last executing test programs:

47.147571421s ago: executing program 1 (id=1006):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000300)=ANY=[@ANYRES8, @ANYRESOCT], 0x0, 0x8, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800"/16], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r3, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffb9, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r3, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x4, '\x00', r4, 0xffffffffffffffff, 0x2, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x7, 0x0, 0x0, 0x7fdfffff}]})
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r6 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000080)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYBLOB="00000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
openat$drirender128(0xffffff9c, &(0x7f0000000100), 0x2001, 0x0)

45.721280084s ago: executing program 1 (id=1011):
memfd_create(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = memfd_create(&(0x7f0000000080)='/dou!,\xd0W\xe4\x9b;6\xdc\xb6\f\x00\x00\x00\x00\x00\x00\x03\x87:\xbe\xf1\xe9\xdb\xae\xb0V\xf0!\xbdw\x1di\x04\xfd\xc5\xe1\xca\xc6jd\xfds\xcc\x96_\x13\xe7\xdb\xdd>\xcc\"3,\xc0l\x9a+tL\x92\xbbs\xd0q\xc9\xe2\xa8;\xd6\xb5P\x13\xb8?\xefZ\xcc\x84\xa1\xb4\xad\x848\a\xe2y\xb7\v\xd6v\x00\xe9\xe1\x814X\xa5\x85\x018\x82\xff\x01\x00\x00\x00\x86j\x83l\xe0\xd7\x8cEN\a\x00\x00\x00\x87z\xc3,\x99@\x8b\x7f\x1c\xb4\xa1\x811\xe2)(e:\xe3\xb6I\xaa\x9e\x8e\x0ep\xb4%\xcd\x8e\xb6\'\x8b$\xee\x8f\xdf\x12z\x99\x97\x03\x88m\b\xa4\xb2\xa9\x11g9\xd5\xbc\x1d2\xe1\xee\xde\xc6\xc2Q\xc3\x18\xc5`\xae\x00\x80a^\xbf\xb9\xeb\xc4\x191\xday\xfce\x84.\xb4\xb8(\x13\x8a\x9a+\xab_\xe3\xf5IQ\xa1msBG4\x98\xddm\xd5\x02\x87\xb8\x03\xb5\x03\xbaj\xe7~S\xd7\xeb-\x98\x1b\x8eq]\x16\x9b,lc\xbbS\xd5\x87[\xe7\xe0j\x1a{x\xe5\xd0\r\xb9?\xa4\x10\xdf3\xfa[c \x81\x13-4\xf2v\x80\x12\xea\xc1u\x01\x9bY\x91\xb6\xad\x8f\xb8\xc6\xfb\x91\x01#\xd7g<)\xc6!\xd0\x96#\xf9{\xd3o\xf1\xbdJwk\xe0\xbbL,\x19\x8c\xb7,Y\xb9\x8e\xe98\x1f3\xdfS\\\\{6\xbbH\x8a\x96]\xa6\x81!@\x1c\xcc\xb1\xb9\xd9,\xc0\xa1\xe8i\xe8\xbcvz\xc3\x90H\xdf\xf7W\x7f+\xca\x00\xfc\xed:\xf3\\\x0fVr\x9f=\xdf\xba\xdb\x16\x8bAy\xc6\xeb\xd1\x00\xea\xb8\xc0\xd1mj\xaa\xd5\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00~\xea\x03\x12\xa2q)\xa0kUJh\x8fy\x96\t\xb8\xa4\xdaW$WkL~\x95\x81l*\x872!\xc7\x18\x12\x8fL\x81\xe0\x069\\\x1b&\xca\x904(', 0x1)
fallocate(r0, 0x0, 0x0, 0x200401)
fallocate(r0, 0x0, 0xe8a, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001e00)={'vlan1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000006c0)={r2, 0x3, 0x6, @local}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x4)
write(r3, &(0x7f0000000040)="2700000014000707030e0200120f0a001100000007dd8378626c5e43c93e7b1e469e0000000000", 0x27)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
read$FUSE(r4, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
ioprio_set$pid(0x1, r5, 0x2004)
prctl$PR_SCHED_CORE(0x3e, 0x3, r5, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
openat$nvram(0xffffffffffffff9c, &(0x7f0000006bc0), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001080)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r8, @ANYRES32=r9, @ANYBLOB="05"], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000ffffffd40700002000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2681d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e6e83d15645aa818d92b21aa6459512f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa8666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e517232586872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000600001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736dd19363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419dfc75c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a0ea49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2ddf267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed186a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d36df524b760ab92efcce7dd1574a0730a9e015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbe4fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c63fb9450dd03985d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921bd4d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a980010000fdf278218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9d3696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f21d9d5bc27d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c30600a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86da86b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3d70001500e34ad2e1b2e64af4e37211b524e20f4ae1ba89a32bad2af9030f8add5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e90eb1fffffffffffffcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c2615318bf813e788c84409dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f11b615c87c441dc970ec896a5af6bf69b50a244bc138a1cae3d220bcff6bcb3058c6e0d1cc0da889710f33f5638f805ce602365492282863cc8092b16656dea03cd50182aabbac78a14506dcbf823bec4a5dad14c4d7353b6a55c28321647df3a85bf9fca4e18aeaf4867e6a3dbdd7a5dbe1a52bddae83fc368404a032b75649cf74d7af8e9e3e43fad643ad3e8575a2bb0507531eac5e10b631575f1360803c8f556e07f292ab66b9bcea0c2f09db289a5934a4f2f5fe5cfc52b270a4a5fa2a8de62dcaf7ef52f1fd84c55e6a0c5a365a3b4e73c4ac6fc26367f3f6c07b06a0874c039622ba2bd369b105f57099f742a000a36c2f044a5de24604f82a1f197d9a70b5a62f794f57ec02df70d459fedd6125ae41479a2661360a79e175f0add2820018d5985183ee80f681403a7d08e0e2b88d0750c90b7ed5fed6f81ce797f3b60445ce811d2b4e45005a5ea06c1fe927af06433cd3885dc954e698a7a73416c73bfab7773a6e5e14338797ce9148cda4c0bf05fb67915aeb3661e755e4e1a0ceedfe8e91ee5361ff4c7c07b422e1443a6616b6eb3c325d5687644a4c0a1d44d9dfd82896f56bdfa0790406984c123e1d37da4a9a9444485e9b1e3b6b548528989d2aecc1e7b6ee92ca19298801105ced8964e000000000000000000000000000000000000000000000000000000000003d1c031ee2fc25c7ad34283187545b1343f7ab862e66cf5bf4ba4dbf5fda31619c05ddb97199ad4d01471e9b3c7f485b1e74d0ed34201915e79d5ed229f0773ab6b38529c45b10d0796e005b6d663b942320339b9fe1d4e393b4bcb596898cde06955a345db3cb956b0e5da1c1dba7046f4d12fc65085302f333516804d9f"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20)
preadv(r8, &(0x7f00000006c0), 0x0, 0x233, 0x40009)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x10000, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

42.814921195s ago: executing program 1 (id=1018):
openat$tun(0xffffffffffffff9c, 0x0, 0x10400, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0x3e, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x4a, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x26, '\x00', r0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x658, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRESDEC=r1, @ANYRES32=0x0, @ANYRES32=r2, @ANYRES16=r2], 0x48)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, &(0x7f0000000080))
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r6, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
setsockopt$inet6_tcp_int(r6, 0x6, 0x8, &(0x7f0000000040)=0x3e, 0x4)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x2}, 0x1c)

41.401631358s ago: executing program 1 (id=1021):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r2, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x4, 0x10000})
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x2081c80, 0x0)
mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffffff, 0x0, 0x8001)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
syz_emit_ethernet(0xfc0, &(0x7f00000001c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0xfb2, 0x0, 0x0, 0x0, 0x84, 0x0, @empty, @broadcast}, "dd9dec79219eb549dbd024c796335bc5ff0e043319357749084ca9d0ae1378f4e88112a2f7c10fd1523b9007773fd2b2bd0ebabccd2e5c35fb3baff587585840f2530c6f4d025f118440ac22a8b34da7b5e1e873bd429686be3ef84439e05fc0fefedb8b897b09445a9e10cf24aec2ff3ca6a86d94df0c4a928ed904dcfb02e6c6c5918a839d33cb9b55dfb3cd89d80eb18dc06415d313b4ea240a65eff4b941ac018e8f81de044239960271333255291b5fbfdcf8db25e175640f36986b859aeb3370ca17e6a20aeeb5c5d27eb097fc1fab796a7ff8fcbe119bbe4be2c8a5c58890191c59bea20bfe4edf9c5453e59f610d3bd1d6eb49b02e464aee0480187c5717936add1347b08cdf5b056adb941708e8a0498900419e98b75658c6dd00f88eebf8c9aaee2e38c80eafcf6ca08ea305da9c7050948ef78a1457a2e933287fe8d2e100cb00078ed829985f8812d543cc5cdb71521f4113829551efe915e4d6773f2d285cc1e8813919356ca5ef202b0d2b8a3d7de51e4635e761ffd7efe5d51dd1325596f0e4e1c0b1ce73240cb931227892d66f3629c9d152372d5790c1c25e2f6f850a5eb83654f423b84adbbf4169d472b2cddaa7137ff14c2944ade3a57613806810707a2e6c078beb4b87cf8cf39c9950bcb3f9bb42308bd5e68d81f7f4d9e528541703059787f5e342be8ebb9841d587f7455b409115d511c130d9641fc74391228bda52d2fa58e2ca74b26583e73e2cfb881945d8ecbc77eb35e783057f6c35ba06b7f639ec516ee54bf3645f6ec436ba859e22ed480a862285aa21f3d5cd3734dde388a7f8920c4a6b4a952f830e0d2811f2f2714e660e961de0b3e0b8d5fd1007690a61e414e82245dbe4e47c73465ed40af1cee2eae4801ee408ad1fce81ff8db77082c5efd93fa9a1a3e3d78eff84f326df1c6fa656cc7d4dab842fe8e0d9ce47ad0a7e74dfe1a53776a346a22dc7a0e476754d385d99aa9cbd3f445ffb2ed61e01b28fc071d706ad204b1e8014481dba0cbc460b67e64d6e955184271cedef7f951021e3595ebe9c3384b53efafb67cbed2aa1ede5d7fcff3abd27d05766fb8894d7948609441759f4c4dfa33b6d486d4fb7e231f04d4f0f9e98f4b156129d9307fb9ebf3b278232062e7fe9ec2db7c4c991f83733368a107bf5798a1df45c919d71cce45ed907240c2f2fa6a4227e8e11cef2e7968c63e7a1adc3edec2170c17ed2cc54d0ea2b34e99b81015ffe51a501c2b73ddac5223e69d0dd451d358c0cd2ff7db256850ec1e9e349901f168d854284da68d80c68298a75c5d859008c82fe08b4cf2e68a2c0190760a03aff1be2c9425b6d5ef5c67bafb6d16fffeeb0211d90abbade4db9d6a9e9c981dde14c1d54e9138f9760bcdccbf17e7416042cfe7bbd8bba2f739f7f900ee45b965316b950e8474f3be92081fb63f43a4858b39e20e14d5a38c0973d680f2fda9e310d0e088523bdcbb728bcd0074447b4ace876da5642cd7d781cdb023a31446e0a0c59d5388674a5c8a97927e014a73d0330bd5c5187db79f1c546a8bcca008263509c23b246dea58fb36c44d373c1c92ffdd1600c27d4b10b3fc86b88ecefe8743bb59a6b8e443f06d2ae3a6908b6bc65b647deee13262225b8879dd79413ffa3d4aef91a0a04d4dc3030b5beb081c5fdf9152c3a17e6b24457fd580d84d3006af27ff44d6ec3664c4955a1d1dc5eb041682644ae564390a3d0aa602b2a18cdd3f8a1efff7b8f3afc31c283c9b74b806a98bd9f1ad8ecce410160c0a27f7ef90a2b0c1bea64e187adc04a04bff7c435659bc4c3ce5c2730e121972541062102e93d2a136e1aaaf3e25d547cad6e2b0874500fc098469494d2654808ee88588fd167f4332061a9b4cae6b22d87624e325e89a269f61ce0d26465ddfedc1f0fa2a5cf1ee7fe3e6cb375f1ff04cf8d22667debe574b8395023bde9a8302376af2e119c4c88433d1722011ade605f3a4201860742b0392ac96cc138d9ddb952f4e4742a7fd9d625465dac35347c1662b2085c357120c6ff69dedc013c5fe46555a4448b0be41e21ad73162bf9aa1cfb70f4702c7051c0a13fae918133f123d33c5c02e66ae8fceb3109b2e13a7a3e71484d59dfcba16db2d21549be1ba6cd5ad7610eefda427982384961f18bd6857ad97e868c2914d0ba934a296eda52646031c4504864061f3cba1df65cd04ef6b1050fb30b5abbbe28f8f7adb8073e452f4c0c5492a5f8d427ddf451ae303a86639e5dbccfe2b2bedb911d534a77c012e2f8a24917d98ab14557caf3e66040f21767685644f0003459762d4ab25a0e33a92b54748cf46a977505074b79b9b0746b2b5b168876a2ca10bb903edc1d1992a4a94c0ee0dd7b37add092163b5fbaf16090f8143187d060b19e3822f3def14717e41558f9582467a5a5f89148450fde235e7a5bb900e4e9d14e2147bfd2a52f84a115eb170bf3d3b9b3de9781960be4e53025c7dce005e1458140bb9cf9da8fa1124ac558fb220d57c23a7f120f5171eb2208d9e6ab7186ae457973da564f1fd45b241c15596035f55034c3995a587b4471068076839420df947f10ab2fc211732d768c135d63cc5eeda1bdfc780e7ed90855fa5a364e63f529703cd0f691b0b6a41232bfd1c1f61ef6b16ed3b9055ca888c8ebcd16a0623ede9e4e37b7d6175e3d0ddba8e7d87639eb8b0ba246131951a581575f1adf4c598a9f2f087d5eb2a0a5834d8cb12b0ad76d9381a838ccfbfcc20bbb970474c48677f10aa57be1d607d5b049d397178035f7f3393cd9000336c83218850ecd64142a22f7ae7e6a7e62013d6d105eb7c862e13979698681d44121ee9e2e552315d4d3913ff7bcd90d6bed72d50107a971a37d5a1d75efeebf03cc91239b7e427fba8df6b79674c15acd2093289fe6155063af81d85840abf4635f66083b3707d34b2149dfdf95cb4deb71e1574118c242b160c770347e6b1f135a985e89fe8e6d7f40281cfb6dc05cd8b9d4f6680c0863acb34516092acdf2bea67f54ab4282ba2d898287f34d9384e335b2ddbb87aaea8cadb8f0b397e99a68a7a214fae5a1f56c95bcd901534c23cd5cff3c168813d7fa1191dd7437c96b07324a7b21b48e205b859dcd080bd62ab7cca4bd7a73959218d0eeb21c887483201eaf3afb19efe1741b57332c5441685a7bb8324dde85faafc785312b58aabef2eef6a8048663bf13db9ae9edd4b1dcebc99890693f11b354b1f1aad19b66251b4bcaed0daed73b87dedd140fd680e7d3355362844d1d7ba2ae6be7ffae59d7b3c679b890448b0de1acf591abfe6f3096794b7e142e0ac0862ab8cb76eb79b17d1138be3747f907c3f11c636a0f0e0d315d1ff05aab0ce62fbac03a2b4ddeac7ee192bba2da93b7a926271f6d594aa14de2c294ad0c77770a624d1ce24cc8d8f5e9b629604fa7897f0cbd641f76a85dc8df33b5715eb100e30e53b85110d2252c22575a7365eb08006b4d62d305e780101965094ce2aaad170df470870e687fb280b772d41ad5d470b71e256af3a0d2c02df95821d38f28cdff26fa7a3f6e920edbd3174d2d2bde854ef68dae8a0a4a63753c825930903a2ca75d4321bad0ad9ff6852f94dd04972a45bb9625b3726dfbcc959e85242f0d327b181aee0fdab7af064dd97151b131a5c4a51a66692cbbd9f1348a16470cedef1b255e172cd2b15184177ad43744de941869af884ff8e59ef0e63ac5e1b99c851e0f915359ce12d9c380bb6f9c2bc773267157afeda7abcc120a31a1b72af6662bff7f5f194dad00b4ebfdcbb4dfc39854412db1ae99b449d741f841239159ea467cf1e38b95bcb7603ebcb400cb31410b2a4e25126caade0019bf667cc998bc4582578da0f8a6268f6d114ccf9dd8379995e8be1b934bb5645d72f97e05628129a7d2bc548e08796341f43dc3c9fcbe89d8284dc6633bee0d17e99f600425f0172b6bc478f5117dadf15e36e850ecc0ca75664ef8e4877a44b4ffa22a6f1d6719f8d81f9937928caa0690b77406a3298aaf446e2f78343267399bb7f64c60f82bf5d07210281eaad09a3810790720c98a041332c809be7aea1480b9e5eb989085c23b4aee75143068def3e89d1c417b63321e68d340a1472d2504088c17cd75de0e700508c55a7246ca9a762cc50ca35cbcaa7dcf4ae3264c32ff2cd67566ed501fb8182b5f16c58295783f3b2b554b06aae700f198c71ad7519868c1e6fbeb0246569b04beeb8b71bcbb9af93372bee365efb1d7424689e8241b1dc346a73a84b5773487f388356b8dbec1a108846e3f8dc74865b156e8ad18b353efc4ad0b11412a381fec8f5d45678b4f8b6805913e7aff71acf9052ae3b73e41e19668f9b53bfd75b778970831b6891a78ffe0d4863e62cbbf6cf8c085032864479cd3a250842984dcc2860f057f86c8e2d4d2afefb8a45b7d5b8c94e752f369a1b434c827cd26cd0276a8b40019a95ebe7c16de4c1ce8efbd5c70e0c507631818aa4fbc937d212e428aefa895069656babdbd921af974da32c49f4ca6d1e1e28319b427c8bad4d650809c673ec6073770b4097e5700a8071110fd07acbc5a59f8d7b0735a98fd40ce03718a9a93c035948859215c59f54343b08bfd95a35d73c5f09a9ebe63c509fe8443fa74e6efd0fd87defc7cb16725ce3c3d5f7664cfe253faf2cbeb307052dd2269b6266acdb31e2006b9355f673ca5c9cb907605ce071824254b139607a069531f9598f4040ddeb9cd018e9dfa1808032dfb65a4af0820da810a7b58fbb65ac8e65b017a40ec2d445a5c7b78d1f0e717b19427ef1fe6cc08c5e9da5a7d1d508fd939854589dcba8d75ff3d8d1c1fb28af1ed6900bcd4cedbe42fd6243c81264fe81be756bfd71ebcd4d96bd7ec50a676bc57e130bd8da21bb6e888eb6c8402516f6fe6dfe25be9a3e33f2cdbed9de00efb867cbe80ec2309458f41924b967d254166e5a0a5f776395214a67900d180704b9fb09f9c4c4c62fd382fcd5efe099e22d2c82f198a39d193f65b68e09454e2ab8f2d7413c64563742f1c34ca9285e501bff5efa30a0da946f875d23162eaa53c4008bed38e9a190b08ff8bfb6bfb91553c4c329fc73b8be308b00347dee2afdc08bab311c75386f452b706d1820c9038998924665010a548c09743a16167b0b09373b5cd2fb1da4f6c9ea5b1f1dd7775f6fcb23eab4fd1990364dacb2a1656b9bcf1c4866b7222872a3a3a03d397499222a3f31a35d3aeaf6a6d39f0fbee1e0f6e1e10ba0774f15f245d955cc8132d86c2d768f8a06274caa5a12c46e9e08ee556c1da49830f1e6c0a0c53a9ef1489c3fba0251c3e6839e891ac298108f3ed05066e48b8bda2c5f6e691c7a7425b7019e0a547f6560a0af41831a4a790c3a8eac9a3a9119da3eef85cb12f3f3115f04ae95534ac847b4ee2cc2fc43cdba382ecae7c4f499ce1be1ca1907313ff665c2fd7d4c8f36716f33b6861f5cf3f1c878feadfa9a664b8d629a16c750c466326a951efaa830e4f328270041f2ca0be49f0affe5806b94b027033f008957e83d167d6fe4168ec4fb79385cc06e257bba807ecfccaba56cf751dac996b7a347d36ec52b0f5d16425402416c735530bd7c545f8c753fb3b1054b82bc368ef4a"}}}}, 0x0)
unshare(0x2a020400)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000002140)={0x2020}, 0x2020)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001180), 0x2, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
fallocate(r6, 0x0, 0x0, 0x2000402)
lseek(r6, 0x0, 0x3)

34.267130246s ago: executing program 1 (id=1038):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r3, &(0x7f0000000040)=0x1f23, 0x12)

33.479021626s ago: executing program 1 (id=1043):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r3, 0x1, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xd)
r4 = syz_io_uring_setup(0x6215, &(0x7f0000000200)={0x0, 0x6964, 0x8402, 0x1, 0x1db}, &(0x7f0000000080), &(0x7f0000000440))
r5 = syz_io_uring_setup(0x56c1, &(0x7f00000003c0)={0x0, 0x0, 0x10100, 0x1, 0x1dc, 0x0, r4}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_ABSBIT(r8, 0x40045567, 0x4)
write$uinput_user_dev(r8, &(0x7f0000000580)={'syz0\x00', {0x6ec6, 0x6, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x4, 0xf5, 0x9, 0x39, 0x747d5a13, 0x2, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x8003, 0x6, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x623b, 0x0, 0x0, 0x1ff, 0x8000, 0xfffffffd, 0x3, 0xd, 0x4, 0xba51, 0x8da8, 0x2, 0x200, 0x4, 0x8, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0xffffffff, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x1], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0xc32, 0x6e, 0x9, 0xfffe, 0x400, 0x8001, 0x1, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0x4, 0x0, 0x1, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x7ff, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x7], [0x401, 0xc584, 0xffff, 0xcd2, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0xd, 0x9, 0xe8b, 0x5, 0x80000001, 0x7, 0x80d, 0x1000, 0x2, 0x10001, 0x1, 0xfffffff9, 0xe57, 0x10, 0xd841, 0x4, 0x4, 0x5, 0x5, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8003, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x9, 0x8, 0x10000, 0x5, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x1090, 0x7fff, 0x3, 0x4, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0x9, 0x401, 0x0, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x2, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x9, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10000004, 0x10004, 0x0, 0x4, 0x2, 0xfffffff8, 0x401, 0x1, 0x3ff, 0x200, 0x4edf, 0xfffffffd, 0x7, 0x14e2, 0x2, 0xe, 0x7f, 0x4000004, 0x6]}, 0x45c)
ioctl$UI_ABS_SETUP(r8, 0x401c5504, 0x0)
ioctl$UI_DEV_CREATE(r8, 0x5501)
read(r8, &(0x7f0000000100)=""/78, 0x4e)
openat$userio(0xffffffffffffff9c, &(0x7f0000000380), 0x10a80, 0x0)
readv(r8, &(0x7f0000001900)=[{0x0, 0xea}], 0x1)
write$input_event(r8, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f00000003c0)=@filter={'filter\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100, 0x20000130, 0x20000280], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000100000000000000000000000000000002000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffffffffff0000000000000000f0000000f0000000200100006c696d697400000000000000000000000000000000000000000000000000000020000000000000000000f4bd5979a5172e0700000000000000000000000000000000000000000000636c757374657200006db693c555d12b0101000000000000000000000000000010000000000000000000000000000000000000000000000041554449540000000000000000000000000000000000000000000000000000000800000000000000004493000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000000000000000766c616e3000000000000000000000006c6f0000000000000000000000000000726f736530000000000000000000000062726964676530000000000000000000ffffffffffff000000000000aaaaaaaaaa0000000000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800"/592]}, 0x2c8)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa1100"], 0x0)
r10 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r10, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r10, 0x8)
r11 = accept4(r10, 0x0, 0x0, 0x0)
setsockopt(r11, 0x84, 0x80, &(0x7f00000003c0)="1a00000002000100", 0x8)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0xff39)

32.78027333s ago: executing program 32 (id=1043):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r3, 0x1, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xd)
r4 = syz_io_uring_setup(0x6215, &(0x7f0000000200)={0x0, 0x6964, 0x8402, 0x1, 0x1db}, &(0x7f0000000080), &(0x7f0000000440))
r5 = syz_io_uring_setup(0x56c1, &(0x7f00000003c0)={0x0, 0x0, 0x10100, 0x1, 0x1dc, 0x0, r4}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_ABSBIT(r8, 0x40045567, 0x4)
write$uinput_user_dev(r8, &(0x7f0000000580)={'syz0\x00', {0x6ec6, 0x6, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x4, 0xf5, 0x9, 0x39, 0x747d5a13, 0x2, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x8003, 0x6, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x623b, 0x0, 0x0, 0x1ff, 0x8000, 0xfffffffd, 0x3, 0xd, 0x4, 0xba51, 0x8da8, 0x2, 0x200, 0x4, 0x8, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0xffffffff, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x1], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0xc32, 0x6e, 0x9, 0xfffe, 0x400, 0x8001, 0x1, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0x4, 0x0, 0x1, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x7ff, 0xffff, 0x6, 0x96, 0xfffffff9, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x7], [0x401, 0xc584, 0xffff, 0xcd2, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0xd, 0x9, 0xe8b, 0x5, 0x80000001, 0x7, 0x80d, 0x1000, 0x2, 0x10001, 0x1, 0xfffffff9, 0xe57, 0x10, 0xd841, 0x4, 0x4, 0x5, 0x5, 0x2, 0x5, 0x80, 0x9, 0x9, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8003, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x9, 0x8, 0x10000, 0x5, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x1090, 0x7fff, 0x3, 0x4, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0x9, 0x401, 0x0, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x2, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x9, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10000004, 0x10004, 0x0, 0x4, 0x2, 0xfffffff8, 0x401, 0x1, 0x3ff, 0x200, 0x4edf, 0xfffffffd, 0x7, 0x14e2, 0x2, 0xe, 0x7f, 0x4000004, 0x6]}, 0x45c)
ioctl$UI_ABS_SETUP(r8, 0x401c5504, 0x0)
ioctl$UI_DEV_CREATE(r8, 0x5501)
read(r8, &(0x7f0000000100)=""/78, 0x4e)
openat$userio(0xffffffffffffff9c, &(0x7f0000000380), 0x10a80, 0x0)
readv(r8, &(0x7f0000001900)=[{0x0, 0xea}], 0x1)
write$input_event(r8, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f00000003c0)=@filter={'filter\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100, 0x20000130, 0x20000280], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000100000000000000000000000000000002000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffffffffff0000000000000000f0000000f0000000200100006c696d697400000000000000000000000000000000000000000000000000000020000000000000000000f4bd5979a5172e0700000000000000000000000000000000000000000000636c757374657200006db693c555d12b0101000000000000000000000000000010000000000000000000000000000000000000000000000041554449540000000000000000000000000000000000000000000000000000000800000000000000004493000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000000000000000766c616e3000000000000000000000006c6f0000000000000000000000000000726f736530000000000000000000000062726964676530000000000000000000ffffffffffff000000000000aaaaaaaaaa0000000000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800"/592]}, 0x2c8)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa1100"], 0x0)
r10 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r10, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r10, 0x8)
r11 = accept4(r10, 0x0, 0x0, 0x0)
setsockopt(r11, 0x84, 0x80, &(0x7f00000003c0)="1a00000002000100", 0x8)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0xff39)

14.129987758s ago: executing program 4 (id=1088):
r0 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000480)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x77359400}})
io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE)
io_uring_enter(r0, 0x4866, 0x0, 0xb, 0x0, 0x0)

13.901738869s ago: executing program 4 (id=1089):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000140)='u', 0x1, 0x24000010, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(r0, r1, 0x0, 0x1000004)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

11.03291722s ago: executing program 4 (id=1091):
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0xc)
write$dsp(r0, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYBLOB="01000000000000000000037400062c000700737b7352656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a7330000800020000000000080007002609090914000600626f6ee4300000000001000000000000"], 0x78}, 0x1, 0xffffffff00000003}, 0x0)
read$dsp(r0, &(0x7f0000000480)=""/208, 0xd0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x1000400000, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000845, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x8)
bind$alg(r4, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a40)='H', 0x1}], 0x1}}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10122, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
mount$cgroup(0x0, 0x0, 0x0, 0x2088480, 0x0)
close(r5)

10.866600231s ago: executing program 2 (id=1092):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r2, 0x80184153, &(0x7f0000000540)={0x0, &(0x7f00000000c0)=[&(0x7f0000000340)="cc212e5f997b6e1b42c28a574bb075acc0dcaf1441f394df6eccbb403555dea8a6d1eca4cd5942dc838c1a4047410746fc6a335689f49764f9ea19b179e38f3af7318bfe24c4619ab2f9e899bf1a87e97ac7f307cb6b4f576a105ec27ef89a08ffc4cf0a462c1fa2243b67bd2e8eda405a25ff47b5a2466a8f140c8ee0d198713c3b5be4d8fb73aa327f7cf12e4b5b2b429dd0540107357b33e80522093d78b0476d661e6d20a73b90b56b59aa3892", 0x0, &(0x7f0000000400), 0x0]})
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f0000000a00)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54eae34f11a5a480d2115805745f8a2"], 0xb0)
r8 = eventfd2(0xe, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000700)=[&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x841e, r7, &(0x7f0000000640)="9405fa6580ffec79a5cdb4f978acb2a5af782b52ca4ffc9a2081ca4812cf8419daebcaed3de87e8522e0764f157d7ec41067cd4bd3ef0a629de1d905a204d0284c6728135f10ad7e71c68ec8", 0x4c, 0x7ff, 0x0, 0x2, r8}])
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB="2c009c1cb1906793ebb1b65c25b8c271ea5fcd58e15bc8d4ad630c5685eec6ec656854bd014c12b2e86986300f20f65a0c75428a"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)

10.304849245s ago: executing program 3 (id=1094):
unshare(0x8040080)

