last executing test programs:

1m20.156948049s ago: executing program 4 (id=1419):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = epoll_create1(0x0)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x6000001f})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000300), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r3, 0xc0305602, &(0x7f0000000040))
socket$inet6(0xa, 0x800, 0x0)
connect$inet6(r1, 0x0, 0x0)
memfd_secret(0x80000)
mkdir(0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x0, 0x10}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = openat$incfs(r1, &(0x7f0000000000)='.pending_reads\x00', 0x541003, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r5, 0xc080661a, &(0x7f00000000c0)={@desc={0x1, 0x0, @desc1}})
syz_open_dev$tty20(0xc, 0x4, 0x1)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00')
r6 = semget$private(0x0, 0x4000000009, 0x0)
unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs2/custom1\x00')
semop(r6, &(0x7f00000002c0)=[{0x0, 0x3}, {}, {0x3}], 0x3)
semop(0x0, 0x0, 0x0)
semop(0x0, 0x0, 0x0)

1m17.48066442s ago: executing program 4 (id=1424):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_EMATCHES={0x10, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m16.218127725s ago: executing program 4 (id=1428):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_host_features={{0x3d, 0xe}, {@none, "5e10e5e0203f0f51"}}}, 0x11)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="0402550600000000000007070ab165300e00ffffffffffff090607360a8e080000000000000007700a00691e0300ffffffffffff05d305e77791ff07000000000000fcd2dfbb189cf25905f25e1308ff07ffffffffffff00fc0d699cf70200"], 0x58)
syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000000)={0x0, r2})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080))
dup2(r1, r1)
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000040)=0x803)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000002c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)

1m14.645821906s ago: executing program 4 (id=1430):
mknod(0x0, 0x0, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000003, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000002c0)={0x3, 0x1, 0x0, "efca2c7592768eb4203ecdfff900020200000000220000000000000000000020"})

1m13.251498986s ago: executing program 4 (id=1434):
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
select(0x1f, 0x0, 0x0, 0x0, &(0x7f00000000c0))

1m12.097609376s ago: executing program 4 (id=1437):
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r1 = open$dir(&(0x7f0000000340)='./file0\x00', 0x90841, 0x0)
write(r0, &(0x7f0000002200)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00)
sendfile(0xffffffffffffffff, r1, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000240), 0x6000)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x2c}, {0x6}]})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r4) (async)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), r4)
sendmsg$TIPC_CMD_GET_NETID(r4, &(0x7f00000008c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000900)={&(0x7f0000000840)={0x1c, r5, 0x0, 0x70bd2a, 0x25dfdbfe, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0xc00c}, 0x10000810)
r6 = socket$inet6(0xa, 0x3, 0x7)
sendmmsg$alg(r6, &(0x7f0000001840)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000040)=[@op={0x12, 0x29, 0x39}], 0x18}], 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000032c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000005300000008000300", @ANYRES32=r7], 0x30}}, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002"]) (async)
ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002"])
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r8, &(0x7f0000000000)=ANY=[@ANYBLOB='\"\x00\x00\x00\a'], 0xd)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="40000000030101040000000000000000020000002c000280140001800800010000080001080002001b1414aa0c00028005000100000000000600034000000000"], 0x40}}, 0x0)
unlink(&(0x7f0000000000)='./file1\x00')
io_setup(0x3, &(0x7f00000003c0)=<r10=>0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') (async)
r11 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r10, 0x1, &(0x7f0000000800)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r11, 0x0}]) (async)
io_submit(r10, 0x1, &(0x7f0000000800)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r11, 0x0}])
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async)
write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r12=>0x0, &(0x7f0000000140)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) (async)
syz_io_uring_submit(r12, r13, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})

33.013951284s ago: executing program 2 (id=1535):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000080)={0x0, 0x300, &(0x7f0000000100)={&(0x7f0000000580)={0x28, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}}, 0x0)

31.841655561s ago: executing program 2 (id=1539):
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0)
r2 = dup2(r0, r1)
read$FUSE(r2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket(0xa, 0x3, 0x4)
io_setup(0x6, &(0x7f00000000c0))
preadv(r3, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0)
mmap(&(0x7f0000941000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, 0x0, 0x4000000)
r5 = syz_io_uring_setup(0x7cd, &(0x7f0000000080)={0x0, 0x0, 0x2000}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f0000000140)=[{0xffffffffffffffff}], 0x1})
io_uring_enter(r5, 0x50, 0x0, 0x0, 0x0, 0xfffffffffffffff4)
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1e0100005c6b4408070a64006e00010203010902240001a822", @ANYRES8], &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4010)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r8, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[], 0x18}, 0x0)
sendmsg$kcm(r8, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000100100000100000070"], 0x18}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
dup2(r9, r8)

28.674977151s ago: executing program 2 (id=1546):
creat(0x0, 0x0)
close(0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000003, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000002c0)={0x3, 0x1, 0x0, "efca2c7592768eb4203ecdfff900020200000000220000000000000000000020"})

27.578236035s ago: executing program 2 (id=1550):
socket$netlink(0x10, 0x3, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000cc0), 0x0, 0x0)
ioctl$IOMMU_DESTROY$ioas(0xffffffffffffffff, 0x3b80, 0x0)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r3 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r1, r2})
sendmmsg$inet(r3, 0x0, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, 0x0)

26.486910831s ago: executing program 2 (id=1552):
socket(0x10, 0x803, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%\xf8\xff\xff\xff\xff\xff\xff\xff=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084000000000000000002000000000000000000000000000004"], 0x0, 0x3e, 0x0, 0x1}, 0x20)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000180)={[{@nr_inodes={'nr_inodes', 0x2c}}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, &(0x7f0000000340)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r4 = dup(r2)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000240)="b9ad020000b805000000ba000000000f30c4c1f56b03b8003000000f23d80f21f835c00000100f23f89a0b00000005013e0f01cbb9b00100000f320f63650966baf80cb8e86e868fef66bafc0cb8c67512e7ef670f01c3663e660fc7b4390d000000", 0x62}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='pstore\x00', 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x0)
move_mount(r8, &(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x8000, &(0x7f0000000280)={0x7}, 0x20)

23.238667805s ago: executing program 2 (id=1559):
creat(0x0, 0x0)
close(0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='gadgetfs\x00', 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000003, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000002c0)={0x3, 0x1, 0x0, "efca2c7592768eb4203ecdfff900020200000000220000000000000000000020"})

19.597891872s ago: executing program 1 (id=1566):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
ioperm(0x0, 0x3, 0xe)
setgid(0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
unshare(0x2a060400)
pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x9, 0x3, 0x200, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x168, 0xffffffff, 0xffffffff, 0x168, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0xfff9, 0x4, [0x24, 0x19, 0x1, 0x32, 0x3a, 0x3b, 0xe, 0x31, 0x27, 0x20, 0x22, 0x1f, 0x19, 0x21, 0x22, 0x3d], 0x2, 0xfffffff8, 0x2cc}}}, {{@ip={@broadcast, @local, 0xffffff00, 0xff, 'veth1_to_batadv\x00', 'veth1_vlan\x00', {0xff}, {0xff}, 0x21, 0x2, 0x4}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260)

18.622853273s ago: executing program 1 (id=1569):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/rt6_stats\x00')
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
r0 = syz_io_uring_setup(0x66d6, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000300)=<r1=>0x0)
syz_io_uring_setup(0x7cd0, &(0x7f0000000200), &(0x7f0000000180)=<r2=>0x0, &(0x7f0000000380))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

18.297613838s ago: executing program 1 (id=1570):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x8, 0x0, 0x4, 0xc80, 0xffffffffffffffff, 0x80000001, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x2}, 0xffffffffffffff7d)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000003b2682687941fdf5389faec74a64229300000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305839, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f00000000c0)={0x8, 0x7f, 0x0, 0x0, 0x3, "f06fc539471398450104663ea5b3e92dad434f"})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={r6, 0x58, &(0x7f00000003c0)}, 0x10)
sendmsg$nl_route(r4, &(0x7f0000000380)={&(0x7f00000001c0), 0xc, &(0x7f0000000340)={&(0x7f00000006c0)=@ipv4_getroute={0x1c, 0x1a, 0x8, 0x70bd0c, 0x25dfdbfd, {0x2, 0x20, 0x14, 0x4, 0x0, 0x0, 0x1, 0x4}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000015}, 0x4004)
setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000440)='wlan0\x00', 0x10)
sendto$inet(r5, 0x0, 0x0, 0x400c8c6, &(0x7f0000000180)={0x2, 0x4e21, @remote}, 0x10)
sendto$inet(r5, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
write$UHID_INPUT(r4, &(0x7f0000001980)={0x765, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3245078b089b39353b0e1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b33300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
open(0x0, 0x0, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$inet6(0xa, 0x800, 0x7)

16.265180084s ago: executing program 1 (id=1574):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x28, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x10}}, 0x50}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x31, 0x4, 0x0, 0x0, 0xc4, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev={0xac, 0x14, 0x14, 0x35}, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010100}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @end, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0x5451, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x401c5820, &(0x7f0000000080)={@desc={0xd32780, 0x0, @desc2}})

15.485811078s ago: executing program 1 (id=1575):
socket(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x14, &(0x7f0000000040), 0x50)
listen(0xffffffffffffffff, 0x0)
accept$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000140)={'bridge_slave_0\x00', 0x700})
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4085, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @mcast2, 0x7}, 0x1c)
r2 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_INFO(r3, 0x80206433, &(0x7f0000000080)=""/12)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0185647, &(0x7f0000000100)={0xf000000, 0x6, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f903, 0x0, '\x00', @p_u16=0x0}})
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
syz_emit_vhci(0x0, 0x9)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000240)={0x18, 0x0, 0x1, 0x0, 0x0, 0x1})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000001dc0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000300)="c9", 0x1)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000180)="eabcc61194b6a5e88c2b5fc81183247186e822c2ef5bb9fa614a686891fcb4c4d8e4e1a8dfdb1664566f12805026", 0x2e}, {&(0x7f0000000a80)="dfdd", 0x3e580}], 0x2}, 0x0)
mmap$xdp(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2, 0x400c031, r5, 0x100000000)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4002, 0x4005, &(0x7f0000000000)=0xa636, 0x5, 0x0)

14.876400399s ago: executing program 0 (id=1577):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0a733709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf49ab7edb835efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c576830c49b18ece887b47c37affa1c3f24fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f7a7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f285afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866434acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21832e6d639822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0c5aeb05fced1e492670cabc370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bcdd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a922cb2727ed8f50e6babd152b96ca623be94c4aedf7e6848650026a7e1df48e00f45714233d9ae79f4e5e13ac220d553da26f7e7bd242d0cd26470bfb99fb84e6035bfb962368222ff72c5a8e34092cc0ecadf270882d604da1b59f09eeb28559b9fa6b91a13d5eb2084b77838ee4aaa241703b17a5e53d042879a15170a1273711989ba2b75c2a5deb21a028dbf9b1445e3ccc419ef5adc4de90be49251813b4fc886920f5ea0f6dc25f8adeabe7065fb3d6bda0aebf27d3593d541d4c101a7c2b04c2fef924f4afaccb0603f769ec075a2eea2394c61917a2fb1e13fccc32ab914321464c81b93ce9989477928c09ca498eeb0e6ef2a15d378976aaf9f069e4bf0cef9c1b81855c6f4e003ce3fdfeaba1e69821970fb5ff0a031368666229afc8f4b07b0addab6d492a6b351af1ec5ba1e78c263e0726ed3495941a28b9da32d56acfe40a32fe58f6e722f9bd647eb7cc74ba6fd4343b18956f40cc8ec68bcd7b231b9b979b8ac899dc27b44ac9a0a73fe2f12102bd6f731415aefc6d74c39f211b8e8b98980d7ffafeb3237bbcaacecc095a29c0a1f3e31824fdf23b953f46e38714615e5e531f531dac3c854c5d35c8e69be5d5c468f28d9b13c35a316ae232ddd3088ba4bc14e19263c4e7f847153633a0a850dbe4c45675e702310b83d20bfd865cda44c87389dc000ebef19b9027bc7de167130892c018e09b9b9cf264f7dc51a7ebd29bbd3e39511c9908be44330fe96f6cb202aae4c0a70bb8aa7daedc8f12e99c087f672c67a4aefd9905476ee4f1bce6f2a760d9823703c55b843d3c74b69652edcd7edeee7791fe5d7786d1745583dcd09596a661d18cada70da172e39ca7ff351ae5d5aa9ae786e0f27509b61113722c11dadb045a45a8d8caa50e44062ecbea4cadd127b1d109b2b2760e9f9760de696523c706fa4d1f0092ae1ab7af8d91f2d1eb0f62b3320b58662bf4e607ac9ebe9c04c4f2279aff0a96072024783d133476614df51e92a7f4e3bc526df588edc8b8d48e82f3d4661f3f68bdc1d657f48b29dfe6069eb30bf25fd20ed83f25528809a70438153526d2b6882890ed73cb6670cae24ae78c7291fcb63bb57cf05703a5f4fa82469d3cb374d948f5fed2946161af65ead4ae75a4b1c7cdb6b2b7afb52012623a8ba17b2044968a903b4e4ea02f90f96e09d98fcf15ddbc27732588f43af4f84589718268322693c1006105522cf4e4b69eb58aac52af881b1533b7a52424f8e9030149b080bb69ca211be12d995b054639754795346c9c9a7a3435e2d781436531da8ad3f597e0ce8391a3ccc25c0ae9f0b7a19db85f12d51773b1cd1b675a402f31f89715d14f00719f38198735d0eca672549fb1c5ea21557afa82a78a86ecf17c177b9404c7e0f99e20eb38a3c331b66f9100ddfb6207eba709e86e41f4e408da583b49435913499d83a5975cc4b074aa7174087f6eb476c33824690e65f61e41cddd742f941ece08a5031887975e473e9583d8bb1cf9ae5fae7925b8254cfd15a9f976cdc554139cfc7828a9ee62493a9316c06c53088192614732efa9e9f9956682341daa1dcf5ef824b1692e5962227a30ac75367d207d13180d01c58bb2576ff84b2f3eaaf4b14c271c508cad97f09a5ef7ffa06b87180e989e62ed4c49fec0dbd260d14320cd11f361b66fbaf73038025ac71c36525062396368bddc66ae5ebf3f3b42bf7d06a8cca2e111e527a612fb0c2f976013f3cb49f4624a3b224f4b1f34c019f0401165373078b238cdfb3ed9f192a46f41d807861effaacd8ec57023bee8b311958da9ebd37da4b8260432ce673e2960cfd85c2faa5c4eec4b63b5178b2893e6f19a07ae95a6f38498b636a189d69d8997bbc15dd7a71a8b32bd4dc4ec967ce35192dad8491bbec40ff917f9db859604796614f62f3cd203a7600d599ee90d307c5d08d202253a81766c3763387fd3271e16629e29abfb74f69ee5ff19f56b355fc4ee84c762fcaa2a37fc11c018e5e15294666c497e9b084f0320eee5728feba9c5c82e2997c0e715d9cde6a98e885478b9c14cf86a0bf93c89987a38ee981c9767b29f3e481f4c91f14aa15ec74667e334bbdce1abca24e67156a3b675e9c87c051154a509a883a079e47f8bc15a842475f44cc873ede41358cf2461d26127f0f5a4c9d219d9ab7530632882c1bdda95474ab5433dcdc3fa2e9b489fb64e9b0ff7f1d3658b48f55e9ff376ed7549e951ec1caf391c93f4f0a031daa651b79717b8a6fa01aae8c0fac3ce1bc05eae689a6b8b391a4e0fc79e6834513d3498df91fd1bbc52f3ed46be28e405c90d9d7403a47161e0682b48d33449ab82dc8e912fb3298b25b10a42b38c12ceaa26ff19950e3e043cecbff9cfd43162df856d097e5f1c9f1627e0d432e219e15b487b118e0b0d0b1dc371ba8c8c6c0204439c57b360ee82b616b36e2ba6ba44ef7f6bc899ba7fbfa103d3d193f1e995d08d723b192f6bd83d7e49622580c05e9356d160d07a9dbfb78255e2826145b6d06d148b51366965f3383ee5245b6b29fb8e08b388632f18229ff64049c3efa253d5713ae13e13fd965512f57a1d19a7782716629ecb41e645afb67b34a9af3836f76599fac7234d27eb5551e03f8a236d5ab1096f2f4eb5e9ac7867966af77d04736033e634476eb6bf0625cbc126ab9f669558a7ee1cc618a1d028ba73306f3e6ce48f0e0b531718e3ecc40f19d5d3822056264ce1010132403c3cfff140ff55270a40ac6fe6872ffba0cff2e7ce0ce86589e66f93454bcbf83b9844303bb8da5878f76e86ed1f205854e826b3efa471d76aaa7e260f082ea19baa0d0195d44a5ab4cb8d783f47129dbdfe199003a9beb67ec4df8f9ba556c8768865466fb5c123428b36a8a8b74788796bcc5057ef4568b18d35128361c00f316b6eccc59418839a902b3af26d5041dc883194754e69aa3d647fad1af599607a0966d0b0c01d61ef9267a01fe6ffee3356e529193b09818b8a1fff13ebc115df78aaaf63fc05de82b1ff03e910dfc347eda7f9837a4eb25df57b30e98a9c7482f0446719c651ddf1955099c1724151973ec8adea1de48846467b2aba8c23acd8ed7430e48c2549b77deee3db02bc1b112700ce1d014df38fa4ac37a8f0d52fb34f2827390b3181351bd38b4fa83fa93ef9c12845f4c667dc8c9beff8cd875b91281c606f727100689a6d97a134b938f44f361fc04ffb396449c9cb8c6c33d2977dc24b02e33f2bbfed13fc1ea1dd47acb96a8f37bafe4c34d08643a3b67ab94305f828625c32e1c064fe13a53988837d5d022901b513745c344aaaeaa3613423708a1b3a45dbdbd55693db754863d2c29f9a372f5426fed2c00cf55fd77945c0c5c83aeff9982e0cdcb089650723f00af3c405d95f7a0e920b252e1c1ba0c60391b1979be75fcffd3f338f2e7fefbf6a0d0d6e0e81fd78308050a2800721f7dcdbd877e611154a12411d9e77d267790eb92cfe6441d6e643269d2d99c4bf2482b791f84b1184be2775d8f3a65fbfdb458f005ed2d861d6e9ed09f041584a1fd1f96cf1977451baf6ea87eef711a1741fa031e233e192d726b57b7ea8e374f565e440771f2567057a10b9a052ac67e4928a559057fb48b9022f806937ea9a08dfe0e9964802137733a3576352d40ecf9169b9d7ccd433ad9c3e8afd2bc3eb143d7a6ea7fd5c1fd83fd9ac89e20d411f223d008dc4e8fc5aa0b4e63f70cc10ea6b37e609fcf077797a0968b5bc976ff2b19d26101a356249bb41ff43eb2516555b69b089a9e1e314aebd36278b7c6d8d5e352626e605919d246cdc5e84b7d069c8d0ddbe2e1bf3ed0aa83070998fe5655ec204f1a2ffa2a0d43240218a38f836e1b96880ea6a2069a8422a863e798807122aa1257289c3d2b3a2a6b27e32d442db99e62a1524a6636c4a76cb7282b9e14e9a97571f7bfca7f16205326b1ace7a6183d1166e592b5a550599568154fe962c76b25d886d18f6aa265862a127cc2b23bab19eab997c8dd4e5aac0017793d90291192f9b0e79eff3df835030ea2fafe7adca294a3dd4ac37f9d63c31d4fcef63639a3ee7f8857412099528e615dfd89cf48813710404bc37c4a104d14e13bd93d5c72dc4eb4cbc49f04d1c7c2750a2f8b9b5887c4d1722bea965948d63b883a26d92c24ecd663f48f95820caeca0810dd850507cb1e176e3c8485196f89a930953180d02551ac6ad17ad905802d5b63b16fce4fb3b1dbf8d94bba538ae28f32ab5bf31e05478b264cd704691ef4f9b98c3c24d0cd249c111e731c5326df23e4fd8f7f4bc02ace6f3cced06d2a48a86bd27028d7834c61ef91f007d14c293cd338e724568454f7e70f223331b3089814dbe7efd6f1d1b406c831a0ec2510311aa341984671d60666aeee5fc285b8765c26f92b0a3fcb970ca8bce7a61e25e4f40299ffe0aed150b51a3687f1fa6da62c3b3daa9545efe0f94dba9e7d55dfa6252e294d00eb9cd16ebc82de8ef7b56e3ae8d7c0f2fd862805fa163afe08af6e20cb281826cafeaa36149a681687887e5fe1105901e5e95a618f5733a2e0c0bd2ce0e662549790c822bd9f7b92da7e305daef5d050d89ce84d015cd5a37b80597435127071a5d84c9017cd896ca4ef3846ceb3f6923c379176faae4fbc2ff6c9dd0cefaa852ae6f7e3dfe45b68d02c7bb1f2d972610a", 0x1000, 0x40000001, &(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x80000000, @private2={0xfc, 0x2, '\x00', 0xfc}, 0x80}, 0x80)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r2, &(0x7f0000001540)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000000)=0x402, 0x4)
connect$inet6(r3, &(0x7f0000000340)={0xa, 0x3, 0x0, @remote}, 0x1c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x241803, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e6f3d9d4b607d1046f09a3017602af58f97534f28315d6fb28ccdbd4a4c9c13043b1ff630d53ecace8941d39febf949bec6ae9e77b4e45be99c137986c5ede9db67f3fa675c564309a3c102e1caf7a1bd8f2a0cc15da279d1", @ANYRESHEX, @ANYBLOB=',\x00'])
sendmsg$NFNL_MSG_CTHELPER_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400000001091f01975700000000000000000d0000"], 0x14}}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
pread64(r5, &(0x7f0000000080)=""/75, 0x4b, 0x3)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newlink={0x70, 0x10, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e21}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x1}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x5}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x3}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x6}]}}}, @IFLA_AF_SPEC={0x4}]}, 0x70}}, 0x0)

14.744696538s ago: executing program 0 (id=1578):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000040)={0x8f, 0xa00})

14.457460253s ago: executing program 0 (id=1579):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
write$binfmt_script(r1, &(0x7f00000001c0)={'#! ', './file0', [{}, {0x20, '#'}, {0x20, '\\^!+@,$('}, {0x20, '\''}, {0x20, 'hl\x00'}, {0x20, '\'{\''}, {0x20, '\\.'}, {0x20, '#! '}, {0x20, 'LED\x00'}], 0xa, "85e993fc1817270eaf8ab41f45a86810fb2e74f57e71a8ed2f0fed"}, 0x48)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x3, &(0x7f0000000180))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x4)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
userfaultfd(0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r5 = syz_io_uring_setup(0x37b2, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r5, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r8, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000380)={0x401, 0x1, &(0x7f00000000c0)=[r9], &(0x7f0000000200), &(0x7f0000000300)=[0x0], &(0x7f0000000580)})
socket$nl_route(0x10, 0x3, 0x0)

