last executing test programs:

1m7.382791636s ago: executing program 1 (id=2806):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

49.35923808s ago: executing program 1 (id=2806):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

38.906197306s ago: executing program 1 (id=2806):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

28.105623852s ago: executing program 1 (id=2806):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

13.029314955s ago: executing program 1 (id=2806):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

10.649398387s ago: executing program 4 (id=3151):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x1, 0x0, @ioapic={0x0, 0x296a, 0xf7c, 0x3, 0x0, [{0x98, 0x27, 0x81, '\x00', 0x7f}, {0x1, 0xc, 0x81, '\x00', 0xf5}, {0xe9, 0x4, 0x8, '\x00', 0xe}, {0x6, 0x8, 0x3, '\x00', 0x8f}, {0xff, 0x80, 0xb1, '\x00', 0x7}, {0xf, 0x3, 0x28, '\x00', 0xaa}, {0x7f, 0x8, 0x1, '\x00', 0x8}, {0x1, 0x3, 0x2, '\x00', 0x67}, {0x2, 0x7, 0x91, '\x00', 0x8}, {0x8, 0x3, 0x43, '\x00', 0x80}, {0xfc, 0x8, 0x4, '\x00', 0x3}, {0x2, 0x3, 0x3, '\x00', 0x8}, {0x6, 0x6, 0x8, '\x00', 0xa6}, {0x8, 0x0, 0xa, '\x00', 0x9}, {0x4, 0x4e, 0x9}, {0x6, 0x5e, 0x5, '\x00', 0x3}, {0x5, 0x5, 0x7, '\x00', 0x5}, {0x0, 0x3, 0x3, '\x00', 0xff}, {0x5, 0x0, 0xb, '\x00', 0x3}, {0x4, 0x6, 0xb, '\x00', 0x3}, {0x7f, 0xf1, 0xb, '\x00', 0x4}, {0x7, 0x40, 0x9, '\x00', 0x10}, {0x2, 0x8, 0x1, '\x00', 0x7}, {0x2, 0xc, 0x91, '\x00', 0x1}]}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$swradio(&(0x7f0000002440), 0x1, 0x2)
syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
recvmmsg(0xffffffffffffffff, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f00000000c0)=""/23, 0x17}, {0x0}, {&(0x7f0000001840)=""/105, 0x69}, {&(0x7f0000000640)=""/4096, 0x1000}], 0x6}, 0x80000000}], 0x2, 0x40008062, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0)

8.86099772s ago: executing program 4 (id=3156):
syz_open_dev$swradio(0x0, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040))
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x11, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7d}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc)
sched_setscheduler(r0, 0x3, &(0x7f0000000000)=0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)="08040800d3b70000000000e000005c4ed0f186103d038be9281a74cfdaea08cb852b55cda5ecfb1712cc126dc7a2db96d6cbd52c7fe3d1d908409a0ab80703c86a7f360cf4d43ddac162b4531c", 0x4d, 0xc004, 0x0, 0x0)
pipe2(&(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r6, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
tee(r5, r7, 0xfffffffffffffc01, 0x0)
tee(r5, r7, 0x60000000f00, 0x2)
ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000002440)={0x0, {0x2, 0x4e21, @remote}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x44}}, {0x2, 0x4e21, @remote}, 0x60, 0x0, 0x0, 0x0, 0x7, &(0x7f00000000c0)='macvtap0\x00', 0x2, 0x8, 0x1c})
r8 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000df2bfd404b0c0001cad7010203010902240001000000000904450002c9cee40009050802ff03000000090582030004"], 0x0)
ioctl$MON_IOCG_STATS(r8, 0xc0109207, &(0x7f0000000040))
connect$can_bcm(r4, &(0x7f0000000080), 0x10)
sendmsg$can_bcm(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="05000000000000000000000000000000a7739168175a45631d9db7cec7afa879e82b0951e25edbc28afe538e09c5b1dda608d92eb2dccbd2824ac1334770fddf6f209627d6eceedd285b6cba0f4d45c000e317c78e55758c0071800662e4074a60a62f327b27ef52a816cf98047f849922ee3e56fcb89d5ad6b4d9ed1fd2140341", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000f8ca44dfaa000000"], 0x48}, 0x1, 0x0, 0x0, 0x48850}, 0x0)
sendmsg$can_bcm(r4, 0x0, 0x0)

7.456052484s ago: executing program 2 (id=3159):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
statx(0xffffffffffffff9c, 0x0, 0x100, 0x800, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$USBDEVFS_SUBMITURB(r5, 0x80005520, 0x0)
ioctl$KVM_CAP_STEAL_TIME(r5, 0x4068aea3, &(0x7f0000000340))
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x832, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
write$cgroup_int(r6, &(0x7f0000000080)=0x3, 0x12)

6.653365166s ago: executing program 2 (id=3161):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120100002eab5a40401c3405cc6d010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0x88, 0x400)
socket$netlink(0x10, 0x3, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = openat$null(0xffffffffffffff9c, 0x0, 0x40001, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x44, 0x0, 0x1, 0xfffffffe, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0)
socket$netlink(0x10, 0x3, 0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r8, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xfffffffffffffe43}}, 0x1006)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000003000/0x3000)=nil, 0x3000, &(0x7f0000000000)='pids.current\x00')

5.661472475s ago: executing program 0 (id=3164):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0xfffffffe, 0x724f, 0x8, 0x55a})
socket$alg(0x26, 0x5, 0x0)
socket$kcm(0x21, 0x2, 0x2)
prctl$PR_GET_THP_DISABLE(0x2a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r3, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)})
mkdirat(0xffffffffffffff9c, 0x0, 0x3a)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x149802, 0x0)
r8 = dup(r7)
syz_genetlink_get_family_id$nl80211(0x0, r8)
sendfile(r7, r8, 0x0, 0x80006)

4.821711306s ago: executing program 0 (id=3166):
socket$packet(0x11, 0xa, 0x300)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
pipe(&(0x7f00000007c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
bind$rose(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x43}, 0xd8)
bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000040)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELRULE={0x74, 0x8, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_USERDATA={0x2e, 0x7, 0x1, 0x0, "82b17d1146372ef1234d5300de4dc5b63d95132a28f64630d4a3a02703b7ca6fde3909f78590b9a44b76"}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}, 0x1, 0x0, 0x0, 0x20000090}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_int(r5, 0x6, 0x17, 0x0, &(0x7f0000000440))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r2, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0)

4.775738546s ago: executing program 4 (id=3167):
r0 = memfd_create(&(0x7f0000000900)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g\xf3\xc3`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xa)
ftruncate(r0, 0x2000000)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100010009000000010000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = socket(0x10, 0x3, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x1100)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PROTECT={0x5, 0x8, 0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6811}, 0x2400c810)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x10, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
socketpair(0x25, 0x1, 0x0, &(0x7f0000000000))
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x488001)