9.854360279s ago: executing program 3 (id=1096):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/tcp_syncookies\x00', 0x1, 0x0)
write$sysctl(r0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x50, 0x20}, {0x20, 0x0, 0x3, 0xfffff010}, {0x4, 0x4}]}, 0x10)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
shutdown(r1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_SIOCRTMSG(r4, 0x890d, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0x1, &(0x7f0000000080)=0x9, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200500000000c0a01010000000000000000070000000900020073797a31000000000900010073797a300000000024000380200000800800034000000002"], 0xe4}, 0x1, 0x0, 0x0, 0x8040}, 0x4000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r6 = memfd_create(&(0x7f0000000c40)='\x00\x00\x1a\x00\x00\x00z\x9b\xb2\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x99\xe5\x8f\xe2\xb6\xdc\n\xf5kWnr\x92G\xbd\b\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xc3_M\xbe\x19\xea#\xffWj\xdc\xd4\xb1\xcc\\\xa8N\x8c)[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xbfF}\xbd\x1c\xff\xff\xff\xff\xff\xff\xb5v*R?\xa0Y$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xe8\xd6\xae1\xc3\x9e\xec`\xf2\xd1BM\x10\xc6\xb4F\n\x10q\xde\v\xec\xa2\x92x\xe9\xf5\x1f\xc9hj\xc0\xe5\xce\xd1v\bez\"\xb1\xd3 \xbc\x9b\xe8\x86u\x0e\v\x17\x85\xb8\xdb2\x92\x00\x00\x00\x00\x00\x00\x00\x00\x80\x9c99\n|\xc1,\xd3\xedI\x11\xf9\xa6wN\xa3\xc9M\xe6\x92\xaf\xb2I\x16}\xae\xe8\xa8\xd7\xad\\\x84\v\fB\xe2d\x90\xdd\x90\x1e\x8c\xe4\xc70\x93\xc7\x8b\xec/a8\x95a\x8c?)\xa2\xf6~\xa7\xc3\xfc\x19\xa8\x98\x1f\x8d\x13\x00e;g]\x1c\x1d\xb0\xa0\x96\xac\x9f3\xe8\xa7R\x92\xe6\n\xdda\x86\xa8\x13\xf1\xccQa\xef\x94u\xed\x0fvq=|\xb0\xc2I/\\}\xf4\xb7\xda\xdds\xf3\xf9\f\xff\xcc\xf3\xa8\x02\xa9/\xfd\xcfn\x00\x84wa[,\xd8\xda\xd4h\xdd\xc4\x80\xb9_\x7f\xa1\x90H\x824Y\x89E', 0x7)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x8400, 0x0)
syz_clone(0xa0200800, 0x0, 0xff50, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)

8.986021926s ago: executing program 2 (id=1097):
openat$tun(0xffffffffffffff9c, 0x0, 0x10400, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0x3e, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x4a, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x26, '\x00', r0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x658, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRESDEC=r1, @ANYRES32=0x0, @ANYRES32=r2, @ANYRES16=r2], 0x48)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, &(0x7f0000000080))
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r6, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
setsockopt$inet6_tcp_int(r6, 0x6, 0x8, &(0x7f0000000040)=0x3e, 0x4)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x2}, 0x1c)

8.228434086s ago: executing program 3 (id=1098):
syz_open_dev$mouse(&(0x7f0000000080), 0x6, 0x600141)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES64=r0], &(0x7f0000000040)='GPL\x00', 0x0, 0x51, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="6600000000000000a1844f01d7e90f4d89d1f3e077a9868a8bdb6510da22df859a3e95c2b2f18fe6f8af438017d392eb69656964b8d2007e9851a4e5bb00d0f7c6324dcdea7d58d51ee6"], 0x8)
listen(0xffffffffffffffff, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000011140100000000000000000008004b0013000000080006000000000000004f0003000000"], 0x28}}, 0x40)
r4 = userfaultfd(0x801)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x84})
syz_usb_connect(0x2, 0x10c, &(0x7f00000003c0)={{0x12, 0x1, 0x310, 0x8a, 0x34, 0x28, 0x20, 0x1199, 0x9015, 0x532a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfa, 0x1, 0x3, 0x1, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0x2, 0x4, 0x79, 0x77, 0x67, 0x3, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x2d, 0x6, 0x3}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x200, 0x8, 0xce}]}], [{{0x9, 0x5, 0x0, 0x0, 0x7ff, 0x23, 0x9, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x6d, 0x7}, @generic={0x3d, 0x4, "d37377e0c4a331c64b0441ae9452303bee9d34ccdf5ec1bcabaf95c26fdea5939c30aa09ee8babb265fe8e19f301c7b2916d4e2b688591453a2855"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x10, 0x70, 0x3, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x6, 0x3}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0x7}]}}, {{0x9, 0x5, 0x0, 0x8, 0x10, 0x8, 0xce, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x34, 0x1}, @generic={0x54, 0x24, "9360da12085fa9f7f64bbd62b962b0240e56a37fdb45da34e1037ef189a3f5ff9c486a61fe38af43c5a8b9ff5a33c9e795dbd545ae47e63b17386bdf7deb0663c3f8fc1868a1b3e12359cefbbd01cd8e8cfe"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x400, 0x9, 0x8, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xf, 0x1}]}}]}}]}}]}}, &(0x7f0000000880)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0x9, 0x4, 0x7, 0x30, 0x6}, 0xca, &(0x7f0000000500)={0x5, 0xf, 0xca, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0x50, 0xcc, 0x6, 0xfffb, 0xa7}, @generic={0x2b, 0x10, 0x4, "b40d68254bc854eb412b284f9aa26dccd3bfc0cb56be70865dbac940861ec28e7dd282f8b683b691"}, @generic={0x89, 0x10, 0x2, "4c901ea822d1537b1c6bb0e215e1db8b16334595830a7eb3421040955da6620b9bc8926b302ec63384a22f4a871b8775d9e1a0328f919e9994265b9a49f3a00066a113790818ea749f1eee83346029328f6429bcc0d7a58237b924d1702f2d68179741518ba7a3489baafc4e655a0748833636e2e946e82c6631e8b9239f38b260df95569d18"}, @generic={0x6, 0x10, 0x1, "060fae"}]}, 0x6, [{0x89, &(0x7f0000000600)=@string={0x89, 0x3, "8e35189e4909397cbf30435978177e7890f3bdad701b45099436e24a4a25f9efbd57c02301ab5441b43ceae59b73ca2b1118c82af8e8f6a23657e080f7a70167e355147a5412d302969e3017949d549f1f1e0059390ac9b622aa919f01997b08e92c0c60f0075d580b446bffcdc93f5c429ec0dca96fb33c7dcbe36d68fb362eb9983d43d78ed8"}}, {0x1d, &(0x7f00000006c0)=@string={0x1d, 0x3, "56500631b16831a60aa21b0abd18fdd8bb98f915e2fc9bef169054"}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x416}}, {0x3b, &(0x7f0000000740)=@string={0x3b, 0x3, "f3cf529195b103bac85137885fbb6a50e4f8226437df1abb32592959094106817068679719e92cc34b6028e7667ce8f7e39037659dc5e6c56f"}}, {0x93, &(0x7f0000000780)=@string={0x93, 0x3, "009507e4c9dd7c6e337062ad24e29c5e684124fc4f89cddfee77530b66783e04e7ab67b8f13a265127efafc55aedc35abe27b8a9868c73372bcd6dd9d57f4e73662582b4efc6e6d45ca761c1b263807675f9484f2c61c3d8e644516b9d8ba17410a3f88a16a027fa58646b96300e9f2e6accc8680dd551d330e763725ec801dfe72583ae96fdc6e2d6d4102cbf03032d9e"}}, {0x4, &(0x7f0000000840)=@lang_id={0x4, 0x3, 0x140a}}]})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfecc)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRES8=r0], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r7}, 0x10)
r8 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x24c)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r8, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r10=>r9}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r6, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r10, {0x7}}, './file0\x00'})
pipe2(&(0x7f0000000040)={<r11=>0xffffffffffffffff}, 0x0)
landlock_restrict_self(r11, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r11, 0xc010640c, &(0x7f00000001c0)={0x6})

7.276899218s ago: executing program 4 (id=1099):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r3, &(0x7f0000000340)='\b', 0x1, 0x0, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0xf00)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25)

6.352796717s ago: executing program 5 (id=1100):
unshare(0x62040200)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000640)=ANY=[@ANYRES16, @ANYRES16=0x0, @ANYRESHEX, @ANYRESOCT, @ANYRESDEC=0x0, @ANYRESOCT, @ANYRESDEC], 0x0) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={'syz_tun\x00', {0x2, 0x0, @local}}) (async, rerun: 32)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, &(0x7f0000000040)=0x6185, 0x4) (async)
mkdir(&(0x7f0000000580)='./file0\x00', 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x20010, r1, 0x0) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f0000006480)=[{{&(0x7f00000004c0)=@sco={0x1f, @fixed}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000006c0)=""/133, 0x85}, {&(0x7f00000001c0)=""/9, 0x9}, {&(0x7f0000006740)=""/4096, 0x1000}, {&(0x7f0000000780)=""/131, 0x83}, {&(0x7f0000001340)=""/71, 0x47}], 0x5, &(0x7f0000000380)=""/43, 0x2b}}, {{&(0x7f0000000940)=@pppoe={0x18, 0x0, {0x0, @random}}, 0x80, &(0x7f0000001fc0)=[{&(0x7f0000000a40)=""/8, 0x8}, {&(0x7f0000000ac0)=""/136, 0x88}, {&(0x7f0000000f40)=""/56, 0x38}, {&(0x7f00000013c0)=""/254, 0xfe}, {&(0x7f0000001140)=""/72, 0x48}, {&(0x7f0000001d80)=""/124, 0x7c}, {&(0x7f0000001e00)=""/135, 0x87}, {&(0x7f0000001ec0)=""/206, 0xce}], 0x8, &(0x7f00000014c0)=""/159, 0x9f}, 0x8aeb}, {{&(0x7f0000002100)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f00000023c0)=[{&(0x7f0000000b80)}, {&(0x7f0000000840)=""/20, 0x14}, {&(0x7f00000021c0)=""/188, 0xbc}, {&(0x7f0000002280)=""/186, 0xba}, {&(0x7f0000002340)=""/97, 0x61}], 0x5}, 0x7}, {{0x0, 0x0, &(0x7f0000004900)=[{&(0x7f0000000540)=""/56, 0x38}, {&(0x7f0000002480)=""/246, 0xf6}, {&(0x7f0000000c80)=""/210, 0xd2}, {&(0x7f0000002680)=""/4096, 0x1000}, {&(0x7f0000001240)=""/195, 0xc3}, {&(0x7f0000003740)=""/196, 0xc4}, {&(0x7f0000003840)=""/167, 0xa7}, {&(0x7f0000007740)=""/4090, 0xffa}], 0x8}, 0x5}, {{&(0x7f0000004980)=@generic, 0x80, &(0x7f0000006600)=[{&(0x7f0000000c40)=""/55, 0x37}, {&(0x7f0000004a40)=""/58, 0x3a}, {&(0x7f0000004a80)=""/202, 0xca}, {&(0x7f0000004b80)=""/80, 0x50}, {&(0x7f0000004c00)=""/152, 0x98}, {&(0x7f0000000880)=""/59, 0x3b}, {&(0x7f0000004d00)=""/4096, 0x1000}, {&(0x7f0000005d00)=""/233, 0xe9}], 0x8}, 0x6}, {{&(0x7f0000005e80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000d80)=""/78, 0x4e}, {&(0x7f0000000e00)=""/152, 0x98}, {&(0x7f0000008740)=""/4111, 0x100f}, {&(0x7f0000000ec0)=""/104, 0x68}, {&(0x7f00000011c0)=""/90, 0x5a}, {&(0x7f0000000fc0)=""/254, 0xfe}], 0x6}, 0x3}], 0x6, 0x2, 0x0) (async)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r3, 0x80489439, &(0x7f00000003c0)) (async, rerun: 64)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000a1000000700000000000000", @ANYRES32, @ANYBLOB="0300000000f919f2011000"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x50) (rerun: 64)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10) (async)
finit_module(0xffffffffffffffff, 0x0, 0x3)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) (async)
mount(&(0x7f0000000100)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f00000005c0)='ntfs3\x00', 0x0, &(0x7f0000000340)) (async)
r7 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="020180ff0e000000000000000000000005000600000000000a00000000000000fc020000000000000000000000000000000000000000000005000500000000000a0000000000000000000000000000000000ffffffffffff0000000000000000020013"], 0x70}, 0x1, 0x7}, 0x0) (async)
write$selinux_attr(r7, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)

6.259059022s ago: executing program 4 (id=1101):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000140)='u', 0x1, 0x24000010, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(r0, r1, 0x0, 0x1000004)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.192904044s ago: executing program 2 (id=1102):
syz_clone(0x1a02000, &(0x7f0000000940)="1c130ef043a99eed11e98039f29d5ad1f8f81693aaa36f7c80eb2fbc933a6722b486b7e8915fd6fbdf5d42fac955d255abb2a74ea7f1556ae8566d3c43b0fc978a4b382f2f2b9cd9d710b3fc5185d4eb297799d5f5a857dd16d0a7ccd7e4c3a498ab16c68bf6bb5b43e0c784546bcb239992be968dd11174bc08eb535268012249334272f69055419c0c9ba5efc8086723b87ecae08ef25def7c917e6bd7073461429899bbdf5be22d8d19f8ea9203e9199e79411609939cef6705fb93b85533fb18a0a20618f5ce15da70a84fd3ce051473a0fc7e3658401133691342340ce594f57084fed72d29a06176b36e9ec330fddecbbcbd5bff8622de974b6c80664d77ee2bd06bd98f8826171709b1b5ef8a3d41ee14ba72f27d8c9f8c1ba13f2b98d7ad5ca7f177cc9e2d606374db1e099086e4694e1950554e003acc336c4c1181caf26521bbeb101714b61f9111520a24632a78bd77a901c9e199abeea3b05fbc62ff42787bb4eadff691de1d85b65a544dd8ca7f67d941640e48fa8b26df3eb80a1f25711a0348892f2e649351b22c57790076e6f81459dd66f4b8d42a71a03c3894daf6bd0bbc48aff5f9323a1f80b5014c1d47036fa6a2efd7f638b02093cdbe3bd29c82f3b4f2bd5bb295853260e59d707c7258fe368bc0e2180a3dd9feb79f7047bbd925c7177e0234e8df0983915d7cfca76e9fef7626612d3fc39ea89a1b275b1c0e632ecb2c7d7509001fe4df5e05bd8573a358fe06d0263dff1644cbf71ed65433f6ba959d88c80df80f5ab01942507bd02fb78849c8fa14bea467cf5ed6ee02a43367018fa68a282305a025b0d346b4ac195ad7fa83bb273b277b2737711bbb67169712b362d29d8cfd8257b57893ed1cea306aca254e7258edd90edb05c05bde3dd521c15142c4e0f835e96ab26ecd636f6e30df9c6aa8444d4ab7a3b230a51295ee31ee19f00a5afe5dc9b3d169cf9f14e8d21857c1d016fec319611812a83dbfcae982b75c4aa47c432c5f7dd25f6e936771fba9af04fd8755a918dfe27203ad40d3985c8708d2454121701e3a2849cc82b69310819fbfe63de4d3f615b787ca821c04405a17d2c687c13995697226a1001e32327909c15553dff8fea8c39d69716ed876797511ce1c593e981a558a8c37cbc8079c0b4105f5efa58ac74e52fe5857eac07b68b281d465ad2a92ac5ea3ba8ae026f2f7a88a521714dba4b18e3ca280ee128d6ddc2ab1b9682585d52d5a9323b23f7d74dcb795590512208564e8895dcb2d992a91617d5ff34553daac338bd55c8e85af10f179ffdcd0d329b9738782e7ff2e7bfa4e72ade11b70a84f135ed0ca990894bbb9bbbfc9f54ae48489f3de64f7754787705310f22c9779827f23d9327d42822ae2344d4c85eeec63b61d969f5f3d00b72adfceaa8ec5db875c8ba7c75131b17a728279b64a15f833061432ac8c42bcbe3f9c3e31f13d19272e6c71f4fb790b37659446fd0b31eb66da94bd7ae4c7ff3b213bf04f747100c2d4f53250f080b64e0f85bcc98653f47b51a3b5cdfdef7b14c496536ba23136ee41757fb917ff3f065a1cef8d0946a00f8c6fe6075630f2168c6ab11dd1611754e63aa85114508c8420f5a9d73f7ab9cce7ef31ac7b4c76843668af9c568df1b41b71d225c54158cef830db36e247f70e14351b7be6b6a9b4b0172ad322858043134a8206a32769a37675a91ffcd6d8bee72611339c3794913d1170385ce266cfb4f4be03b36acd34607f2e15b28775b757a0e52b7441237b5fcc9f00ba53515cd1e7fd330a07814e01e18281da34d770758e79c0b85b8bb0d73c354a1f1ab40d1bd92d8a6e5c58ba8159fd5643997bd8f218ef2850461e877b92f3c3cf6a9f7fcd4c8f6729e9c58790cb53cf32e674ad03a78e8fd8f852fc9031f5db04ae9dc1fd0836c54f9cae6251a96a498159b900715e79c0142fd2058e1c5585f67b6c420faba219815ff148696c62b0c595ff81c654121fca89615ba07a3441f295044503b3b83848868e7b79250d3963a5dfef0c725b92a12ef4d9a35ede05c88ea59bc89e16416ede5f3307c82b0577d413bce593399494100494542fdecfa5d20432520ad951b111144c2797168358e1464f5812bfec9dddfb2fb1c07274698d34a9432cfc73b1245114f45fa86fd3e30cc5e454cffc618602d0c0afc39df18383ebcf465813c94c17446c97052b94049e3d00fa3e25ffb5e3c90e924b29eebd1bfafccc4a6c6bd27001bcc9de79b2bccd569c64ebefa529a0f0665f75e2940e6dd138aa6fdfc08a72c57e09e740f0fce1a4d52fb4c3080b5beefe90da5c879a81e76de25275391f663899d41960b6e1e147d6cd2686e1809b13835abbd721c557d376f9a503a080d871e05d43ba95e61055e9b981b527c49a5212cc91af6b999321648b2c7392e0344ef693ebe74c699e320aafa66c7160f5eb9eb8e5fc678f29f9f68ee54de42194248afe061d495f9eeb2183b7549d27954ab4d6336c10499562c02b38842ef5abf4608df654bb609b49df5ea8e3295ad8022c1e32cbf45327200f665a7223ca2978456acfbf73c9416a12e179f54a5dde5455ddcf620efbd35332bffdf18fcce944493ca8feb16374739ae1f7bfad8e4dcfcd5bc999cc04189f3e9997f6f72678a2d2e8e14f166c7fe35fb16b273b4b3a4a01b354075aa509fd7e03ba222061c6dc48fce71ef5027373ff5c0ba2bb57a7e2ca8d98e8cb5660af9366354f70a6072cded729eebe96725b7a05897dfbf37c69a2d638476833a70d5d207ed052d626ecfc7d161309249a0580de4b40a264e6c36b4b18e163b9acaedeacc827cb63a85f570168aa916610f04e08adafd7467c359ebe40f9b24da5a29fd9bb00db2ca30e70c2109711f039a2d51cbddab222cf4f523e92bfe361fc63e8f5a017c1898de0ca5724aa9f07100cb348fbef83275f7ea72339759278fb9475eb332b065eaa06ec6c602843554a2b66f1ab9bce8bfc9a05bcb1118be60db79f9755a8e3ffa3422e76cb9d7dd8c9fcf30d95f97cf9f638519586d3d39a584f29b8c534745290a7e107dfe90bf9e20af7bc29b9d7032ad46f9325d5db11fd6f3f4ac876752b5863aba9064aa499adfc147f56db7910976d8b53b9befc2c68ab05e9e449086eb8fa728a1729444ad87d3d11e386dbadc5257cd7d99ead8a0c08e7d3538560099d809884abcec24501827c0433a9a866762cb913d88a6fe93a87e9f40c4e30b0b75d93e279d5e0c3a38e5b208fe3c5767fb5db02727b31a5129d2d018f50bbe771c5e23d26df29829307128f611277b6752c98af548c39c801069b9996df10184ce97dae4183d431641d172d40d0539ba95edd1fd97072d9b70a569e76d9917a7f5c27fb116c72262fec16487b7f02bc02cf616142bff1a4f8d8634e7fb9c4a6723ca22155fa9c15056a30a3ad0f9152a7e684b16aede5de4c15caf5aeb886c04874111891d7395084985137097605c2fb26bf7542d34fbd38eb95ac754d01f1b269566da3d02b7c0fc85d70111f9543b8baaec79171ce4e475681f73403e8a18a0d2164f5cea121fe0c64f3750fdd07eb670e306c772522f595e9b254a450af925403e2029721e244b58c73720741ac195a33cb2ae10987d101aedaf0e1b9ec627b32f2157ca0cbaa927c794231b5a2abdc11fa1e8a99d53172b4dab62d752016cc2d015ae6f24ab9500f49486e258c4deba8bda8f4d179d303f7d22d1bfdf6aa1a21edb6eb61ab7b8c26147928fc60c9d29ababbf4cd6e8918e2b65f3c08909ccc27860be1c701b1ac215e3d03e123251a60dc96e77298a97a5563cfb36d3b599352e4d9ad422f0ab20675907c44825b4d30c2291cbd4608242fa6dfec75a8042a9d8a12c0ac18ba2cf82ba5f247f82a04fedc40766b83cb398022a4857225ea99c28eb19c6bb1593f13aab10b071275f9a04739d1e09e913d562d6aeb3a366b9711157b1110d21f0914408dcdb4e81d1ea7bda1ffc3898e4a9e71bc7a76faa78ce54bf46e2ce1050e139261cb8e7f11df520c91c307acd39265d0ffa23b52224360bdc9e1cf9a58ad77e8845f94ec4ccfe0058bcad02dd2a3441b97791edde9e1ce219288b774082f2387b6f2917cac861c9468e7907349a98eb66534106e26ac0fc199e57761759ca743c8d7f37dbc347c7b1245aac9074c46b73e4d1b2e0ca2c8a15f6a19d6b6c0a79534224f179a36b22b554c87fa3a60517c4f21f7c4de8249412e9c43ed331e6caa25e2a87878668bdf4a0364a5f11d7a78e56999b935cd2554d6dc8b70edfcdd2d3136d8190b6e4a2c7b967bb7c62334c16337cc4f878611321e73226436e3745fa46fad365c2b0c53e8cbce49bdb5b68a8d8fbf6651738c4b8ecc7bd251ebbbb09152bd2eb4565476bcc3bd743886064796496d198c334448db32e505b93885dbdfdcaa26ba3174cd34ef04c52f4260cb8cd50e274050b1e29dacad14e25f16b723d82538381dadf8039c108976b70913686fdef4f7df79321008b33b06c623d0e71ad6bb4b37a72e4b33baa8d42a765e713ef8094aea35d762058f631917958e2663da691ab45f709631e4ecd9ad93d5b13119fa31bc246916b6f802866175caa54c82c196793d0436fc0acd0615d5cce72e7344459fec97c112041652127bb87bc78dbed395a9bc3c487534eb425fade19f7232ad5e5224dabec6856acc99c53da7ba279db7493b4fdcba2b896689544b1a18b260fab61e1494e38976b6e05c7cd588e96b5050ccc1f94f460cd10e5f360477a7c877e40513287416b34b31b8529d5ce2122d7a7d19bbd076430f66f0c71a1215bdcb46f0df45c123cf4482ed9940bd2b46e80d52e260363b5f81d0d3319ad2cdc41d68a2672f7d159889496bdff7eef0d44aeb0af617b587cd6c962272226df9ffacf5700f1bce13564b12fbbd052a45d82bf0c1a1323261075e332c084541c34ae9d5f2f94ea6ed1cfc3449c842aec5804e508c51a72a42ac1517daffb5baa96da53ad7eaad5e8069ad599da3dbab3078c11bfedc6cdb0c6298cab90596f699609c370927551f2bf593d894cf30b60d685f89a77061b900e6bb49e8e6356b99aae6f978d892c9ed4af610af37f4929019ecd900227939d5a6f02ec6c5158ebdb690a526a94d6a3c43e9fe3f960e1d831513a3609c8edf3a3ae80c94f01eede369246098f13c200759b86f0a5f74506f41ca1f2ebbae8f7fd885ce107d58a70f9fd2339c1e5d3287271a316225eec887231994256524a3b59c9ed0e0b54c107b231992c63cdb1d6fc0534775ff1d49272a7379295f14e0fd55b6169ed0cb2c6a958a0d8d6e4e4714c11d1557052d7d79e0f7e1d88e09d71ca426109db9a637a5a4fa80609505e23008cfe5fff4d57105e114d3860aa45632abe00bcadb9be5f51aae997e046bd0f524f827f11ddf00104ec00dce3a0b42f8d9896989c6e82ae8c98cc9a05e696440625b86ee3469f60112e7eb3075e35fcf031fc2f8ddaa38d73005839b12278f8be722a9a98d53d36253604ce16f1e82557fa296dfdf0940cae168377d1f62144a06d3ad4a3caa458a9bb360af74ab67a96de30cbb247727b16af7e933c39f370536b9e14be50542125fef9ef5956ea43f58357a67669c9691fe071fa74dd93b5701cd57237d112f23a99d96ab810d51607e26430f90113207f27063596f2137af42d7a4afdf8ef77253a3ddefeda48aa69592f046f1d8fa4297489949080c1e6fa5ee91ef95a8960cef8f0476784b8db09c9ef1582262cf70b1d685e3a1", 0x1000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)="dbc9d006e0be200a703ab036cdd75357242f365fa34afa24b2061ce0f95ef50ed331cc74aeab361a191b4788ab1055793585a4ef1264a74dbed5ded363c87d5cbd66d389dab1994c046007ee33f223b2dcaf4083ed34ff8a6973368e4a77e9583766109616a92a6b0fa8dfd863fa054fbc9480a743ef70942b38413e98b19f7e9243afb608419d43f70bacfc74ddf6647fa76074c2f9a30415474200abe72957751076841faba4a167bb362d1375400e6247426af59948093688e7a214")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f00000000c0)='.\x00', 0x5000009)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
read$usbfs(r1, &(0x7f0000000100)=""/129, 0x81)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000900)={'veth0_to_hsr\x00', &(0x7f0000000080)=@ethtool_cmd={0x3c415bbc85581fc0, 0xfffffffd, 0x8000, 0x41, 0x6, 0x3, 0x4, 0x8, 0x8, 0x2, 0x7, 0x40000061, 0x81c, 0x4, 0x3, 0x27, [0x8ff, 0xaee9]}})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

5.291510737s ago: executing program 2 (id=1103):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x2]}, 0x8)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x84)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000100)='cpu.pressure\x00', 0x2, 0x0)
syz_io_uring_setup(0xd3, &(0x7f0000000500)={0x0, 0x0, 0x1000, 0x0, 0xfffffffc}, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x100000001)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000030000d926ea3ff897f54aa27ed82057", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000000060010408000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0xb0df, 0x6d, &(0x7f0000000740)=""/109, 0x41100, 0x45, '\x00', 0x0, 0x17, r0, 0x8, &(0x7f00000002c0)={0x0, 0x5}, 0x8, 0x10, &(0x7f00000004c0)={0x2, 0x7, 0x1000, 0x2f3}, 0x10, 0x2d4d, r0, 0x8, 0x0, &(0x7f00000007c0)=[{0x0, 0x4, 0x1, 0xc}, {0x0, 0x5, 0x6}, {0x3, 0x1, 0xd, 0x3}, {0x1, 0x2, 0x6, 0x3}, {0x3, 0x1, 0xc, 0x6}, {0x1, 0x2, 0x5, 0x2}, {0x0, 0x2, 0xc, 0x2}, {0x1, 0x3, 0xa, 0x5}], 0x10, 0x401, @void, @value}, 0x94)
openat$dir(0xffffffffffffff9c, 0x0, 0x40000, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r4 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000300)=0xe)
write$binfmt_misc(r4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, 0x0, 0x0)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$netrom(r3, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
sendto$netrom(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0xffff0000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x0, 0xffff0000}, 0x48)
pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)

5.02306548s ago: executing program 0 (id=1104):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000140)={0x2, 0xca4, 0x3})
r1 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
read$hiddev(0xffffffffffffffff, &(0x7f0000000140)=""/231, 0xe7)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000001340))
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc9, 0x7f}}}, 0x7)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r4, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0xa888, 0x31}, 0x80, &(0x7f0000002540)=[{&(0x7f0000000100)="6200002f1eaf000000000000892f", 0xe}], 0x1}, 0x0)
r5 = creat(0x0, 0x0)
close(r5)
close(0xffffffffffffffff)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
r8 = socket(0x10, 0x80002, 0x0)
ioctl$SIOCPNDELRESOURCE(r5, 0x89ef, &(0x7f0000000040)=0x68a)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0xa1ff, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r7, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
r9 = epoll_create(0x1)
r10 = dup3(r1, r9, 0x0)
read$FUSE(r10, &(0x7f0000002900)={0x2020}, 0x2020)

5.015731874s ago: executing program 5 (id=1105):
openat$tun(0xffffffffffffff9c, 0x0, 0x10400, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000300), &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0x3e, &(0x7f0000000380), 0x0, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x4a, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x26, '\x00', r0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x658, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRESDEC=r1, @ANYRES32=0x0, @ANYRES32=r2, @ANYRES16=r2], 0x48)
ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, &(0x7f0000000080))
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x100025b4, @void, @value}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r5, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
setsockopt$inet6_tcp_int(r5, 0x6, 0x8, &(0x7f0000000040)=0x3e, 0x4)
add_key$user(0x0, &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)

4.219741819s ago: executing program 5 (id=1106):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050927bd7000fbdbdf259802000008000300"], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x800)

4.155694838s ago: executing program 0 (id=1107):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2a, 0x2001, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5, 0xd}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000002100010000000000000000000a"], 0x38}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 11)

