last executing test programs:

38.981487235s ago: executing program 3 (id=3065):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="240000006800010000000000fddbdf250a0000000000000004000400080005", @ANYRES32=0x0], 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x4054)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r5 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
r6 = syz_open_procfs(0x0, &(0x7f0000000480)='numa_maps\x00')
read$FUSE(r6, &(0x7f00000023c0)={0x2020}, 0x2020)
preadv(r6, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x114a, 0x0)
quotactl_fd$Q_SETINFO(r5, 0xffffffff80000601, 0x0, &(0x7f0000000300)={0x8, 0x8, 0x0, 0x1})
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)

38.059227654s ago: executing program 3 (id=3067):
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x1)
socket$igmp(0x2, 0x3, 0x2)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x7, 0xab}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x74ec, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102352, 0x18fd0)
socket$inet(0x2, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='rxrpc_rx_ack\x00', r0, 0x0, 0x3}, 0x18)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000300)={0x0, 0x37, 0xf6}, &(0x7f0000000680)=ANY=[], &(0x7f0000000340)="04600eb5122eab350e13d0f69191ce0495036eb278d25fba08cfe2248877119cc87cc81610e9f37ace91efbee7876c4bd848ef9c532832", &(0x7f0000000580)="8155e18a4af8d89cdb96e186c333c7221b1fd273fa2cde2ad135de5ba46d28dfd95dbf26ef8ee196047ae811fb14294eca7c2f0c402eac363b6a4e663a9f1360ce726a10543c5e95b653360a78ab41a84d3b8c42d2dbec71fdf81c019ac41106d5d36359817b636d2cd9813229b7f4c902c18e13dcde2dea72a7fc0c9ba10c174c24df0bfab5a14d0c0828a654dd1dc0113fcc6c79d2b75bd4b77f9947fc5c06b7e690de5bf5dc5f894a2fb6f90e094fe1fc3ef17a1f6c61153c4ee57544642664ea2ea6e3492ceac5cd93deeff7fcfa595cb1413794e15e358125010b39e253facfd722382bd66c329864b9d7cc561c8aefa5252613")
prlimit64(0x0, 0xa, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2c0082, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="20000008000300b0415b02485246f06e58f57a692c4510511f094df1d5674ea5b9dcd152cc44cbc17a6541a211a1dd35f46f39a81863ca350321994e402ee85d508c0fbc4365126d3412efe04f48fa4dfbdd58de312a49acbc92", @ANYRES32=0x0, @ANYBLOB="1200c700070507000102499d7d00000000000000"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x80000001, &(0x7f00000003c0))
ptrace$getregset(0x4205, r4, 0x1, &(0x7f0000000080)={&(0x7f0000019580)=""/110, 0x6e})
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000040), 0x20d000, 0x400, 0x2, 0x3}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
bind$xdp(r3, &(0x7f00000001c0)={0x2c, 0x8, 0x0, 0x0, r3}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)

36.84575206s ago: executing program 3 (id=3070):
r0 = io_uring_setup(0x218a, &(0x7f0000000240)={0x0, 0xad5e, 0x2, 0x4, 0x221})
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
connect$can_j1939(r2, &(0x7f00000004c0)={0x1d, r3, 0x3, {0x0, 0x0, 0x3}, 0xfe}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000400)={'vcan0\x00', <r5=>0x0})
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r5, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r6, 0x0, 0xee)
sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x111, 0x70bd27, 0x100000, {0x0, 0x0, 0x74, r5, {0x6, 0xfff2}, {0x5, 0xfff3}, {0xd, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4)
close_range(r0, 0xffffffffffffffff, 0x0)

35.916850791s ago: executing program 3 (id=3072):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x33, 0x790, 0x80000000002, 0x180, 0x400000004, 0x5c1, 0xf1, 0x3, 0xfffffffffffffd7e, 0x45, 0x0, 0x100000001, 0xfffffffffffffffe, 0x0, 0x0, 0x8], 0x8000000, 0x3c4210})
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x503, 0x70bd27, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x20008040)
write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0xffbd)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r9=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000010025bd7000ffdbdf2500000000", @ANYRES32=r9, @ANYBLOB="200404000300000024001280110001006272696467655f736c617665000000000c00058008002200"], 0x44}, 0x1, 0x0, 0x0, 0x200404c1}, 0x4000000)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000003c0007010000000000400000037c00000400fc80100001805f"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)

34.543977679s ago: executing program 3 (id=3075):
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, 0x0)
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT=0x0], 0x0)
syz_usb_ep_write(r0, 0x8d, 0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, 0x0)
syz_usb_ep_read(r0, 0x80, 0x2a, &(0x7f0000000000)=""/42)
mkdir(0x0, 0x22)
syz_emit_ethernet(0x0, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = syz_open_dev$vbi(0x0, 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r3, 0xc0405665, &(0x7f0000000040)={0x4, 0x2, 0x8, 0x20, 0x827, 0x7f, 0x6})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r2})
ppoll(&(0x7f00000002c0)=[{0xffffffffffffffff, 0x60c2}, {r2, 0x40}, {}, {0xffffffffffffffff, 0x230}], 0x4, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='net/ip_tables_matches\x00')
read$FUSE(r7, &(0x7f0000000640)={0x2020}, 0x2020)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r5)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r8, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xc4}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x48004)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_subtree(r9, &(0x7f0000000080), 0x2, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)

29.293129758s ago: executing program 3 (id=3085):
r0 = userfaultfd(0x801)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000300)={'geneve0\x00', &(0x7f0000000500)=@ethtool_cmd={0xb, 0x80000001, 0x8, 0x5, 0xe, 0xff, 0x9, 0x7, 0x5, 0xae, 0x3fffc0, 0x3ff, 0x6, 0x1, 0x1, 0x100, [0x9, 0x40]}})
socket$inet_sctp(0x2, 0x1, 0x84)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001080), 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={<r4=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000180)={r4, @in6={{0xa, 0x4e24, 0x0, @empty, 0x971}}, 0x9, 0x0, 0x85, 0x693fffd, 0x80, 0x9}, &(0x7f0000000240)=0xfc)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000040))
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000010c0), r5)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000013c0)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000001380)={&(0x7f0000001100)={0x278, r7, 0x300, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x7f, 0x80}}}}, [@NL80211_ATTR_TX_RATES={0x7c, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x78, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2e, 0x2, [{0x0, 0x6}, {0x0, 0x9}, {0x4}, {0x0, 0x8}, {0x4, 0x6}, {0x1, 0x1}, {0x6, 0x9}, {0x1, 0x2}, {0x4, 0x7}, {0x6, 0x8}, {0x5, 0x4}, {0x0, 0x5}, {0x0, 0x9}, {0x6, 0x2}, {0x0, 0x9}, {0x5, 0x6}, {0x5, 0xa}, {0x3, 0x7}, {0x2, 0x9}, {0x6, 0x9}, {0x4, 0x9}, {0x7, 0x5}, {0x3, 0x8}, {0x5, 0x9}, {0x6, 0x9}, {0x6, 0x5}, {0x2, 0x1}, {0x5}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x8}, {0x5, 0xa}, {0x3, 0x4}, {0x6, 0x5}, {0x1, 0xa}, {0x0, 0x6}, {0x1, 0x5}, {0x5, 0xa}, {0x1, 0x6}, {0x1, 0x7}, {0x3, 0x7}, {0x2, 0xa}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x400, 0x2, 0x4, 0x7, 0xb, 0x6, 0x2]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x9, 0xfffd, 0x2, 0x7fff, 0x7, 0x9, 0x2]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0x10, 0x8, 0xa, 0x7, 0x4, 0x0, 0x1]}}]}]}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x866}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xfffff25d}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x7}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x5}, @NL80211_ATTR_BSS_BASIC_RATES={0x1f, 0x24, [{0x2, 0x1}, {0x1b, 0x1}, {0xb}, {0xb}, {0x24, 0x1}, {0x6c}, {0x48e49c461b686e17, 0x1}, {0x1, 0x1}, {0x3, 0x1}, {0x36, 0x1}, {0x12, 0x1}, {0xc}, {0x6c, 0x1}, {0x24, 0x1}, {0x5}, {0x48}, {0x1, 0x1}, {0x60}, {0x24}, {0x3, 0x1}, {0x1}, {0xc}, {0x12}, {0x16, 0x1}, {0x30, 0x1}, {0x48}, {0x24, 0x1}]}, @NL80211_ATTR_TX_RATES={0x100, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x50, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x401, 0x1, 0x7, 0x9, 0x4, 0x6, 0x44]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8000, 0x0, 0x3459, 0xbf34, 0x6, 0x8000, 0x1, 0x9]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0xff, 0x0, 0x7, 0x8, 0x3, 0x5cf, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x54, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8000, 0x2, 0x7ff, 0x400, 0x6, 0x100, 0x0, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x2, 0x8, 0x9b9a, 0x4, 0x7fff, 0x8, 0x9]}}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x6c, 0x4, 0x1b, 0x4, 0x60]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfe00, 0xdf7, 0x1, 0x1, 0x401, 0x7, 0x9, 0x2]}}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x30, 0x12, 0x24, 0x1, 0xb, 0x12, 0x60, 0x12, 0x12, 0x5, 0x12, 0x30, 0x30, 0x1b, 0x6, 0x24, 0x24]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x94, 0x8, 0x2777, 0x3, 0xffff, 0x7, 0x7, 0x8]}}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x0, 0x5}, {0x0, 0xa}, {0x0, 0x7}, {0x1, 0x3}, {0x7, 0x4}, {0x1, 0x5}, {0x0, 0x8}, {0x1, 0x7}, {0x4, 0x1}, {0x2, 0x9}, {0x4}, {0x0, 0x9}, {0x2, 0x9}, {0x1, 0x3}, {0x0, 0xa}, {0x2, 0x7}, {}, {0x4, 0x8}, {0x4, 0x1}, {0x3, 0x5}, {0x2, 0x8}, {0x7, 0x7}, {0x6, 0x8}, {0x0, 0x2}, {0x5, 0x4}, {0x2, 0x5}, {0x1}, {0x1, 0x5}]}]}]}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x2}, @NL80211_ATTR_HANDLE_DFS={0x4}, @NL80211_ATTR_MESH_SETUP={0x90, 0x70, [@NL80211_MESH_SETUP_IE={0x5f, 0x3, "4a3134df401641c34129f76b75f2cf4fa309e4cd693daebdeed599e25c648e461758e38e8e014a7bb745edf4b6d0611fd74255f6c4c9081f615db105856fe4d221d943f0b84288d26382a33ac4fe5d5a6e975aafd0b873d0a64f0b"}, @NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL={0x5}, @NL80211_MESH_SETUP_USERSPACE_AUTH={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}, @NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL={0x5}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}, @NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}, @NL80211_MESH_SETUP_USERSPACE_AUTH={0x4}]}]}, 0x278}, 0x1, 0x0, 0x0, 0x26040000}, 0x8010)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
write$UHID_INPUT(r9, &(0x7f0000000000)={0xf, {"a2e3ad21ed0d09f91b3d090987f70906d038e7ff7fc6e5539b0d3d0e8b089b3f31006c090890e0878f0e1ac6e7049b334a959b6619520100ffe8d178708c523c921b1b5b31070b074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd9c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe6187ee9e9d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b9621040382de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b994503bf07ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe25}}, 0x1006)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)

14.389902019s ago: executing program 0 (id=3124):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x1014d, 0x2022, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x4, &(0x7f000022c000/0x3000)=nil)
r4 = socket(0x2b, 0x80801, 0x1)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f00000002c0)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e21, 0x0, @mcast2, 0x1739d2b3}, {0xa, 0x0, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, 0xffffffffffffffff, 0x3}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000000c0)=[{0x2, 0x0, [0x1, 0x5, 0x0, 0xe76, 0xffff, 0xfffffffe, 0xc491, 0x9, 0x3, 0x4, 0x9, 0x4, 0x30000, 0x9, 0x7cb, 0x44]}], 0xffffffffffffffff, 0x1, 0x1, 0x48}}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x0, 0x5c, 0x160, 0x0, 0x3e0, 0x228, 0x228, 0x25a, 0x228, 0x228, 0x4, 0x0, {[{{@uncond, 0x5002, 0xa8, 0xf0, 0x52020000, {0x0, 0x6802000000000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x7fff, 0x9, 0x7, 'syz0\x00', {0x719}}}}, {{@ipv6={@private0, @private2, [0xffffff00, 0x0, 0xffffff00, 0xff], [0xff, 0xffffff00, 0xffffff00, 0xffffff00], 'tunl0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x4, 0x9456fff08070a538, 0x70}, 0x0, 0xa8, 0x110, 0x0, {}, [@inet]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x82b, 0x0, 0x0, 'syz0\x00', 'syz0\x00', {0x8000800000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x36d)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000000000000050000000000000000000000030000000000f100ffffffff"])
write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000140)={0x1, 0x10}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
setns(r1, 0x0)

10.492637525s ago: executing program 0 (id=3136):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000180)=[{&(0x7f00000002c0)="9eef2b6393c2ed14b948dc5128d816185723abc2a6a9cd81697ba28d6428ea0b3858a8dd4cbac658087ccc7cc05f931c1a8466bd4b6ba1c60f13708872cbfa4bb3dd34a69acb4f1d7a55d836cf789fa20da28163d770bb874b395ecaefcbee714b408bfd5f901a4a4a47b90c41f46a2ca65a4b561d59cc1755f9a6ea45585c7aa27590f5dd82deae2bd0477b9e8497bac48dfc034fa2d0a8f5c379940b4863fef17cdcdb8105c65ba307ad93b6bcc5e252628bc4525931c08dc448e888d6a53f7d66cfa2b1b4c94c996d96d071522fb6b0798565b8d64acc21fdc5f89ed53a028cd087a81db9cac537", 0xe9}, {&(0x7f00000009c0)="3131b964860d15edcb11d10983a6cbcf814fbce842f895071c5dc5e1b088cbc54ee4162d04ba946a0227454c5199ba970eaf623c675f473500207c80b50c015bb60e70621ab52505d219aa65f9c0785d16ac2c392e0a38669ee687491783ba6d615af6481c2342c21addd865e9fd63c8d6ba9efe6acc820573b4676fb946c38bb072754a793e085fe78a28035fea74dbbb00b32e39f297655006570e0242d4a1499d3bb48ddce654f3c59b1766380e57df32e9a2342d617163ae604c5cc4fb600c383ab861d343f5595baee34996e8a17d4bb3b3bd50ddb9395bf5caedd5d367bc6847abea855f91512de1875f1faa2d3e4622dc131ef875578ecbc22b712dae148a03446370f1203c048beb8a607128441562e3d0205ebdf62e5856d54b3e0376a8aa2aa4bd5c7e3264e98268c4be7ac06ac6feaf7a1731e8a64d58bc0579147603f66cb2d0e656de0ebd601d72eddd17f80c96fe4a2674c7e00ffdc791d8b96f91279d45639ef37e76d9e4aaa28c06d0904395384886d68508f292adc54e8ba1edd3f622158f29af4136d1ea5bd428b49a7eada2211c5519aee3317f2b66353b4e1ccdb29fb0e2d1f1cc662272cb476d43e8ef92c183812042e2166c3e6fded07fd4f744b69139e21e35ac85ba8feb2bfbaa86f8edd1a28574a5f92a03a32995e877590d08a6fa1206724bc393c018bf19e3ea217a7b3d132fdc0d58a79a48b2d501e669102147182837c186a50639f77889f4c13f4b7326035f2ff237f427e409f8b5465be5b01728eee51b1e34c7da1ce7279074600d33fbb083effe9530cdf021767835dfd00833726e5582fd17e9b005833c3a78030fa8d3f51d7da31f0fd05c92a41437f18598ea93a3926059082b7a6996db6bbb514458896d7567dbeae6bd474fccb289fdcb54432c685d5c3a03293a56694b8f492bc1ecdeecb78b3724fd9863c826ee6ec314dcf1f8897de167874ad8eb064ec9583be4e9dce02ca1638c0512d5849d5ff8a7cb13cf0645986f7d3fc4c6bc05ed498deef24946405da14523c5014cb92dae7705e39ede5e294816b14ca46ef6016915758e983409b5fbce70c608cf6e02af46424567ff7a7b9c773614cb8184f578749386820613723130ebc70434a5ced5e6a9c6dad9717298bdb50523141f0c0df2dbbbee85f02f21c8d2adf005b13b148310a29a2cd376f0cc349470aa375fd4f59ee0833112a2ecf568f32e5bb5079b935d568ea5e83572b42cb303d22e1fdeefc0dfe295d701b3561f27f25a9d1f3ac6c04d2bf02845b1e56cc267fe9b304a231148a57cd35f316fdc0b3cc0299d078cdf5fcbc9cf8343bbfbe3893dedcf7ec0db6dcab1f80f0904cdae77de85c5a23de58776e3b0bce4f8c44d99ab09a5518b5590625ba7326c669f5453f06b47241a784ac672fadadb4ee844e156656710dff7304ad419ac4516c851fc873fe8cdcf37e759dfa24d9eea60324a89efb1e5c6b381b445cff95093bceda60463a32b24fa4e156d320e1cb829d898a7ba1974ce11ac69046e59eaf1cabeac1e27267e58b66f7b07450a120bea4c292e19e01721dcb73de3dea978d63544b6b7c25f96957b44e7bd288b2be0b6a73fa181b867ca86954ab68af12d27fa8899b3e9560dc40bde13a96ff3e9dae69387008d99d0bdb5bee35bbe1867285da1a23807cea2b9789346bc668365b5ac178440cfd171fdaa5c02ebd9a0dfd6600f1a7ac386b912646ecd23ba2389739aa8193230c91d2bab5bee52ce97792c48910022a9d5fa94b7bdeebf95ab5ca7bc099fe339970910f9640251a91fd774b2b16acfc5297cecd1efb9c8b5803490efb4584a509823b2b914c7858005d9a3fd35b6e8e8e858b0d98388fade3e778f5782a9acf1ad301917449555cbd3543f7d2a2551d4699079b2b08ac72db76f9c3e6f2ca21f913bf3e74ea485bd40d883d2f21b9831c9275a6743b7b75e7a21afeb01c53aad3bd42a1bfe4bfa2f5abc16a8bbdce570569f1090606ebc2922aee22c1e9db8bff648e97ffa6304d891bcbb88d799383ba11ce16050ebb6d2aee59bbccd4cd997dbc3419afbc5595f5379cda8da723a486a64ce533802ea204b540c8963e1499aa17679f14603a5256d79a89a8d02b7526a8fdd79d74b1798807ce6eeb08f9b52f4f80bdd5d3ac11fc71a39b2f8c9c9804124e86fc42ed1d5eddad2583bee589f44e9585a9ba0b1d7bf84013e6693dd10f2d5083930f8784264fe9ef196e1bf8d3973ad413bde302d4ba517e3ab7315f316c8a964deb78f30a7223c835e818bb9e54887aafd84a47473ce38ed3af66b8bed6173db402d46d25b2b39b51c7b0b49168fdbdb1c8986b1ae0ddd9c910529ded85fcf79316b7d094b13e6ef406297fee525b0bcf965dd16131479a1d83cc5df3e4efe59fb01a80eeb9ca608b106b21953c3f9999d33c9604b851bdf73850e392d703f8581b8ede48a342f74e87bf3f2af34ea649eef8cdc4d724f952216cb9fa866815704ef73980f48603c228d90502228459c5c330a30ffa8da8890e89669f5ad719f231aa045847cc6503639999af13fce4472af0772b4c33be272b6b2df58564ec627bf5bd560321faa5898c3a62e1e81642882c70fbc90472ff2b98a9588ce2b6b30fa74db89f26120838eadadfc26c10d672f60af071bd4edee2e46b436d11a7764c53a24a803bdec46854703ae9f1b88a3c6ae4cacff286f6b0464f3a1c7685f631768c5283d6560463df7d70ef277140e8737515d8a9011149237008f5ed76047c1929486b052e8cd7b5b561b32364dfe81bfe9e66e6f982449377c41ae2b3d5055914381fa701ca5ae334a0e588c3dd07be748a1a1dceb51cdec4a92bfc44bd35a18af8b309f6d32dbd6c1e892e67cba08c80454cbd038d55bc9326d048995871306b8159a65a8d46a80722d37476c647d79f3bf5125a1c2708104ffc09207465dd052c6c14d9ec4bb505455d14794cacde5c84f09cdacac0feb2d350b9858af401a478ca27ff7bf8d0b7e8d93ac88a5f1193cf6c2a45ae94d0eeed1e496863c39054e8ada7310dc47cd8b9e8e2cb618169cf9a9aa42248023953ad9b7d94b811b08134b4af1bf502b929e674f09a43e9444b36a3f2111d35c310da0b75755cb9eb7de74990eef929f4c1c491709d4e4eb350563bf9e8cdf380649b78e0d767b45531b141f248c142f924e0c1c8948c6d60640515e970222cf8c0ba9ded1bda94e84335b87901d4de8ccd16f427bbeb0b0712cc404d177aaf7ba1410e7ece17e6316b3a1fbd4823e88741cf5669d26c85173513e307ad82de3a4aee26cbdc82551620427efc60e1db6633038ea2531f6d3391dc5165670b58f5bf9bad7284b843e65f511af45f03a3c600e567aa8f58bb9701af0662b10e055f7012cfe32cfa345379db9bd13db9383e7002e9f29083643abb912c5bde6c68e2626e1ec55547673ebfd2bc9549abd43c9c3585b1b01ce482bc5a49279e378dac01a6c93bb399eb26fcea5cb60a59f80092d3461c5be852c4dbff94987fd1ed95382ee648e6d991f0fde0921abe412273cb5e8d317b03d2991001a3d8e909178233415747bed5f2f9c2f7db7bede401aa69afe21f2df45e0a0e1beeb98a5af84e95b3047a3c27f4345f7dd16ed9ef3064ed5464634ea633d4cfd221194f8cb7504b5ca21a3ed7b5994f54cae4d2086612db2066faa8e440d9903a504da17db0900f5effd35f88b0f83c44e6484894b8b51438ba054e3544c43bac0e1e71b4b036ece12df103008917286b5550eff7b61c82538746b964d1c39f6efde5ed54c1487e7c1c0a770650695727b606381a217e27cf728811f215b3c3a06f97500aaa871ffcff1b3cb41e990b767238a387184594eae181b602ab8ef66914a254af2ae6fdb12cae801f78a7bd7996d596344ec64f2101a1aa6833618b9884b452c07a761166cc11e98cc463cdc4a0bfddfbb24168a841e19b982a3e3066e9fc8913a712747525576bd7dfcbe147bccdb2b45fba03272391c87adb549a9b67ba3cdd7fa4f066454bdaf2fb758611d479da8285ec310d254696ac4829ae653e4b16fef126dd790d72d53dcc940f48b36212700a7db70386bbce6a9fc3c47c920db2e8105a0612a7782d2476bffe4b6946426a3c0206435af06d8817ce3b0b62f2d3ce31f0fab92f53c90e8af2061e5b5ec7b8bb044c0d1e6f29d449f245b88d2d01811fe109d531f74055d86504dea4be9b03d0bb6c77a78e63f85b203801d92346b8e6886854ce1e8bfa56256a823a426b9cddaaf9d7b3cd21e45a3448d9c57541ff26b1245de656e901a6f334482dce6026fd16bba7188c3ece1f70be06fc4ef75b97c3f831d3f57b86cf17289d2ce446711439f5ba81814fceacbbcb85d02c9f904997d8e9701a7b6a7bd9353ca625fb5f414af38d97b04fad9c0b7739eacd72e214b93d9854d42c99a60b1189d11c2f18996ad6bf983b672347daaffe023dbd1ace9030bb8db2d3b2aeff4195db7bfcf34cfdbe7a75e61e510936822f64a8d309ba876eb86d99d82321672305f044fb39d11d2151a3c83819e82b2c665bfcdc8858ca634be07df7dadc76373bf0c5b1ba462419c3da703c951a041112fd26634b3acd9c9a78aa9efd1f738b8d52b92afcc578ebefab87835dbdf594586817a72cd54c1705e22ac3825db15bfed00d9f737d5e7096e60858fec57aa393ef8dd90abe0d13bab255305d571ae7304f9fd60fa13caed9c39a082705b5703d3f8193716801fb226911a0c8665a25626b6660ee5688b8ea9b2a82aecbf771b9e0f8e675d562b1cf9f714d140169d017f9b8b935237d618f79e07c46d7d671fb766a3fc63b1dd00c16f41346ff29126cbbb4f20cd4d1c7545d463dbf17498aa94018497c984d5403b640e919c68f5856993f2b68e5fb84840ef436104ccfdc51411743fc50ae963ec4790604adf773dfc87e7cd7060fdde9f7aed887ae90e2d939b3adc2145c46c13c07a4a345185f7a693f80af5d4110e79ae632b6cb4a8efe8026776cfdb0220b4374860e5fc403efb73fd05231215935750c0f1d749369d91be19eaf547723a29e365e3163ca4958527a81b9b61a84cb49264d8b8d9f1cb0538658cc9809917ce84f845e4c7037ba7fab2e612c51e9aeef9af5fafcaf33fad7ad65979f8ae6af41742c2991f04f9f88512fd39c9119da5bde4f5c84bf70dc56e11450f91bbf3584f5773b6df063aeefcceb540020d8618d66b2bff2baaee2995b553b94bdcb376ec8b0a9984c7620cf4b779ab78bcafbc405fe85253dc933141c2130122383e9682b8dec2b6e49bd7d602fdd67376e2e6a3b9c4ddf5de5761d85894b6736bb5b9cdb617786e026ce4526a6facfd2c6ccb75a68ade9c747b4233c394b26bc097e716319542dee408f338b60587a1f01c5c38b8e6e298c2a6fec83b8292c946d39a36ce6db83bbcf5aaedd9bd4d36e4b0e22dacb784574ed367ec5c5cc8752b50d75d8135d0f091c7f798e831e3573f93cf46bad4253d0c8afc216d7f3bd4367cbd9b31d43ac58ae03f86710d2f60011dca7aa62f1a445942f2d516bdde0a05bdc2f8c3ba6776befb07c3cf0c58da7f572cf8d1c7cf0ee2da320834e4365fb5331832e2f290a281d0a590a49bbc45d985651e1677ca10a066729a5b15d0d795b6a7d0119ffeef555b2fbdd4154bd73b30dd9e47255c29d69c017bd366afb473385127d729b76f1ba913b0f925", 0xfd4}, {&(0x7f0000000480)="7b107104dd64ed9902c65ad6be2de695abe28fa7e64e88bf4856c6685090e5cafb0312a3f7705c77e108094ff46760f65131d983a4ff3a88edea79df79ca5f0fb80de577f4ca18a79fd0657c08fefa27909250678dcc7d8c091e", 0x5a}], 0x3, &(0x7f0000000400)}, 0x840)
close(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r2, &(0x7f0000000080)={{0x3, @default, 0x8}, [@null, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
connect$ax25(r2, &(0x7f0000000240)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, [@bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)