3.588263162s ago: executing program 2 (id=3169):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
r1 = io_uring_setup(0x79bb, &(0x7f0000000400)={0x0, 0x89ea, 0x10000, 0xffffefff})
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r2, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x6}, 0x10)
accept4$llc(r2, 0x0, 0x0, 0x800)
close_range(r1, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vcsa(&(0x7f00000002c0), 0x800, 0x1)
r4 = open$dir(&(0x7f0000000300)='./file0\x00', 0x410800, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r3, 0x5000940e, &(0x7f0000001d80)={{r4}, "fbc45fc95fd64af28271834dc188aeb20b37d564c8973b31fd172d9cee47bd23c11899e488619f0a032b8ffefef4536de6590035e1c08b121973004dcae3ca8b14d0676104a1b23c599b9a986a97d7d75c7ed6b353e77436d727b8383d6bfbcb4598b05d58528a900e029632b7980d091f4e1b4ed912b85acc0630c4be78491510412972dd59ec918c4bc94daf88bcbb5cdb66c66649d4cdec9b95bcc84496c55d1042736ad6d44240173fef7afa2158a85abdc3c9610225bc3c96c22365ac91d19a4cac6387717c44e69f976d5645894eef202d5531f44fbb75da46bc5281e0d9f86f4c6face2c56c1f592660d8818e103f075034269faf6ad30d454e32bd7cb3fa9e6b9a9b7e53c752c1e23542a57a3a768cae6a1af14da7bd8e0ebb61e8c89a312a711c46d9db5196a60c993a83270db2fecec9224472e7073a4ab52bbee77b3df57ff9cd8524f71aa675d6f01054a4e15e477a0cd4f81a2bd5df59174b68567b9ca5b3ed020e8a6f863e9f1f79b0a561db9437c26f649ec0415d659b40a45a6a78250ac961a88d53d783cf4c94b63f70b95b7b0516a88b9c7f0fcec49c461cd68f009e3e945a098678d2b7786afbb95757599d4551a6635ca2181212c9cd949083145d4794ab2a9ca6c7a0d32a5d844f7140d8ef1a1afec8f9c5e7689a912951be13fc72cecc52269710a73b15d0ade99f1a9bcdb5ffbc2298ceb0465da82e6985c96ab3d49fde07815c7c532807436c5cbf6d7c9bf406170ec9e472d5fe00dd1c5ba020098212409205b2f19ef553ea05acd6e627de09879e36f4284029f359d923b0c350cde59ec1f2ed1a11d71b0c76cfccc9a78618eec7cb1dc3310c1903aabe1dc4ff56699d79976808c956a02cdf643cef1e0026b80c74865d423ac93f4563f5d7cc72902dbf3f51b80926fd5aa059e695dc7b1c8ea0a26699d7a887a7d1befc2d4270432534e9a6a69bf9c4f38ae2e713756b81c2beb63eb344af9469b4afab27d65fa8f98f59b11f1ce91cb0de5c2615a160b15a616540e9e93a9eaec14f9ac581a765c816a94da324f76c8f17245cd13fbb68e8e25f553e0073e0ef5d09f1700ff616fb1212c8d19e0602ec2c4f2b6dd891dc74caa5c128e5f9a28f18c046dff9e0dba5ae7b2029fc24ed200b718c9470c4f8ed864f5833d178edc2377558b8ab93fe62aeff0e76b65168fba90d495073bba0f2e40f24aa97c4d2b978116a4b1c6fd8d9d1fd0dc23d6b82a6b214d80f12a614f8ab34f950d06488cb9dfcaa16ca7096ccc4a5af098450ecc70e0f863a49b47aca78756a10a08563f3da99276bb9d396c304779277ee7b8ae5ee4ccbd1255c9c19058d01f20ff27561983dd0e92100da07015ed5b764ea116ffeec711b8c7420e957f4f5f1c3765394d5e92688bd2eb389de30b1d59f29ab58093c55b16e0c43e5d7e56deae941cdfc90b663f02b4941e1ba9ad8c03ab9cb3848fb4f42167253b9142425929f339785008996bf18022d833c6a79eb86694813d0f1af61f9f7a8d46b95e4babb2575ac3407e35b61c2eb8ffe2e8a6d047f628dddd2420db768b696305e456c1ee4baeec514c01eef51c2224e61624db2da302f79e68e06402386e6a3b66fe3c03d499e015235e29124e7a6fd5e269845244f8e7774e2d1f5d3f73503b9cdf03378a9c5eabfd3d6072e523bbc658f7ce7bb92dac2a762cef2d2c15e8e213ac383087f34a30c10ca278efa15b16d95ca49af1e54c6d52cefe948b8e77c88bb18f12d2a57d3f4c33e8e1ca2e029a8adff18c1d1f3eebc7f0203dabd542c45c9897d26d07d1706699722b23277ce7e8b08e4ae3458df77cad95cac0b0097f94e1d70ce237fe7f42325a2be6ce212c544417bbbe376e2269f381fca5d8fe87d53622625170a626bb631085ebfbe7db83809b228b58dd190d82317c9aaceef536d8be1e56ec097ce425104ce63c9a8f930e47321d0e73ef08198afcbc68cc80f894846546a49efbfc588e61bc83462c4e06b07ae5e54108ee7a5a78a116df65592f81033e68603cf2c8e65f335a634113083419c7353d2340f4692a820364be0102740ba750aec2df37e3dcaac935b9ce4782f06ae32497c1b23713b86a649aabe662fd27bbc5070ebf65f80157d8c2b914069def43966592f0cf308e71a5594b94d847cb4ac8d152838d59a9dc1cbbebcb805070cbec9e2d78ff4becc3705cf719afb590fcd95af61ebd937b40d5e6db0b207813e226c5910af9ac3a8c4d608b708b7cf50b96009ae5d66d3543cbf9a52f38bd27e2147b81c253d4c4397a3eaa3224a7f2445443481036c59aa6569c813a745ac1db7bbe61159c4578777eecd8ccf180ba6d070d5af9a9bdd4f03f741fb10b18f683b3a9f20be808fef33c9477e9b917d5a925cf4e94868931a0f9c81c3967773c1c45945dde4f61c8a66047a7e4e68fc8a39689352ff9854cb6e98ae2dc20170eaeef07b3433a1c3b15049cb7fa5b679a5af857f5fad4758e284046f42048a7e61f3303342e0c957b618375a1bc5b812a4dff83a30363a4544a37fe510a00916577753efe41a0b97f82be3068240c0843cb0cadaadfe1deed37da59b9abb4a19aed5a2c29f4b34921e30951986a2e032d8111730989ecc3ca3d26c8408cfc988c33e75df0bb237242780818923d01a5b4f9527b04f3fd76fc412162ef387d17fd803bc0e0eddb07859425fb7e58475692c04acde0cb31730399a3c320e088bfb8189f70f0dcf64f96c37804aa32136c99acba6f1d0291d404d6cec025030c3460a2b233417011213610963090ca57ce53358939c97e1b359e6325f355ff26f39e3c929e92c01ca5fe1937d21f674166cbad9adb5041b4e6af813142a37875315cdb53d6c24063759c6d8d996675337710565c25dc1a8d4fefdeb2a67de5d612c6677140880c2df5a7c8f848f0c515b7e2143a5476e22e4b82b54c8c77eb2466eb6862de6fd1e3aa4941c276301ca8dc5d6fe468eb8ffcc4910ab5c275aef81d56b3f6b463c8ba7b356f96725d18c4b7e3550549d18e14dd4e6f33e3e4128d8261a1977ff4043fda3a6c9e288c9eee0e14d6eb31dfae8156585b7b00f6aed05b38b995ebc8ea676c0f410a3f33bc6d7dcb5e192a66c74a2b8352bd1d33d2ff4b4eae183c3170e7661d8f1568f259bb0e88b4e60a438835abd78cad277b05152999cee3fa4f55b383bd1d400ec0577fd1609539ed984c7de1a62d8d57932a8047fa8f579ce7484ab3d9ec25a93c5c804aea72aa927b58d995168635a9d2ddec6f9365faaa042b8c55e650265a8b64659ec66ce0a66071917aac9143eb2520ec2456c12bfda7a10e69508741f476d352bec1d3b058c9344771d28998c6a678c48efb80632896f82568261470577ec130125b464799b7d77d1ec57d6df77c6daa3a2f6894038b723794500c9f9c17e01ac15d7e5f324fd5d32d0214c657d4313078eb7ef3052682e7a33961bd136b24b1fdec5a3c9f65b5be21a926194abc3054f9b1a2bc19e59a498ca39b6b4f4a3578b434a1292d202ee7d3a73ee204a17f61b88eb475c6e82e9fbb400d782b8fb26ba7e9e48cd4b570d8b72d50e070ef490727fa00163aca9e9c04b51e323799b68719e4a4ee64af891c4f9aa8bc4abc4880e0edacb5fc028c8a0fb5bcc6d6642a9c3f951c9fb4182f512ab91c437c49b267f3cb590b83668d279f83e47363427697b7c1f1ac7c3f6c87bdea91d9e57cec04af9a15ba82a93cb9d3ef6012ff3be9ffe4e547b64f4324381546d8baee3d44e3f689cc86dfa5e5cd24e7cdb66ebc82258c4e69bd0ae5a9cdca499c8917873c56f639b05cbf1433801c6ed49af6647d1d9dd8dfd7de95234778adef2422c2533208b1e30e90581020e3913f98766380e8384eb6fc8d980a6787fbd77f4f51d7c7ea55dc211d216009224045676e938f8d768f79f655756974f816bb1e7eca501d94617fc055cf2cdcd8082790242d5cc6c286133a8d0204ca2f67623b660a88f1d5c80cd12fd596ff29cea011bea467470995d3a709844838519c52d431db8944360e8906df19cbb31e38091b13c3c983d899054693cfd47ecdcd113c069dc2ce8237199e93c48a1061aa004b0641fd36ff1234a835db72c1d06a1509f5dd2849834adff1ca6acf7a2e657d334642a2e3aa536a62f741475069b62ba8eb8fa8a67c5d6a6764abf4032e419b910fead9eb18d9fa0915f36ba55295f79b316f390c091e4c087ec6ba8b7d9d1e46a2f3f2758d5f097cc677d52ef6510f2714e40dcb1790d2ba780fdfaeb7848b73873f6c991568b51e70f3048d0b37069d4bafc40878f5727f2ce85d1cbe59c3de79a38c5df9fe9e1f360b7d4e85fe21625c5472467875322d10174b916dbac2b185ab833d3676f129f15ecd7a9668b0b4b32e161fd5ce1baa9f2813f3786f148e63f447313e2a8b6dcc4fe282e06f188a0a5cdae18dd8bf3001326be923ebff48c5cd24ecb327258e3e2cd0d9ab0a565b074ed2ee149bd820bac26572779d30eb6e106967ee9fea8419f9cbea333ab8e98cf8baa6af036eedd98478d6e44e399efb621760786e09e696c123a1edb02b810dfbff89853e848ca242bd4f94b2b8f6d71b6f1de150d49b4ba30edfd256580c73f7d7f8ff59e5d922ac34fa06b4176de3a7099a19815ddda021dd99f8541da30ab39662d2c5b56422a47320fbefc20d01b8bd61e148dd5104403fd5ca9d7df690dcd5851fdcfd3e77563c60efb59697d5dd4cba953f61bfb52a7ed38d352a12035d636d9302980e5b5157efcaebd02f4832ab9c9f4fc4711008ad1c1a337d9358b401eba2bdeae12ce92cba9b080f3cb75723ad7791033c4215fc8b40961765535ebefaa4bff85563d51c0a984b1c050f6e95ec83f842d1a4f2fac71eda7172c6f7649f6667a6b99de5bcda124c45ccbd468c834fa449f2bdbdf33694058a302cbe2099a781fc9dab20d1954bfe0b21d30b22eeabc9e6ca5815148db9a9bcaec40f64e268b142af060b2d2d354f999e5f26db825c59cced2a6a0caeb0325cf2fd9c5d75f783e8c2899424fbeb93f51d9de4aebf3cdccecb678e59d5b6e38b037c3ac4c6702d414c27cedbad72e8d410ea935262e42959c3a64c7522b1eedcab8bd3a8545b67f9e9cf84c9366818b8b1517ff688c6481119015fee6326d1791bcf1c3b248211cee1596d255b65de11f736d5120bda30cd20ecaa37b2b8cc7a5b8129adac22a9be23438db75a3613479d10d68be571a5e9e9a4214fb27358ffdf33158e7baa9f92d209c8f673262358d5670e2892b9f1c5630980789d493ac6402998380a5bfee45b3519972712934e4ffd51aad3c0dd103aca8bfa7c9fa2590270a5e9477a73ea918ccd979c1aea952acf3d67438243455c98c1f56057fe39169709cd7a85bb4796619330f0fce9d1486514fcc5e3f16a8f83ad3612bc071503099d6e33edc159711e14ddee887fea621edb48a61754c89cff369ebe03cae55808c28c41bcd9f27c7fdb468bd6d95cc042857db1d5b9459a0b9d2ec19a75cbb374e7d2c94e7bbc43bd8470da42e8de7ad48c7e1c6d5f72c3319942eff8e3c4b2c41c6a31e8d76f3477191b17684f544028dde432eb9469735dc251449f60254aea84342ef819b4354afc110a9e43884801eea22dcb7f10a2eaa6d500b6a3b6a19978e9cb40a4d2f24c363b039548677d975d35af9b6f2b26712194e7bd39f8919ebc4c5f93b922740fd69682c7bba7587116826d3fcd459f948784a6669c5d6c1223ccddab290ce33245ac07aca"})
r5 = io_uring_setup(0x177f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xfffffffd})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x35, 0x7, 0xc3, 0x2, 0x0, 0x1, 0xb8e, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50)
ioctl$BTRFS_IOC_SNAP_DESTROY(r5, 0x5000940f, &(0x7f0000000d80)={{r6}, "798e2f675974ce521ccfadb81333891715fc1bf4a16b4869c4e91d271fd7c26299599a800d849c26b73c8ca60b2c9779fe0cafb0306119e93d2deed152bafaedf3320d8e24fd4e793ac4d7fc948d15479500848d5e556859f3eb8c8c9067f9db24b08c5f1b81d43e53386c532d87f09211b5090d41d8c48b02a1327dab5116714b4dde2ece726fe7d1fd85343ff220f473f0427105352df77a2b966cfeccdb3a3e817256fef9fe44e08c31b301a1eaad6dc8a000a93783bffe14fdddc4d8db65446eaeb011127261536e4b2d2fe7e789efe60f1ad2c53269f4c4763257d90297a0ca13293ac95f1fe9f33c196d2a00f5564f9ac8cc5a74ad2bc5e0c269b38063647816c99eeee892d0d4834c19aa8325d0f5fc15ec4bfc68548c58f6207437877e05c538433f3d7d2b416f889e03fefc4e88ca639e2c15f112ffbce1e8368d2b3c065e77c8fef6379cf7471dc3140994b047323008affdcc0a84ac35c756fff63bec9ea99867ee82556491b995a2dd5901d2c99ada51b199237ee716e1a518e0a295a8c992aca96654dbee45dfb592662972d33779a63b76452b0733695a579e1854fff77141708672681df75697204caa6926aa0cbe62f64f59286e401dcce7b42f5d09394d55f1f23478bfef0781431724f019f53586d64ceea0b30dc232e12503ff826d5b393e77306eec7e002cd4c686aefd7986f7eda0deb6bbf112cafb2dba56103325a0ae5284c8864c76859df7d58b31c99d770dbe38f705d5bbb4eb502334121e11216e6db22fd06c02a38fe611d5f1f991074bfe023910fba6373d93ce2ff316e62b56a6bb1928f22591bd7ee4917782478fccc827a4834e3f4c8222e0af8ca5d7021a9cb73cbf68506d14f257e03f15e0d0b26b728bb091570576b39b52d71f777768d6b024f242791e17ec5246d82bac95e79343ac4100d9a386993701f734c81f763a1d279bc07ea2ec9f9ce25e4dd99a6471fef5ae5e4f7244fc37c9422be1fdb62fbcac55f531afde9cbd3d9fe1fed8589224b123100679cd91f553bf8b651d58d4d222e0a62eb7a5d1687505b89b53b3690e9d6db85a3b6a5539ddadf778cad87ad291b75cdbbf37c4cebbff48b6e49ec34f618c5e27dbca0ba5869c433bffcb7c096627edbc45a3d15f3d07d8517b1633e3e486a96e9a4359fa3a10bb59b0f13e3b1ba73afb9b8e8c2e96fb4d8b94561b877d83db7388f63695ae30666ada60a14b74be2dd2651c781ef59bd7a23f57a6f4ae5d34a0d7ec1ab78f247f525efcf4dbfa29b4905453ff7dfff00334688a6792910c29d0a45a1d4aca0fd722e332dfda606f550a6e53cdcc6709a7329529fae752eef2bf74ded93e467bc53b5cefc803b88a503ba97416c6d1a494dc7b203416d38dfb0e1152744587cf4c8a642d33816a91d9a26da33f642ccc65c6dc6283db058c3afdcdcff9d15fe6472822c61c8705f304d9a6e6d37ce3ea6b5a6e1931a340d2d529c3736622d7f44c9ea8d6d23b0e5194e06af2eefcbe7cd1ca124cb91cbd74e91f9e6ba7d1e2ab62118ff246a2cf6387d54361ca08f8b496b34650cff5f60cb904f6c848e33fc921ed3ae6dbe30ec9f961107fccc1c678cedd77989998514a7ae2bdb540ac3114acf911ac09d6c41a60d72fbefdefa988b5879e5cfe2eebf5cfeccde7212e7016d72f8b0f4581bb8432bb8e233fafc24c5767eeac59845dafafa28c90337c580de0a94c31e137a7ba3e5fd46735ba7e5b5c96eec76253b44ae255b25c0f699ef11b0b4551d1580915071a25fda5ba1eb27be172f770e0c36a6b7d2807da405b6194853c167fab77c50bdcea6c6cdc30acc0e18d94c411356443761da31d9cbf0fcb68109dd6ddf9360385075f31a4c1b8f225f63afb845f1e570dadfbe841bc4ae1ef23e61fdcfc63a2a1c470d41cd69a47b6c5f901e40f88bdc240989ba8b5ef2c608bc12361ac52e8783bbb9704e28780058cfd353c706df1d52b1b24525d0ab3cea9f3a1ffbf3e06bf858f147db30965280f458fee5c6e89fa1b88b838ff64e16678dd9719d525f16b7a5a15b82abea26b86a697c30497f7bab1c4b8eee028b631c790f8ce428b8114be04af291830af1f01f2268f94dc5b164bee1fc4defdaeba92e2a25c7d68da36a9b1da0f5aa2268396ade4636533e6ab7443486fc9f5d55f1351d2d1501874d9d1f6d3424a029329ae37fed19969857fbac3aab357f5e81cd155977d9b869fecea346aee4053eb478944b4a96bf44415d77ba5b8730e43575229bc651639c1c5b0ed60140e2210bd51a7c2256936607071be4233031ec36a7ce18107d7136164a914147e92214a9b7abd646333827cabeca2dd6ef82e2528dc5f39448e044d5bc81917e3ce2fd4c61b630f5e73a95da52b2c60f629161bf51a55e75e51e444cc5be691b1ed951728b747d28e268e29e833c33d54824cabdc52618aa58dfdf808397d867f66af062dc961294918bc6e3fcaffb1e03ec529c0cb0bc8eaaaf5b38ad449ddc84d94854c1690118e524d55a81ecbe04a2631d1b192db2e9fe797ee74cfb4f30abb205cc40c6dd5308000bb016904722c4f2aacdf5b906ea58cd8c959e7f07d280eb38cd6e434a94cc87edc5249fa9d09e05c5f31985b9dbdbf720e6a137d36c36befefb64ec20a7fcf81b6eacc8b2dbb76a3a74dd4d1523aea74134adddd9a72e0c3ff51fe41f2b76b1b8a7f08c6b0d38d5e895a39509a5d993707830b1d469f27eb531b63d8e39962e512fa57b05bd42db01ef8ad3a400bc1164b2215ff49379171cce0ef1c39f6e70fa78465f68e46a119f5a3e9daa97fe10e0765a3cbc71fdc025238d9889efa127ed323235ed0e389197daf216a60e9871f7cf4cede7c64eaa4ed38055bf9255833efcf138d81dc2d2ffbfd2aaeaae6b344b8d00233830b08c89c5758299e3236df519f3988a2d33371522454043c18bb01157a05192e8a5cfe4aadd2811f0381e7ef154706b55c26bd6d1eb9879027b5a2b58603230af7ab06dff5de7cbe02f1a51e83ad5becffb9404f030720935a98445a87e0a0cd77be09cd5684d2a3eca46ff4ce0d8890f268c9e0d1a696be8e3d0b0775b372b5f12779a5139fedfa0652de4ddfffb1d5baad6b42a5451f3df9d224aac2e7b7c569f63e6d709f6f5fa9422186bce057334c5554db49c2702311094873509879752068ebb56f604e3ddd015dbaf307803ac04e012b2e9712cc2cff5fd99b3d3b429e135ee0981330c9d392e5c4a7212fd5a67b069a078decb94b0a9d004bb5a43e6e724557b245fc3cd075dd2cec933f880657b4a4efb8e2cf2b302ee88b1dbf080882399f1b857d4d54d42940df79b6fa6d4f85be16b99b6ccaf83572c45e25cf02f0ab0a84afca15e3740a4bd352e46e30297cb772d00c1ca69adf1aee37a166a72016045b71dd50145a5345c48c52cd1ca26be828e6f3782fc46dc9dcbe8bb19fa5f49fc40550e2870d1a5d5170517b954d86aa3e6e3cabb9796048605c357441a99c219168509f0d7b890e774d15733b0c9d8c4241f1a94a1e566c639a7bc9130f55a5d98ab5278e2c94c77b17494d037ff145eec0fbabd71508e0c5114d1f61aba11d8f067aac2f11115a314b98106f4f32568dd3533c8ae9dd07d9a66a67661748e78923c7e2a05ab221654243ebdf8868e9418dee7b1ddf7d42d0b75b5e6408a9ec7e7757dde1a903520ceaeda3912200e9c085e666d573511d0fbdf61be4113cbdc471b2c1c4fee8048652e001fd31eba9343259b1c9272cda4d06d6ef77f9c5d4109b6f3f5286eb7e5477da749919723b5860adf60c1570cd4bdebbdd2a1bec19bba906f6fa17b48310e273e7d75d1313584c9677972ac2a160757a49279b2d7b89ba2d3f9c5f98e3f6bc48342e81f9a029b1fcaa3751d610ee171b8d3244d9f31015e4dd4eba13247aeb2b6d32dcf0274c6f4944659934097beecc3b747d2405e5dbba02fdb562e7df77e707ccccee4763ae44747e53bcd442e9110206aebda3f5fc33fd7fac709ae830d9b6bcbbf391a9f947d9ece9ce02badfb86453cb3ed7498fcbcc7d7a99714a50f11bad6534d884914483dc41839e8f482c8cb7f00399fcf14eb9f9bb37f93e3e939c96ebab444bb02afdcb62fe34ba2b914f7442899eee316f2927a654196e8d8edc472b9eb58cf26a9b6f816e779c137fe3f7d3b88dc1d6ad01cb36564f4602d8282dafd903d25615d0ef2f8978e235b276d8836798c223617aeba17595f345e3ab72a3539f4c96d6d3d97b7a871b9722f05545855511070210058b979a9d41e437309d2d02d9048d14a2bc83efe3059ccb13267cb52c9d52d05180f6867acc6a6189fb2863742187737c5efec24314ec28b169ee7fb0b34e51ef07623322585c4c0ea33affe5e6a67d1cd519d43463faedc61261cc1c5e21d50581b1491a042cbce445112c98453ba2e1855b5f82977053c74e83c3dfff3d7395ee9cb5ea28589cdbea47906d502ed9a3d7c3119fa9a6f9b4dfd235681393cb587d846477fe1671d8dc2bcb2cddad8c09a4e924d0c9ecf2e5f0181c2ce3d04c4572d37a6289b71105f8bc7913a73c83741c54660d3d1ebd3a6a6d9d748417daced8340fcac337afa8c32d9ccb1cd42aa2187cc29cc9345ba43877633bbbd52959c5facefef60cbc09c881deb5befd0f267559e379581f0e521db7e8acdffb872b563f94d156ed7428263ad501c314e9fa132157fbf41691fdb677b21da16123d31442f47f8c491aa9aa0a1730ac5e86a2c518514b3de58f91e8974b14cac4f4382ff993c05fd02dcab639ae3c66a3866e3a8a2c38e640a139094bf60852473858436c3ad66a9f3c20b596e7722373bbc752c2de9efb2a5e4a988d3c8da04ead861471ab42795f63b5a8707b2eafec80b526803f432f636a3c16b4755bf7a92a07a2153475c2e5995819c99dad7067ad8ec81163c28e156e010892b96a6261363eac1593a5a0d9b5a8e6aeb94e9f82e33dcd0cee3a5b12abf132621bce3a46fcd1f631ea4f2ba57c8743ed0456a65645aac83c96e27dd9048fc25642b462bfc8457dc59fe551814cbe2c20893ec1b0ebb7b5ce21c983ccc5f890bffcf8633d008b6fa9149cdfa088355156c348f4753a9f4d9b5d8ca27c9f602fff1b1e33bd64113a60b5933074152dbeeb704fa2de66b0bb1edc995d2ae454466c664b8f36f40665c005f9a248c99d626cbf188fc6c3965606b04fc29250a60e34469ac07463c32a85e436fb48390184977223331e6a839fe8a60f3c67267516758cda5085f20166709a4370ec47b04d434cbb969a8aaf620298cbe515ace8dcdca99cebe4fc9b2a7efb8b1a2bf1584899ff0a993b050d01bdb53c4b998e947a1b17cce16bdb61c13283ec51cceb881dfd8ef97bc74fa0bb1b02b43b1d8a6da05f1ae826f29bb87d429f20998edffc4c3b69e9f0e634e49ae3d2dd040ebbb62cca940e569c7fc3ebc599e401327589252d8a19cd8ddf19083245ddd13a45c1adb4917f1e1dceff9a1b9a54985e8567e10db5da1c42e3da6a1dda0db23fc733e4a797504a290abcf04ff03387d1530b8e1b6d296078310828bdbbf90f3445801414896179b399d8d84a853c99dd3cfbb02665f3f9461729db7bd1211c8ad92298cfac3ce72856997d32a805e06a31ddafc4b1f27dd6f42c8c93a88184122550fb444b9f02cff2ce1c9dd8036b2136617ec34fcd10a6ab4e5d091cf6b6787589e585269f5846c1197eadff2e9cae4e3605f64ac7b9622001e10075b34fbc08013c935985a2a5"})
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, &(0x7f0000000200)={0x2, 0x4e24, @multicast1}, 0x10)
sendmmsg(r7, &(0x7f0000000d40)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000140)='\x00', 0x1}], 0x1}}], 0x1, 0x2c000011)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
read$FUSE(r9, &(0x7f000000ac40)={0x2020, 0x0, 0x0, <r10=>0x0}, 0x2020)
setreuid(0x0, r10)
fsetxattr$security_capability(r8, &(0x7f0000000000), &(0x7f0000000040)=@v3={0x3000000, [{0x40a, 0xd9}, {0x3ff, 0x45bf351}], r10}, 0x18, 0x3)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x2004810)
r11 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_G_PRIORITY(r11, 0x80045643, 0x3)
ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, &(0x7f0000000080))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r12=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'lo\x00', <r13=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r13, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0xe, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_PBURST={0x8, 0x7, 0x1bfc}]}}]}, 0x60}}, 0x44080)

3.011651776s ago: executing program 4 (id=3171):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000001c0))
r2 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0x5, &(0x7f0000000100)={0xb196, 0x7fffffffffffffff}, 0x0)
syz_open_dev$swradio(&(0x7f0000001e40), 0x1, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = open(&(0x7f0000000280)='./bus\x00', 0x15503e, 0x0)
r4 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe)
ftruncate(r4, 0x2008002)
sendfile(r3, r4, 0x0, 0x80000001)
ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000ff1000/0xc000)=nil, &(0x7f0000ff9000/0x2000)=nil, 0xc000, 0x3})
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r5 = socket$kcm(0x2, 0x1, 0x0)
getsockopt$sock_buf(r5, 0x1, 0x30, 0x0, &(0x7f0000000040))
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYRES16=r4], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000060000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000d8ffffffb702000008000000b7030000000080008500000006000000b7080000ff000000dbaaf8fff1000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
request_key(0x0, &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='y\xa9n::e\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00', 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r8}, 0xc)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x42, &(0x7f00000000c0), 0x4)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000100)={0x0, 0x2}, 0x8)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x1ac8, 0x4000, 0x9, 0x9, 0x5a188fc, 0x8})
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094)
bind$alg(r2, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(aes-aesni)\x00'}, 0x58)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000640)=0x10)
bind$rxrpc(r0, &(0x7f0000000340)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x0, @rand_addr=0x64010101}}, 0x24)

