last executing test programs:

2m1.061365846s ago: executing program 2 (id=493):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r0=>0x0}}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000280)=@flushsa={0x7c, 0x1c, 0x400, 0x70bd29, 0x25dfdbfb, {0x32}, [@algo_comp={0x5c, 0x3, {{'lzjh\x00'}, 0xa0, "054a262fcfa880a9e7df130d2c3fc888f99a533d"}}, @lastused={0xc, 0xf, 0x70f}]}, 0x7c}}, 0x4000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
setpriority(0x1, 0x0, 0x7)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0xa7)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r3 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=@newqdisc={0xe0, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r0, {0xffff, 0xffe0}, {0xd}, {0x0, 0xfff2}}, [@TCA_STAB={0x84, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x9, 0x5, 0x8, 0x0, 0x81, 0x6, 0x8}}, {0x14, 0x2, [0x3, 0x0, 0x5, 0x1004, 0x8, 0x8, 0xfe00, 0x5]}}, {{0x1c, 0x1, {0x5, 0x7, 0x6, 0x81, 0x1, 0x3, 0x3, 0x7}}, {0x12, 0x2, [0x55, 0xfffa, 0x1, 0x1, 0x24, 0xa, 0xc]}}, {{0x1c, 0x1, {0x6, 0x6, 0xd, 0x9, 0x0, 0xfffffeef, 0xc}}, {0x4}}]}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8001}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x1}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x6}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @TCA_RATE={0x6, 0x5, {0x2, 0xf8}}]}, 0xe0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtfilter={0x144, 0x2c, 0xd27, 0x3, 0x0, {0x0, 0x0, 0x0, r4, {0x8}, {}, {0x5}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x114, 0x2, [@TCA_CGROUP_EMATCHES={0x110, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x104, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x400, 0x1, 0x2}, {0x800, 0x1, 0xfffc, 0x5, 0x8, 0x2}}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3, 0x1, 0x9}, {0x301, 0xffffffff, 0x4f5, 0x3, 0x2, 0x1}}}, @TCF_EM_META={0xd0, 0x2, 0x0, 0x0, {{0x3, 0x4, 0x7f}, [@TCA_EM_META_RVALUE={0x17, 0x3, [@TCF_META_TYPE_VAR="486d35d6956c87124ba8", @TCF_META_TYPE_VAR="1a3574a76be5fff386"]}, @TCA_EM_META_RVALUE={0x29, 0x3, [@TCF_META_TYPE_VAR="d0515288ec5c43a9", @TCF_META_TYPE_VAR="918b2ff0be1c4815", @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="e25aac7901bf1dfa22"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0xfff4, 0xf8, 0x1}, {0x0, 0x3}}}, @TCA_EM_META_LVALUE={0x22, 0x2, [@TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="27c88ebb0a071d6f", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="a9fb9ebc6491939a0402", @TCF_META_TYPE_INT]}, @TCA_EM_META_RVALUE={0x19, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="28080388d1ea084c7c", @TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x7]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x8}, {0xe, 0x8}}}, @TCA_EM_META_LVALUE={0x12, 0x2, [@TCF_META_TYPE_VAR="f0", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="a5f5cb87c185d2f578"]}, @TCA_EM_META_LVALUE={0x8, 0x2, [@TCF_META_TYPE_INT=0x8]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7f, 0x76}, {0xa64, 0x5}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2f0d}}]}]}}]}, 0x144}}, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000300)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = memfd_create(0x0, 0x0)
sendfile(0xffffffffffffffff, r9, 0x0, 0x8)
socket$unix(0x1, 0x5, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x6, 0x4, 0x1000, 0x89, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=""/103, &(0x7f0000000600), &(0x7f0000001b40), 0x80, r10, 0x0, 0x7}, 0x38)
setsockopt$inet6_int(r5, 0x29, 0x11, 0x0, 0x0)
r11 = fcntl$getown(r1, 0x9)
fcntl$lock(r2, 0x6, &(0x7f00000003c0)={0x1, 0x0, 0xd9, 0x0, r11})

1m58.858998409s ago: executing program 2 (id=498):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000240)={0x28, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}}, 0x0)

1m58.673431964s ago: executing program 2 (id=499):
bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYRESHEX=0x0, @ANYRES32, @ANYBLOB='\x00'/18, @ANYRESDEC, @ANYBLOB="3a5aee5ab3a8432ffd61fae6ac205a66fe3947de3514f501cfd05f43b6fd22150b41255b46983b7aaff4355e530f523ca89b91b9f60b36276af2c007c492acf3b9514bf7539e55dabbac4726ef3956c5bcc949ae0984eed214880273e7bd5e431eb133d7b685f1c7fd7cbdd112e7deda7ad3beaba28b43a7a83a60f2cd662f64d939f98c6b331952b36ff50f324ee6b43add102ac9aa30488727b4cd47ec812ddafb9f673afe6b1e5d403c706e226d7a3965d787e55635b321b92fe3337b577ad5aa673330727f33b66184e85440fe8d7c95773f197186126d787b7708c4fa"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180000000085200000020000009500000000000000cfffc76099671601f5035c2e1c8224a810e0718d5575da856e74d517d600593418af3cc9c94e11e56b6179f486e0fb341a578ebd5b513e0ad5f88fe4ab8624368c11c4acaf6d96d4e655bafea2416275ef6b0891da9444e902e02366a7cc374de4cd4a3190a94891207c8b40084e902d0b0e0472"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1c, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b400000000000003dd0a00000000000073013700000000009500000000000000b38a595efa0578208e8354bb546620e3690771f5bf003326913779cfaf84efb8b3f976c934b37c6aab214e75d6019bf1582d07e5b5351fb88008465255c682"], &(0x7f0000003ff6)='GPL\x00', 0x4a, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000740)={{{@in=@dev, @in=@empty}}, {{@in6=@initdev}, 0x0, @in6=@mcast2}}, &(0x7f0000000040)=0xe8)
syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0)
sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000680)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
openat(0xffffffffffffff9c, 0x0, 0x90081, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="5400000039f984498783", @ANYRES16=r6, @ANYBLOB="010000000000fdffffff03000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564703a73797a3200000000"], 0x54}, 0x1, 0x0, 0x0, 0x80d0}, 0x0)
semget(0x1, 0x4, 0x1c)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000020000402505a0a440000000010109023b000101000000090400001202060000052406000005240000000dfb427817000000000000000009058202000200000009050302"], 0x0)

1m54.049791752s ago: executing program 2 (id=508):
r0 = socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="6127e29a10", 0x5}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000c9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa067707"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x3c, r5, 0x1, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000081}, 0x40004)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x18002003}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, r5, 0x4, 0x70bd2b, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x1}, {0x6, 0x16, 0x8000}, {0x5}, {0x6, 0x11, 0x2}, {0x8, 0xb, 0x2}}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c850}, 0xc004)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x44, r3, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0xfeffffff}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @local}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}]}, 0x44}}, 0x0)

1m52.513120666s ago: executing program 4 (id=513):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r1, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x400000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x27b}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4773}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xe2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0xffffff84, 0x10000, 0xffffff84, 0xffffffff}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
syz_usb_connect(0x3, 0xfc99, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00')
getdents64(r5, &(0x7f0000000480)=""/4081, 0x103a)
poll(0x0, 0x0, 0x80)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x804)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000183b9220b113420016580102030109021b00010000000009040000012e459e00090504", @ANYRESDEC], 0x0)

1m49.474831383s ago: executing program 2 (id=517):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64)
r0 = getpid() (rerun: 64)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) (async)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
userfaultfd(0x0) (async)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async, rerun: 64)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) (rerun: 64)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) (async, rerun: 64)
getresuid(0x0, 0x0, &(0x7f0000000300)) (async, rerun: 64)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a30000000000800034000000007"], 0x64}, 0x1, 0x0, 0x0, 0x20048800}, 0x0) (async)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8814}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40010}}], 0x2, 0x24048880) (async, rerun: 32)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) (async, rerun: 32)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10) (async)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) (async)
clock_settime(0xa, 0x0) (async)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
futex_waitv(&(0x7f0000000b80)=[{0x3, &(0x7f0000000280)=0x8000, 0x2}, {0x1000, &(0x7f0000000340)=0x4, 0x82}, {0x9, &(0x7f0000000400)=0x1, 0x82}, {0xa34, &(0x7f0000000440)=0x2}, {0xfff, &(0x7f0000000480), 0x82}, {0xd41c, &(0x7f0000000580), 0x82}, {0x8, &(0x7f00000005c0)=0x7, 0x2}, {0x800, &(0x7f0000000600)=0x8000000000000000, 0x82}, {0x96, &(0x7f0000000640)=0x3, 0x82}, {0x1, &(0x7f0000000680)=0x8, 0x82}, {0x5, &(0x7f00000006c0)=0xba, 0x82}, {0x6, &(0x7f0000000700)=0x971, 0x2}, {0x240000, &(0x7f0000000740)=0x4}, {0x7fffffffffffffff, &(0x7f0000000780)=0x4, 0x83}, {0x7f, &(0x7f00000007c0)=0x8, 0x2}, {0x9, &(0x7f0000000800)=0x9, 0x2}, {0x0, &(0x7f0000000840)=0x21017de7}, {0x6, &(0x7f0000000880)=0x8, 0x82}, {0x80, &(0x7f00000008c0)=0xaba, 0x82}, {0x1, &(0x7f0000000900)=0x6, 0x2}, {0x6, &(0x7f0000000940)=0xfffffffffffff000, 0x82}, {0x1, &(0x7f0000000980)=0x7f}, {0x400, &(0x7f00000009c0)=0x7f, 0x80}, {0x5, &(0x7f0000000a00)=0x2, 0x82}, {0xfffffffffffffffc, &(0x7f0000000a40)=0xe5, 0x2}, {0x2d, &(0x7f0000000a80)=0x3, 0x2}, {0xde1b, &(0x7f0000000ac0)=0xffffffff, 0x82}, {0x5, &(0x7f0000000b00)=0x8, 0x82}, {0x3, &(0x7f0000000b40)=0xa, 0x82}], 0x1d, 0x0, &(0x7f0000000e40), 0x1) (async)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5, 0x0, 0x0, <r6=>0x0})
open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0) (async)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r4, 0x3b8c, &(0x7f0000000040)={0x30, r6, 0x0, 0x0, 0x7, 0x6, 0xffffffff, 0x0}) (async, rerun: 32)
r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102) (rerun: 32)
r8 = dup(r7)
mmap$IORING_OFF_SQ_RING(&(0x7f00007fe000/0x800000)=nil, 0x800000, 0x1000000, 0x13, r8, 0x0)