7.075798124s ago: executing program 0 (id=3139):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd)
quotactl_fd$Q_GETQUOTA(r1, 0xffffffff80000701, 0xffffffffffffffff, 0x0) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYRES64], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0xffff8000, 0xffffffff}, 0x10}, 0x94)
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000200)={0x0, 0x4, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x8a, 0x40}) (async)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=@getqdisc={0x24, 0x26, 0x201, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x9, 0x4773816fb83ef562}, {0xa, 0xffe0}, {0xffe0, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20004844}, 0x0)

7.033956426s ago: executing program 1 (id=3140):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, 0x0, 0x0)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000001c0)=""/200, 0xc8}, {&(0x7f0000000140)=""/9, 0x9}, {&(0x7f0000000300)=""/225, 0xe1}, {&(0x7f0000000400)=""/41, 0x29}, {&(0x7f0000000440)=""/123, 0xfd5b}, {&(0x7f0000000a40)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0x18, 0xe1}}], 0x2, 0xcb, &(0x7f0000008000))

6.887408804s ago: executing program 2 (id=3142):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0x4, @local, 0xe}, 0x1c)
openat$kvm(0xffffffffffffff9c, 0x0, 0x181040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x44}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/keys\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = syz_io_uring_setup(0xec5, &(0x7f00000008c0), &(0x7f0000000080)=<r5=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r4, 0x95d, 0xfa39, 0x61, 0x0, 0x0)
io_uring_enter(r4, 0xedd, 0x8acb, 0x41, 0x0, 0x0)
io_uring_enter(r4, 0x47fa, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000000)={'ip6_vti0\x00', &(0x7f00000002c0)={'syztnl0\x00', <r6=>0x0, 0x2f, 0x7f, 0x0, 0x7, 0x10, @mcast1, @mcast1, 0x7800, 0x1, 0xffffffff, 0x8}})
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000340)={@private2, @loopback, @mcast1, 0xe, 0x556, 0x1, 0x400, 0x1, 0x40000000, r6})
setsockopt$inet6_tcp_int(r3, 0x6, 0x22, &(0x7f0000000040)=0x5, 0x4)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x2, @empty}, 0x27)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5", 0x4}], 0x1}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
epoll_create1(0x0)
epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xb}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_usb_connect(0x0, 0x46, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000041b34508460a01966894010203010902340001f40410000904e4d502bcb60600090502000002080101080b15dfa31a040d09050c042000080226080b8e647ecf2009"], 0x0)

6.560730851s ago: executing program 0 (id=3144):
creat(&(0x7f0000000140)='./file0\x00', 0x0)
setxattr$security_ima(0x0, &(0x7f0000000000), &(0x7f00000000c0)=ANY=[@ANYBLOB="060100000000000000"], 0x9, 0x0)

6.531986242s ago: executing program 1 (id=3145):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x1014d, 0x2022, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x4, &(0x7f000022c000/0x3000)=nil)
r4 = socket(0x2b, 0x80801, 0x1)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f00000002c0)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e21, 0x0, @mcast2, 0x1739d2b3}, {0xa, 0x0, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, 0xffffffffffffffff, 0x3}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000000c0)=[{0x2, 0x0, [0x1, 0x5, 0x0, 0xe76, 0xffff, 0xfffffffe, 0xc491, 0x9, 0x3, 0x4, 0x9, 0x4, 0x30000, 0x9, 0x7cb, 0x44]}], 0xffffffffffffffff, 0x1, 0x1, 0x48}}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x0, 0x5c, 0x160, 0x0, 0x3e0, 0x228, 0x228, 0x25a, 0x228, 0x228, 0x4, 0x0, {[{{@uncond, 0x5002, 0xa8, 0xf0, 0x52020000, {0x0, 0x6802000000000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x7fff, 0x9, 0x7, 'syz0\x00', {0x719}}}}, {{@ipv6={@private0, @private2, [0xffffff00, 0x0, 0xffffff00, 0xff], [0xff, 0xffffff00, 0xffffff00, 0xffffff00], 'tunl0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x4, 0x9456fff08070a538, 0x70}, 0x0, 0xa8, 0x110, 0x0, {}, [@inet]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x82b, 0x0, 0x0, 'syz0\x00', 'syz0\x00', {0x8000800000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x36d)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000000000000050000000000000000000000030000000000f100ffffffff"])
write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000140)={0x1, 0x10}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
setns(r1, 0x0)

6.404058905s ago: executing program 0 (id=3146):
socket$kcm(0x29, 0x2, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000001140)={0x80, 0x1})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x1)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendfile(r5, r4, 0x0, 0x20000023893)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000001f0000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d616376746170000000080001400000000514000000"], 0xe8}}, 0x0)
ioctl$BLKTRACESTOP(r4, 0x1275, 0x0)

4.853296165s ago: executing program 4 (id=3148):
r0 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x2)
r4 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0x9099)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000300)={0x1, 0x0, 0x7, &(0x7f0000000100)={0x0, "fd6d44512b7e1b0420ec2a3ba53b31dd77e7ffffff0300"}})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x40, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r5, 0x58, &(0x7f0000000080)={0x0, <r6=>0x0}}, 0x10)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={r6, 0xfffffff8}, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r8, 0x0, 0xe, 0x0, &(0x7f0000000640)="c1dfb080cd21d308098e00000800", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd00fe05e8fe50a10a000600014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r10 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r11)
r12 = syz_io_uring_setup(0x1d9e, &(0x7f00000000c0)={0x0, 0xe876, 0x40, 0x0, 0x2d4}, &(0x7f0000000040), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r12, 0x22, &(0x7f0000000000)={&(0x7f0000003000)={[{0x0, 0x0, 0x3}]}, 0x1}, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, r9)

3.894327106s ago: executing program 4 (id=3149):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000180)=[{&(0x7f00000002c0)="9eef2b6393c2ed14b948dc5128d816185723abc2a6a9cd81697ba28d6428ea0b3858a8dd4cbac658087ccc7cc05f931c1a8466bd4b6ba1c60f13708872cbfa4bb3dd34a69acb4f1d7a55d836cf789fa20da28163d770bb874b395ecaefcbee714b408bfd5f901a4a4a47b90c41f46a2ca65a4b561d59cc1755f9a6ea45585c7aa27590f5dd82deae2bd0477b9e8497bac48dfc034fa2d0a8f5c379940b4863fef17cdcdb8105c65ba307ad93b6bcc5e252628bc4525931c08dc448e888d6a53f7d66cfa2b1b4c94c996d96d071522fb6b0798565b8d64acc21fdc5f89ed53a028cd087a81db9cac537", 0xe9}, {&(0x7f00000009c0)="3131b964860d15edcb11d10983a6cbcf814fbce842f895071c5dc5e1b088cbc54ee4162d04ba946a0227454c5199ba970eaf623c675f473500207c80b50c015bb60e70621ab52505d219aa65f9c0785d16ac2c392e0a38669ee687491783ba6d615af6481c2342c21addd865e9fd63c8d6ba9efe6acc820573b4676fb946c38bb072754a793e085fe78a28035fea74dbbb00b32e39f297655006570e0242d4a1499d3bb48ddce654f3c59b1766380e57df32e9a2342d617163ae604c5cc4fb600c383ab861d343f5595baee34996e8a17d4bb3b3bd50ddb9395bf5caedd5d367bc6847abea855f91512de1875f1faa2d3e4622dc131ef875578ecbc22b712dae148a03446370f1203c048beb8a607128441562e3d0205ebdf62e5856d54b3e0376a8aa2aa4bd5c7e3264e98268c4be7ac06ac6feaf7a1731e8a64d58bc0579147603f66cb2d0e656de0ebd601d72eddd17f80c96fe4a2674c7e00ffdc791d8b96f91279d45639ef37e76d9e4aaa28c06d0904395384886d68508f292adc54e8ba1edd3f622158f29af4136d1ea5bd428b49a7eada2211c5519aee3317f2b66353b4e1ccdb29fb0e2d1f1cc662272cb476d43e8ef92c183812042e2166c3e6fded07fd4f744b69139e21e35ac85ba8feb2bfbaa86f8edd1a28574a5f92a03a32995e877590d08a6fa1206724bc393c018bf19e3ea217a7b3d132fdc0d58a79a48b2d501e669102147182837c186a50639f77889f4c13f4b7326035f2ff237f427e409f8b5465be5b01728eee51b1e34c7da1ce7279074600d33fbb083effe9530cdf021767835dfd00833726e5582fd17e9b005833c3a78030fa8d3f51d7da31f0fd05c92a41437f18598ea93a3926059082b7a6996db6bbb514458896d7567dbeae6bd474fccb289fdcb54432c685d5c3a03293a56694b8f492bc1ecdeecb78b3724fd9863c826ee6ec314dcf1f8897de167874ad8eb064ec9583be4e9dce02ca1638c0512d5849d5ff8a7cb13cf0645986f7d3fc4c6bc05ed498deef24946405da14523c5014cb92dae7705e39ede5e294816b14ca46ef6016915758e983409b5fbce70c608cf6e02af46424567ff7a7b9c773614cb8184f578749386820613723130ebc70434a5ced5e6a9c6dad9717298bdb50523141f0c0df2dbbbee85f02f21c8d2adf005b13b148310a29a2cd376f0cc349470aa375fd4f59ee0833112a2ecf568f32e5bb5079b935d568ea5e83572b42cb303d22e1fdeefc0dfe295d701b3561f27f25a9d1f3ac6c04d2bf02845b1e56cc267fe9b304a231148a57cd35f316fdc0b3cc0299d078cdf5fcbc9cf8343bbfbe3893dedcf7ec0db6dcab1f80f0904cdae77de85c5a23de58776e3b0bce4f8c44d99ab09a5518b5590625ba7326c669f5453f06b47241a784ac672fadadb4ee844e156656710dff7304ad419ac4516c851fc873fe8cdcf37e759dfa24d9eea60324a89efb1e5c6b381b445cff95093bceda60463a32b24fa4e156d320e1cb829d898a7ba1974ce11ac69046e59eaf1cabeac1e27267e58b66f7b07450a120bea4c292e19e01721dcb73de3dea978d63544b6b7c25f96957b44e7bd288b2be0b6a73fa181b867ca86954ab68af12d27fa8899b3e9560dc40bde13a96ff3e9dae69387008d99d0bdb5bee35bbe1867285da1a23807cea2b9789346bc668365b5ac178440cfd171fdaa5c02ebd9a0dfd6600f1a7ac386b912646ecd23ba2389739aa8193230c91d2bab5bee52ce97792c48910022a9d5fa94b7bdeebf95ab5ca7bc099fe339970910f9640251a91fd774b2b16acfc5297cecd1efb9c8b5803490efb4584a509823b2b914c7858005d9a3fd35b6e8e8e858b0d98388fade3e778f5782a9acf1ad301917449555cbd3543f7d2a2551d4699079b2b08ac72db76f9c3e6f2ca21f913bf3e74ea485bd40d883d2f21b9831c9275a6743b7b75e7a21afeb01c53aad3bd42a1bfe4bfa2f5abc16a8bbdce570569f1090606ebc2922aee22c1e9db8bff648e97ffa6304d891bcbb88d799383ba11ce16050ebb6d2aee59bbccd4cd997dbc3419afbc5595f5379cda8da723a486a64ce533802ea204b540c8963e1499aa17679f14603a5256d79a89a8d02b7526a8fdd79d74b1798807ce6eeb08f9b52f4f80bdd5d3ac11fc71a39b2f8c9c9804124e86fc42ed1d5eddad2583bee589f44e9585a9ba0b1d7bf84013e6693dd10f2d5083930f8784264fe9ef196e1bf8d3973ad413bde302d4ba517e3ab7315f316c8a964deb78f30a7223c835e818bb9e54887aafd84a47473ce38ed3af66b8bed6173db402d46d25b2b39b51c7b0b49168fdbdb1c8986b1ae0ddd9c910529ded85fcf79316b7d094b13e6ef406297fee525b0bcf965dd16131479a1d83cc5df3e4efe59fb01a80eeb9ca608b106b21953c3f9999d33c9604b851bdf73850e392d703f8581b8ede48a342f74e87bf3f2af34ea649eef8cdc4d724f952216cb9fa866815704ef73980f48603c228d90502228459c5c330a30ffa8da8890e89669f5ad719f231aa045847cc6503639999af13fce4472af0772b4c33be272b6b2df58564ec627bf5bd560321faa5898c3a62e1e81642882c70fbc90472ff2b98a9588ce2b6b30fa74db89f26120838eadadfc26c10d672f60af071bd4edee2e46b436d11a7764c53a24a803bdec46854703ae9f1b88a3c6ae4cacff286f6b0464f3a1c7685f631768c5283d6560463df7d70ef277140e8737515d8a9011149237008f5ed76047c1929486b052e8cd7b5b561b32364dfe81bfe9e66e6f982449377c41ae2b3d5055914381fa701ca5ae334a0e588c3dd07be748a1a1dceb51cdec4a92bfc44bd35a18af8b309f6d32dbd6c1e892e67cba08c80454cbd038d55bc9326d048995871306b8159a65a8d46a80722d37476c647d79f3bf5125a1c2708104ffc09207465dd052c6c14d9ec4bb505455d14794cacde5c84f09cdacac0feb2d350b9858af401a478ca27ff7bf8d0b7e8d93ac88a5f1193cf6c2a45ae94d0eeed1e496863c39054e8ada7310dc47cd8b9e8e2cb618169cf9a9aa42248023953ad9b7d94b811b08134b4af1bf502b929e674f09a43e9444b36a3f2111d35c310da0b75755cb9eb7de74990eef929f4c1c491709d4e4eb350563bf9e8cdf380649b78e0d767b45531b141f248c142f924e0c1c8948c6d60640515e970222cf8c0ba9ded1bda94e84335b87901d4de8ccd16f427bbeb0b0712cc404d177aaf7ba1410e7ece17e6316b3a1fbd4823e88741cf5669d26c85173513e307ad82de3a4aee26cbdc82551620427efc60e1db6633038ea2531f6d3391dc5165670b58f5bf9bad7284b843e65f511af45f03a3c600e567aa8f58bb9701af0662b10e055f7012cfe32cfa345379db9bd13db9383e7002e9f29083643abb912c5bde6c68e2626e1ec55547673ebfd2bc9549abd43c9c3585b1b01ce482bc5a49279e378dac01a6c93bb399eb26fcea5cb60a59f80092d3461c5be852c4dbff94987fd1ed95382ee648e6d991f0fde0921abe412273cb5e8d317b03d2991001a3d8e909178233415747bed5f2f9c2f7db7bede401aa69afe21f2df45e0a0e1beeb98a5af84e95b3047a3c27f4345f7dd16ed9ef3064ed5464634ea633d4cfd221194f8cb7504b5ca21a3ed7b5994f54cae4d2086612db2066faa8e440d9903a504da17db0900f5effd35f88b0f83c44e6484894b8b51438ba054e3544c43bac0e1e71b4b036ece12df103008917286b5550eff7b61c82538746b964d1c39f6efde5ed54c1487e7c1c0a770650695727b606381a217e27cf728811f215b3c3a06f97500aaa871ffcff1b3cb41e990b767238a387184594eae181b602ab8ef66914a254af2ae6fdb12cae801f78a7bd7996d596344ec64f2101a1aa6833618b9884b452c07a761166cc11e98cc463cdc4a0bfddfbb24168a841e19b982a3e3066e9fc8913a712747525576bd7dfcbe147bccdb2b45fba03272391c87adb549a9b67ba3cdd7fa4f066454bdaf2fb758611d479da8285ec310d254696ac4829ae653e4b16fef126dd790d72d53dcc940f48b36212700a7db70386bbce6a9fc3c47c920db2e8105a0612a7782d2476bffe4b6946426a3c0206435af06d8817ce3b0b62f2d3ce31f0fab92f53c90e8af2061e5b5ec7b8bb044c0d1e6f29d449f245b88d2d01811fe109d531f74055d86504dea4be9b03d0bb6c77a78e63f85b203801d92346b8e6886854ce1e8bfa56256a823a426b9cddaaf9d7b3cd21e45a3448d9c57541ff26b1245de656e901a6f334482dce6026fd16bba7188c3ece1f70be06fc4ef75b97c3f831d3f57b86cf17289d2ce446711439f5ba81814fceacbbcb85d02c9f904997d8e9701a7b6a7bd9353ca625fb5f414af38d97b04fad9c0b7739eacd72e214b93d9854d42c99a60b1189d11c2f18996ad6bf983b672347daaffe023dbd1ace9030bb8db2d3b2aeff4195db7bfcf34cfdbe7a75e61e510936822f64a8d309ba876eb86d99d82321672305f044fb39d11d2151a3c83819e82b2c665bfcdc8858ca634be07df7dadc76373bf0c5b1ba462419c3da703c951a041112fd26634b3acd9c9a78aa9efd1f738b8d52b92afcc578ebefab87835dbdf594586817a72cd54c1705e22ac3825db15bfed00d9f737d5e7096e60858fec57aa393ef8dd90abe0d13bab255305d571ae7304f9fd60fa13caed9c39a082705b5703d3f8193716801fb226911a0c8665a25626b6660ee5688b8ea9b2a82aecbf771b9e0f8e675d562b1cf9f714d140169d017f9b8b935237d618f79e07c46d7d671fb766a3fc63b1dd00c16f41346ff29126cbbb4f20cd4d1c7545d463dbf17498aa94018497c984d5403b640e919c68f5856993f2b68e5fb84840ef436104ccfdc51411743fc50ae963ec4790604adf773dfc87e7cd7060fdde9f7aed887ae90e2d939b3adc2145c46c13c07a4a345185f7a693f80af5d4110e79ae632b6cb4a8efe8026776cfdb0220b4374860e5fc403efb73fd05231215935750c0f1d749369d91be19eaf547723a29e365e3163ca4958527a81b9b61a84cb49264d8b8d9f1cb0538658cc9809917ce84f845e4c7037ba7fab2e612c51e9aeef9af5fafcaf33fad7ad65979f8ae6af41742c2991f04f9f88512fd39c9119da5bde4f5c84bf70dc56e11450f91bbf3584f5773b6df063aeefcceb540020d8618d66b2bff2baaee2995b553b94bdcb376ec8b0a9984c7620cf4b779ab78bcafbc405fe85253dc933141c2130122383e9682b8dec2b6e49bd7d602fdd67376e2e6a3b9c4ddf5de5761d85894b6736bb5b9cdb617786e026ce4526a6facfd2c6ccb75a68ade9c747b4233c394b26bc097e716319542dee408f338b60587a1f01c5c38b8e6e298c2a6fec83b8292c946d39a36ce6db83bbcf5aaedd9bd4d36e4b0e22dacb784574ed367ec5c5cc8752b50d75d8135d0f091c7f798e831e3573f93cf46bad4253d0c8afc216d7f3bd4367cbd9b31d43ac58ae03f86710d2f60011dca7aa62f1a445942f2d516bdde0a05bdc2f8c3ba6776befb07c3cf0c58da7f572cf8d1c7cf0ee2da320834e4365fb5331832e2f290a281d0a590a49bbc45d985651e1677ca10a066729a5b15d0d795b6a7d0119ffeef555b2fbdd4154bd73b30dd9e47255c29d69c017bd366afb473385127d729b76f1ba913b0f925", 0xfd4}, {&(0x7f0000000480)="7b107104dd64ed9902c65ad6be2de695abe28fa7e64e88bf4856c6685090e5cafb0312a3f7705c77e108094ff46760f65131d983a4ff3a88edea79df79ca5f0fb80de577f4ca18a79fd0657c08fefa27909250678dcc7d8c091e", 0x5a}], 0x3, &(0x7f0000000400)}, 0x840)
close(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r2, &(0x7f0000000080)={{0x3, @default, 0x8}, [@null, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
connect$ax25(r2, &(0x7f0000000240)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, [@bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)