4.081643419s ago: executing program 5 (id=1108):
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x24004805)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x3)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x4044000}, 0x8000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r4, &(0x7f0000000080), 0x76e5467)
getsockopt$inet6_tcp_buf(r4, 0x6, 0x1a, 0x0, &(0x7f00000001c0))
setrlimit(0x40000000000008, &(0x7f0000000000)={0x2, 0x8d96})
openat$kvm(0xffffffffffffff9c, 0x0, 0x840, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r5)
ioctl$SG_IO(r6, 0x2285, &(0x7f0000000200)={0x2e9c0bdd7f1b32c6, 0xfffffffffffffffb, 0x1000, 0x2, @buffer={0x0, 0x84, &(0x7f0000000300)=""/132}, &(0x7f0000000680)="6ecf8e7d3ab24a0a78ded14c3be9d8f69d2b6d24d80049c83391612598c9c5efebfb8b14fe3233d5fd928cd64b82055af48fce04699351f83428bc9f1687b9e0d98c9e02b56f4f371a34f3f65a5e9d61fac18b35d0fa30d477bdbb02cf25bc88aa0b3839caa9accdccae33dd7b12f4b0f9cc8413f3ca866c4823b86a75adc71cfd8a8d4df71574400dbdf124c579e24c0f14211c14d4f56d63d4c8ae7e9b800ddede5221f934a9dc6ad723007b2b58c2033a3b4c5483644823e705572078d7514ecad96fbb30a8655c896077380020ca11862b1c708aa281b82ca97d750d0985ac7aa955a747ae424f81f4241df1f18e93be80799b0fe4fe549d112ca0fc98163f5fb102acd8bc7cf4012647789f53950aea16cf78114db3f0e243e0167a65a988de7c237b929aa6c9dc38dee9e3c1b833fdd58a3f755b4b59efd4e962ad64d15353375ed8d2fda2eb823d90b76089d83f9c3eecf985b108ef93c84692b4b04f3a93642b8b608146c8148fcb0142c48fd42225fe27e5959ac60c05b0d8c591c8b44e714175c2ebf6c67aeace61b3506c089c657838dcdacf926c14b0d0460598ad1b9b6ece94ba07a34a30f6363e64abd287770bc3541864444a47827196a095b7e7b75f206c05f06b16115a7324c9aa6bc0d93c656166a90baee8ffe18c6d97ebbe79f06684e6d97f2219246ff18424787332a2e12ed00b6491fec1a5de959a196b649e363216c77de35515ec15a78223805ab3bdf0fd5f902e3c90b9e3484e8e5ddfa6bec88a6527a56ec042d75d5dea976624cf85e09dc2518c41e4f98e670988a5c01540017548790c449f278bd07be3593beb90d8b5b838d2c2decb65f8a7cd1a789e439029e6c0e0042f6bab4e7aa8b73d2bd528b4d82a3a2794c631b08b603724315bba922c53e35132de1f86588252dbd5c6bb201e831a01551b942af9a79e1be88714f40385636e0e6ea8005a38516b69fe6932c45f4c001cf3c60eb60ac141b47022e4137728c39565469a623cfbaa29a6d84e13248086083a40c634f80dd152daa27466fdd2ae78c4d87dac0cda8dc45cf249ad48d198c0f0ff6303cb942cd78a0b3ae3879179ecfda198d455b8b8219b7a3aaf823b768dc467f54dfcf016e366555ae8f1a67491daad5ad5ba794f3061494292d123e4cd4b5d0ad894ed0d6c7dc82f1fb775a933d5882126890240d0f93f561359a5ad40373dca2f2de50613a80dccb7df7f4a61316070e2bd9d928aecf7800b2aa1f67e9515332cf7cc32cfc67bf2901009230b557f65ad61ea77998ca61381003c45ff97b072d98fe02badd269a6a25c14d161dff3d3c6379397a0998f0388cbccf623bfbee393bf64ddccea453146532a4d42e1839b31dc09e826490ae9f118270088262efae9d47e716d149d9fc8fdf2e23a59a749629a7146ad2ca934e17bada3f57e5d8698477ba9227f649693de3e07d6249bd1eb7ad65781f0ee4f842b0a020f8d9358808bb4d825268be650c0ddae9b576ed2b627385578490f6108d1f08701ff7198184eaae0d4163ac965abf593d55270d57d0a37ce3c3c882cc01d791a88c970a18d8a283872e6c1bc3a686f92c3e8ba614b8ae0a3f611079efbf370392da980efcdc1645b5b15511e267aeae3cddbf2ffca921b9bb8af633e431c52ed1d9abd88ed5221ffb79b02ee8c8e45db6c8a672b5633cbccbb868822de751ef29dc7d79ba1e0b031db31c376c468cffc61ce0d398b4bfc90b2f49f1d5b817bbf1474910efb68003a43e1dc363cd56a5adea7ad867c3caf53382834bc22e3ff48fece83a0f001b55acdc121acba44e9bb129e7eb7bfeab2e5a78bb228f6e0de5afb9d3352dbacbb8bc7a3d501c7adef9f675628f6957c36dd7ffe749e0ad146e6e9db1ea3cac4f88a2f1abe765eda80694bda7c1da5f3dc6e3cc660e7113743b683d4b573a111370f5848766bb452976618296144f7464349d3ed21703f75dffd562ade085e3ba1c4094b6bf08fa1680113db0455a9471195bca558e3ef495eb82f2be5cb94b8a0871881df83f6b9c685c3a5bce312ef93f1f9f6f11548323c8613aa5597583b39df75c8533f025ec08024fe38ba593e733a1ed2b2cfa0655f4d9176023930587ecb572ee62f2d64a4861593da3f6fe6df99c7e9f45d37791a69f18e1a86165d675d26a2cfd71937b46027f2a24ad8839956f45dc5aa77863a0d7ad081127624c77fd0edbcf97c202e213b7e39642ee594e2d4d28cc71aefad77c6965011cb13eea3f21d9d3d9cfcb4803f9125813e3b0aa6b7d84e9ff10b7e76e7a8611565219cfeeea05cf4c6503f1adb1ea6a0ee7769b8ff4797fb97be55a7f3ac82e2d0ab1e69705fd372301c247a54c5fc942f9791190e19ac74c280296a0085731ca45427e5acf66ebd8fe5dd340aa00162d6cc87ddc3a1ada0a06fd34f4e3347496e3a2805d8bab32c7eb7c4ff6ece0ca02139df2ff07c664e327297ee29a4ed057cbd9ace506ff1d84a8a492d298376cdcb4cf3377abb6c2a4c7f52c121d21cc79191e59635cad881ec7c5587f359ba70bae22922e4aec5ad4c37295228ff8d432b88b57587b7d3891247829bdb870a0d5d73b479736f0a187af8e04295cd8c34cc2f1fd8c3b108c99c84498c1f731dcd4d7a6626cc26dac0209b45b24fc2321582f396d868d98508e3dbc79014656020ff18074389a0c952d4a4aa3ab80e70824ca902315bd4485fa8865ebdfd1ba2175e06899e67e5fddd4477020d567269c7582722c033cc8f0b4e42ea75457da2191080c364ab0cde80f5d39b6009bf13a2740ddbdf253a0d61f237d5ec78b0783e8fb284fcf3f92bf2a15db41b2a4cd66adbc2fde87b5c6df6f09b74abc92ef9974d8d525673a852e022a84378580e4f0a856cd40cb85a3e63e313051667ddb62eb72583df8d27df20b32802683248f012acf3c19feb37edc70c0db74d5060b9e6819ec3d347398673ef72951312dec13a65db3e0ba85a9f387d1e7ff5d66f0cfc1aacc9e7c2b80e4042b6ed3b1b3afa342bb4d88dc99bfef3f7d5fb6ca5f10d0a991b498a352d83fd8f1ee842619578d744c697d7314699467302c5e6b8f1729f67e18cd703e89c634e56fd24534e2d6d2a4da97bbb042399daf8f8429e7bf4a70363ced999816b8117cdb9d11ea692083bac7fb1040800a4d034ed767eaf5f0119dec5db27bc35a41f47dfc998fa9248eaae1bf55bc66c5c0fc5d809e026e005016cdc0b0128d03077190675303d4a9deb7473fe4de266e2c6ffdd4d19597125d60c4998ad65faded2b762544aaf262469df2b5c9a40535dd8782871373ee9124c8b23b11b5186203aa3fbe1f23e6536a41c6d13433912d0fe389fbe9788ab8c875812b9c61585ecb8d0e0a0c8f2379e8e0043feb19a39fbbc973ee194d5abb41655d7bc3b8e494b2b2127236c323438934f90d14109b6964412bac4ca6ba2d54af9400a473b5f133e53455bb345253fce87b950880cb138e898e31d98701b7ae8917375a296c544351fab4705d190769a993c36b21e8a4f5ddf5ecd377ec7912042f00952ce5bd5497b6ea585ef31acab1b0f21b0701cde2a7e05dce43b11f14f734c82db59a4b0d312d32e7c4aee392d232d0fd791331f73618e4bf2d3575a1eafd81f0b2c625bb56260e70d2cfbe632b2ec6ed2bac7ec16a8a4da04c2eeb6d7eddc1e56c532f4bb8c9352bd0da8c4d449749e0d894876bbaf4ec50febd6b3c4f672e1bc961a357942b1f7cde69230f95b64cb13057868ffbee6477d7e21efc311dfd02591baed24bf00702a85e857a8d7f4c2f328555558e26e78842619b6d75723d80bc87da608da25cca28ba607b18904e965e674dc32bd491bcbc04140eb976e7b08974cf3efd6d4fe5893a4472fc01e3c11a089bc1a308c503812dc2a92e4237163361b196d4521bf63b0550b58b719214feb14ced80e622697f78f998d38f2130a4cd36a3528a2582a12a93c3ff9ef0887fef37fa8cc5472a970f1f19dfbfdc79143124bec2c33acf184db92079d60dd270bd1338fa3d9df966c2e14c4f88d132b085ee734f5713cd5970bd864f2e237e5c22142ba939674799e13aa31b15475c6ddb9bf8fc1247f025a89c22737f5c0c42278e035578fca503f0c693d42f312300de34b20621231f7a3a38aceef6e791078ef93664c3037ae139734e3cb8910147a4890f854c460b6e95cbdd2446b66121d997cdea798bd544d182d60c442cbfeead32cad125d110e035ed0402e9620154292088b2db768d40347ba9c077d59cb5aebb4dd4154f9836d4a707923b6647b1acc602b280aeb2b0585a00599c2615caeff52221d6a166bbd375d2046887b1fbb84bb0218463bc9468c92ceb26f919e4c43289e541459433ae78c8ad931b0e51b926f2a4af96b2bb916fbd5f7a6b3ab83e11aaffd495ecec819da30d41a3d8447e789653ad25678e7895a4cb174bd908972f5548ec112be67d840ce5fc02c06fafd2c211e0d16525ab5a871005600ec277d2d43953e9cf74b263e1b2ab0c6ccf8fafaf3c43d17f4e55a7a77aa0dc43f436daa20f99fed4557d86c7d576997995cf0043f4719d44c8c9c20b4452627fc2c5312be8f9e66a3e77e1189c58f56d07653d2ea945adb902ff222e120ffbcb1d030b6c88b9ee1edbc5bf09290ca718220af43974cbad81f9d2321c79cfbc12df8c0d43a51f4ad77d20d37290a822848d18b310f6b3935d6adfd22f58fc190126caf7391d6179ece6d8dbc53ecef803128085d582ba54d6b20647971ae4b95e6013500b54b0a5c1b81c46eb3ee18f69ebf51b9291124e0565d62a61223e7248957b11cb10892fd682223c8533bbafcbc83081bc1a9006b82af59753ccb26516f1945e95854cbff9b2decbc45d2dd7e0cbd5a0dd11c74d5092660ea37a93edbce2bdf2ff0650112afffbebe6d5ae2f2866085283eb66d188c58020a1dd2cd3075531c80c663c61c2fd64ec458aa05ea49750c886a4d5aefa6b051bc537cd7c064b4c27435fdc5517f34b9c1114f9a0f35a0639603f8c34df584f13fbb1ba0deebcbb1a8975bad71c27c5af66633020ddfc6749f7bd30e49fb8f006efb6cd580121bfe38446d7d4738357d3e518cafd7d2a4753aa0493feca1162829c3d046bbda1cdce69fad2528bab690dd9c2713c6b0b2616128c0373662a121ca07755075a59e1174d69327909d8dbb82ec9b9e07e00d13b435f7435c43f5b4f17bc2cd5948ffaba76fd50244a5693ce34f6d7b0c6d01886f3452c0f6b8b129c1b3ec858802edd8090a1a7a439e230190bf52e6c222b5b54569c3bb7af939590b70e218737cf855d9b6ffc82b806499d069ddfed42a727f3d9ed37a1976e47ec0c4afaaf211c7a34f1ea8ea513bccef6de60443a4b85fafb5397215b937d9ae316c1f14d952a24b838fa2e608a4cdf06f9725b23a3bdbcff0f0b130f9fd5f9d0f3b8c5aff3a32d9332f1a3ab23079a089338bc3a6f766eee9cc9e480d772a575f5e514861a8035b3dc63e2b2da8fd06bbba8e41c9db89607332598644c6ded7577998e940bf70879cb31c6daf0870d84bd48a9d984630cf21e010c9fe3e9ab0b111ae2bb0738f81a58b4d9612cad0b207de6b42fe81515d04d314226e6409e3ae919a03620ea3013ebb3eaedb777d20dcb0cce3244754a6011b2ffad0a100c914b4a777701ad4d2674dfcc0249c1d01ac462aded4f685131682b76a4bdbd9d9d59b902f6ded705bd89269d2164663a1c492a12eb7b06cd4746c927ef4789bb7261624df11d0988ea01a3a85c4b8f6971c", &(0x7f00000000c0)=""/18, 0x0, 0x10, 0x3, &(0x7f0000000100)})
socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})

4.023450051s ago: executing program 0 (id=1109):
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885, 0x0, 0x0, 0x28e}, &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000280)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x170, 0x150, 0x150, 0x170, 0x0, 0x260, 0x238, 0x206, 0x260, 0x238, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x128, 0x170, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'dummy0\x00', {0x0, 0x0, 0x100, 0x0, 0x0, 0xfffff7f7, 0x7}}}, @common=@inet=@ecn={{0x28}, {0x11}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x0, 0x0, {0x2}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_CLOSE={0x13, 0x64})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'\x00', 0x52d35ce30131f272})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000240)=@assoc_value={r7, 0x8001}, &(0x7f00000001c0)=0x1e)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8})
r9 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FBIO_WAITFORVSYNC(r9, 0x4601, 0x20000000)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r8, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x11, 0xffffffffffffffff, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000e4ca00000000000000004ec8d7167e3bc1f47fe982e8d8ae200d4819caccfe1f3ed798feca4c9693c44ea2987609d5b77f9366f257deebbed23bf7e3a769d9785cd296b602ad664b080a096dd1e7073dd20302611f5d353908078cdbe31e4737f8e73fc74284da53b5063129e30a8a555c6fa070d0da1166a90ae6d7acfb6ace767377cf1ccf1c8dd38dfe6ea19657b8afcafbfcf090b7858d9179164d60adff5fa93005fc25729eaf817093cc368be6c0f97c5265cb7ad50e59eda5", @ANYRES32=0x0, @ANYBLOB='\x00'/27], 0x48)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1, 0x21, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000f50000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRESDEC=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r11, 0xfca804a0, 0x7c, 0x0, &(0x7f0000000340)="000000000000000089806d39318abedf7e61bf08bcb73e6762343e2691e5c2956c5e6083242de8e6496303167dd58d3878488b9c8abf2e883a6d8d2e3e4f6d9fb262ff6985d6c3b2e2800a5327df5209e734aefb404dbbec7973e4b7a6a46ce9b0c56807213817b963f8e9d30a0c28b28204a9140c8bf4f85855a020", &(0x7f0000000300), 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x3ff}, 0x50)

3.290192712s ago: executing program 0 (id=1110):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TLS_TX(r3, 0x11e, 0x1, &(0x7f0000000540)=@gcm_256={{}, "dd1f67eeaee232bc", "33dcff273dcda64434083fc81269ec10a61ee1d936119116fc6dfa718b8b5f9a", "15f71a38", "56544408ce8ac9f0"}, 0x38)
listen(r3, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='udf\x00', 0x208000, 0x0)

2.303013189s ago: executing program 3 (id=1111):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x40, 0x0)
close(0xffffffffffffffff)
socket$caif_stream(0x25, 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
landlock_create_ruleset(&(0x7f0000000340)={0x0, 0x2, 0x1}, 0x18, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES64=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000004c0)={0x0, 0x13, &(0x7f0000000480)={&(0x7f0000000640)={0xd8, 0x1403, 0x6c08c44bda12f87d, 0x70bd2a, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_1\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gretap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'netpci0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_bridge\x00'}}]}, 0xd8}}, 0x0)
ioctl$VIDIOC_G_MODULATOR(r0, 0xc0445636, &(0x7f0000000040)={0x0, "dc705c80497b95065963bacfbc1261678aa94b7325543d4aa489d7de614d485d", 0x1000, 0xd, 0xb0cc, 0x0, 0x5})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000047c0000040000000c00018006000600894f"], 0x528}}, 0xc000)
r7 = socket$alg(0x26, 0x5, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r8, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x104, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'veth0_vlan\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x4}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0xff14)
bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(cast5)\x00'}, 0x58)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd32", 0xb)

2.297486123s ago: executing program 4 (id=1112):
openat$tun(0xffffffffffffff9c, 0x0, 0x10400, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000040)=[0x0, 0x0], ""/16, <r0=>0x0, 0x0, 0x0, 0x0, 0x6, 0x6, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r1=>0x0, 0x3e, &(0x7f0000000380)=[{}], 0x8, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x4a, 0x8, 0x8, &(0x7f0000000500)}}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x26, '\x00', r0, @fallback=0x3f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x658, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRESDEC=r1, @ANYRES32=0x0, @ANYRES32=r2, @ANYRES16=r2], 0x48)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETKEYCODE(r3, 0x4b4d, &(0x7f0000000280))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, &(0x7f0000000080))
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r6, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
setsockopt$inet6_tcp_int(r6, 0x6, 0x8, &(0x7f0000000040)=0x3e, 0x4)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x2}, 0x1c)

2.173130732s ago: executing program 2 (id=1113):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x66b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001ac0), 0xa000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r4, 0xc018937d, &(0x7f0000001b00)={{0x1, 0x1, 0x18, r3, {0x10001}}, './file0\x00'})
sendmmsg(r2, &(0x7f0000001a40)=[{{&(0x7f0000000180)=@in6={0xa, 0x4e22, 0x1000, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x5}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000480)="6f42029dbeaf937b55542a08b4c60e439732c4ca1a4ad79fc135482b9d5b2d29159d99091bc56fd5bc3bf9a15cbe403f1a9c07cd0d917ff4521ad38a08c81b6bb50ace43fdf6e758e067d613c888a9adcaf1dd54ba5f2eb64dca8b6c5bc099ac1e151076d1646b4e4f97e30161da4203b52829b876aca7a148e0858be14a55ca42629e56fa52eb4ed94969804156b584b8aba9d3ad6995bd307b2014e265e18f9bc9a77b2b4a8acf6c8e584c2ac073", 0xaf}, {&(0x7f0000001b40)="fb0e0aff10b620e66f4532bc7cf88ca8a51c796896c219b8d823f738e7384d13d43bc1027fb834883e5ea8ccffe654ae86f3911f7b4598b26b00d6f91f4a86bbd1d6af9e900f7529391a9b9facb2400a04a3792f35cc59baee37c04b67738e1148c169c3ea2e2df7710e7955175d824d6dc491089be9bda6cb0561fb962fb9900c96dd8be69aa5a6c99f6f8979ada25dd5d2fe4ce6855019760925bdb7c3e1e214eddaad43", 0xa5}], 0x2}}, {{&(0x7f0000000640)=@can, 0x80, &(0x7f00000007c0)=[{&(0x7f00000006c0)="51b57ea3978cf2834440", 0xa}, {&(0x7f0000000700)="f08ed8bd3e8d29ddeb15f7a14b4c4371dc6d27e606fad6a8c1fac56709eb1b36fe1406d3122a27be234acb37281aa81f28f95423d181f180b12c2e8e6b103779821e9425e4be78efac73ecacb79041981c055590e08b203cd2e5f5cf7e72", 0x5e}], 0x2, &(0x7f0000000800)=[{0x580, 0x1, 0x800000, "2a4ef1d1fa86c3d5c7c17c225d67cf391d8a9bf5de9e0d5fb9f21ecb3b3ea96bd970090e263df2c88ee1fde6d1266eec4d3384530a61c5ae06ef9ecfb99a7c45dd4ff24c524000f6336353d25819c0196447fa384ea6e996869c569051e9234c77a02f9e29765e1107371ae1bfb6b33178bb09affbe4654a43966de74ad9910296de71502f17598356f05b633328fd08f1bbbbbf04c11781e23403471179334d7832b0d3b312f3a09611683e9b3ae42aea135af2dc7885b56961bcff43ad02272b825fd776ec620492f56082d0adf88f0a58d692c926a31554243dba341df036bbc6fb804934efc4022968e86b32f743a85dae6e1e39a1d8de909b393b7bfd635f669c6bbca32cdf450b7a111d4ad2a019bb2e7df23759a9ca9640ee03bba533d7935693c2acfb90fd00e5d9332996f7bd3c817e8f8bb45285038b2a00dcf32141ebecf6b464b0d30ffc310f38c148d2aa05a45c96be71ff589de897aa594e126845515d84acdf2480c9993691f0c3ac01d7417800d289fa763b9c4079b2e49c2e10f493c60b5a4473e916edc8f0092eb4d82c0ed6f615f07d6e5a3c630225d07418c19f3fd75e85aa7b14dff108d877f9c9ee62a0bc7e40fed205198fd11c6f790901a8799bd5817da9e2f622bcca33f61edca532ad5bcd0fdcb17e591be7f168e748aacf9dc54d68fbf31db818dc98f98c8becff2c5141c41a2b1c6f6e12b9e91c969067e11ebe545cb7ea4bd3cec284a9b4aae2ab3e80f37b99b72d402d4470b1afac5f0cc516dd99af28e12570981c2db5cc5f3de3edd0cbc2f9a77d7dd1d5aa69396e3b3cb682af078da545a834d8ed2fa1771fbd0e9790d9e4c5d38573209cd79fe35a9439c1d4bf45ff7a926c9d033b2ffb920c99179f94d4753a5b9d1c0ae667b5f29b18dc73216e66e79f31cfb364fef58cba613412b9cf884436e67ea6247f4ed7ec4854d041b256241c89176f510f45296de421010c65c914544f18296718d9fece867818b3c5cf4203942a83b9fc8ddfe51917ea912cd0b3bf6112676e0cbc8b31b1bd6a3fe5a75624d9ac23a74d6ce71ea7816c430597ec6555caa95f3efef2cde8522d58c7575399fdcc430e7208ec968720105bfb984efbf945e4802a9644afd17554fd696526cf389c464378d203221a3b1a54e446d25c2b5e18aefe004e01e51738b42e2c9fc1262e841987720f141a471de84208a2a9089b7558ec44a4fe021911a2f62e98749f2f4e1ac9d63c035ed001c3c201a4ad6afff396fedbf6230999fc78c8fd0c3218d99d8976f36a45211c679e224a5a08e01cbcaa1863a55fc95d6522f190d116e1ec2203bb3ec0d645e63c68ec0ca53684cf68ccd6bb254deeaeba389d568dc1552759a268eb63f944c114592c78b3df32a41f177f08e82459032dd8591cdae2733a3f764502d27cae2017a7a2e7cc2699f26ec3e724ca6dc823964b340d6f645f1eb90cfffb7d33cbbb5746e89873c31306ceec880ede6e143102067db76282f1172289b3d8f211bfad26d356854c173820e4f1121597518a152f380cfd226a55b8ea04ad2a528fc6ff4355239c3f58aa43c514806991cd6876ff083416d6652db14f1f3a978324f27eb3c9d0365cdce450defa79d69b53e0f8802aa4e8713cca98b4c0f63bbfe4f3d55cf620457bdd08c243d7f7b12f21c7d023f54367f28fe1ce4c5d213820b4f65a3749e7c51644367ec4c1e615d2f99719a68267669f11d4870a98c868c8bf648d438eadd8b12ade600dc1575b867bd5b7e383c01417e4aee5081e0c0bc249586bbcfc619d53c160195ebec51cef1bd07f61cafdc603553e08437e091091af8fca30fc144962bf7d8886d2e5fdca04abe46e1d162b9c07ee96c0ca7a67f4f885ffc32ed73177c49559862e453e09a4cf29ed0b7aadaa26c45cc7315efa343fd2f75834cff9637735fe172802a0f73be1f3580aac77353c"}, {0x90, 0x118, 0x1, "5572ca766636faf903ebbfca590747467013a9ff203310ded7791482a8b06e612febeb7ce620567cc92bda25dbdb43e5ac7a8ea11c2bba527f9ecc32e5d3168192866eea5d300088cdef76d9547e081e5d9ef80916462d4aa5366c20d6397d001bcbef3e7a328478ae57570f80053c8af13a918d448a283b6faf5e"}], 0x610}}], 0x2, 0x10)
bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r5}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r5, &(0x7f00000021c0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0xeea390, 0xfffe}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105ab68e0bcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdc18de673e1ca7b188ee34b14f37f86ddcf97fef0b913c33cf8e5d5d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x100000000404, 0x0, 0xc, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
readlink(&(0x7f0000000040)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000080)=""/167, 0xa7)
read$FUSE(0xffffffffffffffff, &(0x7f0000004280)={0x2020}, 0x2020)
readlink(&(0x7f0000000140)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000400)=""/69, 0x45)

1.145206301s ago: executing program 2 (id=1114):
r0 = socket$inet(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x7}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
lsm_get_self_attr(0x1, 0x0, &(0x7f0000002e80), 0x1)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x4000}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000002000)={[{0x0}]}, 0x1}, 0x1)
r4 = socket(0x12, 0x3, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000003c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r4, 0x0, 0x0, 0x0, 0x200440c0, 0x1})
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x1)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r6, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
sendmsg$unix(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_enable(r7, 0x0, 0x2b)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'nicvf0\x00', <r8=>0x0})
bpf$TOKEN_CREATE(0x24, &(0x7f00000008c0)={0x0, r5}, 0x8)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x3, 0x13, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ba20007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095000000000000000000"], &(0x7f0000000740)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8, @sched_cls=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff8d, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r10}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\b\x00\x00', &(0x7f0000000300)=""/8, 0x6c00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xfe, 0x85, 0x71, 0x8, 0xb48, 0x3007, 0x4f64, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x38, 0x0, 0x0, 0x23, 0x52, 0x26}}]}}]}}, 0x0)

1.107041581s ago: executing program 3 (id=1115):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x40000042, 0x0)
ioctl$FS_IOC_GETFSLABEL(r3, 0x81009431, &(0x7f00000003c0))
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4, &(0x7f0000000200)={[{@verity_on}, {@uuid_off}, {@uuid_on}]})
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffffff, &(0x7f0000000340)='./bus\x00', 0x0, 0x409)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0xb, 0x9, 0x0, @local}, 0x10)
sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r6, 0x13)
waitid(0x0, r6, 0x0, 0x40000002, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000007"], 0x14}, 0x1, 0x0, 0x0, 0x24006018}, 0x40044)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_MGMT_C_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000005400)={&(0x7f0000005340)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="df25010000001400fc010000000000000000000000000000140101002d2b5e5d1b212b265d2b2f2fa22a230008000757622a95ff84c3000a01010208000800640101000800020005000000"], 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x4010)
sendmsg$NLBL_MGMT_C_REMOVE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="08010000", @ANYRES16=0x0, @ANYBLOB="00012bbd7000ffdbdf250200000008000400000000001400060000000000000000000000ffffac1e000108000c00020000000d0001002f6465762f6662300000000008000c00000000009f0001002d6b2c5b242b2b2d2924003f0eef49c8fea41cdf36fe058eefd0f0ec11f8a9eb06e26bbf647629a3bea4172df868d4c8cfc00c47a2485570ad91f88964374417d37502a2d0f6cb62aa2506553c807f5f358934e2a67296bd76009f81cdf7a23790c012a29e41f6cd5d1bac226075b3825d23d4effbac51854e63f36f47a9230de1358ec33bc2d5c84414909db101000000000000004652955478ea00080008000a010100080007006401010208000700ac1414aada425d8dddaa24ae64632499f5b131c42cc490f51756719351962cc8e433de6936219800ebb009b707b68af0c5d7ae5dee9b9a57a161785a11e6631daa81ec2a7e75"], 0x108}, 0x1, 0x0, 0x0, 0x80}, 0x1)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

177.506656ms ago: executing program 0 (id=1116):
openat$fb0(0xffffff9c, &(0x7f00000001c0), 0x80080, 0x0)
socket$netlink(0x10, 0x3, 0xc)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x8, 0x8, 0x34324152, 0x0, 0x1, [{0x0, 0x2fd5}, {0x10}, {}, {}, {0x0, 0x8}, {}, {0xfffffffd}, {0x400000}], 0x0, 0x4, 0x0, 0x0, 0x4}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x17, 0x0, 0x1f5c, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'ip6tnl0\x00', 0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/13, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0x7, 0x0, r3, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000340), 0xffff, r4}, 0x38)

177.146915ms ago: executing program 3 (id=1117):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x100, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000280)='\x00'})
r5 = socket(0xa, 0x3, 0x3a)
r6 = socket$netlink(0x10, 0x3, 0x5)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r7=>0x0})
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000040)={0x1, 0x0, 0x5, r7, 0xffffff8f}, 0xc)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000640)={0x5, 0xe, 0x9, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00464b4, &(0x7f0000000680)={r8})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x5}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @exit, @map_fd={0x18, 0x8, 0x1, 0x0, r3}]}, &(0x7f0000000140)='syzkaller\x00', 0x8001, 0x9a, &(0x7f00000004c0)=""/154, 0x41100, 0x40, '\x00', r7, 0x0, r2, 0x8, &(0x7f00000002c0)={0x0, 0x3}, 0x8, 0x10, &(0x7f0000000300)={0x1, 0xe, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000380)=[r3], &(0x7f0000000400)=[{0x2, 0x5, 0xc, 0x2}, {0x3, 0x3, 0x2, 0xb}, {0x2, 0x1, 0xd, 0x9}, {0x0, 0x2, 0xc, 0xb}, {0x3, 0x3, 0x3}], 0x10, 0x5f, @void, @value}, 0x94)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r4, 0x40046208, 0x0)