1m48.619608299s ago: executing program 2 (id=519):
syz_open_dev$evdev(&(0x7f00000000c0), 0x3f, 0x822f01)
openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
r0 = userfaultfd(0x801)
r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r2, 0x8, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_MODULATOR(r1, 0x40445637, &(0x7f0000000240)={0x401, "222a9fd6d402b6892cd4b345b58ac01105f9eb1a06c3709030a09904d2704689", 0x8, 0x7, 0x8, 0x2, 0x3})
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x769})
syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x6559, 0x13580, 0x3}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000080), &(0x7f00000000c0)={0x7a}, 0x0, 0x0, 0x0)

1m48.488535537s ago: executing program 4 (id=521):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000d00)=@filter={'filter\x00', 0x42, 0x4, 0x350, 0xffffffff, 0x198, 0x0, 0x198, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'rose0\x00', 'wg2\x00'}, 0xa00, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'snmp\x00'}}, @common=@socket0={{0x20}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0xe}}, @common=@socket0={{0x20}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0)
syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)={{0x12, 0x1, 0x0, 0xab, 0xcd, 0xa8, 0x8, 0x733, 0x1314, 0x563e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x54, 0x0, 0x0, 0xdb, 0x22, 0x6}}]}}]}}, 0x0)

1m45.641331552s ago: executing program 4 (id=524):
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
listen(0xffffffffffffffff, 0xda90)
msgrcv(0x0, &(0x7f00000001c0)={0x0, ""/199}, 0xcf, 0x3, 0x1000)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r1, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) (fail_nth: 1)
setsockopt$inet6_int(r1, 0x29, 0x31, &(0x7f0000000140)=0x10001, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
recvmmsg(r1, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/27, 0x1b}}], 0x2, 0x10162, 0x0)
pipe2(0x0, 0x800)
syz_io_uring_submit(0x0, 0x0, 0x0)
chdir(0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)

1m44.399053413s ago: executing program 4 (id=525):
syz_open_dev$sndctrl(&(0x7f0000000000), 0x5, 0x100)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000180)=0x10020)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x602460, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380))
r3 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r4 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000004c0), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000280)="ed622234", 0x4, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r3, r4}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'blake2b-256\x00'}})

1m43.047906121s ago: executing program 1 (id=527):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000000206010800000000000000000000000014000780080011400000000005001500f8000000050005000a000000050001000700000005000400000000000900020073797a310000000013000300686173683a6e6574"], 0x60}, 0x1, 0x0, 0x0, 0x4840}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x4)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x14, 0x0, 0x4f6})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f00000070c0), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r3, 0x80045530, &(0x7f0000000100)=""/184)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002940), 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/notes', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
pipe(&(0x7f0000000b40))
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000001c0)={@loopback, 0x800, 0x1}, 0x20)
syz_open_procfs$namespace(0x0, &(0x7f0000002500)='ns/time_for_children\x00')
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

1m42.06520799s ago: executing program 1 (id=528):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000002000010324bd7002fddbdf2501"], 0x14}}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000940)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000900)={&(0x7f0000000980)={0x1ec, 0x2f, 0x100, 0x70bd2a, 0x25dfdbfb, {0x2}, [@typed={0x8, 0x42, 0x0, 0x0, @u32=0x1000}, @nested={0xfd, 0xa7, 0x0, 0x1, [@generic="4587c2c0174f246e04a75f96fe5301c85e21d083f9b0a467211a9485e29f0f78ff8f12182d8d93a62a35659b5e21ca60f35d7c009913358b984712b19876df1cedeb4b4d14c3622d736188e4b5b9af111802a4d6621bf312c0af733dd98a848264c3c0a48986ea5ed3fb4af649878b2e4b14959fd86db500ba96e667ee55be3430fadeb1c8e5c027a3a8cb231ab265eca132b2c637587ac87e296773ff44762472f5eda8ff84d4861af5ae301028d984275d1a98c0be2aceca741a0b050df105031e0f07de80a53780b0d72c2760117792b64fcc33a8253e36ee90f188153dcab49ea1bed0ab511f62fbb92f03fb2353a2cf5e039a9506bc6a"]}, @typed={0x8, 0x39, 0x0, 0x0, @u32=0x1}, @typed={0x8, 0xa8, 0x0, 0x0, @pid}, @typed={0x8, 0x6a, 0x0, 0x0, @ipv4=@private=0xa010101}, @nested={0x10, 0xd1, 0x0, 0x1, [@typed={0xc, 0x39, 0x0, 0x0, @u64=0x7fffffffffffffff}]}, @generic="e94bb893c2bd0ee8c62cd054af0c5537e2936c0080e6c6ede7b939b9a5eed9d9c93d739d55764b6ae23d957805d85a79a761cdc2c6d05338f54d2d35de179671cf2d35945c4e0f48f1be2cb5be20e361e996d24fb55bf2856a4d847d4437b438f2e968d2ed7c4321a55de426e538d6b0def45fbf4b3e6cc32120f37fb105791597b8eb3c94dfd9d0e203b94208d58714a5ecdcd446a7ab8c34fa34ffbb38aa948ec9c11f6ced19"]}, 0x1ec}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x2e0, 0xd0, 0x2e0, 0xd0, 0xd0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0)

1m41.989488584s ago: executing program 4 (id=529):
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='comm\x00')
writev(r6, &(0x7f0000000340)=[{&(0x7f0000000000)='X', 0x1}, {0x0, 0x500}], 0x2)
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x10000001})

1m41.829428009s ago: executing program 1 (id=530):
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='comm\x00')
writev(r6, &(0x7f0000000340)=[{&(0x7f0000000000)='X', 0x1}, {0x0, 0x500}], 0x2)
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x10000001})

1m34.800384664s ago: executing program 0 (id=535):
ioctl$PPPIOCSFLAGS1(0xffffffffffffffff, 0x40047459, 0x0)
r0 = dup(0xffffffffffffffff)
write$binfmt_script(r0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="09e2ffff354ccaa2a55cdd5a840f41", @ANYRES8=r0, @ANYBLOB="0000000000000000000000000000000033916b77", @ANYRES16=r0, @ANYRES32, @ANYRES64=r0], 0x48)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000003c0)=ANY=[@ANYRESOCT=r4, @ANYRES8=r1, @ANYRES32=r3])
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0x0)
readlinkat(r6, &(0x7f0000000400)='./bus\x00', &(0x7f0000000680)=""/206, 0xce)
write$cgroup_subtree(r0, 0x0, 0x24)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8926, &(0x7f0000000080)={'ip6_vti0\x00', @ifru_flags=0x1800})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180300000000000000000000002020207b0af8ff00000000bda100000000000057010000f8ffffffb702000008000000b703000000000000850000001900000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000340)=0x3ff)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r10, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYRES16=r7, @ANYRESHEX=r10])
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r7, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r11, 0xe7baeb0b186a5810, 0x70bd2c, 0x25dfdbfe, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
r12 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0)
r13 = fcntl$dupfd(r12, 0x0, r12)
ioctl$sock_proto_private(r13, 0x8b27, &(0x7f0000000080))
clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x80003, 0x248a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4})

1m34.566123565s ago: executing program 4 (id=536):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r1, 0x2, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x3}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x4006, 0x0)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r3, 0x28, 0x6, &(0x7f0000000100)={0x77359400}, 0x10)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={0x0, 0x0, 0x80000, 0x0, <r4=>0xffffffffffffffff})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newtaction={0x98, 0x30, 0x48b, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ctinfo={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'nat\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x2, 0x1, 0x6, 0x1ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x98}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @mss={0x2, 0xbab}, @timestamp, @window={0x3, 0x6, 0x9}, @sack_perm, @sack_perm, @sack_perm, @sack_perm], 0x8)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000340)={0x10})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYRESHEX=r5, @ANYRES8, @ANYBLOB], 0x34}}, 0x0)

1m34.356691972s ago: executing program 1 (id=537):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10148, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x2f)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800060002000000000000000000000000000400"/50], 0x0, 0x32, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
ioctl$SIOCX25CALLACCPTAPPRV(0xffffffffffffffff, 0x89e8)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0xffffffff, @private1={0xfc, 0x1, '\x00', 0x1}, 0x1}, {0xa, 0x4e20, 0x4, @mcast2={0xff, 0x5}, 0x3ff}, r4}}, 0x48)
close_range(r2, 0xffffffffffffffff, 0x0)