13.159728226s ago: executing program 1 (id=1581):
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x100800001)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x283, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d4e3b04397f7a66a0f0b769bc097d48d09fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66d3ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096e5dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e82ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6e57cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa32600"/643})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0000000000000000f84900537fcb5a7b010073797a7de2f308278f300000000030000000090a000000000000000000000000000008000a40000000000900020073797a32000000000800054000000000140000000c0a00000000000000000000000000001400000010000100000000000000"], 0x8c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x1c8, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffe0}, {0x2, 0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x198, 0x2, [@TCA_GRED_LIMIT={0x8, 0x5, 0x4}, @TCA_GRED_MAX_P={0x8}, @TCA_GRED_STAB={0x104, 0x2, "6f9c29745866749223f963f886722428930e39ec6ac30ee16c2c9d0768da8b274a8c33af0a3fc41551ab9e1d7c50ee8a7137d1c05b5299d86f52072fb08316fc155ee2334f6620cf89aa68eef43d1213c663705c51a341c8fca89f17defc32d1f0b6457e5a7f9704ff001c7f21bdaf5545d5270ed517a9de7ae6e124d5b471a188d954ba5f93be27f7e90360c07065cb07d9b690ecbf7eb0fbd8563bc50e3a7ae1778cb68ac34610c514bd046909d2ed4de92b06cb359486b946ef967ac20f4d25534f239693d0cb733b40ae226f001cf8b81b8fc4d8c5eb8a27631c82a01c43ff285ff1273bf76c37732624d2a8cbc061554fd533bde21659cc686b2ede7517"}, @TCA_GRED_PARMS={0x38, 0x1, {0x0, 0x0, 0x2, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}}, @TCA_GRED_PARMS={0x38, 0x1, {0x0, 0x2, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80}}, @TCA_GRED_DPS={0x10}]}}]}, 0x1c8}}, 0x8000)
r5 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000014, 0x13, r5, 0x2000)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
connect$inet6(r7, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="02c90012000e14000a0000000700ffff00000700000000"], 0x17)
syz_emit_vhci(&(0x7f00000004c0)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000480), 0x800, 0x0)
syz_emit_vhci(0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000280), 0x8, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x800, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

12.671663286s ago: executing program 0 (id=1583):
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$media(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f00000001c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0x10, "3ab4f94441619fa9b4441e07129d18d5"}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40081)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073"], 0x7c}}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x8, 0x2}, 0x80, &(0x7f0000002540)=[{&(0x7f0000000100)='b', 0x1}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @timestamp, @timestamp, @timestamp], 0x4)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GSUBSCRIP(r4, 0x89e0, &(0x7f0000000f40)={'wlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='io.stat\x00', 0x275a, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000), 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_DO_IT(r6, 0xab03)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)

9.907555159s ago: executing program 0 (id=1586):
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40106614, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_get$pid(0x3, 0x0)
socket(0x10, 0x3, 0x0)
r3 = dup(r2)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3de4079cd7676ae940973768fa942cb03ff01c6f", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',k'])
chdir(&(0x7f0000000040)='./file0\x00')
r4 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x10, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000580)=0x3, 0x4)
r6 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', <r7=>0x0})
sendto$packet(r5, &(0x7f0000000200)="a05dd744808f65a379edf65111cf", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x0, r7}, 0x14)
landlock_restrict_self(r4, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000380)=@urb_type_control={0x2, {}, 0x0, 0xa4, &(0x7f0000002b00)={0x5f}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
preadv(r8, &(0x7f00000002c0)=[{&(0x7f0000000000)=""/228, 0xe4}], 0x1, 0x0, 0x0)
r9 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x890b, &(0x7f0000000000))

8.056992371s ago: executing program 0 (id=1589):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
write$binfmt_script(r1, &(0x7f00000001c0)={'#! ', './file0', [{}, {0x20, '#'}, {0x20, '\\^!+@,$('}, {0x20, '\''}, {0x20, 'hl\x00'}, {0x20, '\'{\''}, {0x20, '\\.'}, {0x20, '#! '}, {0x20, 'LED\x00'}], 0xa, "85e993fc1817270eaf8ab41f45a86810fb2e74f57e71a8ed2f0fed"}, 0x48)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x3, &(0x7f0000000180))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x4)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
userfaultfd(0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r5 = syz_io_uring_setup(0x37b2, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)=<r6=>0x0)
syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r5, 0x184c, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r8=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r8, <r9=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000380)={0x401, 0x1, &(0x7f00000000c0)=[r9], &(0x7f0000000200), &(0x7f0000000300)=[0x0], &(0x7f0000000580)})
socket$nl_route(0x10, 0x3, 0x0)

4.895373102s ago: executing program 3 (id=1592):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0x17, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000000000085000000a000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000000000008500000017000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x33, &(0x7f0000000040)=0x8001, 0x4)
listen(r5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {}, {0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_SRC={0x8, 0x1b, @empty}]}}]}, 0x3c}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3.663169289s ago: executing program 3 (id=1593):
r0 = syz_open_dev$usbfs(&(0x7f00000003c0), 0x1ff, 0xa401)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, 0x0)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000080)=r1)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, 0x0)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, 0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2}, 0x10, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="280000000606ff79000000914b79c036c373df04010007000000249c4e22a154c187831551000000000000000000000000000b399581d571b7ae07ad95c5966259ed44be8aef1c8a3216445c21aeebb388c7ddd45c60fa701afbc27d42243e1add7b7279d45dfc42024121dc53b331fdce10"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x400c0)
pread64(0xffffffffffffffff, &(0x7f0000000240)=""/112, 0x70, 0xfffffffffffffff8)
r4 = socket(0x15, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'geneve1\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000004280)={'geneve0\x00'})

3.549748834s ago: executing program 3 (id=1594):
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$media(&(0x7f00000001c0), 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f00000001c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0x10, "3ab4f94441619fa9b4441e07129d18d5"}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x40081)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073"], 0x7c}}, 0x0)
r3 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x8, 0x2}, 0x80, &(0x7f0000002540)=[{&(0x7f0000000100)='b', 0x1}], 0x1}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@timestamp, @timestamp, @timestamp, @timestamp], 0x4)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GSUBSCRIP(r4, 0x89e0, &(0x7f0000000f40)={'wlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='io.stat\x00', 0x275a, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000), 0x0)
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_DO_IT(r6, 0xab03)
ioctl$NBD_CLEAR_SOCK(r5, 0xab04)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)

2.320933992s ago: executing program 3 (id=1596):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0a733709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf49ab7edb835efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c576830c49b18ece887b47c37affa1c3f24fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f7a7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f285afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866434acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21832e6d639822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0c5aeb05fced1e492670cabc370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bcdd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a922cb2727ed8f50e6babd152b96ca623be94c4aedf7e6848650026a7e1df48e00f45714233d9ae79f4e5e13ac220d553da26f7e7bd242d0cd26470bfb99fb84e6035bfb962368222ff72c5a8e34092cc0ecadf270882d604da1b59f09eeb28559b9fa6b91a13d5eb2084b77838ee4aaa241703b17a5e53d042879a15170a1273711989ba2b75c2a5deb21a028dbf9b1445e3ccc419ef5adc4de90be49251813b4fc886920f5ea0f6dc25f8adeabe7065fb3d6bda0aebf27d3593d541d4c101a7c2b04c2fef924f4afaccb0603f769ec075a2eea2394c61917a2fb1e13fccc32ab914321464c81b93ce9989477928c09ca498eeb0e6ef2a15d378976aaf9f069e4bf0cef9c1b81855c6f4e003ce3fdfeaba1e69821970fb5ff0a031368666229afc8f4b07b0addab6d492a6b351af1ec5ba1e78c263e0726ed3495941a28b9da32d56acfe40a32fe58f6e722f9bd647eb7cc74ba6fd4343b18956f40cc8ec68bcd7b231b9b979b8ac899dc27b44ac9a0a73fe2f12102bd6f731415aefc6d74c39f211b8e8b98980d7ffafeb3237bbcaacecc095a29c0a1f3e31824fdf23b953f46e38714615e5e531f531dac3c854c5d35c8e69be5d5c468f28d9b13c35a316ae232ddd3088ba4bc14e19263c4e7f847153633a0a850dbe4c45675e702310b83d20bfd865cda44c87389dc000ebef19b9027bc7de167130892c018e09b9b9cf264f7dc51a7ebd29bbd3e39511c9908be44330fe96f6cb202aae4c0a70bb8aa7daedc8f12e99c087f672c67a4aefd9905476ee4f1bce6f2a760d9823703c55b843d3c74b69652edcd7edeee7791fe5d7786d1745583dcd09596a661d18cada70da172e39ca7ff351ae5d5aa9ae786e0f27509b61113722c11dadb045a45a8d8caa50e44062ecbea4cadd127b1d109b2b2760e9f9760de696523c706fa4d1f0092ae1ab7af8d91f2d1eb0f62b3320b58662bf4e607ac9ebe9c04c4f2279aff0a96072024783d133476614df51e92a7f4e3bc526df588edc8b8d48e82f3d4661f3f68bdc1d657f48b29dfe6069eb30bf25fd20ed83f25528809a70438153526d2b6882890ed73cb6670cae24ae78c7291fcb63bb57cf05703a5f4fa82469d3cb374d948f5fed2946161af65ead4ae75a4b1c7cdb6b2b7afb52012623a8ba17b2044968a903b4e4ea02f90f96e09d98fcf15ddbc27732588f43af4f84589718268322693c1006105522cf4e4b69eb58aac52af881b1533b7a52424f8e9030149b080bb69ca211be12d995b054639754795346c9c9a7a3435e2d781436531da8ad3f597e0ce8391a3ccc25c0ae9f0b7a19db85f12d51773b1cd1b675a402f31f89715d14f00719f38198735d0eca672549fb1c5ea21557afa82a78a86ecf17c177b9404c7e0f99e20eb38a3c331b66f9100ddfb6207eba709e86e41f4e408da583b49435913499d83a5975cc4b074aa7174087f6eb476c33824690e65f61e41cddd742f941ece08a5031887975e473e9583d8bb1cf9ae5fae7925b8254cfd15a9f976cdc554139cfc7828a9ee62493a9316c06c53088192614732efa9e9f9956682341daa1dcf5ef824b1692e5962227a30ac75367d207d13180d01c58bb2576ff84b2f3eaaf4b14c271c508cad97f09a5ef7ffa06b87180e989e62ed4c49fec0dbd260d14320cd11f361b66fbaf73038025ac71c36525062396368bddc66ae5ebf3f3b42bf7d06a8cca2e111e527a612fb0c2f976013f3cb49f4624a3b224f4b1f34c019f0401165373078b238cdfb3ed9f192a46f41d807861effaacd8ec57023bee8b311958da9ebd37da4b8260432ce673e2960cfd85c2faa5c4eec4b63b5178b2893e6f19a07ae95a6f38498b636a189d69d8997bbc15dd7a71a8b32bd4dc4ec967ce35192dad8491bbec40ff917f9db859604796614f62f3cd203a7600d599ee90d307c5d08d202253a81766c3763387fd3271e16629e29abfb74f69ee5ff19f56b355fc4ee84c762fcaa2a37fc11c018e5e15294666c497e9b084f0320eee5728feba9c5c82e2997c0e715d9cde6a98e885478b9c14cf86a0bf93c89987a38ee981c9767b29f3e481f4c91f14aa15ec74667e334bbdce1abca24e67156a3b675e9c87c051154a509a883a079e47f8bc15a842475f44cc873ede41358cf2461d26127f0f5a4c9d219d9ab7530632882c1bdda95474ab5433dcdc3fa2e9b489fb64e9b0ff7f1d3658b48f55e9ff376ed7549e951ec1caf391c93f4f0a031daa651b79717b8a6fa01aae8c0fac3ce1bc05eae689a6b8b391a4e0fc79e6834513d3498df91fd1bbc52f3ed46be28e405c90d9d7403a47161e0682b48d33449ab82dc8e912fb3298b25b10a42b38c12ceaa26ff19950e3e043cecbff9cfd43162df856d097e5f1c9f1627e0d432e219e15b487b118e0b0d0b1dc371ba8c8c6c0204439c57b360ee82b616b36e2ba6ba44ef7f6bc899ba7fbfa103d3d193f1e995d08d723b192f6bd83d7e49622580c05e9356d160d07a9dbfb78255e2826145b6d06d148b51366965f3383ee5245b6b29fb8e08b388632f18229ff64049c3efa253d5713ae13e13fd965512f57a1d19a7782716629ecb41e645afb67b34a9af3836f76599fac7234d27eb5551e03f8a236d5ab1096f2f4eb5e9ac7867966af77d04736033e634476eb6bf0625cbc126ab9f669558a7ee1cc618a1d028ba73306f3e6ce48f0e0b531718e3ecc40f19d5d3822056264ce1010132403c3cfff140ff55270a40ac6fe6872ffba0cff2e7ce0ce86589e66f93454bcbf83b9844303bb8da5878f76e86ed1f205854e826b3efa471d76aaa7e260f082ea19baa0d0195d44a5ab4cb8d783f47129dbdfe199003a9beb67ec4df8f9ba556c8768865466fb5c123428b36a8a8b74788796bcc5057ef4568b18d35128361c00f316b6eccc59418839a902b3af26d5041dc883194754e69aa3d647fad1af599607a0966d0b0c01d61ef9267a01fe6ffee3356e529193b09818b8a1fff13ebc115df78aaaf63fc05de82b1ff03e910dfc347eda7f9837a4eb25df57b30e98a9c7482f0446719c651ddf1955099c1724151973ec8adea1de48846467b2aba8c23acd8ed7430e48c2549b77deee3db02bc1b112700ce1d014df38fa4ac37a8f0d52fb34f2827390b3181351bd38b4fa83fa93ef9c12845f4c667dc8c9beff8cd875b91281c606f727100689a6d97a134b938f44f361fc04ffb396449c9cb8c6c33d2977dc24b02e33f2bbfed13fc1ea1dd47acb96a8f37bafe4c34d08643a3b67ab94305f828625c32e1c064fe13a53988837d5d022901b513745c344aaaeaa3613423708a1b3a45dbdbd55693db754863d2c29f9a372f5426fed2c00cf55fd77945c0c5c83aeff9982e0cdcb089650723f00af3c405d95f7a0e920b252e1c1ba0c60391b1979be75fcffd3f338f2e7fefbf6a0d0d6e0e81fd78308050a2800721f7dcdbd877e611154a12411d9e77d267790eb92cfe6441d6e643269d2d99c4bf2482b791f84b1184be2775d8f3a65fbfdb458f005ed2d861d6e9ed09f041584a1fd1f96cf1977451baf6ea87eef711a1741fa031e233e192d726b57b7ea8e374f565e440771f2567057a10b9a052ac67e4928a559057fb48b9022f806937ea9a08dfe0e9964802137733a3576352d40ecf9169b9d7ccd433ad9c3e8afd2bc3eb143d7a6ea7fd5c1fd83fd9ac89e20d411f223d008dc4e8fc5aa0b4e63f70cc10ea6b37e609fcf077797a0968b5bc976ff2b19d26101a356249bb41ff43eb2516555b69b089a9e1e314aebd36278b7c6d8d5e352626e605919d246cdc5e84b7d069c8d0ddbe2e1bf3ed0aa83070998fe5655ec204f1a2ffa2a0d43240218a38f836e1b96880ea6a2069a8422a863e798807122aa1257289c3d2b3a2a6b27e32d442db99e62a1524a6636c4a76cb7282b9e14e9a97571f7bfca7f16205326b1ace7a6183d1166e592b5a550599568154fe962c76b25d886d18f6aa265862a127cc2b23bab19eab997c8dd4e5aac0017793d90291192f9b0e79eff3df835030ea2fafe7adca294a3dd4ac37f9d63c31d4fcef63639a3ee7f8857412099528e615dfd89cf48813710404bc37c4a104d14e13bd93d5c72dc4eb4cbc49f04d1c7c2750a2f8b9b5887c4d1722bea965948d63b883a26d92c24ecd663f48f95820caeca0810dd850507cb1e176e3c8485196f89a930953180d02551ac6ad17ad905802d5b63b16fce4fb3b1dbf8d94bba538ae28f32ab5bf31e05478b264cd704691ef4f9b98c3c24d0cd249c111e731c5326df23e4fd8f7f4bc02ace6f3cced06d2a48a86bd27028d7834c61ef91f007d14c293cd338e724568454f7e70f223331b3089814dbe7efd6f1d1b406c831a0ec2510311aa341984671d60666aeee5fc285b8765c26f92b0a3fcb970ca8bce7a61e25e4f40299ffe0aed150b51a3687f1fa6da62c3b3daa9545efe0f94dba9e7d55dfa6252e294d00eb9cd16ebc82de8ef7b56e3ae8d7c0f2fd862805fa163afe08af6e20cb281826cafeaa36149a681687887e5fe1105901e5e95a618f5733a2e0c0bd2ce0e662549790c822bd9f7b92da7e305daef5d050d89ce84d015cd5a37b80597435127071a5d84c9017cd896ca4ef3846ceb3f6923c379176faae4fbc2ff6c9dd0cefaa852ae6f7e3dfe45b68d02c7bb1f2d972610a", 0x1000, 0x40000001, &(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x80000000, @private2={0xfc, 0x2, '\x00', 0xfc}, 0x80}, 0x80)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r4, &(0x7f0000001540)={0x2020}, 0x2020)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r5, 0x29, 0x48, &(0x7f0000000000)=0x402, 0x4)
connect$inet6(r5, &(0x7f0000000340)={0xa, 0x3, 0x0, @remote}, 0x1c)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x241803, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e6f3d9d4b607d1046f09a3017602af58f97534f28315d6fb28ccdbd4a4c9c13043b1ff630d53ecace8941d39febf949bec6ae9e77b4e45be99c137986c5ede9db67f3fa675c564309a3c102e1caf7a1bd8f2a0cc15da279d1", @ANYRESHEX=r3, @ANYBLOB=',\x00'])
sendmsg$NFNL_MSG_CTHELPER_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400000001091f01975700000000000000000d0000"], 0x14}}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
pread64(r7, &(0x7f0000000080)=""/75, 0x4b, 0x3)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', <r8=>0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newlink={0x70, 0x10, 0x1, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r8}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e21}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x1}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x5}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x3}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x6}]}}}, @IFLA_AF_SPEC={0x4}]}, 0x70}}, 0x0)