109.812069ms ago: executing program 5 (id=1118):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="050927bd7000fbdbdf259802000008000300"], 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x800)

573.6µs ago: executing program 0 (id=1119):
syz_usb_connect$uac1(0x0, 0xb4, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r1, r2, 0x25, 0x2, @val=@perf_event={0xff}}, 0x18)
syz_emit_ethernet(0x11dc0, &(0x7f0000000200)=ANY=[], 0x0)

0s ago: executing program 5 (id=1120):
socket(0x1e, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x7)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x90)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x20000004, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0x20ff, 0x5, 0x100, 0xd615, 0x9, 0xe8f, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
sendmsg$IEEE802154_ASSOCIATE_REQ(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x30, r5, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x19}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xaaa2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
sendmsg$nl_route_sched(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000004140)=@newchain={0x24, 0x64, 0x1}, 0x24}}, 0x0)

kernel console output (not intermixed with test programs):

x600
[  375.760012][ T9286]  mmu_topup_memory_caches+0x22/0xd0
[  375.765362][ T9286]  kvm_mmu_load+0xda/0x21f0
[  375.769886][ T9286]  ? mark_held_locks+0x9f/0xe0
[  375.774666][ T9286]  ? kvm_apic_has_interrupt+0xb6/0x190
[  375.780137][ T9286]  ? __pfx_kvm_apic_has_interrupt+0x10/0x10
[  375.786045][ T9286]  ? __pfx_vmx_flush_tlb_guest+0x10/0x10
[  375.791686][ T9286]  ? __pfx_kvm_mmu_load+0x10/0x10
[  375.796727][ T9286]  ? kvm_cpu_has_injectable_intr+0x9b/0x1a0
[  375.802639][ T9286]  ? kvm_check_and_inject_events+0x725/0x12e0
[  375.808728][ T9286]  ? kvm_setup_guest_pvclock+0x721/0x730
[  375.814389][ T9286]  vcpu_run+0x33a4/0x4f50
[  375.818741][ T9286]  ? __pfx_vmx_vcpu_load_vmcs+0x10/0x10
[  375.824316][ T9286]  ? __pfx_vcpu_run+0x10/0x10
[  375.829011][ T9286]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  375.834660][ T9286]  ? rcu_is_watching+0x12/0xc0
[  375.839437][ T9286]  ? trace_lock_acquire+0x14e/0x1f0
[  375.844656][ T9286]  ? __local_bh_enable_ip+0xa4/0x120
[  375.849959][ T9286]  ? lockdep_hardirqs_on+0x7c/0x110
[  375.855171][ T9286]  ? kvm_arch_vcpu_ioctl_run+0x150/0x1740
[  375.860916][ T9286]  ? kvm_arch_vcpu_ioctl_run+0x44a/0x1740
[  375.866650][ T9286]  kvm_arch_vcpu_ioctl_run+0x44a/0x1740
[  375.872223][ T9286]  kvm_vcpu_ioctl+0x6ce/0x1520
[  375.876994][ T9286]  ? do_vfs_ioctl+0x513/0x1990
[  375.881779][ T9286]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  375.886993][ T9286]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  375.893518][ T9286]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  375.900387][ T9286]  ? __pfx_lock_release+0x10/0x10
[  375.905461][ T9286]  ? selinux_file_ioctl+0x180/0x270
[  375.910674][ T9286]  ? selinux_file_ioctl+0xb4/0x270
[  375.915805][ T9286]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  375.921017][ T9286]  __x64_sys_ioctl+0x190/0x200
[  375.925813][ T9286]  do_syscall_64+0xcd/0x250
[  375.930338][ T9286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.936247][ T9286] RIP: 0033:0x7f80cb585d29
[  375.940669][ T9286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.960285][ T9286] RSP: 002b:00007f80c93b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  375.968713][ T9286] RAX: ffffffffffffffda RBX: 00007f80cb776160 RCX: 00007f80cb585d29
[  375.976692][ T9286] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  375.984669][ T9286] RBP: 00007f80c93b4090 R08: 0000000000000000 R09: 0000000000000000
[  375.992643][ T9286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  376.000623][ T9286] R13: 0000000000000001 R14: 00007f80cb776160 R15: 00007ffe4decf698
[  376.008613][ T9286]  </TASK>
[  376.056647][   T29] audit: type=1326 audit(1737362519.114:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  376.110583][   T29] audit: type=1326 audit(1737362519.114:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  376.159304][   T29] audit: type=1326 audit(1737362519.114:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  376.393680][   T29] audit: type=1326 audit(1737362519.124:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  376.524761][ T9298] netlink: 12 bytes leftover after parsing attributes in process `syz.0.642'.
[  376.605689][ T9298] netlink: 'syz.0.642': attribute type 12 has an invalid length.
[  377.066571][   T29] audit: type=1326 audit(1737362519.124:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  377.190118][   T29] audit: type=1326 audit(1737362519.124:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  377.281023][   T29] audit: type=1326 audit(1737362519.124:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9274 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f761ed85d29 code=0x7ffc0000
[  377.520097][ T9310] netlink: 248 bytes leftover after parsing attributes in process `syz.4.646'.
[  378.531968][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  378.539627][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  379.175489][ T9309] syz.3.644 (9309): drop_caches: 2
[  381.304425][ T9348] netlink: 12 bytes leftover after parsing attributes in process `syz.1.651'.
[  381.348790][ T9348] netlink: 'syz.1.651': attribute type 12 has an invalid length.
[  381.751228][   T29] kauditd_printk_skb: 13 callbacks suppressed
[  381.751243][   T29] audit: type=1400 audit(1737362525.774:798): avc:  denied  { append } for  pid=9349 comm="syz.3.653" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  381.849327][   T29] audit: type=1400 audit(1737362525.874:799): avc:  denied  { setattr } for  pid=9349 comm="syz.3.653" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  381.917876][   T29] audit: type=1400 audit(1737362525.944:800): avc:  denied  { bind } for  pid=9351 comm="syz.1.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  382.088892][   T29] audit: type=1400 audit(1737362526.094:801): avc:  denied  { getopt } for  pid=9351 comm="syz.1.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  382.118704][ T9350] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  382.184122][ T9358] netlink: 80 bytes leftover after parsing attributes in process `syz.3.653'.
[  382.319445][ T9362] fuse: Bad value for 'fd'
[  383.471472][ T9386] netlink: 12 bytes leftover after parsing attributes in process `syz.0.661'.
[  383.555588][ T9386] netlink: 'syz.0.661': attribute type 12 has an invalid length.
[  384.486749][ T9389] netlink: 224 bytes leftover after parsing attributes in process `syz.2.659'.
[  384.496127][ T9389] netlink: 20 bytes leftover after parsing attributes in process `syz.2.659'.
[  384.676370][ T5906] libceph: connect (1)[c::]:6789 error -101
[  384.704736][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  384.834493][ T9396] ceph: No mds server is up or the cluster is laggy
[  385.070466][ T9393] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=6 sclass=netlink_xfrm_socket pid=9393 comm=syz.0.662
[  386.381994][ T9415] netlink: 12 bytes leftover after parsing attributes in process `syz.1.665'.
[  386.468766][ T9416] netlink: 'syz.1.665': attribute type 12 has an invalid length.
[  387.959390][   T29] audit: type=1400 audit(1737362531.974:802): avc:  denied  { bind } for  pid=9419 comm="syz.2.667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  388.858933][ T9433] xt_TPROXY: Can be used only with -p tcp or -p udp
[  389.076405][ T9437] xt_TPROXY: Can be used only with -p tcp or -p udp
[  389.115664][ T9439] FAULT_INJECTION: forcing a failure.
[  389.115664][ T9439] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  389.137978][ T9439] CPU: 0 UID: 0 PID: 9439 Comm: syz.2.670 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  389.148603][ T9439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  389.158639][ T9439] Call Trace:
[  389.161907][ T9439]  <TASK>
[  389.164821][ T9439]  dump_stack_lvl+0x16c/0x1f0
[  389.169485][ T9439]  should_fail_ex+0x497/0x5b0
[  389.174152][ T9439]  _copy_to_user+0x32/0xd0
[  389.178548][ T9439]  simple_read_from_buffer+0xd0/0x160
[  389.183916][ T9439]  proc_fail_nth_read+0x198/0x270
[  389.188926][ T9439]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  389.194459][ T9439]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  389.199993][ T9439]  vfs_read+0x1df/0xbe0
[  389.204141][ T9439]  ? __fget_files+0x1fc/0x3a0
[  389.208805][ T9439]  ? __pfx___mutex_lock+0x10/0x10
[  389.213815][ T9439]  ? __pfx_vfs_read+0x10/0x10
[  389.218495][ T9439]  ? __fget_files+0x206/0x3a0
[  389.223159][ T9439]  ksys_read+0x12b/0x250
[  389.227387][ T9439]  ? __pfx_ksys_read+0x10/0x10
[  389.232141][ T9439]  do_syscall_64+0xcd/0x250
[  389.236637][ T9439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.242533][ T9439] RIP: 0033:0x7f61f2b8473c
[  389.246944][ T9439] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  389.266534][ T9439] RSP: 002b:00007f61f3972030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  389.274947][ T9439] RAX: ffffffffffffffda RBX: 00007f61f2d75fa0 RCX: 00007f61f2b8473c
[  389.282909][ T9439] RDX: 000000000000000f RSI: 00007f61f39720a0 RDI: 0000000000000004
[  389.290874][ T9439] RBP: 00007f61f3972090 R08: 0000000000000000 R09: 0000000000000000
[  389.298825][ T9439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.306777][ T9439] R13: 0000000000000000 R14: 00007f61f2d75fa0 R15: 00007ffc19880618
[  389.314739][ T9439]  </TASK>
[  389.450166][    T8] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  389.460290][  T117] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  389.627681][    T8] usb 5-1: config 0 has an invalid interface number: 56 but max is 0
[  389.647089][  T117] usb 4-1: config 0 has an invalid interface number: 56 but max is 0
[  389.665544][    T8] usb 5-1: config 0 has no interface number 0
[  389.675649][  T117] usb 4-1: config 0 has no interface number 0
[  389.685897][    T8] usb 5-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  389.698606][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.707448][    T8] usb 5-1: Product: syz
[  389.711942][  T117] usb 4-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  389.721339][  T117] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.729338][  T117] usb 4-1: Product: syz
[  389.735593][    T8] usb 5-1: Manufacturer: syz
[  389.740422][    T8] usb 5-1: SerialNumber: syz
[  389.748122][  T117] usb 4-1: Manufacturer: syz
[  389.753629][    T8] usb 5-1: config 0 descriptor??
[  389.758843][  T117] usb 4-1: SerialNumber: syz
[  389.765176][    T8] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  389.773745][    T8] pctv452e: pctv452e_power_ctrl: 1
[  389.773745][    T8] 
[  389.781542][  T117] usb 4-1: config 0 descriptor??
[  389.790952][    T8] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  389.790952][    T8] 
[  389.805886][    T8] dvb-usb: bulk message failed: -22 (5/0)
[  389.821087][  T117] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  389.829222][  T117] pctv452e: pctv452e_power_ctrl: 1
[  389.829222][  T117] 
[  389.842175][  T117] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  389.842175][  T117] 
[  389.854369][    T8] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  389.865305][  T117] dvb-usb: bulk message failed: -22 (5/0)
[  389.871813][    T8] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  389.882095][  T117] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  389.901781][  T117] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  390.465822][ T5906] usb 4-1: USB disconnect, device number 12
[  390.559652][  T117] usb 5-1: USB disconnect, device number 16
[  390.587712][ T9448] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  390.620151][ T9448] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  390.628976][ T9448] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  390.640212][ T9448] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  390.669839][ T9448] geneve2: entered promiscuous mode
[  390.684757][ T9448] geneve2: entered allmulticast mode
[  391.350324][   T29] audit: type=1400 audit(1737362535.374:803): avc:  denied  { ioctl } for  pid=9467 comm="syz.3.676" path="socket:[21330]" dev="sockfs" ino=21330 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  391.415211][ T9474] netlink: 12 bytes leftover after parsing attributes in process `syz.1.673'.
[  391.435857][ T9474] netlink: 'syz.1.673': attribute type 12 has an invalid length.
[  391.584840][ T9484] FAULT_INJECTION: forcing a failure.
[  391.584840][ T9484] name failslab, interval 1, probability 0, space 0, times 0
[  391.607952][ T9484] CPU: 0 UID: 0 PID: 9484 Comm: syz.3.680 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  391.618574][ T9484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  391.628638][ T9484] Call Trace:
[  391.631918][ T9484]  <TASK>
[  391.634849][ T9484]  dump_stack_lvl+0x16c/0x1f0
[  391.639539][ T9484]  should_fail_ex+0x497/0x5b0
[  391.644228][ T9484]  ? fs_reclaim_acquire+0xae/0x150
[  391.649347][ T9484]  should_failslab+0xc2/0x120
[  391.654040][ T9484]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  391.659427][ T9484]  ? skb_clone+0x190/0x3f0
[  391.663855][ T9484]  skb_clone+0x190/0x3f0
[  391.668112][ T9484]  nfnetlink_rcv_batch+0x1d9/0x24e0
[  391.673339][ T9484]  ? __pfx___lock_acquire+0x10/0x10
[  391.678559][ T9484]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  391.684214][ T9484]  ? find_held_lock+0x2d/0x110
[  391.689004][ T9484]  ? avc_has_perm_noaudit+0x119/0x3a0
[  391.694414][ T9484]  ? avc_has_perm_noaudit+0x143/0x3a0
[  391.699806][ T9484]  ? __asan_memset+0x23/0x50
[  391.704406][ T9484]  ? __nla_validate_parse+0x601/0x2880
[  391.709881][ T9484]  ? __pfx___nla_validate_parse+0x10/0x10
[  391.715608][ T9484]  ? find_held_lock+0x2d/0x110
[  391.720392][ T9484]  ? cap_capable+0x1cf/0x240
[  391.724992][ T9484]  ? __nla_parse+0x40/0x60
[  391.729419][ T9484]  nfnetlink_rcv+0x3c3/0x430
[  391.734024][ T9484]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  391.739157][ T9484]  netlink_unicast+0x53c/0x7f0
[  391.743940][ T9484]  ? __pfx_netlink_unicast+0x10/0x10
[  391.749250][ T9484]  netlink_sendmsg+0x8b8/0xd70
[  391.754037][ T9484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  391.759355][ T9484]  ____sys_sendmsg+0xaaf/0xc90
[  391.764139][ T9484]  ? copy_msghdr_from_user+0x10b/0x160
[  391.769608][ T9484]  ? __pfx_____sys_sendmsg+0x10/0x10
[  391.774924][ T9484]  ___sys_sendmsg+0x135/0x1e0
[  391.779611][ T9484]  ? __pfx____sys_sendmsg+0x10/0x10
[  391.784835][ T9484]  ? __pfx_lock_release+0x10/0x10
[  391.789867][ T9484]  ? trace_lock_acquire+0x14e/0x1f0
[  391.795091][ T9484]  ? __fget_files+0x206/0x3a0
[  391.799784][ T9484]  __sys_sendmsg+0x16e/0x220
[  391.804382][ T9484]  ? __pfx___sys_sendmsg+0x10/0x10
[  391.809522][ T9484]  do_syscall_64+0xcd/0x250
[  391.814041][ T9484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.819947][ T9484] RIP: 0033:0x7f26adb85d29
[  391.824367][ T9484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.843981][ T9484] RSP: 002b:00007f26ab9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  391.852402][ T9484] RAX: ffffffffffffffda RBX: 00007f26add75fa0 RCX: 00007f26adb85d29
[  391.860380][ T9484] RDX: 0000000004000004 RSI: 0000000020000200 RDI: 0000000000000003
[  391.868355][ T9484] RBP: 00007f26ab9f6090 R08: 0000000000000000 R09: 0000000000000000
[  391.876330][ T9484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.884305][ T9484] R13: 0000000000000000 R14: 00007f26add75fa0 R15: 00007ffe1c5a6088
[  391.892296][ T9484]  </TASK>
[  391.900733][   T29] audit: type=1400 audit(1737362535.774:804): avc:  denied  { read write } for  pid=9476 comm="syz.2.678" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  391.927615][   T29] audit: type=1400 audit(1737362535.774:805): avc:  denied  { open } for  pid=9476 comm="syz.2.678" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  392.019431][   T29] audit: type=1400 audit(1737362535.774:806): avc:  denied  { map } for  pid=9476 comm="syz.2.678" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  392.596513][   T29] audit: type=1400 audit(1737362536.624:807): avc:  denied  { write } for  pid=5171 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  392.661155][   T29] audit: type=1400 audit(1737362536.624:808): avc:  denied  { remove_name } for  pid=5171 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  392.717358][   T29] audit: type=1400 audit(1737362536.624:809): avc:  denied  { add_name } for  pid=5171 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  392.792453][ T9496] siw: device registration error -23
[  392.801973][ T9496] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.681'.
[  392.811239][ T9496] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  393.106705][ T9500] siw: device registration error -23
[  393.115989][ T9500] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.682'.
[  393.125660][ T9500] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  393.740584][  T117] libceph: connect (1)[c::]:6789 error -101
[  393.799558][  T117] libceph: mon0 (1)[c::]:6789 connect error
[  393.938382][ T9509] ceph: No mds server is up or the cluster is laggy
[  395.250574][ T9526] netlink: 12 bytes leftover after parsing attributes in process `syz.3.684'.
[  395.297898][ T9526] netlink: 'syz.3.684': attribute type 12 has an invalid length.
[  396.259958][   T29] audit: type=1400 audit(1737362540.284:810): avc:  denied  { bind } for  pid=9529 comm="syz.4.687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  396.377696][   T29] audit: type=1400 audit(1737362540.354:811): avc:  denied  { setopt } for  pid=9549 comm="syz.1.690" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  396.631304][ T9543] xt_TPROXY: Can be used only with -p tcp or -p udp
[  397.030284][ T5906] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  398.012839][ T5906] usb 4-1: config 0 has an invalid interface number: 56 but max is 0
[  398.024161][ T5906] usb 4-1: config 0 has no interface number 0
[  398.032836][ T5906] usb 4-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  398.045066][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.053578][ T5906] usb 4-1: Product: syz
[  398.449775][ T5906] usb 4-1: Manufacturer: syz
[  398.455792][ T5906] usb 4-1: SerialNumber: syz
[  398.467231][ T5906] usb 4-1: config 0 descriptor??
[  398.482905][ T5906] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  398.490960][ T5906] pctv452e: pctv452e_power_ctrl: 1
[  398.490960][ T5906] 
[  398.507748][ T5906] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  398.507748][ T5906] 
[  398.547461][ T5906] dvb-usb: bulk message failed: -22 (5/0)
[  398.602836][ T5906] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  398.707258][ T5906] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  399.837102][ T5908] usb 4-1: USB disconnect, device number 13
[  400.026989][ T9570] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  400.033816][   T29] audit: type=1400 audit(1737362544.054:812): avc:  denied  { setopt } for  pid=9567 comm="syz.2.691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  400.054554][ T9570] VFS: Can't find a romfs filesystem on dev nullb0.
[  400.054554][ T9570] 
[  401.791123][ T9635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.697'.
[  401.806395][ T9635] netlink: 'syz.4.697': attribute type 12 has an invalid length.
[  403.378267][ T9659] /dev/nullb0: Can't open blockdev
[  403.892642][ T9643] xt_TPROXY: Can be used only with -p tcp or -p udp
[  404.181531][   T29] audit: type=1400 audit(1737362548.214:813): avc:  denied  { read write } for  pid=9664 comm="syz.0.710" name="mouse0" dev="devtmpfs" ino=1000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  404.210317][ T5863] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  404.552285][   T29] audit: type=1400 audit(1737362548.214:814): avc:  denied  { open } for  pid=9664 comm="syz.0.710" path="/dev/input/mouse0" dev="devtmpfs" ino=1000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  404.681640][ T5863] usb 3-1: config 0 has an invalid interface number: 56 but max is 0
[  404.689754][ T5863] usb 3-1: config 0 has no interface number 0
[  404.712652][ T9668] kvm: emulating exchange as write
[  404.729788][ T5863] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  404.746505][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.765360][ T5863] usb 3-1: Product: syz
[  404.802902][ T5863] usb 3-1: Manufacturer: syz
[  404.831093][ T5863] usb 3-1: SerialNumber: syz
[  405.230883][ T5863] usb 3-1: config 0 descriptor??
[  405.246445][ T5863] usb 3-1: can't set config #0, error -71
[  405.274876][ T5863] usb 3-1: USB disconnect, device number 17
[  406.633808][   T29] audit: type=1400 audit(1737362550.644:815): avc:  denied  { create } for  pid=9697 comm="syz.3.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  406.683585][ T9700] netlink: 16 bytes leftover after parsing attributes in process `syz.3.712'.
[  406.713856][   T29] audit: type=1400 audit(1737362550.644:816): avc:  denied  { connect } for  pid=9697 comm="syz.3.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  406.867113][   T29] audit: type=1400 audit(1737362550.714:817): avc:  denied  { write } for  pid=9697 comm="syz.3.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  410.488746][ T5863] libceph: connect (1)[c::]:6789 error -101
[  410.500522][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  410.545134][ T9737] ceph: No mds server is up or the cluster is laggy
[  411.266076][ T9748] xt_TPROXY: Can be used only with -p tcp or -p udp
[  411.510112][  T117] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  411.752155][  T117] usb 2-1: config 0 has an invalid interface number: 56 but max is 0
[  411.767718][  T117] usb 2-1: config 0 has no interface number 0
[  412.488741][  T117] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  412.557649][  T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.649757][  T117] usb 2-1: Product: syz
[  412.673629][  T117] usb 2-1: Manufacturer: syz
[  412.689459][  T117] usb 2-1: SerialNumber: syz
[  412.702739][  T117] usb 2-1: config 0 descriptor??
[  412.715742][  T117] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  412.725577][  T117] pctv452e: pctv452e_power_ctrl: 1
[  412.725577][  T117] 
[  412.735092][  T117] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  412.735092][  T117] 
[  412.747486][  T117] dvb-usb: bulk message failed: -22 (5/0)
[  412.755428][  T117] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  412.777732][  T117] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  412.961829][   T29] audit: type=1400 audit(1737362556.994:818): avc:  denied  { create } for  pid=9774 comm="syz.2.729" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  413.199033][ T9778] ufs: You didn't specify the type of your ufs filesystem
[  413.199033][ T9778] 
[  413.199033][ T9778] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  413.199033][ T9778] 
[  413.199033][ T9778] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  413.230304][ T9778] ufs: ufstype=old is supported read-only
[  413.238729][ T9778] ufs: ufs_fill_super(): bad magic number
[  413.272041][   T29] audit: type=1400 audit(1737362557.224:819): avc:  denied  { mounton } for  pid=9774 comm="syz.2.729" path="/148/file0" dev="tmpfs" ino=832 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  414.027336][ T5864] usb 2-1: USB disconnect, device number 13
[  415.867012][  T117] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  415.910977][   T29] audit: type=1400 audit(1737362559.894:820): avc:  denied  { read } for  pid=9816 comm="syz.0.737" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  415.989870][   T29] audit: type=1400 audit(1737362559.894:821): avc:  denied  { open } for  pid=9816 comm="syz.0.737" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  416.018004][   T29] audit: type=1400 audit(1737362559.894:822): avc:  denied  { ioctl } for  pid=9816 comm="syz.0.737" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  416.137977][  T117] usb 2-1: config 26 has an invalid interface number: 142 but max is 0
[  416.151634][  T117] usb 2-1: config 26 has no interface number 0
[  416.173761][  T117] usb 2-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=a4.f4
[  416.267340][  T117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.282223][  T117] gspca_main: touptek-2.14.0 probing 0547:6801
[  417.215212][ T5863] usb 2-1: USB disconnect, device number 14
[  417.360315][ T5908] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  417.580288][ T5908] usb 4-1: Using ep0 maxpacket: 32
[  417.607126][ T5908] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  417.616792][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.653884][ T5908] usb 4-1: config 0 descriptor??
[  418.147963][   T29] audit: type=1400 audit(1737362562.154:823): avc:  denied  { listen } for  pid=9841 comm="syz.3.740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  418.383613][ T9862] tty tty27: ldisc open failed (-12), clearing slot 26
[  418.403946][   T29] audit: type=1400 audit(1737362562.174:824): avc:  denied  { accept } for  pid=9841 comm="syz.3.740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  418.432563][ T9865] tty tty4: ldisc open failed (-12), clearing slot 3
[  418.582304][ T5908] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  418.660002][ T5908] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  418.679731][ T5908] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  419.390673][ T5906] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  419.786875][ T5906] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  420.024233][ T5906] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  420.053602][ T9882] netlink: 224 bytes leftover after parsing attributes in process `syz.0.747'.
[  420.220185][ T5906] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  420.231466][ T5906] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  420.256126][ T5906] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  420.645849][   T29] audit: type=1400 audit(1737362564.664:825): avc:  denied  { connect } for  pid=9893 comm="syz.1.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  420.880632][ T9887] xt_TPROXY: Can be used only with -p tcp or -p udp
[  420.891258][ T5906] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  420.900680][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  420.908885][ T5906] usb 5-1: Product: syz
[  420.913244][ T5906] usb 5-1: Manufacturer: syz
[  420.988761][ T5906] cdc_wdm 5-1:1.0: skipping garbage
[  420.996541][ T5906] cdc_wdm 5-1:1.0: skipping garbage
[  421.016873][ T5906] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  421.022883][ T5906] cdc_wdm 5-1:1.0: Unknown control protocol
[  423.204254][ T9928] ip6gretap0: entered promiscuous mode
[  423.291851][ T9931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.758'.
[  423.301702][ T9931] mac80211_hwsim hwsim5 syzka: renamed from wlan1 (while UP)
[  423.433628][ T9935] =======================================================
[  423.433628][ T9935] WARNING: The mand mount option has been deprecated and
[  423.433628][ T9935]          and is ignored by this kernel. Remove the mand
[  423.433628][ T9935]          option from the mount to silence this warning.
[  423.433628][ T9935] =======================================================
[  424.161546][ T5863] libceph: connect (1)[c::]:6789 error -101
[  424.167615][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  424.242302][ T9958] netlink: 4 bytes leftover after parsing attributes in process `syz.2.763'.
[  424.460468][ T5906] libceph: connect (1)[c::]:6789 error -101
[  424.492572][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  424.883065][ T9954] ceph: No mds server is up or the cluster is laggy
[  424.920165][ T5906] usb 5-1: USB disconnect, device number 17
[  424.926233][ T9961] xt_TPROXY: Can be used only with -p tcp or -p udp
[  425.034547][ T5916] libceph: connect (1)[c::]:6789 error -101
[  425.042850][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  425.108753][ T9972] FAULT_INJECTION: forcing a failure.
[  425.108753][ T9972] name failslab, interval 1, probability 0, space 0, times 0
[  425.181323][ T9972] CPU: 0 UID: 0 PID: 9972 Comm: syz.4.766 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  425.191948][ T9972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  425.202014][ T9972] Call Trace:
[  425.205293][ T9972]  <TASK>
[  425.208208][ T9972]  dump_stack_lvl+0x16c/0x1f0
[  425.212875][ T9972]  should_fail_ex+0x497/0x5b0
[  425.217537][ T9972]  ? fs_reclaim_acquire+0xae/0x150
[  425.222632][ T9972]  should_failslab+0xc2/0x120
[  425.227292][ T9972]  __kmalloc_node_noprof+0xd1/0x510
[  425.232482][ T9972]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  425.237934][ T9972]  __kvmalloc_node_noprof+0xad/0x1a0
[  425.243211][ T9972]  alloc_netdev_mqs+0xf82/0x1510
[  425.248146][ T9972]  rtnl_create_link+0xc10/0xfa0
[  425.252988][ T9972]  rtnl_newlink+0x14c6/0x1d60
[  425.257665][ T9972]  ? __pfx_rtnl_newlink+0x10/0x10
[  425.262679][ T9972]  ? __pfx___lock_acquire+0x10/0x10
[  425.267862][ T9972]  ? cred_has_capability.isra.0+0x192/0x2f0
[  425.273743][ T9972]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  425.279973][ T9972]  ? find_held_lock+0x2d/0x110
[  425.284737][ T9972]  ? rtnetlink_rcv_msg+0x93a/0xea0
[  425.289839][ T9972]  ? __pfx_lock_release+0x10/0x10
[  425.294849][ T9972]  ? trace_lock_acquire+0x14e/0x1f0
[  425.300050][ T9972]  ? __pfx_rtnl_newlink+0x10/0x10
[  425.305067][ T9972]  rtnetlink_rcv_msg+0x95b/0xea0
[  425.309992][ T9972]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  425.315469][ T9972]  netlink_rcv_skb+0x16b/0x440
[  425.320227][ T9972]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  425.325677][ T9972]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  425.330959][ T9972]  ? netlink_deliver_tap+0x1ae/0xd30
[  425.336236][ T9972]  netlink_unicast+0x53c/0x7f0
[  425.340991][ T9972]  ? __pfx_netlink_unicast+0x10/0x10
[  425.346288][ T9972]  netlink_sendmsg+0x8b8/0xd70
[  425.351041][ T9972]  ? __pfx_netlink_sendmsg+0x10/0x10
[  425.356325][ T9972]  ____sys_sendmsg+0xaaf/0xc90
[  425.361078][ T9972]  ? copy_msghdr_from_user+0x10b/0x160
[  425.366520][ T9972]  ? __pfx_____sys_sendmsg+0x10/0x10
[  425.371800][ T9972]  ___sys_sendmsg+0x135/0x1e0
[  425.376459][ T9972]  ? __pfx____sys_sendmsg+0x10/0x10
[  425.381650][ T9972]  ? __pfx_lock_release+0x10/0x10
[  425.386656][ T9972]  ? trace_lock_acquire+0x14e/0x1f0
[  425.391852][ T9972]  ? __fget_files+0x206/0x3a0
[  425.396518][ T9972]  __sys_sendmsg+0x16e/0x220
[  425.401087][ T9972]  ? __pfx___sys_sendmsg+0x10/0x10
[  425.406184][ T9972]  do_syscall_64+0xcd/0x250
[  425.410673][ T9972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.416548][ T9972] RIP: 0033:0x7f80cb585d29
[  425.420942][ T9972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.440531][ T9972] RSP: 002b:00007f80c93f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.448922][ T9972] RAX: ffffffffffffffda RBX: 00007f80cb775fa0 RCX: 00007f80cb585d29
[  425.456874][ T9972] RDX: 0000000004008040 RSI: 0000000020000080 RDI: 0000000000000003
[  425.464823][ T9972] RBP: 00007f80c93f6090 R08: 0000000000000000 R09: 0000000000000000
[  425.472772][ T9972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  425.480738][ T9972] R13: 0000000000000000 R14: 00007f80cb775fa0 R15: 00007ffe4decf698
[  425.488701][ T9972]  </TASK>
[  425.590312][ T5863] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  425.658606][ T9975] xt_TPROXY: Can be used only with -p tcp or -p udp
[  425.842517][ T5863] usb 2-1: config 0 has an invalid interface number: 56 but max is 0
[  425.885241][ T5863] usb 2-1: config 0 has no interface number 0
[  425.925906][ T5863] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  425.940482][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.955118][ T5863] usb 2-1: Product: syz
[  425.959428][ T5863] usb 2-1: Manufacturer: syz
[  425.964144][ T5863] usb 2-1: SerialNumber: syz
[  425.975748][ T5863] usb 2-1: config 0 descriptor??
[  425.992452][ T5863] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  426.005873][ T5863] pctv452e: pctv452e_power_ctrl: 1
[  426.005873][ T5863] 
[  426.010185][  T117] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  426.020073][ T5863] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  426.020073][ T5863] 
[  426.032600][ T5863] dvb-usb: bulk message failed: -22 (5/0)
[  426.051420][ T9977] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  426.054942][ T5863] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  426.057934][ T9977] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  426.071453][ T9977] vhci_hcd vhci_hcd.0: Device attached
[  426.115341][ T5863] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  426.183379][  T117] usb 3-1: config 0 has an invalid interface number: 56 but max is 0
[  426.230085][  T117] usb 3-1: config 0 has no interface number 0
[  426.260589][  T117] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  426.280349][  T117] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.288327][  T117] usb 3-1: Product: syz
[  426.310644][ T5867] usb 41-1: new low-speed USB device number 2 using vhci_hcd
[  426.320425][  T117] usb 3-1: Manufacturer: syz
[  426.325042][  T117] usb 3-1: SerialNumber: syz
[  426.342183][  T117] usb 3-1: config 0 descriptor??
[  426.360670][ T5916] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  426.374838][  T117] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  426.404663][  T117] pctv452e: pctv452e_power_ctrl: 1
[  426.404663][  T117] 
[  426.427010][  T117] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  426.427010][  T117] 
[  426.457971][  T117] dvb-usb: bulk message failed: -22 (5/0)
[  426.477919][  T117] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  426.540440][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  426.549094][ T5916] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  426.579579][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.607323][  T117] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  426.617908][ T5916] usb 5-1: Product: syz
[  426.632861][ T5916] usb 5-1: Manufacturer: syz
[  426.647131][ T5916] usb 5-1: SerialNumber: syz
[  426.659737][ T5916] usb 5-1: config 0 descriptor??
[  426.668030][ T5906] usb 2-1: USB disconnect, device number 15
[  426.676511][ T5916] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  426.699056][ T5916] usb 5-1: Detected FT232H
[  426.730968][ T5128] Bluetooth: hci4: unexpected event for opcode 0x0c22
[  427.457456][ T9979] vhci_hcd: unknown pdu 2
[  427.473358][ T5881] vhci_hcd: stop threads
[  427.477754][ T5881] vhci_hcd: release socket
[  427.489641][ T5881] vhci_hcd: disconnect device
[  427.569705][ T5867] vhci_hcd: vhci_device speed not set
[  427.869570][ T5906] usb 3-1: USB disconnect, device number 18
[  428.782384][T10006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.772'.
[  428.802302][T10006] mac80211_hwsim hwsim3 syzka: renamed from wlan1
[  429.035574][T10013] netlink: 224 bytes leftover after parsing attributes in process `syz.0.774'.
[  429.044695][T10013] netlink: 20 bytes leftover after parsing attributes in process `syz.0.774'.
[  429.363328][ T5916] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  429.400136][ T5916] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  429.434058][ T5916] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[  429.477921][ T5916] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  429.549507][ T5916] usb 5-1: USB disconnect, device number 18
[  429.669978][ T5916] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  429.710428][ T5916] ftdi_sio 5-1:0.0: device disconnected
[  430.256396][T10033] random: crng reseeded on system resumption
[  430.878013][   T29] audit: type=1400 audit(1737362574.904:826): avc:  denied  { connect } for  pid=10032 comm="syz.0.777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  431.752011][T10045] siw: device registration error -23
[  432.085442][ T5916] libceph: connect (1)[c::]:6789 error -101
[  432.110315][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  432.379430][   T29] audit: type=1400 audit(1737362576.404:827): avc:  denied  { create } for  pid=10058 comm="syz.2.781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  432.430601][ T5916] libceph: connect (1)[c::]:6789 error -101
[  432.465397][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  432.502661][   T29] audit: type=1400 audit(1737362576.404:828): avc:  denied  { write } for  pid=10058 comm="syz.2.781" path="socket:[24363]" dev="sockfs" ino=24363 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  432.540491][T10052] ceph: No mds server is up or the cluster is laggy
[  433.529268][ T5863] libceph: connect (1)[c::]:6789 error -101