3.530242697s ago: executing program 4 (id=3150):
socket$inet6(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x1, {0x60, 0x0, 0x0, 0x0, {0x0, 0xe}, {0xffff, 0x2}, {0x5}}}, 0x24}}, 0x44004)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000300))
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x6)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5)
openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0xf000, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'macvlan1\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001c0001010a00cd1e00f2ff0007000000", @ANYRES32=r3, @ANYBLOB="c300a6000a00020001"], 0x28}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
read$msr(0xffffffffffffffff, &(0x7f00000007c0)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)

3.339180087s ago: executing program 2 (id=3151):
r0 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x2)
r4 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0x9099)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000300)={0x1, 0x0, 0x7, &(0x7f0000000100)={0x0, "fd6d44512b7e1b0420ec2a3ba53b31dd77e7ffffff0300"}})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x40, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r5, 0x58, &(0x7f0000000080)={0x0, <r6=>0x0}}, 0x10)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={r6, 0xfffffff8}, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r8, 0x0, 0xe, 0x0, &(0x7f0000000640)="c1dfb080cd21d308098e00000800", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd00fe05e8fe50a10a000600014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r10 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r11)
r12 = syz_io_uring_setup(0x1d9e, &(0x7f00000000c0)={0x0, 0xe876, 0x40, 0x0, 0x2d4}, &(0x7f0000000040), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r12, 0x22, &(0x7f0000000000)={&(0x7f0000003000)={[{0x0, 0x0, 0x3}]}, 0x1}, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, r9)

3.277430898s ago: executing program 1 (id=3152):
r0 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x2)
r4 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0x9099)
ioctl$I2C_SMBUS(r4, 0x720, &(0x7f0000000300)={0x1, 0x0, 0x7, &(0x7f0000000100)={0x0, "fd6d44512b7e1b0420ec2a3ba53b31dd77e7ffffff0300"}})
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x40, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r5, 0x58, &(0x7f0000000080)={0x0, <r6=>0x0}}, 0x10)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={r6, 0xfffffff8}, 0xc)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x22}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000880)={r8, 0x0, 0xe, 0x0, &(0x7f0000000640)="c1dfb080cd21d308098e00000800", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd00fe05e8fe50a10a000600014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r10 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r11=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r11)
r12 = syz_io_uring_setup(0x1d9e, &(0x7f00000000c0)={0x0, 0xe876, 0x40, 0x0, 0x2d4}, &(0x7f0000000040), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r12, 0x22, &(0x7f0000000000)={&(0x7f0000003000)={[{0x0, 0x0, 0x3}]}, 0x1}, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, r9)

2.360569085s ago: executing program 2 (id=3153):
setrlimit(0x8, &(0x7f0000000080))
r0 = socket$inet6(0xa, 0x80001, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x3f, &(0x7f0000000200), 0x4)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}, 0x88)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000300)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x8, 0x40})
r4 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
setsockopt$packet_int(r5, 0x107, 0xe, &(0x7f0000019300)=0x7, 0x4)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r7=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f0000000280)={0x3, r7, 0x1, 0xfffd, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r3, 0xc02464bb, &(0x7f0000000080)={0x2, r7, 0x1dc, 0x0, 0x4, 0x8, 0x0, 0x0, 0x800})
tkill(0x0, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000000000)={0x1, 0x2, 0x0, 'queue0\x00', 0x3})

2.138581808s ago: executing program 4 (id=3154):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000200)=[<r1=>0x0, 0x0], 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000800)={0x0, 0x0, r2, r3, 0x6, 0xb, 0x0, 0x8, {0x0, 0xe, 0x7fff, 0x5, 0x5, 0xee87, 0x5, 0x2, 0x6, 0x2, 0x5, 0xe, 0x8, 0x3ff, "0f1977589889e2313a21b5793287bb5f3ef59a0656570000dfa500"}})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x49920d862a92153b, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2100}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x3, 0x2, 0x0, 0x1, @void}}}, @IFLA_MTU={0x8, 0x3}, @IFLA_LINKMODE={0x5, 0x11, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0)

1.143421807s ago: executing program 1 (id=3155):
creat(&(0x7f0000000140)='./file0\x00', 0x0)
setxattr$security_ima(&(0x7f0000000240)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="060100000000000000"], 0x9, 0x0)

930.432049ms ago: executing program 0 (id=3156):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
syz_io_uring_setup(0x5a40, &(0x7f0000000000)={0x0, 0x625c, 0x20, 0x1, 0x307}, &(0x7f0000000080), &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x0, 0x2, 0x7, '\x00', 0x8})
lchown(&(0x7f0000000240)='./file0\x00', r3, 0xee00)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x300000b, 0x12, r2, 0x0)
syz_extract_tcp_res(&(0x7f0000000280), 0xa0f8, 0x7ff)
syz_extract_tcp_res(&(0x7f00000002c0), 0x7, 0x1c2)
socket$netlink(0x10, 0x3, 0x0)
r4 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40088a01, &(0x7f0000000000)=0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
connect$x25(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r6, 0x7, &(0x7f00000003c0)=0xa)
r9 = add_key(&(0x7f00000000c0)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000400)="f81da85b6eb73d7efae6dc5fedb3bdc4321d31f81d5fb67acf37aca1dae3ac9912892ee476427a4bbd411e4c0036bababb0e6be02c4eb7e0a3f8ab12fea481114fe0205162e00d1e3912292836c4ccdf73852960582592c8c027869bcd79550fa18ecd713844cebe89", 0x69, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r9, 0xffffffffffffffff, 0xc4)

916.755093ms ago: executing program 1 (id=3157):
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x5)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000001}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_PROBE_MESH_LINK(r0, 0x0, 0x2000)
mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x242)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000ffe700000000951b8776cdf6840000000000000010a6bd7e55da2d210a9ee73b5e265d2de3d157b60adc11fdd066d95c666cfc00de43b89bb21048a8e3f0ffb9c68664617d670d8911872472"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, 0x94)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r5, 0x404c4701, &(0x7f0000000040)={0x1, 0x300, 0x1, 0x400000, 0x12, "3eccd8fd00000000000005dc000000040100"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
epoll_create1(0x0)
epoll_create1(0x0)

878.535622ms ago: executing program 2 (id=3158):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r2, r1, &(0x7f0000002080)=0x9c, 0x23b)
sendto$inet6(r1, &(0x7f0000000540)="2b67eb12051e770c8266f23c159472", 0xf, 0x24000001, &(0x7f0000000580)={0xa, 0x4e21, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2666f577}, 0x1c)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x1, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x759b6a85, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x11000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3]})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r3, 0x8008f512, &(0x7f00000005c0))
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0xc, 0x49, [0xfac05, 0xfac09]}]]}, 0x30}, 0x1, 0x0, 0x0, 0x4000884}, 0x0)

791.548502ms ago: executing program 4 (id=3159):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000180)=[{&(0x7f00000002c0)="9eef2b6393c2ed14b948dc5128d816185723abc2a6a9cd81697ba28d6428ea0b3858a8dd4cbac658087ccc7cc05f931c1a8466bd4b6ba1c60f13708872cbfa4bb3dd34a69acb4f1d7a55d836cf789fa20da28163d770bb874b395ecaefcbee714b408bfd5f901a4a4a47b90c41f46a2ca65a4b561d59cc1755f9a6ea45585c7aa27590f5dd82deae2bd0477b9e8497bac48dfc034fa2d0a8f5c379940b4863fef17cdcdb8105c65ba307ad93b6bcc5e252628bc4525931c08dc448e888d6a53f7d66cfa2b1b4c94c996d96d071522fb6b0798565b8d64acc21fdc5f89ed53a028cd087a81db9cac537", 0xe9}, {&(0x7f00000009c0)="3131b964860d15edcb11d10983a6cbcf814fbce842f895071c5dc5e1b088cbc54ee4162d04ba946a0227454c5199ba970eaf623c675f473500207c80b50c015bb60e70621ab52505d219aa65f9c0785d16ac2c392e0a38669ee687491783ba6d615af6481c2342c21addd865e9fd63c8d6ba9efe6acc820573b4676fb946c38bb072754a793e085fe78a28035fea74dbbb00b32e39f297655006570e0242d4a1499d3bb48ddce654f3c59b1766380e57df32e9a2342d617163ae604c5cc4fb600c383ab861d343f5595baee34996e8a17d4bb3b3bd50ddb9395bf5caedd5d367bc6847abea855f91512de1875f1faa2d3e4622dc131ef875578ecbc22b712dae148a03446370f1203c048beb8a607128441562e3d0205ebdf62e5856d54b3e0376a8aa2aa4bd5c7e3264e98268c4be7ac06ac6feaf7a1731e8a64d58bc0579147603f66cb2d0e656de0ebd601d72eddd17f80c96fe4a2674c7e00ffdc791d8b96f91279d45639ef37e76d9e4aaa28c06d0904395384886d68508f292adc54e8ba1edd3f622158f29af4136d1ea5bd428b49a7eada2211c5519aee3317f2b66353b4e1ccdb29fb0e2d1f1cc662272cb476d43e8ef92c183812042e2166c3e6fded07fd4f744b69139e21e35ac85ba8feb2bfbaa86f8edd1a28574a5f92a03a32995e877590d08a6fa1206724bc393c018bf19e3ea217a7b3d132fdc0d58a79a48b2d501e669102147182837c186a50639f77889f4c13f4b7326035f2ff237f427e409f8b5465be5b01728eee51b1e34c7da1ce7279074600d33fbb083effe9530cdf021767835dfd00833726e5582fd17e9b005833c3a78030fa8d3f51d7da31f0fd05c92a41437f18598ea93a3926059082b7a6996db6bbb514458896d7567dbeae6bd474fccb289fdcb54432c685d5c3a03293a56694b8f492bc1ecdeecb78b3724fd9863c826ee6ec314dcf1f8897de167874ad8eb064ec9583be4e9dce02ca1638c0512d5849d5ff8a7cb13cf0645986f7d3fc4c6bc05ed498deef24946405da14523c5014cb92dae7705e39ede5e294816b14ca46ef6016915758e983409b5fbce70c608cf6e02af46424567ff7a7b9c773614cb8184f578749386820613723130ebc70434a5ced5e6a9c6dad9717298bdb50523141f0c0df2dbbbee85f02f21c8d2adf005b13b148310a29a2cd376f0cc349470aa375fd4f59ee0833112a2ecf568f32e5bb5079b935d568ea5e83572b42cb303d22e1fdeefc0dfe295d701b3561f27f25a9d1f3ac6c04d2bf02845b1e56cc267fe9b304a231148a57cd35f316fdc0b3cc0299d078cdf5fcbc9cf8343bbfbe3893dedcf7ec0db6dcab1f80f0904cdae77de85c5a23de58776e3b0bce4f8c44d99ab09a5518b5590625ba7326c669f5453f06b47241a784ac672fadadb4ee844e156656710dff7304ad419ac4516c851fc873fe8cdcf37e759dfa24d9eea60324a89efb1e5c6b381b445cff95093bceda60463a32b24fa4e156d320e1cb829d898a7ba1974ce11ac69046e59eaf1cabeac1e27267e58b66f7b07450a120bea4c292e19e01721dcb73de3dea978d63544b6b7c25f96957b44e7bd288b2be0b6a73fa181b867ca86954ab68af12d27fa8899b3e9560dc40bde13a96ff3e9dae69387008d99d0bdb5bee35bbe1867285da1a23807cea2b9789346bc668365b5ac178440cfd171fdaa5c02ebd9a0dfd6600f1a7ac386b912646ecd23ba2389739aa8193230c91d2bab5bee52ce97792c48910022a9d5fa94b7bdeebf95ab5ca7bc099fe339970910f9640251a91fd774b2b16acfc5297cecd1efb9c8b5803490efb4584a509823b2b914c7858005d9a3fd35b6e8e8e858b0d98388fade3e778f5782a9acf1ad301917449555cbd3543f7d2a2551d4699079b2b08ac72db76f9c3e6f2ca21f913bf3e74ea485bd40d883d2f21b9831c9275a6743b7b75e7a21afeb01c53aad3bd42a1bfe4bfa2f5abc16a8bbdce570569f1090606ebc2922aee22c1e9db8bff648e97ffa6304d891bcbb88d799383ba11ce16050ebb6d2aee59bbccd4cd997dbc3419afbc5595f5379cda8da723a486a64ce533802ea204b540c8963e1499aa17679f14603a5256d79a89a8d02b7526a8fdd79d74b1798807ce6eeb08f9b52f4f80bdd5d3ac11fc71a39b2f8c9c9804124e86fc42ed1d5eddad2583bee589f44e9585a9ba0b1d7bf84013e6693dd10f2d5083930f8784264fe9ef196e1bf8d3973ad413bde302d4ba517e3ab7315f316c8a964deb78f30a7223c835e818bb9e54887aafd84a47473ce38ed3af66b8bed6173db402d46d25b2b39b51c7b0b49168fdbdb1c8986b1ae0ddd9c910529ded85fcf79316b7d094b13e6ef406297fee525b0bcf965dd16131479a1d83cc5df3e4efe59fb01a80eeb9ca608b106b21953c3f9999d33c9604b851bdf73850e392d703f8581b8ede48a342f74e87bf3f2af34ea649eef8cdc4d724f952216cb9fa866815704ef73980f48603c228d90502228459c5c330a30ffa8da8890e89669f5ad719f231aa045847cc6503639999af13fce4472af0772b4c33be272b6b2df58564ec627bf5bd560321faa5898c3a62e1e81642882c70fbc90472ff2b98a9588ce2b6b30fa74db89f26120838eadadfc26c10d672f60af071bd4edee2e46b436d11a7764c53a24a803bdec46854703ae9f1b88a3c6ae4cacff286f6b0464f3a1c7685f631768c5283d6560463df7d70ef277140e8737515d8a9011149237008f5ed76047c1929486b052e8cd7b5b561b32364dfe81bfe9e66e6f982449377c41ae2b3d5055914381fa701ca5ae334a0e588c3dd07be748a1a1dceb51cdec4a92bfc44bd35a18af8b309f6d32dbd6c1e892e67cba08c80454cbd038d55bc9326d048995871306b8159a65a8d46a80722d37476c647d79f3bf5125a1c2708104ffc09207465dd052c6c14d9ec4bb505455d14794cacde5c84f09cdacac0feb2d350b9858af401a478ca27ff7bf8d0b7e8d93ac88a5f1193cf6c2a45ae94d0eeed1e496863c39054e8ada7310dc47cd8b9e8e2cb618169cf9a9aa42248023953ad9b7d94b811b08134b4af1bf502b929e674f09a43e9444b36a3f2111d35c310da0b75755cb9eb7de74990eef929f4c1c491709d4e4eb350563bf9e8cdf380649b78e0d767b45531b141f248c142f924e0c1c8948c6d60640515e970222cf8c0ba9ded1bda94e84335b87901d4de8ccd16f427bbeb0b0712cc404d177aaf7ba1410e7ece17e6316b3a1fbd4823e88741cf5669d26c85173513e307ad82de3a4aee26cbdc82551620427efc60e1db6633038ea2531f6d3391dc5165670b58f5bf9bad7284b843e65f511af45f03a3c600e567aa8f58bb9701af0662b10e055f7012cfe32cfa345379db9bd13db9383e7002e9f29083643abb912c5bde6c68e2626e1ec55547673ebfd2bc9549abd43c9c3585b1b01ce482bc5a49279e378dac01a6c93bb399eb26fcea5cb60a59f80092d3461c5be852c4dbff94987fd1ed95382ee648e6d991f0fde0921abe412273cb5e8d317b03d2991001a3d8e909178233415747bed5f2f9c2f7db7bede401aa69afe21f2df45e0a0e1beeb98a5af84e95b3047a3c27f4345f7dd16ed9ef3064ed5464634ea633d4cfd221194f8cb7504b5ca21a3ed7b5994f54cae4d2086612db2066faa8e440d9903a504da17db0900f5effd35f88b0f83c44e6484894b8b51438ba054e3544c43bac0e1e71b4b036ece12df103008917286b5550eff7b61c82538746b964d1c39f6efde5ed54c1487e7c1c0a770650695727b606381a217e27cf728811f215b3c3a06f97500aaa871ffcff1b3cb41e990b767238a387184594eae181b602ab8ef66914a254af2ae6fdb12cae801f78a7bd7996d596344ec64f2101a1aa6833618b9884b452c07a761166cc11e98cc463cdc4a0bfddfbb24168a841e19b982a3e3066e9fc8913a712747525576bd7dfcbe147bccdb2b45fba03272391c87adb549a9b67ba3cdd7fa4f066454bdaf2fb758611d479da8285ec310d254696ac4829ae653e4b16fef126dd790d72d53dcc940f48b36212700a7db70386bbce6a9fc3c47c920db2e8105a0612a7782d2476bffe4b6946426a3c0206435af06d8817ce3b0b62f2d3ce31f0fab92f53c90e8af2061e5b5ec7b8bb044c0d1e6f29d449f245b88d2d01811fe109d531f74055d86504dea4be9b03d0bb6c77a78e63f85b203801d92346b8e6886854ce1e8bfa56256a823a426b9cddaaf9d7b3cd21e45a3448d9c57541ff26b1245de656e901a6f334482dce6026fd16bba7188c3ece1f70be06fc4ef75b97c3f831d3f57b86cf17289d2ce446711439f5ba81814fceacbbcb85d02c9f904997d8e9701a7b6a7bd9353ca625fb5f414af38d97b04fad9c0b7739eacd72e214b93d9854d42c99a60b1189d11c2f18996ad6bf983b672347daaffe023dbd1ace9030bb8db2d3b2aeff4195db7bfcf34cfdbe7a75e61e510936822f64a8d309ba876eb86d99d82321672305f044fb39d11d2151a3c83819e82b2c665bfcdc8858ca634be07df7dadc76373bf0c5b1ba462419c3da703c951a041112fd26634b3acd9c9a78aa9efd1f738b8d52b92afcc578ebefab87835dbdf594586817a72cd54c1705e22ac3825db15bfed00d9f737d5e7096e60858fec57aa393ef8dd90abe0d13bab255305d571ae7304f9fd60fa13caed9c39a082705b5703d3f8193716801fb226911a0c8665a25626b6660ee5688b8ea9b2a82aecbf771b9e0f8e675d562b1cf9f714d140169d017f9b8b935237d618f79e07c46d7d671fb766a3fc63b1dd00c16f41346ff29126cbbb4f20cd4d1c7545d463dbf17498aa94018497c984d5403b640e919c68f5856993f2b68e5fb84840ef436104ccfdc51411743fc50ae963ec4790604adf773dfc87e7cd7060fdde9f7aed887ae90e2d939b3adc2145c46c13c07a4a345185f7a693f80af5d4110e79ae632b6cb4a8efe8026776cfdb0220b4374860e5fc403efb73fd05231215935750c0f1d749369d91be19eaf547723a29e365e3163ca4958527a81b9b61a84cb49264d8b8d9f1cb0538658cc9809917ce84f845e4c7037ba7fab2e612c51e9aeef9af5fafcaf33fad7ad65979f8ae6af41742c2991f04f9f88512fd39c9119da5bde4f5c84bf70dc56e11450f91bbf3584f5773b6df063aeefcceb540020d8618d66b2bff2baaee2995b553b94bdcb376ec8b0a9984c7620cf4b779ab78bcafbc405fe85253dc933141c2130122383e9682b8dec2b6e49bd7d602fdd67376e2e6a3b9c4ddf5de5761d85894b6736bb5b9cdb617786e026ce4526a6facfd2c6ccb75a68ade9c747b4233c394b26bc097e716319542dee408f338b60587a1f01c5c38b8e6e298c2a6fec83b8292c946d39a36ce6db83bbcf5aaedd9bd4d36e4b0e22dacb784574ed367ec5c5cc8752b50d75d8135d0f091c7f798e831e3573f93cf46bad4253d0c8afc216d7f3bd4367cbd9b31d43ac58ae03f86710d2f60011dca7aa62f1a445942f2d516bdde0a05bdc2f8c3ba6776befb07c3cf0c58da7f572cf8d1c7cf0ee2da320834e4365fb5331832e2f290a281d0a590a49bbc45d985651e1677ca10a066729a5b15d0d795b6a7d0119ffeef555b2fbdd4154bd73b30dd9e47255c29d69c017bd366afb473385127d729b76f1ba913b0f925", 0xfd4}, {&(0x7f0000000480)="7b107104dd64ed9902c65ad6be2de695abe28fa7e64e88bf4856c6685090e5cafb0312a3f7705c77e108094ff46760f65131d983a4ff3a88edea79df79ca5f0fb80de577f4ca18a79fd0657c08fefa27909250678dcc7d8c091e", 0x5a}], 0x3, &(0x7f0000000400)}, 0x840)
close(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r2, &(0x7f0000000080)={{0x3, @default, 0x8}, [@null, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
connect$ax25(r2, &(0x7f0000000240)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6}, [@bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48)

598.800944ms ago: executing program 2 (id=3160):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0)
write$snapshot(r1, 0x0, 0x0)
ioctl$SNAPSHOT_FREE(r1, 0x3305)
write$snapshot(r1, 0x0, 0x0)