1.386430685s ago: executing program 3 (id=1597):
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f00000003c0)={0x3, 0xfff, 0x1, 0x6, 0x1f})
capset(&(0x7f0000000680)={0x19980330}, &(0x7f00000006c0)={0x0, 0x0, 0x101})
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r0 = getpid()
process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
syz_emit_ethernet(0x107e, &(0x7f0000003200)=ANY=[@ANYBLOB="ffffffffffff000000000000080048011070006500000d219078ac1e0101ac1414aa862c000000020212e54eb99cb0ac9c06364120c335f4db8e00063f8e6cc4c20eb907ae1fc972d0d8f3c80599891f34e0000001ac1414bbe0000001ac1e2001ffffffffffffffffac1414bb004e224e2204119078caa88f9701a2c3c72c4afc455b3b7294267daada08ab989ac298d70a15a0bb85ba687f5788aab21b415aff61e49c5d59a41da8e23297d4c68fe0a8454427c2e34118ef3aec29cfc1fccc465e32b0519892c672d5d3a04782119379b34f3b477db431e7275521aa8e37dad233a8106b494b23aebd0a643d92460aefa622192a7e6aa1b14937b8f84578bc15fc2a1d1d62a472b6c71327aee8ca666d5be1a0ad77f315b6118c9dac8661cefb8acd47176ab47103886aa54720bbe62dcd677da3f5f2ce7e15c01025879e5e310547af95cd4980cf5e954f3b82ee40767818f80647026866da334770d1cd3b096aae7c6f181a53938e7548e939787512c8087c6b6812e999f06d6094be7f4e7a38bd482ec3b2077a91f8f7dff8994281b6924f8063838893bec2850d9422d295aa05f0d6822304f7aca778567bce8bb7ea71f8ca28b514132b5b6ab02d08f262560b181e5d51f43cc8dd57b5d29800f005e1c8f66a74b3cfd90fc064ffbf39743234b9d516504be5a1aba592272bc6dea2002723e3565b43b8f3fe03ee599c88d4beeed6c59e9c9baab581b884e63fc1796f27c4d8798bc6287bcc4f06c2220f86e0e16c61d75443b67844e5b0f2791079a81c62c69758b8325a5b00e4bdf04d68080e487289f82a93338893f6cfa1e882095032cb9472e4fce47d07ab8a03baebb606b4b2b039de89876a0406334b8d9769d1470ad82ca26b3b6582814ec62e6e43aa8e21218bb8a0681ab2a73fbe4398f48ea3f3535fc4f4e0c93a658472756a14ba9d4959681019168e4238881b724f29960448516939dbe724269b86d697896420be86e5826c96ff90725fe11c95454c41545c1ce81e8dd884a75b279797448ad2ef3e8f7ed0a26e4c5dc1d4822b27c33f5e81c701ff3e764fc8c592cf01e2cdfc80d217dd8ed787d48543b5502d9df329c1c0579fec6199c9c24f619a3cd55fc1285e2193bf7c99d823d21d8ac4acb88a1366aeea4615c29697ed47eeac967082338db2133b42624b2ccd0bb3e59d12a026b3d73d4a39f8239365d112f85e9b1d30c6ce79e3b52a1afc748e8d86f4b8fe1e1f67223d66f32db125c21a785bffe6753dfda7abb82b4c8a091fadf734b5f23f5b6aa15a1635b75635967f34bbb1ed94eaf5bbc69f2828390b33bf7ce018912ab563adfc9f8f5e777bb1fd2d3b57a5026c5b3a03294847b8e51ad550cf47ac4f8238ecfdfd8ef76f6af9249e4cd89bc1b7e0a47bdd4f5d923c7dfa2d41497ba9716294767d49e7a2d88f60391599bb098737dc142b99e000f5ce853157eee51ade240c1956b5df8957dbb541327fbb202c340a6ec671592dc20e9a0f6f0918973eaf6c7860273e6a4bfee36967ade0adf7bd092dfe09c19a8646e47780555e58f82b4faee6f8e304b0b44a745f0d3a64ff2d620373b4c4739a28f3217e3f7c8a919e23bc9a2e6f00ac66089d009dd560e5b6bfda6fc04e2e95e2b268e1640e2fe7c7f6d23eecb3df81d9c0957a3e06240aefdc8657fab3bf02c0993ab13f01c8f817995944ee1656f7969dab32e6cd44dbef413684099365abc63e95960c9fb0da99fda53e8ecac806ab4943947ad5ce700ef08d6518419eaf293cbd92da7c8f1417a4995ca689c316aff36542fce6c402da73ad8c0b8c1f2bf402af63ac9d045af170b7fc4fc07c87cc650e9677ad6b006190a319e6273e6b7471fb8e73d3183c145397464a18b5545aa5de9a42f95726bd7f0fe6ac85ff3ecd290b2ca60c6175f8bc48a44ed1872d5548c6447cd53070d6b92736ba7d26b901e1e86889cefabb9e19c39d3c7713d53464c9804067dbab255e9f557251421d362bb5568ab03c0ecffdd59d06583c75848e49d864979be2fa0338348a1881eb35bf5ea71a65b9fc483a157e7a8e199114b8f8d5cf6fc79771fa4f845feb8ae4841d92633005ecabfd2ca829b1bab927c53f99957d81ddae8244b6d18b19d4e7b3a27df987ba3138126907c31d6f77342e5ef86e806e6685cfde44c285df95f6d52bd37dd4269c28afd7123deb8307d029213d0709ae0a5f95f49a004308a5965c1d355543c62fa4ed5e8e32105692389012bdd32a358bf8e19030e6a3dc55324f87e62815eb6bbabb34fd59ce4f5e8f9e073fa5e8b09399520de8e1844fc755b2879fb42a97b4557cf010dd1544d4026f43146824a9fa2fc50cdf34f76939216f43d4d299d8a68b189dbfc794dc9c4000a092633638a8f918fdfbde5ea0de8259fb0e9e36bc90c731a9e930178fc93536aa1e6be27e64e65e4badca43ee28418535373852590166ba2e947df35f97f0ed221d2f3991eaa36ad79b6977df509bd92d21fda3ac68a5a45483a2846b9bada8481cbbffacc4211599c00276dc7137ce6810376f48667d1f282333d8dbd62c94815eba4a18018b6ae55b1bd1502ece0ebeb849a6ba89a35d3b3329ca0c0e50e0a0b1b02b11373d957ac3a774ae05bb744da5974fb949a39d7bedd67067f30426b4cae30edaee462d69c108e5ed7a52924e6beb42ed0a8409090937a201d693bbc11e1761959715e61f09f60554b049736ad1873b3ce50e825d532a4dacbe93c74edd16ccf1ff640b27846c4c941b6a6a0ccc396f97ada0b660a14ab0e6cd34cb203f8b74672d668059e0a4ae3e48cb161f12a739dc3a030022e9e94156c35da64eb678a02e0526c4598406cf357cce1ba278a7e0759fbaa04075a1c1b355d429220685953f8e63a8dd880dba0556d16c06f03621b9a80d5b2a183a908f6d85f0c63edfa737dfd8786ead821e62c05b4926e58fbf37c3ffb7120f0cd68a77f30ea85336cb84680be8130cbe429ff4c2f35e99386a5c4a4aa69c3de016ebe3341a6dbc2506b63f1982e13d72b5065dc930f9329e09aa039d1d3fa6ac8becbda373cf55749a4d4ca079a3094d3f479733b0f11762de913a847374511a4d978d405c303dfcbdc735c69fb243f707a2de0e1bad77f30137acba99088152bbab24ba72a9b1b5e90330ffad9e42269a773b80bc6bd56a2328bdaa569037f6e98340b80e2a873750340b0010e057e0537b7833a07b214f5047b91dc4842118e36c767d6eae05aee0886fb8b89c1fd4429f36aecf38c13d422506c00d920ea09d843b8c7b8a71d2b585a0065808f45b29b9d1f3bb28ff9139a99e99060ceca1e2b553ad7e67561e20aada2ed7527b87eb262651212fa6f7e333290c606bb59129de4c9c0b0f1a99e42f7d5fe3679eb4bd8723b19d2aa52c6e6d345e42a514164d8c32f24a8eb47db60b356d83785b77fcbabbcc612c19fc2e23f1aadbaccdd4594e9878d462a1427315cfcfff371bc5c85353028e02c88db5066bd3418c89b45efaa705c2e69085cdef7dd9235a11664035fdb608dd95f4a2f4883a09b7d6e427700bf741da8236ffba3ea3c960873c4a99ccb322e0b2c37435438e5d630ba58c120f3f817e91ed4150acc54549f06eadfed6e0893be774468d2826185ae6cfba10d302cf0fc435a5708c871aed37bcdfe54f51ab8e31abaff088a02942f236b2ec16784171a09fc03ed063f38a13bbd75f836f50f60e3694c0657a6e4cf43d3b40fa507428b53c377197d1eae979709780afb9a3fc463b528c3cd989fca12f432b0d1478dc094c644e45accdef2833790de87c192f1e73b47a0aed809284310273aec975b562e480972fd9bde86b10734d118bd66e9a0b9fbd5f766c3d1831b1ac886d6f4a28ce43f520edb57ffe3fbabcc3d7fef4849a30d18d9b19c9069d53fed871855e522f41ef9401de1304162cbfa4bce8583c60c83a3fb2171b7ad5d4d8da29e460dc6f8aa9fce240a15b12486b202aedf8719325ed0a45cdc69cab19d1b8498a3bf0d178778dd6c55a818046f690906da479e75e621ae21852e3203f1f9d5d7c33c582dfbbf19881802246b12b1fb7f362c1f1e6795c95e715a3f6274ddcf21d55a4eebe04781d168e2037dc72efca883565f8613d32a464f88916f5d20d2b4315cffcc0f29395e17e57cae8151ec93c776d43f502e84bb9b9900be8ccbb66e36f4d3e1e8ea8e140fc1a705828c5cff81cad4517aaa48f44737995eec0ea1d9bf0077f3b1d1c43dd0bf1d6b9d55d25981476963b78536293ca954cccedae0e66b2723ba5663f1113754103570eca3a9d9e5a8152329970aeabe75e64c538781e899bb076970a3eea33e1432928da682baced9276f67d3d6fc955b90def70e3107e7e3f83a3c72da0de2ddce01788c1261f2f92c500b2978d9b3fa9f152edd26aefdb79a29c0de343a08e2eb90cd3c03d2ff639b722494ffc8c25ae59c06aa13584500341933fa2ded78350f4fe2e662d05caeb7ce72a9177fd5dda47b074beda4d6a0a68eec44d919bb569fc4424b9ba75c07eec4993bcd7d4b50ab7ff8d603bdd162e82c565dbd6cd75676a6c3b0b5df2a5e2ff8308172d343955b1527839f7ae58e4b7ae7c8e78bde411169e798d19e22b5a0b77f6a63f7f3a3501c6e9d601a160dbe481252151bcfd0e59b469c73d842626b5b053bfa498a6437705d840f00083db18820c56591abb5bac76510ee6b8953b6ed60d767b026493efb19549b2537a318796e333bd6e091075d1c66fd89519af10103ee1f7a67c81dab9890e1f784e71815a0190aa92b16c69950ed52ba750a3b3e24f1dffbd7563069435b7201a9f81e3b30589f0579f6d197aeb589aa71876f04cd80c697b839d22ad47b8a11ed742620abdf0ecf97da4d0d840e1635335c86c82d0dd9f74bcf58899a2a0ec80f7a039dde2143cf91a6635d6b680c3fccffda7de5b4df17ac39db5465f596102e163e678a01fa54e6b16c7a11d016f5da6ba22ea52e08702d3d9e323cabda2e8deec4c9f0dd825974a234a208f264d6fe556ddcccddedbe2c7e6db141b4c368bc344b55e9193bcbe09fe6c3cd5d05c9d459a85bc1150cad2b0aa1c9693edffee38d0598b1aea816dd91e684dd62d5d29e9b6a9dbf876fd52bad5fd24df2c214ad0be154f22525639a9d390a5f426ac79faa1a41bcab03c92f01631a10e2c5fc657c63abe213950e1009f8be0fc60640dac157761f174534611ad5d895dfcd718e69b19b87978eb975864b4aa6e6ed7d1b09c4214a14b8b2ba26ff6beababd03ecdd7657266147d2ea275015c5adfcfe3b9afc3822ddea162a87327a078ec0513001190e781392574cbb89be3ad8c5f2ced5d4a1109181c0328b3c73b60f74ed9670ea8e737e47c3c6bcf1d07dc84336366cb36e05be4acdaa10122d880ca04649d671c43a8a3ab504a31531620783fdc6dc2c8be75bfc8f613bb51e476cd7fb582fd49014a8a0eaee4c6499524accf2b4844484f315a69bca2dbe45223d8cfbe04ce37cefc4a33fb61148967ec1db14871856f690fc6ebfd7d20d868e6e4272f551223b07123caf8ed9d8c82b0f4e5f501c59c47349d3cb574ef502129afb3df3f33ac5b94afe25c56867e23f83691f0c8f7ac5799711f6718331d3eb88de7264332f644a54cde3d980c050494d65220e181bab48f65d1f391a90a36147afa6e659d63c80c1d3640d0c2ed12f812931d89f05d69f3eab5a812ee65e39b4fab366e50680801f5129aa7f98c081cc34b83a2d39079c4d7583832f469c0a7c9042b03a0a918f498dec741d7d8d95944c7d36245467791991e6feeff78b270817a203f543b68dd1b0d340ddb5c6fe6e52a256fa4e79ce1d28ce288c7e91353c795ad1894e3562857f1b3dfecfb74797048b515e29b04add82dfae13c29a5b422a8748d27e300fdcc84f4fce95dad394282"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYRES64], &(0x7f0000000000)='GPL\x00'}, 0x90)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240))
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="58c8e4f22cc7b1b60ee92789e3263fcfad677d8a664481fa1e36e8d417bc6635be9133178b1f805e0ff8b1a6cec597862bfc794e743f3ad53293b402c57c3f7dd4e51c312643a85929772c3453491df3ff153755e559bfc5c398b04eced3", @ANYRES16, @ANYRES64, @ANYRES32, @ANYRESOCT, @ANYBLOB="58cd3fdb2a610faa82109b73acf1b8305fff1e46dd6ccdb80cf0058d63b1bcbb977b0163f2e71e47579495ed27e91311bff68c955cf3ec98bfe5bfdbcc6ce14c5e0716e99e6f846374782b95bbc1e23db3b54b58c7da303893041fbcbbce6c504481a0c0f37165fb424801469a412a055162389a648ec9f60b5632cbb9c00ea34c0d050ee29915bcd55c5e3696a4b86a653e9ae6125b3e8f2ef42dd6cb4928"], 0x2000011a)

