-1: config 0 has an invalid descriptor of length 235, skipping remainder of the config [ 84.735622][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 84.747242][ T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 84.758264][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 84.778823][ T10] usb 4-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 84.788686][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 84.802575][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.815240][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 84.831087][ T10] usb 4-1: config 0 descriptor?? [ 84.874222][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 84.890444][ T89] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 84.901049][ T89] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.910107][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 84.920172][ T89] usb 2-1: config 0 descriptor?? [ 84.925370][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.936628][ T89] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 85.138278][ T30] audit: type=1400 audit(1768397374.421:188): avc: denied { create } for pid=6134 comm="syz.1.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 85.206532][ T9] usb 1-1: usb_control_msg returned -32 [ 85.229074][ T9] usbtmc 1-1:16.0: can't read capabilities [ 85.567622][ T30] audit: type=1400 audit(1768397374.851:189): avc: denied { write } for pid=6130 comm="syz.0.49" name="usbtmc0" dev="devtmpfs" ino=2809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 85.587032][ C1] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 85.602059][ T6141] usbtmc 1-1:16.0: Unable to send data, error -71 [ 85.637970][ T89] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 85.652710][ T9] usb 5-1: USB disconnect, device number 2 [ 85.663479][ T89] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 85.879621][ T9] usb 2-1: USB disconnect, device number 2 [ 85.975253][ T5893] usbhid 3-1:0.0: can't add hid device: -71 [ 86.049812][ T5893] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 86.068057][ T5893] usb 3-1: USB disconnect, device number 4 [ 88.140550][ T89] usb 1-1: USB disconnect, device number 3 [ 88.192864][ T10] usb 4-1: USB disconnect, device number 3 [ 89.202008][ T6170] netlink: 24 bytes leftover after parsing attributes in process `syz.1.58'. [ 90.087342][ T30] audit: type=1400 audit(1768397379.041:190): avc: denied { create } for pid=6174 comm="syz.4.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 90.164352][ T30] audit: type=1400 audit(1768397379.041:191): avc: denied { setopt } for pid=6174 comm="syz.4.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 90.235764][ T6177] 9p: Bad value for 'rfdno' [ 90.496857][ T30] audit: type=1400 audit(1768397379.071:192): avc: denied { bind } for pid=6174 comm="syz.4.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 90.523403][ T30] audit: type=1400 audit(1768397379.471:193): avc: denied { read write } for pid=6168 comm="syz.0.59" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 90.620208][ T30] audit: type=1400 audit(1768397379.481:194): avc: denied { open } for pid=6168 comm="syz.0.59" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 90.678155][ T30] audit: type=1400 audit(1768397379.521:195): avc: denied { mounton } for pid=6168 comm="syz.0.59" path="/11" dev="tmpfs" ino=70 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 90.800293][ T1203] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 91.077242][ T1203] usb 5-1: config 0 interface 0 altsetting 14 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.180708][ T1203] usb 5-1: config 0 interface 0 has no altsetting 0 [ 91.248570][ T1203] usb 5-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00 [ 91.339817][ T1203] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.669015][ T1203] usb 5-1: config 0 descriptor?? [ 92.010504][ T5893] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 92.311854][ T5893] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 92.322168][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.678904][ T5893] usb 1-1: config 