1m33.251725847s ago: executing program 32 (id=519):
syz_open_dev$evdev(&(0x7f00000000c0), 0x3f, 0x822f01)
openat$mice(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
r0 = userfaultfd(0x801)
r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r2, 0x8, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_MODULATOR(r1, 0x40445637, &(0x7f0000000240)={0x401, "222a9fd6d402b6892cd4b345b58ac01105f9eb1a06c3709030a09904d2704689", 0x8, 0x7, 0x8, 0x2, 0x3})
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x769})
syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x6559, 0x13580, 0x3}, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000080), &(0x7f00000000c0)={0x7a}, 0x0, 0x0, 0x0)

1m33.192706147s ago: executing program 1 (id=540):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r0, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {0x0}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

1m33.032860073s ago: executing program 1 (id=541):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10004}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8}]}, 0x24}}, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000240)=""/102387, 0x18ff3)
socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)

1m31.342574358s ago: executing program 0 (id=542):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={0x0})
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0xa000)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000140)={<r2=>0x0})
ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000180)={r2, 0x3})
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x106, 0x4000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000000)={0x0, 0x0, 0x800})

1m31.181558975s ago: executing program 0 (id=543):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRES8=r0, @ANYRES32, @ANYRESDEC=r1, @ANYRESOCT, @ANYRES64=r0])
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x7, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xa)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$packet(0x11, 0x3, 0x300)
sendmsg(r5, &(0x7f0000003b40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x1}, 0x28048801)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r6=>r4, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="be7935b933e0bd72c449b466a217734b1ed99d5f2767b304d24c64090a221f3fa282d161c97e71c1c8a00e828fce79cfe46691a685a7d0b3e227e7a91870754a5e5a3497aa374494f969c9acf8b47d3ac50b7cf5746330f675ae185ca7a6b1c3ed470501601d6674ae8ec7cb4601f598e89090fb9affea802f4bd3a4740448ded438e48a4cdf1c07253c70f328c1e19c1758ea1615a4cae2a6686c36d4c9e21758f4a07f2201c2b5e1f8001e91cca72d28f768f9c6a2dc41be96fa1c30557848bd82bc6550d0fe0c", @ANYRESOCT, @ANYRESOCT=r6], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r7}, 0xc)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

1m29.289721827s ago: executing program 3 (id=546):
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000c5000018110000", @ANYRES32], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='comm\x00')
writev(r6, &(0x7f0000000340)=[{&(0x7f0000000000)='X', 0x1}, {0x0, 0x500}], 0x2)
r7 = epoll_create1(0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r8, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, 0xffffffffffffffff, &(0x7f00000000c0)={0x10000001})

1m26.421592397s ago: executing program 3 (id=547):
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000040)={0x4, 0x30, '\x00', 0x1, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sendto$netrom(0xffffffffffffffff, &(0x7f0000000080)="b21f08", 0x3, 0xc004, 0x0, 0x0)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000000c0), 0x8, &(0x7f0000000140))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x58, r1, 0x800, 0x70bd29, 0x7bff, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x101}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x6}, @NBD_ATTR_BACKEND_IDENTIFIER={0x4}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x40840}, 0x1)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x802, 0x0)
ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0x251)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x80049367, &(0x7f00000003c0))
fsopen(&(0x7f0000000400)='hfs\x00', 0x1)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), r0)
sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r3, 0x300, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0xd4}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0xc}, @IEEE802154_ATTR_SCAN_TYPE={0x5}, @IEEE802154_ATTR_CHANNELS={0x8, 0x14, 0x4}, @IEEE802154_ATTR_SCAN_TYPE={0x5, 0x13, 0x7}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x54}, @IEEE802154_ATTR_CHANNELS={0x8}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x8}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000000}, 0x11)
pipe(&(0x7f0000000600)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0)
sendmsg$key(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000640)={0x2, 0x14, 0x3, 0x7, 0x5, 0x0, 0x70bd26, 0x25dfdbfc, [@sadb_address={0x3, 0x17, 0x33, 0x80, 0x0, @in={0x2, 0x4e22, @local}}]}, 0x28}}, 0x4000040)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000700)={0x6, 0x7, 0x4, {0x8, @pix={0x3, 0xffffffcb, 0x47425247, 0x0, 0x8, 0x0, 0xc, 0xc, 0x1, 0x3, 0x0, 0x3}}, 0xb})
write$9p(r4, &(0x7f0000000800)="1d27482ef406f02a374698a6037d15e0743d0a1e5daf031306b52b0a571170cf126273093fe175c1afd1fb23e1d4b20ac2ddc6c4d0b15f6818c2b98b5f63fb924f8372c8c15a894dcb9f876aced9c3c3", 0x50)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000880), r5)
r6 = accept4(r4, &(0x7f00000008c0)=@ethernet={0x0, @local}, &(0x7f0000000940)=0x80, 0x80000)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000009c0), r5)
sendmsg$TIPC_NL_SOCK_GET(r7, &(0x7f0000000b80)={&(0x7f0000000980), 0xc, &(0x7f0000000b40)={&(0x7f0000000a00)={0x108, r8, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x18, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}]}, @TIPC_NLA_BEARER={0xdc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe908}]}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'ip6erspan0\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @rand_addr=0x64010102}}, {0x14, 0x2, @in={0x2, 0x4e23, @local}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x2, @remote, 0x3}}, {0x14, 0x2, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0xffff6be3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x101}}, {0x14, 0x2, @in={0x2, 0x4e20, @local}}}}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x200800c0}, 0x4)
setsockopt$sock_int(r6, 0x1, 0xc, &(0x7f0000000bc0)=0x3, 0x4)
r9 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$MRT6_DONE(r9, 0x29, 0xc9, 0x0, 0x0)
ioctl$PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000c40)={0x7, &(0x7f0000000c00)=[{0x0, 0xe, 0x4, 0x5}, {0x2, 0x8, 0xa, 0x7}, {0x8, 0xc7, 0x6, 0x712a}, {0xd, 0x1, 0x3, 0xe00}, {0xa, 0xf3, 0xc, 0x3}, {0x7, 0x10, 0x1, 0xe46}, {0xffff, 0xfa, 0x4, 0x7}]})
syz_usb_connect$cdc_ecm(0x6, 0x56, &(0x7f0000000c80)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x5, 0x10, 0x1, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x2, 0x6, 0x0, 0x36, {{0x7, 0x24, 0x6, 0x0, 0x0, "14e3"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x3ff, 0x0, 0x9, 0x9}, [@dmm={0x7, 0x24, 0x14, 0x7, 0xff}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x7, 0xf4, 0x80}}, {{0x9, 0x5, 0x3, 0x2, 0x220, 0x40, 0x3, 0x7}}}}}]}}]}}, &(0x7f00000010c0)={0xa, &(0x7f0000000d00)={0xa, 0x6, 0x200, 0xe3, 0xd, 0xc, 0x40, 0x81}, 0x30, &(0x7f0000000d40)={0x5, 0xf, 0x30, 0x2, [@ssp_cap={0x20, 0x10, 0xa, 0x4, 0x5, 0xa710, 0xf000, 0x6, [0x3f00, 0x3fff, 0xc00f, 0x3f1e, 0xc000]}, @wireless={0xb, 0x10, 0x1, 0x2, 0x5, 0x6, 0x3, 0x1000, 0x9}]}, 0x8, [{0xb4, &(0x7f0000000d80)=@string={0xb4, 0x3, "77714f96c509d3de38b3abcb5acb8c5ca63f3d26634e8aaf919ee69095f72074a834a522e7ba07f4df0cac2160f21cd66cf612304801f1756f4acbf8429d8f2f19a98f20114b583d0119f40319cbcc47fb6fb8b1a754dcf4979017082e26280b0af91252d8ff7ba6b03c80a23c9fe20c8df9c250421da7512cd7755ebe750eb8207d1447af9be32a130ea584fe4be2eb29e791e95d0be531c3b66441ae04dcf0b7e85acd28c170d665df3a09862e7e158cff"}}, {0x4, &(0x7f0000000e40)=@lang_id={0x4, 0x3, 0x827}}, {0x9a, &(0x7f0000000e80)=@string={0x9a, 0x3, "141a6ac25bf1797ac2b07398c7c5a9cdc9aa479d3fbe418d117595ef111664170a93b3d0583182a6b368a82575837114236e9282b72e07f23dfb1d07d488f266139f425d3266455239f5e88f9c6c4696de2f77a9ffda92b25c9b03bda91422984987f9da5b9be7c43685fb37387857705c73e545aaebe8fe0ee5fb09a78782561a9fcb3e380e05f87fa673b19aea4d3d0efe684ff74b0e03"}}, {0x5a, &(0x7f0000000f40)=@string={0x5a, 0x3, "812704cc6ebb9e62c5959b809d08840b191fc335c839bed62c6a2713a159493c6a30dd840385a180d6591ab204ddb18dcdf39da78ecbee62b2fa68db5a77e16550447ab28f7b38f792ec066300bad974a6407a5d2014a8a6"}}, {0x4, &(0x7f0000000fc0)=@lang_id={0x4, 0x3, 0x424}}, {0x4, &(0x7f0000001000)=@lang_id={0x4, 0x3, 0x411}}, {0x4, &(0x7f0000001040)=@lang_id={0x4, 0x3, 0x44d}}, {0x34, &(0x7f0000001080)=@string={0x34, 0x3, "082602e41ddfbc7e1326f6accbfba109737863b72372e77f91760f9f2ec97d0e98a0077ff9de6f4713ee36df78198792cd7b"}}]})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r5, 0xc01064c1, &(0x7f0000001140)={0x0, 0x1, <r10=>0xffffffffffffffff})
ppoll(&(0x7f0000001180)=[{r7, 0x1080}, {r4, 0x12}, {r10, 0x4008}], 0x3, &(0x7f00000011c0)={0x0, 0x3938700}, &(0x7f0000001200)={[0x4]}, 0x8)