0s ago: executing program 3 (id=1598):
socket$alg(0x26, 0x5, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0)
readv(r1, &(0x7f0000001640)=[{&(0x7f0000000080)=""/61, 0x3d}], 0x1)
syz_usb_disconnect(r0)
syz_io_uring_setup(0x0, 0x0, 0x0, &(0x7f0000001340))
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={r3, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000001680)={<r4=>0x0, "fbb073862d7ccdca04c47751f867d5f2"})
ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000480)={r4, 0x0, 0x1, 0x1})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={<r7=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r6, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r7}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r6, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r7}}, 0x18)
read$FUSE(r5, &(0x7f0000003000)={0x2020}, 0xfffffe40)
timerfd_create(0x0, 0x0)
syz_io_uring_setup(0x6908, &(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
pselect6(0x40, &(0x7f00000000c0)={0x100, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x10000, 0x3, 0x80000000}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 as /devices/virtual/input/input31
[  606.502819][ T9741] hsr_slave_0: entered promiscuous mode
[  606.548438][ T9741] hsr_slave_1: entered promiscuous mode
[  606.558327][ T5101] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  606.578147][ T5101] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  606.588980][ T5101] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  606.596948][ T5101] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  606.607182][ T5101] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  606.619566][ T5101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  606.625863][ T9741] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  606.673472][ T9741] Cannot create hsr debugfs directory
[  607.080483][ T8710] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.474268][ T8710] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.712948][ T8710] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.967973][ T5100] Bluetooth: hci1: command tx timeout
[  607.985004][ T8710] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  607.998504][ T9986] block nbd3: shutting down sockets
[  608.020694][ T9929] chnl_net:caif_netlink_parms(): no params data found
[  608.169658][ T9990] input: syz0 as /devices/virtual/input/input32
[  608.688851][ T5101] Bluetooth: hci2: command tx timeout
[  609.030472][ T9929] bridge0: port 1(bridge_slave_0) entered blocking state
[  609.039707][   T30] audit: type=1400 audit(1720405556.882:495): avc:  denied  { setopt } for  pid=9997 comm="syz.1.1029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  609.064694][ T9929] bridge0: port 1(bridge_slave_0) entered disabled state
[  609.074269][ T9929] bridge_slave_0: entered allmulticast mode
[  609.118063][ T9929] bridge_slave_0: entered promiscuous mode
[  609.337406][ T9929] bridge0: port 2(bridge_slave_1) entered blocking state
[  609.355204][ T9929] bridge0: port 2(bridge_slave_1) entered disabled state
[  609.363978][T10002] FAULT_INJECTION: forcing a failure.
[  609.363978][T10002] name failslab, interval 1, probability 0, space 0, times 0
[  609.365990][ T9929] bridge_slave_1: entered allmulticast mode
[  609.389429][T10002] CPU: 1 PID: 10002 Comm: syz.3.1031 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  609.399723][T10002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  609.409811][T10002] Call Trace:
[  609.413372][T10002]  <TASK>
[  609.416629][T10002]  dump_stack_lvl+0x16c/0x1f0
[  609.422311][T10002]  should_fail_ex+0x497/0x5b0
[  609.427033][T10002]  should_failslab+0x9/0x20
[  609.431592][T10002]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  609.437109][T10002]  ? skb_clone+0x190/0x3f0
[  609.441587][T10002]  skb_clone+0x190/0x3f0
[  609.445884][T10002]  netlink_deliver_tap+0xab3/0xd90
[  609.450618][ T9929] bridge_slave_1: entered promiscuous mode
[  609.451018][T10002]  netlink_unicast+0x6be/0x820
[  609.461598][T10002]  ? __pfx_netlink_unicast+0x10/0x10
[  609.466926][T10002]  netlink_ack+0x6a6/0xb90
[  609.471387][T10002]  netlink_rcv_skb+0x348/0x440
[  609.476193][T10002]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  609.481699][T10002]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  609.487036][T10002]  ? security_capable+0x98/0xd0
[  609.491927][T10002]  ? ns_capable+0xd7/0x110
[  609.496376][T10002]  nfnetlink_rcv+0x1b4/0x430
[  609.500997][T10002]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  609.506145][T10002]  ? netlink_deliver_tap+0x1ae/0xd90
[  609.511464][T10002]  netlink_unicast+0x542/0x820
[  609.516264][T10002]  ? __pfx_netlink_unicast+0x10/0x10
[  609.521592][T10002]  netlink_sendmsg+0x8b8/0xd70
[  609.526477][T10002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  609.531796][T10002]  ? __import_iovec+0x1fd/0x6e0
[  609.536688][T10002]  ____sys_sendmsg+0xab5/0xc90
[  609.541480][T10002]  ? copy_msghdr_from_user+0x10b/0x160
[  609.546972][T10002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  609.552290][T10002]  ? find_held_lock+0x2d/0x110
[  609.557171][T10002]  ? __pfx___lock_acquire+0x10/0x10
[  609.562409][T10002]  ___sys_sendmsg+0x135/0x1e0
[  609.567470][T10002]  ? __pfx____sys_sendmsg+0x10/0x10
[  609.572712][T10002]  ? ksys_write+0x21c/0x260
[  609.577252][T10002]  ? __fget_light+0x173/0x210
[  609.581966][T10002]  __sys_sendmsg+0x117/0x1f0
[  609.586595][T10002]  ? __pfx___sys_sendmsg+0x10/0x10
[  609.591746][T10002]  do_syscall_64+0xcd/0x250
[  609.596372][T10002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.602310][T10002] RIP: 0033:0x7f2671b75bd9
[  609.606753][T10002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  609.626400][T10002] RSP: 002b:00007f26729bf048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  609.634856][T10002] RAX: ffffffffffffffda RBX: 00007f2671d03f60 RCX: 00007f2671b75bd9
[  609.642942][T10002] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  609.650939][T10002] RBP: 00007f26729bf0a0 R08: 0000000000000000 R09: 0000000000000000
[  609.658939][T10002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  609.666950][T10002] R13: 000000000000000b R14: 00007f2671d03f60 R15: 00007ffd94d7e698
[  609.674959][T10002]  </TASK>
[  609.939593][ T9929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  609.983419][ T9929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  610.027100][ T8710] bridge_slave_1: left allmulticast mode
[  610.035700][ T8710] bridge_slave_1: left promiscuous mode
[  610.066450][ T8710] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.075204][ T5101] Bluetooth: hci1: command tx timeout
[  610.215018][ T8710] bridge_slave_0: left allmulticast mode
[  610.236191][ T8710] bridge_slave_0: left promiscuous mode
[  610.255703][ T8710] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.910840][ T5101] Bluetooth: hci2: command tx timeout
[  611.312543][T10022] process 'syz.1.1036' launched '/dev/fd/5' with NULL argv: empty string added
[  611.364179][   T30] audit: type=1400 audit(1720405559.182:496): avc:  denied  { execute_no_trans } for  pid=10021 comm="syz.1.1036" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F520C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="tmpfs" ino=128 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  612.370293][ T8710] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  612.482625][ T8710] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  612.518023][ T8710] bond0 (unregistering): Released all slaves
[  612.936017][ T5101] Bluetooth: hci2: command tx timeout
[  613.110436][ T9929] team0: Port device team_slave_0 added
[  613.141337][ T9929] team0: Port device team_slave_1 added
[  613.180567][ T9970] chnl_net:caif_netlink_parms(): no params data found
[  613.605764][ T9929] batman_adv: batadv0: Adding interface: batadv_slave_0
[  613.637359][ T9929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  613.871828][ T9929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  614.897391][ T9929] batman_adv: batadv0: Adding interface: batadv_slave_1
[  614.921476][ T9929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  614.955655][ T9929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  614.956050][T10044] overlay: Unknown parameter ':'
[  615.008016][ T5101] Bluetooth: hci2: command tx timeout
[  615.024342][ T8710] hsr_slave_0: left promiscuous mode
[  615.034835][ T8710] hsr_slave_1: left promiscuous mode
[  615.046816][ T8710] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  615.054411][ T8710] batman_adv: batadv0: Removing interface: batadv_slave_0
[  615.070210][ T8710] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  615.088404][ T8710] batman_adv: batadv0: Removing interface: batadv_slave_1
[  615.146111][ T8710] veth1_macvtap: left promiscuous mode
[  615.151955][ T8710] veth0_macvtap: left promiscuous mode
[  615.159557][ T8710] veth1_vlan: left promiscuous mode
[  615.165200][ T8710] veth0_vlan: left promiscuous mode
[  615.589323][T10052] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1042'.
[  616.506011][   T30] audit: type=1400 audit(1720405564.342:497): avc:  denied  { ioctl } for  pid=10057 comm="syz.3.1044" path="/dev/nullb0" dev="devtmpfs" ino=681 ioctlcmd=0xaf11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  617.272042][ T8710] team0 (unregistering): Port device team_slave_1 removed
[  617.342819][ T8710] team0 (unregistering): Port device team_slave_0 removed
[  618.461254][ T9741] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  618.504705][T10063] FAULT_INJECTION: forcing a failure.
[  618.504705][T10063] name failslab, interval 1, probability 0, space 0, times 0
[  618.517682][T10063] CPU: 1 PID: 10063 Comm: syz.3.1045 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  618.527878][T10063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  618.537963][T10063] Call Trace:
[  618.541259][T10063]  <TASK>
[  618.544248][T10063]  dump_stack_lvl+0x16c/0x1f0
[  618.548972][T10063]  should_fail_ex+0x497/0x5b0
[  618.553683][T10063]  should_failslab+0x9/0x20
[  618.558269][T10063]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  618.563682][T10063]  ? skb_clone+0x190/0x3f0
[  618.568114][T10063]  skb_clone+0x190/0x3f0
[  618.572366][T10063]  netlink_deliver_tap+0xab3/0xd90
[  618.577501][T10063]  netlink_unicast+0x6be/0x820
[  618.582301][T10063]  ? __pfx_netlink_unicast+0x10/0x10
[  618.587616][T10063]  ? rtnetlink_rcv_msg+0x3e6/0xea0
[  618.592766][T10063]  netlink_ack+0x6a6/0xb90
[  618.597380][T10063]  netlink_rcv_skb+0x348/0x440
[  618.602159][T10063]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  618.607628][T10063]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  618.612932][T10063]  ? netlink_deliver_tap+0x1ae/0xd90
[  618.618237][T10063]  netlink_unicast+0x542/0x820
[  618.623028][T10063]  ? __pfx_netlink_unicast+0x10/0x10
[  618.628355][T10063]  netlink_sendmsg+0x8b8/0xd70
[  618.633138][T10063]  ? __pfx_netlink_sendmsg+0x10/0x10
[  618.638436][T10063]  ? __import_iovec+0x1fd/0x6e0
[  618.643297][T10063]  ____sys_sendmsg+0xab5/0xc90
[  618.648103][T10063]  ? copy_msghdr_from_user+0x10b/0x160
[  618.653572][T10063]  ? __pfx_____sys_sendmsg+0x10/0x10
[  618.658858][T10063]  ? __pfx___lock_acquire+0x10/0x10
[  618.664068][T10063]  ___sys_sendmsg+0x135/0x1e0
[  618.668752][T10063]  ? __pfx____sys_sendmsg+0x10/0x10
[  618.673956][T10063]  ? __pfx_lock_release+0x10/0x10
[  618.678989][T10063]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  618.684744][T10063]  ? __fget_light+0x173/0x210
[  618.689441][T10063]  __sys_sendmmsg+0x1a1/0x450
[  618.694134][T10063]  ? __pfx___sys_sendmmsg+0x10/0x10
[  618.699357][T10063]  ? vfs_write+0x14d/0x1140
[  618.703885][T10063]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  618.710000][T10063]  ? fput+0x32/0x390
[  618.713903][T10063]  ? ksys_write+0x1ab/0x260
[  618.718589][T10063]  ? __pfx_ksys_write+0x10/0x10
[  618.723623][T10063]  __x64_sys_sendmmsg+0x9c/0x100
[  618.728570][T10063]  ? lockdep_hardirqs_on+0x7c/0x110
[  618.733776][T10063]  do_syscall_64+0xcd/0x250
[  618.738286][T10063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  618.744194][T10063] RIP: 0033:0x7f2671b75bd9
[  618.748607][T10063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  618.768219][T10063] RSP: 002b:00007f26729bf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  618.776633][T10063] RAX: ffffffffffffffda RBX: 00007f2671d03f60 RCX: 00007f2671b75bd9
[  618.784603][T10063] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004
[  618.792572][T10063] RBP: 00007f26729bf0a0 R08: 0000000000000000 R09: 0000000000000000
[  618.800559][T10063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  618.808533][T10063] R13: 000000000000000b R14: 00007f2671d03f60 R15: 00007ffd94d7e698
[  618.816508][T10063]  </TASK>
[  618.874261][T10068] FAULT_INJECTION: forcing a failure.
[  618.874261][T10068] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  618.894425][T10068] CPU: 1 PID: 10068 Comm: syz.1.1047 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  618.899286][ T9970] bridge0: port 1(bridge_slave_0) entered blocking state
[  618.904615][T10068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  618.921717][T10068] Call Trace:
[  618.925021][T10068]  <TASK>
[  618.927995][T10068]  dump_stack_lvl+0x16c/0x1f0
[  618.932710][T10068]  should_fail_ex+0x497/0x5b0
[  618.937419][T10068]  _copy_from_user+0x30/0xf0
[  618.942036][T10068]  copy_msghdr_from_user+0x99/0x160
[  618.947282][T10068]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  618.950489][ T9970] bridge0: port 1(bridge_slave_0) entered disabled state
[  618.953114][T10068]  ? find_held_lock+0x2d/0x110
[  618.953146][T10068]  ? __pfx___lock_acquire+0x10/0x10
[  618.970137][T10068]  ___sys_sendmsg+0xff/0x1e0
[  618.974768][T10068]  ? __pfx____sys_sendmsg+0x10/0x10
[  618.980013][T10068]  ? ksys_write+0x21c/0x260
[  618.982800][ T9970] bridge_slave_0: entered allmulticast mode
[  618.984543][T10068]  ? __fget_light+0x173/0x210
[  618.995126][T10068]  __sys_sendmsg+0x117/0x1f0
[  618.999767][T10068]  ? __pfx___sys_sendmsg+0x10/0x10
[  619.004933][T10068]  do_syscall_64+0xcd/0x250
[  619.009471][T10068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.009735][ T9970] bridge_slave_0: entered promiscuous mode
[  619.015379][T10068] RIP: 0033:0x7faa2bd75bd9
[  619.015400][T10068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.015426][T10068] RSP: 002b:00007faa2ca6d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  619.015451][T10068] RAX: ffffffffffffffda RBX: 00007faa2bf03f60 RCX: 00007faa2bd75bd9
[  619.015468][T10068] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[  619.015484][T10068] RBP: 00007faa2ca6d0a0 R08: 0000000000000000 R09: 0000000000000000
[  619.015502][T10068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  619.015517][T10068] R13: 000000000000000b R14: 00007faa2bf03f60 R15: 00007ffd30ab5d28
[  619.015536][T10068]  </TASK>
[  619.157680][ T9741] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  619.268955][ T9970] bridge0: port 2(bridge_slave_1) entered blocking state
[  619.278196][ T9970] bridge0: port 2(bridge_slave_1) entered disabled state
[  619.291056][ T9970] bridge_slave_1: entered allmulticast mode
[  619.300602][ T9970] bridge_slave_1: entered promiscuous mode
[  619.360233][ T9741] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  619.406717][ T9741] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  619.456919][ T9929] hsr_slave_0: entered promiscuous mode
[  619.514721][ T9929] hsr_slave_1: entered promiscuous mode
[  619.788830][   T45] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  619.805757][ T9970] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  619.877046][ T9970] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  620.000162][   T45] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  620.034846][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.068785][   T45] usb 4-1: config 0 descriptor??
[  620.085823][   T45] gspca_main: cpia1-2.14.0 probing 0813:0001
[  620.196426][ T9970] team0: Port device team_slave_0 added
[  620.246612][ T9970] team0: Port device team_slave_1 added
[  620.504269][ T9970] batman_adv: batadv0: Adding interface: batadv_slave_0
[  620.525332][ T9970] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  620.569492][ T9970] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  620.615900][ T9970] batman_adv: batadv0: Adding interface: batadv_slave_1
[  620.633958][ T9970] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  620.720483][ T9970] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  620.758670][   T45] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  621.559593][ T9929] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  621.808571][   T45] gspca_cpia1: usb_control_msg 05, error -71
[  621.814621][   T45] cpia1 4-1:0.0: unexpected systemstate: 00
[  621.826124][ T9970] hsr_slave_0: entered promiscuous mode
[  621.836507][   T45] usb 4-1: USB disconnect, device number 12
[  621.855397][ T9970] hsr_slave_1: entered promiscuous mode
[  621.870761][ T9970] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  621.901624][ T9970] Cannot create hsr debugfs directory
[  621.962545][ T9929] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.205949][ T9929] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.413460][ T9929] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  622.720477][T10095] FAULT_INJECTION: forcing a failure.
[  622.720477][T10095] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  622.765089][T10095] CPU: 0 PID: 10095 Comm: syz.3.1055 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  622.775301][T10095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  622.785816][T10095] Call Trace:
[  622.789115][T10095]  <TASK>
[  622.792064][T10095]  dump_stack_lvl+0x16c/0x1f0
[  622.796770][T10095]  should_fail_ex+0x497/0x5b0
[  622.801479][T10095]  _copy_from_user+0x30/0xf0
[  622.806187][T10095]  copy_msghdr_from_user+0x99/0x160
[  622.811421][T10095]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  622.817259][T10095]  ? find_held_lock+0x2d/0x110
[  622.822068][T10095]  ? __pfx___lock_acquire+0x10/0x10
[  622.827301][T10095]  ___sys_sendmsg+0xff/0x1e0
[  622.831924][T10095]  ? __pfx____sys_sendmsg+0x10/0x10
[  622.837164][T10095]  ? ksys_write+0x21c/0x260
[  622.841706][T10095]  ? __fget_light+0x173/0x210
[  622.846417][T10095]  __sys_sendmsg+0x117/0x1f0
[  622.851049][T10095]  ? __pfx___sys_sendmsg+0x10/0x10
[  622.856198][T10095]  do_syscall_64+0xcd/0x250
[  622.860737][T10095]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.866666][T10095] RIP: 0033:0x7f2671b75bd9
[  622.871100][T10095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  622.890738][T10095] RSP: 002b:00007f26729bf048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  622.899184][T10095] RAX: ffffffffffffffda RBX: 00007f2671d03f60 RCX: 00007f2671b75bd9
[  622.907175][T10095] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005
[  622.915162][T10095] RBP: 00007f26729bf0a0 R08: 0000000000000000 R09: 0000000000000000
[  622.923160][T10095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  622.931156][T10095] R13: 000000000000000b R14: 00007f2671d03f60 R15: 00007ffd94d7e698
[  622.939156][T10095]  </TASK>
[  623.055161][ T9741] 8021q: adding VLAN 0 to HW filter on device bond0
[  623.298799][ T9741] 8021q: adding VLAN 0 to HW filter on device team0
[  623.347742][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.354916][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  623.431046][ T9929] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  623.488955][ T9929] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  623.586031][ T5135] bridge0: port 2(bridge_slave_1) entered blocking state
[  623.593207][ T5135] bridge0: port 2(bridge_slave_1) entered forwarding state
[  623.671112][ T9929] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  623.704476][ T9929] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  624.430770][ T9929] 8021q: adding VLAN 0 to HW filter on device bond0
[  624.632393][ T9929] 8021q: adding VLAN 0 to HW filter on device team0
[  624.645371][T10113] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  624.657209][ T9970] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  624.691847][ T9970] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  624.746357][ T9970] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  624.810015][ T9970] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  624.819683][T10113] input: syz1 as /devices/virtual/input/input33
[  624.869444][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.876689][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  624.931607][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[  624.940451][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[  625.011445][ T8600] bridge0: port 2(bridge_slave_1) entered blocking state
[  625.018619][ T8600] bridge0: port 2(bridge_slave_1) entered forwarding state
[  625.042843][ T9741] 8021q: adding VLAN 0 to HW filter on device batadv0
[  625.716031][ T9741] veth0_vlan: entered promiscuous mode
[  626.034760][ T9741] veth1_vlan: entered promiscuous mode
[  626.360028][ T9970] 8021q: adding VLAN 0 to HW filter on device bond0
[  626.524989][ T9741] veth0_macvtap: entered promiscuous mode
[  626.596180][ T9970] 8021q: adding VLAN 0 to HW filter on device team0
[  626.644370][ T9741] veth1_macvtap: entered promiscuous mode
[  626.674342][ T9929] 8021q: adding VLAN 0 to HW filter on device batadv0
[  626.711655][ T8600] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.718953][ T8600] bridge0: port 1(bridge_slave_0) entered forwarding state
[  626.853375][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  626.897855][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  626.918524][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  626.952393][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.001534][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  627.025865][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.054848][ T9741] batman_adv: batadv0: Interface activated: batadv_slave_0
[  627.120930][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  627.128170][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  627.220951][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  627.262650][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.288026][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  627.328342][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.348410][ T9741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  627.386834][ T9741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  627.430752][ T9741] batman_adv: batadv0: Interface activated: batadv_slave_1
[  627.601409][ T9741] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  627.616230][ T9741] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  627.636906][ T9741] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  627.666075][ T9741] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  627.836803][ T9929] veth0_vlan: entered promiscuous mode
[  627.963655][ T9929] veth1_vlan: entered promiscuous mode
[  628.262038][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  628.290664][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  628.311647][ T8733] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  628.376688][ T8733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  628.386062][ T9929] veth0_macvtap: entered promiscuous mode
[  628.460835][ T9929] veth1_macvtap: entered promiscuous mode
[  628.587215][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  628.635524][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  628.689042][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  628.720214][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  628.745319][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  628.772228][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  628.805797][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  628.841395][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  628.850886][T10162] input: syz0 as /devices/virtual/input/input34
[  628.885220][ T9929] batman_adv: batadv0: Interface activated: batadv_slave_0
[  628.995411][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.026496][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.047492][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.105400][T10167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1071'.
[  629.898416][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.908520][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  629.923463][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  629.945585][ T9929] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  630.051788][ T9929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  630.072478][ T9929] batman_adv: batadv0: Interface activated: batadv_slave_1
[  630.175202][ T9929] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  630.187725][ T9929] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  630.198166][ T9929] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  630.207024][ T9929] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  630.275883][ T9970] 8021q: adding VLAN 0 to HW filter on device batadv0
[  630.522902][   T30] audit: type=1400 audit(1720405578.352:498): avc:  denied  { setopt } for  pid=10170 comm="syz.1.1073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  630.824695][ T8710] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  630.850542][ T8710] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.063548][T10189] netlink: 576 bytes leftover after parsing attributes in process `syz.1.1075'.
[  631.194965][ T8710] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  631.248043][ T8710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  631.703125][T10202] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1078'.
[  631.715778][T10202] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[  631.739933][T10203] FAULT_INJECTION: forcing a failure.
[  631.739933][T10203] name failslab, interval 1, probability 0, space 0, times 0
[  631.753695][T10203] CPU: 0 PID: 10203 Comm: syz.1.1077 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  631.763878][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  631.773949][T10203] Call Trace:
[  631.777241][T10203]  <TASK>
[  631.780212][T10203]  dump_stack_lvl+0x16c/0x1f0
[  631.784914][T10203]  should_fail_ex+0x497/0x5b0
[  631.789624][T10203]  should_failslab+0x9/0x20
[  631.794158][T10203]  __kmalloc_node_noprof+0xd5/0x440
[  631.799379][T10203]  ? kvmalloc_node_noprof+0x9d/0x1a0
[  631.804696][T10203]  kvmalloc_node_noprof+0x9d/0x1a0
[  631.809838][T10203]  seq_read_iter+0x830/0x12c0
[  631.814543][T10203]  seq_read+0x390/0x4d0
[  631.818723][T10203]  ? __pfx___might_resched+0x10/0x10
[  631.824033][T10203]  ? __pfx_seq_read+0x10/0x10
[  631.828730][T10203]  ? lock_acquire+0x1b1/0x560