320.668327ms ago: executing program 1 (id=3161):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x1014d, 0x2022, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x4, &(0x7f000022c000/0x3000)=nil)
r4 = socket(0x2b, 0x80801, 0x1)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x106, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f00000002c0)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e21, 0x0, @mcast2, 0x1739d2b3}, {0xa, 0x0, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, 0xffffffffffffffff, 0x3}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x0, @dev={0xfe, 0x80, '\x00', 0x11}, 0x5}, {0xa, 0x0, 0x0, @loopback}}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000000c0)=[{0x2, 0x0, [0x1, 0x5, 0x0, 0xe76, 0xffff, 0xfffffffe, 0xc491, 0x9, 0x3, 0x4, 0x9, 0x4, 0x30000, 0x9, 0x7cb, 0x44]}], 0xffffffffffffffff, 0x1, 0x1, 0x48}}, 0x20)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x2d0, 0x0, 0x5c, 0x160, 0x0, 0x3e0, 0x228, 0x228, 0x25a, 0x228, 0x228, 0x4, 0x0, {[{{@uncond, 0x5002, 0xa8, 0xf0, 0x52020000, {0x0, 0x6802000000000000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x7fff, 0x9, 0x7, 'syz0\x00', {0x719}}}}, {{@ipv6={@private0, @private2, [0xffffff00, 0x0, 0xffffff00, 0xff], [0xff, 0xffffff00, 0xffffff00, 0xffffff00], 'tunl0\x00', 'pimreg0\x00', {0xff}, {0xff}, 0x33, 0x4, 0x9456fff08070a538, 0x70}, 0x0, 0xa8, 0x110, 0x0, {}, [@inet]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x82b, 0x0, 0x0, 'syz0\x00', 'syz0\x00', {0x8000800000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x36d)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000000000000050000000000000000000000030000000000f100ffffffff"])
write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000140)={0x1, 0x10}, 0x18)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
setns(r1, 0x0)

73.999154ms ago: executing program 2 (id=3162):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x18d301, 0x0)
ioctl$COMEDI_BUFINFO(r0, 0xc02c640e, &(0x7f0000000000)={0x0, 0x1, 0x6, 0xb16, 0xfffffffb, 0x2, 0xffff8001})
r1 = socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x1}, 0x50)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$evdev(0x0, 0x40, 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r6, &(0x7f0000000000)=""/188, 0xbc)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_disconnect(r5)
mount$fuse(0x0, 0x0, 0x0, 0x200000, &(0x7f00000000c0)=ANY=[@ANYRESHEX, @ANYRES8=0x0, @ANYRES8=r4, @ANYRES64, @ANYRES32=r1])

0s ago: executing program 4 (id=3163):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYRES16=0x0, @ANYBLOB="53a5e03aebf9f33e5260a2ef5c63dc534d7e893cfcdc1b59a39f4c8a51d99b0148ca5bbccd77063b91456a2532e586d44b2f0639862f24a7268dc762315460c7c56cfa6e815cee23164f18a4aad2eb5235ffcc8e778fbd890ce50c0093c8e846acd83341cc157e02a3a8534d97d77b8781e63f0c86724ca0064900b2dd61022b6298df10d930f597e25df5160fc09c7ee19bfdb252d9505d552b5d80e117e06546d0fabb42ee19d280e5d0c97443714c307b85cfad35639c099b4226a9f25f77c92324d47cbb03eaf2f343a563d7aa3e639add6e7459579e51706c769e07bc4e0f55536f84576780b56e8086e80c89a62836ffd9c983e0a38a564a2252ad1d7f86381db30db4140a385579aefad5dc4b53288ac37aae18ecd18cee3cce9be205ab2627577f14025c7e222fbfdcd084e02bc33f26e4481abcf8351954b55e65a4178185b524552ccd52bf5583d4748ba0a599d8044136c7ccfedd6922a99c48d9d554fdd4cba4681035f7aa24baf9a0befc9ae204e01e0bfc4c22ac0810ba540a995a182a559a711d15af72248dbb8c50452cc7fbd7d15026964c5959ffd7ac41dd974d645a7a43657677201908153152d27ff19714b04a74bfefa1221fae98a995a2fdb70b5ae5140012b10bdd9d5dcf463c5fda8109436668b53882226281904006c0801b784ca2bbb6307adbf7d8287bf62aef2b551b1399679b002072de622fe778b0576ff23079e3edcf3d855815b7cf5af8f9fad935ab69dfb50af5cd2cfd2394fac4d0bf7ab1eac679a49786f8be80094db684a66fdc91fa3b6d00e656ba41207b0c930c2e3c415d9555278e4d812070e7b08cf4fab16405696c796fde4586d4c3fe35751a2da0ccc68586ef96575f90fab1e6fe0baf8182fbfe"], 0x48}, 0x1, 0x0, 0x0, 0x9004}, 0x4080)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141b82, 0x180)
getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000001d40)={'broute\x00', 0x0, 0x3, 0x0, [], 0x0, 0x0, 0x0}, &(0x7f0000001dc0)=0xa8)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x4c, r3, 0x1, 0x70bd25, 0x25dddbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x7}, @broadcast, @device_b, @initial, {0x2}, @value=@ver_80211n={0x0, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}}, @delba={0x3, 0x2, {{0x0, 0x1, 0xc}, 0x28, {0xbd, 0x6, @device_b}}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x44050)
syz_usb_connect$cdc_ncm(0x0, 0x18d, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x17b, 0x2, 0x1, 0x9, 0xb0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "fa383084"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x72ba, 0x71d, 0x5}, {0x6, 0x24, 0x1a, 0x1, 0x8}, [@mbim={0xc, 0x24, 0x1b, 0x9, 0x1, 0x7, 0x6, 0x9, 0x8}, @mdlm_detail={0xdd, 0x24, 0x13, 0x6, "f0c38386939f97513a21749c6ed02111ffafc71b30afbfbb399f2efbedc551f965caf300f0d211ffc0b40810e4a63f23600f0ee95724bdcb83a674f7843949f12d9ef808d47ae3115d4b9876619cb578ca6522c91a3102d9743b55864d4aa8b94ba33cf1b62207ff3af8b30f5e4d54e5a6096f9fa13247c66fb9acdc3ed32586c219e42d3a7ae5c5a6d70f888c64c8303831fcb59649876252da5e5e8739122c3c76987e835f3b67d36de7e531444d98c8d4923909767fae1ea37625c53fb67024f1c2fc08fe8e0b985c2dc69389ad8648874d52c02b69567c"}, @mbim_extended={0x8, 0x24, 0x1c, 0xb, 0x0, 0x6}, @mdlm={0x15, 0x24, 0x12, 0xff}, @mdlm={0x15, 0x24, 0x12, 0x1}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x1, 0x26, 0x5f}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0xff, 0x0, 0xd4}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x62, 0x2, 0x7}}}}}}}]}}, &(0x7f0000000040)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0x3, 0x64, 0xff, 0x20, 0x2}, 0x130, &(0x7f00000007c0)={0x5, 0xf, 0x130, 0x6, [@ssp_cap={0xc, 0x10, 0xa, 0x4, 0x0, 0x5, 0xf, 0x7}, @generic={0x2d, 0x10, 0x2, "a5dcb89eebf7a834124efd66473061c8f54a02fd1cbba2d66e3628a494c72822d74f64d941a88b2361fd"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x4, 0x3, 0x40}, @generic={0xde, 0x10, 0x2, "d95cea0eaf2e6047fe484b20a928f6d3fd811edbf2c8b189a1bd8b9c717d685e188e91b1eacf0e4869982d2bc4c181098dc47a8c97a72c2d5488486102d6e165912e8a075f05b1ce2a692186ef56ccc047387d3fff787556f62008bdfc0526cfe128f7b4282dd9067a03893068f7a856e7e6d1d4cd52285d8919bdf12fab699be9b1cabb2d30637919da055022ff8036b5581dda081e31a2eebe1e892b4b0380335221ab56ea7c32ad9f0a7fd849ed39f6e82c25096fa4a2ea43e54d6aeaada61e9d91147a569cb0494341ab74ebb2df12958492107b05d790f7f7"}, @generic={0x7, 0x10, 0x4, "0f434e58"}, @ptm_cap={0x3}]}, 0x1, [{0xf9, &(0x7f00000003c0)=@string={0xf9, 0x3, "148d726bd87ba13f32bf4b0234f9e4dba9d7d042f1e8edb48fb53d7c8e87be3eab70949b9fc1a9eee55fdf4f1bfc0b599fa5f8b5c399d8a7aaa8e23a2310731a9c5f5104185c0fa471ceb5cb0027ec21cbba614ebd660c0e53f10377f22e7f877795963538c6b0b50ef48b8367ae187bdcc88a6e074bd29318fd46f529ea1a1345627586d2caebef306c4fe05e6ee68941abb2e0026777b94bb73a55e9066e3cc7e1aeff122b1753d54a1cbe4f030ebba91163314602b754596e5cdf5de1f76b77e1831f154f42bfd2e28ed380c99a29ad4c263a13c4a18a9584f01db759d7aeb5f944d011012718a48da8e49bed533723e0a2365541fd"}}]})
syz_usb_connect$cdc_ecm(0x6, 0xdc, &(0x7f0000000280)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xca, 0x1, 0x1, 0x40, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x2, 0x6, 0x0, 0x9, {{0x7, 0x24, 0x6, 0x0, 0x0, "ada4"}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x8001, 0xe, 0xc, 0x2}, [@country_functional={0xc, 0x24, 0x7, 0x1, 0xfff, [0x5, 0x5, 0x3]}, @obex={0x5, 0x24, 0x15, 0xba}, @mdlm_detail={0x6a, 0x24, 0x13, 0x9, "d4aef9ed00977410bafa4a9a95a37d0d3943e2ae81fbd36e0edc539a737855ab2b824f7e8e161aaec3315bb0243d43b03b1d27965e376bef57da153557ffbcd7085eb5a8c14e52db252db5164ed2f28d2d46049e2aab7c0821a15a2abf19474ff743cd4cb80f"}, @obex={0x5, 0x24, 0x15, 0xc469}, @acm={0x4, 0x24, 0x2, 0x7}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x7, 0x7, 0x6}}], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x8, 0x8, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x8, 0x9}}}}}]}}]}}, &(0x7f0000000a40)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x110, 0x83, 0x3, 0x2, 0x40, 0xa}, 0x25, &(0x7f00000004c0)={0x5, 0xf, 0x25, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0xa, 0x9, 0x0, 0x4}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0xd1, 0x5, 0x5, 0xfa}, @wireless={0xb, 0x10, 0x1, 0x8, 0x2f, 0x2, 0x8f, 0x3, 0x6}, @ptm_cap={0x3}]}, 0x1, [{0xfa, &(0x7f0000000900)=@string={0xfa, 0x3, "8b1d0684a1bc754fe8b24e20ca8bf9324ae961a1b88aef9c938e1cd55a824da40fb6af817aee5d488668af723454e46746524a3bec19e6353cfea051dd8980a75601c6cdf9adcbc9f1dc0982f55b084fca41c49ddadd46acfc35e13e2fc6983cc4ebf9e3c59306cefca436206f6ba9c8e7390144df9ba3e4a3b1e43ea6bc34b65b586a6f42eaaa3665771168c0da6f3a3052db8dd514e7967e625db230a68feabfd0daa8d5e6741d1f410709ce9137afe23c7ada22938f49a0771e17d626011bac5dc5877f174c318c57ca90257507778b1b1420807d2ea49a111039afb1aede9db9fa89843740bab254cd33a613b4ff06c22ad14da7c270"}}]})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffea8, &(0x7f00000000c0)=ANY=[])

kernel console output (not intermixed with test programs):