1m26.219108736s ago: executing program 0 (id=548):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r1=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000002c0)={0xc, r1})
ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"]) (fail_nth: 1)

1m25.794409502s ago: executing program 0 (id=549):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r4=>0x0})
r5 = socket$nl_crypto(0x10, 0x3, 0x15)
fcntl$notify(r5, 0x402, 0x80000000)
sendmsg$NL80211_CMD_SET_WDS_PEER(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, r3, 0x2, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x3, 0x30}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000}, 0x4)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x1, &(0x7f0000000180)=0x1000000000000006})

1m25.531836358s ago: executing program 3 (id=550):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r0, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

1m25.433175533s ago: executing program 3 (id=551):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x2026e3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$swradio(&(0x7f0000001000), 0x0, 0x2)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000001040)={0x3, 0x1, 0x1})
preadv(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1, 0x7ffd, 0x0)
mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x2, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x82, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x8002, 0x12345})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) (async)
openat(0xffffffffffffff9c, 0x0, 0x2026e3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
syz_open_dev$swradio(&(0x7f0000001000), 0x0, 0x2) (async)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000001040)={0x3, 0x1, 0x1}) (async)
preadv(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}], 0x1, 0x7ffd, 0x0) (async)
mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0) (async)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0x2, 0x0, 0x0) (async)
syz_open_dev$MSR(&(0x7f0000000240), 0x82, 0x0) (async)
sched_setscheduler(0x0, 0x1, 0x0) (async)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340), &(0x7f0000000280)) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x40, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x8002, 0x12345}) (async)
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) (async)

1m24.575939304s ago: executing program 3 (id=552):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffe, 0x298, &(0x7f0000006680))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000000000000008, 0x8b}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa000001907800000000000000000300909400"/42], 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$VIDIOC_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f00000002c0)={0x0, 0x0, '\x00', @bt={0x1, 0x5, 0x3, 0x7, 0x4, 0x7, 0xd, 0x5}})
syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x24042, 0x124)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/12], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fanotify_mark(0xffffffffffffffff, 0x455, 0x40001000, 0xffffffffffffffff, 0x0)
close(r2)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

1m20.243011175s ago: executing program 3 (id=553):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa}]]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x40050)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x800)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'ipvlan1\x00', &(0x7f0000000440)=@ethtool_rxfh={0x1, 0x0, 0xfffffffe, 0x0, 0x0, "f9ffe6", 0x1}})

1m19.913473458s ago: executing program 0 (id=554):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000280), 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x200000000000023a, &(0x7f00000002c0)=ANY=[], 0x0, 0xffff14be, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x7, &(0x7f0000000880)=ANY=[@ANYRES16=r1, @ANYBLOB="9500420100000060b70e04d439d04555109f85a15197f934eebfbe692521d9ba04f82228f10872fbc90194ab1d48f7ece9903ee17ced9b89fe0b3e690eea04d32c94d0e21faaf726c1c757e3ac47a1b179aa079734bbd49ae9ead2211babf71d76820d2b32120e5a04ed0df2874e03ee11c82f99423911464170e86b3e3c4ab9069c7f2073abce2973bf0d3e8bb843a536843b8117faea9217fdeb340fe4b4c8206dd9c6b4d0227956c7e844f0f9c23a0990bdbe911818d228290e561e881d6c63b1647ae0c5b67b8186ec4be0c642481fd376b333721f2ef4830f377dbc708b23ed35bbd800786d74948f56ec64866459b4cc000000000000000000000000000076424cedae9ca93659", @ANYRES32=r0], &(0x7f0000000400)='GPL\x00', 0x7, 0x26, &(0x7f0000000580)=""/38, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000005c0)=[r0, r0], &(0x7f0000000600)=[{0x4004, 0x3, 0x4, 0x9}, {0x1, 0x5, 0xe, 0x6}, {0x0, 0x2, 0xf, 0x5}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000700)='virtio_transport_alloc_pkt\x00', r2}, 0xfffffffffffffeb0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
socket$alg(0x26, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$netlink(0x10, 0x3, 0x5)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560aff820fffff5bab003a0016202058e9ae412feeab000b4824ca945f6400948f6a0325010ebc000000000000001ae2b634dd991084ba892d095b03e89c8000f0fffeffe809005300", 0x58}], 0x1)
close(0x3)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff00000000000008004500eb24000000000073907800000000e000000100000000001090780200000000000000"], 0x0)

1m18.217689904s ago: executing program 33 (id=536):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r1, 0x2, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0x3}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x4006, 0x0)
r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r3, 0x28, 0x6, &(0x7f0000000100)={0x77359400}, 0x10)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000080)={0x0, 0x0, 0x80000, 0x0, <r4=>0xffffffffffffffff})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newtaction={0x98, 0x30, 0x48b, 0x0, 0x0, {}, [{0x84, 0x1, [@m_ctinfo={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'nat\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x2, 0x1, 0x6, 0x1ff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x98}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @mss={0x2, 0xbab}, @timestamp, @window={0x3, 0x6, 0x9}, @sack_perm, @sack_perm, @sack_perm, @sack_perm], 0x8)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000340)={0x10})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=ANY=[@ANYRESHEX=r5, @ANYRES8, @ANYBLOB], 0x34}}, 0x0)

1m16.731161231s ago: executing program 34 (id=541):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10004}, [@FRA_GENERIC_POLICY=@FRA_GOTO={0x8}]}, 0x24}}, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000000240)=""/102387, 0x18ff3)
socket$kcm(0x2, 0x200000000000001, 0x0)
ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)

1m3.703901454s ago: executing program 35 (id=554):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000280), 0x0}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x200000000000023a, &(0x7f00000002c0)=ANY=[], 0x0, 0xffff14be, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x7, &(0x7f0000000880)=ANY=[@ANYRES16=r1, @ANYBLOB="9500420100000060b70e04d439d04555109f85a15197f934eebfbe692521d9ba04f82228f10872fbc90194ab1d48f7ece9903ee17ced9b89fe0b3e690eea04d32c94d0e21faaf726c1c757e3ac47a1b179aa079734bbd49ae9ead2211babf71d76820d2b32120e5a04ed0df2874e03ee11c82f99423911464170e86b3e3c4ab9069c7f2073abce2973bf0d3e8bb843a536843b8117faea9217fdeb340fe4b4c8206dd9c6b4d0227956c7e844f0f9c23a0990bdbe911818d228290e561e881d6c63b1647ae0c5b67b8186ec4be0c642481fd376b333721f2ef4830f377dbc708b23ed35bbd800786d74948f56ec64866459b4cc000000000000000000000000000076424cedae9ca93659", @ANYRES32=r0], &(0x7f0000000400)='GPL\x00', 0x7, 0x26, &(0x7f0000000580)=""/38, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000005c0)=[r0, r0], &(0x7f0000000600)=[{0x4004, 0x3, 0x4, 0x9}, {0x1, 0x5, 0xe, 0x6}, {0x0, 0x2, 0xf, 0x5}], 0x10, 0x6, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000700)='virtio_transport_alloc_pkt\x00', r2}, 0xfffffffffffffeb0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
socket$alg(0x26, 0x5, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$netlink(0x10, 0x3, 0x5)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560aff820fffff5bab003a0016202058e9ae412feeab000b4824ca945f6400948f6a0325010ebc000000000000001ae2b634dd991084ba892d095b03e89c8000f0fffeffe809005300", 0x58}], 0x1)
close(0x3)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff00000000000008004500eb24000000000073907800000000e000000100000000001090780200000000000000"], 0x0)

1m3.435709772s ago: executing program 36 (id=553):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@key_params=[@NL80211_ATTR_MAC={0xa}]]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x40050)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x2, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x800)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'ipvlan1\x00', &(0x7f0000000440)=@ethtool_rxfh={0x1, 0x0, 0xfffffffe, 0x0, 0x0, "f9ffe6", 0x1}})

38.867952496s ago: executing program 7 (id=559):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), &(0x7f00000000c0)=@v2={0x2000000, [{}, {0x0, 0x7fffffff}]}, 0xfffffffffffffec2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r3, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4080, 0xfffffffffffffdcc, 0x0, 0x0, 0xffffffffffffff29}, &(0x7f0000000000)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x23, 0x1, 0x0}, &(0x7f00000002c0)=0x40)

37.2558518s ago: executing program 7 (id=560):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r0, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