0 descriptor?? [ 92.738259][ T5893] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 93.584979][ T5893] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 93.620028][ T5893] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 93.713067][ T1203] usbhid 5-1:0.0: can't add hid device: -71 [ 93.730332][ T1203] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 93.795436][ T5866] usb 1-1: USB disconnect, device number 4 [ 94.757990][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 95.951636][ T10] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 95.960790][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.980653][ T10] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 95.989690][ T10] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 95.995643][ T1203] usb 5-1: USB disconnect, device number 3 [ 96.132342][ T10] usb 2-1: Manufacturer: syz [ 96.138883][ T10] usb 2-1: config 0 descriptor?? [ 96.271433][ T10] rc_core: IR keymap rc-hauppauge not found [ 96.277321][ T10] Registered IR keymap rc-empty [ 96.317041][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 96.335254][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input6 [ 96.341986][ T30] audit: type=1400 audit(1768397385.621:196): avc: denied { ioctl } for pid=6231 comm="syz.2.74" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 96.391259][ T6232] 9p: Bad value for 'rfdno' [ 96.623108][ C0] igorplugusb 2-1:0.0: receive overflow, at least 24 lost [ 96.660018][ T30] audit: type=1400 audit(1768397385.921:197): avc: denied { create } for pid=6239 comm="syz.3.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 96.897743][ T5964] usb 2-1: USB disconnect, device number 3 [ 96.933754][ T6244] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 96.950828][ T6244] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 97.005848][ T6246] kvm: pic: non byte write [ 100.570291][ T5952] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 100.850648][ T5947] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 100.892001][ T5952] usb 4-1: config 0 interface 0 altsetting 14 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.925601][ T5952] usb 4-1: config 0 interface 0 has no altsetting 0 [ 100.948012][ T5952] usb 4-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00 [ 100.974182][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.001527][ T5947] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 101.013956][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.024861][ T5952] usb 4-1: config 0 descriptor?? [ 101.072214][ T5947] usb 3-1: config 0 descriptor?? [ 101.092839][ T5947] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 101.181045][ T6285] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'. [ 101.203393][ T6285] netlink: 'syz.0.86': attribute type 30 has an invalid length. [ 101.237956][ T6286] netlink: 8 bytes leftover after parsing attributes in process `syz.0.86'. [ 101.270213][ T6286] netlink: 'syz.0.86': attribute type 30 has an invalid length. [ 102.247760][ T30] audit: type=1400 audit(1768397391.501:198): avc: denied { write } for pid=6284 comm="syz.0.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 102.502410][ T5947] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 102.527774][ T1358] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.530279][ T5947] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 102.550975][ T30] audit: type=1400 audit(1768397391.591:199): avc: denied { create } for pid=6284 comm="syz.0.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 102.583042][ T1358] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.610994][ T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.648689][ T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 102.706072][ T5944] usb 3-1: USB disconnect, device number 5 [ 103.423566][ T5952] usbhid 4-1:0.0: can't add hid device: -71 [ 103.508263][ T5952] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 103.565376][ T5952] usb 4-1: USB disconnect, device number 4 [ 209.650230][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 