[  433.546667][ T5863] libceph: mon0 (1)[c::]:6789 connect error
[  433.895927][T10072] FAULT_INJECTION: forcing a failure.
[  433.895927][T10072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.918272][T10072] CPU: 1 UID: 0 PID: 10072 Comm: syz.0.787 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  433.928973][T10072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  433.939036][T10072] Call Trace:
[  433.942322][T10072]  <TASK>
[  433.945264][T10072]  dump_stack_lvl+0x16c/0x1f0
[  433.949958][T10072]  should_fail_ex+0x497/0x5b0
[  433.954651][T10072]  _copy_to_user+0x32/0xd0
[  433.959074][T10072]  binder_ioctl+0x2621/0x6fc0
[  433.963781][T10072]  ? tomoyo_path_number_perm+0x190/0x590
[  433.969433][T10072]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  433.975347][T10072]  ? __pfx_binder_ioctl+0x10/0x10
[  433.980393][T10072]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  433.985444][T10072]  ? ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[  433.991958][T10072]  ? ioctl_has_perm.constprop.0.isra.0+0x2fc/0x450
[  433.998477][T10072]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  434.005345][T10072]  ? __pfx_lock_release+0x10/0x10
[  434.010391][T10072]  ? selinux_file_ioctl+0x180/0x270
[  434.015599][T10072]  ? selinux_file_ioctl+0xb4/0x270
[  434.020723][T10072]  ? __pfx_binder_ioctl+0x10/0x10
[  434.025760][T10072]  __x64_sys_ioctl+0x190/0x200
[  434.030538][T10072]  do_syscall_64+0xcd/0x250
[  434.035055][T10072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.040960][T10072] RIP: 0033:0x7f761ed85d29
[  434.045377][T10072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.064987][T10072] RSP: 002b:00007f761fc63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.073409][T10072] RAX: ffffffffffffffda RBX: 00007f761ef75fa0 RCX: 00007f761ed85d29
[  434.081386][T10072] RDX: 00000000200001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  434.089364][T10072] RBP: 00007f761fc63090 R08: 0000000000000000 R09: 0000000000000000
[  434.097338][T10072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.105315][T10072] R13: 0000000000000000 R14: 00007f761ef75fa0 R15: 00007ffdb7fa9058
[  434.113305][T10072]  </TASK>
[  434.239174][T10072] binder: 10070:10072 ioctl c0306201 200001c0 returned -14
[  434.504673][T10080] xt_TPROXY: Can be used only with -p tcp or -p udp
[  434.980704][  T117] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  435.600282][  T117] usb 3-1: config 0 has an invalid interface number: 56 but max is 0
[  435.608590][  T117] usb 3-1: config 0 has no interface number 0
[  435.838382][   T29] audit: type=1400 audit(1737362579.864:829): avc:  denied  { name_bind } for  pid=10096 comm="syz.0.791" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  436.007907][  T117] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  436.114493][T10101] misc userio: Can't change port type on an already running userio instance
[  436.622251][  T117] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.650748][  T117] usb 3-1: Product: syz
[  436.666702][  T117] usb 3-1: Manufacturer: syz
[  436.678740][  T117] usb 3-1: SerialNumber: syz
[  436.699875][  T117] usb 3-1: config 0 descriptor??
[  436.843113][  T117] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  436.865330][  T117] pctv452e: pctv452e_power_ctrl: 1
[  436.865330][  T117] 
[  437.075409][  T117] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  437.075409][  T117] 
[  437.107729][  T117] dvb-usb: bulk message failed: -22 (5/0)
[  437.115231][  T117] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  437.139005][  T117] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  437.657279][  T117] usb 3-1: USB disconnect, device number 19
[  437.743547][   T29] audit: type=1400 audit(1737362581.744:830): avc:  denied  { module_request } for  pid=10105 comm="syz.0.794" kmod="netdev-wlan1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  438.240800][   T29] audit: type=1400 audit(1737362581.964:831): avc:  denied  { write } for  pid=10111 comm="syz.3.796" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  438.283072][   T29] audit: type=1400 audit(1737362581.964:832): avc:  denied  { read } for  pid=10111 comm="syz.3.796" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  438.366217][T10121] Bluetooth: MGMT ver 1.23
[  438.745592][T10128] siw: device registration error -23
[  438.752888][T10128] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.799'.
[  438.762148][T10128] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  438.936195][   T29] audit: type=1400 audit(1737362582.774:833): avc:  denied  { read } for  pid=10122 comm="syz.3.799" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  439.375940][   T29] audit: type=1400 audit(1737362582.774:834): avc:  denied  { open } for  pid=10122 comm="syz.3.799" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  440.062528][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  440.079202][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  440.489149][T10141] netlink: 224 bytes leftover after parsing attributes in process `syz.3.801'.
[  441.081105][T10154] xt_TPROXY: Can be used only with -p tcp or -p udp
[  441.530222][ T5906] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  442.102630][   T29] audit: type=1400 audit(1737362586.124:835): avc:  denied  { create } for  pid=10167 comm="syz.0.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  442.123429][   T29] audit: type=1400 audit(1737362586.124:836): avc:  denied  { ioctl } for  pid=10167 comm="syz.0.808" path="socket:[25769]" dev="sockfs" ino=25769 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  442.212293][ T5906] usb 3-1: config 0 has an invalid interface number: 56 but max is 0
[  442.530341][ T5906] usb 3-1: config 0 has no interface number 0
[  442.551803][T10175] team0: Device gtp0 is of different type
[  442.571465][ T5906] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  442.599579][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.614465][ T5906] usb 3-1: Product: syz
[  442.624239][ T5906] usb 3-1: Manufacturer: syz
[  442.631993][T10176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.809'.
[  442.639107][ T5906] usb 3-1: SerialNumber: syz
[  442.647670][ T5906] usb 3-1: config 0 descriptor??
[  442.666005][ T5906] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  442.680277][T10176] netlink: 24 bytes leftover after parsing attributes in process `syz.3.809'.
[  442.693761][ T5906] pctv452e: pctv452e_power_ctrl: 1
[  442.693761][ T5906] 
[  442.709548][ T5906] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  442.709548][ T5906] 
[  442.725468][T10178] sit0: entered promiscuous mode
[  442.733851][ T5906] dvb-usb: bulk message failed: -22 (5/0)
[  442.779210][ T5906] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  442.910347][ T5906] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  443.676577][T10189] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.812'.
[  443.686043][T10189] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  444.364056][ T5867] IPVS: starting estimator thread 0...
[  444.389835][ T5906] usb 3-1: USB disconnect, device number 20
[  444.452116][T10196] IPVS: using max 27 ests per chain, 64800 per kthread
[  444.478639][T10199] netlink: 'syz.0.814': attribute type 1 has an invalid length.
[  445.075602][T10212] 9pnet_fd: Insufficient options for proto=fd
[  445.344484][   T29] audit: type=1400 audit(1737362589.374:837): avc:  denied  { setopt } for  pid=10200 comm="syz.4.818" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  445.903136][   T29] audit: type=1400 audit(1737362589.914:838): avc:  denied  { ioctl } for  pid=10197 comm="syz.0.814" path="/dev/ptyq5" dev="devtmpfs" ino=124 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  445.908932][T10214] bond1: (slave ip6erspan0): making interface the new active one
[  446.601704][T10214] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  447.590426][T10232] random: crng reseeded on system resumption
[  448.692342][T10237] netlink: 12 bytes leftover after parsing attributes in process `syz.2.820'.
[  448.713333][T10237] netlink: 'syz.2.820': attribute type 12 has an invalid length.
[  449.969567][T10247] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.825'.
[  449.978891][T10247] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  451.658269][T10259] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  451.870879][T10263] xt_TPROXY: Can be used only with -p tcp or -p udp
[  452.651631][ T5867] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  452.733254][   T29] audit: type=1400 audit(1737362596.764:839): avc:  denied  { connect } for  pid=10270 comm="syz.4.831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  453.326786][   T29] audit: type=1400 audit(1737362596.764:840): avc:  denied  { read } for  pid=10270 comm="syz.4.831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  453.346846][   T29] audit: type=1400 audit(1737362596.874:841): avc:  denied  { getopt } for  pid=10270 comm="syz.4.831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  453.563001][ T5867] usb 2-1: config 0 has an invalid interface number: 56 but max is 0
[  453.573802][ T5867] usb 2-1: config 0 has no interface number 0
[  453.652416][T10281] overlayfs: missing 'workdir'
[  454.839961][ T5867] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  454.849247][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.863501][ T5867] usb 2-1: config 0 descriptor??
[  454.872188][ T5867] usb 2-1: can't set config #0, error -71
[  454.883348][ T5867] usb 2-1: USB disconnect, device number 16
[  455.784585][T10296] Cannot find add_set index 2048 as target
[  456.881298][T10313] bridge0: port 3(erspan0) entered blocking state
[  456.888723][T10313] bridge0: port 3(erspan0) entered disabled state
[  456.899914][T10313] erspan0: entered allmulticast mode
[  457.079920][T10317] netlink: 'syz.3.842': attribute type 1 has an invalid length.
[  457.181184][T10313] erspan0: entered promiscuous mode
[  457.215808][T10313] bridge0: port 3(erspan0) entered blocking state
[  457.223583][T10313] bridge0: port 3(erspan0) entered forwarding state
[  457.854938][T10325] random: crng reseeded on system resumption
[  458.132648][   T29] audit: type=1400 audit(1737362602.164:842): avc:  denied  { connect } for  pid=10315 comm="syz.4.843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  458.653053][T10341] overlayfs: missing 'workdir'
[  459.360291][ T5863] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  459.580440][T10342] xt_TPROXY: Can be used only with -p tcp or -p udp
[  459.617458][ T5863] usb 5-1: Using ep0 maxpacket: 16
[  459.634774][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.764391][   T29] audit: type=1400 audit(1737362603.794:843): avc:  denied  { append } for  pid=10343 comm="syz.2.850" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  459.800427][ T5863] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.827376][ T5863] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  459.843130][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.852924][ T5863] usb 5-1: config 0 descriptor??
[  460.160345][ T5906] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  460.359704][T10363] xt_TPROXY: Can be used only with -p tcp or -p udp
[  461.151556][ T5863] appleir 0003:05AC:8241.0003: unknown main item tag 0x0
[  461.162015][ T5906] usb 3-1: Using ep0 maxpacket: 32
[  461.167407][ T5863] appleir 0003:05AC:8241.0003: unknown main item tag 0x0
[  461.175552][ T5863] appleir 0003:05AC:8241.0003: item fetching failed at offset 2/5
[  461.206397][ T5863] appleir 0003:05AC:8241.0003: parse failed
[  461.221961][ T5863] appleir 0003:05AC:8241.0003: probe with driver appleir failed with error -22
[  461.271107][ T5906] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  461.291052][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.509669][T10367] netlink: 224 bytes leftover after parsing attributes in process `syz.1.854'.
[  461.699746][ T5906] usb 3-1: config 0 descriptor??
[  461.711474][ T5864] usb 5-1: USB disconnect, device number 19
[  461.746406][ T5906] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  462.455980][T10374] random: crng reseeded on system resumption
[  462.668051][ T5906] gspca_vc032x: reg_w err -71
[  462.673665][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.678970][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.711514][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.716833][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.748024][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.753411][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.759507][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.764988][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.781817][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.787125][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.800047][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.817667][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.827780][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.833275][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.838671][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.847761][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.854175][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.887656][ T5906] gspca_vc032x: I2c Bus Busy Wait 00
[  462.893297][ T5906] gspca_vc032x: Unknown sensor...
[  462.898484][ T5906] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  462.908717][ T5906] usb 3-1: USB disconnect, device number 21
[  463.264527][ T5864] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  463.421437][ T5864] usb 5-1: Using ep0 maxpacket: 32
[  463.594077][ T5864] usb 5-1: config 1 interface 0 altsetting 253 bulk endpoint 0x1 has invalid maxpacket 32
[  463.614379][ T5864] usb 5-1: config 1 interface 0 has no altsetting 0
[  463.668692][ T5864] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  463.676301][ T5864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.821126][T10388] xt_TPROXY: Can be used only with -p tcp or -p udp
[  463.910142][ T5864] usb 5-1: Product: syz
[  463.930067][ T5864] usb 5-1: Manufacturer: syz
[  463.940392][ T5864] usb 5-1: SerialNumber: syz
[  463.948924][T10379] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  464.078882][   T29] audit: type=1400 audit(1737362608.104:844): avc:  denied  { create } for  pid=10391 comm="syz.1.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  464.110122][   T29] audit: type=1400 audit(1737362608.104:845): avc:  denied  { bind } for  pid=10391 comm="syz.1.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  464.310269][ T5906] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  465.040750][ T5906] usb 2-1: Using ep0 maxpacket: 16
[  465.060500][ T5906] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  465.084690][ T5906] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  465.116064][ T5906] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  465.165256][ T5906] usb 2-1: config 0 interface 0 has no altsetting 0
[  465.180085][ T5906] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  465.202025][ T5864] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  465.202765][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.234927][ T5906] usb 2-1: config 0 descriptor??
[  465.793328][ T5864] usb 5-1: USB disconnect, device number 20
[  465.802608][ T5864] usblp0: removed
[  465.966993][ T5906] input: HID 054c:03d5 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:03D5.0004/input/input8
[  466.015268][T10414] delete_channel: no stack
[  466.020492][T10414] delete_channel: no stack
[  466.079741][T10416] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.864'.
[  466.089148][T10416] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  466.449143][ T5906] sony 0003:054C:03D5.0004: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.1-1/input0
[  466.533695][T10420] ntfs3(nullb0): Primary boot signature is not NTFS.
[  466.541398][T10420] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00
[  466.613806][ T5906] usb 2-1: USB disconnect, device number 17
[  467.196894][   T29] audit: type=1400 audit(1737362611.224:846): avc:  denied  { mount } for  pid=10425 comm="syz.4.870" name="/" dev="ramfs" ino=26615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  467.227157][T10428] netlink: 160 bytes leftover after parsing attributes in process `syz.4.870'.
[  467.600596][   T29] audit: type=1400 audit(1737362611.254:847): avc:  denied  { ioctl } for  pid=10425 comm="syz.4.870" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  467.713802][   T29] audit: type=1400 audit(1737362611.664:848): avc:  denied  { create } for  pid=10432 comm="syz.2.871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  468.081555][T10441] overlayfs: missing 'lowerdir'
[  468.854665][T10443] FAULT_INJECTION: forcing a failure.
[  468.854665][T10443] name failslab, interval 1, probability 0, space 0, times 0
[  469.717779][T10443] CPU: 0 UID: 0 PID: 10443 Comm: syz.4.872 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  469.728500][T10443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  469.738559][T10443] Call Trace:
[  469.741832][T10443]  <TASK>
[  469.744754][T10443]  dump_stack_lvl+0x16c/0x1f0
[  469.749435][T10443]  should_fail_ex+0x497/0x5b0
[  469.754112][T10443]  ? fs_reclaim_acquire+0xae/0x150
[  469.759218][T10443]  should_failslab+0xc2/0x120
[  469.763898][T10443]  __kmalloc_cache_node_noprof+0x6e/0x420
[  469.769635][T10443]  ? trace_kmalloc+0x2d/0xd0
[  469.774233][T10443]  ? page_pool_create_percpu+0x7a/0xad0
[  469.779796][T10443]  page_pool_create_percpu+0x7a/0xad0
[  469.785197][T10443]  bpf_test_run_xdp_live+0x193/0x500
[  469.790486][T10443]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  469.796383][T10443]  ? __pfx___lock_acquire+0x10/0x10
[  469.801586][T10443]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  469.807493][T10443]  ? __might_fault+0xe3/0x190
[  469.812177][T10443]  ? __might_fault+0xe3/0x190
[  469.816855][T10443]  ? _copy_from_user+0x59/0xd0
[  469.821616][T10443]  ? bpf_test_init.isra.0+0x111/0x150
[  469.826986][T10443]  bpf_prog_test_run_xdp+0x81f/0x1570
[  469.832365][T10443]  ? lock_acquire+0x2f/0xb0
[  469.836866][T10443]  ? __fget_files+0x40/0x3a0
[  469.841461][T10443]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  469.847268][T10443]  ? __fget_files+0x206/0x3a0
[  469.851941][T10443]  ? fput+0x67/0x440
[  469.855833][T10443]  ? __bpf_prog_get+0xa0/0x290
[  469.860594][T10443]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  469.866398][T10443]  __sys_bpf+0xfc6/0x49c0
[  469.870726][T10443]  ? __pfx_lock_release+0x10/0x10
[  469.875745][T10443]  ? __pfx___sys_bpf+0x10/0x10
[  469.880505][T10443]  ? vfs_write+0x306/0x1150
[  469.885003][T10443]  ? __mutex_unlock_slowpath+0x164/0x690
[  469.890646][T10443]  ? fput+0x67/0x440
[  469.894535][T10443]  ? ksys_write+0x1ba/0x250
[  469.899026][T10443]  ? __pfx_ksys_write+0x10/0x10
[  469.903871][T10443]  __x64_sys_bpf+0x78/0xc0
[  469.908283][T10443]  ? lockdep_hardirqs_on+0x7c/0x110
[  469.913479][T10443]  do_syscall_64+0xcd/0x250
[  469.917980][T10443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.923872][T10443] RIP: 0033:0x7f80cb585d29
[  469.928281][T10443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.947881][T10443] RSP: 002b:00007f80c93f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  469.956288][T10443] RAX: ffffffffffffffda RBX: 00007f80cb775fa0 RCX: 00007f80cb585d29
[  469.964254][T10443] RDX: 0000000000000050 RSI: 0000000020000000 RDI: 000000000000000a
[  469.972215][T10443] RBP: 00007f80c93f6090 R08: 0000000000000000 R09: 0000000000000000
[  469.980178][T10443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.988146][T10443] R13: 0000000000000000 R14: 00007f80cb775fa0 R15: 00007ffe4decf698
[  469.996119][T10443]  </TASK>
[  469.999243][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.011271][T10454] fuse: Bad value for 'fd'
[  471.067442][   T29] audit: type=1400 audit(1737362615.094:849): avc:  denied  { write } for  pid=10464 comm="syz.4.880" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  471.317207][T10467] netlink: 'syz.0.879': attribute type 12 has an invalid length.
[  472.407540][T10494] overlayfs: missing 'lowerdir'
[  473.123504][   T29] audit: type=1400 audit(1737362617.154:850): avc:  denied  { read } for  pid=10485 comm="syz.1.884" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  473.147572][    C0] vkms_vblank_simulate: vblank timer overrun
[  473.165655][T10496] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  474.267572][T10501] netlink: 12 bytes leftover after parsing attributes in process `syz.4.887'.
[  474.366398][T10502] netlink: 'syz.4.887': attribute type 12 has an invalid length.
[  474.703441][   T29] audit: type=1400 audit(1737362617.154:851): avc:  denied  { open } for  pid=10485 comm="syz.1.884" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  474.726955][    C0] vkms_vblank_simulate: vblank timer overrun
[  476.988736][T10525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.895'.
[  478.620864][T10552] tipc: Started in network mode
[  478.625789][T10552] tipc: Node identity fa839423cb3d, cluster identity 4711
[  478.633512][T10552] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  478.644180][T10552] syzkaller0: entered promiscuous mode
[  478.649632][T10552] syzkaller0: entered allmulticast mode
[  478.698261][   T29] audit: type=1326 audit(1737362622.724:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10551 comm="syz.2.901" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f61f2b85d29 code=0x0
[  478.749818][T10551] tipc: Resetting bearer <eth:syzkaller0>
[  478.771205][T10551] tipc: Disabling bearer <eth:syzkaller0>
[  479.839069][ T5916] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  479.867836][   T29] audit: type=1400 audit(1737362623.894:853): avc:  denied  { append } for  pid=10569 comm="syz.4.906" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  480.060284][ T5916] usb 2-1: Using ep0 maxpacket: 8
[  480.134094][ T5916] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee
[  480.139616][T10573] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  480.156459][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.188628][ T5916] usb 2-1: Product: syz
[  480.210266][ T5916] usb 2-1: Manufacturer: syz
[  480.214887][ T5916] usb 2-1: SerialNumber: syz
[  480.259854][ T5916] usb 2-1: config 0 descriptor??
[  480.975346][T10559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.118945][T10559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.430826][ T5916] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  481.440710][ T5908] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  481.456099][ T5908] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  481.467768][ T5908] usb 4-1: USB disconnect, device number 14
[  481.479875][T10592] vivid-001: =================  START STATUS  =================
[  481.537352][T10592] vivid-001: Radio HW Seek Mode: Bounded
[  481.549586][T10592] vivid-001: Radio Programmable HW Seek: false
[  481.650227][T10592] vivid-001: RDS Rx I/O Mode: Block I/O
[  481.672224][T10592] vivid-001: Generate RBDS Instead of RDS: false
[  481.673178][T10559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.678925][T10592] vivid-001: RDS Reception: 
[  481.918117][T10559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.918146][T10592] true
[  482.213829][T10592] vivid-001: RDS Program Type: 0 inactive
[  482.226761][ T5916] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  482.237546][ T5916] usb 2-1: USB disconnect, device number 18
[  482.256668][T10592] vivid-001: RDS PS Name:  inactive
[  482.374202][T10592] vivid-001: RDS Radio Text:  inactive
[  482.379703][T10592] vivid-001: RDS Traffic Announcement: false inactive
[  482.396339][T10591] netlink: 244 bytes leftover after parsing attributes in process `syz.4.911'.
[  482.410301][T10592] vivid-001: RDS Traffic Program: false inactive
[  482.420207][T10592] vivid-001: RDS Music: false inactive
[  482.426687][T10592] vivid-001: ==================  END STATUS  ==================
[  482.622914][T10607] siw: device registration error -23
[  482.633941][T10607] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.914'.
[  482.643304][T10607] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  483.120948][ T5906] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  483.470179][ T5906] usb 4-1: Using ep0 maxpacket: 32
[  483.665962][ T5906] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  483.675212][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.683727][ T5906] usb 4-1: Product: syz
[  483.688593][ T5906] usb 4-1: Manufacturer: syz
[  483.693366][ T5906] usb 4-1: SerialNumber: syz
[  483.699820][ T5906] usb 4-1: config 0 descriptor??
[  483.784795][   T29] audit: type=1400 audit(1737362627.794:854): avc:  denied  { write } for  pid=10616 comm="syz.4.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  484.413159][T10624] netlink: 224 bytes leftover after parsing attributes in process `syz.1.919'.
[  484.740925][T10614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.749502][T10614] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.521052][ T5906] peak_usb 4-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  485.569996][ T5906] peak_usb 4-1:0.0 can0: sending command failure: -22
[  486.166533][ T5906] peak_usb 4-1:0.0 can0: sending command failure: -22
[  486.227802][T10634] block nbd1: shutting down sockets
[  486.312561][ T5906] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -22
[  486.330325][ T5906] usb 4-1: USB disconnect, device number 15
[  486.467787][T10646] netlink: 244 bytes leftover after parsing attributes in process `syz.1.924'.
[  487.431189][ T5916] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  487.801064][ T5916] usb 2-1: Using ep0 maxpacket: 32
[  487.872424][ T5916] usb 2-1: config 0 interface 0 has no altsetting 0
[  488.136516][ T5916] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  488.156024][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.265615][T10664] netlink: 12 bytes leftover after parsing attributes in process `syz.3.928'.
[  488.284843][T10664] netlink: 'syz.3.928': attribute type 12 has an invalid length.
[  488.908979][ T5916] usb 2-1: Product: syz
[  488.913444][ T5916] usb 2-1: Manufacturer: syz
[  488.918124][ T5916] usb 2-1: SerialNumber: syz
[  488.931774][ T5916] usb 2-1: config 0 descriptor??
[  489.352583][ T5916] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  489.590204][ T5864] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  490.452158][ T5864] usb 3-1: Using ep0 maxpacket: 16
[  490.473498][ T5864] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  490.500608][ T5864] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  490.509964][ T5916] gs_usb 2-1:0.0: Disabling termination support for channel 0 (-EPIPE)
[  490.534823][ T5916] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  490.545394][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  490.555445][ T5916] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22
[  490.578789][ T5864] usb 3-1: config 0 descriptor??
[  490.602898][ T5864] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9
[  490.730447][  T117] usb 2-1: USB disconnect, device number 19
[  490.832157][T10670] input: syz0 as /devices/virtual/input/input10
[  490.904223][ T5174] bcm5974 3-1:0.0: could not read from device
[  490.931174][ T5174] bcm5974 3-1:0.0: could not read from device
[  490.933241][ T5864] usb 3-1: USB disconnect, device number 22
[  490.948494][ T5174] bcm5974 3-1:0.0: could not read from device
[  491.000227][    T8] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  491.024405][T10689] netlink: 12 bytes leftover after parsing attributes in process `syz.3.933'.
[  491.039805][T10689] netlink: 'syz.3.933': attribute type 12 has an invalid length.
[  491.345203][    T8] usb 5-1: Using ep0 maxpacket: 32
[  491.353985][    T8] usb 5-1: config 0 interface 0 has no altsetting 0
[  491.390967][    T8] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  491.400276][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  491.415105][    T8] usb 5-1: Product: syz
[  491.429198][    T8] usb 5-1: Manufacturer: syz
[  491.439368][    T8] usb 5-1: SerialNumber: syz
[  491.453698][    T8] usb 5-1: config 0 descriptor??
[  491.986792][    T8] gs_usb 5-1:0.0: Configuring for 191 interfaces
[  491.993162][    T8] gs_usb 5-1:0.0: Driver cannot handle more that 3 CAN interfaces
[  492.004113][    T8] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22
[  492.817557][   T29] audit: type=1400 audit(1737362636.604:855): avc:  denied  { ioctl } for  pid=10683 comm="syz.4.934" path="pid:[4026532793]" dev="nsfs" ino=4026532793 ioctlcmd=0xb707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  494.717319][   T29] audit: type=1400 audit(1737362636.654:856): avc:  denied  { map } for  pid=10699 comm="syz.2.939" path="socket:[28700]" dev="sockfs" ino=28700 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  494.770506][    T8] usb 5-1: USB disconnect, device number 21
[  495.173869][   T29] audit: type=1400 audit(1737362639.204:857): avc:  denied  { connect } for  pid=10711 comm="syz.2.941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  499.262702][T10745] netlink: 248 bytes leftover after parsing attributes in process `syz.3.948'.
[  499.877276][T10757] FAULT_INJECTION: forcing a failure.
[  499.877276][T10757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  500.184005][T10757] CPU: 1 UID: 0 PID: 10757 Comm: syz.2.950 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  500.194722][T10757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  500.204778][T10757] Call Trace:
[  500.208053][T10757]  <TASK>
[  500.210986][T10757]  dump_stack_lvl+0x16c/0x1f0
[  500.215680][T10757]  should_fail_ex+0x497/0x5b0
[  500.220373][T10757]  _copy_from_user+0x2e/0xd0
[  500.224964][T10757]  memdup_user+0x71/0xd0
[  500.229209][T10757]  snd_ctl_ioctl+0x1e8/0x1310
[  500.233898][T10757]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  500.239023][T10757]  ? __pfx_lock_release+0x10/0x10
[  500.244063][T10757]  ? selinux_file_ioctl+0x180/0x270
[  500.249276][T10757]  ? selinux_file_ioctl+0xb4/0x270
[  500.254394][T10757]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  500.259513][T10757]  __x64_sys_ioctl+0x190/0x200
[  500.264289][T10757]  do_syscall_64+0xcd/0x250
[  500.268802][T10757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  500.274702][T10757] RIP: 0033:0x7f61f2b85d29
[  500.279117][T10757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  500.298727][T10757] RSP: 002b:00007f61f3972038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  500.307143][T10757] RAX: ffffffffffffffda RBX: 00007f61f2d75fa0 RCX: 00007f61f2b85d29
[  500.315117][T10757] RDX: 0000000020000040 RSI: 00000000c4c85513 RDI: 0000000000000003
[  500.323088][T10757] RBP: 00007f61f3972090 R08: 0000000000000000 R09: 0000000000000000
[  500.331061][T10757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  500.339042][T10757] R13: 0000000000000000 R14: 00007f61f2d75fa0 R15: 00007ffc19880618
[  500.347033][T10757]  </TASK>
[  501.390381][ T5906] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  501.427520][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  501.434458][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  501.481143][T10773] xt_recent: hitcount (262144) is larger than allowed maximum (65535)
[  502.629881][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  502.639589][ T5906] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  502.649301][ T5906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  502.659153][ T5906] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  502.668931][ T5906] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  502.915985][T10781] can: request_module (can-proto-4) failed.
[  503.044636][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.203282][ T5906] usb 3-1: config 0 descriptor??
[  503.796299][ T5906] hdpvr 3-1:0.0: firmware version 0x0 dated 
[  503.903566][ T5906] hdpvr 3-1:0.0: untested firmware, the driver might not work.
[  504.013789][T10766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.022562][T10766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.144563][   T29] audit: type=1400 audit(1737362648.174:858): avc:  denied  { ioctl } for  pid=10797 comm="syz.3.960" path="socket:[29094]" dev="sockfs" ino=29094 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  504.253585][T10801] loop6: detected capacity change from 0 to 524287999
[  504.290479][   T29] audit: type=1400 audit(1737362648.294:859): avc:  denied  { map } for  pid=10792 comm="syz.0.958" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  504.739127][   T29] audit: type=1400 audit(1737362648.294:860): avc:  denied  { execute } for  pid=10792 comm="syz.0.958" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  504.860190][ T5867] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  505.164796][    T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  505.190149][ T5867] usb 5-1: Using ep0 maxpacket: 32
[  505.196991][ T5867] usb 5-1: config 0 has an invalid interface number: 150 but max is 0
[  505.205702][ T5867] usb 5-1: config 0 has no interface number 0
[  505.212680][ T5867] usb 5-1: New USB device found, idVendor=17cc, idProduct=baff, bcdDevice=e1.1f
[  505.222064][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.232280][ T5867] usb 5-1: config 0 descriptor??
[  505.412394][    T8] usb 4-1: Using ep0 maxpacket: 16
[  505.479659][    T8] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  505.561273][ T5867] usb 5-1: string descriptor 0 read error: -71
[  505.578655][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.633646][    T8] usb 4-1: Product: syz
[  505.643730][ T5867] snd-usb-caiaq 5-1:0.150: can't set alt interface.
[  505.675375][    T8] usb 4-1: Manufacturer: syz
[  505.690931][ T5867] usb 5-1: unable to init card! (ret=-5)
[  505.704293][    T8] usb 4-1: SerialNumber: syz
[  505.726592][ T5867] snd-usb-caiaq 5-1:0.150: probe with driver snd-usb-caiaq failed with error -5
[  505.774083][    T8] r8152-cfgselector 4-1: Unknown version 0x0000
[  505.798151][    T8] r8152-cfgselector 4-1: config 0 descriptor??
[  505.848927][ T5867] usb 5-1: USB disconnect, device number 22
[  505.952000][ T5906] hdpvr 3-1:0.0: Could not setup controls
[  505.959025][ T5906] hdpvr 3-1:0.0: registering videodev failed
[  505.973664][ T5906] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71
[  506.283113][T10798] syz.3.960 uses obsolete (PF_INET,SOCK_PACKET)
[  506.300317][ T5906] usb 3-1: USB disconnect, device number 23
[  506.500190][   T29] audit: type=1400 audit(1737362650.514:861): avc:  denied  { write } for  pid=10812 comm="syz.2.964" name="/" dev="ocfs2_dlmfs" ino=29901 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  506.503327][T10816] o2cb: This node has not been configured.
[  506.528823][T10816] o2cb: Cluster check failed. Fix errors before retrying.
[  506.536281][T10816] (syz.2.964,10816,0):user_dlm_register:674 ERROR: status = -22
[  506.544447][T10816] (syz.2.964,10816,0):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "bus"
[  506.598179][   T29] audit: type=1400 audit(1737362650.514:862): avc:  denied  { add_name } for  pid=10812 comm="syz.2.964" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  506.618699][    C1] vkms_vblank_simulate: vblank timer overrun
[  506.867861][   T29] audit: type=1400 audit(1737362650.524:863): avc:  denied  { create } for  pid=10812 comm="syz.2.964" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  506.888878][   T29] audit: type=1400 audit(1737362650.534:864): avc:  denied  { associate } for  pid=10812 comm="syz.2.964" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  506.920223][ T5867] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  507.410381][ T5867] usb 5-1: Using ep0 maxpacket: 32
[  507.424932][ T5867] usb 5-1: config 0 interface 0 has no altsetting 0
[  507.443814][ T5867] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  507.453368][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.475073][ T5867] usb 5-1: Product: syz
[  507.506034][ T5867] usb 5-1: Manufacturer: syz
[  507.519002][ T5867] usb 5-1: SerialNumber: syz
[  507.536687][ T5867] usb 5-1: config 0 descriptor??
[  507.542137][  T117] r8152-cfgselector 4-1: USB disconnect, device number 16
[  507.550739][ T5867] gs_usb 5-1:0.0: Required endpoints not found
[  507.755098][T10827] macvlan2: entered promiscuous mode
[  507.773802][T10827] macvlan2: entered allmulticast mode
[  507.774615][T10817] netlink: 4 bytes leftover after parsing attributes in process `syz.4.965'.
[  507.799442][T10817] team_slave_0: entered promiscuous mode
[  507.805451][T10817] team_slave_1: entered promiscuous mode