2.717811931s ago: executing program 0 (id=3172):
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir_off}, {@redirect_dir_off}, {@nfs_export_off}]})

2.58439777s ago: executing program 0 (id=3174):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000005080000024d564b"])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x200)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = io_uring_setup(0xad5, &(0x7f0000000040)={0x0, 0xfffffffc})
close(r2)
clock_nanosleep(0x2, 0x1, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0x0, 0xd}, {0x1c, 0xc}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x4}]}]}]}}]}, 0x4c}}, 0x0)
ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000040))
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="0100000002", 0x5, 0xffffffffffffffff)
r3 = timerfd_create(0x0, 0x0)
timerfd_settime(r3, 0x3, &(0x7f0000000440), 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f0000000040)={0xd4e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1000000020})
r7 = request_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='rxrpc\x00', 0xfffffffffffffff9)
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f00000000c0)={r7, 0x9f, 0x89}, &(0x7f0000000140)={'enc=', 'oaep', ' hash=', {'sha1-ni\x00'}}, &(0x7f00000001c0)="8169655ea9355dec91f0f8e96e19ad9a7d37d4ccb7688939f77672b4224f9d38f37aa3cd9010e7f2dbea5f2415ef7336e266b624ec0c9a822405f1a77fee0b296ef2cb53c74833c0ab12d47f8ebfad0de89a81d14860bfe725fc1f7b6e3a6a605c8f3c186a8d523078ee3416db346d1ae212999456bf0a1f2f4a80702f1d6fb10cadb54724af32667ef9c20b15fb0a8406774c982525b4fe23b557b9a797d5", &(0x7f00000002c0)=""/137)

1.971287323s ago: executing program 2 (id=3175):
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000780)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x701602, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r3 = syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x567, 0x0, 0x0, 0x0, 0x0)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r6, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
write$binfmt_script(r6, 0x0, 0x0)
sendto$netrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0)

1.950674965s ago: executing program 3 (id=3176):
socket$packet(0x11, 0xa, 0x300)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
pipe(&(0x7f00000007c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4)
bind$rose(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x43}, 0xd8)
bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000040)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELRULE={0x74, 0x8, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_USERDATA={0x2e, 0x7, 0x1, 0x0, "82b17d1146372ef1234d5300de4dc5b63d95132a28f64630d4a3a02703b7ca6fde3909f78590b9a44b76"}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x9c}, 0x1, 0x0, 0x0, 0x20000090}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x17, 0x0, &(0x7f0000000440))
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r2, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10)
splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0)

1.430421108s ago: executing program 0 (id=3177):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000004004500000000000000000020", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010065727370616e0000040002800a0001000000000000000000"], 0x40}}, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000971bac5544ad77590779467f", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}, 0x1, 0x0, 0x0, 0xc0}, 0x4001)
write$uinput_user_dev(r0, &(0x7f0000000440)={'syz0\x00', {0x1, 0x101, 0xdfa9, 0x4}, 0x5, [0x3ff, 0x6, 0x1ff, 0xfffffffd, 0xb2, 0x4, 0x9, 0x5, 0x8, 0x5, 0x4, 0x1, 0x7fffffff, 0x2, 0x7, 0x8, 0x5, 0x8, 0x1, 0x8, 0x3e9, 0x6, 0x5, 0x2, 0x3, 0x5, 0x7, 0x35ed, 0x7, 0xfd1d, 0x2, 0x7, 0x74b, 0x6, 0x8, 0x9e81, 0x10, 0x3, 0x2, 0x6, 0x6, 0xd, 0x1, 0x2, 0x1, 0x6, 0x9, 0xee6, 0x5, 0x9, 0x1, 0xf5, 0x7, 0x3, 0x6, 0x8001, 0x0, 0x8000, 0x5, 0x1, 0x80000, 0xd, 0xdfc3, 0xfffffff9], [0x7, 0xa418, 0x6, 0xe8, 0xa, 0x7, 0x5, 0x7, 0x9, 0x200, 0xf, 0x0, 0x7, 0x800, 0xfffffff9, 0x4, 0x0, 0x1, 0x0, 0x0, 0x5, 0xfffffffb, 0x10200, 0x2, 0x7fff, 0x40, 0x0, 0x1, 0x1ff, 0xb2, 0x75, 0x9, 0x3ff, 0xda, 0x9, 0x5, 0x0, 0x1, 0x7fffffff, 0x6c, 0x1000, 0xba, 0xffffff08, 0x7, 0x5a9c, 0x9, 0x5, 0x0, 0x1, 0x8, 0x9, 0x3, 0xf, 0x0, 0x5a, 0x400, 0xffff, 0x0, 0x7, 0x2, 0x6, 0x5, 0x10000, 0x3], [0x6, 0x8, 0x4, 0x2b6, 0x452c, 0xffff, 0x8, 0x0, 0xc, 0x1, 0x401, 0x167, 0x9, 0xffff, 0x2, 0x0, 0x3, 0xaa6, 0x401, 0x101, 0x1, 0xd, 0x9, 0x7, 0x5, 0x9c9, 0x9, 0x3, 0x0, 0x6, 0x14, 0x3, 0x1, 0x9, 0x8, 0x1, 0x2, 0x3, 0x7, 0xfe000000, 0x5, 0x4, 0x7, 0x4, 0x0, 0x2, 0x5, 0x2, 0x5, 0x0, 0xe, 0x7, 0xfffffff9, 0x3, 0x0, 0x4, 0x7, 0x2, 0xd9c1, 0x3, 0x6, 0x9, 0x9, 0x1], [0x3, 0x4, 0x4, 0x8, 0xc, 0x1, 0x4, 0x7, 0x9, 0xffff, 0x1, 0x163, 0x9516, 0x4, 0x0, 0x2, 0x80000000, 0x200, 0xffff, 0x401, 0x10000, 0x7, 0xa7, 0x7, 0x3, 0xf72c, 0xc112, 0xff, 0xfff, 0x2, 0x0, 0xfffffff7, 0x1, 0x7ff, 0x5, 0x3, 0x9, 0x2, 0xad, 0x7fffffff, 0x4, 0x9, 0x800, 0x75da, 0x6, 0x4, 0x7, 0x3, 0x1000, 0x0, 0x0, 0xffffff19, 0x0, 0x200, 0x6, 0x4, 0x8, 0x6, 0x400, 0x400, 0x9, 0x1, 0x4, 0x8001]}, 0x45c)

1.2012857s ago: executing program 0 (id=3178):
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000080)=@attr_other={0x0, 0x9, 0x7fffffff, &(0x7f0000000040)=0x6})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000040)=ANY=[], 0x0)
ioctl$SNAPSHOT_FREE(r1, 0x3305)
r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r3, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000540)=ANY=[@ANYBLOB="611230000000000061135e0000000000bf2000000000000015000600071b48013d030100000000009500000000000000bc26000000000000bf6700000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
accept4(r6, 0x0, 0x0, 0x80000)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20"], 0xd6)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000100))
writev(r2, &(0x7f0000000980)=[{&(0x7f0000000140)='4;.', 0x3}, {&(0x7f00000009c0)="ebd7b10dfb", 0x5}], 0x2)
unshare(0x4000400)

1.093878455s ago: executing program 3 (id=3179):
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r0, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x38}, 0x2, 0x48}, 0x0)

1.014472037s ago: executing program 2 (id=3180):
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x14, 0x0, 0x30b}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x4000040)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
socket(0x10, 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
close(0x3)
write$bt_hci(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x138)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn,'])
rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
timer_create(0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="03040000b500000000000000feefffff"], 0xc8)

675.477504ms ago: executing program 3 (id=3181):
r0 = memfd_create(&(0x7f0000000900)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g\xf3\xc3`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xa)
ftruncate(r0, 0x2000000)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000070000000100010009000000010000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
open_tree(0xffffffffffffffff, &(0x7f0000000600)='./file0\x00', 0x1100)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0xff7f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PROTECT={0x5, 0x8, 0x8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x6811}, 0x2400c810)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x10, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
socketpair(0x25, 0x1, 0x0, &(0x7f0000000000))
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x488001)

492.520349ms ago: executing program 3 (id=3182):
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c)
listen(r0, 0x7)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0xfffff000, @loopback, 0x3}, 0x1c)

296.890616ms ago: executing program 3 (id=3183):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x30, 0x3d, 0x107, 0x7000000, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x8}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x5, 0x17, 0x0, 0x0, @str='\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4010}, 0xc000)

229.505099ms ago: executing program 4 (id=3184):
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0xa4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@redirect_dir_off}, {@redirect_dir_off}, {@nfs_export_off}]})

133.749434ms ago: executing program 3 (id=3185):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x20, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x22, 0xfffffdba, &(0x7f0000000680)="f6f4e9a100542400000000e152e72d1c615b24007024b2c9ee4a79f84834c5920e1cf2df0c00000020000000e1813e7545384ffad312370bb5b0feb68b82ec6458c7ff5f85fea55c5006cf4a09bc48aae48667726cde16fc703a0deb588db42501f72e6274051d7a86dd9a6d9c141e190507d8c051939a9bcb21fd26a9b213c4fd86f0246726de2d8e67f4afd963c86f27955baf06a8e1cfe3117516c2eaf21e28469d8e406e589b876214d84c71e875df857197315af7ff6d05ea0ed80048591a67ea4129e0a0f6ecd4e7ff6c279230debdb354efe4fdc7a2da1580d94b05feae5a006098bb8a8914a71e4a2ad6", 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000080)="0102", 0x0, 0x2}, 0x50)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2b6fd8cee213c494, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil)
msync(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000180)={@local}, &(0x7f0000000340)=0x14)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x3cc, 0xffffffff, 0x0, 0x0, 0xe4, 0xfeffffff, 0xffffffff, 0x390, 0x390, 0x390, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa4, 0xe4}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xec, 0x12c, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0xd0, 0xf4, 0x0, {}, [@common=@unspec=@realm={{0x2c}, {0x1, 0xdd8}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x428)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r5 = epoll_create1(0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/76, 0x0, 0xeeef0000})
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000001700)={0x2, 0x0, [{0x8080000, 0x5e, &(0x7f0000001680)=""/94}, {0x0, 0xc1, &(0x7f0000000580)=""/193}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040))
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0xd, 0x1, 0x1, 0x0, 0x19ef, 0xb, 0x19ec, 0x3, 0x6, 0x21ff, 0x2800, 0x2, 0x4, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})
pipe2(&(0x7f0000001cc0), 0x800)

88.926393ms ago: executing program 4 (id=3186):
syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000005d0d3087d07aa04d85b0102030109021b000f000000000904000001dbcc7a000905", @ANYRES32], 0x0) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0xffffffff, 0xffffffff, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf2, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x1, 0x3, 0x1, 0x1, 0x3, {0x9, 0x21, 0x4e, 0x6, 0x1, {0x22, 0x600}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x7, 0xf, 0xcc}}}}}]}}]}}, &(0x7f0000000200)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x5, 0x0, 0x6, 0x20, 0x3}, 0x44, &(0x7f0000000080)={0x5, 0xf, 0x44, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0xd, 0x1, 0xa}, @ssp_cap={0x20, 0x10, 0xa, 0x7, 0x5, 0x6, 0xf, 0x2, [0x1f80, 0xc000, 0x3f, 0xc0, 0xc0]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x8, 0xe, 0x7ff, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0xfc, 0xa7, 0x1}, @ptm_cap={0x3}]}, 0x1, [{0xd2, &(0x7f0000000100)=@string={0xd2, 0x3, "f2ca9bdf90f3311fa9d51218e41429fba3c156499ba0abf4ecdb3406e0b946b6273a475ad0b09fd2314907281f00245d5995af6c933fab717ecc19d3dbf2708e5c49351617c5bc1524bbc5a87b5c6ec0a2b5ed4725b9f89dc6a6dbf7e02ea62b514c2a3aa7d69883a2ba9b8fcf05fee32d1f20038be1ccfe7d232912ce0902d746a94c3aaea62b051493e7342d1f2dd5e8021f8d651ad6df4eff6db877cebea988292fc51d99c293e049c226c6036a3036fc54a2670280f4f82c6e8752fb4e4341a4b9a197698d8451218e05946bf35c"}}]})

10.472277ms ago: executing program 1 (id=2806):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x300048c1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r2, 0x4)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
socket$can_j1939(0x1d, 0x2, 0x7)

0s ago: executing program 2 (id=3187):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket(0xa, 0x4, 0x1000000)
getsockopt(r2, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000))
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc)
getsockopt$inet_buf(r3, 0x0, 0x29, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, <r4=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000001c0)=r0}, 0x20)
mkdir(&(0x7f0000000400)='./file1\x00', 0x8)
mkdir(&(0x7f0000000040)='./file0\x00', 0x1a2)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r5, 0x0, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x400100, 0x0)
dup3(r6, r4, 0x80000)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r8, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r9 = dup(r8)
write$FUSE_BMAP(r9, &(0x7f0000000200)={0x18, 0xfffffffffffffff5, 0x0, {0x8}}, 0x18)
write$FUSE_DIRENTPLUS(r9, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937810095e9ec68ba339b8fd15e58983b3da942"], 0xb0)
write$FUSE_DIRENTPLUS(r9, &(0x7f0000000280)=ANY=[@ANYBLOB="10"], 0x10)
getresuid(&(0x7f0000000000), &(0x7f0000000480), &(0x7f00000004c0)=<r10=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r9, @ANYBLOB=',privport,access=', @ANYRESDEC=r10])
mount$overlay(0x0, &(0x7f0000000080)='./bus\x00', &(0x7f0000000340), 0x80008, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x20, &(0x7f0000000600)=ANY=[@ANYBLOB="181100003f0219345541536e0e3827e7f87bfb81c171ed8e086ff49d6d597d2b138e31bc23cb1017720d65d753732b2787fcd4efb6825b7a250af0303138b391c5b8061e8d10c8201ab69166242ad806a50ecdc949c9ddb35361318298c6258473a2614a4ed0f7dd658eca070d20901b69df3623b766cce69dc0cf805dff69b24f087007abef83919880506e474deb6fc1e9affe248350c5fd680743c548a81a6ae3450b81e3502f83a13cfd59edde838f586fdd70b26d49ab41071ac4510013139064ae6ed12b5b7e3b64266bafc7b648c75b82b07052d0344db3fee2e4", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000070000008500000006000000184a000006000000000000000000000018670000000000000000000008000000185100000700000000000000000000002bb104000400000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005f3800008500000006000000"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)

kernel console output (not intermixed with test programs):