209.657787][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5988/1:b..l [ 209.666239][ C0] rcu: (detected by 0, t=10502 jiffies, g=9573, q=736 ncpus=2) [ 209.673879][ C0] task:kworker/u8:17 state:R running task stack:25480 pid:5988 tgid:5988 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 209.688518][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 209.694811][ C0] Call Trace: [ 209.698091][ C0] [ 209.701019][ C0] ? __schedule+0x10b9/0x6150 [ 209.705705][ C0] __schedule+0x1139/0x6150 [ 209.710223][ C0] ? kasan_quarantine_put+0x10a/0x240 [ 209.715774][ C0] ? __pfx___schedule+0x10/0x10 [ 209.720681][ C0] ? mark_held_locks+0x49/0x80 [ 209.725479][ C0] preempt_schedule_irq+0x51/0x90 [ 209.730557][ C0] irqentry_exit+0x1d8/0x8c0 [ 209.735288][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 209.741658][ C0] RIP: 0010:unwind_next_frame+0xcc/0x20b0 [ 209.747433][ C0] Code: 45 38 48 89 44 24 10 e8 c2 47 36 00 31 d2 45 31 c9 45 31 c0 48 8d 05 00 00 00 00 50 b9 02 00 00 00 31 f6 48 c7 c7 a0 96 3c 8e 1f 45 2d 00 e8 4a 90 0b 0a 5a 85 c0 0f 85 a2 09 00 00 48 b8 00 [ 209.767179][ C0] RSP: 0018:ffffc9000539f210 EFLAGS: 00000246 [ 209.773296][ C0] RAX: ffffffff816cc6fd RBX: 0000000000000001 RCX: 0000000000000002 [ 209.781288][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e3c96a0 [ 209.789298][ C0] RBP: ffffc9000539f320 R08: 0000000000000000 R09: 0000000000000000 [ 209.797366][ C0] R10: 0000000000000002 R11: 0000000000006cec R12: fffff52000a73e5d [ 209.805373][ C0] R13: ffffc9000539f2d8 R14: ffffc9000539f2d8 R15: ffffc9000539f2e0 [ 209.813489][ C0] ? unwind_next_frame+0xbd/0x20b0 [ 209.818662][ C0] ? unwind_next_frame+0xbd/0x20b0 [ 209.823824][ C0] ? arch_stack_walk+0x73/0x100 [ 209.828703][ C0] __unwind_start+0x45f/0x7f0 [ 209.833395][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 209.839563][ C0] arch_stack_walk+0x73/0x100 [ 209.844243][ C0] ? arch_stack_walk+0x73/0x100 [ 209.849091][ C0] stack_trace_save+0x8e/0xc0 [ 209.853766][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 209.859180][ C0] ? find_held_lock+0x2b/0x80 [ 209.863878][ C0] kasan_save_stack+0x33/0x60 [ 209.868601][ C0] kasan_save_track+0x14/0x30 [ 209.873281][ C0] __kasan_kmalloc+0xaa/0xb0 [ 209.877874][ C0] __kmalloc_noprof+0x33d/0x910 [ 209.882732][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 209.887678][ C0] ? ieee802_11_parse_elems_full+0x1db/0x3780 [ 209.893769][ C0] ? ieee802_11_parse_elems_full+0x1db/0x3780 [ 209.900056][ C0] ieee802_11_parse_elems_full+0x1db/0x3780 [ 209.905957][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 209.910927][ C0] ? stack_trace_save+0x8e/0xc0 [ 209.915817][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 209.921238][ C0] ? stack_depot_save_flags+0x29/0x9b0 [ 209.926724][ C0] ? __pfx_ieee802_11_parse_elems_full+0x10/0x10 [ 209.933068][ C0] ? ieee80211_iface_work+0x42f/0x1350 [ 209.938539][ C0] ? cfg80211_wiphy_work+0x3fb/0x560 [ 209.943829][ C0] ? process_one_work+0x9ba/0x1b20 [ 209.948954][ C0] ? worker_thread+0x6c8/0xf10 [ 209.953717][ C0] ? kthread+0x3c5/0x780 [ 209.957962][ C0] ? ret_from_fork+0x983/0xb10 [ 209.962725][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 209.967667][ C0] ieee80211_ibss_rx_queued_mgmt+0xc85/0x2fc0 [ 209.973886][ C0] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 209.980460][ C0] ? kcov_remote_start+0x399/0x680 [ 209.985655][ C0] ieee80211_iface_work+0xe28/0x1350 [ 209.990997][ C0] ? rcu_is_watching+0x12/0xc0 [ 209.995773][ C0] cfg80211_wiphy_work+0x3fb/0x560 [ 210.000947][ C0] process_one_work+0x9ba/0x1b20 [ 210.005963][ C0] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 210.011644][ C0] ? __pfx_process_one_work+0x10/0x10 [ 210.017044][ C0] ? assign_work+0x1a0/0x250 [ 210.021669][ C0] worker_thread+0x6c8/0xf10 [ 210.026336][ C0] ? __kthread_parkme+0x19e/0x250 [ 210.031402][ C0] ? __pfx_worker_thread+0x10/0x10 [ 210.036541][ C0] kthread+0x3c5/0x780 [ 210.040624][ C0] ? __pfx_kthread+0x10/0x10 [ 210.045216][ C0] ? rcu_is_watching+0x12/0xc0 [ 210.049987][ C0] ? __pfx_kthread+0x10/0x10 [ 210.054601][ C0] ret_from_fork+0x983/0xb10 [ 210.059205][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 