[  631.833435][T10203]  ? avc_policy_seqno+0x9/0x20
[  631.838396][T10203]  ? selinux_file_permission+0x125/0x590
[  631.844051][T10203]  ? __pfx_seq_read+0x10/0x10
[  631.848744][T10203]  vfs_read+0x1d4/0xbd0
[  631.852928][T10203]  ? __fdget_pos+0xeb/0x180
[  631.857457][T10203]  ? __pfx_vfs_read+0x10/0x10
[  631.862162][T10203]  ? __pfx___mutex_lock+0x10/0x10
[  631.867211][T10203]  ? __fget_files+0x256/0x400
[  631.871913][T10203]  ksys_read+0x12f/0x260
[  631.876183][T10203]  ? __pfx_ksys_read+0x10/0x10
[  631.880982][T10203]  do_syscall_64+0xcd/0x250
[  631.885516][T10203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.891441][T10203] RIP: 0033:0x7faa2bd75bd9
[  631.895870][T10203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  631.915504][T10203] RSP: 002b:00007faa2b7de048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  631.923956][T10203] RAX: ffffffffffffffda RBX: 00007faa2bf04110 RCX: 00007faa2bd75bd9
[  631.932034][T10203] RDX: 0000000000002020 RSI: 0000000020001540 RDI: 0000000000000005
[  631.940027][T10203] RBP: 00007faa2b7de0a0 R08: 0000000000000000 R09: 0000000000000000
[  631.948015][T10203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  631.956002][T10203] R13: 000000000000006e R14: 00007faa2bf04110 R15: 00007ffd30ab5d28
[  631.963999][T10203]  </TASK>
[  632.564695][ T9970] veth0_vlan: entered promiscuous mode
[  632.662596][ T9970] veth1_vlan: entered promiscuous mode
[  632.689920][T10212] input: syz0 as /devices/virtual/input/input35
[  633.567550][   T30] audit: type=1400 audit(1720405581.412:499): avc:  denied  { append } for  pid=10205 comm="syz.0.1079" name="qrtr-tun" dev="devtmpfs" ino=1117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  633.677569][T10215] input: syz0 as /devices/virtual/input/input36
[  633.814940][ T9970] veth0_macvtap: entered promiscuous mode
[  633.902025][ T9970] veth1_macvtap: entered promiscuous mode
[  634.095316][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.145815][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.220903][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.259492][T10228] FAULT_INJECTION: forcing a failure.
[  634.259492][T10228] name failslab, interval 1, probability 0, space 0, times 0
[  634.283601][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.300457][T10228] CPU: 1 PID: 10228 Comm: syz.2.1083 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  634.310751][T10228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  634.320836][T10228] Call Trace:
[  634.324146][T10228]  <TASK>
[  634.324618][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.327077][T10228]  dump_stack_lvl+0x16c/0x1f0
[  634.342175][T10228]  should_fail_ex+0x497/0x5b0
[  634.346968][T10228]  should_failslab+0x9/0x20
[  634.351511][T10228]  __kmalloc_node_noprof+0xd5/0x440
[  634.356746][T10228]  ? kvmalloc_node_noprof+0x9d/0x1a0
[  634.362072][T10228]  kvmalloc_node_noprof+0x9d/0x1a0
[  634.367227][T10228]  __do_sys_add_key+0x1f8/0x460
[  634.368493][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.372096][T10228]  ? __pfx___do_sys_add_key+0x10/0x10
[  634.372133][T10228]  ? ksys_write+0x1ab/0x260
[  634.391868][T10228]  do_syscall_64+0xcd/0x250
[  634.396413][T10228]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.402346][T10228] RIP: 0033:0x7f24acd75bd9
[  634.406780][T10228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  634.407860][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.426392][T10228] RSP: 002b:00007f24adadc048 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
[  634.426419][T10228] RAX: ffffffffffffffda RBX: 00007f24acf04038 RCX: 00007f24acd75bd9
[  634.426436][T10228] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 00000000200000c0
[  634.426453][T10228] RBP: 00007f24adadc0a0 R08: fffffffffffffffe R09: 0000000000000000
[  634.426468][T10228] R10: 000000000000005e R11: 0000000000000246 R12: 0000000000000001
[  634.426483][T10228] R13: 000000000000006e R14: 00007f24acf04038 R15: 00007ffdc5148868
[  634.426504][T10228]  </TASK>
[  634.488502][    C1] vkms_vblank_simulate: vblank timer overrun
[  634.494591][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.555497][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  634.623530][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.675133][ T9970] batman_adv: batadv0: Interface activated: batadv_slave_0
[  634.743118][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.792595][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.823901][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.900926][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.950228][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  634.961503][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  634.994893][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.027321][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.054644][ T9970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  635.072657][   T30] audit: type=1400 audit(1720405582.922:500): avc:  denied  { shutdown } for  pid=10242 comm="syz.1.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  635.100033][ T9970] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  635.143608][   T30] audit: type=1400 audit(1720405582.962:501): avc:  denied  { accept } for  pid=10242 comm="syz.1.1089" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  635.189699][ T9970] batman_adv: batadv0: Interface activated: batadv_slave_1
[  635.206545][   T30] audit: type=1400 audit(1720405583.052:502): avc:  denied  { mount } for  pid=10242 comm="syz.1.1089" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  635.257124][T10245] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  635.274345][T10238] tipc: Started in network mode
[  635.279881][T10238] tipc: Node identity 024f2d380c8e, cluster identity 4711
[  635.288627][T10238] tipc: Enabled bearer <eth:xfrm0>, priority 6
[  635.442140][ T5508] bridge_slave_1: left allmulticast mode
[  635.487252][ T5508] bridge_slave_1: left promiscuous mode
[  635.598219][ T5508] bridge0: port 2(bridge_slave_1) entered disabled state
[  635.751393][ T5508] bridge_slave_0: left allmulticast mode
[  635.757094][ T5508] bridge_slave_0: left promiscuous mode
[  635.796541][ T5508] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.897864][   T30] audit: type=1400 audit(1720405583.732:503): avc:  denied  { connect } for  pid=10253 comm="syz.3.1091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  635.983897][   T30] audit: type=1400 audit(1720405583.752:504): avc:  denied  { unmount } for  pid=9160 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  636.335282][ T5140] tipc: Node number set to 247541048
[  636.358121][   T30] audit: type=1400 audit(1720405584.202:505): avc:  denied  { create } for  pid=10258 comm="syz.1.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  636.477926][   T30] audit: type=1400 audit(1720405584.232:506): avc:  denied  { write } for  pid=10258 comm="syz.1.1092" path="socket:[42629]" dev="sockfs" ino=42629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  636.610909][T10262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1093'.
[  636.685258][   T30] audit: type=1400 audit(1720405584.242:507): avc:  denied  { nlmsg_read } for  pid=10258 comm="syz.1.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  637.063952][   T30] audit: type=1400 audit(1720405584.912:508): avc:  denied  { module_request } for  pid=10265 comm="syz.3.1095" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  637.088040][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.258486][ T5508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  638.298969][ T5508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  638.332751][ T5508] bond0 (unregistering): Released all slaves
[  638.380996][ T9970] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  638.418153][ T9970] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  638.426914][ T9970] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  638.491270][ T9970] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  639.260803][   T30] audit: type=1326 audit(1720405587.112:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10289 comm="syz.3.1098" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2671b75bd9 code=0x0
[  640.082129][ T5508] hsr_slave_0: left promiscuous mode
[  640.120094][ T5508] hsr_slave_1: left promiscuous mode
[  640.151807][ T5508] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  640.185293][ T5508] batman_adv: batadv0: Removing interface: batadv_slave_0
[  640.224634][ T5508] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  640.244655][ T5508] batman_adv: batadv0: Removing interface: batadv_slave_1
[  640.414058][ T5508] veth1_macvtap: left promiscuous mode
[  640.475620][ T5508] veth0_macvtap: left promiscuous mode
[  640.495873][ T5508] veth1_vlan: left promiscuous mode
[  640.523418][ T5508] veth0_vlan: left promiscuous mode
[  640.923405][T10323] fuse: Unknown parameter 'Dd'
[  641.390412][   T30] audit: type=1400 audit(1720405588.762:510): avc:  denied  { sqpoll } for  pid=10320 comm="syz.0.1103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  642.374549][ T5100] Bluetooth: hci5: command 0x0406 tx timeout
[  644.222715][ T5508] team0 (unregistering): Port device team_slave_1 removed
[  644.395048][ T5508] team0 (unregistering): Port device team_slave_0 removed
[  645.676943][ T5100] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  645.708034][ T5100] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  645.719573][ T5100] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  645.740359][ T5100] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  645.752600][ T5100] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  645.763562][ T5100] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  646.380227][ T1053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.443187][ T1053] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  646.734135][ T2483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.754019][ T2483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  647.808372][ T5101] Bluetooth: hci4: command tx timeout
[  647.836155][T10338] chnl_net:caif_netlink_parms(): no params data found
[  649.868274][ T1111] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  649.908087][ T5101] Bluetooth: hci4: command tx timeout
[  650.457479][ T1111] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.522438][T10338] bridge0: port 1(bridge_slave_0) entered blocking state
[  650.551220][T10338] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.584512][T10338] bridge_slave_0: entered allmulticast mode
[  650.612946][T10338] bridge_slave_0: entered promiscuous mode
[  650.649992][T10338] bridge0: port 2(bridge_slave_1) entered blocking state
[  650.682348][T10338] bridge0: port 2(bridge_slave_1) entered disabled state
[  650.708121][T10338] bridge_slave_1: entered allmulticast mode
[  650.744609][T10338] bridge_slave_1: entered promiscuous mode
[  650.865522][T10405] netlink: 832 bytes leftover after parsing attributes in process `syz.3.1120'.
[  650.869788][ T1111] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.921040][T10415] input: syz0 as /devices/virtual/input/input38
[  651.309366][ T1111] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  651.503877][T10338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  651.566978][T10338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  651.868699][T10338] team0: Port device team_slave_0 added
[  651.969008][ T5101] Bluetooth: hci4: command tx timeout
[  652.058661][T10338] team0: Port device team_slave_1 added
[  652.652023][T10338] batman_adv: batadv0: Adding interface: batadv_slave_0
[  652.669596][T10338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  652.695685][    C1] vkms_vblank_simulate: vblank timer overrun
[  652.848465][T10338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  653.014991][T10338] batman_adv: batadv0: Adding interface: batadv_slave_1
[  653.056859][T10338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  653.082937][    C1] vkms_vblank_simulate: vblank timer overrun
[  653.209240][T10338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  653.602806][ T1111] bridge_slave_1: left allmulticast mode
[  653.611804][ T1111] bridge_slave_1: left promiscuous mode
[  653.673873][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state
[  653.705511][ T1111] bridge_slave_0: left allmulticast mode
[  653.809509][ T1111] bridge_slave_0: left promiscuous mode
[  653.835268][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state
[  654.048204][ T5101] Bluetooth: hci4: command tx timeout
[  656.030236][T10474] input: syz0 as /devices/virtual/input/input39
[  656.732078][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  656.761243][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  656.832076][ T1111] bond0 (unregistering): Released all slaves
[  657.327025][T10338] hsr_slave_0: entered promiscuous mode
[  657.364788][T10338] hsr_slave_1: entered promiscuous mode
[  657.417844][T10338] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  657.428555][ T5143] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  657.449873][T10338] Cannot create hsr debugfs directory
[  657.589122][T10484] FAULT_INJECTION: forcing a failure.
[  657.589122][T10484] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  657.637080][T10484] CPU: 0 PID: 10484 Comm: syz.1.1142 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  657.647262][T10484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  657.657394][T10484] Call Trace:
[  657.661033][T10484]  <TASK>
[  657.663973][T10484]  dump_stack_lvl+0x16c/0x1f0
[  657.668670][T10484]  should_fail_ex+0x497/0x5b0
[  657.673428][T10484]  _copy_from_user+0x30/0xf0
[  657.678008][T10484]  get_user_ifreq+0xf1/0x250
[  657.682600][T10484]  sock_ioctl+0x592/0x6c0
[  657.686945][T10484]  ? __pfx_sock_ioctl+0x10/0x10
[  657.691874][T10484]  ? selinux_file_ioctl+0x180/0x270
[  657.697065][T10484]  ? selinux_file_ioctl+0xb4/0x270
[  657.702602][T10484]  ? __pfx_sock_ioctl+0x10/0x10
[  657.707461][T10484]  __x64_sys_ioctl+0x193/0x220
[  657.712236][T10484]  do_syscall_64+0xcd/0x250
[  657.717016][T10484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.722926][T10484] RIP: 0033:0x7faa2bd75bd9
[  657.727613][T10484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.747856][T10484] RSP: 002b:00007faa2ca6d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  657.756336][T10484] RAX: ffffffffffffffda RBX: 00007faa2bf03f60 RCX: 00007faa2bd75bd9
[  657.764312][T10484] RDX: 0000000020000480 RSI: 00000000000089f3 RDI: 0000000000000004
[  657.772383][T10484] RBP: 00007faa2ca6d0a0 R08: 0000000000000000 R09: 0000000000000000
[  657.780353][T10484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.788664][T10484] R13: 000000000000000b R14: 00007faa2bf03f60 R15: 00007ffd30ab5d28
[  657.796627][T10484]  </TASK>
[  657.836983][ T5143] usb 1-1: Using ep0 maxpacket: 8
[  657.879050][ T5143] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  657.925251][ T5143] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  657.997044][ T5143] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  658.027291][ T5143] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  658.105453][ T5143] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  658.167815][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.214983][ T1111] hsr_slave_0: left promiscuous mode
[  658.315793][ T1111] hsr_slave_1: left promiscuous mode
[  658.342988][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  658.389550][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0
[  658.453650][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  658.472980][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1
[  658.494726][ T5143] usb 1-1: GET_CAPABILITIES returned 0
[  658.549557][ T5143] usbtmc 1-1:16.0: can't read capabilities
[  658.664333][ T5143] usb 1-1: USB disconnect, device number 3
[  658.682395][ T1111] veth1_macvtap: left promiscuous mode
[  658.709690][ T1111] veth0_macvtap: left promiscuous mode
[  658.740650][ T1111] veth1_vlan: left promiscuous mode
[  658.803005][ T1111] veth0_vlan: left promiscuous mode
[  662.211525][ T1111] team0 (unregistering): Port device team_slave_1 removed
[  662.384113][ T1111] team0 (unregistering): Port device team_slave_0 removed
[  663.847709][T10531] input: syz0 as /devices/virtual/input/input40
[  664.648593][T10540] IPVS: Error joining to the multicast group
[  666.376096][T10338] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  666.409301][T10338] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  666.461222][T10338] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  666.527695][T10338] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  666.607253][T10555] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1161'.
[  667.001236][T10338] 8021q: adding VLAN 0 to HW filter on device bond0
[  667.147370][T10338] 8021q: adding VLAN 0 to HW filter on device team0
[  667.197199][ T5170] bridge0: port 1(bridge_slave_0) entered blocking state
[  667.204516][ T5170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  667.299279][ T5170] bridge0: port 2(bridge_slave_1) entered blocking state
[  667.306477][ T5170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  667.474517][T10338] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  668.460911][   T30] audit: type=1400 audit(1720405616.312:511): avc:  denied  { getopt } for  pid=10571 comm="syz.3.1166" lport=38522 faddr=::ffff:10.1.1.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  668.554662][   T30] audit: type=1326 audit(1720405616.362:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10574 comm="syz.1.1167" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa2bd75bd9 code=0xffff0000
[  668.715143][T10581] FAULT_INJECTION: forcing a failure.
[  668.715143][T10581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  668.765844][T10581] CPU: 0 PID: 10581 Comm: syz.3.1169 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  668.776071][T10581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  668.786138][T10581] Call Trace:
[  668.789419][T10581]  <TASK>
[  668.792353][T10581]  dump_stack_lvl+0x16c/0x1f0
[  668.797049][T10581]  should_fail_ex+0x497/0x5b0
[  668.801776][T10581]  _copy_from_iter+0x2a1/0x1140
[  668.806632][T10581]  ? __alloc_skb+0x1fe/0x380
[  668.811245][T10581]  ? __pfx__copy_from_iter+0x10/0x10
[  668.816550][T10581]  ? __virt_addr_valid+0x5e/0x580
[  668.821585][T10581]  ? __phys_addr_symbol+0x30/0x80
[  668.826609][T10581]  ? __check_object_size+0x48e/0x720
[  668.831899][T10581]  netlink_sendmsg+0x813/0xd70
[  668.836670][T10581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  668.841964][T10581]  ? __import_iovec+0x1fd/0x6e0
[  668.846816][T10581]  ____sys_sendmsg+0xab5/0xc90
[  668.851581][T10581]  ? copy_msghdr_from_user+0x10b/0x160
[  668.857051][T10581]  ? __pfx_____sys_sendmsg+0x10/0x10
[  668.862337][T10581]  ? find_held_lock+0x2d/0x110
[  668.867110][T10581]  ? __pfx___lock_acquire+0x10/0x10
[  668.872318][T10581]  ___sys_sendmsg+0x135/0x1e0
[  668.877002][T10581]  ? __pfx____sys_sendmsg+0x10/0x10
[  668.882226][T10581]  ? ksys_write+0x21c/0x260
[  668.886739][T10581]  ? __fget_light+0x173/0x210
[  668.891421][T10581]  __sys_sendmsg+0x117/0x1f0
[  668.896017][T10581]  ? __pfx___sys_sendmsg+0x10/0x10
[  668.901151][T10581]  do_syscall_64+0xcd/0x250
[  668.905662][T10581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.911572][T10581] RIP: 0033:0x7f2671b75bd9
[  668.915990][T10581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  668.935614][T10581] RSP: 002b:00007f26729bf048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  668.944072][T10581] RAX: ffffffffffffffda RBX: 00007f2671d03f60 RCX: 00007f2671b75bd9
[  668.952045][T10581] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  668.960034][T10581] RBP: 00007f26729bf0a0 R08: 0000000000000000 R09: 0000000000000000
[  668.968023][T10581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  668.975998][T10581] R13: 000000000000000b R14: 00007f2671d03f60 R15: 00007ffd94d7e698
[  668.983975][T10581]  </TASK>
[  669.134816][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  669.252927][T10338] 8021q: adding VLAN 0 to HW filter on device batadv0
[  669.614702][T10338] veth0_vlan: entered promiscuous mode
[  669.723322][T10338] veth1_vlan: entered promiscuous mode
[  669.864687][T10338] veth0_macvtap: entered promiscuous mode
[  669.943930][T10338] veth1_macvtap: entered promiscuous mode
[  670.106741][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  670.153549][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.187657][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  670.190190][T10597] input: syz0 as /devices/virtual/input/input41
[  670.231150][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.269470][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  670.322890][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.349574][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  670.387524][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.422934][T10338] batman_adv: batadv0: Interface activated: batadv_slave_0
[  670.483673][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.533886][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.584772][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.657876][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.681481][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.695487][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.712484][T10338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  670.724925][T10338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  670.750372][T10338] batman_adv: batadv0: Interface activated: batadv_slave_1
[  670.833397][T10338] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  670.893069][T10338] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  670.923508][T10338] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  670.951298][T10606] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  670.959757][T10338] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  671.447686][T10613] SELinux:  Context system_u:object_r:iptables_exec_t:s0 is not valid (left unmapped).
[  671.538958][   T30] audit: type=1400 audit(1720405619.392:513): avc:  denied  { relabelto } for  pid=10611 comm="syz.3.1178" name="file0" dev="tmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:iptables_exec_t:s0"
[  671.623782][ T8726] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.681854][ T8726] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.779272][   T30] audit: type=1400 audit(1720405619.442:514): avc:  denied  { associate } for  pid=10611 comm="syz.3.1178" name="file0" dev="tmpfs" ino=767 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:iptables_exec_t:s0"
[  671.865847][   T30] audit: type=1400 audit(1720405619.702:515): avc:  denied  { rmdir } for  pid=8368 comm="syz-executor" name="file0" dev="tmpfs" ino=767 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:iptables_exec_t:s0"
[  671.953789][T10617] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[  671.985016][ T8733] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  671.987254][T10617] audit: out of memory in audit_log_start
[  672.011652][ T8733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  673.627990][   T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  673.887713][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  673.908755][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  673.958021][   T25] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  673.990343][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.014234][T10643] FAULT_INJECTION: forcing a failure.
[  674.014234][T10643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  674.049440][   T25] usb 3-1: config 0 descriptor??
[  674.110445][T10643] CPU: 1 PID: 10643 Comm: syz.4.1183 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  674.120669][T10643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  674.130739][T10643] Call Trace:
[  674.134029][T10643]  <TASK>
[  674.136956][T10643]  dump_stack_lvl+0x16c/0x1f0
[  674.141647][T10643]  should_fail_ex+0x497/0x5b0
[  674.146322][T10643]  _copy_from_user+0x30/0xf0
[  674.150909][T10643]  csum_and_copy_from_iter_full+0x6da/0x1990
[  674.156894][T10643]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  674.163389][T10643]  ? policy_nodemask+0xea/0x4e0
[  674.168253][T10643]  ? alloc_pages_mpol_noprof+0x2c1/0x610
[  674.174007][T10643]  ip_generic_getfrag+0x175/0x260
[  674.179078][T10643]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  674.184660][T10643]  ? find_held_lock+0x2d/0x110
[  674.189457][T10643]  raw6_getfrag+0x22d/0x2a0
[  674.193994][T10643]  ? sk_page_frag_refill+0x6c/0x300
[  674.199217][T10643]  __ip6_append_data.isra.0+0x1b7c/0x4450
[  674.204959][T10643]  ? __pfx_raw6_getfrag+0x10/0x10
[  674.210015][T10643]  ? __pfx___ip6_append_data.isra.0+0x10/0x10
[  674.216111][T10643]  ip6_append_data+0x1e6/0x500
[  674.220921][T10643]  ? __pfx_raw6_getfrag+0x10/0x10
[  674.225953][T10643]  rawv6_sendmsg+0x15d6/0x4340
[  674.230716][T10643]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  674.235824][T10643]  ? avc_has_perm_noaudit+0x143/0x3a0
[  674.241190][T10643]  ? __pfx_avc_has_perm+0x10/0x10
[  674.246206][T10643]  ? sock_has_perm+0x25a/0x2f0
[  674.250980][T10643]  ? __pfx_sock_has_perm+0x10/0x10
[  674.256189][T10643]  ? avc_has_perm_noaudit+0x143/0x3a0
[  674.261552][T10643]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  674.266728][T10643]  ? inet_sendmsg+0x119/0x140
[  674.271403][T10643]  inet_sendmsg+0x119/0x140
[  674.275958][T10643]  sock_write_iter+0x4b8/0x5c0
[  674.280734][T10643]  ? __pfx_sock_write_iter+0x10/0x10
[  674.286041][T10643]  ? __pfx_file_has_perm+0x10/0x10
[  674.291245][T10643]  do_iter_readv_writev+0x504/0x780
[  674.296459][T10643]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  674.302173][T10643]  ? selinux_file_permission+0x125/0x590
[  674.307810][T10643]  ? security_file_permission+0x98/0xc0
[  674.313352][T10643]  vfs_writev+0x36f/0xde0
[  674.317675][T10643]  ? __pfx_vfs_writev+0x10/0x10
[  674.322518][T10643]  ? __fget_files+0x24c/0x400
[  674.327190][T10643]  ? do_writev+0x287/0x370
[  674.331684][T10643]  do_writev+0x287/0x370
[  674.335918][T10643]  ? __pfx_do_writev+0x10/0x10
[  674.340674][T10643]  do_syscall_64+0xcd/0x250
[  674.345190][T10643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.351080][T10643] RIP: 0033:0x7f6ef3b75bd9
[  674.355479][T10643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  674.375080][T10643] RSP: 002b:00007f6ef4897048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  674.383501][T10643] RAX: ffffffffffffffda RBX: 00007f6ef3d04110 RCX: 00007f6ef3b75bd9
[  674.391468][T10643] RDX: 0000000000000003 RSI: 0000000020000340 RDI: 0000000000000006
[  674.399429][T10643] RBP: 00007f6ef48970a0 R08: 0000000000000000 R09: 0000000000000000