ct_r:autofs_t tclass=filesystem permissive=1
[ 1119.075485][T16972] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1119.091852][T16972] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1119.101513][T16972] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1119.119332][   T30] audit: type=1400 audit(1742326270.641:1839): avc:  denied  { read write } for  pid=17070 comm="syz.0.2955" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1119.143090][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1119.152149][   T30] audit: type=1400 audit(1742326270.681:1840): avc:  denied  { open } for  pid=17070 comm="syz.0.2955" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1119.175584][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1119.927178][   T52] usb 5-1: USB disconnect, device number 69
[ 1120.029851][T16972] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1120.256463][T17079] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1120.294080][T16972] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1120.845103][T16972] 8021q: adding VLAN 0 to HW filter on device team0
[ 1120.857597][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1120.864730][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1120.921025][T12717] Bluetooth: hci4: command tx timeout
[ 1121.030644][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1121.038151][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1121.087775][T17092] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1121.101929][T16972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1121.199259][T17095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2961'.
[ 1121.696304][T17103] sg_write: data in/out 215/14 bytes for SCSI command 0x0-- guessing data in;
[ 1121.696304][T17103]    program syz.2.2962 not setting count and/or reply_len properly
[ 1122.263376][T16972] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1122.291980][T16972] veth0_vlan: entered promiscuous mode
[ 1122.321427][T16972] veth1_vlan: entered promiscuous mode
[ 1122.347679][T16972] veth0_macvtap: entered promiscuous mode
[ 1122.357692][T16972] veth1_macvtap: entered promiscuous mode
[ 1122.441465][T16972] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1122.462456][T16972] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1122.492581][T16972] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1122.511918][T16972] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1122.521875][T16972] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1122.535748][T16972] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1122.641465][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1122.641478][   T30] audit: type=1400 audit(1742326274.171:1849): avc:  denied  { create } for  pid=17100 comm="syz.3.2963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1122.689502][T11558] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 1122.727293][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1122.735416][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1122.783559][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1122.794081][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1122.842122][   T30] audit: type=1400 audit(1742326274.371:1850): avc:  denied  { mounton } for  pid=16972 comm="syz-executor" path="/root/syzkaller.htEfbO/syz-tmp" dev="sda1" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 1122.867960][   T30] audit: type=1400 audit(1742326274.371:1851): avc:  denied  { mount } for  pid=16972 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1122.893084][   T30] audit: type=1400 audit(1742326274.371:1852): avc:  denied  { mounton } for  pid=16972 comm="syz-executor" path="/root/syzkaller.htEfbO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1122.921762][T11558] usb 1-1: config 0 has no interfaces?
[ 1122.927236][T11558] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1122.936455][T11558] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.946332][T11558] usb 1-1: config 0 descriptor??
[ 1122.953689][   T30] audit: type=1400 audit(1742326274.371:1853): avc:  denied  { mounton } for  pid=16972 comm="syz-executor" path="/root/syzkaller.htEfbO/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=50109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1122.982771][   T30] audit: type=1400 audit(1742326274.371:1854): avc:  denied  { unmount } for  pid=16972 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1123.058585][   T30] audit: type=1400 audit(1742326274.401:1855): avc:  denied  { mounton } for  pid=16972 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1123.165291][   T30] audit: type=1400 audit(1742326274.421:1856): avc:  denied  { mounton } for  pid=16972 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 1124.014543][   T30] audit: type=1400 audit(1742326274.421:1857): avc:  denied  { mount } for  pid=16972 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1124.509876][T17127] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1124.662030][   T52] usb 1-1: USB disconnect, device number 49
[ 1125.757990][T17138] FAULT_INJECTION: forcing a failure.
[ 1125.757990][T17138] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1125.866635][T17138] CPU: 1 UID: 0 PID: 17138 Comm: syz.2.2972 Not tainted 6.14.0-rc7-syzkaller-00050-gfc444ada1310 #0
[ 1125.866661][T17138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1125.866672][T17138] Call Trace:
[ 1125.866677][T17138]  <TASK>
[ 1125.866684][T17138]  dump_stack_lvl+0x16c/0x1f0
[ 1125.866712][T17138]  should_fail_ex+0x50a/0x650
[ 1125.866742][T17138]  _copy_from_user+0x2e/0xd0
[ 1125.866760][T17138]  copy_from_sockptr_offset+0x164/0x1a0
[ 1125.866785][T17138]  ? __might_fault+0xe3/0x190
[ 1125.866805][T17138]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[ 1125.866838][T17138]  do_ipt_set_ctl+0x5ed/0xbe0
[ 1125.866863][T17138]  ? __mutex_lock+0x1cc/0xb10
[ 1125.866888][T17138]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[ 1125.866912][T17138]  ? __mutex_unlock_slowpath+0x164/0x6a0
[ 1125.866936][T17138]  ? sockopt_release_sock+0x52/0x60
[ 1125.866964][T17138]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1125.866998][T17138]  ? nf_sockopt_find.constprop.0+0x221/0x290
[ 1125.867026][T17138]  nf_setsockopt+0x8a/0xf0
[ 1125.867051][T17138]  ip_setsockopt+0xcb/0xf0
[ 1125.867080][T17138]  udp_setsockopt+0x7d/0xd0
[ 1125.867105][T17138]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1125.867124][T17138]  do_sock_setsockopt+0x222/0x480
[ 1125.867142][T17138]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1125.867161][T17138]  ? lock_acquire+0x2f/0xb0
[ 1125.867196][T17138]  __sys_setsockopt+0x1a0/0x230
[ 1125.867225][T17138]  __x64_sys_setsockopt+0xbd/0x160
[ 1125.867247][T17138]  ? do_syscall_64+0x91/0x250
[ 1125.867269][T17138]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1125.867290][T17138]  do_syscall_64+0xcd/0x250
[ 1125.867312][T17138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1125.867337][T17138] RIP: 0033:0x7febbc58d169
[ 1125.867350][T17138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1125.867364][T17138] RSP: 002b:00007febbd353038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1125.867379][T17138] RAX: ffffffffffffffda RBX: 00007febbc7a6080 RCX: 00007febbc58d169
[ 1125.867390][T17138] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[ 1125.867398][T17138] RBP: 00007febbd353090 R08: 0000000000000360 R09: 0000000000000000
[ 1125.867407][T17138] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1125.867416][T17138] R13: 0000000000000000 R14: 00007febbc7a6080 R15: 00007ffc4e8d3b38
[ 1125.867435][T17138]  </TASK>
[ 1126.280763][   T30] audit: type=1400 audit(1742326277.791:1858): avc:  denied  { create } for  pid=17134 comm="syz.4.2971" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1126.960993][T17149] xt_policy: neither incoming nor outgoing policy selected
[ 1127.152520][ T6398] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1127.540598][ T5134] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1127.552500][ T5134] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1127.562400][ T5134] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1127.572515][ T5134] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1127.594089][ T5134] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1127.609623][ T5134] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1127.620821][ T6398] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1128.217199][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1128.217213][   T30] audit: type=1400 audit(1742326279.751:1860): avc:  denied  { read write } for  pid=17156 comm="syz.3.2978" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1128.256646][ T6398] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1128.274175][T17169] ubi: mtd0 is already attached to ubi31
[ 1128.286562][   T30] audit: type=1400 audit(1742326279.751:1861): avc:  denied  { open } for  pid=17156 comm="syz.3.2978" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1128.315288][   T30] audit: type=1400 audit(1742326279.751:1862): avc:  denied  { ioctl } for  pid=17156 comm="syz.3.2978" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1128.341744][   T30] audit: type=1400 audit(1742326279.761:1863): avc:  denied  { create } for  pid=17166 comm="syz.0.2980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1128.416410][ T6398] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1128.444474][T17151] chnl_net:caif_netlink_parms(): no params data found
[ 1128.464719][   T30] audit: type=1400 audit(1742326279.991:1864): avc:  denied  { relabelfrom } for  pid=17171 comm="syz.4.2981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1128.515841][   T30] audit: type=1400 audit(1742326279.991:1865): avc:  denied  { relabelto } for  pid=17171 comm="syz.4.2981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[ 1128.542816][ T5134] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1128.562163][ T5134] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1128.571561][ T5134] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1128.578962][  T974] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 1128.590579][ T5134] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1128.605077][ T5134] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1128.607420][   T30] audit: type=1400 audit(1742326280.121:1866): avc:  denied  { create } for  pid=17180 comm="syz.3.2982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1128.634232][ T5134] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1128.634434][   T30] audit: type=1400 audit(1742326280.121:1867): avc:  denied  { getopt } for  pid=17180 comm="syz.3.2982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1128.694890][T17151] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1128.710055][T17151] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1128.719304][T17151] bridge_slave_0: entered allmulticast mode
[ 1128.738329][T17151] bridge_slave_0: entered promiscuous mode
[ 1128.776888][  T974] usb 1-1: config 0 has no interfaces?
[ 1128.784600][T17151] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1128.795348][  T974] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1128.811158][T17151] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1128.818784][T17151] bridge_slave_1: entered allmulticast mode
[ 1128.826706][T17151] bridge_slave_1: entered promiscuous mode
[ 1128.832155][  T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1128.834689][ T6398] bridge_slave_1: left allmulticast mode
[ 1128.846169][  T974] usb 1-1: config 0 descriptor??
[ 1128.846863][   T30] audit: type=1400 audit(1742326280.371:1868): avc:  denied  { ioctl } for  pid=17183 comm="syz.4.2983" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1128.852850][ T6398] bridge_slave_1: left promiscuous mode
[ 1128.883204][ T6398] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1128.892707][ T6398] bridge_slave_0: left allmulticast mode
[ 1128.898378][ T6398] bridge_slave_0: left promiscuous mode
[ 1128.905838][ T6398] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1128.923160][T17184] kvm: pic: non byte write
[ 1129.105594][T17167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.114799][T17167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1129.146312][T17167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.173008][T17167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1129.213266][  T974] usb 1-1: USB disconnect, device number 50
[ 1129.417778][ T6398] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1129.429888][ T6398] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1129.480776][ T6398] bond0 (unregistering): Released all slaves
[ 1129.542524][T17151] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1129.563644][T17151] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1129.664916][T17151] team0: Port device team_slave_0 added
[ 1129.670690][  T974] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 1129.684683][T17151] team0: Port device team_slave_1 added
[ 1129.709436][T17151] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1129.716521][T17151] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1129.745520][T11578] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1129.745849][ T5134] Bluetooth: hci2: command tx timeout
[ 1129.755646][T17151] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1129.806924][T17151] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1129.813951][T17151] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1129.841394][T17151] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1129.860728][  T974] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1129.872655][  T974] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40
[ 1129.887625][  T974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1129.895717][  T974] usb 1-1: Product: syz
[ 1129.909193][  T974] usb 1-1: Manufacturer: syz
[ 1129.913931][  T974] usb 1-1: SerialNumber: syz
[ 1129.923104][ T6398] hsr_slave_0: left promiscuous mode
[ 1129.929512][T11578] usb 5-1: Using ep0 maxpacket: 8
[ 1129.936109][T11578] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1129.942417][ T6398] hsr_slave_1: left promiscuous mode
[ 1129.947225][T11578] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[ 1129.961006][T11578] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[ 1129.961496][ T6398] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1129.969197][T11578] usb 5-1: SerialNumber: syz
[ 1129.984422][ T6398] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1129.990315][T11578] usb 5-1: config 0 descriptor??
[ 1129.997345][ T6398] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1129.998915][T11578] usb 5-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[ 1130.006272][ T6398] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1130.014347][T11578] usb 5-1: Failed to create links for entity 255
[ 1130.026178][T11578] usb 5-1: Failed to register entities (-22).
[ 1130.058985][ T6398] veth1_macvtap: left promiscuous mode
[ 1130.066818][ T6398] veth0_macvtap: left promiscuous mode
[ 1130.072489][ T6398] veth1_vlan: left promiscuous mode
[ 1130.078058][ T6398] veth0_vlan: left promiscuous mode
[ 1130.134403][   T30] audit: type=1400 audit(1742326281.661:1869): avc:  denied  { listen } for  pid=17166 comm="syz.0.2980" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1130.160110][  T974] usb 1-1: selecting invalid altsetting 1
[ 1130.175306][  T974] cdc_ncm 1-1:1.0: bind() failure
[ 1130.187569][  T974] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1130.412793][T15608] usb 5-1: USB disconnect, device number 70
[ 1130.769533][ T5134] Bluetooth: hci4: command tx timeout
[ 1130.929567][  T974] snd-usb-audio 1-1:1.1: probe with driver snd-usb-audio failed with error -22
[ 1130.957010][  T974] usb 1-1: USB disconnect, device number 51
[ 1131.264017][T17205] xt_policy: neither incoming nor outgoing policy selected
[ 1131.355121][T17209] xt_hashlimit: size too large, truncated to 1048576
[ 1131.437462][T17210] xt_hashlimit: size too large, truncated to 1048576
[ 1131.567604][T17213] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[ 1131.694695][T17207] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2988'.
[ 1131.803137][ T5134] Bluetooth: hci2: command tx timeout
[ 1131.905363][ T6398] team0 (unregistering): Port device team_slave_1 removed
[ 1131.947882][ T6398] team0 (unregistering): Port device team_slave_0 removed
[ 1132.043867][T15608] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[ 1132.239036][T15608] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1132.250954][T15608] usb 1-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[ 1132.270233][T15608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1132.288249][T15608] usb 1-1: config 0 descriptor??
[ 1132.419562][T17174] chnl_net:caif_netlink_parms(): no params data found
[ 1132.444946][T17151] hsr_slave_0: entered promiscuous mode
[ 1132.460189][T17151] hsr_slave_1: entered promiscuous mode
[ 1132.467383][T17151] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1132.499979][T17151] Cannot create hsr debugfs directory
[ 1132.540549][T17213] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1132.739874][  T974] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1132.774175][   T10] IPVS: starting estimator thread 0...
[ 1132.841413][ T5134] Bluetooth: hci4: command tx timeout
[ 1132.989749][  T974] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1133.024306][T17232] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1133.085820][  T974] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1133.113264][  T974] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1133.118500][T15608] usbhid 1-1:0.0: can't add hid device: -71
[ 1133.129141][  T974] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1133.141581][  T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1133.149642][  T974] usb 5-1: Product: syz
[ 1133.161326][T17174] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1133.168587][T17174] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1133.175753][T15608] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1133.177514][T15608] usb 1-1: USB disconnect, device number 52
[ 1133.189804][  T974] usb 5-1: Manufacturer: syz
[ 1133.189823][  T974] usb 5-1: SerialNumber: syz
[ 1133.204454][T17174] bridge_slave_0: entered allmulticast mode
[ 1133.211566][T17174] bridge_slave_0: entered promiscuous mode
[ 1133.226622][T17174] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1133.241277][T17174] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1133.248492][T17174] bridge_slave_1: entered allmulticast mode
[ 1133.256169][T17174] bridge_slave_1: entered promiscuous mode
[ 1133.313658][T17151] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.361101][T17174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1133.400629][T17151] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.422289][T17174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1133.452599][T17151] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.485056][T17174] team0: Port device team_slave_0 added
[ 1133.496639][T17174] team0: Port device team_slave_1 added
[ 1133.526378][T17151] bridge0: port 4(netdevsim0) entered disabled state
[ 1133.548574][T17151] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode
[ 1133.557651][T17151] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode
[ 1133.566694][T17151] bridge0: port 4(netdevsim0) entered disabled state
[ 1133.581599][T17151] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.613302][T17174] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1133.624108][T17174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.651223][T17174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1133.666967][T17174] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1133.689797][T17174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1133.716688][T17174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1133.794278][ T6398] team0: left allmulticast mode
[ 1133.804222][ T6398] team_slave_0: left allmulticast mode
[ 1133.810105][ T6398] team_slave_1: left allmulticast mode
[ 1133.815891][ T6398] bridge0: port 3(team0) entered disabled state
[ 1133.824636][ T6398] bridge_slave_1: left allmulticast mode
[ 1133.830458][ T6398] bridge_slave_1: left promiscuous mode
[ 1133.836181][ T6398] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1133.845949][ T6398] bridge_slave_0: left allmulticast mode
[ 1133.851719][ T6398] bridge_slave_0: left promiscuous mode
[ 1133.857510][ T6398] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1133.920522][ T5134] Bluetooth: hci2: command tx timeout
[ 1134.409628][   T30] kauditd_printk_skb: 14 callbacks suppressed
[ 1134.409662][   T30] audit: type=1400 audit(1742326285.851:1884): avc:  denied  { write } for  pid=17224 comm="syz.4.2992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1134.919843][ T5134] Bluetooth: hci4: command tx timeout
[ 1135.019103][   T30] audit: type=1400 audit(1742326286.541:1885): avc:  denied  { write } for  pid=17251 comm="syz.0.2998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1135.095040][   T30] audit: type=1400 audit(1742326286.541:1886): avc:  denied  { nlmsg_write } for  pid=17251 comm="syz.0.2998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1135.204311][ T6398] bond0 (unregistering): Released all slaves
[ 1135.239704][T17174] hsr_slave_0: entered promiscuous mode
[ 1135.257929][T17174] hsr_slave_1: entered promiscuous mode
[ 1135.284948][T17174] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1135.301758][T17174] Cannot create hsr debugfs directory
[ 1135.319436][  T974] cdc_mbim 5-1:1.0: bind() failure
[ 1135.357262][  T974] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[ 1135.377437][T17253] bridge0: port 3(syz_tun) entered blocking state
[ 1135.385836][  T974] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[ 1135.398402][  T974] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[ 1135.408910][  T974] usb 5-1: USB disconnect, device number 71
[ 1135.411487][T17253] bridge0: port 3(syz_tun) entered disabled state
[ 1135.479646][T17253] syz_tun: entered allmulticast mode
[ 1135.496721][T17253] syz_tun: entered promiscuous mode
[ 1135.530943][T17253] bridge0: port 3(syz_tun) entered blocking state
[ 1135.537777][T17253] bridge0: port 3(syz_tun) entered forwarding state
[ 1135.693465][T17151] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1135.774243][T17151] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1135.806493][T17151] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1135.816196][T17151] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1135.844947][ T6398] hsr_slave_0: left promiscuous mode