 753.701781][ T5973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.544728][ T5972] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  754.557935][ T5972] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[  754.573979][ T5972] usb 3-1: Product: syz
[  754.586841][ T5972] usb 3-1: Manufacturer: syz
[  754.589537][T16049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2691'.
[  754.592136][ T5972] usb 3-1: SerialNumber: syz
[  754.613068][ T5973] usb 1-1: Product: syz
[  754.617373][ T5973] usb 1-1: Manufacturer: syz
[  754.625787][ T5972] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  754.634726][ T5973] usb 1-1: SerialNumber: syz
[  754.688735][ T5973] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  754.821949][ T5901] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  754.833512][ T5972] vp7045: USB control message 'out' went wrong.
[  754.849568][ T5972] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  754.869581][ T5972] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  754.909931][ T5972] usb 3-1: USB disconnect, device number 51
[  755.061734][   T30] audit: type=1400 audit(1753005306.211:1341): avc:  denied  { getopt } for  pid=16052 comm="syz.4.2692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  755.271693][T16057] FAULT_INJECTION: forcing a failure.
[  755.271693][T16057] name failslab, interval 1, probability 0, space 0, times 0
[  755.295112][T16057] CPU: 1 UID: 0 PID: 16057 Comm: syz.3.2694 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  755.295140][T16057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  755.295151][T16057] Call Trace:
[  755.295157][T16057]  <TASK>
[  755.295165][T16057]  dump_stack_lvl+0x16c/0x1f0
[  755.295199][T16057]  should_fail_ex+0x512/0x640
[  755.295235][T16057]  should_failslab+0xc2/0x120
[  755.295254][T16057]  __kmalloc_cache_noprof+0x6a/0x3e0
[  755.295279][T16057]  ? sctp_add_bind_addr+0xae/0x3f0
[  755.295310][T16057]  sctp_add_bind_addr+0xae/0x3f0
[  755.295341][T16057]  sctp_copy_local_addr_list+0x39d/0x5a0
[  755.295365][T16057]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  755.295389][T16057]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  755.295416][T16057]  ? sctp_bind_addr_copy+0xe0/0x530
[  755.295432][T16057]  sctp_bind_addr_copy+0xe0/0x530
[  755.295455][T16057]  sctp_connect_new_asoc+0x1d7/0x790
[  755.295480][T16057]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  755.295511][T16057]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  755.295536][T16057]  sctp_sendmsg+0x15f9/0x1ee0
[  755.295566][T16057]  ? __pfx_sctp_sendmsg+0x10/0x10
[  755.295595][T16057]  ? __pfx_sock_has_perm+0x10/0x10
[  755.295629][T16057]  ? __import_iovec+0x1dd/0x650
[  755.295650][T16057]  ? __pfx_sctp_sendmsg+0x10/0x10
[  755.295674][T16057]  inet_sendmsg+0x11c/0x140
[  755.295701][T16057]  ____sys_sendmsg+0x973/0xc70
[  755.295725][T16057]  ? copy_msghdr_from_user+0x10a/0x160
[  755.295753][T16057]  ? __pfx_____sys_sendmsg+0x10/0x10
[  755.295780][T16057]  ? __pfx__kstrtoull+0x10/0x10
[  755.295808][T16057]  ___sys_sendmsg+0x134/0x1d0
[  755.295832][T16057]  ? __pfx____sys_sendmsg+0x10/0x10
[  755.295866][T16057]  ? find_held_lock+0x2b/0x80
[  755.295910][T16057]  __sys_sendmmsg+0x200/0x420
[  755.295932][T16057]  ? __pfx___sys_sendmmsg+0x10/0x10
[  755.295961][T16057]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  755.295995][T16057]  ? fput+0x70/0xf0
[  755.296014][T16057]  ? ksys_write+0x1ac/0x250
[  755.296040][T16057]  ? __pfx_ksys_write+0x10/0x10
[  755.296072][T16057]  __x64_sys_sendmmsg+0x9c/0x100
[  755.296089][T16057]  ? lockdep_hardirqs_on+0x7c/0x110
[  755.296115][T16057]  do_syscall_64+0xcd/0x4c0
[  755.296135][T16057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.296153][T16057] RIP: 0033:0x7fbd7238e9a9
[  755.296168][T16057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  755.296185][T16057] RSP: 002b:00007fbd73113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  755.296202][T16057] RAX: ffffffffffffffda RBX: 00007fbd725b5fa0 RCX: 00007fbd7238e9a9
[  755.296214][T16057] RDX: 0000000000000002 RSI: 0000200000001240 RDI: 0000000000000004
[  755.296224][T16057] RBP: 00007fbd73113090 R08: 0000000000000000 R09: 0000000000000000
[  755.296234][T16057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  755.296244][T16057] R13: 0000000000000000 R14: 00007fbd725b5fa0 R15: 00007ffeae4f0618
[  755.296270][T16057]  </TASK>
[  755.594670][T16030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2686'.
[  755.604026][T16030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2686'.
[  755.613014][T16030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2686'.
[  756.082138][ T5901] usb 1-1: Service connection timeout for: 256
[  756.088594][ T5901] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  756.209301][ T5901] ath9k_htc: Failed to initialize the device
[  756.268524][   T30] audit: type=1326 audit(1753005307.401:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  756.419953][ T5901] usb 1-1: ath9k_htc: USB layer deinitialized
[  756.579036][   T30] audit: type=1326 audit(1753005307.401:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=106 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  756.602594][    C0] vkms_vblank_simulate: vblank timer overrun
[  756.611695][   T30] audit: type=1326 audit(1753005307.401:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  756.636434][    C0] vkms_vblank_simulate: vblank timer overrun
[  757.038090][ T5972] usb 1-1: USB disconnect, device number 60
[  757.088060][   T30] audit: type=1326 audit(1753005307.411:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  757.157081][ T6442] udevd[6442]: symlink '../../loop6' '/dev/disk/by-diskseq/78.tmp-b7:6' failed: Read-only file system
[  757.339747][   T30] audit: type=1326 audit(1753005307.411:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  757.613520][   T30] audit: type=1326 audit(1753005307.411:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  757.754594][   T30] audit: type=1326 audit(1753005307.411:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  757.789412][   T30] audit: type=1326 audit(1753005307.411:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  757.824853][   T30] audit: type=1326 audit(1753005307.411:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  757.859396][   T30] audit: type=1326 audit(1753005307.411:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  758.011606][   T30] audit: type=1326 audit(1753005307.411:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16064 comm="syz.1.2697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe73cd8e9a9 code=0x7ffc0000
[  758.690272][T16093] SELinux: failed to load policy
[  759.637492][   T10] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  759.950148][T16107] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  760.038995][T16116] Falling back ldisc for ptm0.
[  760.069880][   T10] usb 3-1: Using ep0 maxpacket: 8
[  760.080114][   T10] usb 3-1: config 64 has an invalid interface number: 19 but max is 0
[  760.088403][   T10] usb 3-1: config 64 has no interface number 0
[  760.094656][   T10] usb 3-1: config 64 interface 19 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  760.119515][   T10] usb 3-1: config 64 interface 19 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  760.144789][   T10] usb 3-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=3f.e0
[  760.183989][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.207171][T16120] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2713'.
[  760.224680][   T10] usb 3-1: probing VID:PID(2201:012C)   
[  760.244341][   T10] usb 3-1: vub300 testing BULK OUT EndPoint(0) 02
[  760.264889][   T10] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs
[  760.301115][   T10] vub300 3-1:64.19: probe with driver vub300 failed with error -22
[  760.385131][T16117] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  760.430930][ T5901] usb 3-1: USB disconnect, device number 52
[  761.789676][ T5939] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  761.832791][T16150] /dev/nullb0: Can't open blockdev
[  762.009519][ T5939] usb 5-1: Using ep0 maxpacket: 32
[  762.034998][ T5939] usb 5-1: unable to get BOS descriptor or descriptor too short
[  762.056711][ T5939] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  762.072482][ T5939] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  762.084769][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.128672][ T5939] usb 5-1: Product: syz
[  762.141815][ T5939] usb 5-1: Manufacturer: syz
[  762.153195][ T5939] usb 5-1: SerialNumber: syz
[  762.490055][ T5939] usb 5-1: Limiting number of CPorts to U8_MAX
[  762.500416][ T5939] usb 5-1: Not enough endpoints found in device, aborting!
[  762.708165][ T5901] usb 5-1: USB disconnect, device number 50
[  762.839689][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  762.839705][   T30] audit: type=1400 audit(1753005313.991:1364): avc:  denied  { append } for  pid=16157 comm="syz.2.2725" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  762.976566][T16160] lo speed is unknown, defaulting to 1000
[  762.983857][T16160] lo speed is unknown, defaulting to 1000
[  763.106777][T16164] binder: BINDER_SET_CONTEXT_MGR already set
[  763.127874][T16164] binder: 16163:16164 ioctl 4018620d 200000000040 returned -16
[  763.145394][T16164] binder: 16163:16164 ioctl c0306201 200000000240 returned -11
[  764.679710][ T5901] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  764.883046][ T5901] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  764.931747][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.957711][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.986472][ T5901] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  765.014896][ T5901] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[  765.025302][T16201] lo speed is unknown, defaulting to 1000
[  765.033954][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  765.055771][T16201] lo speed is unknown, defaulting to 1000
[  765.057392][ T5901] usb 5-1: config 0 descriptor??
[  765.389312][T16213] binder: BINDER_SET_CONTEXT_MGR already set
[  765.400442][T16213] binder: 16212:16213 ioctl 4018620d 200000000040 returned -16
[  765.419199][T16213] binder: 16212:16213 ioctl c0306201 200000000240 returned -11
[  765.707940][T16187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  765.761237][T16187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  765.781027][ T5901] usbhid 5-1:0.0: can't add hid device: -71
[  765.826496][ T5901] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  765.839311][T16229] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2744'.
[  766.314166][T16230] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2742'.
[  766.376551][ T5901] usb 5-1: USB disconnect, device number 51
[  766.859022][T16243] FAULT_INJECTION: forcing a failure.
[  766.859022][T16243] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  766.872392][T16243] CPU: 1 UID: 0 PID: 16243 Comm: syz.1.2746 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  766.872417][T16243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  766.872428][T16243] Call Trace:
[  766.872434][T16243]  <TASK>
[  766.872442][T16243]  dump_stack_lvl+0x16c/0x1f0
[  766.872475][T16243]  should_fail_ex+0x512/0x640
[  766.872507][T16243]  _copy_from_user+0x2e/0xd0
[  766.872526][T16243]  move_addr_to_kernel+0x65/0x170
[  766.872551][T16243]  __sys_connect+0xb1/0x160
[  766.872576][T16243]  ? __pfx___sys_connect+0x10/0x10
[  766.872617][T16243]  __x64_sys_connect+0x72/0xb0
[  766.872640][T16243]  ? lockdep_hardirqs_on+0x7c/0x110
[  766.872674][T16243]  do_syscall_64+0xcd/0x4c0
[  766.872693][T16243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.872712][T16243] RIP: 0033:0x7fe73cd8e9a9
[  766.872727][T16243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  766.872744][T16243] RSP: 002b:00007fe73abf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  766.872762][T16243] RAX: ffffffffffffffda RBX: 00007fe73cfb6160 RCX: 00007fe73cd8e9a9
[  766.872774][T16243] RDX: 000000000000006e RSI: 0000200000000340 RDI: 0000000000000005
[  766.872786][T16243] RBP: 00007fe73abf6090 R08: 0000000000000000 R09: 0000000000000000
[  766.872797][T16243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  766.872808][T16243] R13: 0000000000000000 R14: 00007fe73cfb6160 R15: 00007ffed5e5b2f8
[  766.872834][T16243]  </TASK>
[  766.877983][T16243] /dev/nullb0: Can't open blockdev
[  767.123047][T16242] lo speed is unknown, defaulting to 1000
[  767.141777][T16242] lo speed is unknown, defaulting to 1000
[  767.143336][T16249] FAULT_INJECTION: forcing a failure.
[  767.143336][T16249] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  767.213428][T16249] CPU: 0 UID: 0 PID: 16249 Comm: syz.0.2749 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  767.213454][T16249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  767.213464][T16249] Call Trace:
[  767.213471][T16249]  <TASK>
[  767.213477][T16249]  dump_stack_lvl+0x16c/0x1f0
[  767.213509][T16249]  should_fail_ex+0x512/0x640
[  767.213539][T16249]  _copy_from_user+0x2e/0xd0
[  767.213557][T16249]  move_addr_to_kernel+0x65/0x170
[  767.213582][T16249]  __sys_connect+0xb1/0x160
[  767.213606][T16249]  ? __pfx___sys_connect+0x10/0x10
[  767.213639][T16249]  ? __pfx_ksys_write+0x10/0x10
[  767.213671][T16249]  __x64_sys_connect+0x72/0xb0
[  767.213694][T16249]  ? lockdep_hardirqs_on+0x7c/0x110
[  767.213721][T16249]  do_syscall_64+0xcd/0x4c0
[  767.213739][T16249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.213757][T16249] RIP: 0033:0x7f3fd6d8e9a9
[  767.213771][T16249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  767.213788][T16249] RSP: 002b:00007f3fd7cde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  767.213805][T16249] RAX: ffffffffffffffda RBX: 00007f3fd6fb5fa0 RCX: 00007f3fd6d8e9a9
[  767.213817][T16249] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  767.213828][T16249] RBP: 00007f3fd7cde090 R08: 0000000000000000 R09: 0000000000000000
[  767.213838][T16249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  767.213848][T16249] R13: 0000000000000000 R14: 00007f3fd6fb5fa0 R15: 00007fffd0fb27d8
[  767.213871][T16249]  </TASK>
[  767.696650][T16275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2754'.
[  767.739060][T16278] xt_CT: You must specify a L4 protocol and not use inversions on it
[  767.779842][T16277] binder: BINDER_SET_CONTEXT_MGR already set
[  767.801234][T16277] binder: 16274:16277 ioctl 4018620d 2000000000c0 returned -16
[  767.812025][T16277] binder: BINDER_SET_CONTEXT_MGR already set
[  767.818143][T16277] binder: 16274:16277 ioctl 4018620d 200000000040 returned -16
[  767.865823][T16277] binder: 16274:16277 ioctl c0306201 200000000240 returned -11
[  768.017314][T16287] netlink: 'syz.2.2756': attribute type 6 has an invalid length.
[  769.149837][ T5973] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  769.341919][ T5973] usb 1-1: Using ep0 maxpacket: 8
[  769.366555][ T5973] usb 1-1: unable to get BOS descriptor or descriptor too short
[  769.392093][ T5973] usb 1-1: config 17 has an invalid interface number: 8 but max is 1
[  769.409228][ T5973] usb 1-1: config 17 has 1 interface, different from the descriptor's value: 2
[  769.431313][ T5973] usb 1-1: config 17 has no interface number 0
[  769.741733][ T5973] usb 1-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  769.768436][ T5973] usb 1-1: config 17 interface 8 has no altsetting 0
[  769.784670][ T5973] usb 1-1: string descriptor 0 read error: -22
[  769.795179][ T5973] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  769.819643][ T5973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.871874][ T5973] usb 1-1: selecting invalid altsetting 0
[  769.883022][ T5973] usb 1-1: 8:6 : UAC_AS_GENERAL descriptor not found
[  769.890114][ T5973] usb 1-1: selecting invalid altsetting 0
[  770.078634][ T5973] usb 1-1: USB disconnect, device number 61
[  770.646729][T16319] FAULT_INJECTION: forcing a failure.
[  770.646729][T16319] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  770.660030][T16319] CPU: 1 UID: 0 PID: 16319 Comm: syz.2.2765 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  770.660055][T16319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  770.660066][T16319] Call Trace:
[  770.660072][T16319]  <TASK>
[  770.660080][T16319]  dump_stack_lvl+0x16c/0x1f0
[  770.660115][T16319]  should_fail_ex+0x512/0x640
[  770.660148][T16319]  _copy_from_user+0x2e/0xd0
[  770.660168][T16319]  ucma_write+0x128/0x330
[  770.660188][T16319]  ? __pfx_ucma_write+0x10/0x10
[  770.660206][T16319]  ? bpf_lsm_file_permission+0x9/0x10
[  770.660227][T16319]  ? security_file_permission+0x71/0x210
[  770.660247][T16319]  ? rw_verify_area+0xcf/0x680
[  770.660273][T16319]  ? __pfx_ucma_write+0x10/0x10
[  770.660290][T16319]  vfs_write+0x2a0/0x1150
[  770.660323][T16319]  ? __pfx_vfs_write+0x10/0x10
[  770.660353][T16319]  ? find_held_lock+0x2b/0x80
[  770.660377][T16319]  ? __fget_files+0x204/0x3c0
[  770.660398][T16319]  ? __fget_files+0x20e/0x3c0
[  770.660412][T16319]  ? rcu_watching_snap_stopped_since+0x40/0x110
[  770.660445][T16319]  ksys_write+0x1f8/0x250
[  770.660471][T16319]  ? __pfx_ksys_write+0x10/0x10
[  770.660504][T16319]  do_syscall_64+0xcd/0x4c0
[  770.660525][T16319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.660544][T16319] RIP: 0033:0x7fdf7af8e9a9
[  770.660559][T16319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.660576][T16319] RSP: 002b:00007fdf7bd7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  770.660593][T16319] RAX: ffffffffffffffda RBX: 00007fdf7b1b6160 RCX: 00007fdf7af8e9a9
[  770.660604][T16319] RDX: 0000000000000048 RSI: 00002000000002c0 RDI: 0000000000000008
[  770.660616][T16319] RBP: 00007fdf7bd7e090 R08: 0000000000000000 R09: 0000000000000000
[  770.660626][T16319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  770.660637][T16319] R13: 0000000000000000 R14: 00007fdf7b1b6160 R15: 00007fff1d2cf348
[  770.660661][T16319]  </TASK>
[  770.864811][    C1] vkms_vblank_simulate: vblank timer overrun
[  770.980453][T16323] lo speed is unknown, defaulting to 1000
[  770.987989][T16323] lo speed is unknown, defaulting to 1000
[  771.293030][T16334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2768'.
[  771.300333][T16333] loop9: detected capacity change from 0 to 7
[  771.581054][T16333] buffer_io_error: 12 callbacks suppressed
[  771.581069][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  771.699759][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  771.809732][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  771.817836][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  771.826485][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.206984][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.796293][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.823373][T16333] ldm_validate_partition_table(): Disk read failed.
[  772.903173][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.929982][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.939181][T16333] Buffer I/O error on dev loop9, logical block 0, async page read
[  772.950180][T16333] Dev loop9: unable to read RDB block 0
[  772.981531][T16333]  loop9: unable to read partition table
[  773.022235][T16333] loop9: partition table beyond EOD, truncated
[  773.036785][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/84.tmp-b7:9' failed: Read-only file system
[  773.048129][T16333] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  773.048129][T16333] 
) failed (rc=-5)
[  774.064540][T16367] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  774.358813][ T5847] udevd[5847]: symlink '../../loop9' '/dev/disk/by-diskseq/84.tmp-b7:9' failed: Read-only file system
[  774.437727][T16371] Bluetooth: Invalid esc byte 0x40
[  774.489082][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/84.tmp-b7:9' failed: Read-only file system
[  774.587966][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/85.tmp-b7:9' failed: Read-only file system
[  774.629106][T16373] mkiss: ax0: crc mode is auto.
[  774.684869][T16373] delete_channel: no stack
[  774.926890][   T10] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  774.979959][ T5939] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  775.139822][   T10] usb 1-1: Using ep0 maxpacket: 16
[  775.151557][   T10] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  775.209668][ T5939] usb 3-1: Using ep0 maxpacket: 16
[  775.221921][ T5939] usb 3-1: config 4 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  775.463932][   T10] usb 1-1: config 0 has no interface number 0
[  775.470845][ T5939] usb 3-1: config 4 interface 0 altsetting 64 endpoint 0x81 has invalid wMaxPacketSize 0
[  775.557657][   T10] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  775.588887][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.606573][ T5939] usb 3-1: config 4 interface 0 has no altsetting 0
[  775.613649][   T10] usb 1-1: Product: syz
[  775.626682][T16385] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2781'.
[  775.628015][   T10] usb 1-1: Manufacturer: syz
[  775.643946][ T5939] usb 3-1: New USB device found, idVendor=046d, idProduct=c52b, bcdDevice= 0.00
[  775.760057][ T5939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.768796][   T10] usb 1-1: SerialNumber: syz
[  775.812293][   T10] usb 1-1: config 0 descriptor??
[  775.864307][   T10] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  776.250424][T16398] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2785'.
[  776.520440][T16376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  776.534425][T16376] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  776.589385][   T10] gspca_spca1528: reg_w err -110
[  776.642973][   T10] spca1528 1-1:0.1: probe with driver spca1528 failed with error -110
[  776.833884][T16373] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  776.862148][T16373] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  777.068312][T16407] loop2: detected capacity change from 0 to 7
[  777.084940][   T10] usb 3-1: USB disconnect, device number 53
[  777.126719][T16407] Dev loop2: unable to read RDB block 7
[  777.147881][T16407]  loop2: unable to read partition table
[  777.193011][T16407] loop2: partition table beyond EOD, truncated
[  777.212879][T16407] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  777.245825][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/86.tmp-b7:2' failed: Read-only file system
[  777.617256][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/86.tmp-b7:2' failed: Read-only file system
[  777.688667][T16416] binder: 16415:16416 ioctl c0306201 0 returned -14
[  777.712229][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/86.tmp-b7:2' failed: Read-only file system
[  777.712278][T16416] binder: 16415:16416 ioctl c0306201 200000000240 returned -11
[  777.781925][T16418] xt_CT: No such helper "pptp"
[  778.074921][   T10] usb 1-1: USB disconnect, device number 62
[  778.203442][T16424] batman_adv: batadv0: Adding interface: ipvlan0
[  778.207461][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  778.238115][T16424] batman_adv: batadv0: The MTU of interface ipvlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  778.375663][T10480] lec:lec_start_xmit: lec0:No lecd attached
[  778.411841][T16424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  778.422646][T16424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  778.432942][T16424] batman_adv: batadv0: Interface activated: ipvlan0
[  778.500037][ T5939] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  778.651294][ T5901] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  778.952428][T16441] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2798'.
[  779.182074][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  779.196032][ T5901] usb 5-1: unable to get BOS descriptor or descriptor too short
[  779.222850][ T5901] usb 5-1: config 192 has an invalid interface number: 142 but max is 0
[  779.232058][ T5901] usb 5-1: config 192 has no interface number 0
[  779.232073][ T5939] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  779.241699][ T5901] usb 5-1: config 192 interface 142 altsetting 5 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  779.259751][ T5901] usb 5-1: config 192 interface 142 has no altsetting 0
[  779.278763][ T5901] usb 5-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=1e.52
[  779.387504][ T5901] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.392627][ T5939] usb 3-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00
[  779.406684][ T5939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.434396][ T5939] usb 3-1: config 0 descriptor??
[  779.477525][ T5901] usb 5-1: Product: syz
[  779.487488][ T5901] usb 5-1: Manufacturer: syz
[  779.505014][T16447] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  779.838956][   T30] audit: type=1400 audit(1753005330.981:1365): avc:  denied  { map } for  pid=16446 comm="syz.3.2800" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  779.884478][T16453] bridge2: entered promiscuous mode
[  779.930897][ T5901] usb 5-1: SerialNumber: syz
[  780.346027][ T5939] wacom 0003:056A:033B.002B: unknown main item tag 0x0
[  780.364610][ T5939] wacom 0003:056A:033B.002B: unbalanced delimiter at end of report description
[  780.423376][   T30] audit: type=1400 audit(1753005330.981:1366): avc:  denied  { execute } for  pid=16446 comm="syz.3.2800" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  780.447335][    C1] vkms_vblank_simulate: vblank timer overrun
[  780.462994][ T5939] wacom 0003:056A:033B.002B: parse failed
[  780.468919][ T5939] wacom 0003:056A:033B.002B: probe with driver wacom failed with error -22
[  780.734269][ T5901] s2255 5-1:192.142: Could not find bulk-in endpoint
[  780.741140][ T5901] Sensoray 2255 driver load failed: 0xfffffff4
[  780.747699][ T5901] s2255 5-1:192.142: probe with driver s2255 failed with error -12
[  781.763460][ T5939] usb 3-1: USB disconnect, device number 54
[  782.160893][   T30] audit: type=1400 audit(1753005331.891:1367): avc:  denied  { getopt } for  pid=16458 comm="syz.3.2802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  782.185979][ T5901] usb 5-1: USB disconnect, device number 52
[  782.296590][T16467] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=101 sclass=netlink_audit_socket pid=16467 comm=syz.2.2804
[  782.298320][ T6442] udevd[6442]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  782.597635][T16479] netlink: 'syz.1.2807': attribute type 6 has an invalid length.
[  783.079535][   T10] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  783.279697][   T10] usb 4-1: Using ep0 maxpacket: 32
[  783.286391][   T10] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  783.310063][   T10] usb 4-1: config 0 has no interface number 0
[  783.323169][   T10] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  783.332800][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.352076][   T10] usb 4-1: Product: syz
[  783.361353][   T10] usb 4-1: Manufacturer: syz
[  783.387130][   T10] usb 4-1: SerialNumber: syz
[  783.399501][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms
[  783.407521][    C1] lec:lec_tx_timeout: lec0
[  783.428913][   T10] usb 4-1: config 0 descriptor??
[  783.477457][   T10] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  783.504604][T16492] random: crng reseeded on system resumption
[  783.685048][   T10] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  783.746012][   T10] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  784.434772][T16508] kexec: Could not allocate control_code_buffer
[  784.984099][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  785.392182][T16477] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  785.400910][T16477] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  785.487736][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  785.499746][ T5898] usb 4-1: USB disconnect, device number 60
[  785.541145][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  785.581508][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  785.616420][ T5898] quatech2 4-1:0.51: device disconnected
[  785.659856][   T10] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  785.659868][  T117] usb 3-1: new low-speed USB device number 55 using dummy_hcd
[  785.698782][T16540] netlink: 14601 bytes leftover after parsing attributes in process `syz.3.2819'.