[  674.407388][T10643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  674.415373][T10643] R13: 000000000000006e R14: 00007f6ef3d04110 R15: 00007ffebbbadd48
[  674.423341][T10643]  </TASK>
[  674.687342][   T30] audit: type=1400 audit(1720405622.532:516): avc:  denied  { ioctl } for  pid=10641 comm="syz.1.1186" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0xae83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  677.983212][   T25] usbhid 3-1:0.0: can't add hid device: -71
[  677.992061][   T25] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  678.034936][   T25] usb 3-1: USB disconnect, device number 6
[  679.382606][   T30] audit: type=1400 audit(1720405627.222:517): avc:  denied  { append } for  pid=10659 comm="syz.2.1191" name="nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  679.509053][T10663] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1191'.
[  680.154377][ T5141] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  680.421874][ T5141] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  680.491248][ T5141] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  680.562986][ T5141] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.614259][ T5141] usb 1-1: config 0 descriptor??
[  681.012136][T10677] sg_write: data in/out 196608/16 bytes for SCSI command 0xdb-- guessing data in;
[  681.012136][T10677]    program syz.2.1196 not setting count and/or reply_len properly
[  681.374580][   T30] audit: type=1326 audit(1720405629.222:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  681.458585][   T30] audit: type=1326 audit(1720405629.222:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  681.505166][   T30] audit: type=1326 audit(1720405629.232:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  682.379662][   T30] audit: type=1326 audit(1720405629.232:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  682.488006][   T30] audit: type=1326 audit(1720405629.232:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  682.614152][   T30] audit: type=1326 audit(1720405629.232:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  682.741187][   T30] audit: type=1326 audit(1720405629.232:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  682.871188][   T30] audit: type=1326 audit(1720405629.232:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  682.976843][   T30] audit: type=1326 audit(1720405629.242:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  683.078239][   T30] audit: type=1326 audit(1720405629.242:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10668 comm="syz.0.1193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9dad75bd9 code=0x7ffc0000
[  683.137050][ T5141] usb 1-1: USB disconnect, device number 4
[  686.018671][T10706] block nbd2: shutting down sockets
[  686.255335][T10718] input: syz0 as /devices/virtual/input/input42
[  686.346975][T10719] sg_write: data in/out 196608/16 bytes for SCSI command 0xdb-- guessing data in;
[  686.346975][T10719]    program syz.1.1207 not setting count and/or reply_len properly
[  686.390166][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[  686.397213][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[  692.233446][T10754] FAULT_INJECTION: forcing a failure.
[  692.233446][T10754] name failslab, interval 1, probability 0, space 0, times 0
[  692.282789][T10754] CPU: 0 PID: 10754 Comm: syz.4.1217 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  692.293012][T10754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  692.303100][T10754] Call Trace:
[  692.306405][T10754]  <TASK>
[  692.309358][T10754]  dump_stack_lvl+0x16c/0x1f0
[  692.314072][T10754]  should_fail_ex+0x497/0x5b0
[  692.318790][T10754]  should_failslab+0x9/0x20
[  692.323334][T10754]  kmalloc_trace_noprof+0x6b/0x300
[  692.328487][T10754]  ? binder_get_thread+0x223/0x8b0
[  692.333631][T10754]  binder_get_thread+0x223/0x8b0
[  692.338603][T10754]  binder_ioctl+0x258/0x6b70
[  692.343233][T10754]  ? kfree+0x12a/0x3b0
[  692.347329][T10754]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  692.353232][T10754]  ? do_vfs_ioctl+0x515/0x1ad0
[  692.358006][T10754]  ? __pfx_binder_ioctl+0x10/0x10
[  692.363048][T10754]  ? ioctl_has_perm.constprop.0.isra.0+0x2f0/0x470
[  692.369556][T10754]  ? ioctl_has_perm.constprop.0.isra.0+0x2f9/0x470
[  692.376062][T10754]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  692.382912][T10754]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  692.388912][T10754]  ? selinux_file_ioctl+0x180/0x270
[  692.394110][T10754]  ? selinux_file_ioctl+0xb4/0x270
[  692.399222][T10754]  ? __pfx_binder_ioctl+0x10/0x10
[  692.404253][T10754]  __x64_sys_ioctl+0x193/0x220
[  692.409111][T10754]  do_syscall_64+0xcd/0x250
[  692.413621][T10754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.419613][T10754] RIP: 0033:0x7f6ef3b75bd9
[  692.424023][T10754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  692.443634][T10754] RSP: 002b:00007f6ef48d9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  692.452048][T10754] RAX: ffffffffffffffda RBX: 00007f6ef3d03f60 RCX: 00007f6ef3b75bd9
[  692.460019][T10754] RDX: 0000000020000340 RSI: 00000000c00c620f RDI: 0000000000000004
[  692.467988][T10754] RBP: 00007f6ef48d90a0 R08: 0000000000000000 R09: 0000000000000000
[  692.475980][T10754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.483965][T10754] R13: 000000000000000b R14: 00007f6ef3d03f60 R15: 00007ffebbbadd48
[  692.491945][T10754]  </TASK>
[  692.658620][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  692.658639][   T30] audit: type=1400 audit(1720405640.452:569): avc:  denied  { bind } for  pid=10744 comm="syz.2.1215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  692.786428][T10754] binder: 10753:10754 ioctl c00c620f 20000340 returned -12
[  693.198756][   T30] audit: type=1400 audit(1720405641.042:570): avc:  denied  { create } for  pid=10762 comm="syz.4.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  693.282215][T10765] syz.4.1219: attempt to access beyond end of device
[  693.282215][T10765] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[  693.295790][T10765] FAT-fs (nbd4): unable to read boot sector
[  693.529549][   T30] audit: type=1400 audit(1720405641.072:571): avc:  denied  { connect } for  pid=10762 comm="syz.4.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  693.550146][   T30] audit: type=1400 audit(1720405641.242:572): avc:  denied  { listen } for  pid=10762 comm="syz.4.1219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  693.874345][   T30] audit: type=1400 audit(1720405641.722:573): avc:  denied  { ioctl } for  pid=10771 comm="syz.0.1220" path="socket:[45725]" dev="sockfs" ino=45725 ioctlcmd=0x8902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  696.281730][T10782] block nbd4: shutting down sockets
[  697.229615][ T5101] Bluetooth: hci2: link tx timeout
[  697.235451][ T5101] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  697.259584][ T5100] Bluetooth: hci2: link tx timeout
[  697.264787][ T5100] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  699.327991][ T5100] Bluetooth: hci2: command 0x0406 tx timeout
[  699.670401][T10835] binder: transaction release 14 bad handle 1, ret = -22
[  702.163440][   T30] audit: type=1400 audit(1720405650.002:574): avc:  denied  { bind } for  pid=10865 comm="syz.4.1245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  702.347382][ T5143] kernel write not supported for file /sg0 (pid: 5143 comm: kworker/0:7)
[  704.709027][ T5101] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  704.819832][ T5101] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  704.831540][ T5101] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  706.139445][T10909] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.858632][T10930] FAULT_INJECTION: forcing a failure.
[  708.858632][T10930] name failslab, interval 1, probability 0, space 0, times 0
[  708.871408][T10930] CPU: 1 PID: 10930 Comm: syz.0.1260 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  708.881615][T10930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  708.891872][T10930] Call Trace:
[  708.895167][T10930]  <TASK>
[  708.898112][T10930]  dump_stack_lvl+0x16c/0x1f0
[  708.902815][T10930]  should_fail_ex+0x497/0x5b0
[  708.907514][T10930]  should_failslab+0x9/0x20
[  708.912047][T10930]  __kmalloc_node_noprof+0xd5/0x440
[  708.917281][T10930]  ? kvmalloc_node_noprof+0x9d/0x1a0
[  708.922594][T10930]  kvmalloc_node_noprof+0x9d/0x1a0
[  708.927740][T10930]  __do_sys_setgroups+0x111/0x510
[  708.932882][T10930]  do_syscall_64+0xcd/0x250
[  708.937505][T10930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.943440][T10930] RIP: 0033:0x7fb9dad75bd9
[  708.947879][T10930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.967596][T10930] RSP: 002b:00007fb9da7de048 EFLAGS: 00000246 ORIG_RAX: 0000000000000074
[  708.976088][T10930] RAX: ffffffffffffffda RBX: 00007fb9daf04110 RCX: 00007fb9dad75bd9
[  708.984084][T10930] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 400000000000026f
[  708.992085][T10930] RBP: 00007fb9da7de0a0 R08: 0000000000000000 R09: 0000000000000000
[  709.000080][T10930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  709.008079][T10930] R13: 000000000000006e R14: 00007fb9daf04110 R15: 00007ffccad13e58
[  709.016072][T10930]  </TASK>
[  709.731832][T10935] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  709.738369][T10935] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  709.802373][T10935] vhci_hcd vhci_hcd.0: Device attached
[  710.005204][T10941] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1263'.
[  710.083358][T10941] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1263'.
[  710.092710][   T25] usb 9-1: new high-speed USB device number 2 using vhci_hcd
[  710.192475][T10945] block nbd2: shutting down sockets
[  710.486188][T10936] vhci_hcd: connection reset by peer
[  710.533586][ T8726] vhci_hcd: stop threads
[  710.540204][ T8726] vhci_hcd: release socket
[  710.560472][ T8726] vhci_hcd: disconnect device
[  711.466544][T10967] netlink: 'syz.0.1269': attribute type 2 has an invalid length.
[  711.515550][T10967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1269'.
[  711.588528][T10968] tunl0: entered promiscuous mode
[  711.661016][T10968] netlink: 'syz.0.1269': attribute type 1 has an invalid length.
[  711.715688][T10968] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1269'.
[  711.791685][T10967] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1269'.
[  715.824176][   T25] vhci_hcd: vhci_device speed not set
[  716.482514][T10992] block nbd4: shutting down sockets
[  716.827574][T11006] netlink: 'syz.3.1281': attribute type 2 has an invalid length.
[  716.858122][T11006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1281'.
[  716.948210][T11006] tunl0: entered promiscuous mode
[  716.965059][T11006] netlink: 'syz.3.1281': attribute type 1 has an invalid length.
[  716.994410][T11006] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1281'.
[  717.030234][T11007] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1281'.
[  720.071270][T11038] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1290'.
[  720.192443][T11039] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1290'.
[  721.434078][   T30] audit: type=1400 audit(1720405669.282:575): avc:  denied  { bind } for  pid=11050 comm="syz.3.1293" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  721.893540][   T30] audit: type=1400 audit(1720405669.732:576): avc:  denied  { write } for  pid=11056 comm="syz.3.1295" lport=50342 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  722.682393][   T30] audit: type=1400 audit(1720405669.732:577): avc:  denied  { setopt } for  pid=11056 comm="syz.3.1295" lport=50342 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  722.778925][T11066] netlink: 'syz.3.1297': attribute type 4 has an invalid length.
[  722.990985][T11066] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1297'.
[  723.483701][T11081] QAT: Invalid ioctl 1076389384
[  723.505995][T11081] QAT: Invalid ioctl -805268418
[  723.595355][T11081] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1302'.
[  723.624570][T11082] netlink: 'syz.2.1303': attribute type 11 has an invalid length.
[  723.782306][   T30] audit: type=1400 audit(1720405671.632:578): avc:  denied  { ioctl } for  pid=11080 comm="syz.0.1302" path="socket:[47304]" dev="sockfs" ino=47304 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  723.822856][T11086] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  723.853914][T11086] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  723.865431][T11086] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  723.888401][T11086] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  723.939232][T11076] block nbd4: shutting down sockets
[  724.373745][ T5101] Bluetooth: hci1: command 0x0406 tx timeout
[  724.712700][T11101] FAULT_INJECTION: forcing a failure.
[  724.712700][T11101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  724.759228][T11101] CPU: 0 PID: 11101 Comm: syz.1.1307 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  724.769459][T11101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  724.779618][T11101] Call Trace:
[  724.782891][T11101]  <TASK>
[  724.785836][T11101]  dump_stack_lvl+0x16c/0x1f0
[  724.790541][T11101]  should_fail_ex+0x497/0x5b0
[  724.795330][T11101]  _copy_from_user+0x30/0xf0
[  724.799953][T11101]  memdup_user+0x71/0xd0
[  724.804216][T11101]  strndup_user+0x78/0xe0
[  724.808555][T11101]  __x64_sys_mount+0x138/0x320
[  724.813331][T11101]  ? __pfx___x64_sys_mount+0x10/0x10
[  724.818621][T11101]  do_syscall_64+0xcd/0x250
[  724.823129][T11101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.829115][T11101] RIP: 0033:0x7faa2bd75bd9
[  724.833521][T11101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.853187][T11101] RSP: 002b:00007faa2ca6d048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  724.861616][T11101] RAX: ffffffffffffffda RBX: 00007faa2bf03f60 RCX: 00007faa2bd75bd9
[  724.870047][T11101] RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000000000000
[  724.878064][T11101] RBP: 00007faa2ca6d0a0 R08: 0000000020000280 R09: 0000000000000000
[  724.886036][T11101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  724.894104][T11101] R13: 000000000000000b R14: 00007faa2bf03f60 R15: 00007ffd30ab5d28
[  724.902096][T11101]  </TASK>
[  725.743181][T11110] netlink: 'syz.1.1311': attribute type 4 has an invalid length.
[  725.995675][T11110] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1311'.
[  727.665457][ T5096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  727.678877][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  727.687211][ T5096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  727.722942][ T5096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  727.733600][ T5096] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  727.741264][ T5096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  728.299290][ T5141] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  728.531383][ T5141] usb 5-1: Using ep0 maxpacket: 16
[  728.590588][ T5141] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.666249][ T5141] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  728.726410][T11123] chnl_net:caif_netlink_parms(): no params data found
[  728.742323][ T5141] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  728.827024][ T5141] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.872829][ T5141] usb 5-1: config 0 descriptor??
[  729.357373][ T5141] microsoft 0003:045E:07DA.0005: No inputs registered, leaving
[  729.417967][ T5100] Bluetooth: hci2: command 0x0406 tx timeout
[  729.436618][ T5141] microsoft 0003:045E:07DA.0005: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  729.450726][ T5141] microsoft 0003:045E:07DA.0005: no inputs found
[  729.457166][ T5141] microsoft 0003:045E:07DA.0005: could not initialize ff, continuing anyway
[  729.644590][T11158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.673145][T11158] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.684577][T11123] bridge0: port 1(bridge_slave_0) entered blocking state
[  729.715260][T11123] bridge0: port 1(bridge_slave_0) entered disabled state
[  729.768169][T11123] bridge_slave_0: entered allmulticast mode
[  729.801683][T11123] bridge_slave_0: entered promiscuous mode
[  729.818147][ T5101] Bluetooth: hci0: command tx timeout
[  729.834855][T11123] bridge0: port 2(bridge_slave_1) entered blocking state
[  729.867580][T11123] bridge0: port 2(bridge_slave_1) entered disabled state
[  729.920069][T11123] bridge_slave_1: entered allmulticast mode
[  729.944691][T11160] netlink: 'syz.2.1324': attribute type 1 has an invalid length.
[  729.957024][T11123] bridge_slave_1: entered promiscuous mode
[  730.225387][T11123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  730.262274][T11123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  730.511537][T11123] team0: Port device team_slave_0 added
[  730.573151][T11123] team0: Port device team_slave_1 added
[  730.728505][T11123] batman_adv: batadv0: Adding interface: batadv_slave_0
[  730.756901][T11123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  730.832938][T11123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  730.894016][T11123] batman_adv: batadv0: Adding interface: batadv_slave_1
[  730.919695][T11123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  730.945634][    C0] vkms_vblank_simulate: vblank timer overrun
[  731.000206][T11123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  731.061963][ T5141] usb 5-1: USB disconnect, device number 6
[  731.296824][T11123] hsr_slave_0: entered promiscuous mode
[  731.325740][T11123] hsr_slave_1: entered promiscuous mode
[  731.347480][T11123] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  731.358042][ T5140] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  731.376752][T11123] Cannot create hsr debugfs directory
[  731.547907][ T5140] usb 4-1: Using ep0 maxpacket: 8
[  731.549357][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  731.566322][ T5100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  731.566887][ T5140] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  731.582723][ T5100] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  731.592102][ T5140] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  731.614228][ T5100] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  731.624236][ T5100] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  731.632164][ T5100] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  731.681750][ T5140] usb 4-1: config 179 has no interface number 0
[  731.708746][ T5140] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  731.725055][ T5140] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  731.744507][ T5140] usb 4-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  731.770690][ T5140] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  731.783881][ T5140] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.797227][T11166] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  731.887996][ T5101] Bluetooth: hci0: command tx timeout
[  732.086441][ T5140] usb 4-1: USB disconnect, device number 13
[  733.246733][T11169] chnl_net:caif_netlink_parms(): no params data found
[  733.704470][T11123] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  733.728693][ T5101] Bluetooth: hci1: command tx timeout
[  733.753890][T11123] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  733.826981][ T5101] Bluetooth: hci2: unexpected event for opcode 0x2042
[  733.830855][T11123] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  733.891150][T11192] netlink: 'syz.4.1334': attribute type 1 has an invalid length.
[  733.930860][T11123] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  733.968439][ T5101] Bluetooth: hci0: command tx timeout
[  734.112615][T11202] tmpfs: Bad value for 'huge'
[  734.174098][T11169] bridge0: port 1(bridge_slave_0) entered blocking state
[  734.174235][T11169] bridge0: port 1(bridge_slave_0) entered disabled state
[  734.174450][T11169] bridge_slave_0: entered allmulticast mode
[  734.182448][T11169] bridge_slave_0: entered promiscuous mode
[  734.244172][T11169] bridge0: port 2(bridge_slave_1) entered blocking state
[  734.252201][T11169] bridge0: port 2(bridge_slave_1) entered disabled state
[  734.276609][T11169] bridge_slave_1: entered allmulticast mode
[  734.293184][T11169] bridge_slave_1: entered promiscuous mode
[  734.424527][T11169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  734.530182][T11169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  734.813181][T11169] team0: Port device team_slave_0 added
[  734.899321][T11169] team0: Port device team_slave_1 added
[  735.226642][T11169] batman_adv: batadv0: Adding interface: batadv_slave_0
[  735.254111][T11169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  735.280294][    C0] vkms_vblank_simulate: vblank timer overrun
[  735.360426][T11169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  735.454996][T11169] batman_adv: batadv0: Adding interface: batadv_slave_1
[  735.474012][T11169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  735.601548][T11169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  735.773840][T11123] 8021q: adding VLAN 0 to HW filter on device bond0
[  735.811828][ T5101] Bluetooth: hci1: command tx timeout
[  735.913331][T11123] 8021q: adding VLAN 0 to HW filter on device team0
[  735.922735][T11220] block nbd3: shutting down sockets
[  735.963488][T11169] hsr_slave_0: entered promiscuous mode
[  735.989917][T11169] hsr_slave_1: entered promiscuous mode
[  736.048301][ T5101] Bluetooth: hci0: command tx timeout
[  736.055149][T11169] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  736.068522][T11169] Cannot create hsr debugfs directory
[  736.101078][ T5170] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.108435][ T5170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.449031][ T5141] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.456197][ T5141] bridge0: port 2(bridge_slave_1) entered forwarding state
[  736.962270][T11236] netlink: 'syz.2.1346': attribute type 1 has an invalid length.
[  737.302650][T11169] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.504585][T11169] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.591546][T11246] netlink: 'syz.2.1348': attribute type 1 has an invalid length.
[  737.775312][T11169] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  737.888353][ T5101] Bluetooth: hci1: command tx timeout
[  737.914938][T11252] input: syz1 as /devices/virtual/input/input45
[  737.948326][T11169] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  738.053909][T11123] 8021q: adding VLAN 0 to HW filter on device batadv0
[  738.379296][T11254] FAULT_INJECTION: forcing a failure.
[  738.379296][T11254] name failslab, interval 1, probability 0, space 0, times 0
[  738.398766][T11254] CPU: 1 PID: 11254 Comm: syz.2.1350 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  738.409039][T11254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  738.419144][T11254] Call Trace:
[  738.422434][T11254]  <TASK>
[  738.425361][T11254]  dump_stack_lvl+0x16c/0x1f0
[  738.430048][T11254]  should_fail_ex+0x497/0x5b0
[  738.434727][T11254]  should_failslab+0x9/0x20
[  738.439261][T11254]  __kmalloc_noprof+0xcf/0x410
[  738.444038][T11254]  ? __pfx_lock_acquire+0x10/0x10
[  738.449105][T11254]  tomoyo_realpath_from_path+0xb9/0x720
[  738.454659][T11254]  ? tomoyo_profile+0x47/0x60
[  738.459354][T11254]  tomoyo_path_number_perm+0x245/0x590
[  738.464811][T11254]  ? tomoyo_path_number_perm+0x232/0x590
[  738.470443][T11254]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  738.476426][T11254]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  738.482403][T11254]  ? __fget_files+0x256/0x400
[  738.487075][T11254]  security_file_ioctl+0x75/0xc0
[  738.492009][T11254]  __x64_sys_ioctl+0xbb/0x220
[  738.496680][T11254]  do_syscall_64+0xcd/0x250
[  738.501180][T11254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.507071][T11254] RIP: 0033:0x7f79b5d75bd9
[  738.511503][T11254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  738.531125][T11254] RSP: 002b:00007f79b6ba0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  738.539594][T11254] RAX: ffffffffffffffda RBX: 00007f79b5f03f60 RCX: 00007f79b5d75bd9
[  738.547599][T11254] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  738.555837][T11254] RBP: 00007f79b6ba00a0 R08: 0000000000000000 R09: 0000000000000000
[  738.564004][T11254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  738.571973][T11254] R13: 000000000000000b R14: 00007f79b5f03f60 R15: 00007ffddec55968
[  738.579940][T11254]  </TASK>
[  738.609629][T11254] ERROR: Out of memory at tomoyo_realpath_from_path.
[  738.650183][T11254] input: syz0 as /devices/virtual/input/input46
[  738.673733][T11123] veth0_vlan: entered promiscuous mode
[  738.760926][T11123] veth1_vlan: entered promiscuous mode
[  738.815648][T11169] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  738.864596][T11169] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  739.127066][T11169] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  739.510537][T11169] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  739.836158][T11123] veth0_macvtap: entered promiscuous mode
[  739.895062][T11123] veth1_macvtap: entered promiscuous mode
[  739.978578][ T5101] Bluetooth: hci1: command tx timeout
[  740.000586][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  740.012672][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  740.368547][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  740.549229][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  740.574789][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  740.617915][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  740.657865][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  740.705231][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  740.733671][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  740.744473][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  740.794030][T11123] batman_adv: batadv0: Interface activated: batadv_slave_0
[  740.861713][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  740.927997][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  740.967806][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.005201][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.009978][T11276] FAULT_INJECTION: forcing a failure.
[  741.009978][T11276] name failslab, interval 1, probability 0, space 0, times 0
[  741.036715][ T5101] Bluetooth: hci2: unexpected event for opcode 0x2042
[  741.047860][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.060210][T11273] netlink: 'syz.4.1356': attribute type 1 has an invalid length.
[  741.068073][T11276] CPU: 1 PID: 11276 Comm: syz.2.1357 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  741.068108][T11276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  741.068122][T11276] Call Trace:
[  741.068130][T11276]  <TASK>