[ 1135.881832][ T6398] hsr_slave_1: left promiscuous mode
[ 1135.912874][ T6398] veth1_macvtap: left promiscuous mode
[ 1135.928618][ T6398] veth0_macvtap: left promiscuous mode
[ 1135.938812][ T6398] veth0_vlan: left promiscuous mode
[ 1135.939266][   T30] audit: type=1400 audit(1742326287.461:1887): avc:  denied  { create } for  pid=17257 comm="syz.4.2999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1135.969590][ T5134] Bluetooth: hci2: command tx timeout
[ 1136.041073][   T30] audit: type=1400 audit(1742326287.511:1888): avc:  denied  { shutdown } for  pid=17257 comm="syz.4.2999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1136.109237][   T30] audit: type=1400 audit(1742326287.511:1889): avc:  denied  { connect } for  pid=17257 comm="syz.4.2999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1136.143532][T17260] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3000'.
[ 1136.156374][   T30] audit: type=1400 audit(1742326287.511:1890): avc:  denied  { name_connect } for  pid=17257 comm="syz.4.2999" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[ 1136.181254][   T30] audit: type=1400 audit(1742326287.511:1891): avc:  denied  { setopt } for  pid=17257 comm="syz.4.2999" laddr=::ffff:172.20.20.10 lport=59530 faddr=::ffff:172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1136.207830][   T30] audit: type=1400 audit(1742326287.551:1892): avc:  denied  { write } for  pid=17257 comm="syz.4.2999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1136.681324][ T6398] team_slave_1 (unregistering): left promiscuous mode
[ 1136.695143][ T6398] team0 (unregistering): Port device team_slave_1 removed
[ 1136.725908][T17244] syz.3.2996 (17244): drop_caches: 3
[ 1136.741355][ T6398] team_slave_0 (unregistering): left promiscuous mode
[ 1136.754771][ T6398] team0 (unregistering): Port device team_slave_0 removed
[ 1137.012336][ T5134] Bluetooth: hci4: command tx timeout
[ 1137.042765][T17265] input: syz0 as /devices/virtual/input/input50
[ 1137.065212][T17265] FAULT_INJECTION: forcing a failure.
[ 1137.065212][T17265] name failslab, interval 1, probability 0, space 0, times 0
[ 1137.078038][T17265] CPU: 1 UID: 0 PID: 17265 Comm: syz.3.3001 Not tainted 6.14.0-rc7-syzkaller-00050-gfc444ada1310 #0
[ 1137.078060][T17265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1137.078071][T17265] Call Trace:
[ 1137.078076][T17265]  <TASK>
[ 1137.078083][T17265]  dump_stack_lvl+0x16c/0x1f0
[ 1137.078110][T17265]  should_fail_ex+0x50a/0x650
[ 1137.078136][T17265]  ? fs_reclaim_acquire+0xae/0x150
[ 1137.078163][T17265]  should_failslab+0xc2/0x120
[ 1137.078183][T17265]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[ 1137.078200][T17265]  ? __alloc_skb+0x2b1/0x380
[ 1137.078227][T17265]  __alloc_skb+0x2b1/0x380
[ 1137.078250][T17265]  ? __pfx___alloc_skb+0x10/0x10
[ 1137.078272][T17265]  ? rcu_is_watching+0x12/0xc0
[ 1137.078291][T17265]  ? trace_kmem_cache_alloc+0x2d/0xd0
[ 1137.078313][T17265]  ? kmem_cache_alloc_noprof+0x279/0x3d0
[ 1137.078331][T17265]  ? audit_log_start+0x2bc/0x7e0
[ 1137.078357][T17265]  audit_log_start+0x2e1/0x7e0
[ 1137.078380][T17265]  ? __pfx_audit_log_start+0x10/0x10
[ 1137.078405][T17265]  ? __pfx_lock_release+0x10/0x10
[ 1137.078431][T17265]  ? migrate_enable+0x1ef/0x260
[ 1137.078452][T17265]  ? __pfx_migrate_enable+0x10/0x10
[ 1137.078477][T17265]  audit_seccomp+0x61/0x280
[ 1137.078499][T17265]  __seccomp_filter+0x816/0xf40
[ 1137.078523][T17265]  ? __pfx___seccomp_filter+0x10/0x10
[ 1137.078555][T17265]  __secure_computing+0x26c/0x3f0
[ 1137.078576][T17265]  syscall_trace_enter+0x8b/0x260
[ 1137.078603][T17265]  do_syscall_64+0x1ee/0x250
[ 1137.078627][T17265]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.078650][T17265] RIP: 0033:0x7fca0d38d169
[ 1137.078665][T17265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1137.078680][T17265] RSP: 002b:00007fca0e292038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1137.078697][T17265] RAX: ffffffffffffffda RBX: 00007fca0d5a6160 RCX: 00007fca0d38d169
[ 1137.078708][T17265] RDX: 0000000000000000 RSI: 0000400000000380 RDI: 0000000000000004
[ 1137.078717][T17265] RBP: 00007fca0e292090 R08: 0000000000000000 R09: 0000000000000000
[ 1137.078727][T17265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1137.078736][T17265] R13: 0000000000000000 R14: 00007fca0d5a6160 R15: 00007ffcda139dd8
[ 1137.078758][T17265]  </TASK>
[ 1137.078817][T17265] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[ 1137.631027][T17269] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1137.657934][T17151] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1137.701516][T17151] 8021q: adding VLAN 0 to HW filter on device team0
[ 1137.712023][  T746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1137.719131][  T746] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1137.747728][T17151] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1137.779490][T17151] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1137.813856][  T746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1137.820965][  T746] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1138.043259][T17174] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1138.070923][T17174] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1138.094977][T17174] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1138.115030][T17174] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1138.217839][T17284] input: syz0 as /devices/virtual/input/input51
[ 1138.617744][T17285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1138.955233][T17174] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1138.985904][T17151] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1139.008755][T17290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1139.021729][T17290] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.146686][T17174] 8021q: adding VLAN 0 to HW filter on device team0
[ 1139.160901][  T746] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1139.168007][  T746] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1139.185968][  T746] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1139.193081][  T746] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1139.413130][T17290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1139.509289][T17290] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.723475][   T30] kauditd_printk_skb: 40 callbacks suppressed
[ 1139.723490][   T30] audit: type=1400 audit(1742326291.251:1932): avc:  denied  { append } for  pid=17295 comm="syz.4.3010" name="sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1139.769115][T17174] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1139.789649][T17174] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1139.873001][T17297] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3010'.
[ 1139.882177][T17297] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3010'.
[ 1139.891298][T17297] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3010'.
[ 1139.900631][   T30] audit: type=1400 audit(1742326291.391:1933): avc:  denied  { mount } for  pid=17295 comm="syz.4.3010" name="/" dev="configfs" ino=1125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1139.910131][T17151] veth0_vlan: entered promiscuous mode
[ 1139.987034][T17151] veth1_vlan: entered promiscuous mode
[ 1139.996802][   T30] audit: type=1400 audit(1742326291.401:1934): avc:  denied  { search } for  pid=17295 comm="syz.4.3010" name="/" dev="configfs" ino=1125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1140.041758][   T30] audit: type=1400 audit(1742326291.401:1935): avc:  denied  { read } for  pid=17295 comm="syz.4.3010" name="/" dev="configfs" ino=1125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1140.101620][T17151] veth0_macvtap: entered promiscuous mode
[ 1140.106025][   T30] audit: type=1400 audit(1742326291.401:1936): avc:  denied  { open } for  pid=17295 comm="syz.4.3010" path="/" dev="configfs" ino=1125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1140.131556][   T30] audit: type=1400 audit(1742326291.401:1937): avc:  denied  { create } for  pid=17295 comm="syz.4.3010" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1140.153229][   T30] audit: type=1400 audit(1742326291.461:1938): avc:  denied  { create } for  pid=17289 comm="syz.3.3008" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1140.172765][T17151] veth1_macvtap: entered promiscuous mode
[ 1140.192062][T17151] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1140.233226][T17151] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1140.280777][T17151] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.294067][T17151] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.304877][   T30] audit: type=1400 audit(1742326291.821:1939): avc:  denied  { read write } for  pid=17305 comm="syz.0.3012" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1140.306718][T17151] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.339923][T17151] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1140.364820][T17174] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1140.741175][   T30] audit: type=1400 audit(1742326291.821:1940): avc:  denied  { open } for  pid=17305 comm="syz.0.3012" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1140.890466][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1140.909000][T17174] veth0_vlan: entered promiscuous mode
[ 1140.955081][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1140.964677][   T30] audit: type=1400 audit(1742326291.911:1941): avc:  denied  { read } for  pid=17305 comm="syz.0.3012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1141.186453][T17174] veth1_vlan: entered promiscuous mode
[ 1141.219117][ T6398] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1141.260205][ T6398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1141.405056][T17174] veth0_macvtap: entered promiscuous mode
[ 1142.033002][T17174] veth1_macvtap: entered promiscuous mode
[ 1142.100648][T17174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1142.131598][T17174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1142.155038][T17174] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1142.306873][T17174] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1142.335451][T17174] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1142.529661][T17174] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1142.557712][T17174] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.586067][T17174] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.597103][T17174] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.608661][T17174] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.702809][T13193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1142.716426][T13193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1142.748210][T13193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1142.757210][T13193] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1142.808164][T15608] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 1143.610958][T15608] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1143.621585][T15608] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1143.637031][T15608] usb 1-1: New USB device found, idVendor=b2de, idProduct=0001, bcdDevice= 0.00
[ 1143.646459][T15608] usb 1-1: New USB device strings: Mfr=75, Product=4, SerialNumber=0
[ 1143.654861][T15608] usb 1-1: Product: syz
[ 1143.660455][T15608] usb 1-1: Manufacturer: syz
[ 1143.671545][T15608] usb 1-1: config 0 descriptor??
[ 1143.686667][T15608] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1144.400473][T17361] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3025'.
[ 1144.409620][T17361] netlink: 'syz.3.3025': attribute type 7 has an invalid length.
[ 1144.417407][T17361] netlink: 'syz.3.3025': attribute type 8 has an invalid length.
[ 1144.426684][T17361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3025'.
[ 1144.529846][ T5826] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1144.556050][ T3513] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1144.729783][ T5826] usb 3-1: Using ep0 maxpacket: 16
[ 1144.752666][ T5826] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1144.793534][ T5826] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1144.794557][ T3513] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1144.819478][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1144.827496][ T5826] usb 3-1: Product: syz
[ 1144.839387][ T5826] usb 3-1: Manufacturer: syz
[ 1144.843989][ T5826] usb 3-1: SerialNumber: syz
[ 1144.860390][ T5826] usb 3-1: config 0 descriptor??
[ 1144.872337][ T5826] CoreChips 3-1:0.0: probe with driver CoreChips failed with error -22
[ 1144.876136][T17364] can: request_module (can-proto-3) failed.
[ 1144.890139][T15608] usb 4-1: USB disconnect, device number 26
[ 1144.925436][ T3513] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1144.956234][T12717] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1144.967155][T12717] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1144.977981][T12717] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1144.987735][T12717] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1144.996883][T12717] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1145.004302][T12717] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1145.027669][ T3513] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1145.075344][T17358] xt_hashlimit: size too large, truncated to 1048576
[ 1145.176271][T17367] chnl_net:caif_netlink_parms(): no params data found
[ 1145.447575][ T3513] bridge_slave_1: left allmulticast mode
[ 1145.473167][T15608] usb 3-1: USB disconnect, device number 86
[ 1145.519407][ T3513] bridge_slave_1: left promiscuous mode
[ 1145.525097][ T3513] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1145.552068][ T3513] bridge_slave_0: left allmulticast mode
[ 1145.558457][ T3513] bridge_slave_0: left promiscuous mode
[ 1145.558575][ T3513] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1145.638607][T12717] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1145.654847][T12717] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1145.664857][T12717] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1145.675964][T12717] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1145.684698][T12717] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1145.693444][T12717] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1145.859626][ T3513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1145.869564][ T3513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1145.878877][ T3513] bond0 (unregistering): Released all slaves
[ 1145.946962][T17367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1145.954658][T17367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1145.963639][T17367] bridge_slave_0: entered allmulticast mode
[ 1145.970517][T17367] bridge_slave_0: entered promiscuous mode
[ 1145.978923][T17367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1145.986208][T17367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1145.993349][T17367] bridge_slave_1: entered allmulticast mode
[ 1145.999842][T17367] bridge_slave_1: entered promiscuous mode
[ 1146.058334][T17367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1146.082356][T17367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1146.504288][ T5826] usb 1-1: USB disconnect, device number 53
[ 1146.524612][T17367] team0: Port device team_slave_0 added
[ 1146.536283][T17367] team0: Port device team_slave_1 added
[ 1146.614832][T17367] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1146.622578][T17367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1146.648445][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1146.656124][T17367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1146.668238][T17367] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1146.697153][T17367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1146.730839][T17367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1147.081407][ T5134] Bluetooth: hci0: command tx timeout
[ 1147.315487][ T3513] hsr_slave_0: left promiscuous mode
[ 1147.329786][ T3513] hsr_slave_1: left promiscuous mode
[ 1147.335548][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1147.345486][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1147.353459][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1147.361207][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1147.382419][ T3513] veth1_macvtap: left promiscuous mode
[ 1147.387988][ T3513] veth0_macvtap: left promiscuous mode
[ 1147.394405][ T3513] veth1_vlan: left promiscuous mode
[ 1147.399995][ T3513] veth0_vlan: left promiscuous mode
[ 1147.497789][T17410] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3036'.
[ 1147.800752][ T5134] Bluetooth: hci4: command tx timeout
[ 1147.978015][ T3513] team0 (unregistering): Port device team_slave_1 removed
[ 1148.032169][ T3513] team0 (unregistering): Port device team_slave_0 removed
[ 1148.476568][T17408] kexec: Could not allocate control_code_buffer
[ 1148.605150][   T30] kauditd_printk_skb: 17 callbacks suppressed
[ 1148.605178][   T30] audit: type=1400 audit(1742326300.131:1959): avc:  denied  { create } for  pid=17411 comm="syz.4.3037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1148.649866][T17413] Bluetooth: MGMT ver 1.23
[ 1148.699438][   T30] audit: type=1400 audit(1742326300.131:1960): avc:  denied  { bind } for  pid=17411 comm="syz.4.3037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1148.719770][   T30] audit: type=1400 audit(1742326300.171:1961): avc:  denied  { listen } for  pid=17411 comm="syz.4.3037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1149.074478][T17381] chnl_net:caif_netlink_parms(): no params data found
[ 1149.148292][T17367] hsr_slave_0: entered promiscuous mode
[ 1149.159183][T17367] hsr_slave_1: entered promiscuous mode
[ 1149.165175][ T5134] Bluetooth: hci0: command tx timeout
[ 1149.355195][T17418] Bluetooth: MGMT ver 1.23
[ 1149.362859][T17418] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3039'.
[ 1149.385357][   T30] audit: type=1400 audit(1742326300.901:1962): avc:  denied  { mount } for  pid=17416 comm="syz.4.3039" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1149.451828][   T30] audit: type=1400 audit(1742326300.961:1963): avc:  denied  { getopt } for  pid=17416 comm="syz.4.3039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1149.805736][ T5869] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 1149.879443][ T5134] Bluetooth: hci4: command tx timeout
[ 1149.907167][T17381] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1149.914369][T17381] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1149.922964][T17381] bridge_slave_0: entered allmulticast mode
[ 1149.931444][T17381] bridge_slave_0: entered promiscuous mode
[ 1149.946592][T17381] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1149.954227][T17381] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1149.964434][T17381] bridge_slave_1: entered allmulticast mode
[ 1149.974763][T17381] bridge_slave_1: entered promiscuous mode
[ 1150.055657][ T5869] usb 1-1: device descriptor read/64, error -71
[ 1150.056639][   T30] audit: type=1400 audit(1742326301.581:1964): avc:  denied  { unmount } for  pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1150.110485][T17381] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1150.133163][   T30] audit: type=1400 audit(1742326301.661:1965): avc:  denied  { write } for  pid=17431 comm="syz.4.3041" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1150.157675][T17381] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1150.215848][T17381] team0: Port device team_slave_0 added
[ 1150.233338][T17381] team0: Port device team_slave_1 added
[ 1150.303072][T17367] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1150.319669][ T5869] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1150.339315][T17381] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1150.346331][T17381] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1150.375946][T17381] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1150.444378][T17367] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1150.457533][T17381] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1150.465039][T17381] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1150.491794][ T5869] usb 1-1: device descriptor read/64, error -71
[ 1150.500020][  T974] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1150.511977][T17381] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1150.517466][T17438] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3044'.
[ 1150.547365][T17367] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1150.601848][ T5869] usb usb1-port1: attempt power cycle
[ 1150.699886][  T974] usb 5-1: Using ep0 maxpacket: 16
[ 1150.730122][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1150.753051][  T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1150.797715][T17367] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1150.808469][  T974] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1150.883819][  T974] usb 5-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[ 1150.894800][  T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.914503][  T974] usb 5-1: config 0 descriptor??
[ 1150.949576][ T5869] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 1150.990511][ T5869] usb 1-1: device descriptor read/8, error -71
[ 1151.090254][T17381] hsr_slave_0: entered promiscuous mode
[ 1151.097287][T17381] hsr_slave_1: entered promiscuous mode
[ 1151.104621][T17381] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1151.113062][T17381] Cannot create hsr debugfs directory
[ 1151.197028][T17367] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1151.216886][T17367] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1151.227938][T17367] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1151.238759][T17367] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1151.245500][ T5134] Bluetooth: hci0: command tx timeout
[ 1151.251148][ T5869] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 1151.280585][ T5869] usb 1-1: device descriptor read/8, error -71
[ 1151.348654][  T974] hid-alps 0003:044E:120C.0014: unknown main item tag 0x0
[ 1151.357325][  T974] hid-alps 0003:044E:120C.0014: unknown main item tag 0x0
[ 1151.364559][  T974] hid-alps 0003:044E:120C.0014: unknown main item tag 0xe
[ 1151.371801][  T974] hid-alps 0003:044E:120C.0014: item fetching failed at offset 3/5
[ 1151.373140][T17367] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1151.380013][  T974] hid-alps 0003:044E:120C.0014: parse failed
[ 1151.393144][  T974] hid-alps 0003:044E:120C.0014: probe with driver hid-alps failed with error -22