[  785.814776][  T117] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  785.836569][   T10] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  785.844371][  T117] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  785.860734][   T10] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  785.870967][  T117] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  785.892931][  T117] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  785.895091][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[  785.914201][  T117] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  785.938991][  T117] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  785.945241][   T10] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  785.983344][  T117] usb 3-1: string descriptor 0 read error: -22
[  785.994648][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.995417][  T117] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  786.060226][   T10] usb 5-1: config 0 descriptor??
[  786.068288][  T117] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.091654][  T117] usb 3-1: config 0 descriptor??
[  786.097825][T16528] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  786.116866][  T117] hub 3-1:0.0: bad descriptor, ignoring hub
[  786.130491][T16554] FAULT_INJECTION: forcing a failure.
[  786.130491][T16554] name failslab, interval 1, probability 0, space 0, times 0
[  786.146249][  T117] hub 3-1:0.0: probe with driver hub failed with error -5
[  786.154194][T16554] CPU: 0 UID: 0 PID: 16554 Comm: syz.1.2822 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  786.154224][T16554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  786.154235][T16554] Call Trace:
[  786.154241][T16554]  <TASK>
[  786.154249][T16554]  dump_stack_lvl+0x16c/0x1f0
[  786.154282][T16554]  should_fail_ex+0x512/0x640
[  786.154308][T16554]  ? fs_reclaim_acquire+0xae/0x150
[  786.154332][T16554]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  786.154350][T16554]  should_failslab+0xc2/0x120
[  786.154369][T16554]  __kmalloc_noprof+0xd2/0x510
[  786.154408][T16554]  tomoyo_realpath_from_path+0xc2/0x6e0
[  786.154429][T16554]  ? tomoyo_profile+0x47/0x60
[  786.154452][T16554]  tomoyo_path_number_perm+0x245/0x580
[  786.154476][T16554]  ? tomoyo_path_number_perm+0x237/0x580
[  786.154503][T16554]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  786.154530][T16554]  ? find_held_lock+0x2b/0x80
[  786.154577][T16554]  ? find_held_lock+0x2b/0x80
[  786.154598][T16554]  ? hook_file_ioctl_common+0x145/0x410
[  786.154625][T16554]  ? __fget_files+0x20e/0x3c0
[  786.154647][T16554]  security_file_ioctl+0x9b/0x240
[  786.154666][T16554]  __x64_sys_ioctl+0xb7/0x210
[  786.154692][T16554]  do_syscall_64+0xcd/0x4c0
[  786.154711][T16554]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.154729][T16554] RIP: 0033:0x7fe73cd8e9a9
[  786.154745][T16554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  786.154760][T16554] RSP: 002b:00007fe73db39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  786.154776][T16554] RAX: ffffffffffffffda RBX: 00007fe73cfb5fa0 RCX: 00007fe73cd8e9a9
[  786.154786][T16554] RDX: 00002000000000c0 RSI: 0000000000008916 RDI: 0000000000000004
[  786.154796][T16554] RBP: 00007fe73db39090 R08: 0000000000000000 R09: 0000000000000000
[  786.154805][T16554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  786.154814][T16554] R13: 0000000000000000 R14: 00007fe73cfb5fa0 R15: 00007ffed5e5b2f8
[  786.154836][T16554]  </TASK>
[  786.155192][T16554] ERROR: Out of memory at tomoyo_realpath_from_path.
[  786.175446][  T117] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input48
[  786.262334][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout
[  786.552018][T16511] lo speed is unknown, defaulting to 1000
[  786.558652][T16511] lo speed is unknown, defaulting to 1000
[  786.706826][T16511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2813'.
[  786.721593][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  786.727593][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  786.744767][   T10] usb 5-1: USB disconnect, device number 53
[  787.437580][T16582] netlink: 'syz.1.2828': attribute type 6 has an invalid length.
[  787.447367][ T5154] Bluetooth: hci2: command 0x0c1a tx timeout
[  787.843791][T16589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2829'.
[  788.284016][   T30] audit: type=1400 audit(1753005339.431:1368): avc:  denied  { setopt } for  pid=16593 comm="syz.1.2832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  788.530910][T16599] 9pnet_fd: Insufficient options for proto=fd
[  788.651260][T16605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2835'.
[  788.748508][T16608] netlink: 'syz.3.2834': attribute type 6 has an invalid length.
[  789.227018][   T30] audit: type=1400 audit(1753005340.361:1369): avc:  denied  { checkpoint_restore } for  pid=16597 comm="syz.0.2833" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  789.265354][T16588] bpq0: entered promiscuous mode
[  789.274018][T16588] bpq0: entered allmulticast mode
[  789.285050][  T117] usb 3-1: USB disconnect, device number 55
[  789.454086][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  789.498667][T16619] FAULT_INJECTION: forcing a failure.
[  789.498667][T16619] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  789.535019][T16619] CPU: 0 UID: 0 PID: 16619 Comm: syz.0.2838 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  789.535047][T16619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  789.535058][T16619] Call Trace:
[  789.535064][T16619]  <TASK>
[  789.535072][T16619]  dump_stack_lvl+0x16c/0x1f0
[  789.535104][T16619]  should_fail_ex+0x512/0x640
[  789.535135][T16619]  _copy_from_user+0x2e/0xd0
[  789.535154][T16619]  copy_msghdr_from_user+0x98/0x160
[  789.535184][T16619]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  789.535225][T16619]  ___sys_sendmsg+0xfe/0x1d0
[  789.535240][T16619]  ? __pfx____sys_sendmsg+0x10/0x10
[  789.535254][T16619]  ? __lock_acquire+0x622/0x1c90
[  789.535301][T16619]  __sys_sendmsg+0x16d/0x220
[  789.535319][T16619]  ? __pfx___sys_sendmsg+0x10/0x10
[  789.535358][T16619]  do_syscall_64+0xcd/0x4c0
[  789.535377][T16619]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  789.535394][T16619] RIP: 0033:0x7f3fd6d8e9a9
[  789.535408][T16619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  789.535425][T16619] RSP: 002b:00007f3fd7cde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  789.535441][T16619] RAX: ffffffffffffffda RBX: 00007f3fd6fb5fa0 RCX: 00007f3fd6d8e9a9
[  789.535453][T16619] RDX: 00000000000040c0 RSI: 00002000000000c0 RDI: 0000000000000003
[  789.535463][T16619] RBP: 00007f3fd7cde090 R08: 0000000000000000 R09: 0000000000000000
[  789.535473][T16619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  789.535481][T16619] R13: 0000000000000000 R14: 00007f3fd6fb5fa0 R15: 00007fffd0fb27d8
[  789.535505][T16619]  </TASK>
[  789.759283][  T117] libceph: connect (1)[c::]:6789 error -101
[  789.770537][  T117] libceph: mon0 (1)[c::]:6789 connect error
[  790.162745][T16634] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2842'.
[  790.205016][T16624] ceph: No mds server is up or the cluster is laggy
[  790.294822][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  790.331213][T16640] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2845'.
[  790.639177][T16649] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2846'.
[  791.051079][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  791.176685][T16655] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2847'.
[  791.209505][   T30] audit: type=1400 audit(1753005342.351:1370): avc:  denied  { append } for  pid=16654 comm="syz.0.2848" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  791.971823][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  792.165522][T16663] sp0: Synchronizing with TNC
[  792.220022][T16665] sp0: Found TNC
[  792.466514][T16669] netlink: 'syz.0.2851': attribute type 6 has an invalid length.
[  793.185978][T16662] [U] �`
[  793.940783][   T30] audit: type=1326 audit(1753005345.091:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  793.964231][    C1] vkms_vblank_simulate: vblank timer overrun
[  794.077566][   T30] audit: type=1326 audit(1753005345.121:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  794.103137][   T30] audit: type=1326 audit(1753005345.121:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  794.126617][    C1] vkms_vblank_simulate: vblank timer overrun
[  794.144821][   T30] audit: type=1326 audit(1753005345.121:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  794.183170][   T30] audit: type=1326 audit(1753005345.121:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  794.450006][   T30] audit: type=1326 audit(1753005345.121:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  794.596119][   T30] audit: type=1326 audit(1753005345.121:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  794.733657][   T30] audit: type=1326 audit(1753005345.121:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  795.109651][   T30] audit: type=1326 audit(1753005345.121:1379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  795.299704][   T30] audit: type=1326 audit(1753005345.121:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16686 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbd7238e9a9 code=0x7ffc0000
[  796.256360][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  796.365844][T16732] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2869'.
[  796.423711][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  796.429675][T16732] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2869'.
[  796.501040][T16732] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2869'.
[  796.579680][ T5901] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  796.583172][T16741] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2870'.
[  796.616339][T16741] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2870'.
[  796.641241][T16741] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2870'.
[  796.689060][T16740] overlay: ./bus is not a directory
[  796.749525][ T5901] usb 2-1: Using ep0 maxpacket: 32
[  796.762469][ T5901] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  796.772008][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.780383][ T5901] usb 2-1: Product: syz
[  796.784665][ T5901] usb 2-1: Manufacturer: syz
[  796.790386][ T5901] usb 2-1: SerialNumber: syz
[  796.911085][ T5901] usb 2-1: config 0 descriptor??
[  797.233932][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  797.446907][T16755] [U] `�
[  798.481505][ T5901] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  798.498444][T16763] netlink: 'syz.4.2875': attribute type 1 has an invalid length.
[  798.557372][ T5901] peak_usb 2-1:0.0 can0: sending command failure: -22
[  798.574597][ T5901] peak_usb 2-1:0.0 can0: sending command failure: -22
[  798.660616][ T5901] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22
[  798.748802][ T5901] usb 2-1: USB disconnect, device number 59
[  798.819304][ T5154] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  798.836410][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  799.002805][T16763] netlink: 'syz.4.2875': attribute type 2 has an invalid length.
[  799.231387][T16784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2882'.
[  799.243947][T16783] FAULT_INJECTION: forcing a failure.
[  799.243947][T16783] name failslab, interval 1, probability 0, space 0, times 0
[  799.366648][T16783] CPU: 1 UID: 0 PID: 16783 Comm: syz.1.2883 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  799.366677][T16783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  799.366688][T16783] Call Trace:
[  799.366694][T16783]  <TASK>
[  799.366702][T16783]  dump_stack_lvl+0x16c/0x1f0
[  799.366732][T16783]  should_fail_ex+0x512/0x640
[  799.366754][T16783]  ? fs_reclaim_acquire+0xae/0x150
[  799.366774][T16783]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  799.366789][T16783]  should_failslab+0xc2/0x120
[  799.366804][T16783]  __kmalloc_noprof+0xd2/0x510
[  799.366841][T16783]  tomoyo_realpath_from_path+0xc2/0x6e0
[  799.366859][T16783]  ? tomoyo_profile+0x47/0x60
[  799.366877][T16783]  tomoyo_path_number_perm+0x245/0x580
[  799.366900][T16783]  ? tomoyo_path_number_perm+0x237/0x580
[  799.366922][T16783]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  799.366944][T16783]  ? find_held_lock+0x2b/0x80
[  799.366982][T16783]  ? find_held_lock+0x2b/0x80
[  799.366999][T16783]  ? hook_file_ioctl_common+0x145/0x410
[  799.367021][T16783]  ? __fget_files+0x20e/0x3c0
[  799.367038][T16783]  security_file_ioctl+0x9b/0x240
[  799.367054][T16783]  __x64_sys_ioctl+0xb7/0x210
[  799.367075][T16783]  do_syscall_64+0xcd/0x4c0
[  799.367091][T16783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  799.367106][T16783] RIP: 0033:0x7fe73cd8e9a9
[  799.367118][T16783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  799.367133][T16783] RSP: 002b:00007fe73db39038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  799.367148][T16783] RAX: ffffffffffffffda RBX: 00007fe73cfb5fa0 RCX: 00007fe73cd8e9a9
[  799.367158][T16783] RDX: 00002000000000c0 RSI: 0000000000008916 RDI: 0000000000000004
[  799.367167][T16783] RBP: 00007fe73db39090 R08: 0000000000000000 R09: 0000000000000000
[  799.367176][T16783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  799.367184][T16783] R13: 0000000000000000 R14: 00007fe73cfb5fa0 R15: 00007ffed5e5b2f8
[  799.367209][T16783]  </TASK>
[  799.367218][T16783] ERROR: Out of memory at tomoyo_realpath_from_path.
[  800.606446][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  800.653846][T16803] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$���UL�vy��آ
�D��UD�w�}�zR3'
[  800.669591][T16803] CPU: 0 UID: 0 PID: 16803 Comm: syz.2.2887 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  800.669620][T16803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  800.669632][T16803] Call Trace:
[  800.669639][T16803]  <TASK>
[  800.669648][T16803]  dump_stack_lvl+0x16c/0x1f0
[  800.669682][T16803]  sysfs_warn_dup+0x7f/0xa0
[  800.669714][T16803]  sysfs_do_create_link_sd+0x124/0x140
[  800.669736][T16803]  sysfs_create_link+0x61/0xc0
[  800.669756][T16803]  device_add+0x62c/0x1a70
[  800.669782][T16803]  ? __pfx_device_add+0x10/0x10
[  800.669803][T16803]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  800.669827][T16803]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  800.669853][T16803]  wiphy_register+0x1c9c/0x2850
[  800.669881][T16803]  ? netdev_run_todo+0x864/0x1320
[  800.669901][T16803]  ? __dev_printk+0x1f0/0x270
[  800.669933][T16803]  ? __pfx_wiphy_register+0x10/0x10
[  800.669977][T16803]  ieee80211_register_hw+0x24ac/0x4140
[  800.670009][T16803]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  800.670038][T16803]  ? find_held_lock+0x2b/0x80
[  800.670065][T16803]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  800.670089][T16803]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  800.670112][T16803]  ? __hrtimer_setup+0x176/0x280
[  800.670137][T16803]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  800.670182][T16803]  ? trace_kmalloc+0x2b/0xd0
[  800.670201][T16803]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  800.670233][T16803]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  800.670263][T16803]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  800.670296][T16803]  ? __asan_memcpy+0x3c/0x60
[  800.670328][T16803]  hwsim_new_radio_nl+0xb51/0x12c0
[  800.670362][T16803]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  800.670400][T16803]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  800.670427][T16803]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  800.670459][T16803]  genl_family_rcv_msg_doit+0x209/0x2f0
[  800.670486][T16803]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  800.670519][T16803]  ? bpf_lsm_capable+0x9/0x10
[  800.670540][T16803]  ? security_capable+0x7e/0x260
[  800.670567][T16803]  ? ns_capable+0xd7/0x110
[  800.670590][T16803]  genl_rcv_msg+0x55c/0x800
[  800.670617][T16803]  ? __pfx_genl_rcv_msg+0x10/0x10
[  800.670640][T16803]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  800.670670][T16803]  ? __lock_acquire+0x622/0x1c90
[  800.670692][T16803]  netlink_rcv_skb+0x158/0x420
[  800.670713][T16803]  ? __pfx_genl_rcv_msg+0x10/0x10
[  800.670738][T16803]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  800.670769][T16803]  ? netlink_deliver_tap+0x1ae/0xd30
[  800.670788][T16803]  ? is_vmalloc_addr+0x86/0xa0
[  800.670817][T16803]  genl_rcv+0x28/0x40
[  800.670838][T16803]  netlink_unicast+0x58a/0x850
[  800.670864][T16803]  ? __pfx_netlink_unicast+0x10/0x10
[  800.670893][T16803]  netlink_sendmsg+0x8d1/0xdd0
[  800.670920][T16803]  ? __pfx_netlink_sendmsg+0x10/0x10
[  800.670952][T16803]  ____sys_sendmsg+0xa98/0xc70
[  800.670986][T16803]  ? copy_msghdr_from_user+0x10a/0x160
[  800.671015][T16803]  ? __pfx_____sys_sendmsg+0x10/0x10
[  800.671046][T16803]  ? __pfx_futex_wake_mark+0x10/0x10
[  800.671072][T16803]  ___sys_sendmsg+0x134/0x1d0
[  800.671092][T16803]  ? __pfx____sys_sendmsg+0x10/0x10
[  800.671108][T16803]  ? __lock_acquire+0x622/0x1c90
[  800.671162][T16803]  __sys_sendmsg+0x16d/0x220
[  800.671181][T16803]  ? __pfx___sys_sendmsg+0x10/0x10
[  800.671198][T16803]  ? __x64_sys_futex+0x1e0/0x4c0
[  800.671242][T16803]  do_syscall_64+0xcd/0x4c0
[  800.671263][T16803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  800.671281][T16803] RIP: 0033:0x7fdf7af8e9a9
[  800.671298][T16803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  800.671316][T16803] RSP: 002b:00007fdf7bdc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  800.671335][T16803] RAX: ffffffffffffffda RBX: 00007fdf7b1b5fa0 RCX: 00007fdf7af8e9a9
[  800.671347][T16803] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  800.671358][T16803] RBP: 00007fdf7b010d69 R08: 0000000000000000 R09: 0000000000000000
[  800.671368][T16803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  800.671378][T16803] R13: 0000000000000000 R14: 00007fdf7b1b5fa0 R15: 00007fff1d2cf348
[  800.671404][T16803]  </TASK>
[  801.201919][T16808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2888'.
[  801.282413][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  802.135448][T16816] SELinux: failed to load policy
[  802.406421][T16825] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2891'.
[  802.670714][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  802.802562][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  802.974760][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  802.989579][  T117] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  803.176844][  T117] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  803.306228][  T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.323729][  T117] usb 2-1: Product: syz
[  803.329651][  T117] usb 2-1: Manufacturer: syz
[  803.339611][  T117] usb 2-1: SerialNumber: syz
[  803.339678][ T5898] usb 3-1: new low-speed USB device number 56 using dummy_hcd
[  803.363825][  T117] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  803.439838][   T10] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  803.599530][   T10] usb 1-1: Using ep0 maxpacket: 8
[  803.611316][ T5898] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[  803.620495][ T5898] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  803.634139][   T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  803.658027][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  803.675037][ T5898] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  803.696988][ T5898] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  803.709177][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  803.729324][ T5973] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  803.738920][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.757409][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[  803.773534][   T10] usb 1-1: Product: ᝢﯴ믂』⌀䳈䛯䅐㟲緣傘砽桡胹앴഑怡豮昙꤇弩옖㕁퍬䱬⏂⽳ﭐᑒึ᜝➩ⳣ檵跔餖떍踈⡼ꍿ枰㼖럾Ǖ俆肇ᯄ祖㲘㳼蚎㵵坷틎銤빮匐엢귂㫩☹㵗鶙섬ꔤꬨ䧹悡驕攤餞帡ｺᠭ楪︱뽉⚜❹ꡅ偩
[  803.899609][ T5898] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  803.913364][   T10] usb 1-1: Manufacturer: 、
[  803.918214][   T10] usb 1-1: SerialNumber: ц
[  803.925638][ T5898] usb 3-1: string descriptor 0 read error: -22
[  803.932044][ T5898] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  803.989583][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  804.029199][ T5898] usb 3-1: config 0 descriptor??
[  804.078870][T16840] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  804.125850][ T5898] hub 3-1:0.0: bad descriptor, ignoring hub
[  804.323646][ T5898] hub 3-1:0.0: probe with driver hub failed with error -5
[  804.425392][T16832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2893'.
[  804.436248][   T10] usb 1-1: 0:2 : does not exist
[  804.542701][T16832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2893'.
[  804.560552][ T5898] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input49
[  804.586447][   T10] usb 1-1: USB disconnect, device number 63
[  804.799558][ T5973] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  804.806904][ T5973] ath9k_htc: Failed to initialize the device
[  805.133393][ T5898] libceph: connect (1)[c::]:6789 error -101
[  805.194590][ T5898] libceph: mon0 (1)[c::]:6789 connect error
[  805.362602][ T5973] usb 2-1: ath9k_htc: USB layer deinitialized
[  805.496832][T16863] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  805.671613][   T10] libceph: connect (1)[c::]:6789 error -101
[  805.733464][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  806.093079][ T5898] usb 3-1: USB disconnect, device number 56
[  806.219596][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  806.219634][   T30] audit: type=1400 audit(1753005357.331:1393): avc:  denied  { name_bind } for  pid=16866 comm="syz.4.2902" src=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1
[  806.434546][   T10] libceph: connect (1)[c::]:6789 error -101
[  806.460754][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  806.468419][T16829] ceph: No mds server is up or the cluster is laggy
[  806.567668][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  806.584598][T16871] lo speed is unknown, defaulting to 1000
[  806.661173][T16871] lo speed is unknown, defaulting to 1000
[  806.832756][T16877] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2904'.
[  807.288624][ T5898] usb 2-1: USB disconnect, device number 60
[  807.515757][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  807.928197][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  808.560378][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  808.570094][ T1299] lec:lec_start_xmit: lec0:No lecd attached
[  808.630903][ T5973] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  808.857276][ T5973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  808.989575][ T5973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  808.999376][ T5973] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  809.008537][ T5973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  809.013527][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  809.018275][ T5973] usb 5-1: config 0 descriptor??
[  809.544651][   T30] audit: type=1400 audit(1753005360.691:1394): avc:  denied  { map } for  pid=16907 comm="syz.2.2915" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  809.576296][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.584587][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.592202][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.598988][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.606442][   T30] audit: type=1400 audit(1753005360.721:1395): avc:  denied  { execute } for  pid=16907 comm="syz.2.2915" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  809.634597][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.642405][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.649187][ T5973] pyra 0003:1E7D:2CF6.002C: unknown main item tag 0x0
[  809.697000][ T5973] pyra 0003:1E7D:2CF6.002C: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  810.621446][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  810.728028][T16929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2917'.
[  811.212754][T16931] input: syz1 as /devices/virtual/input/input50
[  811.337118][ T5973] pyra 0003:1E7D:2CF6.002C: couldn't init struct pyra_device
[  811.416107][ T5973] pyra 0003:1E7D:2CF6.002C: couldn't install mouse
[  811.436976][ T5973] pyra 0003:1E7D:2CF6.002C: probe with driver pyra failed with error -71
[  811.454705][ T5973] usb 5-1: USB disconnect, device number 54
[  812.441020][   T10] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  812.527466][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  812.609937][   T10] usb 5-1: Using ep0 maxpacket: 16
[  812.737741][   T10] usb 5-1: config 0 has no interfaces?
[  812.892082][   T10] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  812.909264][   T10] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  812.955603][   T10] usb 5-1: Product: syz
[  813.112133][T16969] netlink: 'syz.1.2919': attribute type 6 has an invalid length.
[  813.492748][   T10] usb 5-1: Manufacturer: syz
[  813.499634][   T10] usb 5-1: SerialNumber: syz
[  813.520370][   T10] usb 5-1: config 0 descriptor??
[  814.112179][T16976] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  814.253535][T16946] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2921'.
[  814.262556][T16946] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2921'.
[  814.282198][T16946] team0: entered promiscuous mode
[  814.287338][T16946] team_slave_0: entered promiscuous mode
[  814.303826][T16946] team_slave_1: entered promiscuous mode
[  814.316576][T16946] batadv_slave_1: entered promiscuous mode
[  814.319442][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms
[  814.330379][    C1] lec:lec_tx_timeout: lec0
[  814.476536][T16946] batadv_slave_1: left promiscuous mode
[  814.689264][T16946] team0: left promiscuous mode
[  814.694339][T16946] team_slave_0: left promiscuous mode
[  814.711236][T16946] team_slave_1: left promiscuous mode
[  815.919318][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  815.976287][T16999] netlink: 'syz.2.2934': attribute type 10 has an invalid length.
[  816.043061][T16999] bond0: (slave hsr0): The slave device specified does not support setting the MAC address
[  816.078214][   T10] usb 5-1: USB disconnect, device number 55
[  816.101148][T16999] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[  816.134511][T17001] overlayfs: failed to resolve './file0': -2
[  816.171156][T16999] bond0: (slave hsr0): Error -22 calling dev_set_mtu
[  816.364466][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  816.504153][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  816.533569][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  816.543807][ T5154] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  816.553048][ T5154] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  816.567021][ T5154] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  816.575777][ T5154] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  816.693554][T17020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2938'.
[  816.694702][   T30] audit: type=1400 audit(1753005367.841:1396): avc:  denied  { mounton } for  pid=17009 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  816.788433][T17021] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2939'.
[  817.038333][ T6442] udevd[6442]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  817.149798][ T5898] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  817.235049][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  817.235783][ T8807] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.276944][T17009] lo speed is unknown, defaulting to 1000
[  817.284541][T17009] lo speed is unknown, defaulting to 1000
[  817.361925][ T5898] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  817.387636][ T5898] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  817.398442][ T5898] usb 4-1: config 0 interface 0 has no altsetting 0
[  817.407140][ T5898] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  817.407521][ T8807] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.418125][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.468414][ T5898] usb 4-1: config 0 descriptor??
[  817.631109][ T8807] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.754776][ T8807] netdevsim netdevsim1  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.928522][T17018] lo speed is unknown, defaulting to 1000
[  817.935411][T17018] lo speed is unknown, defaulting to 1000
[  818.020591][T17018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2940'.
[  818.051671][ T5154] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  818.051761][ T5154] Bluetooth: hci1: Malformed LE Event: 0x0d
[  818.079952][ T5898] usbhid 4-1:0.0: can't add hid device: -71
[  818.090629][ T5898] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  818.133769][ T5898] usb 4-1: USB disconnect, device number 61