[  507.811227][T10817] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  507.830314][T10817] macvtap1: entered promiscuous mode
[  507.837863][T10817] team0: entered promiscuous mode
[  507.849117][T10829] FAULT_INJECTION: forcing a failure.
[  507.849117][T10829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  507.857105][T10817] macvtap1: entered allmulticast mode
[  507.868838][T10829] CPU: 1 UID: 0 PID: 10829 Comm: syz.0.969 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  507.879519][T10829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  507.889579][T10829] Call Trace:
[  507.892859][T10829]  <TASK>
[  507.895801][T10829]  dump_stack_lvl+0x16c/0x1f0
[  507.900500][T10829]  should_fail_ex+0x497/0x5b0
[  507.901790][T10817] team0: entered allmulticast mode
[  507.905181][T10829]  _copy_from_user+0x2e/0xd0
[  507.905206][T10829]  __sys_bpf+0x21c/0x49c0
[  507.919182][T10829]  ? __pfx_lock_release+0x10/0x10
[  507.924224][T10829]  ? __pfx___sys_bpf+0x10/0x10
[  507.929006][T10829]  ? vfs_write+0x306/0x1150
[  507.933519][T10829]  ? __mutex_unlock_slowpath+0x164/0x690
[  507.939178][T10829]  ? fput+0x67/0x440
[  507.943087][T10829]  ? ksys_write+0x1ba/0x250
[  507.943670][T10817] team_slave_0: entered allmulticast mode
[  507.947590][T10829]  ? __pfx_ksys_write+0x10/0x10
[  507.947622][T10829]  __x64_sys_bpf+0x78/0xc0
[  507.962574][T10829]  ? lockdep_hardirqs_on+0x7c/0x110
[  507.967786][T10829]  do_syscall_64+0xcd/0x250
[  507.972303][T10829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.973114][T10817] team_slave_1: entered allmulticast mode
[  507.978192][T10829] RIP: 0033:0x7f761ed85d29
[  507.978211][T10829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.978231][T10829] RSP: 002b:00007f761fc63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  508.003597][T10817] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  508.007897][T10829] RAX: ffffffffffffffda RBX: 00007f761ef75fa0 RCX: 00007f761ed85d29
[  508.007914][T10829] RDX: 0000000000000050 RSI: 0000000020000180 RDI: 000000000000000a
[  508.007928][T10829] RBP: 00007f761fc63090 R08: 0000000000000000 R09: 0000000000000000
[  508.007942][T10829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  508.036156][T10817] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  508.039555][T10829] R13: 0000000000000000 R14: 00007f761ef75fa0 R15: 00007ffdb7fa9058
[  508.039586][T10829]  </TASK>
[  508.039693][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.079490][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.175675][  T117] usb 5-1: USB disconnect, device number 23
[  508.260141][   T29] audit: type=1400 audit(1737362652.284:865): avc:  denied  { getopt } for  pid=10838 comm="syz.2.974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  508.318564][   T29] audit: type=1400 audit(1737362652.294:866): avc:  denied  { link } for  pid=10836 comm="syz.3.973" name="#11" dev="tmpfs" ino=984 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  508.341743][   T29] audit: type=1400 audit(1737362652.294:867): avc:  denied  { rename } for  pid=10836 comm="syz.3.973" name="#12" dev="tmpfs" ino=984 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  508.515056][T10842] netlink: 248 bytes leftover after parsing attributes in process `syz.1.972'.
[  509.136878][T10858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.976'.
[  509.225068][T10858] netlink: 'syz.0.976': attribute type 12 has an invalid length.
[  510.881774][   T29] audit: type=1400 audit(1737362654.904:868): avc:  denied  { map } for  pid=10865 comm="syz.0.980" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  510.904628][    C1] vkms_vblank_simulate: vblank timer overrun
[  512.118947][   T29] audit: type=1400 audit(1737362656.144:869): avc:  denied  { getopt } for  pid=10874 comm="syz.1.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  512.211294][  T117] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  512.219943][    T8] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  512.390185][    T8] usb 4-1: Using ep0 maxpacket: 16
[  512.397789][    T8] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  512.410159][  T117] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  512.427671][    T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  512.437879][  T117] usb 5-1: can't read configurations, error -22
[  512.448540][    T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  512.459849][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.986'.
[  512.470256][    T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  512.479837][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.488138][    T8] usb 4-1: Product: syz
[  512.493815][   T29] audit: type=1400 audit(1737362656.514:870): avc:  denied  { mount } for  pid=10888 comm="syz.2.986" name="/" dev="rpc_pipefs" ino=29378 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  512.524892][    T8] usb 4-1: Manufacturer: syz
[  512.542139][    T8] usb 4-1: SerialNumber: syz
[  512.580199][  T117] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  512.742148][  T117] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  512.750344][  T117] usb 5-1: can't read configurations, error -22
[  512.769642][  T117] usb usb5-port1: attempt power cycle
[  512.780633][T10880] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22
[  513.006368][    T8] usb 4-1: 0:2 : does not exist
[  513.020227][T10892] sctp: [Deprecated]: syz.1.987 (pid 10892) Use of struct sctp_assoc_value in delayed_ack socket option.
[  513.020227][T10892] Use struct sctp_sack_info instead
[  513.161492][   T29] audit: type=1400 audit(1737362657.184:871): avc:  denied  { bind } for  pid=10891 comm="syz.1.987" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  513.796210][  T117] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  513.832042][  T117] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  513.847321][  T117] usb 5-1: can't read configurations, error -22
[  513.914258][   T29] audit: type=1400 audit(1737362657.944:872): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  514.000366][  T117] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  514.518503][T10909] netlink: 7084 bytes leftover after parsing attributes in process `syz.0.990'.
[  514.522351][  T117] usb 5-1: device not accepting address 27, error -71
[  514.545159][  T117] usb usb5-port1: unable to enumerate USB device
[  514.684619][T10910] netlink: 248 bytes leftover after parsing attributes in process `syz.2.989'.
[  514.978895][    T8] usb 4-1: 1:0: failed to get current value for ch 0 (-22)
[  515.037733][    T8] usb 4-1: USB disconnect, device number 17
[  515.164002][T10918] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.992'.
[  515.173291][T10918] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  516.652111][T10925] netlink: 'syz.2.994': attribute type 16 has an invalid length.
[  516.660003][T10925] netlink: 'syz.2.994': attribute type 3 has an invalid length.
[  516.667804][T10925] netlink: 'syz.2.994': attribute type 1 has an invalid length.
[  516.675645][T10925] netlink: 'syz.2.994': attribute type 2 has an invalid length.
[  516.683534][T10925] netlink: 64022 bytes leftover after parsing attributes in process `syz.2.994'.
[  517.100065][   T29] audit: type=1400 audit(1737362661.114:873): avc:  denied  { connect } for  pid=10932 comm="syz.1.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  517.149741][   T29] audit: type=1400 audit(1737362661.114:874): avc:  denied  { write } for  pid=10932 comm="syz.1.997" laddr=fe80::11 lport=1 faddr=ff02::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  518.099329][  T117] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  518.261036][  T117] usb 4-1: Using ep0 maxpacket: 16
[  518.285133][  T117] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  518.305825][  T117] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  518.329358][  T117] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  518.601187][  T117] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  518.643841][  T117] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.659441][  T117] usb 4-1: config 0 descriptor??
[  518.938706][T10958] netlink: 7084 bytes leftover after parsing attributes in process `syz.2.1002'.
[  519.409323][  T117] HID 045e:07da: Invalid code 65791 type 1
[  519.651028][  T117] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0005/input/input11
[  519.730855][  T117] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  519.853672][T10962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.885930][T10931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.906051][T10962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  520.043575][T10931] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.365771][T10983] syz.2.1012 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  522.790218][   T29] audit: type=1400 audit(1737362666.814:875): avc:  denied  { write } for  pid=10979 comm="syz.1.1011" path="socket:[29631]" dev="sockfs" ino=29631 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  523.160176][   T29] audit: type=1400 audit(1737362666.814:876): avc:  denied  { nlmsg_read } for  pid=10979 comm="syz.1.1011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  523.336748][T10990] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1015'.
[  523.422539][T10990] netlink: 'syz.4.1015': attribute type 12 has an invalid length.
[  523.925213][ T5916] usb 4-1: USB disconnect, device number 18
[  525.529868][T11001] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1017'.
[  526.826591][T11025] FAULT_INJECTION: forcing a failure.
[  526.826591][T11025] name failslab, interval 1, probability 0, space 0, times 0
[  526.878881][   T29] audit: type=1400 audit(1737362670.904:877): avc:  denied  { mount } for  pid=11009 comm="syz.1.1021" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  527.184284][T11025] CPU: 1 UID: 0 PID: 11025 Comm: syz.4.1024 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  527.195087][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  527.205152][T11025] Call Trace:
[  527.208431][T11025]  <TASK>
[  527.211361][T11025]  dump_stack_lvl+0x16c/0x1f0
[  527.216049][T11025]  should_fail_ex+0x497/0x5b0
[  527.220738][T11025]  should_failslab+0xc2/0x120
[  527.225422][T11025]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  527.230802][T11025]  ? skb_clone+0x190/0x3f0
[  527.235232][T11025]  skb_clone+0x190/0x3f0
[  527.239492][T11025]  netlink_deliver_tap+0xabd/0xd30
[  527.244620][T11025]  netlink_unicast+0x5e1/0x7f0
[  527.249410][T11025]  ? __pfx_netlink_unicast+0x10/0x10
[  527.254723][T11025]  netlink_sendmsg+0x8b8/0xd70
[  527.259505][T11025]  ? __pfx_netlink_sendmsg+0x10/0x10
[  527.264812][T11025]  ____sys_sendmsg+0xaaf/0xc90
[  527.269588][T11025]  ? copy_msghdr_from_user+0x10b/0x160
[  527.275051][T11025]  ? __pfx_____sys_sendmsg+0x10/0x10
[  527.280360][T11025]  ___sys_sendmsg+0x135/0x1e0
[  527.285042][T11025]  ? __pfx____sys_sendmsg+0x10/0x10
[  527.290256][T11025]  ? __pfx_lock_release+0x10/0x10
[  527.295292][T11025]  ? trace_lock_acquire+0x14e/0x1f0
[  527.300521][T11025]  ? __fget_files+0x206/0x3a0
[  527.305205][T11025]  __sys_sendmsg+0x16e/0x220
[  527.309777][T11025]  ? __pfx___sys_sendmsg+0x10/0x10
[  527.314875][T11025]  do_syscall_64+0xcd/0x250
[  527.319363][T11025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.325239][T11025] RIP: 0033:0x7f80cb585d29
[  527.329631][T11025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  527.349231][T11025] RSP: 002b:00007f80c93f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  527.357627][T11025] RAX: ffffffffffffffda RBX: 00007f80cb775fa0 RCX: 00007f80cb585d29
[  527.365577][T11025] RDX: 0000000000000000 RSI: 0000000020000900 RDI: 0000000000000003
[  527.373531][T11025] RBP: 00007f80c93f6090 R08: 0000000000000000 R09: 0000000000000000
[  527.381483][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  527.389445][T11025] R13: 0000000000000000 R14: 00007f80cb775fa0 R15: 00007ffe4decf698
[  527.397405][T11025]  </TASK>
[  527.400422][    C1] vkms_vblank_simulate: vblank timer overrun
[  528.008455][T11029] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  528.798795][T11039] fuse: Bad value for 'fd'
[  528.830737][   T29] audit: type=1400 audit(1737362672.854:878): avc:  denied  { connect } for  pid=11040 comm="syz.0.1028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  528.927482][T11048] siw: device registration error -23
[  528.936679][T11048] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.1026'.
[  528.946041][T11048] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  529.202768][   T29] audit: type=1400 audit(1737362673.014:879): avc:  denied  { bind } for  pid=11042 comm="syz.2.1029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  529.221977][    C1] vkms_vblank_simulate: vblank timer overrun
[  529.588501][   T29] audit: type=1326 audit(1737362673.204:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11040 comm="syz.0.1028" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f761ed85d29 code=0x0
[  530.070158][   T29] audit: type=1400 audit(1737362673.384:881): avc:  denied  { ioctl } for  pid=11042 comm="syz.2.1029" path="socket:[30253]" dev="sockfs" ino=30253 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  530.190670][T11055] netlink: 'syz.4.1030': attribute type 4 has an invalid length.
[  530.199114][T11055] FAULT_INJECTION: forcing a failure.
[  530.199114][T11055] name failslab, interval 1, probability 0, space 0, times 0
[  530.211922][T11055] CPU: 0 UID: 0 PID: 11055 Comm: syz.4.1030 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  530.222661][T11055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  530.232692][T11055] Call Trace:
[  530.235948][T11055]  <TASK>
[  530.238859][T11055]  dump_stack_lvl+0x16c/0x1f0
[  530.243530][T11055]  should_fail_ex+0x497/0x5b0
[  530.248193][T11055]  ? rcu_is_watching+0x12/0xc0
[  530.252945][T11055]  should_failslab+0xc2/0x120
[  530.257606][T11055]  __kmalloc_cache_noprof+0x68/0x410
[  530.262886][T11055]  ? lock_acquire+0x2f/0xb0
[  530.267368][T11055]  ? psample_group_get+0x23/0x2e0
[  530.272380][T11055]  psample_group_get+0x15f/0x2e0
[  530.277301][T11055]  tcf_sample_init+0x36b/0x940
[  530.282049][T11055]  ? __pfx_tcf_sample_init+0x10/0x10
[  530.287328][T11055]  ? __pfx___nla_validate_parse+0x10/0x10
[  530.293038][T11055]  ? __nla_parse+0x40/0x60
[  530.297436][T11055]  tcf_action_init_1+0x45f/0x6c0
[  530.302355][T11055]  ? tc_lookup_action_n+0xc9/0xf0
[  530.307364][T11055]  ? __pfx_tcf_action_init_1+0x10/0x10
[  530.312807][T11055]  ? __pfx_tc_action_load_ops+0x10/0x10
[  530.318337][T11055]  ? __nla_parse+0x40/0x60
[  530.322738][T11055]  tcf_action_init+0x42e/0x9c0
[  530.327490][T11055]  ? __pfx_tcf_action_init+0x10/0x10
[  530.332759][T11055]  ? lock_acquire.part.0+0x11b/0x380
[  530.338040][T11055]  ? is_bpf_text_address+0x94/0x1a0
[  530.343230][T11055]  ? hlock_class+0x4e/0x130
[  530.347754][T11055]  ? __pfx___lock_acquire+0x10/0x10
[  530.352938][T11055]  ? hlock_class+0x4e/0x130
[  530.357428][T11055]  ? __lock_acquire+0xcc5/0x3c40
[  530.362350][T11055]  tcf_action_add+0xfd/0x5d0
[  530.366934][T11055]  ? __pfx_tcf_action_add+0x10/0x10
[  530.372115][T11055]  ? __pfx_lock_release+0x10/0x10
[  530.377154][T11055]  ? trace_lock_acquire+0x14e/0x1f0
[  530.382372][T11055]  ? __nla_parse+0x40/0x60
[  530.386771][T11055]  tc_ctl_action+0x35d/0x470
[  530.391354][T11055]  ? __pfx_tc_ctl_action+0x10/0x10
[  530.396453][T11055]  ? __pfx_tc_ctl_action+0x10/0x10
[  530.401546][T11055]  rtnetlink_rcv_msg+0x3c7/0xea0
[  530.406471][T11055]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  530.411923][T11055]  netlink_rcv_skb+0x16b/0x440
[  530.416672][T11055]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  530.422121][T11055]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  530.427401][T11055]  ? netlink_deliver_tap+0x1ae/0xd30
[  530.432674][T11055]  netlink_unicast+0x53c/0x7f0
[  530.437424][T11055]  ? __pfx_netlink_unicast+0x10/0x10
[  530.442701][T11055]  netlink_sendmsg+0x8b8/0xd70
[  530.447456][T11055]  ? __pfx_netlink_sendmsg+0x10/0x10
[  530.452736][T11055]  ____sys_sendmsg+0xaaf/0xc90
[  530.457485][T11055]  ? copy_msghdr_from_user+0x10b/0x160
[  530.462923][T11055]  ? __pfx_____sys_sendmsg+0x10/0x10
[  530.468203][T11055]  ___sys_sendmsg+0x135/0x1e0
[  530.472882][T11055]  ? __pfx____sys_sendmsg+0x10/0x10
[  530.478065][T11055]  ? __pfx_lock_release+0x10/0x10
[  530.483073][T11055]  ? trace_lock_acquire+0x14e/0x1f0
[  530.488264][T11055]  ? __fget_files+0x206/0x3a0
[  530.492926][T11055]  __sys_sendmsg+0x16e/0x220
[  530.497529][T11055]  ? __pfx___sys_sendmsg+0x10/0x10
[  530.502717][T11055]  do_syscall_64+0xcd/0x250
[  530.507215][T11055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  530.513099][T11055] RIP: 0033:0x7f80cb585d29
[  530.517492][T11055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  530.537082][T11055] RSP: 002b:00007f80c93f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  530.545481][T11055] RAX: ffffffffffffffda RBX: 00007f80cb775fa0 RCX: 00007f80cb585d29
[  530.553450][T11055] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  530.561418][T11055] RBP: 00007f80c93f6090 R08: 0000000000000000 R09: 0000000000000000
[  530.569369][T11055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  530.577318][T11055] R13: 0000000000000000 R14: 00007f80cb775fa0 R15: 00007ffe4decf698
[  530.585276][T11055]  </TASK>
[  531.685193][T11073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1034'.
[  531.894644][   T29] audit: type=1400 audit(1737362675.924:882): avc:  denied  { getopt } for  pid=11070 comm="syz.4.1034" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  531.911084][T11076] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1036'.
[  532.042114][T11081] netlink: 'syz.3.1037': attribute type 10 has an invalid length.
[  532.050103][T11081] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1037'.
[  532.059801][T11081] ipvlan1: entered promiscuous mode
[  532.065114][T11081] ipvlan1: entered allmulticast mode
[  532.070529][T11081] veth0_vlan: entered allmulticast mode
[  532.084266][T11081] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  532.381400][T11081] syz.3.1037 (11081) used greatest stack depth: 21008 bytes left
[  533.302331][T11089] fuse: Bad value for 'fd'
[  533.638592][   T35] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  533.698051][T11093] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  533.992847][   T35] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.221800][   T35] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.378423][   T35] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  534.790332][ T5908] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  535.181692][   T35] bridge_slave_1: left allmulticast mode
[  535.195973][   T35] bridge_slave_1: left promiscuous mode
[  535.207834][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.271536][   T35] bridge_slave_0: left allmulticast mode
[  535.298840][   T35] bridge_slave_0: left promiscuous mode
[  535.319773][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.340097][ T5908] usb 4-1: Using ep0 maxpacket: 32
[  535.358604][ T5908] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  535.383682][ T5908] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  535.414406][ T5908] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  535.490050][T11104] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1046'.
[  535.542387][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  535.798351][ T5908] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  535.824320][ T5908] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  535.845188][ T5908] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  535.854636][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  535.868975][ T5908] usb 4-1: config 0 descriptor??
[  535.902893][ T5830] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  535.912382][ T5830] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  535.920736][ T5830] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  535.929285][ T5830] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  535.947424][ T5830] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  535.954859][ T5830] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  535.967374][   T29] audit: type=1400 audit(1737362679.994:883): avc:  denied  { mounton } for  pid=11106 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  536.077567][ T5908] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  536.289958][ T5865] usb 4-1: USB disconnect, device number 19
[  536.298642][ T5865] usblp0: removed
[  536.934249][   T29] audit: type=1400 audit(1737362680.964:884): avc:  denied  { write } for  pid=11116 comm="syz.3.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  537.441801][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  537.457706][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  537.475233][   T35] bond0 (unregistering): Released all slaves
[  537.663749][   T35] bond1 (unregistering): Released all slaves
[  537.673221][   T29] audit: type=1400 audit(1737362681.704:885): avc:  denied  { write } for  pid=11119 comm="syz.3.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  537.751568][   T35] Tq€: left promiscuous mode
[  538.071470][ T5830] Bluetooth: hci1: command tx timeout
[  538.206844][T11131] FAULT_INJECTION: forcing a failure.
[  538.206844][T11131] name failslab, interval 1, probability 0, space 0, times 0
[  538.429889][T11131] CPU: 1 UID: 0 PID: 11131 Comm: syz.2.1051 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  538.440684][T11131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  538.450724][T11131] Call Trace:
[  538.453983][T11131]  <TASK>
[  538.456896][T11131]  dump_stack_lvl+0x16c/0x1f0
[  538.461579][T11131]  should_fail_ex+0x497/0x5b0
[  538.466263][T11131]  ? fs_reclaim_acquire+0xae/0x150
[  538.471364][T11131]  should_failslab+0xc2/0x120
[  538.476031][T11131]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  538.481387][T11131]  ? getname_kernel+0x52/0x370
[  538.486139][T11131]  getname_kernel+0x52/0x370
[  538.490716][T11131]  kern_path+0x1d/0x50
[  538.494766][T11131]  lookup_bdev+0xd9/0x280
[  538.499085][T11131]  ? __pfx_lookup_bdev+0x10/0x10
[  538.504019][T11131]  ? __asan_memcpy+0x3c/0x60
[  538.508608][T11131]  resume_store+0x1d8/0x460
[  538.513097][T11131]  ? __pfx_resume_store+0x10/0x10
[  538.518109][T11131]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  538.523728][T11131]  ? rcu_is_watching+0x12/0xc0
[  538.528481][T11131]  ? __pfx_resume_store+0x10/0x10
[  538.533502][T11131]  kobj_attr_store+0x55/0x80
[  538.538112][T11131]  ? __pfx_kobj_attr_store+0x10/0x10
[  538.543383][T11131]  sysfs_kf_write+0x117/0x170
[  538.548046][T11131]  kernfs_fop_write_iter+0x33d/0x500
[  538.553315][T11131]  ? __pfx_sysfs_kf_write+0x10/0x10
[  538.558509][T11131]  vfs_write+0x5ae/0x1150
[  538.562843][T11131]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  538.568639][T11131]  ? __pfx___mutex_lock+0x10/0x10
[  538.573654][T11131]  ? __pfx_vfs_write+0x10/0x10
[  538.578433][T11131]  ksys_write+0x12b/0x250
[  538.582758][T11131]  ? __pfx_ksys_write+0x10/0x10
[  538.587611][T11131]  do_syscall_64+0xcd/0x250
[  538.592107][T11131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  538.597988][T11131] RIP: 0033:0x7f61f2b85d29
[  538.602385][T11131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  538.621995][T11131] RSP: 002b:00007f61f3930038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  538.630394][T11131] RAX: ffffffffffffffda RBX: 00007f61f2d76160 RCX: 00007f61f2b85d29
[  538.638351][T11131] RDX: 0000000000000012 RSI: 0000000020000040 RDI: 0000000000000005
[  538.646305][T11131] RBP: 00007f61f3930090 R08: 0000000000000000 R09: 0000000000000000
[  538.654271][T11131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  538.662232][T11131] R13: 0000000000000000 R14: 00007f61f2d76160 R15: 00007ffc19880618
[  538.670194][T11131]  </TASK>
[  538.730941][   T29] audit: type=1400 audit(1737362682.734:886): avc:  denied  { shutdown } for  pid=11129 comm="syz.0.1053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  539.400205][ T5863] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  539.460458][   T35] hsr_slave_0: left promiscuous mode
[  539.483066][   T35] hsr_slave_1: left promiscuous mode
[  539.670484][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  539.686221][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  539.701556][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  539.741504][ T5863] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  540.130329][ T5830] Bluetooth: hci1: command tx timeout
[  540.331606][ T5863] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  540.350261][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  540.360442][ T5863] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  540.369457][ T5863] usb 4-1: config 1 has no interface number 1
[  540.375748][ T5863] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  540.389702][ T5863] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  540.423804][ T5863] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  540.484156][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.497138][   T35] veth1_macvtap: left promiscuous mode
[  540.528515][ T5863] usb 4-1: Product: syz
[  540.533250][   T35] veth0_macvtap: left promiscuous mode
[  540.550098][ T5863] usb 4-1: Manufacturer: syz
[  540.554715][ T5863] usb 4-1: SerialNumber: syz
[  540.560441][   T35] veth1_vlan: left promiscuous mode
[  540.565981][   T35] veth0_vlan: left promiscuous mode
[  540.751094][   T29] audit: type=1400 audit(1737362684.774:887): avc:  denied  { write } for  pid=11146 comm="syz.4.1057" name="sg0" dev="devtmpfs" ino=722 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  541.021372][T11153] overlayfs: failed to resolve './file1': -2
[  541.771632][ T5863] usb 4-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  541.779092][ T5863] usb 4-1: MIDIStreaming interface descriptor not found
[  541.796190][ T5865] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  541.821938][ T5863] usb 4-1: USB disconnect, device number 20
[  541.962393][ T5865] usb 3-1: Using ep0 maxpacket: 32
[  541.977474][   T35] team0 (unregistering): Port device team_slave_1 removed
[  541.985425][ T5865] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  542.002959][ T5865] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  542.012177][ T5865] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  542.022510][ T5865] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  542.033083][ T5865] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  542.042998][ T5865] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  542.056346][ T5865] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  542.065860][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.076259][ T5865] usb 3-1: config 0 descriptor??
[  542.083564][   T35] team0 (unregistering): Port device team_slave_0 removed
[  542.210136][ T5830] Bluetooth: hci1: command tx timeout
[  542.315353][ T5865] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 24 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  542.872505][T11153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.892881][T11153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.918843][T11153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.930410][T11153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  543.003310][ T5908] infiniband syz0: ib_query_port failed (-19)
[  543.030521][T11153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  543.039037][T11153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  543.098336][ T5865] usb 3-1: USB disconnect, device number 24
[  543.112777][T11106] chnl_net:caif_netlink_parms(): no params data found
[  543.118904][ T5865] usblp0: removed
[  543.244625][T11165] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1061'.
[  543.670820][T11106] bridge0: port 1(bridge_slave_0) entered blocking state
[  543.706445][T11106] bridge0: port 1(bridge_slave_0) entered disabled state
[  543.713976][T11106] bridge_slave_0: entered allmulticast mode
[  543.721188][T11106] bridge_slave_0: entered promiscuous mode
[  543.730468][T11106] bridge0: port 2(bridge_slave_1) entered blocking state
[  543.740066][T11106] bridge0: port 2(bridge_slave_1) entered disabled state
[  543.747966][T11106] bridge_slave_1: entered allmulticast mode
[  543.756713][T11106] bridge_slave_1: entered promiscuous mode
[  543.820879][T11106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  543.852638][T11106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  543.862690][   T29] audit: type=1400 audit(1737362687.884:888): avc:  denied  { connect } for  pid=11173 comm="syz.3.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  544.076887][T11106] team0: Port device team_slave_0 added
[  544.086364][T11106] team0: Port device team_slave_1 added
[  544.103929][   T29] audit: type=1400 audit(1737362688.134:889): avc:  denied  { nlmsg_write } for  pid=11178 comm="syz.2.1064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  544.188378][T11106] batman_adv: batadv0: Adding interface: batadv_slave_0
[  544.203198][T11106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.254323][T11106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  544.350173][ T5830] Bluetooth: hci1: command tx timeout
[  544.370205][    T8] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  544.390208][T11106] batman_adv: batadv0: Adding interface: batadv_slave_1
[  544.397202][T11106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  544.986106][T11106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  545.054493][    T8] usb 3-1: device descriptor read/64, error -71
[  545.070241][T11106] hsr_slave_0: entered promiscuous mode
[  545.077176][T11106] hsr_slave_1: entered promiscuous mode
[  545.162986][T11106] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  545.195977][T11106] Cannot create hsr debugfs directory
[  545.334141][    T8] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  545.404684][T11187] netlink: 'syz.4.1067': attribute type 16 has an invalid length.
[  545.412616][T11187] netlink: 'syz.4.1067': attribute type 3 has an invalid length.
[  545.420387][T11187] netlink: 'syz.4.1067': attribute type 1 has an invalid length.
[  545.428101][T11187] netlink: 'syz.4.1067': attribute type 2 has an invalid length.
[  545.435821][T11187] netlink: 64022 bytes leftover after parsing attributes in process `syz.4.1067'.
[  545.510255][    T8] usb 3-1: device descriptor read/64, error -71
[  545.553879][T11106] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  545.630376][    T8] usb usb3-port1: attempt power cycle
[  545.686091][T11106] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  545.702267][T11106] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  545.722618][T11106] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  546.403396][T11196] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1070'.
[  546.508311][T11106] 8021q: adding VLAN 0 to HW filter on device bond0
[  546.527494][T11106] 8021q: adding VLAN 0 to HW filter on device team0
[  546.571946][T11202] openvswitch: netlink: Flow actions attr not present in new flow.
[  546.608850][ T5881] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.616048][ T5881] bridge0: port 1(bridge_slave_0) entered forwarding state
[  546.625829][ T5881] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.632954][ T5881] bridge0: port 2(bridge_slave_1) entered forwarding state
[  546.649026][    T8] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  546.698616][    T8] usb 3-1: device descriptor read/8, error -71
[  547.745837][T11212] sctp: [Deprecated]: syz.3.1073 (pid 11212) Use of struct sctp_assoc_value in delayed_ack socket option.
[  547.745837][T11212] Use struct sctp_sack_info instead
[  548.495692][T11218] xt_TPROXY: Can be used only with -p tcp or -p udp
[  548.729461][T11229] ubi0: attaching mtd0
[  548.744603][T11229] ubi0: scanning is finished
[  548.749308][T11229] ubi0: empty MTD device detected
[  549.253937][T11106] 8021q: adding VLAN 0 to HW filter on device batadv0
[  549.340664][T11229] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  549.620279][T11245] random: crng reseeded on system resumption
[  549.990260][    T8] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  550.104970][T11106] veth0_vlan: entered promiscuous mode
[  550.128704][T11106] veth1_vlan: entered promiscuous mode
[  550.760512][    T8] usb 3-1: device descriptor read/all, error -71
[  550.798309][T11106] veth0_macvtap: entered promiscuous mode
[  550.831807][T11106] veth1_macvtap: entered promiscuous mode
[  550.891752][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.916681][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  550.933802][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  550.970106][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.010057][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  551.061314][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.098204][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  551.130596][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.168015][T11106] batman_adv: batadv0: Interface activated: batadv_slave_0
[  551.246577][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  551.271731][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.340637][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  551.545028][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.597651][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  551.626894][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.674428][T11106] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  551.704161][T11106] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  551.737988][T11106] batman_adv: batadv0: Interface activated: batadv_slave_1
[  551.776818][T11106] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  551.829350][T11106] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  551.839464][T11106] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  551.854103][T11106] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  552.094090][T11276] netlink: 'syz.0.1084': attribute type 2 has an invalid length.
[  552.930515][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  552.958367][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  552.999623][T11284] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1087'.
[  553.086780][ T5881] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.175169][T11286] random: crng reseeded on system resumption
[  553.424631][ T5881] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.508330][   T29] audit: type=1400 audit(1737362697.524:890): avc:  denied  { mounton } for  pid=11106 comm="syz-executor" path="/root/syzkaller.7D8MDO/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  555.200444][T11293] random: crng reseeded on system resumption
[  555.892473][   T29] audit: type=1400 audit(1737362697.574:891): avc:  denied  { mount } for  pid=11106 comm="syz-executor" name="/" dev="gadgetfs" ino=7223 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  555.972216][   T29] audit: type=1400 audit(1737362697.584:892): avc:  denied  { mounton } for  pid=11106 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  556.048653][T11291] netlink: 'syz.5.1044': attribute type 16 has an invalid length.
[  556.057019][T11291] netlink: 'syz.5.1044': attribute type 3 has an invalid length.
[  556.064785][T11291] netlink: 'syz.5.1044': attribute type 1 has an invalid length.
[  556.072506][T11291] netlink: 'syz.5.1044': attribute type 2 has an invalid length.
[  556.080235][T11291] netlink: 64022 bytes leftover after parsing attributes in process `syz.5.1044'.
[  557.491674][T11311] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1096'.
[  557.984792][T11311] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1096'.
[  558.011288][T11313] process 'syz.3.1096' launched '/dev/fd/12' with NULL argv: empty string added
[  558.041831][   T29] audit: type=1400 audit(1737362702.074:893): avc:  denied  { execute_no_trans } for  pid=11307 comm="syz.3.1096" path=2F6D656D66643A202864656C6574656429 dev="hugetlbfs" ino=32178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  559.412738][T11324] xt_TPROXY: Can be used only with -p tcp or -p udp
[  561.053237][T11350] netlink: 'syz.3.1098': attribute type 6 has an invalid length.
[  561.349417][T11351] random: crng reseeded on system resumption
[  561.537342][  T117] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  561.890277][ T5906] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  562.094687][ T5906] usb 4-1: not running at top speed; connect to a high speed hub
[  562.177154][ T5906] usb 4-1: config 3 has an invalid interface number: 211 but max is 0
[  562.226652][ T5906] usb 4-1: config 3 has 2 interfaces, different from the descriptor's value: 1