[  741.068139][T11276]  dump_stack_lvl+0x16c/0x1f0
[  741.068174][T11276]  should_fail_ex+0x497/0x5b0
[  741.104074][T11276]  should_failslab+0x9/0x20
[  741.108598][T11276]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  741.113984][T11276]  ? skb_clone+0x190/0x3f0
[  741.118502][T11276]  skb_clone+0x190/0x3f0
[  741.122755][T11276]  nfnetlink_rcv_batch+0x1d9/0x24d0
[  741.127955][T11276]  ? __pfx___lock_acquire+0x10/0x10
[  741.133171][T11276]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  741.138889][T11276]  ? find_held_lock+0x2d/0x110
[  741.143657][T11276]  ? avc_has_perm_noaudit+0x119/0x3a0
[  741.149048][T11276]  ? avc_has_perm_noaudit+0x143/0x3a0
[  741.154604][T11276]  ? __asan_memset+0x23/0x50
[  741.159198][T11276]  ? __nla_validate_parse+0x601/0x2880
[  741.164690][T11276]  ? __pfx___nla_validate_parse+0x10/0x10
[  741.170416][T11276]  ? cap_capable+0x1cf/0x240
[  741.175013][T11276]  ? __nla_parse+0x40/0x60
[  741.179442][T11276]  nfnetlink_rcv+0x3c3/0x430
[  741.184384][T11276]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  741.189498][T11276]  netlink_unicast+0x542/0x820
[  741.194271][T11276]  ? __pfx_netlink_unicast+0x10/0x10
[  741.199568][T11276]  netlink_sendmsg+0x8b8/0xd70
[  741.204338][T11276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  741.209886][T11276]  ? __import_iovec+0x1fd/0x6e0
[  741.214743][T11276]  ____sys_sendmsg+0xab5/0xc90
[  741.219508][T11276]  ? copy_msghdr_from_user+0x10b/0x160
[  741.225152][T11276]  ? __pfx_____sys_sendmsg+0x10/0x10
[  741.230522][T11276]  ? find_held_lock+0x2d/0x110
[  741.235292][T11276]  ? __pfx___lock_acquire+0x10/0x10
[  741.240497][T11276]  ___sys_sendmsg+0x135/0x1e0
[  741.245207][T11276]  ? __pfx____sys_sendmsg+0x10/0x10
[  741.250438][T11276]  ? ksys_write+0x21c/0x260
[  741.254981][T11276]  ? __fget_light+0x173/0x210
[  741.259663][T11276]  __sys_sendmsg+0x117/0x1f0
[  741.264257][T11276]  ? __pfx___sys_sendmsg+0x10/0x10
[  741.269421][T11276]  do_syscall_64+0xcd/0x250
[  741.273935][T11276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  741.279840][T11276] RIP: 0033:0x7f79b5d75bd9
[  741.284256][T11276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  741.303876][T11276] RSP: 002b:00007f79b6ba0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  741.312313][T11276] RAX: ffffffffffffffda RBX: 00007f79b5f03f60 RCX: 00007f79b5d75bd9
[  741.320282][T11276] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[  741.328250][T11276] RBP: 00007f79b6ba00a0 R08: 0000000000000000 R09: 0000000000000000
[  741.336234][T11276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  741.344203][T11276] R13: 000000000000000b R14: 00007f79b5f03f60 R15: 00007ffddec55968
[  741.352545][T11276]  </TASK>
[  741.367864][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.377728][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.497663][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.497693][T11123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  741.497716][T11123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  741.500410][T11123] batman_adv: batadv0: Interface activated: batadv_slave_1
[  741.595456][T11123] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  741.595503][T11123] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  741.595541][T11123] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  741.595579][T11123] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  741.803674][   T30] audit: type=1400 audit(1720405689.652:579): avc:  denied  { accept } for  pid=11279 comm="syz.2.1358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  741.842226][T11169] 8021q: adding VLAN 0 to HW filter on device bond0
[  741.934324][T11169] 8021q: adding VLAN 0 to HW filter on device team0
[  741.956509][    C0] vkms_vblank_simulate: vblank timer overrun
[  742.213492][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  742.244225][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  742.272041][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  742.279425][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  742.352069][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  742.359371][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  742.430076][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  742.476762][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  742.851192][T11299] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1364'.
[  744.039884][T11169] 8021q: adding VLAN 0 to HW filter on device batadv0
[  744.411104][T11169] veth0_vlan: entered promiscuous mode
[  744.624837][T11169] veth1_vlan: entered promiscuous mode
[  744.794459][T11327] FAULT_INJECTION: forcing a failure.
[  744.794459][T11327] name failslab, interval 1, probability 0, space 0, times 0
[  744.817563][T11327] CPU: 0 PID: 11327 Comm: syz.4.1369 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  744.827930][T11327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  744.838019][T11327] Call Trace:
[  744.841315][T11327]  <TASK>
[  744.844260][T11327]  dump_stack_lvl+0x16c/0x1f0
[  744.848970][T11327]  should_fail_ex+0x497/0x5b0
[  744.853679][T11327]  should_failslab+0x9/0x20
[  744.858217][T11327]  kmem_cache_alloc_node_noprof+0x71/0x310
[  744.864059][T11327]  ? __alloc_skb+0x2b1/0x380
[  744.868680][T11327]  __alloc_skb+0x2b1/0x380
[  744.873127][T11327]  ? __pfx___alloc_skb+0x10/0x10
[  744.878124][T11327]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  744.884046][T11327]  ? __nla_validate_parse+0x601/0x2880
[  744.889558][T11327]  netlbl_cipsov4_list+0x136/0x1470
[  744.894791][T11327]  ? __pfx___nla_validate_parse+0x10/0x10
[  744.900551][T11327]  ? __pfx_netlbl_cipsov4_list+0x10/0x10
[  744.906220][T11327]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  744.913637][T11327]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  744.921138][T11327]  genl_family_rcv_msg_doit+0x202/0x2f0
[  744.926700][T11327]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  744.932777][T11327]  ? __radix_tree_lookup+0x21f/0x2c0
[  744.938062][T11327]  genl_rcv_msg+0x565/0x800
[  744.942573][T11327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  744.947613][T11327]  ? __pfx___lock_acquire+0x10/0x10
[  744.952818][T11327]  ? __pfx_netlbl_cipsov4_list+0x10/0x10
[  744.958459][T11327]  netlink_rcv_skb+0x16b/0x440
[  744.963235][T11327]  ? __pfx_genl_rcv_msg+0x10/0x10
[  744.968274][T11327]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  744.973582][T11327]  ? down_read+0xc9/0x330
[  744.977923][T11327]  ? __pfx_down_read+0x10/0x10
[  744.982703][T11327]  ? netlink_deliver_tap+0x1ae/0xd90
[  744.987995][T11327]  genl_rcv+0x28/0x40
[  744.991986][T11327]  netlink_unicast+0x542/0x820
[  744.996847][T11327]  ? __pfx_netlink_unicast+0x10/0x10
[  745.002139][T11327]  netlink_sendmsg+0x8b8/0xd70
[  745.006910][T11327]  ? __pfx_netlink_sendmsg+0x10/0x10
[  745.012199][T11327]  ? __import_iovec+0x1fd/0x6e0
[  745.017054][T11327]  ____sys_sendmsg+0xab5/0xc90
[  745.021819][T11327]  ? copy_msghdr_from_user+0x10b/0x160
[  745.027288][T11327]  ? __pfx_____sys_sendmsg+0x10/0x10
[  745.032573][T11327]  ? __pfx___lock_acquire+0x10/0x10
[  745.037784][T11327]  ? find_held_lock+0x2d/0x110
[  745.042556][T11327]  ___sys_sendmsg+0x135/0x1e0
[  745.047238][T11327]  ? __pfx____sys_sendmsg+0x10/0x10
[  745.052451][T11327]  ? __fget_light+0x173/0x210
[  745.057148][T11327]  __sys_sendmsg+0x117/0x1f0
[  745.061742][T11327]  ? __pfx___sys_sendmsg+0x10/0x10
[  745.066861][T11327]  do_syscall_64+0xcd/0x250
[  745.071376][T11327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.077281][T11327] RIP: 0033:0x7f6ef3b75bd9
[  745.081696][T11327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.101305][T11327] RSP: 002b:00007f6ef48b8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  745.109718][T11327] RAX: ffffffffffffffda RBX: 00007f6ef3d04038 RCX: 00007f6ef3b75bd9
[  745.117685][T11327] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000007
[  745.125653][T11327] RBP: 00007f6ef48b80a0 R08: 0000000000000000 R09: 0000000000000000
[  745.133715][T11327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.141685][T11327] R13: 000000000000006e R14: 00007f6ef3d04038 R15: 00007ffebbbadd48
[  745.149658][T11327]  </TASK>
[  745.156917][    C0] vkms_vblank_simulate: vblank timer overrun
[  745.568856][T11169] veth0_macvtap: entered promiscuous mode
[  745.746528][T11169] veth1_macvtap: entered promiscuous mode
[  745.873897][T11318] block nbd3: shutting down sockets
[  745.886891][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  745.925432][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  745.956320][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  745.997312][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.033642][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.105592][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.142061][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.189048][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.225337][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.256462][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.294766][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  746.359293][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.416787][T11169] batman_adv: batadv0: Interface activated: batadv_slave_0
[  746.604054][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.643159][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.677356][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.702408][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  746.726537][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  746.791359][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.113274][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  747.768063][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.779064][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  747.797870][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.820809][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[  747.827577][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[  747.846578][T11169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  747.879175][T11169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  747.944901][T11169] batman_adv: batadv0: Interface activated: batadv_slave_1
[  748.046446][T11169] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  748.066947][T11169] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  748.094675][T11169] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  748.115020][T11169] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  748.189167][T11356] netlink: 'syz.2.1378': attribute type 2 has an invalid length.
[  748.197062][T11356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1378'.
[  748.230120][T11357] tunl0: entered promiscuous mode
[  748.275314][T11357] netlink: 'syz.2.1378': attribute type 1 has an invalid length.
[  748.303254][T11357] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1378'.
[  748.397918][T11358] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1378'.
[  748.915731][   T30] audit: type=1400 audit(1720405696.762:580): avc:  denied  { ioctl } for  pid=11367 comm="syz.2.1381" path="socket:[49451]" dev="sockfs" ino=49451 ioctlcmd=0xf512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  749.095470][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.139441][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  749.242168][T11374] FAULT_INJECTION: forcing a failure.
[  749.242168][T11374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  749.276266][T11374] CPU: 1 PID: 11374 Comm: syz.2.1384 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  749.286478][T11374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  749.296571][T11374] Call Trace:
[  749.299872][T11374]  <TASK>
[  749.302818][T11374]  dump_stack_lvl+0x16c/0x1f0
[  749.307533][T11374]  should_fail_ex+0x497/0x5b0
[  749.312258][T11374]  _copy_to_user+0x30/0xc0
[  749.316708][T11374]  simple_read_from_buffer+0xd0/0x160
[  749.322127][T11374]  proc_fail_nth_read+0x1b0/0x290
[  749.327199][T11374]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  749.332787][T11374]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  749.338393][T11374]  vfs_read+0x1d4/0xbd0
[  749.342680][T11374]  ? __fdget_pos+0xeb/0x180
[  749.347220][T11374]  ? __pfx_vfs_read+0x10/0x10
[  749.351936][T11374]  ? __pfx___mutex_lock+0x10/0x10
[  749.357101][T11374]  ? __fget_files+0x256/0x400
[  749.361827][T11374]  ksys_read+0x12f/0x260
[  749.366120][T11374]  ? __pfx_ksys_read+0x10/0x10
[  749.370927][T11374]  do_syscall_64+0xcd/0x250
[  749.375480][T11374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.381423][T11374] RIP: 0033:0x7f79b5d746bc
[  749.385863][T11374] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  749.405596][T11374] RSP: 002b:00007f79b6ba0040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  749.414131][T11374] RAX: ffffffffffffffda RBX: 00007f79b5f03f60 RCX: 00007f79b5d746bc
[  749.422216][T11374] RDX: 000000000000000f RSI: 00007f79b6ba00b0 RDI: 0000000000000003
[  749.430228][T11374] RBP: 00007f79b6ba00a0 R08: 0000000000000000 R09: 0000000000000000
[  749.438234][T11374] R10: 00000000000000a6 R11: 0000000000000246 R12: 0000000000000001
[  749.446233][T11374] R13: 000000000000000b R14: 00007f79b5f03f60 R15: 00007ffddec55968
[  749.454243][T11374]  </TASK>
[  749.457794][    C1] vkms_vblank_simulate: vblank timer overrun
[  749.494135][ T8726] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  749.530062][ T8726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  751.555878][T11395] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  751.653333][T11397] input: syz0 as /devices/virtual/input/input47
[  751.659712][T11395] netlink: 'syz.1.1390': attribute type 1 has an invalid length.
[  752.310157][T11379] fuse: Unknown parameter ''
[  752.435041][T11404] input: syz0 as /devices/virtual/input/input48
[  756.950488][   T30] audit: type=1400 audit(1720405704.792:581): avc:  denied  { map } for  pid=11436 comm="syz.2.1399" path="socket:[49061]" dev="sockfs" ino=49061 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  757.296432][ T5101] Bluetooth: hci2: unexpected event for opcode 0x2042
[  757.377986][ T8600] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  757.381526][T11442] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  757.576571][T11442] netlink: 'syz.4.1401': attribute type 1 has an invalid length.
[  757.651538][ T8600] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  757.687867][ T8600] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  757.773975][ T8600] usb 3-1: config 0 descriptor??
[  757.803856][T11457] input: syz0 as /devices/virtual/input/input49
[  758.688784][ T8600] pegasus 3-1:0.0: probe with driver pegasus failed with error -71
[  759.638300][ T8600] usb 3-1: USB disconnect, device number 7
[  761.134505][T11491] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64
[  761.211529][T11491] audit: out of memory in audit_log_start
[  761.566516][T11494] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1414'.
[  761.713361][   T30] audit: type=1400 audit(1720405709.562:582): avc:  denied  { nlmsg_read } for  pid=11497 comm="syz.3.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  761.734013][    C1] vkms_vblank_simulate: vblank timer overrun
[  762.132872][ T8600] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  762.218021][ T5140] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  762.427994][ T5140] usb 4-1: Using ep0 maxpacket: 8
[  763.340476][ T8600] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  763.367980][ T8600] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  763.386771][ T8600] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  763.389513][ T5140] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  763.406402][ T8600] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.463254][ T5140] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  763.477674][T11498] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  763.507862][ T5140] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  763.518078][ T5140] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  763.628156][ T5140] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  763.684709][ T5140] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  763.728001][ T5140] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.972702][ T8600] usb 1-1: USB disconnect, device number 5
[  764.083020][ T5140] usb 4-1: usb_control_msg returned -32
[  764.109488][ T5140] usbtmc 4-1:16.0: can't read capabilities
[  764.862897][T11524] input: syz0 as /devices/virtual/input/input50
[  766.159930][ T5135] usb 4-1: USB disconnect, device number 14
[  766.600197][T11538] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1423'.
[  769.228251][T11557] QAT: Invalid ioctl 1076389384
[  769.292909][T11557] QAT: Invalid ioctl -805268418
[  769.731006][T11557] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1429'.
[  770.408276][T11557] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.417277][T11557] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.468381][T11557] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.477327][T11557] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  770.625627][ T5100] Bluetooth: hci4: command 0x0406 tx timeout
[  771.530827][T11578] QAT: Invalid ioctl 1076389384
[  771.573768][T11578] QAT: Invalid ioctl -805268418
[  771.623944][T11578] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1436'.
[  771.687010][   T30] audit: type=1326 audit(1720405719.522:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11580 comm="syz.4.1437" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6ef3b75bd9 code=0x0
[  771.736957][T11583] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1437'.
[  771.793568][T11582] Bluetooth: MGMT ver 1.22
[  772.608288][T11583] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  772.657846][T11583] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  774.130850][ T5508] bridge_slave_1: left allmulticast mode
[  774.154093][ T5508] bridge_slave_1: left promiscuous mode
[  774.183113][ T5508] bridge0: port 2(bridge_slave_1) entered disabled state
[  774.238599][ T5508] bridge_slave_0: left allmulticast mode
[  774.267144][ T5508] bridge_slave_0: left promiscuous mode
[  774.292507][ T5508] bridge0: port 1(bridge_slave_0) entered disabled state
[  774.320312][T11616] QAT: Invalid ioctl 1076389384
[  774.343384][T11616] QAT: Invalid ioctl -805268418
[  774.392658][T11616] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1445'.
[  774.641362][T11621] xt_CT: You must specify a L4 protocol and not use inversions on it
[  776.198242][ T5508] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  776.239915][ T5508] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  776.265556][ T5508] bond0 (unregistering): Released all slaves
[  776.472598][T11619] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  776.515849][T11619] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  776.557993][T11619] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  776.597270][T11619] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  776.971587][T11583] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  776.977631][T11583] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  777.151080][T11636] 9pnet_fd: Insufficient options for proto=fd
[  777.192132][T11583] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  777.199380][T11583] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  777.436548][T11645] input: syz0 as /devices/virtual/input/input51
[  777.491632][T11649] FAULT_INJECTION: forcing a failure.
[  777.491632][T11649] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  777.561055][T11649] CPU: 1 PID: 11649 Comm: syz.0.1454 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  777.571266][T11649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  777.581344][T11649] Call Trace:
[  777.584616][T11649]  <TASK>
[  777.587567][T11649]  dump_stack_lvl+0x16c/0x1f0
[  777.592261][T11649]  should_fail_ex+0x497/0x5b0
[  777.596941][T11649]  _copy_from_iter+0x2a1/0x1140
[  777.601793][T11649]  ? __pfx__copy_from_iter+0x10/0x10
[  777.607071][T11649]  ? __virt_addr_valid+0x5e/0x580
[  777.612086][T11649]  ? __phys_addr_symbol+0x30/0x80
[  777.617099][T11649]  ? __check_object_size+0x48e/0x720
[  777.622380][T11649]  kernfs_fop_write_iter+0x1a3/0x500
[  777.627691][T11649]  vfs_write+0x6b6/0x1140
[  777.632049][T11649]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  777.637879][T11649]  ? __pfx_vfs_write+0x10/0x10
[  777.642732][T11649]  ? __pfx___mutex_lock+0x10/0x10
[  777.647754][T11649]  ? __fget_files+0x256/0x400
[  777.652460][T11649]  ksys_write+0x12f/0x260
[  777.656794][T11649]  ? __pfx_ksys_write+0x10/0x10
[  777.661664][T11649]  do_syscall_64+0xcd/0x250
[  777.666176][T11649]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.672078][T11649] RIP: 0033:0x7f173b775bd9
[  777.676485][T11649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  777.696109][T11649] RSP: 002b:00007f173c4cf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  777.704535][T11649] RAX: ffffffffffffffda RBX: 00007f173b903f60 RCX: 00007f173b775bd9
[  777.712615][T11649] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000004
[  777.720680][T11649] RBP: 00007f173c4cf0a0 R08: 0000000000000000 R09: 0000000000000000
[  777.728650][T11649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.736617][T11649] R13: 000000000000000b R14: 00007f173b903f60 R15: 00007ffedcea8858
[  777.744603][T11649]  </TASK>
[  777.747698][    C1] vkms_vblank_simulate: vblank timer overrun
[  779.056208][T11583] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  779.075235][T11583] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  779.138751][T11583] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  779.157374][T11583] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  780.249600][T11669] QAT: Invalid ioctl 1076389384
[  780.279770][T11669] QAT: Invalid ioctl -805268418
[  780.332781][T11669] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1458'.
[  780.630344][T11675] input: syz0 as /devices/virtual/input/input52
[  781.039621][T11681] block nbd3: shutting down sockets
[  782.371364][T11693] input: syz0 as /devices/virtual/input/input53
[  783.369842][T11703] input: syz0 as /devices/virtual/input/input54
[  784.375208][T11711] veth0_vlan: entered allmulticast mode
[  784.533578][T11716] veth0_vlan: left promiscuous mode
[  784.575829][T11716] veth0_vlan: entered promiscuous mode
[  784.628278][T11721] QAT: Invalid ioctl 1076389384
[  784.648658][T11721] QAT: Invalid ioctl -805268418
[  784.698991][T11721] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1471'.
[  784.799372][T11725] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  784.855991][T11725] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  784.871429][T11724] tmpfs: Unknown parameter 'u'
[  784.893700][T11725] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  784.938367][T11725] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  785.276072][T11733] input: syz0 as /devices/virtual/input/input55
[  788.851623][T11764] 9pnet_fd: Insufficient options for proto=fd
[  790.679157][T11774] QAT: Invalid ioctl 1076389384
[  790.719185][T11774] QAT: Invalid ioctl -805268418
[  790.833229][T11774] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  790.852899][T11774] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  790.863977][T11774] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  790.873236][T11774] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  793.386558][T11801] netlink: 188 bytes leftover after parsing attributes in process `syz.1.1493'.
[  793.415450][T11801] netlink: 'syz.1.1493': attribute type 1 has an invalid length.
[  797.870133][T11819] QAT: Invalid ioctl 1076389384
[  797.909631][T11819] QAT: Invalid ioctl -805268418
[  800.752218][   T30] audit: type=1400 audit(1720405748.602:584): avc:  denied  { connect } for  pid=11845 comm="syz.1.1505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  800.821484][   T30] audit: type=1400 audit(1720405748.602:585): avc:  denied  { name_connect } for  pid=11845 comm="syz.1.1505" dest=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  800.930231][T11854] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  800.961096][T11853] input: syz0 as /devices/virtual/input/input56
[  800.987545][T11854] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  801.227369][T11858] block nbd3: shutting down sockets
[  802.247058][T11877] QAT: Invalid ioctl 1076389384
[  802.274269][T11877] QAT: Invalid ioctl -805268418
[  803.047315][T11887] input: syz0 as /devices/virtual/input/input57
[  805.670378][T11906] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  805.847181][   T30] audit: type=1400 audit(1720405753.682:586): avc:  denied  { write } for  pid=11903 comm="syz.2.1520" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  806.499163][T11906] netlink: 'syz.0.1519': attribute type 1 has an invalid length.
[  806.658322][T11917] QAT: Invalid ioctl 1076389384
[  806.674560][T11917] QAT: Invalid ioctl -805268418
[  807.446345][   T30] audit: type=1400 audit(1720405755.292:587): avc:  denied  { lock } for  pid=11925 comm="syz.3.1524" path="socket:[52248]" dev="sockfs" ino=52248 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  808.781431][T11949] atomic_op ffff88802f2c6198 conn xmit_atomic 0000000000000000
[  809.328786][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[  809.335141][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[  811.920664][   T30] audit: type=1400 audit(1720405759.772:588): avc:  denied  { node_bind } for  pid=11970 comm="syz.1.1537" saddr=172.20.20.170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=dccp_socket permissive=1
[  812.360129][ T5143] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  812.559127][ T5135] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  812.607986][ T5143] usb 3-1: Using ep0 maxpacket: 8
[  812.681474][ T5143] usb 3-1: config 168 has an invalid descriptor of length 114, skipping remainder of the config
[  812.730755][ T5143] usb 3-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[  812.756084][ T5143] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice= 0.6e
[  812.768201][ T5135] usb 2-1: device descriptor read/64, error -71
[  812.777854][ T5143] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  812.805731][ T5143] usb 3-1: Product: syz
[  812.818011][ T5143] usb 3-1: Manufacturer: syz
[  812.838872][ T5143] usb 3-1: SerialNumber: syz
[  813.168560][ T5135] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  813.347934][ T5135] usb 2-1: device descriptor read/64, error -71
[  813.488572][ T5135] usb usb2-port1: attempt power cycle
[  814.038004][ T5135] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  814.888421][ T5135] usb 2-1: device descriptor read/8, error -71
[  814.998698][ T5143] usb 3-1: USB disconnect, device number 8