37.163054481s ago: executing program 7 (id=561):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
io_setup(0x8, &(0x7f0000000600))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095855d45e046993aa90eaa408a8ee1bb669f65a2372bc6086e8256c134a65ca5e733a34008ee2550d94e300acb18cb58d0222d1e0a77c260ca0d10cd3465fd5c26c5c9d95e85a0f39da20374d1d8e2d4a72872bf8ecde7c01e26bf10fab72899f8420493890ce4e5f36122488a625f406c638b793714e44c460825b2577996adc8299163a98f500f4209307e85b1d959cfb7557e01eb9f209e61fe4acd0428108584c1eccd9c3d6b622badd4ad0eff5b0e30c8b532cb2ad73c95556aec02e5246ec1404f526b854426d3d00e50177bd801e1574fa25e"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r6, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a20303030"], 0xb8)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x5)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r7 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r7, r6, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r8 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=<r9=>0x0, &(0x7f00000001c0)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r8, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r11 = socket$kcm(0x2, 0x5, 0x84)
recvmsg$kcm(r11, &(0x7f0000000ac0)={0x0, 0x0, 0x0}, 0x40000002)

35.738300156s ago: executing program 7 (id=562):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_RESET_DIRTY_RINGS(r1, 0xaec7)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
r3 = dup(0xffffffffffffffff)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_netrom_SIOCDELRT(r3, 0x890c, &(0x7f0000000280)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0xfffffffd, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xd, 0x5, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010300000000000000001f0000002600060002002f0000000000"], 0x20}, 0x1, 0x3000000}, 0x0)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0)
syz_io_uring_setup(0x23c, &(0x7f0000000380)={0x0, 0x1ffefe, 0x10100, 0x7ffff, 0x0, 0x0, r3}, &(0x7f0000000200)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0xfffffffffffffffc, 0xfffffe21)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000300)=[{r8, 0xa3c3}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r8, 0x6, 0x21, &(0x7f00000002c0)="ff004000", 0x10)
setsockopt$inet_tcp_int(r8, 0x6, 0x19, &(0x7f0000000200)=0x2, 0x43)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x8, 0x4004, @fd_index=0x9, 0x800, 0x4, 0x6, 0x18, 0x0, {0x3, r9}})
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x2, &(0x7f00000000c0)=0xfa0, 0x4)
getsockopt$inet6_buf(r10, 0x29, 0x6, 0x0, &(0x7f0000000240))
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)

21.204350756s ago: executing program 7 (id=563):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000007c0)={r0, r2, 0x3, 0x0, @val=@perf_event={0x1}}, 0x18)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)

16.420337873s ago: executing program 7 (id=564):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
fchown(r0, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000a40)=@newqdisc={0x5c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x2c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x1000000, 0x3, 0xfe, 0x3, 0x1e}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x8, 0x5, 0xba2f, 0x4, 0x12, 0x18, 0x6}}]}}]}, 0x5c}}, 0x0)

0s ago: executing program 37 (id=564):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
fchown(r0, 0xffffffffffffffff, 0xffffffffffffffff)
r1 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000a40)=@newqdisc={0x5c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xe}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x2c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x1000000, 0x3, 0xfe, 0x3, 0x1e}}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x8, 0x5, 0xba2f, 0x4, 0x12, 0x18, 0x6}}]}}]}, 0x5c}}, 0x0)

kernel console output (not intermixed with test programs):