[  818.272291][ T5837] udevd[5837]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  818.324730][T17009] chnl_net:caif_netlink_parms(): no params data found
[  818.335776][ T8807] dummy0: left allmulticast mode
[  818.345094][ T8807] bridge0: port 3(dummy0) entered disabled state
[  818.361974][   T30] audit: type=1400 audit(1753005369.511:1397): avc:  denied  { accept } for  pid=17049 comm="syz.2.2948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  818.362685][ T8807] bridge_slave_1: left allmulticast mode
[  818.396131][ T8807] bridge_slave_1: left promiscuous mode
[  818.404438][ T8807] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.421168][   T30] audit: type=1400 audit(1753005369.541:1398): avc:  denied  { write } for  pid=17049 comm="syz.2.2948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  818.454184][ T8807] bridge_slave_0: left allmulticast mode
[  818.467378][   T30] audit: type=1400 audit(1753005369.541:1399): avc:  denied  { read } for  pid=17049 comm="syz.2.2948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  818.469730][ T8807] bridge_slave_0: left promiscuous mode
[  818.525580][ T8807] bridge0: port 1(bridge_slave_0) entered disabled state
[  818.750859][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  818.813349][ T5154] Bluetooth: hci0: command tx timeout
[  818.847196][T17063] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2950'.
[  819.794235][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  819.925559][T17099] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2952'.
[  820.611372][ T8807] dvmrp8 (unregistering): left allmulticast mode
[  820.720688][ T8807] tipc: Disabling bearer <eth:bridge0>
[  820.851244][ T8807] bond1 (unregistering): Released all slaves
[  820.870714][T17108] block device autoloading is deprecated and will be removed.
[  820.888327][ T5154] Bluetooth: hci0: command tx timeout
[  820.953455][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  821.065659][   T30] audit: type=1400 audit(1753005372.201:1400): avc:  denied  { mount } for  pid=17112 comm="syz.2.2955" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  821.113413][ T8807] tipc: Left network mode
[  821.145800][T17121] net_ratelimit: 10 callbacks suppressed
[  821.145812][T17121] netlink: zone id is out of range
[  821.156692][T17121] netlink: zone id is out of range
[  821.161941][T17121] netlink: zone id is out of range
[  821.167432][T17121] netlink: zone id is out of range
[  821.172959][T17121] netlink: zone id is out of range
[  821.178079][T17121] netlink: zone id is out of range
[  821.192047][T17121] netlink: zone id is out of range
[  821.197189][T17121] netlink: zone id is out of range
[  821.203598][T17121] netlink: set zone limit has 4 unknown bytes
[  821.254835][T17009] bridge0: port 1(bridge_slave_0) entered blocking state
[  821.269617][T17009] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.283887][T17009] bridge_slave_0: entered allmulticast mode
[  821.296402][T17009] bridge_slave_0: entered promiscuous mode
[  821.658156][T17009] bridge0: port 2(bridge_slave_1) entered blocking state
[  821.689659][T17009] bridge0: port 2(bridge_slave_1) entered disabled state
[  821.707057][T17009] bridge_slave_1: entered allmulticast mode
[  821.714614][T17009] bridge_slave_1: entered promiscuous mode
[  822.710253][   T30] audit: type=1400 audit(1753005373.861:1401): avc:  denied  { unmount } for  pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  822.789155][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  822.959532][ T5154] Bluetooth: hci0: command tx timeout
[  823.648849][T17009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  823.716739][T17009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  823.806438][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  823.902558][T17164] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2964'.
[  824.576238][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  824.690722][T17009] team0: Port device team_slave_0 added
[  824.736362][T17009] team0: Port device team_slave_1 added
[  824.828657][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  824.869639][ T5885] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  824.940070][T17009] batman_adv: batadv0: Adding interface: batadv_slave_0
[  824.947424][T17009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  824.975939][T17009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  825.043787][ T5154] Bluetooth: hci0: command tx timeout
[  825.056951][T17009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  825.065521][T17009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  825.069822][ T5885] usb 4-1: Using ep0 maxpacket: 8
[  825.101131][T17009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  825.115509][T17186] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  825.267698][ T5885] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  825.294921][ T5885] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  825.335567][ T5885] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  825.674616][ T5885] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  825.791815][ T5885] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  825.852097][ T5885] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  825.917554][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  825.930163][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.004992][T17009] hsr_slave_0: entered promiscuous mode
[  826.023665][T17009] hsr_slave_1: entered promiscuous mode
[  826.034132][T17009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  826.046125][T17009] Cannot create hsr debugfs directory
[  826.214791][ T5885] usb 4-1: usb_control_msg returned -32
[  826.233914][ T5885] usbtmc 4-1:16.0: can't read capabilities
[  826.311143][T17198] netlink: 'syz.2.2971': attribute type 6 has an invalid length.
[  827.201572][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  827.725781][ T8807] hsr_slave_0: left promiscuous mode
[  827.740171][ T8807] hsr_slave_1: left promiscuous mode
[  827.755313][ T8807] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  827.792243][ T8807] batman_adv: batadv0: Removing interface: batadv_slave_0
[  827.811775][ T8807] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  827.834103][ T8807] batman_adv: batadv0: Removing interface: batadv_slave_1
[  827.872890][ T8807] veth1_macvtap: left promiscuous mode
[  827.878846][ T8807] veth0_macvtap: left promiscuous mode
[  828.062952][ T8807] pim6reg (unregistering): left allmulticast mode
[  828.369820][ T5939] usb 4-1: USB disconnect, device number 62
[  828.515189][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  828.807706][T17242] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2981'.
[  829.410731][T17247] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60432 sclass=netlink_route_socket pid=17247 comm=syz.3.2982
[  829.772983][ T8807] team0 (unregistering): Port device team_slave_1 removed
[  830.279236][ T8807] team0 (unregistering): Port device team_slave_0 removed
[  830.832445][ T5885] infiniband syz1: ib_query_port failed (-19)
[  831.150379][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  831.186928][   T30] audit: type=1400 audit(1753005382.321:1402): avc:  denied  { bind } for  pid=17261 comm="syz.4.2985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  831.294247][   T30] audit: type=1400 audit(1753005382.321:1403): avc:  denied  { name_bind } for  pid=17261 comm="syz.4.2985" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  831.315156][    C0] vkms_vblank_simulate: vblank timer overrun
[  831.500543][   T30] audit: type=1400 audit(1753005382.321:1404): avc:  denied  { node_bind } for  pid=17261 comm="syz.4.2985" saddr=fe80::bb src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  831.508097][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  831.796416][ T5939] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  832.065145][ T5939] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  832.075075][ T5939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.093319][ T5939] usb 4-1: Product: syz
[  832.107755][ T5939] usb 4-1: Manufacturer: syz
[  832.112682][ T5939] usb 4-1: SerialNumber: syz
[  832.132228][ T5939] usb 4-1: config 0 descriptor??
[  832.730427][T17294] netlink: 'syz.4.2991': attribute type 1 has an invalid length.
[  832.815318][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  832.816254][T17294] 8021q: adding VLAN 0 to HW filter on device bond3
[  832.866895][T17009] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  832.913359][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  832.918003][T17297] vlan0: entered promiscuous mode
[  832.937687][   T30] audit: type=1400 audit(1753005384.081:1405): avc:  denied  { write } for  pid=17293 comm="syz.4.2991" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  832.960421][T17297] bond3: entered promiscuous mode
[  832.966150][T17297] vlan0: entered allmulticast mode
[  832.973292][T17297] bond3: entered allmulticast mode
[  833.049871][T17009] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  833.064581][T17009] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  833.091694][T17309] FAULT_INJECTION: forcing a failure.
[  833.091694][T17309] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  833.106040][T17009] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  833.163908][T17309] CPU: 1 UID: 0 PID: 17309 Comm: syz.0.2994 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  833.163936][T17309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  833.163946][T17309] Call Trace:
[  833.163952][T17309]  <TASK>
[  833.163959][T17309]  dump_stack_lvl+0x16c/0x1f0
[  833.163990][T17309]  should_fail_ex+0x512/0x640
[  833.164020][T17309]  _copy_from_user+0x2e/0xd0
[  833.164038][T17309]  copy_msghdr_from_user+0x98/0x160
[  833.164065][T17309]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  833.164097][T17309]  ? kfree+0x24f/0x4d0
[  833.164119][T17309]  ? __lock_acquire+0x622/0x1c90
[  833.164142][T17309]  ___sys_recvmsg+0xdb/0x1a0
[  833.164158][T17309]  ? __pfx____sys_recvmsg+0x10/0x10
[  833.164188][T17309]  ? __pfx___might_resched+0x10/0x10
[  833.164215][T17309]  do_recvmmsg+0x2fe/0x750
[  833.164234][T17309]  ? __pfx_do_recvmmsg+0x10/0x10
[  833.164256][T17309]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  833.164280][T17309]  ? __fget_files+0x20e/0x3c0
[  833.164303][T17309]  __x64_sys_recvmmsg+0x22a/0x280
[  833.164321][T17309]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  833.164338][T17309]  ? xfd_validate_state+0x61/0x180
[  833.164371][T17309]  do_syscall_64+0xcd/0x4c0
[  833.164388][T17309]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  833.164405][T17309] RIP: 0033:0x7f3fd6d8e9a9
[  833.164420][T17309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  833.164437][T17309] RSP: 002b:00007f3fd7cbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  833.164455][T17309] RAX: ffffffffffffffda RBX: 00007f3fd6fb6080 RCX: 00007f3fd6d8e9a9
[  833.164466][T17309] RDX: 040000000000002e RSI: 0000200000000000 RDI: 0000000000000003
[  833.164477][T17309] RBP: 00007f3fd7cbd090 R08: 0000000000000000 R09: 0000000000000000
[  833.164488][T17309] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002
[  833.164498][T17309] R13: 0000000000000001 R14: 00007f3fd6fb6080 R15: 00007fffd0fb27d8
[  833.164521][T17309]  </TASK>
[  833.169983][ T5939] usb 4-1: non-Atmel transceiver xxxx08e5
[  833.438914][ T5939] usb 4-1: Firmware version (0.0) predates our first public release.
[  833.447432][ T5939] usb 4-1: Please update to version 0.2 or newer
[  833.454904][ T5939] usb 4-1: atusb_probe: initialization failed, error = -19
[  833.472438][ T5939] usb 4-1: USB disconnect, device number 63
[  834.006507][T17009] 8021q: adding VLAN 0 to HW filter on device bond0
[  834.234808][T17009] 8021q: adding VLAN 0 to HW filter on device team0
[  834.305331][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  834.312506][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  834.315703][T17337] CIFS mount error: No usable UNC path provided in device string!
[  834.315703][T17337] 
[  834.338220][T17337] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  834.499171][ T8819] bridge0: port 2(bridge_slave_1) entered blocking state
[  834.506281][ T8819] bridge0: port 2(bridge_slave_1) entered forwarding state
[  834.689607][ T5972] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  834.893698][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  834.974691][ T5972] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  835.010471][ T5972] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  835.019082][T17009] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  835.059604][ T5972] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  835.088962][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  835.155422][T17339] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  835.183088][ T5972] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  835.349643][ T5885] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  835.539846][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  835.626090][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  835.767179][ T5885] usb 3-1: can't read configurations, error -61
[  836.222916][ T5972] usb 1-1: USB disconnect, device number 64
[  836.387699][T17365] overlay: ./file0 is not a directory
[  836.419637][ T5885] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  836.515954][T17009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  836.660182][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  836.668229][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  836.676312][ T5885] usb 3-1: can't read configurations, error -61
[  836.693108][ T5885] usb usb3-port1: attempt power cycle
[  836.804391][T17009] veth0_vlan: entered promiscuous mode
[  836.838206][T17009] veth1_vlan: entered promiscuous mode
[  836.935569][T17009] veth0_macvtap: entered promiscuous mode
[  836.977149][T17009] veth1_macvtap: entered promiscuous mode
[  837.071000][ T5885] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  837.172126][T17009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  837.181003][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  837.193368][T17395] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3009'.
[  837.210254][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  837.236769][T17009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  837.400725][ T5885] usb 3-1: can't read configurations, error -61
[  837.405118][T17009] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  837.459001][T17009] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  837.504960][T17009] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  837.528433][T17009] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  837.559937][ T5885] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  837.610632][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  837.619504][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -61
[  837.638779][ T5885] usb 3-1: can't read configurations, error -61
[  837.662935][ T5885] usb usb3-port1: unable to enumerate USB device
[  837.832958][ T6708] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.854971][ T6708] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.891455][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.900573][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.938484][   T30] audit: type=1400 audit(1753005389.081:1406): avc:  denied  { mounton } for  pid=17009 comm="syz-executor" path="/root/syzkaller.k5vvvK/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  838.087131][   T30] audit: type=1400 audit(1753005389.121:1407): avc:  denied  { mounton } for  pid=17009 comm="syz-executor" path="/root/syzkaller.k5vvvK/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  838.307095][ T6442] udevd[6442]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  838.318216][   T30] audit: type=1400 audit(1753005389.121:1408): avc:  denied  { mounton } for  pid=17009 comm="syz-executor" path="/root/syzkaller.k5vvvK/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=61441 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  839.254438][   T30] audit: type=1400 audit(1753005389.151:1409): avc:  denied  { mounton } for  pid=17009 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2788 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  839.290717][T17425] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  839.297259][T17425] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  839.351151][   T30] audit: type=1400 audit(1753005389.151:1410): avc:  denied  { mounton } for  pid=17009 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  839.378165][T17425] vhci_hcd vhci_hcd.0: Device attached
[  839.474516][   T30] audit: type=1400 audit(1753005390.331:1411): avc:  denied  { read } for  pid=17410 comm="syz.1.2932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  839.639756][   T10] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  839.728409][ T5885] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  840.080815][ T5885] usb 3-1: Using ep0 maxpacket: 16
[  840.107107][ T5885] usb 3-1: config 0 has no interfaces?
[  840.440206][ T5885] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  840.495681][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.575783][ T5885] usb 3-1: config 0 descriptor??
[  840.836228][T17426] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2
[  840.845383][ T5885] usb 3-1: USB disconnect, device number 61
[  840.867588][ T8807] vhci_hcd: stop threads
[  840.909525][ T8807] vhci_hcd: release socket
[  840.947483][ T8807] vhci_hcd: disconnect device
[  841.342756][T11635] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  841.354144][T11635] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  841.364713][T11635] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  841.384457][T11635] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  841.427723][T11635] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  841.452001][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  841.557487][T17460] lo speed is unknown, defaulting to 1000
[  841.564600][T17460] lo speed is unknown, defaulting to 1000
[  841.981883][   T30] audit: type=1400 audit(1753005393.111:1412): avc:  denied  { read } for  pid=17467 comm="syz.3.3020" name="file1" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  842.021471][T17460] chnl_net:caif_netlink_parms(): no params data found
[  842.102680][   T30] audit: type=1400 audit(1753005393.111:1413): avc:  denied  { open } for  pid=17467 comm="syz.3.3020" path="/621/file0/file1" dev="fuse" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  842.195950][T17484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3022'.
[  842.234179][ T8811] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.303314][T17484] netlink: 92 bytes leftover after parsing attributes in process `syz.3.3022'.
[  842.328904][   T30] audit: type=1400 audit(1753005393.471:1414): avc:  denied  { read } for  pid=17479 comm="syz.1.3021" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  842.500321][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  842.562219][T17460] bridge0: port 1(bridge_slave_0) entered blocking state
[  842.569343][T17460] bridge0: port 1(bridge_slave_0) entered disabled state
[  842.599189][T17460] bridge_slave_0: entered allmulticast mode
[  842.635565][T17460] bridge_slave_0: entered promiscuous mode
[  842.642641][T17494] xt_l2tp: unknown flags: 17
[  842.681502][   T30] audit: type=1400 audit(1753005393.811:1415): avc:  denied  { setopt } for  pid=17493 comm="syz.2.3023" lport=46317 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  842.803446][ T8811] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  842.866642][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  842.902999][T17460] bridge0: port 2(bridge_slave_1) entered blocking state
[  842.925765][T17460] bridge0: port 2(bridge_slave_1) entered disabled state
[  842.949514][T17460] bridge_slave_1: entered allmulticast mode
[  842.971029][T17460] bridge_slave_1: entered promiscuous mode
[  843.020676][T17515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3028'.
[  843.115578][ T8811] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  843.225923][T17521] 9pnet_fd: Insufficient options for proto=fd
[  843.272543][T17492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3024'.
[  843.339470][T10480] lec:lec_start_xmit: lec0:No lecd attached
[  843.425109][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  843.443905][ T8811] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  843.504958][T17460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  843.520821][T11635] Bluetooth: hci5: command tx timeout
[  843.673083][T17460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  844.018954][T17536] netlink: 'syz.3.3031': attribute type 6 has an invalid length.
[  845.050530][   T10] vhci_hcd: vhci_device speed not set
[  845.066117][T17460] team0: Port device team_slave_0 added
[  845.101490][T17460] team0: Port device team_slave_1 added
[  845.271017][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  845.345040][T17460] batman_adv: batadv0: Adding interface: batadv_slave_0
[  845.364192][T17460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.390116][    C0] vkms_vblank_simulate: vblank timer overrun
[  845.424046][T17460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  845.599532][T11635] Bluetooth: hci5: command tx timeout
[  845.729979][T17460] batman_adv: batadv0: Adding interface: batadv_slave_1
[  845.743510][T17460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  845.769523][    C0] vkms_vblank_simulate: vblank timer overrun
[  845.795718][T17560] FAULT_INJECTION: forcing a failure.
[  845.795718][T17560] name failslab, interval 1, probability 0, space 0, times 0
[  845.811772][T17460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  845.834285][T17560] CPU: 0 UID: 0 PID: 17560 Comm: syz.1.3036 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  845.834310][T17560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  845.834319][T17560] Call Trace:
[  845.834326][T17560]  <TASK>
[  845.834333][T17560]  dump_stack_lvl+0x16c/0x1f0
[  845.834365][T17560]  should_fail_ex+0x512/0x640
[  845.834391][T17560]  ? fs_reclaim_acquire+0xae/0x150
[  845.834415][T17560]  should_failslab+0xc2/0x120
[  845.834433][T17560]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  845.834460][T17560]  ? security_inode_alloc+0x3b/0x2b0
[  845.834490][T17560]  security_inode_alloc+0x3b/0x2b0
[  845.834516][T17560]  inode_init_always_gfp+0xce4/0x1030
[  845.834538][T17560]  alloc_inode+0x86/0x240
[  845.834561][T17560]  new_inode+0x22/0x1c0
[  845.834583][T17560]  shmem_get_inode+0x19a/0xfb0
[  845.834619][T17560]  shmem_mknod+0x1a8/0x450
[  845.834646][T17560]  vfs_mknod+0x5da/0x8e0
[  845.834677][T17560]  do_mknodat+0x30f/0x5d0
[  845.834709][T17560]  ? __pfx_do_mknodat+0x10/0x10
[  845.834735][T17560]  ? getname_flags.part.0+0x1c5/0x550
[  845.834756][T17560]  ? __pfx_ksys_write+0x10/0x10
[  845.834788][T17560]  __x64_sys_mknodat+0xaf/0xe0
[  845.834807][T17560]  do_syscall_64+0xcd/0x4c0
[  845.834828][T17560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  845.834850][T17560] RIP: 0033:0x7f9f9238e9a9
[  845.834865][T17560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  845.834883][T17560] RSP: 002b:00007f9f931d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[  845.834901][T17560] RAX: ffffffffffffffda RBX: 00007f9f925b5fa0 RCX: 00007f9f9238e9a9
[  845.834913][T17560] RDX: 0000000000002000 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  845.834923][T17560] RBP: 00007f9f931d7090 R08: 0000000000000000 R09: 0000000000000000
[  845.834934][T17560] R10: 0000000000000103 R11: 0000000000000246 R12: 0000000000000002
[  845.834944][T17560] R13: 0000000000000000 R14: 00007f9f925b5fa0 R15: 00007ffc0fefa678
[  845.834969][T17560]  </TASK>
[  846.039016][    C0] vkms_vblank_simulate: vblank timer overrun
[  846.065057][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  846.309280][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  846.547504][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  846.914363][ T8811] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  847.045181][ T8811] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  847.070369][ T8811] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  847.095668][ T8811] bond0 (unregistering): Released all slaves
[  847.341991][ T8811] bond1 (unregistering): Released all slaves
[  847.364275][T17460] hsr_slave_0: entered promiscuous mode
[  847.377945][T17460] hsr_slave_1: entered promiscuous mode
[  847.435550][T17596] No control pipe specified
[  847.802275][T17460] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  847.805521][T11635] Bluetooth: hci5: command tx timeout
[  847.830774][T17460] Cannot create hsr debugfs directory
[  847.866244][ T8811] tipc: Disabling bearer <udp:syz0>
[  847.872497][ T8811] tipc: Left network mode
[  848.326088][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  848.349429][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms
[  848.357476][    C1] lec:lec_tx_timeout: lec0
[  848.451962][T17603] bpq0: left promiscuous mode
[  848.456797][T17603] bpq0: left allmulticast mode
[  849.204004][   T10] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  849.336975][T17617] netlink: 'syz.4.3049': attribute type 10 has an invalid length.
[  849.440938][   T10] usb 3-1: Using ep0 maxpacket: 16
[  849.572819][   T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  849.718079][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.840851][T11635] Bluetooth: hci5: command tx timeout
[  849.906143][   T10] usb 3-1: config 0 descriptor??
[  849.953707][   T10] gspca_main: sonixj-2.14.0 probing 0471:0327
[  850.297696][T17617] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  850.652057][ T8811] hsr_slave_0: left promiscuous mode
[  850.667224][ T8811] hsr_slave_1: left promiscuous mode
[  850.674947][   T10] gspca_sonixj: reg_r err -110
[  850.678158][   T30] audit: type=1400 audit(1753005401.821:1416): avc:  denied  { nlmsg_write } for  pid=17640 comm="syz.4.3054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  850.683768][   T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[  850.713023][ T8811] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  850.744737][   T30] audit: type=1107 audit(1753005401.851:1417): pid=17640 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  850.745764][ T8811] batman_adv: batadv0: Removing interface: batadv_slave_0
[  850.836892][    C0] vkms_vblank_simulate: vblank timer overrun
[  850.885318][ T8811] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  850.893801][ T8811] batman_adv: batadv0: Removing interface: batadv_slave_1
[  850.920082][ T5939] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  850.930914][ T8811] veth1_macvtap: left promiscuous mode
[  850.944003][ T8811] veth0_macvtap: left promiscuous mode
[  850.950033][ T8811] veth1_vlan: left promiscuous mode
[  850.958204][ T8811] veth0_vlan: left promiscuous mode
[  851.099609][T17650] Bluetooth: MGMT ver 1.23
[  851.179824][ T5939] usb 2-1: Using ep0 maxpacket: 32
[  851.301022][ T5939] usb 2-1: config 0 has an invalid interface number: 225 but max is 0
[  851.310830][ T5939] usb 2-1: config 0 has no interface number 0
[  851.329738][ T5939] usb 2-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=7e.79
[  851.339958][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  851.353044][ T5939] usb 2-1: Product: syz
[  851.357378][ T5939] usb 2-1: Manufacturer: syz
[  851.376238][ T5939] usb 2-1: SerialNumber: syz
[  851.411678][ T5939] usb 2-1: config 0 descriptor??
[  851.424661][ T8811] pim6reg (unregistering): left allmulticast mode
[  851.426770][ T5953] usb 3-1: USB disconnect, device number 62
[  851.522772][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  852.483765][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  852.538568][ T8811] team0 (unregistering): Port device team_slave_1 removed
[  852.608757][ T8811] team0 (unregistering): Port device team_slave_0 removed
[  852.619246][T17667] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  852.632638][T17667] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  852.978017][T17673] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3062'.
[  853.356454][ T5939] mos7840 2-1:0.225: required endpoints missing
[  853.391455][ T5939] usb 2-1: USB disconnect, device number 61