[ 1151.406249][ T5869] usb usb1-port1: unable to enumerate USB device
[ 1151.428428][T17367] 8021q: adding VLAN 0 to HW filter on device team0
[ 1151.438462][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1151.445564][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1151.456866][T13193] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1151.463956][T13193] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1151.576988][  T974] usb 5-1: USB disconnect, device number 72
[ 1151.580892][T17367] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1151.618911][T17367] veth0_vlan: entered promiscuous mode
[ 1151.631267][T17367] veth1_vlan: entered promiscuous mode
[ 1151.671496][T17381] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1151.682449][T17381] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1151.691032][T17381] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1151.703215][T17367] veth0_macvtap: entered promiscuous mode
[ 1151.709575][T17381] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1151.719937][T17367] veth1_macvtap: entered promiscuous mode
[ 1151.743156][T17367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1151.754019][T17367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1151.764955][T17367] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1151.778466][T17367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1151.791277][T17367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1151.802377][T17367] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1151.811674][T17367] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1151.820838][T17367] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1151.830886][T17367] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1151.839770][T17367] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1151.900690][ T1170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1151.902627][T17381] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1151.908505][ T1170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1151.942636][T17381] 8021q: adding VLAN 0 to HW filter on device team0
[ 1151.949803][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1151.959578][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1151.966643][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1151.974004][ T5134] Bluetooth: hci4: command tx timeout
[ 1151.978951][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1151.989083][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1151.996180][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1152.271414][T17463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3048'.
[ 1152.278689][T17381] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1152.307926][   T30] audit: type=1400 audit(1742326303.831:1966): avc:  denied  { bind } for  pid=17462 comm="syz.4.3048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1152.327295][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1152.365173][T17381] veth0_vlan: entered promiscuous mode
[ 1152.376672][T17381] veth1_vlan: entered promiscuous mode
[ 1152.415847][T17381] veth0_macvtap: entered promiscuous mode
[ 1152.432597][T17381] veth1_macvtap: entered promiscuous mode
[ 1152.469279][T17465] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.3049' sets config #0
[ 1152.479977][T17465] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.3049' sets config #1
[ 1152.491678][T17381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1152.522801][T17381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1152.553052][T17381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1152.569499][T15608] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1152.588929][T17381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1152.614013][T17381] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1152.646651][T17381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1152.669505][   T30] audit: type=1400 audit(1742326304.191:1967): avc:  denied  { setattr } for  pid=17472 comm="syz.3.3052" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1152.677854][T17381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1152.708542][T17381] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1152.713620][T17458] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3047'.
[ 1152.722878][T17381] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1152.729055][T17476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1152.743338][T17381] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1152.756937][T17381] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1152.765915][T15608] usb 5-1: Using ep0 maxpacket: 32
[ 1152.771217][T17381] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1152.780648][T17381] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1152.789840][T17381] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1152.789941][T15608] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1152.801092][T17476] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1152.818700][T15608] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1152.835700][T15608] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1152.893789][T15608] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1152.909264][   T30] audit: type=1400 audit(1742326304.431:1968): avc:  denied  { bind } for  pid=17472 comm="syz.3.3052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1152.913849][T13193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1152.944598][T15608] usb 5-1: config 0 descriptor??
[ 1152.950710][T13193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1152.960056][T15608] hub 5-1:0.0: USB hub found
[ 1152.964806][   T10] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1152.994031][ T1170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1153.005776][ T1170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1153.145125][   T10] usb 3-1: Using ep0 maxpacket: 8
[ 1153.163210][   T10] usb 3-1: config 5 has an invalid interface number: 162 but max is 0
[ 1153.176999][   T10] usb 3-1: config 5 has no interface number 0
[ 1153.205285][   T10] usb 3-1: config 5 interface 162 has no altsetting 0
[ 1153.212922][T15608] hub 5-1:0.0: 1 port detected
[ 1153.222327][   T10] usb 3-1: New USB device found, idVendor=04e6, idProduct=0009, bcdDevice= 2.00
[ 1153.233346][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1153.242227][   T10] usb 3-1: Product: syz
[ 1153.246419][   T10] usb 3-1: Manufacturer: syz
[ 1153.251595][   T10] usb 3-1: SerialNumber: syz
[ 1153.324214][T12717] Bluetooth: hci0: command tx timeout
[ 1153.468480][   T10] usb-storage 3-1:5.162: USB Mass Storage device detected
[ 1153.500632][   T10] usb-storage 3-1:5.162: This device (04e6,0009,0200 S 4b P 01) has an unneeded Protocol entry in unusual_devs.h (kernel 6.14.0-rc7-syzkaller-00050-gfc444ada1310)
[ 1153.500632][   T10]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[ 1153.528749][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.579101][   T10] usb 3-1: USB disconnect, device number 87
[ 1154.286217][T15608] hub 5-1:0.0: hub_hub_status failed (err = -32)
[ 1154.306048][T15608] hub 5-1:0.0: config failed, can't get hub status (err -32)
[ 1154.324665][T15608] usbhid 5-1:0.0: can't add hid device: -32
[ 1154.339739][T15608] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[ 1154.609283][T17483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1154.625929][T17483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1154.920985][ T5826] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 1155.123941][T14170] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1155.142048][ T5826] usb 3-1: Using ep0 maxpacket: 32
[ 1155.153036][ T5826] usb 3-1: config 0 has an invalid interface number: 89 but max is 0
[ 1155.197465][ T5826] usb 3-1: config 0 has no interface number 0
[ 1155.220657][ T5826] usb 3-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[ 1155.229886][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.237929][ T5826] usb 3-1: Product: syz
[ 1155.243347][ T5826] usb 3-1: Manufacturer: syz
[ 1155.249417][ T5826] usb 3-1: SerialNumber: syz
[ 1155.256129][ T5826] usb 3-1: config 0 descriptor??
[ 1155.262693][ T5826] hub 3-1:0.89: bad descriptor, ignoring hub
[ 1155.269604][ T5826] hub 3-1:0.89: probe with driver hub failed with error -5
[ 1155.278198][ T5826] option 3-1:0.89: GSM modem (1-port) converter detected
[ 1155.287584][ T5826] usb 3-1: GSM modem (1-port) converter now attached to ttyUSB0
[ 1155.410533][T12717] Bluetooth: hci0: command 0x0405 tx timeout
[ 1155.889624][T11558] usb 3-1: USB disconnect, device number 88
[ 1155.900229][ T5826] usb 5-1: USB disconnect, device number 73
[ 1155.907960][T11558] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[ 1155.940173][T11558] option 3-1:0.89: device disconnected
[ 1155.974276][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1155.974291][   T30] audit: type=1400 audit(1742326307.501:1970): avc:  denied  { create } for  pid=17524 comm="syz.3.3066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1156.011809][   T30] audit: type=1400 audit(1742326307.541:1971): avc:  denied  { ioctl } for  pid=17524 comm="syz.3.3066" path="socket:[55027]" dev="sockfs" ino=55027 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1156.037151][   T30] audit: type=1400 audit(1742326307.541:1972): avc:  denied  { connect } for  pid=17524 comm="syz.3.3066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1156.057521][   T30] audit: type=1400 audit(1742326307.541:1973): avc:  denied  { write } for  pid=17524 comm="syz.3.3066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1156.057884][T12717] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1156.088830][T12717] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1156.088834][   T30] audit: type=1400 audit(1742326307.541:1974): avc:  denied  { create } for  pid=17524 comm="syz.3.3066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1156.119395][T12717] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1156.127801][T12717] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1156.142518][T12717] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1156.150767][T12717] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1156.192175][T17531] ip6tnl1: entered promiscuous mode
[ 1156.209527][T11558] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 1156.249787][    T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1156.263058][T17528] chnl_net:caif_netlink_parms(): no params data found
[ 1156.318047][T17528] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.329002][T17528] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1156.336872][T17528] bridge_slave_0: entered allmulticast mode
[ 1156.344681][T17528] bridge_slave_0: entered promiscuous mode
[ 1156.353896][T17528] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1156.361497][T17528] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1156.369072][T17528] bridge_slave_1: entered allmulticast mode
[ 1156.375828][T11558] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1156.387352][T17528] bridge_slave_1: entered promiscuous mode
[ 1156.393302][T11558] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1156.407380][    T9] usb 4-1: Using ep0 maxpacket: 8
[ 1156.412900][T11558] usb 1-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[ 1156.422117][T11558] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.430628][   T10] usb 5-1: new full-speed USB device number 74 using dummy_hcd
[ 1156.440647][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1156.443300][T17528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1156.459918][T11558] usb 1-1: config 0 descriptor??
[ 1156.463709][T17528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1156.474368][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 1156.487679][    T9] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[ 1156.498431][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.503868][T17528] team0: Port device team_slave_0 added
[ 1156.507997][    T9] usb 4-1: Product: syz
[ 1156.516789][    T9] usb 4-1: Manufacturer: syz
[ 1156.522669][    T9] usb 4-1: SerialNumber: syz
[ 1156.528929][    T9] usb 4-1: config 0 descriptor??
[ 1156.542393][T14170] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1156.558248][T17528] team0: Port device team_slave_1 added
[ 1156.575678][T17528] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1156.582695][T17528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1156.608557][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1156.610052][  T974] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1156.615708][T17528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1156.652565][   T10] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1156.654719][T14170] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1156.660967][   T10] usb 5-1: not running at top speed; connect to a high speed hub
[ 1156.679121][T17528] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1156.688848][   T10] usb 5-1: config 12 has an invalid interface number: 184 but max is 0
[ 1156.697342][T17528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1156.723711][   T10] usb 5-1: config 12 has no interface number 0
[ 1156.728800][T17528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1156.730066][   T10] usb 5-1: config 12 interface 184 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 10
[ 1156.756717][   T10] usb 5-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2
[ 1156.771267][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.780976][  T974] usb 3-1: Using ep0 maxpacket: 16
[ 1156.781183][   T10] usb 5-1: Product: syz
[ 1156.790441][   T10] usb 5-1: Manufacturer: syz
[ 1156.795151][   T10] usb 5-1: SerialNumber: syz
[ 1156.799083][  T974] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[ 1156.810011][  T974] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[ 1156.820526][T14170] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1156.830919][  T974] usb 3-1: Manufacturer: syz
[ 1156.841322][  T974] usb 3-1: config 0 descriptor??
[ 1156.848546][T17528] hsr_slave_0: entered promiscuous mode
[ 1156.856628][T17528] hsr_slave_1: entered promiscuous mode
[ 1156.862810][T17528] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1156.871314][T17528] Cannot create hsr debugfs directory
[ 1156.926691][T11558] razer 0003:1532:010E.0015: item fetching failed at offset 3/5
[ 1156.936623][T11558] razer 0003:1532:010E.0015: probe with driver razer failed with error -22
[ 1156.966333][T14170] bridge_slave_1: left allmulticast mode
[ 1156.976686][T14170] bridge_slave_1: left promiscuous mode
[ 1156.982613][T14170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1156.994438][   T30] audit: type=1400 audit(1742326308.521:1975): avc:  denied  { ioctl } for  pid=17524 comm="syz.3.3066" path="socket:[55029]" dev="sockfs" ino=55029 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1157.029288][T14170] bridge_slave_0: left allmulticast mode
[ 1157.033823][ T5826] usb 4-1: USB disconnect, device number 27
[ 1157.035119][T14170] bridge_slave_0: left promiscuous mode
[ 1157.050941][   T30] audit: type=1400 audit(1742326308.551:1976): avc:  denied  { write } for  pid=17524 comm="syz.3.3066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1157.051575][   T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1157.071059][T14170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1157.079152][T17539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.095970][T17539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.117123][   T10] usb 5-1: USB disconnect, device number 74
[ 1157.201886][  T974] usb 3-1: Limiting number of CPorts to U8_MAX
[ 1157.204899][ T5872] usb 1-1: USB disconnect, device number 58
[ 1157.246851][  T974] usb 3-1: Not enough endpoints found in device, aborting!
[ 1157.810676][T14170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1157.821049][T14170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1157.831089][T14170] bond0 (unregistering): Released all slaves
[ 1157.857950][T11558] usb 3-1: USB disconnect, device number 89
[ 1158.212579][ T5134] Bluetooth: hci4: command tx timeout
[ 1158.263383][T14170] hsr_slave_0: left promiscuous mode
[ 1158.279207][T14170] hsr_slave_1: left promiscuous mode
[ 1158.298375][T14170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1158.313104][T14170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1158.330896][T14170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1158.355828][T14170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1158.435831][T14170] veth1_macvtap: left promiscuous mode
[ 1158.482069][T14170] veth0_macvtap: left promiscuous mode
[ 1158.506582][T14170] veth1_vlan: left promiscuous mode
[ 1158.537087][T14170] veth0_vlan: left promiscuous mode
[ 1159.017345][T17550] kexec: Could not allocate control_code_buffer
[ 1159.018489][   T30] audit: type=1400 audit(1742326310.541:1977): avc:  denied  { getopt } for  pid=17555 comm="syz.2.3073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1159.137959][   T30] audit: type=1400 audit(1742326310.661:1978): avc:  denied  { ioctl } for  pid=17555 comm="syz.2.3073" path="socket:[55906]" dev="sockfs" ino=55906 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1159.215735][   T30] audit: type=1400 audit(1742326310.661:1979): avc:  denied  { map } for  pid=17555 comm="syz.2.3073" path="socket:[55906]" dev="sockfs" ino=55906 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1159.618872][T14170] team0 (unregistering): Port device team_slave_1 removed
[ 1159.640191][T17571] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3078'.
[ 1159.716556][T14170] team0 (unregistering): Port device team_slave_0 removed
[ 1160.289442][ T5134] Bluetooth: hci4: command tx timeout
[ 1160.375120][T17557] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3073'.
[ 1160.387611][T17560] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1160.395127][T17560] IPv6: NLM_F_CREATE should be set when creating new route
[ 1160.402364][T17560] IPv6: NLM_F_CREATE should be set when creating new route
[ 1160.627130][T17582] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3082'.
[ 1160.682648][T17528] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1160.742148][T17528] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1160.795515][T17528] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1160.912155][T17528] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1161.111630][T17528] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1161.160903][T17528] 8021q: adding VLAN 0 to HW filter on device team0
[ 1161.320509][T13193] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1161.327595][T13193] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1161.374255][T13193] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1161.381493][T13193] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1161.646864][T17598] FAULT_INJECTION: forcing a failure.
[ 1161.646864][T17598] name failslab, interval 1, probability 0, space 0, times 0
[ 1161.679324][T17598] CPU: 0 UID: 0 PID: 17598 Comm: syz.3.3085 Not tainted 6.14.0-rc7-syzkaller-00050-gfc444ada1310 #0
[ 1161.679351][T17598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1161.679361][T17598] Call Trace:
[ 1161.679366][T17598]  <TASK>
[ 1161.679373][T17598]  dump_stack_lvl+0x16c/0x1f0
[ 1161.679400][T17598]  should_fail_ex+0x50a/0x650
[ 1161.679426][T17598]  ? fs_reclaim_acquire+0xae/0x150
[ 1161.679451][T17598]  ? tomoyo_encode2+0x100/0x3e0
[ 1161.679475][T17598]  should_failslab+0xc2/0x120
[ 1161.679494][T17598]  __kmalloc_noprof+0xcb/0x510
[ 1161.679512][T17598]  ? d_absolute_path+0x137/0x1b0
[ 1161.679532][T17598]  ? rcu_is_watching+0x12/0xc0
[ 1161.679553][T17598]  tomoyo_encode2+0x100/0x3e0
[ 1161.679578][T17598]  tomoyo_encode+0x29/0x50
[ 1161.679600][T17598]  tomoyo_realpath_from_path+0x19d/0x720
[ 1161.679630][T17598]  tomoyo_path_number_perm+0x248/0x590
[ 1161.679650][T17598]  ? tomoyo_path_number_perm+0x235/0x590
[ 1161.679673][T17598]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1161.679724][T17598]  ? __pfx_lock_release+0x10/0x10
[ 1161.679747][T17598]  ? trace_lock_acquire+0x14e/0x1f0
[ 1161.679770][T17598]  ? lock_acquire+0x2f/0xb0
[ 1161.679791][T17598]  ? __fget_files+0x40/0x3a0
[ 1161.679811][T17598]  ? __fget_files+0x206/0x3a0
[ 1161.679831][T17598]  security_file_ioctl+0x9b/0x240
[ 1161.679856][T17598]  __x64_sys_ioctl+0xb7/0x200
[ 1161.679881][T17598]  do_syscall_64+0xcd/0x250
[ 1161.679905][T17598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1161.679927][T17598] RIP: 0033:0x7f18abf8d169
[ 1161.679941][T17598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1161.679955][T17598] RSP: 002b:00007f18acd4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1161.679970][T17598] RAX: ffffffffffffffda RBX: 00007f18ac1a5fa0 RCX: 00007f18abf8d169
[ 1161.679981][T17598] RDX: 0000000000000002 RSI: 0000000000005437 RDI: 0000000000000003
[ 1161.679991][T17598] RBP: 00007f18acd4e090 R08: 0000000000000000 R09: 0000000000000000
[ 1161.680001][T17598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1161.680010][T17598] R13: 0000000000000000 R14: 00007f18ac1a5fa0 R15: 00007ffdc56b8d18
[ 1161.680033][T17598]  </TASK>
[ 1161.746337][T17528] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1161.926659][T17598] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1162.213311][T17528] veth0_vlan: entered promiscuous mode
[ 1162.242566][T17528] veth1_vlan: entered promiscuous mode
[ 1162.304213][T17602] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.3086' sets config #0
[ 1162.313856][T17602] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.3086' sets config #1
[ 1162.351643][T17528] veth0_macvtap: entered promiscuous mode
[ 1162.361974][ T5134] Bluetooth: hci4: command tx timeout
[ 1162.372956][T17528] veth1_macvtap: entered promiscuous mode
[ 1162.431547][T17528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1162.455765][T17528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1162.468838][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 1162.468851][   T30] audit: type=1800 audit(1742326314.001:1982): pid=17604 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.3087" name="SYSV00000000" dev="hugetlbfs" ino=65 res=0 errno=0