[  816.485094][T12008] xt_CT: You must specify a L4 protocol and not use inversions on it
[  816.526515][   T30] audit: type=1400 audit(1720405764.372:589): avc:  denied  { ioctl } for  pid=12005 comm="syz.1.1548" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  817.617491][T12023] tmpfs: Bad value for 'nr_inodes'
[  818.498182][   T30] audit: type=1400 audit(1720405766.342:590): avc:  denied  { mounton } for  pid=12020 comm="syz.2.1552" path="/89/file0" dev="pstore" ino=2816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=dir permissive=1
[  822.261303][T12047] xt_CT: You must specify a L4 protocol and not use inversions on it
[  822.387491][   T30] audit: type=1400 audit(1720405770.232:591): avc:  denied  { bind } for  pid=12052 comm="syz.3.1562" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  822.473784][T12054] netlink: 'syz.0.1561': attribute type 39 has an invalid length.
[  822.787559][T12059] netlink: 'syz.1.1564': attribute type 4 has an invalid length.
[  822.787579][T12059] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1564'.
[  823.199812][T12064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1565'.
[  824.188767][   T30] audit: type=1326 audit(1720405772.032:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12070 comm="syz.1.1566" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d12375bd9 code=0x0
[  824.445090][T12057] xt_CT: You must specify a L4 protocol and not use inversions on it
[  826.806823][T12091] 9pnet_fd: Insufficient options for proto=fd
[  829.604115][T12113] input: syz0 as /devices/virtual/input/input59
[  831.999118][T12133] netlink: 'syz.3.1584': attribute type 2 has an invalid length.
[  832.029368][T12133] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1584'.
[  832.100221][T12133] netlink: 'syz.3.1584': attribute type 1 has an invalid length.
[  832.136064][T12133] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1584'.
[  832.167027][T12134] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1584'.
[  832.577566][T12137] 9pnet_fd: Insufficient options for proto=fd
[  834.155236][T12141] 9pnet_fd: Insufficient options for proto=fd
[  840.074426][T12166] QAT: Invalid ioctl 1076389384
[  840.083082][T12166] QAT: Invalid ioctl -805268418
[  840.628995][T12171] block nbd3: shutting down sockets
[  870.702479][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[  870.709281][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[  932.135984][ T1241] ieee802154 phy0 wpan0: encryption failed: -22
[  932.142672][ T1241] ieee802154 phy1 wpan1: encryption failed: -22
[  932.770343][   T31] INFO: task kworker/0:1:9 blocked for more than 143 seconds.
[  932.793169][   T31]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  932.801012][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[  932.817817][   T31] task:kworker/0:1     state:D stack:24096 pid:9     tgid:9     ppid:2      flags:0x00004000
[  932.835449][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  932.842702][   T31] Call Trace:
[  932.846011][   T31]  <TASK>
[  932.858252][   T31]  __schedule+0xf15/0x5d00
[  932.862741][   T31]  ? __pfx_mark_lock+0x10/0x10
[  932.867554][   T31]  ? __pfx___schedule+0x10/0x10
[  932.877864][   T31]  ? schedule+0x298/0x350
[  932.882265][   T31]  ? __pfx_lock_release+0x10/0x10
[  932.887335][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  932.937888][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  932.943167][   T31]  schedule+0xe7/0x350
[  932.947278][   T31]  schedule_preempt_disabled+0x13/0x30
[  932.956037][   T31]  __mutex_lock+0x5b8/0x9c0
[  932.960986][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[  932.967367][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  932.981945][   T31]  ? rfkill_global_led_trigger_worker+0x1b/0x160
[  932.988541][   T31]  rfkill_global_led_trigger_worker+0x1b/0x160
[  932.994746][   T31]  process_one_work+0x9c5/0x1b40
[  933.008124][   T31]  ? __pfx_lock_acquire+0x10/0x10
[  933.013304][   T31]  ? __pfx_process_one_work+0x10/0x10
[  933.025826][   T31]  ? assign_work+0x1a0/0x250
[  933.030641][   T31]  worker_thread+0x6c8/0xf30
[  933.035272][   T31]  ? __kthread_parkme+0x148/0x220
[  933.040691][   T31]  ? __pfx_worker_thread+0x10/0x10
[  933.045841][   T31]  kthread+0x2c1/0x3a0
[  933.050349][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  933.055671][   T31]  ? __pfx_kthread+0x10/0x10
[  933.066779][   T31]  ret_from_fork+0x45/0x80
[  933.071376][   T31]  ? __pfx_kthread+0x10/0x10
[  933.076005][   T31]  ret_from_fork_asm+0x1a/0x30
[  933.080982][   T31]  </TASK>
[  933.084188][   T31] INFO: task kworker/u8:11:5508 blocked for more than 143 seconds.
[  933.100420][   T31]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  933.114263][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  933.123145][   T31] task:kworker/u8:11   state:D stack:21552 pid:5508  tgid:5508  ppid:2      flags:0x00004000
[  933.142229][   T31] Workqueue: netns cleanup_net
[  933.147070][   T31] Call Trace:
[  933.154414][   T31]  <TASK>
[  933.157388][   T31]  __schedule+0xf15/0x5d00
[  933.162029][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  933.167358][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  933.197846][   T31]  ? __pfx___schedule+0x10/0x10
[  933.202771][   T31]  ? schedule+0x298/0x350
[  933.207132][   T31]  ? __pfx_lock_release+0x10/0x10
[  933.212790][   T31]  ? __mutex_lock+0x5b3/0x9c0
[  933.217686][   T31]  ? __mutex_trylock_common+0x78/0x250
[  933.223581][   T31]  schedule+0xe7/0x350
[  933.227689][   T31]  schedule_preempt_disabled+0x13/0x30
[  933.241932][   T31]  __mutex_lock+0x5b8/0x9c0
[  933.246506][   T31]  ? rfkill_unregister+0xde/0x2c0
[  933.264773][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  933.271542][   T31]  ? device_del+0x6b6/0x9f0
[  933.276117][   T31]  ? __pfx_device_del+0x10/0x10
[  933.281348][   T31]  ? rfkill_unregister+0xde/0x2c0
[  933.286429][   T31]  rfkill_unregister+0xde/0x2c0
[  933.306338][   T31]  wiphy_unregister+0x138/0xbc0
[  933.317507][   T31]  ? __pfx_wiphy_unregister+0x10/0x10
[  933.325380][   T31]  ? kfree+0x12a/0x3b0
[  933.337840][   T31]  ? rate_control_deinitialize+0x113/0x160
[  933.343723][   T31]  ieee80211_unregister_hw+0x248/0x3a0
[  933.356829][   T31]  hwsim_exit_net+0x3ad/0x7d0
[  933.361692][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[  933.366933][   T31]  ? ip_vs_sync_net_cleanup+0x72/0xb0
[  933.372731][   T31]  ? __ip_vs_dev_cleanup_batch+0xb1/0x290
[  933.387117][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[  933.392520][   T31]  ops_exit_list+0xb0/0x180
[  933.397069][   T31]  cleanup_net+0x5b7/0xbf0
[  933.401823][   T31]  ? __pfx_cleanup_net+0x10/0x10
[  933.406808][   T31]  process_one_work+0x9c5/0x1b40
[  933.434497][   T31]  ? __pfx_crng_reseed+0x10/0x10
[  933.440118][   T31]  ? __pfx_process_one_work+0x10/0x10
[  933.445540][   T31]  ? assign_work+0x1a0/0x250
[  933.460643][   T31]  worker_thread+0x6c8/0xf30
[  933.465310][   T31]  ? __pfx_worker_thread+0x10/0x10
[  933.475323][   T31]  kthread+0x2c1/0x3a0
[  933.479622][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  933.484860][   T31]  ? __pfx_kthread+0x10/0x10
[  933.498107][   T31]  ret_from_fork+0x45/0x80
[  933.502595][   T31]  ? __pfx_kthread+0x10/0x10
[  933.507218][   T31]  ret_from_fork_asm+0x1a/0x30
[  933.521665][   T31]  </TASK>
[  933.524849][   T31] INFO: task syz.4.1437:11583 blocked for more than 144 seconds.
[  933.537562][   T31]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  933.552116][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  933.576469][   T31] task:syz.4.1437      state:D stack:25456 pid:11583 tgid:11580 ppid:9970   flags:0x00004006
[  933.587023][   T31] Call Trace:
[  933.590437][   T31]  <TASK>
[  933.593390][   T31]  __schedule+0xf15/0x5d00
[  933.605988][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  933.611340][   T31]  ? __pfx___schedule+0x10/0x10
[  933.616226][   T31]  ? schedule+0x298/0x350
[  933.620948][   T31]  ? __pfx_lock_release+0x10/0x10
[  933.626024][   T31]  ? __mutex_lock+0x5b3/0x9c0
[  933.637870][   T31]  ? __mutex_trylock_common+0x78/0x250
[  933.643403][   T31]  schedule+0xe7/0x350
[  933.647504][   T31]  schedule_preempt_disabled+0x13/0x30
[  933.672882][   T31]  __mutex_lock+0x5b8/0x9c0
[  933.677473][   T31]  ? nfc_dev_down+0x2d/0x2e0
[  933.685672][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  933.690984][   T31]  ? find_held_lock+0x2d/0x110
[  933.695783][   T31]  ? rfkill_set_block+0x198/0x560
[  933.709045][   T31]  ? __pfx_lock_release+0x10/0x10
[  933.714150][   T31]  ? nfc_dev_down+0x2d/0x2e0
[  933.724703][   T31]  nfc_dev_down+0x2d/0x2e0
[  933.730153][   T31]  nfc_rfkill_set_block+0x39/0xe0
[  933.735233][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  933.741231][   T31]  rfkill_set_block+0x203/0x560
[  933.746125][   T31]  rfkill_fop_write+0x2d4/0x570
[  933.751377][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  933.756874][   T31]  ? security_file_permission+0x70/0xc0
[  933.762544][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  933.774452][   T31]  vfs_write+0x29a/0x1140
[  933.779168][   T31]  ? __pfx_vfs_write+0x10/0x10
[  933.783976][   T31]  ? do_futex+0x123/0x350
[  933.788647][   T31]  ? __fget_files+0x256/0x400
[  933.793376][   T31]  ? __fget_light+0x173/0x210
[  933.805964][   T31]  ksys_write+0x1f8/0x260
[  933.813053][   T31]  ? __pfx_ksys_write+0x10/0x10
[  933.826185][   T31]  do_syscall_64+0xcd/0x250
[  933.830868][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  933.836817][   T31] RIP: 0033:0x7f6ef3b75bd9
[  933.841695][   T31] RSP: 002b:00007f6ef4897048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  933.857870][   T31] RAX: ffffffffffffffda RBX: 00007f6ef3d04110 RCX: 00007f6ef3b75bd9
[  933.865907][   T31] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000004
[  933.882090][   T31] RBP: 00007f6ef3be4aa1 R08: 0000000000000000 R09: 0000000000000000
[  933.894411][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  933.914390][   T31] R13: 000000000000000b R14: 00007f6ef3d04110 R15: 00007ffebbbadd48
[  933.930345][   T31]  </TASK>
[  933.933448][   T31] INFO: task syz.0.1431:11604 blocked for more than 144 seconds.
[  933.941431][   T31]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  933.961509][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  933.970583][   T31] task:syz.0.1431      state:D stack:24640 pid:11604 tgid:11604 ppid:11123  flags:0x00004002
[  933.988856][   T31] Call Trace:
[  933.992181][   T31]  <TASK>
[  933.995128][   T31]  __schedule+0xf15/0x5d00
[  933.999863][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  934.005100][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  934.011873][   T31]  ? __pfx___schedule+0x10/0x10
[  934.023773][   T31]  ? schedule+0x298/0x350
[  934.028765][   T31]  ? __pfx_lock_release+0x10/0x10
[  934.033835][   T31]  ? __mutex_lock+0x5b3/0x9c0
[  934.054668][   T31]  ? __mutex_trylock_common+0x78/0x250
[  934.061366][   T31]  schedule+0xe7/0x350
[  934.065516][   T31]  schedule_preempt_disabled+0x13/0x30
[  934.071198][   T31]  __mutex_lock+0x5b8/0x9c0
[  934.075740][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  934.087834][   T31]  ? rfkill_unregister+0xde/0x2c0
[  934.092940][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  934.106142][   T31]  ? device_del+0x6b6/0x9f0
[  934.110800][   T31]  ? __pfx_device_del+0x10/0x10
[  934.115694][   T31]  ? rfkill_unregister+0xde/0x2c0
[  934.121090][   T31]  rfkill_unregister+0xde/0x2c0
[  934.125997][   T31]  nfc_unregister_device+0x94/0x330
[  934.140374][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  934.146178][   T31]  virtual_ncidev_close+0x51/0xb0
[  934.157172][   T31]  __fput+0x408/0xbb0
[  934.168076][   T31]  task_work_run+0x14e/0x250
[  934.172727][   T31]  ? __pfx_task_work_run+0x10/0x10
[  934.177965][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  934.183196][   T31]  do_exit+0xa9b/0x2ba0
[  934.187397][   T31]  ? __pfx_do_exit+0x10/0x10
[  934.192104][   T31]  do_group_exit+0xd3/0x2a0
[  934.196656][   T31]  get_signal+0x2616/0x2710
[  934.201291][   T31]  ? __pfx_get_signal+0x10/0x10
[  934.206268][   T31]  ? __pfx_force_sig_fault+0x10/0x10
[  934.211680][   T31]  arch_do_signal_or_restart+0x90/0x7e0
[  934.217261][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  934.223546][   T31]  ? spurious_kernel_fault+0x2f4/0x3c0
[  934.229102][   T31]  irqentry_exit_to_user_mode+0x139/0x280
[  934.234872][   T31]  asm_exc_page_fault+0x26/0x30
[  934.239835][   T31] RIP: 0033:0x7f173b639f67
[  934.244293][   T31] RSP: 002b:00007f173c4b0160 EFLAGS: 00010206
[  934.250802][   T31] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f173b775bd9
[  934.267273][   T31] RDX: 00007f173c4b0180 RSI: 00007f173c4b02b0 RDI: 000000000000000b
[  934.280710][   T31] RBP: 00007f173b7e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  934.299112][   T31] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  934.307402][   T31] R13: 000000000000000b R14: 00007f173b903f60 R15: 00007ffedcea8858
[  934.328606][   T31]  </TASK>
[  934.331723][   T31] INFO: task syz-executor:11699 blocked for more than 144 seconds.
[  934.346863][   T31]       Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  934.354661][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  934.368521][   T31] task:syz-executor    state:D stack:28160 pid:11699 tgid:11699 ppid:1      flags:0x00004004
[  934.394027][   T31] Call Trace:
[  934.397362][   T31]  <TASK>
[  934.407431][   T31]  __schedule+0xf15/0x5d00
[  934.412101][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  934.417343][   T31]  ? __pfx___lock_acquire+0x10/0x10
[  934.432214][   T31]  ? __pfx___schedule+0x10/0x10
[  934.437134][   T31]  ? schedule+0x298/0x350
[  934.441749][   T31]  ? __pfx_lock_release+0x10/0x10
[  934.446821][   T31]  ? __mutex_lock+0x5b3/0x9c0
[  934.464739][   T31]  ? __mutex_trylock_common+0x78/0x250
[  934.470487][   T31]  schedule+0xe7/0x350
[  934.474595][   T31]  schedule_preempt_disabled+0x13/0x30
[  934.487835][   T31]  __mutex_lock+0x5b8/0x9c0
[  934.492405][   T31]  ? rfkill_register+0x3a/0xb40
[  934.497301][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  934.515701][   T31]  ? lockdep_init_map_type+0x16d/0x7d0
[  934.525941][   T31]  ? __init_waitqueue_head+0xca/0x150
[  934.537811][   T31]  ? rfkill_register+0x3a/0xb40
[  934.542729][   T31]  ? rfkill_alloc+0x25b/0x330
[  934.547451][   T31]  rfkill_register+0x3a/0xb40
[  934.560617][   T31]  hci_register_dev+0x3cc/0xc60
[  934.565553][   T31]  __vhci_create_device+0x357/0x7e0
[  934.576751][   T31]  vhci_write+0x2c7/0x470
[  934.581332][   T31]  vfs_write+0x6b6/0x1140
[  934.585710][   T31]  ? __pfx_vhci_write+0x10/0x10
[  934.597816][   T31]  ? __pfx_vfs_write+0x10/0x10
[  934.602643][   T31]  ? find_held_lock+0x59/0x110
[  934.607435][   T31]  ? find_held_lock+0x2d/0x110
[  934.631559][   T31]  ? do_user_addr_fault+0x6d7/0xe50
[  934.636901][   T31]  ? __fget_light+0x173/0x210
[  934.647849][   T31]  ksys_write+0x12f/0x260
[  934.652264][   T31]  ? __pfx_ksys_write+0x10/0x10
[  934.657154][   T31]  do_syscall_64+0xcd/0x250
[  934.669540][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  934.675519][   T31] RIP: 0033:0x7f84fc974720
[  934.686119][   T31] RSP: 002b:00007fff3aebb5a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[  934.707821][   T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f84fc974720
[  934.715951][   T31] RDX: 0000000000000002 RSI: 00007fff3aebb5ba RDI: 00000000000000ca
[  934.736367][   T31] RBP: 00007f84fcb04a18 R08: 0000000000000000 R09: 00007f84fd63d6c0
[  934.744680][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c
[  934.765552][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009
[  934.773983][   T31]  </TASK>
[  934.777075][   T31] 
[  934.777075][   T31] Showing all locks held in the system:
[  934.785344][   T31] 3 locks held by kworker/0:1/9:
[  934.797846][   T31]  #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[  934.816185][   T31]  #1: ffffc900000e7d80 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[  934.829543][   T31]  #2: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x1b/0x160
[  934.852405][   T31] 1 lock held by khungtaskd/31:
[  934.857311][   T31]  #0: ffffffff8dbb1620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340
[  934.874781][   T31] 3 locks held by udevd/4535:
[  934.879786][   T31] 2 locks held by getty/4838:
[  934.884486][   T31]  #0: ffff88802b0d60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  934.902374][   T31]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490
[  934.915201][   T31] 2 locks held by kworker/1:4/5140:
[  934.926294][   T31]  #0: ffff8880b923ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  934.936784][   T31]  #1: ffffffff8dbb1620 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x1d6/0x5a0
[  934.954561][   T31] 4 locks held by kworker/u8:11/5508:
[  934.964491][   T31]  #0: ffff8880162d3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[  934.987111][   T31]  #1: ffffc900035dfd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[  934.999610][   T31]  #2: ffffffff8f732e90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xbb/0xbf0
[  935.015238][   T31]  #3: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xde/0x2c0
[  935.025704][   T31] 1 lock held by syz-executor/10338:
[  935.037822][   T31]  #0: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xde/0x2c0
[  935.056871][   T31] 2 locks held by syz.4.1437/11583:
[  935.062182][   T31]  #0: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570
[  935.073630][   T31]  #1: ffff88801b697100 (&dev->mutex){....}-{3:3}, at: nfc_dev_down+0x2d/0x2e0
[  935.093595][   T31] 2 locks held by syz.0.1431/11604:
[  935.102732][   T31]  #0: ffff88801b697100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x60/0x330
[  935.121513][   T31]  #1: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xde/0x2c0
[  935.131956][   T31] 2 locks held by syz-executor/11699:
[  935.137357][   T31]  #0: ffff88807ea87918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bb/0x470
[  935.155248][   T31]  #1: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40
[  935.166209][   T31] 2 locks held by syz.1.1581/12122:
[  935.177847][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.186395][   T31]  #1: ffffffff8fbcca48 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_open+0x13b/0x750
[  935.212388][   T31] 1 lock held by syz-executor/12131:
[  935.217730][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.235191][   T31] 1 lock held by syz.0.1589/12149:
[  935.247592][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.256394][   T31] 1 lock held by syz.0.1589/12151:
[  935.262164][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.279357][   T31] 1 lock held by syz-executor/12173:
[  935.284775][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.297812][   T31] 1 lock held by syz-executor/12179:
[  935.303139][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.326140][   T31] 1 lock held by syz.3.1598/12184:
[  935.340130][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.348910][   T31] 1 lock held by syz-executor/12186:
[  935.354217][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.371634][   T31] 1 lock held by syz-executor/12188:
[  935.376970][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.390566][   T31] 1 lock held by syz-executor/12190:
[  935.396508][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.405292][   T31] 1 lock held by syz-executor/12192:
[  935.417817][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.426615][   T31] 1 lock held by syz-executor/12194:
[  935.449173][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.457732][   T31] 1 lock held by syz-executor/12196:
[  935.463299][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.475644][   T31] 1 lock held by syz-executor/12198:
[  935.485899][   T31]  #0: ffffffff8e7d4ac8 (misc_mtx){+.+.}-{3:3}, at: misc_open+0x59/0x4c0
[  935.507886][   T31] 
[  935.510263][   T31] =============================================
[  935.510263][   T31] 
[  935.527428][   T31] NMI backtrace for cpu 0
[  935.531804][   T31] CPU: 0 PID: 31 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  935.541721][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  935.551799][   T31] Call Trace:
[  935.555099][   T31]  <TASK>
[  935.558046][   T31]  dump_stack_lvl+0x116/0x1f0
[  935.562754][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  935.567723][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  935.573732][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  935.579768][   T31]  watchdog+0xf86/0x1240
[  935.584044][   T31]  ? __pfx_watchdog+0x10/0x10
[  935.589175][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  935.594395][   T31]  ? __kthread_parkme+0x148/0x220
[  935.599443][   T31]  ? __pfx_watchdog+0x10/0x10
[  935.604137][   T31]  kthread+0x2c1/0x3a0
[  935.608227][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  935.613458][   T31]  ? __pfx_kthread+0x10/0x10
[  935.618072][   T31]  ret_from_fork+0x45/0x80
[  935.622524][   T31]  ? __pfx_kthread+0x10/0x10
[  935.627157][   T31]  ret_from_fork_asm+0x1a/0x30
[  935.631954][   T31]  </TASK>
[  935.635902][   T31] Sending NMI from CPU 0 to CPUs 1:
[  935.641175][    C1] NMI backtrace for cpu 1
[  935.641196][    C1] CPU: 1 PID: 4535 Comm: udevd Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  935.641219][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  935.641232][    C1] RIP: 0010:stack_access_ok+0x1f9/0x270
[  935.641267][    C1] Code: fd 0f 83 d3 fe ff ff e8 35 0e 51 00 48 8b 44 24 08 48 01 e8 49 39 c6 48 89 04 24 0f 83 b9 fe ff ff e8 1b 0e 51 00 48 8b 04 24 <41> be 01 00 00 00 49 39 c7 0f 83 ec fe ff ff e9 9c fe ff ff 48 89
[  935.641287][    C1] RSP: 0018:ffffc900030df8f0 EFLAGS: 00000293
[  935.641304][    C1] RAX: ffffc900030dfd28 RBX: ffffc900030df9b8 RCX: ffffffff813cd516
[  935.641320][    C1] RDX: ffff88807d8ebc00 RSI: ffffffff813cd675 RDI: 0000000000000005
[  935.641339][    C1] RBP: ffffc900030dfd20 R08: 0000000000000005 R09: 0000000000000000
[  935.641352][    C1] R10: 0000000000000001 R11: 0000000000000003 R12: ffffc900030df9c0
[  935.641366][    C1] R13: ffffc900030df9c8 R14: ffffc900030d8000 R15: ffffc900030e0000
[  935.641381][    C1] FS:  00007fb81a751c80(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
[  935.641402][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  935.641418][    C1] CR2: 000055898c0acd10 CR3: 000000002f7d4000 CR4: 00000000003506f0
[  935.641432][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  935.641445][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  935.641458][    C1] Call Trace:
[  935.641466][    C1]  <NMI>
[  935.641473][    C1]  ? show_regs+0x8c/0xa0
[  935.641502][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[  935.641532][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  935.641559][    C1]  ? nmi_handle+0x1a9/0x5c0
[  935.641588][    C1]  ? stack_access_ok+0x1f9/0x270
[  935.641616][    C1]  ? default_do_nmi+0x6a/0x160
[  935.641636][    C1]  ? exc_nmi+0x170/0x1e0
[  935.641654][    C1]  ? end_repeat_nmi+0xf/0x53
[  935.641675][    C1]  ? stack_access_ok+0x96/0x270
[  935.641704][    C1]  ? stack_access_ok+0x1f5/0x270
[  935.641732][    C1]  ? stack_access_ok+0x1f9/0x270
[  935.641761][    C1]  ? stack_access_ok+0x1f9/0x270
[  935.641790][    C1]  ? stack_access_ok+0x1f9/0x270
[  935.641819][    C1]  </NMI>
[  935.641826][    C1]  <TASK>
[  935.641834][    C1]  unwind_next_frame+0xd9b/0x23a0
[  935.641864][    C1]  ? __kasan_record_aux_stack+0xba/0xd0
[  935.641889][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  935.641917][    C1]  arch_stack_walk+0x100/0x170
[  935.641940][    C1]  ? __kasan_record_aux_stack+0xba/0xd0
[  935.641964][    C1]  stack_trace_save+0x95/0xd0
[  935.641990][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  935.642018][    C1]  kasan_save_stack+0x33/0x60
[  935.642045][    C1]  ? kasan_save_stack+0x33/0x60
[  935.642072][    C1]  ? __kasan_record_aux_stack+0xba/0xd0
[  935.642103][    C1]  __kasan_record_aux_stack+0xba/0xd0
[  935.642127][    C1]  ? __pfx___d_free+0x10/0x10
[  935.642155][    C1]  __call_rcu_common.constprop.0+0x9a/0x790
[  935.642186][    C1]  dentry_free+0xc2/0x160
[  935.642215][    C1]  __dentry_kill+0x498/0x600
[  935.642235][    C1]  dput.part.0+0x4b1/0x9b0
[  935.642257][    C1]  dput+0x1f/0x30
[  935.642276][    C1]  do_unlinkat+0x353/0x750
[  935.642305][    C1]  ? __pfx_do_unlinkat+0x10/0x10
[  935.642338][    C1]  ? __check_object_size+0x48e/0x720
[  935.642363][    C1]  ? getname_flags.part.0+0x1e1/0x4f0
[  935.642387][    C1]  __x64_sys_unlink+0xc7/0x110
[  935.642415][    C1]  do_syscall_64+0xcd/0x250
[  935.642442][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  935.642473][    C1] RIP: 0033:0x7fb81a317da7
[  935.642488][    C1] Code: f0 ff ff 73 01 c3 48 8b 0d 7e 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 90 0d 00 f7 d8 64 89 01 48
[  935.642508][    C1] RSP: 002b:00007ffcf67b1948 EFLAGS: 00000202 ORIG_RAX: 0000000000000057
[  935.642527][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb81a317da7
[  935.642541][    C1] RDX: 0000000000000000 RSI: 0000000037baf7c0 RDI: 00005609ae6b20d8
[  935.642555][    C1] RBP: 00005609c6d7d6d0 R08: 0000000037c42c9a R09: 00007fb81a858080
[  935.642569][    C1] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000bb8
[  935.642582][    C1] R13: 00005609c6d9be20 R14: 0000000000000000 R15: 0000000000000000
[  935.642598][    C1]  </TASK>
[  936.050032][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  936.056909][   T31] CPU: 0 PID: 31 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0
[  936.066825][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  936.076898][   T31] Call Trace:
[  936.080201][   T31]  <TASK>
[  936.083145][   T31]  dump_stack_lvl+0x3d/0x1f0
[  936.087766][   T31]  panic+0x6f5/0x7a0
[  936.091686][   T31]  ? __pfx_panic+0x10/0x10
[  936.096135][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  936.101529][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  936.107543][   T31]  ? preempt_schedule_thunk+0x1a/0x30
[  936.112943][   T31]  ? watchdog+0xd3d/0x1240
[  936.117379][   T31]  ? watchdog+0xd30/0x1240
[  936.121817][   T31]  watchdog+0xd4e/0x1240
[  936.126085][   T31]  ? __pfx_watchdog+0x10/0x10
[  936.130779][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  936.135982][   T31]  ? __kthread_parkme+0x148/0x220
[  936.141009][   T31]  ? __pfx_watchdog+0x10/0x10
[  936.145684][   T31]  kthread+0x2c1/0x3a0
[  936.149753][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  936.154950][   T31]  ? __pfx_kthread+0x10/0x10
[  936.159538][   T31]  ret_from_fork+0x45/0x80
[  936.163961][   T31]  ? __pfx_kthread+0x10/0x10
[  936.168553][   T31]  ret_from_fork_asm+0x1a/0x30
[  936.173341][   T31]  </TASK>
[  936.176578][   T31] Kernel Offset: disabled
[  936.180980][   T31] Rebooting in 86400 seconds..