JECTION: forcing a failure.
[  120.477549][ T6878] name failslab, interval 1, probability 0, space 0, times 0
[  120.689136][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.698625][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  120.713758][ T6878] CPU: 1 UID: 0 PID: 6878 Comm: syz.1.192 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  120.724365][ T6878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  120.734421][ T6878] Call Trace:
[  120.737715][ T6878]  <TASK>
[  120.740646][ T6878]  dump_stack_lvl+0x16c/0x1f0
[  120.745344][ T6878]  should_fail_ex+0x497/0x5b0
[  120.750032][ T6878]  ? fs_reclaim_acquire+0xae/0x150
[  120.755157][ T6878]  should_failslab+0xc2/0x120
[  120.759843][ T6878]  __kmalloc_noprof+0xcb/0x510
[  120.764616][ T6878]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  120.770268][ T6878]  tomoyo_realpath_from_path+0xb9/0x720
[  120.775821][ T6878]  ? tomoyo_path_number_perm+0x235/0x590
[  120.781461][ T6878]  ? tomoyo_path_number_perm+0x235/0x590
[  120.787101][ T6878]  tomoyo_path_number_perm+0x248/0x590
[  120.792560][ T6878]  ? tomoyo_path_number_perm+0x235/0x590
[  120.798198][ T6878]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  120.804207][ T6878]  ? __pfx_lock_release+0x10/0x10
[  120.809238][ T6878]  ? trace_lock_acquire+0x14e/0x1f0
[  120.814455][ T6878]  ? lock_acquire+0x2f/0xb0
[  120.818961][ T6878]  ? __fget_files+0x40/0x3a0
[  120.823561][ T6878]  ? __fget_files+0x206/0x3a0
[  120.828247][ T6878]  security_file_ioctl+0x9b/0x240
[  120.833377][ T6878]  __x64_sys_ioctl+0xb7/0x200
[  120.838066][ T6878]  do_syscall_64+0xcd/0x250
[  120.842585][ T6878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.848495][ T6878] RIP: 0033:0x7f939a985d29
[  120.852925][ T6878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.872549][ T6878] RSP: 002b:00007f939b7d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  120.880983][ T6878] RAX: ffffffffffffffda RBX: 00007f939ab75fa0 RCX: 00007f939a985d29
[  120.888965][ T6878] RDX: 0000000020000300 RSI: 00000000c01864ba RDI: 0000000000000003
[  120.896948][ T6878] RBP: 00007f939b7d1090 R08: 0000000000000000 R09: 0000000000000000
[  120.904928][ T6878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.912919][ T6878] R13: 0000000000000000 R14: 00007f939ab75fa0 R15: 00007ffd9a0c2598
[  120.920912][ T6878]  </TASK>
[  121.025199][ T5890] usb 5-1: config 0 descriptor??
[  121.031149][ T5939] usb 4-1: string descriptor 0 read error: -71
[  121.037454][ T5939] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  121.046629][ T5939] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.078827][ T6878] ERROR: Out of memory at tomoyo_realpath_from_path.
[  121.080574][ T5939] usb 4-1: config 0 descriptor??
[  121.152664][ T5939] usb 4-1: can't set config #0, error -71
[  121.204197][ T5939] usb 4-1: USB disconnect, device number 6
[  121.962726][ T5890] usb 5-1: can't set config #0, error -71
[  122.218959][ T5890] usb 5-1: USB disconnect, device number 4
[  122.368980][   T29] audit: type=1400 audit(1734825935.796:293): avc:  denied  { write } for  pid=6894 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  122.696583][   T29] audit: type=1400 audit(1734825936.046:294): avc:  denied  { map } for  pid=6887 comm="syz.3.196" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  122.720182][   T29] audit: type=1400 audit(1734825936.046:295): avc:  denied  { execute } for  pid=6887 comm="syz.3.196" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  122.772677][   T29] audit: type=1400 audit(1734825936.116:296): avc:  denied  { create } for  pid=6898 comm="syz.1.197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  124.113260][   T29] audit: type=1400 audit(1734825937.556:297): avc:  denied  { read } for  pid=6912 comm="syz.2.204" name="qrtr-tun" dev="devtmpfs" ino=1307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  124.212818][   T29] audit: type=1400 audit(1734825937.556:298): avc:  denied  { open } for  pid=6912 comm="syz.2.204" path="/dev/qrtr-tun" dev="devtmpfs" ino=1307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  124.570626][   T29] audit: type=1400 audit(1734825937.606:299): avc:  denied  { write } for  pid=6913 comm="syz.0.203" name="dlm_plock" dev="devtmpfs" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  124.929953][   T29] audit: type=1400 audit(1734825937.626:300): avc:  denied  { shutdown } for  pid=6913 comm="syz.0.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  125.898770][   T29] audit: type=1400 audit(1734825937.726:301): avc:  denied  { name_connect } for  pid=6913 comm="syz.0.203" dest=32 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  125.924904][   T29] audit: type=1400 audit(1734825938.136:302): avc:  denied  { create } for  pid=6915 comm="syz.4.202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  125.944447][    C1] vkms_vblank_simulate: vblank timer overrun
[  126.011590][ T5890] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  126.196265][ T6916] netlink: 40 bytes leftover after parsing attributes in process `syz.0.203'.
[  126.208474][ T6916] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  126.217442][ T6916] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  126.226313][ T6916] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  126.235573][ T6916] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  126.542314][ T5890] usb 4-1: Using ep0 maxpacket: 32
[  126.653819][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7
[  126.664823][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  126.684763][ T5890] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  126.693912][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.702536][ T5890] usb 4-1: Product: syz
[  126.706724][ T5890] usb 4-1: Manufacturer: syz
[  126.711333][ T5890] usb 4-1: SerialNumber: syz
[  126.734216][ T5890] usb 4-1: config 0 descriptor??
[  126.952582][ T5890] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  127.984160][ T6182] usb 4-1: Failed to submit usb control message: -110
[  128.044261][ T6182] usb 4-1: unable to send the bmi data to the device: -110
[  128.277952][ T5890] usb 4-1: USB disconnect, device number 7
[  128.280504][ T6182] usb 4-1: unable to get target info from device
[  128.328133][ T6967] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  128.343697][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  128.343711][   T29] audit: type=1400 audit(1734825941.806:304): avc:  denied  { create } for  pid=6969 comm="syz.4.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  128.510184][ T6182] usb 4-1: could not get target info (-110)
[  128.526778][ T6182] usb 4-1: could not probe fw (-110)
[  128.608816][   T29] audit: type=1400 audit(1734825941.856:305): avc:  denied  { ioctl } for  pid=6969 comm="syz.4.216" path="socket:[10742]" dev="sockfs" ino=10742 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  129.000990][   T29] audit: type=1400 audit(1734825942.456:306): avc:  denied  { bind } for  pid=6976 comm="syz.3.219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  129.081090][   T29] audit: type=1400 audit(1734825942.546:307): avc:  denied  { listen } for  pid=6976 comm="syz.3.219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  129.263840][   T29] audit: type=1400 audit(1734825942.716:308): avc:  denied  { read } for  pid=6978 comm="syz.0.218" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  129.305081][   T29] audit: type=1400 audit(1734825942.716:309): avc:  denied  { open } for  pid=6978 comm="syz.0.218" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  129.338541][   T29] audit: type=1400 audit(1734825942.726:310): avc:  denied  { append } for  pid=6978 comm="syz.0.218" name="event3" dev="devtmpfs" ino=1007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  129.364647][ T6986] FAULT_INJECTION: forcing a failure.
[  129.364647][ T6986] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.391736][   T29] audit: type=1400 audit(1734825942.796:311): avc:  denied  { bind } for  pid=6985 comm="syz.4.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  129.401541][ T6986] CPU: 0 UID: 0 PID: 6986 Comm: syz.4.220 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  129.411916][   T29] audit: type=1400 audit(1734825942.826:312): avc:  denied  { setopt } for  pid=6985 comm="syz.4.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  129.421303][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  129.421315][ T6986] Call Trace:
[  129.421322][ T6986]  <TASK>
[  129.421330][ T6986]  dump_stack_lvl+0x16c/0x1f0
[  129.421361][ T6986]  should_fail_ex+0x497/0x5b0
[  129.441340][   T29] audit: type=1400 audit(1734825942.826:313): avc:  denied  { accept } for  pid=6985 comm="syz.4.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  129.450542][ T6986]  _copy_from_user+0x2e/0xd0
[  129.450575][ T6986]  copy_msghdr_from_user+0x99/0x160
[  129.450598][ T6986]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  129.500822][ T6986]  ? __pfx___lock_acquire+0x10/0x10
[  129.506022][ T6986]  ___sys_recvmsg+0xdc/0x1a0
[  129.510603][ T6986]  ? __pfx____sys_recvmsg+0x10/0x10
[  129.515791][ T6986]  ? __pfx_lock_release+0x10/0x10
[  129.520804][ T6986]  ? trace_lock_acquire+0x14e/0x1f0
[  129.526014][ T6986]  do_recvmmsg+0x2f8/0x740
[  129.530419][ T6986]  ? __pfx_do_recvmmsg+0x10/0x10
[  129.535342][ T6986]  ? vfs_write+0x306/0x1150
[  129.539840][ T6986]  ? __mutex_unlock_slowpath+0x164/0x690
[  129.545474][ T6986]  ? __fget_files+0x206/0x3a0
[  129.550144][ T6986]  __x64_sys_recvmmsg+0x239/0x290
[  129.555159][ T6986]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  129.560701][ T6986]  do_syscall_64+0xcd/0x250
[  129.565204][ T6986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.571091][ T6986] RIP: 0033:0x7ff79a785d29
[  129.575508][ T6986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.595105][ T6986] RSP: 002b:00007ff79b553038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  129.603510][ T6986] RAX: ffffffffffffffda RBX: 00007ff79a975fa0 RCX: 00007ff79a785d29
[  129.611478][ T6986] RDX: 0000000000000002 RSI: 0000000020004100 RDI: 0000000000000004
[  129.619439][ T6986] RBP: 00007ff79b553090 R08: 0000000000000000 R09: 0000000000000000
[  129.627399][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.635356][ T6986] R13: 0000000000000000 R14: 00007ff79a975fa0 R15: 00007ffe4a7d5158
[  129.643322][ T6986]  </TASK>
[  131.264817][ T7008] netlink: 'syz.2.226': attribute type 4 has an invalid length.
[  132.333489][ T7025] =======================================================
[  132.333489][ T7025] WARNING: The mand mount option has been deprecated and
[  132.333489][ T7025]          and is ignored by this kernel. Remove the mand
[  132.333489][ T7025]          option from the mount to silence this warning.
[  132.333489][ T7025] =======================================================
[  132.795494][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  132.802104][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  133.178518][ T7032] input: syz0 as /devices/virtual/input/input6
[  135.026160][    T8] IPVS: starting estimator thread 0...
[  135.067514][ T7051] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  135.301718][ T7056] IPVS: using max 27 ests per chain, 64800 per kthread
[  135.445252][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  135.445276][   T29] audit: type=1400 audit(1734825948.906:317): avc:  denied  { ioctl } for  pid=7062 comm="syz.3.242" path="socket:[11856]" dev="sockfs" ino=11856 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  135.481130][   T29] audit: type=1400 audit(1734825948.946:318): avc:  denied  { ioctl } for  pid=7064 comm="syz.0.243" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=11862 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  135.608048][ T7070] FAULT_INJECTION: forcing a failure.
[  135.608048][ T7070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.631692][ T7070] CPU: 1 UID: 0 PID: 7070 Comm: syz.0.243 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  135.642308][ T7070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  135.652373][ T7070] Call Trace:
[  135.655651][ T7070]  <TASK>
[  135.658586][ T7070]  dump_stack_lvl+0x16c/0x1f0
[  135.663278][ T7070]  should_fail_ex+0x497/0x5b0
[  135.667972][ T7070]  _copy_from_user+0x2e/0xd0
[  135.672581][ T7070]  core_sys_select+0x2cf/0xb80
[  135.677360][ T7070]  ? __pfx_core_sys_select+0x10/0x10
[  135.682652][ T7070]  ? get_pid_task+0xfc/0x250
[  135.687272][ T7070]  ? set_user_sigmask+0x217/0x2a0
[  135.692308][ T7070]  ? __pfx_set_user_sigmask+0x10/0x10
[  135.697696][ T7070]  do_pselect.constprop.0+0x1a0/0x1f0
[  135.703077][ T7070]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  135.708998][ T7070]  __x64_sys_pselect6+0x183/0x240
[  135.714035][ T7070]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  135.719601][ T7070]  do_syscall_64+0xcd/0x250
[  135.724126][ T7070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.730033][ T7070] RIP: 0033:0x7fe5ce185d29
[  135.734454][ T7070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.754071][ T7070] RSP: 002b:00007fe5cef2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  135.762492][ T7070] RAX: ffffffffffffffda RBX: 00007fe5ce376080 RCX: 00007fe5ce185d29
[  135.770463][ T7070] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000040
[  135.778431][ T7070] RBP: 00007fe5cef2e090 R08: 0000000000000000 R09: 0000000000000000
[  135.786393][ T7070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.794355][ T7070] R13: 0000000000000001 R14: 00007fe5ce376080 R15: 00007ffc293149b8
[  135.802330][ T7070]  </TASK>
[  135.805404][    C1] vkms_vblank_simulate: vblank timer overrun
[  135.852506][   T29] audit: type=1400 audit(1734825949.206:319): avc:  denied  { read } for  pid=7062 comm="syz.3.242" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  135.898224][   T29] audit: type=1400 audit(1734825949.206:320): avc:  denied  { open } for  pid=7062 comm="syz.3.242" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  136.682183][   T29] audit: type=1400 audit(1734825950.136:321): avc:  denied  { read } for  pid=7084 comm="syz.3.248" laddr=ff02::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  136.797571][ T7086] IPVS: set_ctl: invalid protocol: 41 224.0.0.1:20001
[  137.011601][   T29] audit: type=1400 audit(1734825950.216:322): avc:  denied  { bind } for  pid=7084 comm="syz.3.248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  137.100763][   T29] audit: type=1400 audit(1734825950.226:323): avc:  denied  { write } for  pid=7084 comm="syz.3.248" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  137.372388][ T7094] FAULT_INJECTION: forcing a failure.
[  137.372388][ T7094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.385448][ T7094] CPU: 0 UID: 0 PID: 7094 Comm: syz.0.249 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  137.396013][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  137.406048][ T7094] Call Trace:
[  137.409308][ T7094]  <TASK>
[  137.412224][ T7094]  dump_stack_lvl+0x16c/0x1f0
[  137.416908][ T7094]  should_fail_ex+0x497/0x5b0
[  137.421575][ T7094]  _copy_from_user+0x2e/0xd0
[  137.426156][ T7094]  __sys_bpf+0x21c/0x49c0
[  137.430471][ T7094]  ? __pfx_lock_release+0x10/0x10
[  137.435482][ T7094]  ? __pfx___sys_bpf+0x10/0x10
[  137.440233][ T7094]  ? vfs_write+0x306/0x1150
[  137.444720][ T7094]  ? __mutex_unlock_slowpath+0x164/0x690
[  137.450363][ T7094]  ? fput+0x67/0x440
[  137.454253][ T7094]  ? ksys_write+0x1ba/0x250
[  137.458754][ T7094]  ? __pfx_ksys_write+0x10/0x10
[  137.463586][ T7094]  __x64_sys_bpf+0x78/0xc0
[  137.467989][ T7094]  ? lockdep_hardirqs_on+0x7c/0x110
[  137.473187][ T7094]  do_syscall_64+0xcd/0x250
[  137.477674][ T7094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.483551][ T7094] RIP: 0033:0x7fe5ce185d29
[  137.487944][ T7094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.507546][ T7094] RSP: 002b:00007fe5cefae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  137.515941][ T7094] RAX: ffffffffffffffda RBX: 00007fe5ce376080 RCX: 00007fe5ce185d29
[  137.523897][ T7094] RDX: 0000000000000048 RSI: 00000000200054c0 RDI: 0000000000000005
[  137.531867][ T7094] RBP: 00007fe5cefae090 R08: 0000000000000000 R09: 0000000000000000
[  137.539820][ T7094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.547773][ T7094] R13: 0000000000000000 R14: 00007fe5ce376080 R15: 00007ffc293149b8
[  137.555747][ T7094]  </TASK>
[  138.151617][ T5890] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  138.191862][   T29] audit: type=1400 audit(1734825951.586:324): avc:  denied  { getopt } for  pid=7100 comm="syz.0.253" lport=43811 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  138.332371][ T5890] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  138.340563][ T5890] usb 4-1: config 0 has no interface number 0
[  138.372252][ T5890] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.425910][ T5890] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  138.461541][ T5890] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  138.664238][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.674696][ T5890] usb 4-1: config 0 descriptor??
[  138.940465][ T7110] vlan0: entered allmulticast mode
[  138.946363][ T7110] bond0: entered allmulticast mode
[  138.951679][ T7110] bond_slave_0: entered allmulticast mode
[  138.965933][ T7110] bond_slave_1: entered allmulticast mode
[  138.976315][ T7110] bond0: left allmulticast mode
[  138.981213][ T7110] bond_slave_0: left allmulticast mode
[  138.986924][ T7110] bond_slave_1: left allmulticast mode
[  139.663877][ T5890] input: HID 04d9:a055 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:04D9:A055.0002/input/input7
[  140.356077][ T5861] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  140.359498][ T5890] holtek_kbd 0003:04D9:A055.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.3-1/input1
[  140.419385][ T5890] usb 4-1: USB disconnect, device number 8
[  140.508831][ T7131] sctp: [Deprecated]: syz.1.259 (pid 7131) Use of int in maxseg socket option.
[  140.508831][ T7131] Use struct sctp_assoc_value instead
[  140.736685][ T7136] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  140.739669][   T29] audit: type=1400 audit(1734825954.196:325): avc:  denied  { lock } for  pid=7129 comm="syz.1.259" path="socket:[11256]" dev="sockfs" ino=11256 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  140.755770][ T7138] netlink: 'syz.4.262': attribute type 72 has an invalid length.
[  140.938204][ T7138] netlink: 'syz.4.262': attribute type 8 has an invalid length.
[  141.610379][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.260'.
[  141.622182][   T29] audit: type=1400 audit(1734825955.056:326): avc:  denied  { create } for  pid=7129 comm="syz.1.259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  144.011921][ T7205] netlink: 260 bytes leftover after parsing attributes in process `syz.4.271'.
[  144.391321][ T7205] netlink: 20 bytes leftover after parsing attributes in process `syz.4.271'.
[  145.666158][   T25] usb 4-1: new low-speed USB device number 9 using dummy_hcd
[  145.733714][   T29] audit: type=1400 audit(1734825959.196:327): avc:  denied  { mount } for  pid=7215 comm="syz.1.275" name="/" dev="configfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  145.811835][   T25] usb 4-1: device descriptor read/64, error -71
[  145.826579][   T29] audit: type=1400 audit(1734825959.286:328): avc:  denied  { mounton } for  pid=7215 comm="syz.1.275" path="/syzcgroup/unified/syz1" dev="cgroup2" ino=38 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  145.829075][ T7218] qnx4: no qnx4 filesystem (no root dir).
[  146.405803][   T25] usb 4-1: new low-speed USB device number 10 using dummy_hcd
[  146.551556][   T25] usb 4-1: device descriptor read/64, error -71
[  146.666056][   T25] usb usb4-port1: attempt power cycle
[  147.277211][ T7232] sctp: [Deprecated]: syz.1.279 (pid 7232) Use of int in maxseg socket option.
[  147.277211][ T7232] Use struct sctp_assoc_value instead
[  147.636538][ T7237] netlink: 'syz.3.280': attribute type 4 has an invalid length.
[  148.881736][   T29] audit: type=1400 audit(1734825962.256:329): avc:  denied  { read write } for  pid=7243 comm="syz.0.283" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  149.060272][   T29] audit: type=1400 audit(1734825962.256:330): avc:  denied  { open } for  pid=7243 comm="syz.0.283" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  151.569054][ T7299] vivid-000: disconnect
[  152.451076][   T25] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  152.483647][ T7297] vivid-000: reconnect
[  152.577508][   T29] audit: type=1400 audit(1734825965.256:331): avc:  denied  { getopt } for  pid=7297 comm="syz.4.291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  152.858983][   T29] audit: type=1326 audit(1734825966.316:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7309 comm="syz.2.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115385d29 code=0x7ffc0000
[  152.888269][ T7316] pim6reg: entered allmulticast mode
[  152.906583][   T29] audit: type=1326 audit(1734825966.316:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7309 comm="syz.2.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115385d29 code=0x7ffc0000
[  152.953044][   T25] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  152.962150][   T25] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  152.978384][   T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  152.998876][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  153.029017][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  153.063594][   T25] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  153.078228][   T25] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  153.099760][   T25] usb 2-1: Product: syz
[  153.108736][   T25] usb 2-1: Manufacturer: syz
[  153.161788][   T25] cdc_wdm 2-1:1.0: skipping garbage
[  153.175190][   T25] cdc_wdm 2-1:1.0: skipping garbage
[  153.215123][   T25] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  153.229809][   T29] audit: type=1400 audit(1734825966.686:334): avc:  denied  { append } for  pid=7319 comm="syz.0.296" name="ubi_ctrl" dev="devtmpfs" ino=706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  153.231123][ T7320] netlink: 'syz.0.296': attribute type 41 has an invalid length.
[  153.257863][   T25] cdc_wdm 2-1:1.0: Unknown control protocol
[  153.438910][   T29] audit: type=1400 audit(1734825966.896:335): avc:  denied  { write } for  pid=7319 comm="syz.0.296" name="sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  153.641133][ T7316] pim6reg: left allmulticast mode
[  153.952149][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  153.959018][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  153.967144][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  153.973770][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  153.981130][   T29] audit: type=1400 audit(1734825967.436:336): avc:  denied  { ioctl } for  pid=7327 comm="syz.0.298" path="socket:[13352]" dev="sockfs" ino=13352 ioctlcmd=0x5451 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  153.981536][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.013357][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.021592][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.028215][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.041517][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.048141][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.062317][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.068937][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.075196][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.081815][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.088124][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.094731][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.100997][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.107610][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.113886][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  154.120492][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  154.177850][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  154.307667][ T2148] usb 2-1: USB disconnect, device number 9