[  562.385704][ T5906] usb 4-1: config 3 has no interface number 1
[  562.470434][ T5906] usb 4-1: config 3 interface 0 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  562.487982][ T5906] usb 4-1: config 3 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  562.503940][ T5906] usb 4-1: too many endpoints for config 3 interface 211 altsetting 115: 119, using maximum allowed: 30
[  562.620536][ T5906] usb 4-1: config 3 interface 211 altsetting 115 has an invalid descriptor for endpoint zero, skipping
[  562.691336][ T5906] usb 4-1: config 3 interface 211 altsetting 115 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  562.721397][ T5906] usb 4-1: config 3 interface 211 altsetting 115 has 3 endpoint descriptors, different from the interface descriptor's value: 119
[  562.759176][ T5906] usb 4-1: config 3 interface 0 has no altsetting 0
[  562.774702][ T5906] usb 4-1: config 3 interface 211 has no altsetting 0
[  562.795145][ T5906] usb 4-1: New USB device found, idVendor=1199, idProduct=9015, bcdDevice=53.2a
[  562.805759][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.840340][ T5906] usb 4-1: Product: Ж
[  562.844454][ T5906] usb 4-1: Manufacturer: �ㄆ梱꘱ꈊਛᢽ颻ᗹﳢ逖
[  562.862093][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  562.864644][ T5906] usb 4-1: SerialNumber: 쿳酒놕먃凈蠷뭟��묚夲天䄉脆桰�쌬�籦郣攷�엦
[  562.868374][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  562.983249][   T29] audit: type=1400 audit(1737362707.014:894): avc:  denied  { write } for  pid=11355 comm="syz.2.1103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  563.111486][T11373] xt_ecn: cannot match TCP bits for non-tcp packets
[  563.151125][   T29] audit: type=1400 audit(1737362707.174:895): avc:  denied  { append } for  pid=11348 comm="syz.3.1098" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  563.178056][ T5906] usb 4-1: USB disconnect, device number 21
[  563.302132][T11374] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  564.880399][T11387] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  564.902631][T11387] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.1111'.
[  564.911912][T11387] openvswitch: netlink: Missing key (keys=40, expected=10000000)
[  566.142631][T11398] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[  566.151978][T11398] overlayfs: missing 'lowerdir'
[  566.292209][   T29] audit: type=1400 audit(1737362710.234:896): avc:  denied  { write } for  pid=11395 comm="syz.3.1115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  566.505688][T11408] xt_TPROXY: Can be used only with -p tcp or -p udp
[  566.760284][ T5908] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  566.924954][ T5908] usb 3-1: config 0 has an invalid interface number: 56 but max is 0
[  567.030173][ T5908] usb 3-1: config 0 has no interface number 0
[  567.051353][ T5908] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  567.065480][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.075643][ T5908] usb 3-1: Product: syz
[  567.079892][ T5908] usb 3-1: Manufacturer: syz
[  567.098075][ T5908] usb 3-1: SerialNumber: syz
[  567.220743][T11423] BUG: Bad page state in process syz.0.1119  pfn:34259
[  567.224045][   T29] audit: type=1400 audit(1737362711.244:897): avc:  denied  { create } for  pid=11412 comm="syz.3.1117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  567.227961][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888034259f00 pfn:0x34259
[  567.258341][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.265527][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.274209][T11423] raw: ffff888034259f00 0000000000000001 00000000ffffffff 0000000000000000
[  567.282829][T11423] page dumped because: page_pool leak
[  567.288206][T11423] page_owner tracks the page as allocated
[  567.294142][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220656420, free_ts 566793250919
[  567.311373][T11423]  post_alloc_hook+0x2d1/0x350
[  567.316153][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.323615][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.323647][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.323671][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.323695][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.323715][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.323732][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.323752][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.323769][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.323791][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.323817][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.323840][T11423]  __netif_receive_skb+0x1d/0x160
[  567.323863][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.323884][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.323907][T11423]  tun_get_user+0x2a22/0x3e50
[  567.323930][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.323943][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.323963][T11423]  folios_put_refs+0x587/0x7b0
[  567.323983][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.324003][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.324025][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.324044][T11423]  exit_mmap+0x3df/0xb20
[  567.324061][T11423]  __mmput+0x12a/0x4c0
[  567.324081][T11423]  mmput+0x62/0x70
[  567.324099][T11423]  do_exit+0x9ba/0x2d70
[  567.324123][T11423]  do_group_exit+0xd3/0x2a0
[  567.324146][T11423]  get_signal+0x24ed/0x26c0
[  567.324168][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.324193][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.324217][T11423]  do_syscall_64+0xda/0x250
[  567.324241][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.324269][T11423] Modules linked in:
[  567.324284][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.324306][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.324319][T11423] Call Trace:
[  567.324326][T11423]  <TASK>
[  567.324343][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.324369][T11423]  bad_page+0xb3/0x1f0
[  567.324395][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.324419][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.324444][T11423]  free_unref_page+0x72f/0x1080
[  567.324471][T11423]  page_frag_free+0x255/0x2a0
[  567.324495][T11423]  __xdp_return+0x217/0xa90
[  567.324518][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.324552][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.324569][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.324607][T11423]  do_xdp_generic+0x70a/0xe70
[  567.324635][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.324663][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.324684][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.324712][T11423]  ? mark_lock+0xb5/0xc60
[  567.324736][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.324771][T11423]  ? hlock_class+0x4e/0x130
[  567.324797][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.324821][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.324849][T11423]  ? hlock_class+0x4e/0x130
[  567.324875][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.324906][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.324931][T11423]  ? find_held_lock+0x2d/0x110
[  567.324967][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.324992][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.325016][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.325043][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.325062][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.325085][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.325113][T11423]  __netif_receive_skb+0x1d/0x160
[  567.325137][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.325161][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.325185][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.325213][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.325233][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.325264][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.325292][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.325321][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.325354][T11423]  ? lock_acquire+0x2f/0xb0
[  567.325373][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.325401][T11423]  tun_get_user+0x2a22/0x3e50
[  567.325437][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.325463][T11423]  ? find_held_lock+0x2d/0x110
[  567.325488][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.325510][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.325529][T11423]  vfs_write+0x5ae/0x1150
[  567.325543][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.325562][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.325576][T11423]  ? __fget_files+0x40/0x3a0
[  567.325597][T11423]  ksys_write+0x12b/0x250
[  567.325610][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.325623][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.325640][T11423]  do_syscall_64+0xcd/0x250
[  567.325658][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.325678][T11423] RIP: 0033:0x7f761ed847df
[  567.325689][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.325700][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.325713][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.325722][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.325730][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.325739][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.325746][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.325762][T11423]  </TASK>
[  567.325767][T11423] Disabling lock debugging due to kernel taint
[  567.325775][T11423] BUG: Bad page state in process syz.0.1119  pfn:5faae
[  567.325782][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805faae690 pfn:0x5faae
[  567.325793][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.325809][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.325819][T11423] raw: ffff88805faae690 0000000000000001 00000000ffffffff 0000000000000000
[  567.325826][T11423] page dumped because: page_pool leak
[  567.325831][T11423] page_owner tracks the page as allocated
[  567.325835][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220646644, free_ts 566793285633
[  567.325853][T11423]  post_alloc_hook+0x2d1/0x350
[  567.325866][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.325879][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.325893][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.325907][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.325919][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.325930][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.325941][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.325953][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.325968][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.325989][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.326014][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.326039][T11423]  __netif_receive_skb+0x1d/0x160
[  567.326056][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.326072][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.326087][T11423]  tun_get_user+0x2a22/0x3e50
[  567.326102][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.326109][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.326122][T11423]  folios_put_refs+0x587/0x7b0
[  567.326134][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.326146][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.326160][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.326174][T11423]  exit_mmap+0x3df/0xb20
[  567.326185][T11423]  __mmput+0x12a/0x4c0
[  567.326197][T11423]  mmput+0x62/0x70
[  567.326209][T11423]  do_exit+0x9ba/0x2d70
[  567.326225][T11423]  do_group_exit+0xd3/0x2a0
[  567.326242][T11423]  get_signal+0x24ed/0x26c0
[  567.326256][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.326273][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.326288][T11423]  do_syscall_64+0xda/0x250
[  567.326304][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.326320][T11423] Modules linked in:
[  567.326333][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.326350][T11423] Tainted: [B]=BAD_PAGE
[  567.326354][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.326361][T11423] Call Trace:
[  567.326364][T11423]  <TASK>
[  567.326369][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.326385][T11423]  bad_page+0xb3/0x1f0
[  567.326402][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.326419][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.326435][T11423]  free_unref_page+0x72f/0x1080
[  567.326449][T11423]  page_frag_free+0x255/0x2a0
[  567.326465][T11423]  __xdp_return+0x217/0xa90
[  567.326477][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.326494][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.326504][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.326523][T11423]  do_xdp_generic+0x70a/0xe70
[  567.326539][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.326556][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.326569][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.326583][T11423]  ? mark_lock+0xb5/0xc60
[  567.326596][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.326615][T11423]  ? hlock_class+0x4e/0x130
[  567.326631][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.326644][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.326662][T11423]  ? hlock_class+0x4e/0x130
[  567.326678][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.326693][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.326706][T11423]  ? find_held_lock+0x2d/0x110
[  567.326724][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.326741][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.326758][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.326775][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.326787][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.326802][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.326819][T11423]  __netif_receive_skb+0x1d/0x160
[  567.326835][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.326851][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.326868][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.326886][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.326899][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.326919][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.326934][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.326951][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.326967][T11423]  ? lock_acquire+0x2f/0xb0
[  567.326979][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.326996][T11423]  tun_get_user+0x2a22/0x3e50
[  567.327014][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.327031][T11423]  ? find_held_lock+0x2d/0x110
[  567.327049][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.327064][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.327089][T11423]  vfs_write+0x5ae/0x1150
[  567.327109][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.327135][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.327147][T11423]  ? __fget_files+0x40/0x3a0
[  567.327163][T11423]  ksys_write+0x12b/0x250
[  567.327174][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.327186][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.327200][T11423]  do_syscall_64+0xcd/0x250
[  567.327217][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.327234][T11423] RIP: 0033:0x7f761ed847df
[  567.327242][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.327254][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.327265][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.327273][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.327281][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.327288][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.327296][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.327307][T11423]  </TASK>
[  567.327313][T11423] BUG: Bad page state in process syz.0.1119  pfn:7d60a
[  567.327319][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807d60a500 pfn:0x7d60a
[  567.327334][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.327347][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.327358][T11423] raw: ffff88807d60a500 0000000000000001 00000000ffffffff 0000000000000000
[  567.327365][T11423] page dumped because: page_pool leak
[  567.327370][T11423] page_owner tracks the page as allocated
[  567.327373][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220636813, free_ts 566793289993
[  567.327391][T11423]  post_alloc_hook+0x2d1/0x350
[  567.327404][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.327417][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.327430][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.327447][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.327466][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.327483][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.327501][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.327517][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.327529][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.327544][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.327561][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.327577][T11423]  __netif_receive_skb+0x1d/0x160
[  567.327592][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.327606][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.327620][T11423]  tun_get_user+0x2a22/0x3e50
[  567.327635][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.327641][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.327654][T11423]  folios_put_refs+0x587/0x7b0
[  567.327665][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.327677][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.327691][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.327705][T11423]  exit_mmap+0x3df/0xb20
[  567.327715][T11423]  __mmput+0x12a/0x4c0
[  567.327728][T11423]  mmput+0x62/0x70
[  567.327740][T11423]  do_exit+0x9ba/0x2d70
[  567.327755][T11423]  do_group_exit+0xd3/0x2a0
[  567.327772][T11423]  get_signal+0x24ed/0x26c0
[  567.327786][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.327802][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.327817][T11423]  do_syscall_64+0xda/0x250
[  567.327832][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.327848][T11423] Modules linked in:
[  567.327855][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.327871][T11423] Tainted: [B]=BAD_PAGE
[  567.327875][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.327881][T11423] Call Trace:
[  567.327885][T11423]  <TASK>
[  567.327889][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.327904][T11423]  bad_page+0xb3/0x1f0
[  567.327921][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.327937][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.327954][T11423]  free_unref_page+0x72f/0x1080
[  567.327968][T11423]  page_frag_free+0x255/0x2a0
[  567.327984][T11423]  __xdp_return+0x217/0xa90
[  567.327996][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.328012][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.328021][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.328040][T11423]  do_xdp_generic+0x70a/0xe70
[  567.328057][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.328074][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.328088][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.328102][T11423]  ? mark_lock+0xb5/0xc60
[  567.328115][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.328134][T11423]  ? hlock_class+0x4e/0x130
[  567.328151][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.328166][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.328194][T11423]  ? hlock_class+0x4e/0x130
[  567.328220][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.328236][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.328250][T11423]  ? find_held_lock+0x2d/0x110
[  567.328268][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.328285][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.328302][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.328318][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.328334][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.328349][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.328366][T11423]  __netif_receive_skb+0x1d/0x160
[  567.328382][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.328398][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.328414][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.328433][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.328445][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.328465][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.328480][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.328496][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.328513][T11423]  ? lock_acquire+0x2f/0xb0
[  567.328525][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.328541][T11423]  tun_get_user+0x2a22/0x3e50
[  567.328560][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.328575][T11423]  ? find_held_lock+0x2d/0x110
[  567.328593][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.328609][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.328625][T11423]  vfs_write+0x5ae/0x1150
[  567.328637][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.328654][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.328666][T11423]  ? __fget_files+0x40/0x3a0
[  567.328680][T11423]  ksys_write+0x12b/0x250
[  567.328692][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.328703][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.328716][T11423]  do_syscall_64+0xcd/0x250
[  567.328733][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.328749][T11423] RIP: 0033:0x7f761ed847df
[  567.328758][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.328769][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.328781][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.328788][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.328796][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.328803][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.328811][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.328822][T11423]  </TASK>
[  567.328827][T11423] BUG: Bad page state in process syz.0.1119  pfn:6a841
[  567.328833][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88806a841c80 pfn:0x6a841
[  567.328844][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.328857][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.328868][T11423] raw: ffff88806a841c80 0000000000000001 00000000ffffffff 0000000000000000
[  567.328875][T11423] page dumped because: page_pool leak
[  567.328879][T11423] page_owner tracks the page as allocated
[  567.328883][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220627071, free_ts 566793295065
[  567.328900][T11423]  post_alloc_hook+0x2d1/0x350
[  567.328912][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.328926][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.328939][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.328953][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.328965][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.328976][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.328986][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.328998][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.329010][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.329024][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.329041][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.329057][T11423]  __netif_receive_skb+0x1d/0x160
[  567.329072][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.329089][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.329103][T11423]  tun_get_user+0x2a22/0x3e50
[  567.329117][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.329124][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.329136][T11423]  folios_put_refs+0x587/0x7b0
[  567.329148][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.329159][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.329173][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.329186][T11423]  exit_mmap+0x3df/0xb20
[  567.329197][T11423]  __mmput+0x12a/0x4c0
[  567.329209][T11423]  mmput+0x62/0x70
[  567.329221][T11423]  do_exit+0x9ba/0x2d70
[  567.329237][T11423]  do_group_exit+0xd3/0x2a0
[  567.329256][T11423]  get_signal+0x24ed/0x26c0
[  567.329278][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.329304][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.329321][T11423]  do_syscall_64+0xda/0x250
[  567.329342][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.329358][T11423] Modules linked in:
[  567.329365][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.329381][T11423] Tainted: [B]=BAD_PAGE
[  567.329385][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.329392][T11423] Call Trace:
[  567.329395][T11423]  <TASK>
[  567.329399][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.329415][T11423]  bad_page+0xb3/0x1f0
[  567.329431][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.329448][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.329465][T11423]  free_unref_page+0x72f/0x1080
[  567.329479][T11423]  page_frag_free+0x255/0x2a0
[  567.329495][T11423]  __xdp_return+0x217/0xa90
[  567.329507][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.329523][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.329532][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.329551][T11423]  do_xdp_generic+0x70a/0xe70
[  567.329568][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.329585][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.329597][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.329612][T11423]  ? mark_lock+0xb5/0xc60
[  567.329625][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.329644][T11423]  ? hlock_class+0x4e/0x130
[  567.329660][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.329673][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.329691][T11423]  ? hlock_class+0x4e/0x130
[  567.329707][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.329722][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.329735][T11423]  ? find_held_lock+0x2d/0x110
[  567.329753][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.329770][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.329787][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.329804][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.329816][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.329831][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.329847][T11423]  __netif_receive_skb+0x1d/0x160
[  567.329863][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.329879][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.329896][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.329913][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.329926][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.329945][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.329961][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.329977][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.329993][T11423]  ? lock_acquire+0x2f/0xb0
[  567.330008][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.330034][T11423]  tun_get_user+0x2a22/0x3e50
[  567.330061][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.330085][T11423]  ? find_held_lock+0x2d/0x110
[  567.330112][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.330138][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.330164][T11423]  vfs_write+0x5ae/0x1150
[  567.330182][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.330207][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.330225][T11423]  ? __fget_files+0x40/0x3a0
[  567.330251][T11423]  ksys_write+0x12b/0x250
[  567.330270][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.330289][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.330312][T11423]  do_syscall_64+0xcd/0x250
[  567.330342][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.330369][T11423] RIP: 0033:0x7f761ed847df
[  567.330383][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.330401][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.330421][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.330435][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.330447][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.330459][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.330471][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.330487][T11423]  </TASK>
[  567.330522][T11423] BUG: Bad page state in process syz.0.1119  pfn:5b3cb
[  567.330534][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b3cbf00 pfn:0x5b3cb
[  567.330553][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.330576][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.330594][T11423] raw: ffff88805b3cbf00 0000000000000001 00000000ffffffff 0000000000000000
[  567.330605][T11423] page dumped because: page_pool leak
[  567.330614][T11423] page_owner tracks the page as allocated
[  567.330620][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220617412, free_ts 566793298898
[  567.330651][T11423]  post_alloc_hook+0x2d1/0x350
[  567.330671][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.330692][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.330713][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.330735][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.330755][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.330773][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.330791][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.330810][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.330830][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.330852][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.330878][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.330903][T11423]  __netif_receive_skb+0x1d/0x160
[  567.330925][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.330948][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.330970][T11423]  tun_get_user+0x2a22/0x3e50
[  567.330993][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.331004][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.331024][T11423]  folios_put_refs+0x587/0x7b0
[  567.331043][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.331062][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.331085][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.331106][T11423]  exit_mmap+0x3df/0xb20
[  567.331125][T11423]  __mmput+0x12a/0x4c0
[  567.331145][T11423]  mmput+0x62/0x70
[  567.331165][T11423]  do_exit+0x9ba/0x2d70
[  567.331190][T11423]  do_group_exit+0xd3/0x2a0
[  567.331213][T11423]  get_signal+0x24ed/0x26c0
[  567.331233][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.331257][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.331278][T11423]  do_syscall_64+0xda/0x250
[  567.331299][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.331324][T11423] Modules linked in:
[  567.331343][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.331370][T11423] Tainted: [B]=BAD_PAGE
[  567.331376][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.331386][T11423] Call Trace:
[  567.331391][T11423]  <TASK>
[  567.331397][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.331423][T11423]  bad_page+0xb3/0x1f0
[  567.331448][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.331476][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.331503][T11423]  free_unref_page+0x72f/0x1080
[  567.331527][T11423]  page_frag_free+0x255/0x2a0
[  567.331553][T11423]  __xdp_return+0x217/0xa90
[  567.331574][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.331600][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.331616][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.331647][T11423]  do_xdp_generic+0x70a/0xe70
[  567.331673][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.331701][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.331723][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.331747][T11423]  ? mark_lock+0xb5/0xc60
[  567.331769][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.331801][T11423]  ? hlock_class+0x4e/0x130
[  567.331828][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.331850][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.331878][T11423]  ? hlock_class+0x4e/0x130
[  567.331904][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.331929][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.331951][T11423]  ? find_held_lock+0x2d/0x110
[  567.331981][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.332008][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.332036][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.332062][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.332082][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.332105][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.332133][T11423]  __netif_receive_skb+0x1d/0x160
[  567.332159][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.332185][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.332211][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.332239][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.332260][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.332290][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.332316][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.332350][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.332376][T11423]  ? lock_acquire+0x2f/0xb0
[  567.332395][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.332422][T11423]  tun_get_user+0x2a22/0x3e50
[  567.332453][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.332479][T11423]  ? find_held_lock+0x2d/0x110
[  567.332507][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.332535][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.332561][T11423]  vfs_write+0x5ae/0x1150
[  567.332582][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.332609][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.332628][T11423]  ? __fget_files+0x40/0x3a0
[  567.332655][T11423]  ksys_write+0x12b/0x250
[  567.332674][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.332694][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.332717][T11423]  do_syscall_64+0xcd/0x250
[  567.332743][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.332770][T11423] RIP: 0033:0x7f761ed847df
[  567.332786][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.332803][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.332823][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.332838][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.332851][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.332864][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.332877][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.332897][T11423]  </TASK>
[  567.332906][T11423] BUG: Bad page state in process syz.0.1119  pfn:5b2b6
[  567.332918][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b2b6f00 pfn:0x5b2b6
[  567.332937][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.332961][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.332979][T11423] raw: ffff88805b2b6f00 0000000000000001 00000000ffffffff 0000000000000000
[  567.332991][T11423] page dumped because: page_pool leak
[  567.332999][T11423] page_owner tracks the page as allocated
[  567.333006][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220607573, free_ts 566793304032
[  567.333036][T11423]  post_alloc_hook+0x2d1/0x350
[  567.333056][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.333078][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.333101][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.333124][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.333145][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.333164][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.333184][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.333203][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.333224][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.333247][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.333274][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.333299][T11423]  __netif_receive_skb+0x1d/0x160
[  567.333323][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.333353][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.333375][T11423]  tun_get_user+0x2a22/0x3e50
[  567.333400][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.333411][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.333432][T11423]  folios_put_refs+0x587/0x7b0
[  567.333452][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.333472][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.333495][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.333516][T11423]  exit_mmap+0x3df/0xb20
[  567.333534][T11423]  __mmput+0x12a/0x4c0