[ 1162.476703][T17528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1162.511402][   T30] audit: type=1400 audit(1742326314.001:1983): avc:  denied  { ioctl } for  pid=17603 comm="syz.4.3087" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=56710 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1162.541666][T17528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1162.552937][T17528] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1162.567439][T17528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1162.578639][T17528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1162.594591][T17528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1162.605276][T17528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1162.619125][T17528] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1162.634969][T17528] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.644424][T17528] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.656835][T17528] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.666289][T17528] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.695513][T17609] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3089'.
[ 1162.723637][    T9] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[ 1162.925578][T13193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1162.941069][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1503, setting to 64
[ 1163.037453][T13193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1163.047011][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 4
[ 1163.146998][    T9] usb 5-1: New USB device found, idVendor=0dfc, idProduct=0100, bcdDevice= 0.00
[ 1163.195524][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1163.323953][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1163.334619][    T9] usb 5-1: config 0 descriptor??
[ 1163.339404][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1163.349188][T17604] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1163.488513][T17616] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3090'.
[ 1163.583809][T17616] mmap: syz.3.3090 (17616) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1163.619684][T17616] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3090'.
[ 1163.631583][   T30] audit: type=1400 audit(1742326314.951:1984): avc:  denied  { connect } for  pid=17612 comm="syz.3.3090" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1163.845628][   T30] audit: type=1400 audit(1742326314.951:1985): avc:  denied  { write } for  pid=17612 comm="syz.3.3090" path="socket:[56939]" dev="sockfs" ino=56939 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1163.914518][   T30] audit: type=1400 audit(1742326315.441:1986): avc:  denied  { create } for  pid=17618 comm="syz.2.3091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1163.945240][   T30] audit: type=1400 audit(1742326315.471:1987): avc:  denied  { listen } for  pid=17618 comm="syz.2.3091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1163.946934][  T974] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[ 1163.968160][   T30] audit: type=1400 audit(1742326315.471:1988): avc:  denied  { accept } for  pid=17618 comm="syz.2.3091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1164.081009][    T9] hid-generic 0003:0DFC:0100.0016: hidraw0: USB HID v0.00 Device [HID 0dfc:0100] on usb-dummy_hcd.4-1/input0
[ 1164.162575][  T974] usb 1-1: too many configurations: 9, using maximum allowed: 8
[ 1164.171516][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1164.183679][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1164.195208][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1164.214424][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1164.227790][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1164.239455][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1164.248416][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1164.261574][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1164.269134][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1164.279581][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1164.289115][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1164.302055][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1164.309500][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1164.321101][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1164.558751][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1164.565676][   T10] usb 5-1: USB disconnect, device number 75
[ 1164.571723][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1164.572510][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1164.595754][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1164.658633][T17625] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3092'.
[ 1165.036587][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1165.049541][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1165.058659][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1165.069105][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1165.078028][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1165.106370][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1165.114581][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1165.125028][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1165.135646][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1165.148856][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1165.156361][  T974] usb 1-1: config 0 has an invalid descriptor of length 166, skipping remainder of the config
[ 1165.168741][  T974] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1165.177796][  T974] usb 1-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1165.227593][  T974] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1165.248106][  T974] usb 1-1: New USB device found, idVendor=0000, idProduct=1010, bcdDevice=49.8e
[ 1165.535630][  T974] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1165.546710][  T974] usb 1-1: Product: syz
[ 1165.552004][  T974] usb 1-1: Manufacturer: syz
[ 1165.557522][  T974] usb 1-1: SerialNumber: syz
[ 1165.573329][  T974] usb 1-1: config 0 descriptor??
[ 1166.062834][   T30] audit: type=1400 audit(1742326317.591:1989): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1166.088818][  T974] usb 1-1: can't set config #0, error -71
[ 1166.089995][    T9] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1166.120695][  T974] usb 1-1: USB disconnect, device number 59
[ 1166.133805][ T1170] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.246473][ T1170] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.279497][    T9] usb 5-1: Using ep0 maxpacket: 8
[ 1166.286476][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1166.296276][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 1166.310893][    T9] usb 5-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[ 1166.320256][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.328269][    T9] usb 5-1: Product: syz
[ 1166.332803][    T9] usb 5-1: Manufacturer: syz
[ 1166.335124][ T1170] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.337680][    T9] usb 5-1: SerialNumber: syz
[ 1166.339472][    T9] usb 5-1: config 0 descriptor??
[ 1166.404514][ T1170] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1166.482770][ T1170] bridge_slave_1: left allmulticast mode
[ 1166.488424][ T1170] bridge_slave_1: left promiscuous mode
[ 1166.494434][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1166.504725][ T1170] bridge_slave_0: left allmulticast mode
[ 1166.510764][ T1170] bridge_slave_0: left promiscuous mode
[ 1166.516428][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1166.559549][  T974] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1166.732498][  T974] usb 1-1: Using ep0 maxpacket: 32
[ 1166.739207][  T974] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1166.748233][  T974] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[ 1166.756748][  T974] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1166.768848][  T974] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1166.780532][  T974] usb 1-1: config 128 has no interface number 0
[ 1166.790205][  T974] usb 1-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1166.803637][  T974] usb 1-1: config 128 interface 127 has no altsetting 0
[ 1166.815898][  T974] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1166.825221][  T974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.833721][ T1170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1166.835860][  T974] usb 1-1: Product: syz
[ 1166.847217][  T974] usb 1-1: Manufacturer: syz
[ 1166.852356][ T1170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1166.854793][  T974] usb 1-1: SerialNumber: syz
[ 1166.867687][ T1170] bond0 (unregistering): Released all slaves
[ 1166.882338][ T5826] usb 5-1: USB disconnect, device number 76
[ 1167.061893][   T30] audit: type=1400 audit(1742326318.591:1990): avc:  denied  { map } for  pid=17642 comm="syz.3.3098" path="socket:[57052]" dev="sockfs" ino=57052 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1167.088468][T17647] fuse: Unknown parameter '0x00000000000000470x0000000000000007'
[ 1167.115278][  T974] usb 1-1: USB disconnect, device number 60
[ 1167.134659][ T1170] hsr_slave_0: left promiscuous mode
[ 1167.149309][ T1170] hsr_slave_1: left promiscuous mode
[ 1167.164040][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1167.189855][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1167.230226][ T1170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1167.237644][ T1170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1167.267762][ T1170] veth1_macvtap: left promiscuous mode
[ 1167.273510][ T1170] veth0_macvtap: left promiscuous mode
[ 1167.279069][ T1170] veth1_vlan: left promiscuous mode
[ 1167.285148][ T1170] veth0_vlan: left promiscuous mode
[ 1167.350660][T12717] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1167.363086][T12717] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1167.372048][T12717] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1167.394838][T12717] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1167.403581][T12717] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1167.410855][T12717] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1167.441862][T11558] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1167.509579][T17656] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3101'.
[ 1167.700249][T11558] usb 4-1: Using ep0 maxpacket: 16
[ 1167.781140][T11558] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1167.905855][T11558] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1167.980512][T11558] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1168.003900][T11558] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1168.015752][T11558] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1168.042117][T11558] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1168.071339][T11558] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1168.080804][T11558] usb 4-1: Manufacturer: syz
[ 1168.093753][T11558] usb 4-1: config 0 descriptor??
[ 1168.170043][T17666] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1168.222178][T17666] No source specified
[ 1168.257075][   T30] audit: type=1400 audit(1742326319.781:1991): avc:  denied  { getopt } for  pid=17663 comm="syz.4.3103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1168.349205][   T30] audit: type=1400 audit(1742326319.881:1992): avc:  denied  { create } for  pid=17663 comm="syz.4.3103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1168.429656][T11558] rc_core: IR keymap rc-hauppauge not found
[ 1168.435700][T11558] Registered IR keymap rc-empty
[ 1168.440774][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.469458][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.497637][T11558] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1168.520492][T11558] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input52
[ 1168.546624][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.579807][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.597196][ T1170] team0 (unregistering): Port device team_slave_1 removed
[ 1168.609722][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.637773][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.669734][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.699009][ T1170] team0 (unregistering): Port device team_slave_0 removed
[ 1168.699655][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.759754][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.798766][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.819755][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.849767][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.906544][T11558] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1168.950645][T11558] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[ 1168.966043][T11558] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1168.980969][   T30] audit: type=1400 audit(1742326320.511:1993): avc:  denied  { setopt } for  pid=17673 comm="syz.0.3105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1169.048074][T11558] usb 4-1: USB disconnect, device number 28
[ 1169.092289][ T5908] IPVS: starting estimator thread 0...
[ 1169.183711][T17676] IPVS: using max 29 ests per chain, 69600 per kthread
[ 1169.208979][   T30] audit: type=1400 audit(1742326320.731:1994): avc:  denied  { getopt } for  pid=17677 comm="syz.0.3106" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1169.479813][ T5134] Bluetooth: hci4: command tx timeout
[ 1169.868299][T17694] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3110'.
[ 1169.977374][T17690] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3110'.
[ 1170.108825][T17690] nbd: device at index 64 is going down
[ 1170.532287][T17652] chnl_net:caif_netlink_parms(): no params data found
[ 1170.628306][   T30] audit: type=1400 audit(1742326322.151:1995): avc:  denied  { connect } for  pid=17702 comm="syz.2.3112" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1170.801112][T17711] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3113'.
[ 1170.804271][T17652] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1170.824647][T17652] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1170.826137][T17652] bridge_slave_0: entered allmulticast mode
[ 1170.842207][T17652] bridge_slave_0: entered promiscuous mode
[ 1170.862208][T17652] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1170.862796][T17652] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1170.864010][T17652] bridge_slave_1: entered allmulticast mode
[ 1170.885169][T17652] bridge_slave_1: entered promiscuous mode
[ 1173.706799][ T5134] Bluetooth: hci4: command tx timeout
[ 1173.742225][T17717] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1173.784236][T17652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1173.832448][T17652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1173.894861][T17652] team0: Port device team_slave_0 added
[ 1173.910286][T17652] team0: Port device team_slave_1 added
[ 1173.949175][T17652] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1173.967228][T17652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1174.208809][T17652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1174.221204][T17652] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1174.228201][T17652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1174.308792][T17652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1174.876742][T17652] hsr_slave_0: entered promiscuous mode
[ 1174.885498][T17652] hsr_slave_1: entered promiscuous mode
[ 1174.891813][T17652] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1174.901996][T17652] Cannot create hsr debugfs directory
[ 1175.019873][   T30] audit: type=1400 audit(1742326326.541:1996): avc:  denied  { ioctl } for  pid=17730 comm="syz.4.3119" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x8905 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1175.127446][   T30] audit: type=1400 audit(1742326326.551:1997): avc:  denied  { write } for  pid=17730 comm="syz.4.3119" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1175.337450][   T30] audit: type=1400 audit(1742326326.551:1998): avc:  denied  { open } for  pid=17730 comm="syz.4.3119" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1175.561958][   T30] audit: type=1400 audit(1742326326.861:1999): avc:  denied  { watch watch_reads } for  pid=17727 comm="syz.2.3118" path="/proc/100" dev="proc" ino=57295 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1175.720429][ T5134] Bluetooth: hci4: command tx timeout
[ 1175.768399][   T30] audit: type=1400 audit(1742326327.291:2000): avc:  denied  { read } for  pid=17741 comm="syz.4.3122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1175.789255][T17740] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1175.798027][T17740] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1175.956014][   T30] audit: type=1400 audit(1742326327.481:2001): avc:  denied  { write } for  pid=17741 comm="syz.4.3122" path="socket:[57431]" dev="sockfs" ino=57431 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1175.979711][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1176.098948][T17749] FAULT_INJECTION: forcing a failure.
[ 1176.098948][T17749] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1176.112124][T17749] CPU: 1 UID: 0 PID: 17749 Comm: syz.2.3123 Not tainted 6.14.0-rc7-syzkaller-00050-gfc444ada1310 #0
[ 1176.112147][T17749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1176.112157][T17749] Call Trace:
[ 1176.112163][T17749]  <TASK>
[ 1176.112170][T17749]  dump_stack_lvl+0x16c/0x1f0
[ 1176.112197][T17749]  should_fail_ex+0x50a/0x650
[ 1176.112227][T17749]  strncpy_from_user+0x3b/0x2d0
[ 1176.112253][T17749]  getname_flags.part.0+0x8f/0x550
[ 1176.112279][T17749]  getname_flags+0x93/0xf0
[ 1176.112304][T17749]  user_path_at+0x24/0x60
[ 1176.112322][T17749]  __x64_sys_mount+0x1fd/0x310
[ 1176.112342][T17749]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1176.112369][T17749]  do_syscall_64+0xcd/0x250
[ 1176.112393][T17749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1176.112416][T17749] RIP: 0033:0x7fcc63d8d169
[ 1176.112429][T17749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1176.112446][T17749] RSP: 002b:00007fcc64b7c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1176.112468][T17749] RAX: ffffffffffffffda RBX: 00007fcc63fa6160 RCX: 00007fcc63d8d169
[ 1176.112480][T17749] RDX: 0000400000000080 RSI: 00004000000002c0 RDI: 0000400000000100
[ 1176.112491][T17749] RBP: 00007fcc64b7c090 R08: 0000000000000000 R09: 0000000000000000
[ 1176.112502][T17749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1176.112512][T17749] R13: 0000000000000000 R14: 00007fcc63fa6160 R15: 00007ffedb824558
[ 1176.112535][T17749]  </TASK>
[ 1176.335523][T17652] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1176.351311][T17652] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1176.367162][T17652] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1176.389134][T17652] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1176.441419][T17652] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1176.476330][T17652] 8021q: adding VLAN 0 to HW filter on device team0
[ 1176.492529][T13193] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1176.499676][T13193] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1176.515356][   T30] audit: type=1326 audit(1742326328.041:2002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17750 comm="syz.4.3124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9d98d169 code=0x7ffc0000
[ 1176.546081][T13193] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1176.553216][T13193] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1176.574202][   T30] audit: type=1326 audit(1742326328.041:2003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17750 comm="syz.4.3124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9d98d169 code=0x7ffc0000
[ 1176.597670][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1176.607145][   T30] audit: type=1326 audit(1742326328.041:2004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17750 comm="syz.4.3124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2d9d98d169 code=0x7ffc0000
[ 1176.630611][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1176.639014][   T30] audit: type=1326 audit(1742326328.041:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17750 comm="syz.4.3124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9d98d169 code=0x7ffc0000
[ 1176.663609][T17754] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock
[ 1176.743131][T17756] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1176.934395][T17767] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3130'.
[ 1177.015385][T17769] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3128'.
[ 1177.020490][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.563980][T17753] ALSA: mixer_oss: invalid OSS volume ''
[ 1177.584810][T17753] ALSA: mixer_oss: invalid OSS volume '�#YH~�c�ͼ���1�#��&��~!IZz'
[ 1177.601312][T17753] ALSA: mixer_oss: invalid OSS volume '��\�Uj���i�w��Il��ˌ���;z:8�F'
[ 1177.619696][T17753] ALSA: mixer_oss: invalid OSS volume '���$�i�yM�,���.1�@P����'
[ 1177.628435][T17753] ALSA: mixer_oss: invalid OSS volume 'I�d�2����څ�D�[�g�м�]��E�'
[ 1177.641226][T17652] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1177.647056][T17753] ALSA: mixer_oss: invalid OSS volume '�hf9\�4���԰Zk��JO'
[ 1177.706419][T17753] ALSA: mixer_oss: invalid OSS volume 'l�~�:-��7gX��2�����W��'
[ 1177.742329][T17753] ALSA: mixer_oss: invalid OSS volume '�J���lF5p0'
[ 1177.757846][T17753] ALSA: mixer_oss: invalid OSS volume '��}(8=�3U�������.'
[ 1177.829705][T17753] ALSA: mixer_oss: invalid OSS volume 'C/�bh�ą.�/ص��i��,t��Qc;Z'
[ 1177.838208][ T5134] Bluetooth: hci4: command tx timeout
[ 1177.864080][T17753] ALSA: mixer_oss: invalid OSS volume 'FyU{�B�d*'
[ 1177.875161][T17753] ALSA: mixer_oss: invalid OSS volume '�5��
EI��p�OS��n�{~�gi����}�@'
[ 1177.971475][T17652] veth0_vlan: entered promiscuous mode
[ 1178.000906][T17652] veth1_vlan: entered promiscuous mode
[ 1178.080709][T17652] veth0_macvtap: entered promiscuous mode
[ 1178.096051][T17652] veth1_macvtap: entered promiscuous mode
[ 1178.231355][T17652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1178.247905][T17652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1178.849487][T17652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1178.881849][T17652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1178.904451][T17652] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1178.951484][T17652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1178.994097][T17652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.019553][T17652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1179.050276][T17652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1179.075831][T17652] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1179.146351][T17652] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1179.166344][T17652] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1179.179739][T17652] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1179.188523][T17652] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1179.323721][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1179.340953][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1179.353005][T14159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1179.362815][   T10] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1179.374273][T14159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1179.419713][T11558] usb 5-1: new full-speed USB device number 77 using dummy_hcd