[  853.420210][T17667] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  853.426631][T17667] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  853.433531][T17667] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  853.439919][T17667] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  853.467572][T17667] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  853.575750][T17667] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  853.585796][T17667] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  854.276321][T17667] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  855.488225][   T30] audit: type=1400 audit(1753005405.931:1418): avc:  denied  { bind } for  pid=17693 comm="syz.3.3067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  855.556330][ T5154] Bluetooth: hci0: command 0x0c1a tx timeout
[  855.568009][T11635] Bluetooth: hci2: command 0x0c1a tx timeout
[  855.572463][ T5154] Bluetooth: hci1: command 0x0c1a tx timeout
[  855.599966][T11635] Bluetooth: hci5: command 0x0c1a tx timeout
[  855.654821][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  856.162287][T17713] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3070'.
[  856.329527][   T10] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  856.727526][T17460] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  856.829117][T17733] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3071'.
[  857.223976][T17460] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  857.233206][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  857.243788][   T10] usb 3-1: can't read configurations, error -61
[  857.272594][T17460] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  857.294926][T17460] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  857.483797][   T10] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  857.649977][T11635] Bluetooth: hci0: command 0x0c1a tx timeout
[  857.679742][T11635] Bluetooth: hci5: command 0x0c1a tx timeout
[  857.683769][T17748] SELinux: failed to load policy
[  857.731638][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  857.748788][   T10] usb 3-1: can't read configurations, error -61
[  857.782065][T17752] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3072'.
[  857.810410][   T10] usb usb3-port1: attempt power cycle
[  857.935563][T17756] loop9: detected capacity change from 0 to 7
[  857.949049][T17460] 8021q: adding VLAN 0 to HW filter on device bond0
[  857.958820][T17756] buffer_io_error: 9 callbacks suppressed
[  857.958836][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  857.996316][T17460] 8021q: adding VLAN 0 to HW filter on device team0
[  858.021044][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.029112][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.038104][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.048343][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.070320][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.078783][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.128210][ T6694] bridge0: port 1(bridge_slave_0) entered blocking state
[  858.135324][ T6694] bridge0: port 1(bridge_slave_0) entered forwarding state
[  858.156310][T17756] ldm_validate_partition_table(): Disk read failed.
[  858.163555][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.172149][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.181046][T17756] Buffer I/O error on dev loop9, logical block 0, async page read
[  858.189507][T17756] Dev loop9: unable to read RDB block 0
[  858.196617][T17756]  loop9: unable to read partition table
[  858.203321][T17756] loop9: partition table beyond EOD, truncated
[  858.223107][   T10] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  858.286185][ T6694] bridge0: port 2(bridge_slave_1) entered blocking state
[  858.292537][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  858.293320][ T6694] bridge0: port 2(bridge_slave_1) entered forwarding state
[  858.301201][   T10] usb 3-1: can't read configurations, error -61
[  858.369479][T17756] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  858.369479][T17756] 
) failed (rc=-5)
[  858.585965][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/89.tmp-b7:9' failed: Read-only file system
[  858.630587][ T5939] usb 4-1: new full-speed USB device number 64 using dummy_hcd
[  858.657688][T17460] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  858.686814][T17460] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  858.717223][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/89.tmp-b7:9' failed: Read-only file system
[  858.789673][   T10] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  858.822794][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid maxpacket 200, setting to 64
[  858.848209][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  858.867022][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  858.879281][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/89.tmp-b7:9' failed: Read-only file system
[  858.906438][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 64
[  858.935173][ T5846] udevd[5846]: symlink '../../loop9' '/dev/disk/by-diskseq/90.tmp-b7:9' failed: Read-only file system
[  858.950021][ T5939] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  858.959239][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  859.039515][   T10] usb 3-1: device not accepting address 66, error -71
[  859.053369][ T5939] usb 4-1: config 0 descriptor??
[  859.554905][   T10] usb usb3-port1: unable to enumerate USB device
[  859.565403][T17764] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  859.590669][T17764] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  859.689712][T16745] Bluetooth: hci0: command 0x0c1a tx timeout
[  859.759756][T16745] Bluetooth: hci5: command 0x0c1a tx timeout
[  859.876530][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  860.276352][T17795] random: crng reseeded on system resumption
[  860.339538][T17795] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[17795]
[  861.054054][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  861.133599][T17800] tmpfs: Bad value for 'mpol'
[  861.330014][T17460] 8021q: adding VLAN 0 to HW filter on device batadv0
[  861.366912][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  861.679924][T11635] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  861.722304][T17811] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.3082'.
[  863.213352][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  863.236966][ T5939] usb 4-1: USB disconnect, device number 64
[  863.287327][T17460] veth0_vlan: entered promiscuous mode
[  863.365893][T17460] veth1_vlan: entered promiscuous mode
[  863.366744][   T30] audit: type=1400 audit(1753005414.511:1419): avc:  denied  { open } for  pid=17812 comm="syz.3.3085" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=62572 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  863.512652][T17460] veth0_macvtap: entered promiscuous mode
[  863.519209][T17460] veth1_macvtap: entered promiscuous mode
[  863.561014][T17460] batman_adv: batadv0: Interface activated: batadv_slave_0
[  863.583742][T17460] batman_adv: batadv0: Interface activated: batadv_slave_1
[  863.607244][T17460] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  863.607266][T17460] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  863.607281][T17460] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  863.607296][T17460] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  863.673417][   T10] usb 3-1: new low-speed USB device number 67 using dummy_hcd
[  863.737565][ T6694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  863.737585][ T6694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  863.795205][ T6708] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  863.795226][ T6708] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  864.611565][   T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  864.611596][   T10] usb 3-1: config 0 has no interface number 0
[  864.611632][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  864.611659][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  864.611697][   T10] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  864.611718][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  864.660007][   T10] usb 3-1: config 0 descriptor??
[  864.660734][T17816] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  864.668686][   T10] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  865.099517][   T10] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  865.953563][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  865.972010][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  865.997196][   T10] usb 5-1: New USB device found, idVendor=056a, idProduct=033b, bcdDevice= 0.00
[  866.059432][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.139591][  T117] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  866.155180][   T10] usb 5-1: config 0 descriptor??
[  866.607020][ T5885] usb 3-1: USB disconnect, device number 67
[  866.669245][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  866.789648][  T117] usb 1-1: Using ep0 maxpacket: 8
[  866.844077][  T117] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2
[  866.873697][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  866.889145][   T10] wacom 0003:056A:033B.002D: unknown main item tag 0x0
[  866.891469][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.960373][   T10] wacom 0003:056A:033B.002D: unbalanced delimiter at end of report description
[  867.004356][  T117] usb 1-1: Product: syz
[  867.126354][  T117] usb 1-1: Manufacturer: syz
[  867.140053][   T10] wacom 0003:056A:033B.002D: parse failed
[  867.149469][  T117] usb 1-1: SerialNumber: syz
[  867.155607][   T10] wacom 0003:056A:033B.002D: probe with driver wacom failed with error -22
[  867.669268][  T117] usb 1-1: config 0 descriptor??
[  867.829047][ T8819] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  867.989969][T16745] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  868.002015][T16745] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  868.010166][T16745] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  868.019962][T16745] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  868.027577][T16745] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  868.041273][ T6442] udevd[6442]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  868.138687][ T8819] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  868.232149][T17872] lo speed is unknown, defaulting to 1000
[  868.285140][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  868.316186][  T117] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  868.350526][  T117] gspca_sunplus: reg_w_riv err -71
[  868.357004][ T8819] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  868.370459][  T117] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  868.407869][  T117] usb 1-1: USB disconnect, device number 65
[  868.467569][T17872] lo speed is unknown, defaulting to 1000
[  868.548419][T17895] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3097'.
[  868.635684][ T8819] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  868.656557][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  868.780752][T17906] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3098'.
[  869.063469][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  869.254205][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  869.672616][T17927] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3103'.
[  869.682491][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  869.701318][ T1299] lec:lec_start_xmit: lec0:No lecd attached
[  869.741645][T17929] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3103'.
[  869.756168][ T5972] usb 5-1: USB disconnect, device number 56
[  869.980907][ T8819] bridge_slave_1: left allmulticast mode
[  869.992765][ T8819] bridge_slave_1: left promiscuous mode
[  870.016218][ T8819] bridge0: port 2(bridge_slave_1) entered disabled state
[  870.035971][ T8819] bridge_slave_0: left allmulticast mode
[  870.046335][ T8819] bridge_slave_0: left promiscuous mode
[  870.064800][ T8819] bridge0: port 1(bridge_slave_0) entered disabled state
[  870.080119][T16745] Bluetooth: hci1: command tx timeout
[  870.198267][T17940] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3104'.
[  870.215411][T17940] netlink: 'syz.4.3104': attribute type 4 has an invalid length.
[  870.512120][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  870.574170][T16745] Bluetooth: hci2: unexpected event for opcode 0x200d
[  872.045398][ T8819] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  872.056391][ T8819] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  872.067426][ T8819] bond0 (unregistering): Released all slaves
[  872.080833][T17872] chnl_net:caif_netlink_parms(): no params data found
[  872.160421][T17953] lo speed is unknown, defaulting to 1000
[  872.170502][T16745] Bluetooth: hci1: command tx timeout
[  872.284218][T17953] lo speed is unknown, defaulting to 1000
[  872.289999][ T8819] tipc: Disabling bearer <udp:syz2>
[  872.310838][ T8819] tipc: Left network mode
[  872.357198][T17968] lo speed is unknown, defaulting to 1000
[  872.363652][T17968] lo speed is unknown, defaulting to 1000
[  872.627872][T17974] netlink: 'syz.1.3110': attribute type 2 has an invalid length.
[  872.789018][T17872] bridge0: port 1(bridge_slave_0) entered blocking state
[  872.812893][T17872] bridge0: port 1(bridge_slave_0) entered disabled state
[  872.834481][T17872] bridge_slave_0: entered allmulticast mode
[  872.854173][T17872] bridge_slave_0: entered promiscuous mode
[  872.892820][T17968] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  872.912380][T17872] bridge0: port 2(bridge_slave_1) entered blocking state
[  872.929570][T17872] bridge0: port 2(bridge_slave_1) entered disabled state
[  872.979751][T17872] bridge_slave_1: entered allmulticast mode
[  873.014110][T17872] bridge_slave_1: entered promiscuous mode
[  873.020407][ T5939] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  873.142593][T17988] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60432 sclass=netlink_route_socket pid=17988 comm=syz.4.3113
[  873.179818][ T5939] usb 2-1: Using ep0 maxpacket: 16
[  873.212890][ T5939] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  873.245936][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  873.284947][ T5939] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  873.345845][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  873.356587][T17872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  873.382503][T17872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  873.721554][ T5939] usb 2-1: Product: syz
[  873.725761][ T5939] usb 2-1: Manufacturer: syz
[  873.732965][ T5939] usb 2-1: SerialNumber: syz
[  873.752398][ T5939] usb 2-1: config 0 descriptor??
[  873.772466][ T5939] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  873.793464][ T5939] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  873.901028][T17872] team0: Port device team_slave_0 added
[  873.917280][ T8819] hsr_slave_0: left promiscuous mode
[  873.928446][ T8819] hsr_slave_1: left promiscuous mode
[  873.938069][T18001] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=259 sclass=netlink_route_socket pid=18001 comm=syz.0.3115
[  873.951510][ T8819] batman_adv: batadv0: Removing interface: batadv_slave_1
[  873.969660][ T8819] pim6reg (unregistering): left allmulticast mode
[  874.239728][T16745] Bluetooth: hci1: command tx timeout
[  874.993771][ T5939] em28xx 2-1:0.0: unknown em28xx chip ID (159)
[  875.336689][ T5939] em28xx 2-1:0.0: Config register raw data: 0x9f
[  875.359616][    C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5660 ms
[  875.367650][    C1] lec:lec_tx_timeout: lec0
[  876.320903][T16745] Bluetooth: hci1: command tx timeout
[  876.365242][ T8819] team0 (unregistering): Port device team_slave_1 removed
[  876.399883][ T5939] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  876.407923][ T5939] em28xx 2-1:0.0: No AC97 audio processor
[  876.463866][ T5939] usb 2-1: USB disconnect, device number 62
[  876.483561][T18018] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (comedi_parport)
[  876.500795][ T5939] em28xx 2-1:0.0: Disconnecting em28xx
[  876.521572][ T5939] em28xx 2-1:0.0: Freeing device
[  876.573063][ T8819] team0 (unregistering): Port device team_slave_0 removed
[  876.926684][   T30] audit: type=1400 audit(1753005427.961:1420): avc:  denied  { getopt } for  pid=18017 comm="syz.4.3118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  877.698568][T17872] team0: Port device team_slave_1 added
[  877.995526][T18036] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3121'.
[  878.009702][T18036] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3121'.
[  878.217549][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  878.251825][T17872] batman_adv: batadv0: Adding interface: batadv_slave_0
[  878.264190][T17872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  878.290119][    C1] vkms_vblank_simulate: vblank timer overrun
[  878.311604][T17872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  878.634876][T17872] batman_adv: batadv0: Adding interface: batadv_slave_1
[  878.704649][T17872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  878.775229][T18051] random: crng reseeded on system resumption
[  878.869491][T17872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  878.884941][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  878.915083][ T8819] IPVS: stop unused estimator thread 0...
[  881.321710][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  881.380707][T17872] hsr_slave_0: entered promiscuous mode
[  881.387075][T17872] hsr_slave_1: entered promiscuous mode
[  881.474661][T17872] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  881.512796][T17872] Cannot create hsr debugfs directory
[  882.471591][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  885.644653][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  887.789561][ T5898] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  888.030258][T18147] netlink: 'syz.4.3148': attribute type 6 has an invalid length.
[  888.449459][ T5953] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  888.500890][ T5898] usb 3-1: Using ep0 maxpacket: 8
[  888.683622][ T5898] usb 3-1: config 244 has an invalid interface number: 228 but max is 0
[  889.077839][ T5953] usb 1-1: config 0 has no interfaces?
[  889.085726][ T5898] usb 3-1: config 244 has no interface number 0
[  889.123882][ T5898] usb 3-1: config 244 interface 228 altsetting 213 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  889.150025][ T5953] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  889.190943][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.198994][ T5898] usb 3-1: config 244 interface 228 has no altsetting 0
[  889.243990][ T5953] usb 1-1: Product: syz
[  889.246093][ T6442] udevd[6442]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  889.260078][ T5953] usb 1-1: Manufacturer: syz
[  889.278925][ T5898] usb 3-1: string descriptor 0 read error: -71
[  889.281394][ T5953] usb 1-1: SerialNumber: syz
[  889.306748][ T5898] usb 3-1: New USB device found, idVendor=0a46, idProduct=9601, bcdDevice=94.68
[  889.430001][ T5953] usb 1-1: config 0 descriptor??
[  889.449672][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.535069][T18167] netlink: 'syz.2.3151': attribute type 6 has an invalid length.
[  890.010698][ T5898] usb 3-1: Interface #228 referenced by multiple IADs
[  890.254829][ T5847] udevd[5847]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  890.268197][ T5898] usb 3-1: can't set config #244, error -71
[  890.310595][ T5898] usb 3-1: USB disconnect, device number 68
[  890.367170][T18174] netlink: 'syz.1.3152': attribute type 6 has an invalid length.
[  891.471280][T18182] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3154'.
[  891.586783][ T5953] usb 1-1: can't set config #0, error -71
[  891.623144][ T5953] usb 1-1: USB disconnect, device number 66
[  891.733335][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  891.746959][T18186] binder: 18185:18186 ioctl 4040aea0 2000000001c0 returned -22
[  891.747191][T17872] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  891.786344][T18192] syz.2.3158 (18192): drop_caches: 4
[  891.787014][T18186] binder: binder_mmap: 18185 200000ffd000-200001000000 bad vm_flags failed -1
[  891.809694][T17872] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  891.831054][T17872] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  892.222560][T17872] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  892.232705][T18199] random: crng reseeded on system resumption
[  892.457194][T18199] Restarting kernel threads ...
[  892.462435][T18199] Done restarting kernel threads.
[  892.484294][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  892.604071][ T5846] udevd[5846]: symlink '../../loop2' '/dev/disk/by-diskseq/87.tmp-b7:2' failed: Read-only file system
[  892.705630][T17872] 8021q: adding VLAN 0 to HW filter on device bond0
[  892.766791][T17872] 8021q: adding VLAN 0 to HW filter on device team0
[  892.790545][T15342] bridge0: port 1(bridge_slave_0) entered blocking state
[  892.797635][T15342] bridge0: port 1(bridge_slave_0) entered forwarding state
[  892.816075][ T8807] bridge0: port 2(bridge_slave_1) entered blocking state
[  892.823157][ T8807] bridge0: port 2(bridge_slave_1) entered forwarding state
[  892.849133][T17872] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe1ac: 0000 [#1] SMP KASAN NOPTI
[  892.861205][T17872] KASAN: probably user-memory-access in range [0x00000000ffff0d60-0x00000000ffff0d67]
[  892.870720][T17872] CPU: 0 UID: 0 PID: 17872 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  892.882928][T17872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  892.892958][T17872] RIP: 0010:____ip_mc_inc_group+0x128/0x10f0
[  892.898922][T17872] Code: 6e 7a b5 f7 8b 44 24 08 85 c0 0f 85 cd 01 00 00 e8 1d 7f b5 f7 4a 8d 1c eb 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 3b 0e 00 00 48 8b 1b 48 85 db 0f 84 38 02 00 00
[  892.900793][ T5953] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  892.918506][T17872] RSP: 0018:ffffc900041bef58 EFLAGS: 00010206
[  892.918528][T17872] RAX: dffffc0000000000 RBX: 00000000ffff0d60 RCX: ffffffff8a066b72
[  892.918538][T17872] RDX: 000000001fffe1ac RSI: ffffffff8a066993 RDI: 0000000000000001
[  892.918548][T17872] RBP: ffff888059b4c800 R08: 0000000000000001 R09: 0000000000000000
[  892.918559][T17872] R10: 0000000000000001 R11: 0000000000000001 R12: 00000000010000e0
[  892.918569][T17872] R13: 00000000000001ac R14: 1ffff92000837def R15: ffff88803405a418
[  892.971830][T17872] FS:  0000555567b1d500(0000) GS:ffff888124720000(0000) knlGS:0000000000000000
[  892.980736][T17872] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  892.987295][T17872] CR2: 00007fdf7bd9dfe0 CR3: 00000000633bf000 CR4: 00000000003526f0
[  892.995243][T17872] Call Trace:
[  892.998501][T17872]  <TASK>
[  893.001412][T17872]  ? __pfx_____ip_mc_inc_group+0x10/0x10
[  893.007025][T17872]  ? ib_device_get_by_netdev+0x1c2/0x520
[  893.012637][T17872]  ip_mc_up+0x154/0x3b0
[  893.016781][T17872]  inetdev_event+0xafb/0x18a0
[  893.021442][T17872]  ? ib_netdevice_event+0xfc/0x330
[  893.026529][T17872]  ? __pfx_inetdev_event+0x10/0x10
[  893.031638][T17872]  ? wext_netdev_notifier_call+0xe/0x20
[  893.037167][T17872]  ? cfg802154_netdev_notifier_call+0x391/0xa00
[  893.043385][T17872]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  893.049258][T17872]  notifier_call_chain+0xbc/0x410
[  893.054262][T17872]  ? __pfx_inetdev_event+0x10/0x10
[  893.059356][T17872]  call_netdevice_notifiers_info+0xbe/0x140
[  893.065238][T17872]  __dev_notify_flags+0x12c/0x2e0
[  893.070244][T17872]  ? __pfx___dev_notify_flags+0x10/0x10
[  893.075770][T17872]  ? __dev_change_flags+0x3d5/0x720
[  893.080941][T17872]  ? __pfx___dev_change_flags+0x10/0x10
[  893.086459][T17872]  ? do_setlink.constprop.0+0x788/0x4380
[  893.092071][T17872]  netif_change_flags+0x108/0x160
[  893.097078][T17872]  do_setlink.constprop.0+0xb53/0x4380
[  893.102523][T17872]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  893.108391][T17872]  ? stack_trace_save+0x8e/0xc0
[  893.113222][T17872]  ? __pfx_stack_trace_save+0x10/0x10
[  893.118582][T17872]  ? __lock_acquire+0xb8a/0x1c90
[  893.123505][T17872]  ? find_held_lock+0x2b/0x80
[  893.128182][T17872]  ? __mutex_trylock_common+0xe9/0x250
[  893.133623][T17872]  ? __pfx___mutex_trylock_common+0x10/0x10
[  893.139505][T17872]  ? __pfx___might_resched+0x10/0x10
[  893.144773][T17872]  ? rcu_is_watching+0x12/0xc0
[  893.149515][T17872]  ? trace_contention_end+0xdd/0x130
[  893.154772][T17872]  ? __mutex_lock+0x1ca/0xb90
[  893.159425][T17872]  ? rtnl_newlink+0x600/0x2000
[  893.164168][T17872]  ? netlink_ns_capable+0xfa/0x130
[  893.169256][T17872]  rtnl_newlink+0x1446/0x2000
[  893.173909][T17872]  ? __pfx_rtnl_newlink+0x10/0x10
[  893.178908][T17872]  ? find_held_lock+0x2b/0x80
[  893.183561][T17872]  ? avc_has_perm_noaudit+0x117/0x3b0
[  893.188913][T17872]  ? avc_has_perm_noaudit+0x149/0x3b0
[  893.194264][T17872]  ? cred_has_capability.isra.0+0x193/0x2f0
[  893.200133][T17872]  ? __lock_acquire+0x622/0x1c90
[  893.205068][T17872]  ? find_held_lock+0x2b/0x80
[  893.209728][T17872]  ? __pfx_rtnl_newlink+0x10/0x10
[  893.214727][T17872]  ? __pfx_rtnl_newlink+0x10/0x10
[  893.219728][T17872]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  893.224817][T17872]  ? __pfx_rtnl_newlink+0x10/0x10
[  893.229821][T17872]  rtnetlink_rcv_msg+0x95b/0xe90
[  893.234742][T17872]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  893.240182][T17872]  ? __lock_acquire+0x622/0x1c90
[  893.245098][T17872]  netlink_rcv_skb+0x158/0x420
[  893.249842][T17872]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  893.255274][T17872]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  893.260538][T17872]  ? netlink_deliver_tap+0x1ae/0xd30
[  893.265797][T17872]  ? is_vmalloc_addr+0x86/0xa0
[  893.270545][T17872]  netlink_unicast+0x58a/0x850
[  893.275284][T17872]  ? __pfx_netlink_unicast+0x10/0x10
[  893.280546][T17872]  netlink_sendmsg+0x8d1/0xdd0
[  893.285285][T17872]  ? __pfx_netlink_sendmsg+0x10/0x10
[  893.290547][T17872]  __sys_sendto+0x4a3/0x520
[  893.295027][T17872]  ? __pfx___sys_sendto+0x10/0x10
[  893.300047][T17872]  ? __pfx_fput_close_sync+0x10/0x10
[  893.305324][T17872]  ? dnotify_flush+0x79/0x4c0
[  893.309978][T17872]  __x64_sys_sendto+0xe0/0x1c0
[  893.314727][T17872]  ? do_syscall_64+0x91/0x4c0
[  893.319385][T17872]  ? lockdep_hardirqs_on+0x7c/0x110
[  893.324577][T17872]  do_syscall_64+0xcd/0x4c0
[  893.329057][T17872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.334926][T17872] RIP: 0033:0x7fc144f9083c
[  893.339327][T17872] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  893.358912][T17872] RSP: 002b:00007fff3cd4a060 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  893.367308][T17872] RAX: ffffffffffffffda RBX: 00007fc145ce4620 RCX: 00007fc144f9083c
[  893.375263][T17872] RDX: 000000000000002c RSI: 00007fc145ce4670 RDI: 0000000000000003
[  893.383217][T17872] RBP: 0000000000000000 R08: 00007fff3cd4a0b4 R09: 000000000000000c
[  893.391167][T17872] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  893.399125][T17872] R13: 0000000000000000 R14: 00007fc145ce4670 R15: 0000000000000000
[  893.407077][T17872]  </TASK>
[  893.410075][T17872] Modules linked in:
[  893.414018][    C0] vkms_vblank_simulate: vblank timer overrun
[  893.420589][T17872] ---[ end trace 0000000000000000 ]---
[  893.474409][T17872] RIP: 0010:____ip_mc_inc_group+0x128/0x10f0
[  893.480621][T17872] Code: 6e 7a b5 f7 8b 44 24 08 85 c0 0f 85 cd 01 00 00 e8 1d 7f b5 f7 4a 8d 1c eb 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 3b 0e 00 00 48 8b 1b 48 85 db 0f 84 38 02 00 00
[  893.510992][T17872] RSP: 0018:ffffc900041bef58 EFLAGS: 00010206
[  893.526495][T17872] RAX: dffffc0000000000 RBX: 00000000ffff0d60 RCX: ffffffff8a066b72
[  893.535126][ T5885] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  893.543249][T17872] RDX: 000000001fffe1ac RSI: ffffffff8a066993 RDI: 0000000000000001
[  893.552133][T17872] RBP: ffff888059b4c800 R08: 0000000000000001 R09: 0000000000000000
[  893.560792][T17872] R10: 0000000000000001 R11: 0000000000000001 R12: 00000000010000e0
[  893.570492][T17872] R13: 00000000000001ac R14: 1ffff92000837def R15: ffff88803405a418
[  893.578801][T17872] FS:  0000555567b1d500(0000) GS:ffff888124720000(0000) knlGS:0000000000000000
[  893.590061][T17872] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  893.598529][T17872] CR2: 00007fdf7bd9dfe0 CR3: 00000000633bf000 CR4: 00000000003526f0
[  893.607606][T17872] Kernel panic - not syncing: Fatal exception
[  893.613863][T17872] Kernel Offset: disabled
[  893.618166][T17872] Rebooting in 86400 seconds..