210.064320][ C0] ? __switch_to+0x7af/0x10d0 [ 210.069009][ C0] ? __pfx_kthread+0x10/0x10 [ 210.073601][ C0] ret_from_fork_asm+0x1a/0x30 [ 210.078385][ C0] [ 210.081404][ C0] rcu: rcu_preempt kthread starved for 10543 jiffies! g9573 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 210.092512][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 210.102499][ C0] rcu: RCU grace-period kthread stack dump: [ 210.108392][ C0] task:rcu_preempt state:R running task stack:28440 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 210.121911][ C0] Call Trace: [ 210.125205][ C0] [ 210.128136][ C0] ? __schedule+0x10b9/0x6150 [ 210.132859][ C0] __schedule+0x1139/0x6150 [ 210.137371][ C0] ? __lock_acquire+0x436/0x2890 [ 210.142312][ C0] ? __mod_timer+0x8f2/0xd30 [ 210.146935][ C0] ? __pfx___schedule+0x10/0x10 [ 210.151791][ C0] ? find_held_lock+0x2b/0x80 [ 210.156477][ C0] ? schedule+0x2d7/0x3a0 [ 210.160807][ C0] schedule+0xe7/0x3a0 [ 210.164873][ C0] schedule_timeout+0x123/0x290 [ 210.169725][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 210.175100][ C0] ? __pfx_process_timeout+0x10/0x10 [ 210.180389][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 210.186192][ C0] ? prepare_to_swait_event+0xf5/0x480 [ 210.191661][ C0] rcu_gp_fqs_loop+0x1ea/0xaf0 [ 210.196435][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 210.201737][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 210.206959][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 210.211909][ C0] ? rcu_gp_cleanup+0x7c1/0xe90 [ 210.216789][ C0] rcu_gp_kthread+0x26d/0x380 [ 210.221483][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 210.226680][ C0] ? rcu_is_watching+0x12/0xc0 [ 210.231471][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 210.236866][ C0] ? __kthread_parkme+0x19e/0x250 [ 210.241926][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 210.247139][ C0] kthread+0x3c5/0x780 [ 210.251226][ C0] ? __pfx_kthread+0x10/0x10 [ 210.255893][ C0] ? rcu_is_watching+0x12/0xc0 [ 210.260682][ C0] ? __pfx_kthread+0x10/0x10 [ 210.265309][ C0] ret_from_fork+0x983/0xb10 [ 210.269905][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 210.275022][ C0] ? __switch_to+0x7af/0x10d0 [ 210.279746][ C0] ? __pfx_kthread+0x10/0x10 [ 210.284379][ C0] ret_from_fork_asm+0x1a/0x30 [ 210.289166][ C0] [ 210.292190][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 210.298519][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 210.307475][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 210.317563][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 210.323225][ C0] Code: 86 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 f9 11 00 fb f4 cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 210.342864][ C0] RSP: 0018:ffffffff8e007df8 EFLAGS: 000002c6 [ 210.348956][ C0] RAX: 00000000004a8a3b RBX: 0000000000000000 RCX: ffffffff8b7866d9 [ 210.356962][ C0] RDX: 0000000000000000 RSI: ffffffff8daceab2 RDI: ffffffff8bf2b480 [ 210.365072][ C0] RBP: fffffbfff1c12f68 R08: 0000000000000001 R09: ffffed101708673d [ 210.373062][ C0] R10: ffff8880b84339eb R11: ffffffff8e098670 R12: 0000000000000000 [ 210.381053][ C0] R13: ffffffff8e097b40 R14: ffffffff9088bdd0 R15: 0000000000000000 [ 210.389049][ C0] FS: 0000000000000000(0000) GS:ffff8881248f4000(0000) knlGS:0000000000000000 [ 210.398024][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 210.404695][ C0] CR2: 000000110c34c07d CR3: 0000000074d89000 CR4: 00000000003526f0 [ 210.412713][ C0] Call Trace: [ 210.416035][ C0] [ 210.418979][ C0] default_idle+0x13/0x20 [ 210.423328][ C0] default_idle_call+0x6c/0xb0 [ 210.428119][ C0] do_idle+0x38d/0x510 [ 210.432233][ C0] ? __pfx_do_idle+0x10/0x10 [ 210.436845][ C0] cpu_startup_entry+0x4f/0x60 [ 210.441728][ C0] rest_init+0x16b/0x2b0 [ 210.445975][ C0] ? acpi_subsystem_init+0x133/0x180 [ 210.451267][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 210.456923][ C0] start_kernel+0x3ef/0x4d0 [ 210.461467][ C0] x86_64_start_reservations+0x18/0x30 [ 210.466948][ C0] x86_64_start_kernel+0x130/0x190 [ 210.472102][ C0] common_startup_64+0x13e/0x148 [ 210.477090][ C0]