[ 1179.549520][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1179.599909][T11558] usb 5-1: device descriptor read/64, error -71
[ 1179.675675][   T10] usb 3-1: New USB device found, idVendor=0458, idProduct=706e, bcdDevice=35.64
[ 1179.704129][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1179.742056][   T10] usb 3-1: config 0 descriptor??
[ 1179.849759][T11558] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[ 1179.980224][ T5908] usb 3-1: USB disconnect, device number 90
[ 1179.989788][T11558] usb 5-1: device descriptor read/64, error -71
[ 1180.099639][T11558] usb usb5-port1: attempt power cycle
[ 1180.338875][   T30] kauditd_printk_skb: 19 callbacks suppressed
[ 1180.338891][   T30] audit: type=1400 audit(1742326331.861:2025): avc:  denied  { write } for  pid=17805 comm="syz.0.3140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1180.364478][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1180.404510][   T30] audit: type=1400 audit(1742326331.931:2026): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1180.449675][T11558] usb 5-1: new full-speed USB device number 79 using dummy_hcd
[ 1180.470392][T11558] usb 5-1: device descriptor read/8, error -71
[ 1180.709739][T17814] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3142'.
[ 1180.870169][T11558] usb 5-1: new full-speed USB device number 80 using dummy_hcd
[ 1180.900183][T11558] usb 5-1: device descriptor read/8, error -71
[ 1181.020623][T11558] usb usb5-port1: unable to enumerate USB device
[ 1181.056080][T14159] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.179582][T14159] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.355024][T14159] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.402793][T14159] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.487289][T14159] bridge_slave_1: left allmulticast mode
[ 1181.494080][T14159] bridge_slave_1: left promiscuous mode
[ 1181.500411][T14159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1181.508378][T14159] bridge_slave_0: left allmulticast mode
[ 1181.514221][T14159] bridge_slave_0: left promiscuous mode
[ 1181.520071][T14159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1181.780103][T14159] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1181.791550][T14159] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1181.802871][T14159] bond0 (unregistering): Released all slaves
[ 1182.025376][T17820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3145'.
[ 1182.030850][   T30] audit: type=1400 audit(1742326333.551:2027): avc:  denied  { create } for  pid=17819 comm="syz.3.3145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1182.093104][T17818] ALSA: mixer_oss: invalid OSS volume ''
[ 1182.109705][   T30] audit: type=1400 audit(1742326333.561:2028): avc:  denied  { read } for  pid=17819 comm="syz.3.3145" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1182.133070][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1182.181946][T14159] hsr_slave_0: left promiscuous mode
[ 1182.202833][   T30] audit: type=1400 audit(1742326333.561:2029): avc:  denied  { open } for  pid=17819 comm="syz.3.3145" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1182.202839][T14159] hsr_slave_1: left promiscuous mode
[ 1182.202868][   T30] audit: type=1400 audit(1742326333.561:2030): avc:  denied  { map } for  pid=17819 comm="syz.3.3145" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1182.391843][   T30] audit: type=1400 audit(1742326333.591:2031): avc:  denied  { setopt } for  pid=17819 comm="syz.3.3145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1182.407438][T14159] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1182.423270][T17828] overlayfs: failed to resolve './file0': -2
[ 1182.627252][T14159] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1182.647040][T12717] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1182.661446][T12717] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1182.673541][T12717] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1182.681208][T12717] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1182.691857][T14159] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1182.699386][T12717] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1182.707550][T14159] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1182.723477][T12717] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1182.882226][T14159] veth1_macvtap: left promiscuous mode
[ 1182.891130][T14159] veth0_macvtap: left promiscuous mode
[ 1183.078844][T14159] veth1_vlan: left promiscuous mode
[ 1183.094441][T14159] veth0_vlan: left promiscuous mode
[ 1183.658120][T17824] kexec: Could not allocate control_code_buffer
[ 1184.261008][T14159] team0 (unregistering): Port device team_slave_1 removed
[ 1184.503565][T14159] team0 (unregistering): Port device team_slave_0 removed
[ 1184.759445][T12717] Bluetooth: hci4: command tx timeout
[ 1184.949585][ T5869] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1185.130783][ T5869] usb 3-1: config 0 has an invalid interface number: 22 but max is 0
[ 1185.144879][ T5869] usb 3-1: config 0 has no interface number 0
[ 1185.153094][ T5869] usb 3-1: New USB device found, idVendor=10b8, idProduct=1fa8, bcdDevice=d4.21
[ 1185.167152][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1185.175287][ T5869] usb 3-1: Product: syz
[ 1185.181018][ T5869] usb 3-1: Manufacturer: syz
[ 1185.185661][ T5869] usb 3-1: SerialNumber: syz
[ 1185.196151][ T5869] usb 3-1: config 0 descriptor??
[ 1185.399604][ T5826] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1185.419525][T11558] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1185.471813][T17860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1185.575608][ T5826] usb 1-1: device descriptor read/64, error -71
[ 1185.596160][T17860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1185.607782][T11558] usb 5-1: config 0 has an invalid interface number: 69 but max is 0
[ 1185.619951][T11558] usb 5-1: config 0 has no interface number 0
[ 1185.643927][T17874] netlink: 'syz.3.3158': attribute type 13 has an invalid length.
[ 1185.653580][T11558] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[ 1185.679017][T11558] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 44, changing to 9
[ 1185.686000][ T5869] dvb-usb: found a 'DiBcom NIM8096MD reference design' in cold state, will try to load a firmware
[ 1185.713949][T17874] gretap0: refused to change device tx_queue_len
[ 1185.722711][T11558] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[ 1185.740147][T11558] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1185.748549][T17874] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1185.757110][T11558] usb 5-1: Product: syz
[ 1185.768602][T11558] usb 5-1: Manufacturer: syz
[ 1185.781845][T11558] usb 5-1: SerialNumber: syz
[ 1185.790784][T11558] usb 5-1: config 0 descriptor??
[ 1185.806403][T17867] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1185.931433][ T5826] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1186.071426][   T30] audit: type=1400 audit(1742326337.551:2032): avc:  denied  { append } for  pid=17871 comm="syz.3.3158" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1186.105239][ T5869] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1186.132675][T17833] chnl_net:caif_netlink_parms(): no params data found
[ 1186.186104][ T5826] usb 1-1: device descriptor read/64, error -71
[ 1186.193039][ T5869] dib0700: firmware download failed at 7 with -22
[ 1186.213453][ T5869] usb 3-1: USB disconnect, device number 91
[ 1186.220175][T11558] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[ 1186.234251][T11558] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[ 1186.292281][T17833] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1186.299741][ T5826] usb usb1-port1: attempt power cycle
[ 1186.306320][T17833] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1186.313977][T17833] bridge_slave_0: entered allmulticast mode
[ 1186.321390][T17833] bridge_slave_0: entered promiscuous mode
[ 1186.336368][T14159] team0: left allmulticast mode
[ 1186.341353][T14159] team_slave_0: left allmulticast mode
[ 1186.349141][T14159] team_slave_1: left allmulticast mode
[ 1186.355681][T14159] team0: left promiscuous mode
[ 1186.360656][T14159] team_slave_0: left promiscuous mode
[ 1186.366802][T14159] team_slave_1: left promiscuous mode
[ 1186.373093][T14159] bridge0: port 3(team0) entered disabled state
[ 1186.415068][T14159] bridge_slave_1: left allmulticast mode
[ 1186.428671][T14159] bridge_slave_1: left promiscuous mode
[ 1186.436567][T14159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1186.479965][T14159] bridge_slave_0: left allmulticast mode
[ 1186.485799][T14159] bridge_slave_0: left promiscuous mode
[ 1186.491697][T14159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1186.840319][T12717] Bluetooth: hci4: command tx timeout
[ 1186.845811][ T5826] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1186.879887][ T5826] usb 1-1: device descriptor read/8, error -71
[ 1187.078023][   T30] audit: type=1400 audit(1742326338.601:2033): avc:  denied  { ioctl } for  pid=17862 comm="syz.4.3156" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1187.159767][ T5826] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1187.227155][T17885] overlayfs: failed to resolve './file0': -2
[ 1187.256081][ T5826] usb 1-1: device descriptor read/8, error -71
[ 1187.328244][T17833] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1187.335464][T17833] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1187.356644][T17833] bridge_slave_1: entered allmulticast mode
[ 1187.369709][ T5826] usb usb1-port1: unable to enumerate USB device
[ 1187.376261][T17833] bridge_slave_1: entered promiscuous mode
[ 1187.458702][T17833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1187.475971][T17833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1187.497523][  T974] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1187.550036][T17833] team0: Port device team_slave_0 added
[ 1187.558484][T17833] team0: Port device team_slave_1 added
[ 1187.585539][T17833] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1187.592945][T17833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1187.621177][T17833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1187.638923][T14159] hsr_slave_0: left promiscuous mode
[ 1187.648528][T14159] hsr_slave_1: left promiscuous mode
[ 1187.683903][  T974] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1187.693242][T14159] veth1_macvtap: left promiscuous mode
[ 1187.699771][  T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1187.707843][T14159] veth0_macvtap: left promiscuous mode
[ 1187.715534][T14159] veth1_vlan: left promiscuous mode
[ 1187.720872][  T974] usb 3-1: Product: syz
[ 1187.725097][  T974] usb 3-1: Manufacturer: syz
[ 1187.735919][T14159] veth0_vlan: left promiscuous mode
[ 1187.741784][  T974] usb 3-1: SerialNumber: syz
[ 1187.766483][  T974] usb 3-1: config 0 descriptor??
[ 1187.778892][  T974] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 092
[ 1188.180144][T17894] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1188.951103][T12717] Bluetooth: hci4: command tx timeout
[ 1189.054368][ T5869] usb 5-1: USB disconnect, device number 81
[ 1189.078275][ T5869] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[ 1189.094912][ T5869] cyberjack 5-1:0.69: device disconnected
[ 1189.631875][T14159] team0 (unregistering): Port device team_slave_1 removed
[ 1189.816205][T14159] team0 (unregistering): Port device team_slave_0 removed
[ 1190.102186][  T974]  (null): failure reading functionality
[ 1190.111796][  T974] i2c i2c-1: failure reading functionality
[ 1190.121876][  T974] i2c i2c-1: connected i2c-tiny-usb device
[ 1190.251931][  T974] usb 3-1: USB disconnect, device number 92
[ 1190.629450][  T974] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1190.833459][  T974] usb 3-1: Using ep0 maxpacket: 32
[ 1190.848176][  T974] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1190.884541][  T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1190.895168][  T974] usb 3-1: Product: syz
[ 1190.899582][  T974] usb 3-1: Manufacturer: syz
[ 1190.904248][  T974] usb 3-1: SerialNumber: syz
[ 1190.916413][  T974] usb 3-1: config 0 descriptor??
[ 1190.924078][  T974] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1191.009440][T12717] Bluetooth: hci4: command tx timeout
[ 1191.217148][T17924] overlayfs: failed to resolve './file0': -2
[ 1191.296164][T17833] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1191.304724][T17833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1191.335115][  T974] gspca_stk1135: reg_w 0x0 err -71
[ 1191.340443][   T30] audit: type=1400 audit(1742326342.841:2034): avc:  denied  { bind } for  pid=17911 comm="syz.2.3169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1191.362111][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.367962][T17833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1191.462487][  T974] gspca_stk1135: Sensor write failed
[ 1191.469554][   T30] audit: type=1400 audit(1742326342.841:2035): avc:  denied  { accept } for  pid=17911 comm="syz.2.3169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1191.478254][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.583774][T17833] hsr_slave_0: entered promiscuous mode
[ 1191.589554][T17926] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3173'.
[ 1191.608032][  T974] gspca_stk1135: Sensor write failed
[ 1191.614003][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.628064][  T974] gspca_stk1135: Sensor read failed
[ 1191.634540][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.641265][  T974] gspca_stk1135: Sensor read failed
[ 1191.646586][  T974] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1191.647474][T17833] hsr_slave_1: entered promiscuous mode
[ 1191.653810][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.665652][  T974] gspca_stk1135: Sensor read failed
[ 1191.671294][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.678424][  T974] gspca_stk1135: Sensor read failed
[ 1191.683874][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.690402][  T974] gspca_stk1135: Sensor write failed
[ 1191.695904][  T974] gspca_stk1135: serial bus timeout: status=0x00
[ 1191.703576][  T974] gspca_stk1135: Sensor write failed
[ 1191.727525][  T974] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[ 1191.727973][T17833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1191.738717][  T974] usb 3-1: USB disconnect, device number 93
[ 1191.797197][T17833] Cannot create hsr debugfs directory
[ 1192.363734][   T12] kworker/u8:0 (12) used greatest stack depth: 20880 bytes left
[ 1192.671970][T14159] IPVS: stop unused estimator thread 0...
[ 1193.034346][T17940] random: crng reseeded on system resumption
[ 1193.034664][   T30] audit: type=1400 audit(1742326344.562:2036): avc:  denied  { append } for  pid=17939 comm="syz.0.3178" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1193.139863][   T30] audit: type=1400 audit(1742326344.562:2037): avc:  denied  { open } for  pid=17939 comm="syz.0.3178" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1193.396263][T17833] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1193.430056][T17940] Restarting kernel threads ... 
[ 1193.430144][   T30] audit: type=1400 audit(1742326344.952:2038): avc:  denied  { ioctl } for  pid=17939 comm="syz.0.3178" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1193.430506][T17940] done.
[ 1193.483222][T17833] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1193.497174][T17833] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1193.535070][T17833] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1193.576127][T17953] openvswitch: netlink: Message has 1 unknown bytes.
[ 1193.590539][T17953] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1193.606065][T17956] overlayfs: failed to resolve './file1': -2
[ 1193.614559][   T30] audit: type=1400 audit(1742326345.132:2039): avc:  denied  { accept } for  pid=17939 comm="syz.0.3178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1193.765894][   T30] audit: type=1404 audit(1742326345.182:2040): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[ 1193.796405][   T30] audit: type=1400 audit(1742326345.222:2041): avc:  denied  { sys_module } for  pid=17939 comm="syz.0.3178" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=0
[ 1193.841898][T17151] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000056: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 1193.849880][   T30] audit: type=1400 audit(1742326345.242:2042): avc:  denied  { read write } for  pid=17367 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[ 1193.854660][T17151] KASAN: null-ptr-deref in range [0x00000000000002b0-0x00000000000002b7]
[ 1193.887264][T17151] CPU: 1 UID: 0 PID: 17151 Comm: syz-executor Not tainted 6.14.0-rc7-syzkaller-00050-gfc444ada1310 #0
[ 1193.898192][T17151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 1193.908245][T17151] RIP: 0010:afs_atcell_get_link+0x33e/0x480
[ 1193.914154][T17151] Code: 89 c3 89 c6 e8 63 c0 3b fe 85 db 75 64 e8 5a c5 3b fe 48 8d bd b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1f 01 00 00 4c 89 f6 bf 03 00 00 00 4c 8b a5 b0
[ 1193.933750][T17151] RSP: 0018:ffffc9000504f988 EFLAGS: 00010206
[ 1193.939796][T17151] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff837e2d7a
[ 1193.947746][T17151] RDX: 0000000000000056 RSI: ffffffff837e2d06 RDI: 00000000000002b0
[ 1193.955695][T17151] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 1193.963643][T17151] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
[ 1193.971592][T17151] R13: ffff88805dcf8000 R14: 0000000000000003 R15: ffff888028fc5c40
[ 1193.979539][T17151] FS:  0000555557c61500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1193.988450][T17151] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1193.995011][T17151] CR2: 00007ffedb821f48 CR3: 000000002a4a2000 CR4: 00000000003526f0
[ 1194.002964][T17151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1194.010912][T17151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1194.018861][T17151] Call Trace:
[ 1194.022118][T17151]  <TASK>
[ 1194.025027][T17151]  ? die_addr+0x3b/0xa0
[ 1194.029171][T17151]  ? exc_general_protection+0x155/0x230
[ 1194.034703][T17151]  ? asm_exc_general_protection+0x26/0x30
[ 1194.040406][T17151]  ? afs_atcell_get_link+0x39a/0x480
[ 1194.045676][T17151]  ? afs_atcell_get_link+0x326/0x480
[ 1194.050944][T17151]  ? afs_atcell_get_link+0x33e/0x480
[ 1194.056209][T17151]  ? afs_atcell_get_link+0x326/0x480
[ 1194.061476][T17151]  ? __pfx_afs_atcell_get_link+0x10/0x10
[ 1194.067091][T17151]  step_into+0x1982/0x2220
[ 1194.071491][T17151]  ? __pfx_step_into+0x10/0x10
[ 1194.076237][T17151]  ? lookup_fast+0x153/0x5f0
[ 1194.080809][T17151]  path_openat+0x74c/0x2d80
[ 1194.085298][T17151]  ? __pfx_path_openat+0x10/0x10
[ 1194.090213][T17151]  ? __pfx___lock_acquire+0x10/0x10
[ 1194.095393][T17151]  ? lock_acquire.part.0+0x11b/0x380
[ 1194.100660][T17151]  ? find_held_lock+0x2d/0x110
[ 1194.105413][T17151]  do_filp_open+0x20c/0x470
[ 1194.109899][T17151]  ? __pfx_do_filp_open+0x10/0x10
[ 1194.114912][T17151]  ? find_held_lock+0x2d/0x110
[ 1194.119666][T17151]  ? alloc_fd+0x41f/0x760
[ 1194.123972][T17151]  do_sys_openat2+0x17a/0x1e0
[ 1194.128628][T17151]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1194.133806][T17151]  ? do_unlinkat+0x165/0x760
[ 1194.138374][T17151]  ? __virt_addr_valid+0x5e/0x590
[ 1194.143374][T17151]  ? __pfx_do_unlinkat+0x10/0x10
[ 1194.148289][T17151]  __x64_sys_openat+0x175/0x210
[ 1194.153122][T17151]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1194.158475][T17151]  do_syscall_64+0xcd/0x250
[ 1194.162960][T17151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1194.168835][T17151] RIP: 0033:0x7fcc63d8bad0
[ 1194.173226][T17151] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[ 1194.192810][T17151] RSP: 002b:00007ffedb822680 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1194.201202][T17151] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcc63d8bad0
[ 1194.209149][T17151] RDX: 0000000000000000 RSI: 00007ffedb8227b0 RDI: 00000000ffffff9c
[ 1194.217114][T17151] RBP: 00007ffedb8227b0 R08: 0000000000000000 R09: 0000000000000000
[ 1194.225075][T17151] R10: 0000000000000000 R11: 0000000000000293 R12: 00007ffedb8238a0
[ 1194.233044][T17151] R13: 00007fcc63e0e08c R14: 0000555557c614a8 R15: 00007ffedb824970
[ 1194.241013][T17151]  </TASK>
[ 1194.244013][T17151] Modules linked in:
[ 1194.248598][T17151] ---[ end trace 0000000000000000 ]---
[ 1194.267175][   T30] audit: type=1400 audit(1742326345.282:2043): avc:  denied  { read write } for  pid=5817 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
[ 1194.293375][T17151] RIP: 0010:afs_atcell_get_link+0x33e/0x480
[ 1194.299392][T17151] Code: 89 c3 89 c6 e8 63 c0 3b fe 85 db 75 64 e8 5a c5 3b fe 48 8d bd b0 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1f 01 00 00 4c 89 f6 bf 03 00 00 00 4c 8b a5 b0
[ 1194.321627][T17151] RSP: 0018:ffffc9000504f988 EFLAGS: 00010206
[ 1194.327736][T17151] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff837e2d7a
[ 1194.335774][T17151] RDX: 0000000000000056 RSI: ffffffff837e2d06 RDI: 00000000000002b0
[ 1194.343818][T17151] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 1194.351865][T17151] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
[ 1194.359834][T17151] R13: ffff88805dcf8000 R14: 0000000000000003 R15: ffff888028fc5c40
[ 1194.367816][T17151] FS:  0000555557c61500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1194.376869][T17151] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1194.383685][T17151] CR2: 00007fe281ad7d60 CR3: 000000002a4a2000 CR4: 00000000003526f0
Mar 18 19:32:25 syzkaller auth.info sshd[5805]: Received disconnect from 10.128.0.169 port 39584:11: disconnected by user
Mar 18 19:32:25 syzkaller auth.info sshd[5805]: Disconnected from user root 10.128.0.169 port 39584
[ 1194.419693][T17151] DR0: 0000000000000000 DR1: 0000000000000002 DR2: 0000000000000000
[ 1194.427706][T17151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1194.446344][T17151] Kernel panic - not syncing: Fatal exception
[ 1194.452625][T17151] Kernel Offset: disabled
[ 1194.456938][T17151] Rebooting in 86400 seconds..