[  567.333554][T11423]  mmput+0x62/0x70
[  567.333574][T11423]  do_exit+0x9ba/0x2d70
[  567.333598][T11423]  do_group_exit+0xd3/0x2a0
[  567.333624][T11423]  get_signal+0x24ed/0x26c0
[  567.333646][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.333671][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.333694][T11423]  do_syscall_64+0xda/0x250
[  567.333718][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.333744][T11423] Modules linked in:
[  567.333757][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.333786][T11423] Tainted: [B]=BAD_PAGE
[  567.333793][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.333804][T11423] Call Trace:
[  567.333810][T11423]  <TASK>
[  567.333817][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.333844][T11423]  bad_page+0xb3/0x1f0
[  567.333870][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.333897][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.333925][T11423]  free_unref_page+0x72f/0x1080
[  567.333949][T11423]  page_frag_free+0x255/0x2a0
[  567.333974][T11423]  __xdp_return+0x217/0xa90
[  567.333993][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.334019][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.334035][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.334067][T11423]  do_xdp_generic+0x70a/0xe70
[  567.334093][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.334120][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.334140][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.334165][T11423]  ? mark_lock+0xb5/0xc60
[  567.334187][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.334219][T11423]  ? hlock_class+0x4e/0x130
[  567.334244][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.334267][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.334296][T11423]  ? hlock_class+0x4e/0x130
[  567.334321][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.334352][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.334374][T11423]  ? find_held_lock+0x2d/0x110
[  567.334404][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.334431][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.334459][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.334484][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.334505][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.334528][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.334556][T11423]  __netif_receive_skb+0x1d/0x160
[  567.334582][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.334608][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.334634][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.334661][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.334682][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.334712][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.334738][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.334766][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.334791][T11423]  ? lock_acquire+0x2f/0xb0
[  567.334811][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.334838][T11423]  tun_get_user+0x2a22/0x3e50
[  567.334870][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.334896][T11423]  ? find_held_lock+0x2d/0x110
[  567.334924][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.334952][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.334979][T11423]  vfs_write+0x5ae/0x1150
[  567.334998][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.335026][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.335046][T11423]  ? __fget_files+0x40/0x3a0
[  567.335072][T11423]  ksys_write+0x12b/0x250
[  567.335091][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.335111][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.335134][T11423]  do_syscall_64+0xcd/0x250
[  567.335160][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.335187][T11423] RIP: 0033:0x7f761ed847df
[  567.335201][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.335221][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.335237][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.335250][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.335263][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.335276][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.335289][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.335308][T11423]  </TASK>
[  567.335317][T11423] BUG: Bad page state in process syz.0.1119  pfn:5eb9d
[  567.335334][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805eb9df00 pfn:0x5eb9d
[  567.335353][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.335376][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.335394][T11423] raw: ffff88805eb9df00 0000000000000001 00000000ffffffff 0000000000000000
[  567.335405][T11423] page dumped because: page_pool leak
[  567.335412][T11423] page_owner tracks the page as allocated
[  567.335418][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220597669, free_ts 566793308412
[  567.335450][T11423]  post_alloc_hook+0x2d1/0x350
[  567.335470][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.335492][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.335514][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.335536][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.335556][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.335574][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.335592][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.335612][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.335631][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.335653][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.335680][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.335705][T11423]  __netif_receive_skb+0x1d/0x160
[  567.335729][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.335753][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.335775][T11423]  tun_get_user+0x2a22/0x3e50
[  567.335798][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.335809][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.335830][T11423]  folios_put_refs+0x587/0x7b0
[  567.335849][T11423]  free_pages_and_swap_cache+0x36d/0x510
[  567.335869][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.335891][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.335912][T11423]  exit_mmap+0x3df/0xb20
[  567.335930][T11423]  __mmput+0x12a/0x4c0
[  567.335950][T11423]  mmput+0x62/0x70
[  567.335970][T11423]  do_exit+0x9ba/0x2d70
[  567.335994][T11423]  do_group_exit+0xd3/0x2a0
[  567.336019][T11423]  get_signal+0x24ed/0x26c0
[  567.336041][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.336066][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.336090][T11423]  do_syscall_64+0xda/0x250
[  567.336114][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.336139][T11423] Modules linked in:
[  567.336152][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.336180][T11423] Tainted: [B]=BAD_PAGE
[  567.336187][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.336198][T11423] Call Trace:
[  567.336204][T11423]  <TASK>
[  567.336211][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.336237][T11423]  bad_page+0xb3/0x1f0
[  567.336263][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.336290][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.336316][T11423]  free_unref_page+0x72f/0x1080
[  567.336347][T11423]  page_frag_free+0x255/0x2a0
[  567.336372][T11423]  __xdp_return+0x217/0xa90
[  567.336393][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.336421][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.336438][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.336470][T11423]  do_xdp_generic+0x70a/0xe70
[  567.336496][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.336524][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.336545][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.336571][T11423]  ? mark_lock+0xb5/0xc60
[  567.336593][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.336625][T11423]  ? hlock_class+0x4e/0x130
[  567.336650][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.336672][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.336701][T11423]  ? hlock_class+0x4e/0x130
[  567.336727][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.336753][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.336774][T11423]  ? find_held_lock+0x2d/0x110
[  567.336804][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.336831][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.336858][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.336884][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.336904][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.336927][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.336955][T11423]  __netif_receive_skb+0x1d/0x160
[  567.336981][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.337007][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.337033][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.337061][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.337081][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.337111][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.337136][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.337162][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.337186][T11423]  ? lock_acquire+0x2f/0xb0
[  567.337204][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.337231][T11423]  tun_get_user+0x2a22/0x3e50
[  567.337261][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.337283][T11423]  ? find_held_lock+0x2d/0x110
[  567.337308][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.337339][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.337364][T11423]  vfs_write+0x5ae/0x1150
[  567.337381][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.337405][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.337425][T11423]  ? __fget_files+0x40/0x3a0
[  567.337449][T11423]  ksys_write+0x12b/0x250
[  567.337469][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.337489][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.337511][T11423]  do_syscall_64+0xcd/0x250
[  567.337537][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.337561][T11423] RIP: 0033:0x7f761ed847df
[  567.337575][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.337593][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.337612][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.337626][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.337638][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.337651][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.337663][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.337682][T11423]  </TASK>
[  567.337691][T11423] BUG: Bad page state in process syz.0.1119  pfn:7b1f1
[  567.337702][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b1f1f00 pfn:0x7b1f1
[  567.337720][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.337742][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.337760][T11423] raw: ffff88807b1f1f00 0000000000000001 00000000ffffffff 0000000000000000
[  567.337771][T11423] page dumped because: page_pool leak
[  567.337779][T11423] page_owner tracks the page as allocated
[  567.337785][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220587613, free_ts 566793331862
[  567.337814][T11423]  post_alloc_hook+0x2d1/0x350
[  567.337835][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.337856][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.337878][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.337900][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.337919][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.337937][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.337955][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.337973][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.337992][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.338014][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.338039][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.338062][T11423]  __netif_receive_skb+0x1d/0x160
[  567.338084][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.338107][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.338127][T11423]  tun_get_user+0x2a22/0x3e50
[  567.338149][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.338160][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.338179][T11423]  folios_put_refs+0x587/0x7b0
[  567.338198][T11423]  free_pages_and_swap_cache+0x45f/0x510
[  567.338215][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.338237][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.338257][T11423]  exit_mmap+0x3df/0xb20
[  567.338273][T11423]  __mmput+0x12a/0x4c0
[  567.338290][T11423]  mmput+0x62/0x70
[  567.338308][T11423]  do_exit+0x9ba/0x2d70
[  567.338337][T11423]  do_group_exit+0xd3/0x2a0
[  567.338360][T11423]  get_signal+0x24ed/0x26c0
[  567.338381][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.338404][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.338427][T11423]  do_syscall_64+0xda/0x250
[  567.338449][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.338473][T11423] Modules linked in:
[  567.338485][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.338510][T11423] Tainted: [B]=BAD_PAGE
[  567.338516][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.338527][T11423] Call Trace:
[  567.338533][T11423]  <TASK>
[  567.338539][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.338563][T11423]  bad_page+0xb3/0x1f0
[  567.338588][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.338614][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.338640][T11423]  free_unref_page+0x72f/0x1080
[  567.338665][T11423]  page_frag_free+0x255/0x2a0
[  567.338690][T11423]  __xdp_return+0x217/0xa90
[  567.338711][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.338739][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.338755][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.338788][T11423]  do_xdp_generic+0x70a/0xe70
[  567.338815][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.338842][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.338863][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.338888][T11423]  ? mark_lock+0xb5/0xc60
[  567.338911][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.338943][T11423]  ? hlock_class+0x4e/0x130
[  567.338968][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.338991][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.339019][T11423]  ? hlock_class+0x4e/0x130
[  567.339044][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.339071][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.339092][T11423]  ? find_held_lock+0x2d/0x110
[  567.339122][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.339149][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.339177][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.339203][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.339223][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.339246][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.339274][T11423]  __netif_receive_skb+0x1d/0x160
[  567.339300][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.339326][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.339360][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.339389][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.339409][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.339440][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.339466][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.339494][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.339520][T11423]  ? lock_acquire+0x2f/0xb0
[  567.339540][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.339566][T11423]  tun_get_user+0x2a22/0x3e50
[  567.339596][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.339623][T11423]  ? find_held_lock+0x2d/0x110
[  567.339650][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.339678][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.339705][T11423]  vfs_write+0x5ae/0x1150
[  567.339726][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.339754][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.339774][T11423]  ? __fget_files+0x40/0x3a0
[  567.339800][T11423]  ksys_write+0x12b/0x250
[  567.339820][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.339840][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.339863][T11423]  do_syscall_64+0xcd/0x250
[  567.339889][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.339916][T11423] RIP: 0033:0x7f761ed847df
[  567.339931][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.339951][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.339970][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.339984][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.339998][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.340014][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.340026][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.340043][T11423]  </TASK>
[  567.340069][T11423] BUG: Bad page state in process syz.0.1119  pfn:6a832
[  567.340080][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x20ffd pfn:0x6a832
[  567.340096][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.340117][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.340135][T11423] raw: 0000000000020ffd 0000000000000001 00000000ffffffff 0000000000000000
[  567.340147][T11423] page dumped because: page_pool leak
[  567.340155][T11423] page_owner tracks the page as allocated
[  567.340161][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220577526, free_ts 566793335759
[  567.340193][T11423]  post_alloc_hook+0x2d1/0x350
[  567.340213][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.340235][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.340257][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.340279][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.340298][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.340316][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.340340][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.340359][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.340379][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.340401][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.340427][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.340451][T11423]  __netif_receive_skb+0x1d/0x160
[  567.340474][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.340498][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.340519][T11423]  tun_get_user+0x2a22/0x3e50
[  567.340542][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.340552][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.340572][T11423]  folios_put_refs+0x587/0x7b0
[  567.340591][T11423]  free_pages_and_swap_cache+0x45f/0x510
[  567.340611][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.340633][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.340654][T11423]  exit_mmap+0x3df/0xb20
[  567.340671][T11423]  __mmput+0x12a/0x4c0
[  567.340691][T11423]  mmput+0x62/0x70
[  567.340710][T11423]  do_exit+0x9ba/0x2d70
[  567.340734][T11423]  do_group_exit+0xd3/0x2a0
[  567.340759][T11423]  get_signal+0x24ed/0x26c0
[  567.340780][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.340804][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.340827][T11423]  do_syscall_64+0xda/0x250
[  567.340851][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.340876][T11423] Modules linked in:
[  567.340888][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.340915][T11423] Tainted: [B]=BAD_PAGE
[  567.340921][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.340931][T11423] Call Trace:
[  567.340937][T11423]  <TASK>
[  567.340944][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.340968][T11423]  bad_page+0xb3/0x1f0
[  567.340993][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.341020][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.341046][T11423]  free_unref_page+0x72f/0x1080
[  567.341070][T11423]  page_frag_free+0x255/0x2a0
[  567.341095][T11423]  __xdp_return+0x217/0xa90
[  567.341117][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.341145][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.341162][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.341194][T11423]  do_xdp_generic+0x70a/0xe70
[  567.341220][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.341247][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.341267][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.341293][T11423]  ? mark_lock+0xb5/0xc60
[  567.341316][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.341353][T11423]  ? hlock_class+0x4e/0x130
[  567.341379][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.341402][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.341429][T11423]  ? hlock_class+0x4e/0x130
[  567.341455][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.341481][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.341503][T11423]  ? find_held_lock+0x2d/0x110
[  567.341532][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.341559][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.341586][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.341612][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.341632][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.341657][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.341684][T11423]  __netif_receive_skb+0x1d/0x160
[  567.341710][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.341736][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.341761][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.341789][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.341810][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.341841][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.341867][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.341894][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.341920][T11423]  ? lock_acquire+0x2f/0xb0
[  567.341940][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.341966][T11423]  tun_get_user+0x2a22/0x3e50
[  567.341997][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.342022][T11423]  ? find_held_lock+0x2d/0x110
[  567.342051][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.342078][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.342105][T11423]  vfs_write+0x5ae/0x1150
[  567.342124][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.342152][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.342172][T11423]  ? __fget_files+0x40/0x3a0
[  567.342199][T11423]  ksys_write+0x12b/0x250
[  567.342216][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.342235][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.342257][T11423]  do_syscall_64+0xcd/0x250
[  567.342284][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.342311][T11423] RIP: 0033:0x7f761ed847df
[  567.342333][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.342352][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.342371][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.342385][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.342399][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.342411][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.342425][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.342445][T11423]  </TASK>
[  567.342454][T11423] BUG: Bad page state in process syz.0.1119  pfn:295d6
[  567.342466][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880295d6e88 pfn:0x295d6
[  567.342484][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.342508][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.342527][T11423] raw: ffff8880295d6e88 0000000000000001 00000000ffffffff 0000000000000000
[  567.342538][T11423] page dumped because: page_pool leak
[  567.342546][T11423] page_owner tracks the page as allocated
[  567.342553][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220567780, free_ts 566793339811
[  567.342583][T11423]  post_alloc_hook+0x2d1/0x350
[  567.342604][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.342626][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.342648][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.342671][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.342690][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.342707][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.342725][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.342744][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.342764][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.342787][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.342813][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.342839][T11423]  __netif_receive_skb+0x1d/0x160
[  567.342863][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.342886][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.342908][T11423]  tun_get_user+0x2a22/0x3e50
[  567.342931][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.342942][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.342963][T11423]  folios_put_refs+0x587/0x7b0
[  567.342982][T11423]  free_pages_and_swap_cache+0x45f/0x510
[  567.343001][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.343024][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.343045][T11423]  exit_mmap+0x3df/0xb20
[  567.343078][T11423]  __mmput+0x12a/0x4c0
[  567.343098][T11423]  mmput+0x62/0x70
[  567.343117][T11423]  do_exit+0x9ba/0x2d70
[  567.343141][T11423]  do_group_exit+0xd3/0x2a0
[  567.343167][T11423]  get_signal+0x24ed/0x26c0
[  567.343188][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.343213][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.343238][T11423]  do_syscall_64+0xda/0x250
[  567.343262][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.343289][T11423] Modules linked in:
[  567.343301][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.343336][T11423] Tainted: [B]=BAD_PAGE
[  567.343343][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.343354][T11423] Call Trace:
[  567.343361][T11423]  <TASK>
[  567.343368][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.343394][T11423]  bad_page+0xb3/0x1f0
[  567.343420][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.343447][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.343474][T11423]  free_unref_page+0x72f/0x1080
[  567.343498][T11423]  page_frag_free+0x255/0x2a0
[  567.343522][T11423]  __xdp_return+0x217/0xa90
[  567.343543][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.343571][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.343587][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.343619][T11423]  do_xdp_generic+0x70a/0xe70
[  567.343646][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.343674][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.343695][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.343720][T11423]  ? mark_lock+0xb5/0xc60
[  567.343743][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.343775][T11423]  ? hlock_class+0x4e/0x130
[  567.343801][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.343824][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.343853][T11423]  ? hlock_class+0x4e/0x130
[  567.343879][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.343905][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.343927][T11423]  ? find_held_lock+0x2d/0x110
[  567.343957][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.343984][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.344011][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.344037][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.344056][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.344079][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.344107][T11423]  __netif_receive_skb+0x1d/0x160
[  567.344132][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.344157][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.344183][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.344210][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.344232][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.344262][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.344288][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.344315][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.344347][T11423]  ? lock_acquire+0x2f/0xb0
[  567.344367][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.344393][T11423]  tun_get_user+0x2a22/0x3e50
[  567.344424][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.344451][T11423]  ? find_held_lock+0x2d/0x110
[  567.344480][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.344509][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.344537][T11423]  vfs_write+0x5ae/0x1150
[  567.344558][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.344585][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.344606][T11423]  ? __fget_files+0x40/0x3a0
[  567.344633][T11423]  ksys_write+0x12b/0x250
[  567.344653][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.344673][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.344696][T11423]  do_syscall_64+0xcd/0x250
[  567.344722][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.344749][T11423] RIP: 0033:0x7f761ed847df
[  567.344764][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.344783][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.344802][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.344816][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.344829][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.344842][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.344855][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.344875][T11423]  </TASK>
[  567.344884][T11423] BUG: Bad page state in process syz.0.1119  pfn:34ba0
[  567.344896][T11423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34ba0
[  567.344914][T11423] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  567.344937][T11423] raw: 00fff00000000000 dead000000000040 ffff888022eac000 0000000000000000
[  567.344955][T11423] raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
[  567.344965][T11423] page dumped because: page_pool leak
[  567.344974][T11423] page_owner tracks the page as allocated
[  567.344979][T11423] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 11423, tgid 11417 (syz.0.1119), ts 567220557773, free_ts 566793343850
[  567.345010][T11423]  post_alloc_hook+0x2d1/0x350
[  567.345031][T11423]  get_page_from_freelist+0xfce/0x2f80
[  567.345053][T11423]  __alloc_pages_noprof+0x223/0x25b0
[  567.345074][T11423]  alloc_pages_bulk_noprof+0x72b/0x10b0
[  567.345096][T11423]  __page_pool_alloc_pages_slow+0x18f/0x770
[  567.345116][T11423]  page_pool_alloc_netmem+0xc4/0x160
[  567.345136][T11423]  page_pool_alloc_pages+0x1a/0x60
[  567.345154][T11423]  skb_pp_cow_data+0x72f/0xe80
[  567.345174][T11423]  skb_cow_data_for_xdp+0x88/0xb0
[  567.345193][T11423]  do_xdp_generic+0x3f1/0xe70
[  567.345216][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.345243][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.345269][T11423]  __netif_receive_skb+0x1d/0x160
[  567.345293][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.345317][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.345346][T11423]  tun_get_user+0x2a22/0x3e50
[  567.345370][T11423] page last free pid 11382 tgid 11379 stack trace:
[  567.345379][T11423]  free_unref_folios+0xa7b/0x14f0
[  567.345400][T11423]  folios_put_refs+0x587/0x7b0
[  567.345419][T11423]  free_pages_and_swap_cache+0x45f/0x510
[  567.345439][T11423]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  567.345462][T11423]  tlb_finish_mmu+0x168/0x7b0
[  567.345483][T11423]  exit_mmap+0x3df/0xb20
[  567.345502][T11423]  __mmput+0x12a/0x4c0
[  567.345522][T11423]  mmput+0x62/0x70
[  567.345542][T11423]  do_exit+0x9ba/0x2d70
[  567.345566][T11423]  do_group_exit+0xd3/0x2a0
[  567.345591][T11423]  get_signal+0x24ed/0x26c0
[  567.345614][T11423]  arch_do_signal_or_restart+0x90/0x7e0
[  567.345639][T11423]  syscall_exit_to_user_mode+0x150/0x2a0
[  567.345664][T11423]  do_syscall_64+0xda/0x250
[  567.345688][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.345715][T11423] Modules linked in:
[  567.345728][T11423] CPU: 1 UID: 0 PID: 11423 Comm: syz.0.1119 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  567.345757][T11423] Tainted: [B]=BAD_PAGE
[  567.345764][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  567.345775][T11423] Call Trace:
[  567.345782][T11423]  <TASK>
[  567.345789][T11423]  dump_stack_lvl+0x16c/0x1f0
[  567.345815][T11423]  bad_page+0xb3/0x1f0
[  567.345842][T11423]  ? __pfx_bad_page+0x10/0x10
[  567.345869][T11423]  ? page_bad_reason+0x9d/0x1e0
[  567.345896][T11423]  free_unref_page+0x72f/0x1080
[  567.345921][T11423]  page_frag_free+0x255/0x2a0
[  567.345946][T11423]  __xdp_return+0x217/0xa90
[  567.345967][T11423]  bpf_xdp_adjust_tail+0xa6f/0x1070
[  567.345995][T11423]  bpf_prog_f476d5219b92964a+0x1e/0x20
[  567.346012][T11423]  bpf_prog_run_generic_xdp+0x630/0x1510
[  567.346044][T11423]  do_xdp_generic+0x70a/0xe70
[  567.346071][T11423]  ? __pfx_do_xdp_generic+0x10/0x10
[  567.346098][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.346119][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.346144][T11423]  ? mark_lock+0xb5/0xc60
[  567.346167][T11423]  __netif_receive_skb_core.constprop.0+0x1330/0x4470
[  567.346199][T11423]  ? hlock_class+0x4e/0x130
[  567.346224][T11423]  ? __lock_acquire+0x15a9/0x3c40
[  567.346247][T11423]  ? __pfx___netif_receive_skb_core.constprop.0+0x10/0x10
[  567.346275][T11423]  ? hlock_class+0x4e/0x130
[  567.346300][T11423]  ? __lock_acquire+0xcc5/0x3c40
[  567.346331][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.346354][T11423]  ? find_held_lock+0x2d/0x110
[  567.346384][T11423]  __netif_receive_skb_one_core+0xb1/0x1e0
[  567.346412][T11423]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  567.346440][T11423]  ? rcu_is_watching+0x12/0xc0
[  567.346467][T11423]  ? ktime_get_with_offset+0x273/0x3a0
[  567.346488][T11423]  ? lockdep_hardirqs_on+0x7c/0x110
[  567.346511][T11423]  ? netif_receive_skb+0x109/0x7b0
[  567.346537][T11423]  __netif_receive_skb+0x1d/0x160
[  567.346562][T11423]  netif_receive_skb+0x13f/0x7b0
[  567.346586][T11423]  ? __pfx_netif_receive_skb+0x10/0x10
[  567.346612][T11423]  ? _copy_from_iter+0x15e/0x1560
[  567.346638][T11423]  ? __pfx___lock_acquire+0x10/0x10
[  567.346659][T11423]  ? __pfx__copy_from_iter+0x10/0x10
[  567.346688][T11423]  tun_rx_batched.isra.0+0x3eb/0x730
[  567.346710][T11423]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  567.346732][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.346754][T11423]  ? lock_acquire+0x2f/0xb0
[  567.346772][T11423]  ? tun_get_user+0x13e6/0x3e50
[  567.346795][T11423]  tun_get_user+0x2a22/0x3e50
[  567.346823][T11423]  ? __pfx_tun_get_user+0x10/0x10
[  567.346848][T11423]  ? find_held_lock+0x2d/0x110
[  567.346876][T11423]  ? __pfx_lock_release+0x10/0x10
[  567.346903][T11423]  tun_chr_write_iter+0xdc/0x210
[  567.346928][T11423]  vfs_write+0x5ae/0x1150
[  567.346947][T11423]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  567.346973][T11423]  ? __pfx_vfs_write+0x10/0x10
[  567.346994][T11423]  ? __fget_files+0x40/0x3a0
[  567.347021][T11423]  ksys_write+0x12b/0x250
[  567.347040][T11423]  ? __pfx_ksys_write+0x10/0x10
[  567.347060][T11423]  ? do_user_addr_fault+0x83d/0x13f0
[  567.347082][T11423]  do_syscall_64+0xcd/0x250
[  567.347108][T11423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  567.347135][T11423] RIP: 0033:0x7f761ed847df
[  567.347150][T11423] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  567.347170][T11423] RSP: 002b:00007f761fc42000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  567.347190][T11423] RAX: ffffffffffffffda RBX: 00007f761ef76080 RCX: 00007f761ed847df
[  567.347205][T11423] RDX: 0000000000011dc0 RSI: 0000000020000200 RDI: 00000000000000c8
[  567.347218][T11423] RBP: 00007f761ee01b08 R08: 0000000000000000 R09: 0000000000000000
[  567.347231][T11423] R10: 0000000000011dc0 R11: 0000000000000293 R12: 0000000000000000
[  567.347244][T11423] R13: 0000000000000001 R14: 00007f761ef76080 R15: 00007ffdb7fa9058
[  567.347263][T11423]  </TASK>
[  567.785402][ T5908] usb 3-1: config 0 descriptor??
[  567.792062][ T5908] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  567.792077][ T5908] pctv452e: pctv452e_power_ctrl: 1
[  567.792077][ T5908] 
[  567.792088][ T5908] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  567.792088][ T5908] 
[  567.792096][ T5908] dvb-usb: bulk message failed: -22 (5/0)
[  567.799607][ T5908] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  567.800209][T11425] binder: 11412:11425 ioctl c02064b2 20000640 returned -22
[  567.830716][ T5908] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  567.836761][T11425] binder: 11412:11425 ioctl c00464b4 20000680 returned -22
[  574.560099][    T0] sched: DL replenish lagged too much
[  574.610353][ T5908] usb 3-1: USB disconnect, device number 31