[  155.414835][ T7369] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 0, id = 0
[  155.975947][ T5860] usb 1-1: new low-speed USB device number 5 using dummy_hcd
[  156.134087][ T5860] usb 1-1: unable to get BOS descriptor or descriptor too short
[  156.181722][ T5860] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 8
[  156.199996][ T5860] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt
[  156.210013][ T5860] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt
[  156.265761][ T5860] usb 1-1: string descriptor 0 read error: -22
[  156.272117][ T5860] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  156.281179][ T5860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.401810][ T7372] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  156.565514][   T29] audit: type=1400 audit(1734825970.026:337): avc:  denied  { ioctl } for  pid=7387 comm="syz.4.307" path="socket:[13408]" dev="sockfs" ino=13408 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  156.600394][ T7388] fuse: Bad value for 'group_id'
[  156.631400][ T7388] fuse: Bad value for 'group_id'
[  156.657018][   T29] audit: type=1400 audit(1734825970.056:338): avc:  denied  { write } for  pid=7387 comm="syz.4.307" path="socket:[13408]" dev="sockfs" ino=13408 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  156.685265][   T29] audit: type=1400 audit(1734825970.056:339): avc:  denied  { read } for  pid=7387 comm="syz.4.307" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  156.755626][ T5860] cdc_ncm 1-1:1.0: bind() failure
[  156.928558][   T29] audit: type=1400 audit(1734825970.056:340): avc:  denied  { open } for  pid=7387 comm="syz.4.307" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  157.414879][ T5860] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  157.510855][ T5860] cdc_ncm 1-1:1.1: bind() failure
[  157.562945][ T5860] usb 1-1: USB disconnect, device number 5
[  157.719823][ T7404] netlink: 92 bytes leftover after parsing attributes in process `syz.3.312'.
[  157.925504][ T7402] support for the xor transformation has been removed.
[  158.086209][ T7408] netlink: 92 bytes leftover after parsing attributes in process `syz.3.312'.
[  158.382787][ T7413] xt_ecn: cannot match TCP bits for non-tcp packets
[  158.603001][ T7417] mac80211_hwsim hwsim7 wlan1: entered promiscuous mode
[  158.669464][ T7417] macvtap1: entered promiscuous mode
[  158.839119][ T7425] vivid-007: disconnect
[  159.087919][ T7431] FAULT_INJECTION: forcing a failure.
[  159.087919][ T7431] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  159.101177][ T7431] CPU: 1 UID: 0 PID: 7431 Comm: syz.1.316 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  159.111776][ T7431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  159.121838][ T7431] Call Trace:
[  159.125123][ T7431]  <TASK>
[  159.128057][ T7431]  dump_stack_lvl+0x16c/0x1f0
[  159.132759][ T7431]  should_fail_ex+0x497/0x5b0
[  159.137464][ T7431]  _copy_from_user+0x2e/0xd0
[  159.142080][ T7431]  copy_msghdr_from_user+0x99/0x160
[  159.147293][ T7431]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  159.153129][ T7431]  ___sys_sendmsg+0xff/0x1e0
[  159.157737][ T7431]  ? __pfx____sys_sendmsg+0x10/0x10
[  159.162958][ T7431]  ? __pfx_lock_release+0x10/0x10
[  159.167996][ T7431]  ? trace_lock_acquire+0x14e/0x1f0
[  159.173224][ T7431]  ? __fget_files+0x206/0x3a0
[  159.177920][ T7431]  __sys_sendmsg+0x16e/0x220
[  159.182524][ T7431]  ? __pfx___sys_sendmsg+0x10/0x10
[  159.187666][ T7431]  do_syscall_64+0xcd/0x250
[  159.192188][ T7431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.198097][ T7431] RIP: 0033:0x7f939a985d29
[  159.202510][ T7431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.222124][ T7431] RSP: 002b:00007f939b7b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.230521][ T7431] RAX: ffffffffffffffda RBX: 00007f939ab76080 RCX: 00007f939a985d29
[  159.238477][ T7431] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000005
[  159.246448][ T7431] RBP: 00007f939b7b0090 R08: 0000000000000000 R09: 0000000000000000
[  159.254425][ T7431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.262376][ T7431] R13: 0000000000000000 R14: 00007f939ab76080 R15: 00007ffd9a0c2598
[  159.270346][ T7431]  </TASK>
[  159.473204][ T7418] vivid-007: reconnect
[  160.431609][   T29] kauditd_printk_skb: 3 callbacks suppressed
[  160.431626][   T29] audit: type=1400 audit(1734825973.876:344): avc:  denied  { connect } for  pid=7449 comm="syz.3.322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  160.465853][   T29] audit: type=1400 audit(1734825973.926:345): avc:  denied  { search } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  160.596380][   T29] audit: type=1400 audit(1734825973.956:346): avc:  denied  { search } for  pid=5484 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  160.762933][   T29] audit: type=1400 audit(1734825973.956:347): avc:  denied  { read } for  pid=5484 comm="dhcpcd" name="n102" dev="tmpfs" ino=3122 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  161.541913][   T29] audit: type=1400 audit(1734825973.956:348): avc:  denied  { open } for  pid=5484 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=3122 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  161.621611][ T5939] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  161.844824][   T29] audit: type=1400 audit(1734825973.956:349): avc:  denied  { getattr } for  pid=5484 comm="dhcpcd" path="/run/udev/data/n102" dev="tmpfs" ino=3122 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  162.046203][ T7484] capability: warning: `syz.0.327' uses 32-bit capabilities (legacy support in use)
[  162.283282][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  162.528653][ T7486] support for the xor transformation has been removed.
[  162.550363][   T29] audit: type=1400 audit(1734825974.336:350): avc:  denied  { read } for  pid=7473 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  162.612346][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.622178][ T5939] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  162.635122][ T5939] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  162.657323][   T29] audit: type=1400 audit(1734825974.336:351): avc:  denied  { open } for  pid=7473 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  162.736543][   T29] audit: type=1400 audit(1734825974.346:352): avc:  denied  { getattr } for  pid=7473 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  162.761797][    C0] vkms_vblank_simulate: vblank timer overrun
[  162.768591][   T29] audit: type=1326 audit(1734825975.526:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7477 comm="syz.2.325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115385d29 code=0x7ffc0000
[  162.854048][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.892629][ T5939] usb 4-1: config 0 descriptor??
[  163.742515][ T7499] tty tty25: ldisc open failed (-12), clearing slot 24
[  163.861039][ T5939] isku 0003:1E7D:319C.0003: invalid report_size 23040
[  163.903368][ T5939] isku 0003:1E7D:319C.0003: item 0 2 1 7 parsing failed
[  163.910751][ T5939] isku 0003:1E7D:319C.0003: parse failed
[  163.966681][ T5939] isku 0003:1E7D:319C.0003: probe with driver isku failed with error -22
[  164.292354][ T5939] usb 4-1: USB disconnect, device number 12
[  164.698666][ T5129] Bluetooth: hci4: link tx timeout
[  164.698692][ T5129] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  164.792906][ T7531] FAULT_INJECTION: forcing a failure.
[  164.792906][ T7531] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.792937][ T7531] CPU: 1 UID: 0 PID: 7531 Comm: syz.4.336 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  164.792962][ T7531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  164.792975][ T7531] Call Trace:
[  164.792985][ T7531]  <TASK>
[  164.792994][ T7531]  dump_stack_lvl+0x16c/0x1f0
[  164.793024][ T7531]  should_fail_ex+0x497/0x5b0
[  164.793056][ T7531]  _copy_from_user+0x2e/0xd0
[  164.793084][ T7531]  set_user_sigmask+0xad/0x2a0
[  164.793106][ T7531]  ? __pfx_set_user_sigmask+0x10/0x10
[  164.793130][ T7531]  ? __mutex_unlock_slowpath+0x164/0x690
[  164.793157][ T7531]  do_pselect.constprop.0+0x122/0x1f0
[  164.793179][ T7531]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  164.793207][ T7531]  __x64_sys_pselect6+0x183/0x240
[  164.793229][ T7531]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  164.793255][ T7531]  do_syscall_64+0xcd/0x250
[  164.793279][ T7531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.793304][ T7531] RIP: 0033:0x7ff79a785d29
[  164.793326][ T7531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.793345][ T7531] RSP: 002b:00007ff79b532038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  164.793367][ T7531] RAX: ffffffffffffffda RBX: 00007ff79a976080 RCX: 00007ff79a785d29
[  164.793381][ T7531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000f0
[  164.793394][ T7531] RBP: 00007ff79b532090 R08: 0000000000000000 R09: 0000000020000340
[  164.793408][ T7531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.793420][ T7531] R13: 0000000000000000 R14: 00007ff79a976080 R15: 00007ffe4a7d5158
[  164.793446][ T7531]  </TASK>
[  164.808183][ T5815] Bluetooth: hci4: link tx timeout
[  164.808200][ T5815] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  164.843083][ T5815] Bluetooth: hci4: link tx timeout
[  164.843102][ T5815] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  165.125939][ T7539] netlink: 28 bytes leftover after parsing attributes in process `syz.1.338'.
[  165.552532][ T5815] Bluetooth: hci4: link tx timeout
[  165.552593][ T5815] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  165.567093][ T5939] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  165.679692][ T5815] Bluetooth: hci4: link tx timeout
[  165.798615][ T5815] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  165.821536][ T5939] usb 2-1: Using ep0 maxpacket: 16
[  165.829787][ T5939] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  165.839146][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.847252][ T5939] usb 2-1: Product: syz
[  165.851545][ T5939] usb 2-1: Manufacturer: syz
[  165.856157][ T5939] usb 2-1: SerialNumber: syz
[  165.862909][ T5939] usb 2-1: config 0 descriptor??
[  166.412844][ T7539] Bluetooth: MGMT ver 1.23
[  166.532530][ T5815] Bluetooth: hci4: link tx timeout
[  166.537915][ T5815] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  166.544969][ T5939] usb 2-1: USB disconnect, device number 10
[  166.775830][ T5815] Bluetooth: hci4: command 0x0406 tx timeout
[  166.794854][ T7557] FAULT_INJECTION: forcing a failure.
[  166.794854][ T7557] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.807974][ T7557] CPU: 0 UID: 0 PID: 7557 Comm: syz.2.342 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  166.818573][ T7557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  166.828635][ T7557] Call Trace:
[  166.831915][ T7557]  <TASK>
[  166.834846][ T7557]  dump_stack_lvl+0x16c/0x1f0
[  166.839542][ T7557]  should_fail_ex+0x497/0x5b0
[  166.844238][ T7557]  _copy_from_user+0x2e/0xd0
[  166.848842][ T7557]  do_semtimedop+0x173/0x310
[  166.853444][ T7557]  ? __pfx_do_semtimedop+0x10/0x10
[  166.858566][ T7557]  ? ksys_write+0x12b/0x250
[  166.863107][ T7557]  ? __fget_files+0x206/0x3a0
[  166.867797][ T7557]  __x64_sys_semtimedop+0x1b8/0x1f0
[  166.873002][ T7557]  ? __pfx___x64_sys_semtimedop+0x10/0x10
[  166.878735][ T7557]  do_syscall_64+0xcd/0x250
[  166.883255][ T7557]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.889160][ T7557] RIP: 0033:0x7f7115385d29
[  166.893583][ T7557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.913224][ T7557] RSP: 002b:00007f711625b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dc
[  166.921651][ T7557] RAX: ffffffffffffffda RBX: 00007f7115576080 RCX: 00007f7115385d29
[  166.929630][ T7557] RDX: 0000000000000001 RSI: 0000000020000600 RDI: 0000000000000000
[  166.937604][ T7557] RBP: 00007f711625b090 R08: 0000000000000000 R09: 0000000000000000
[  166.945579][ T7557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.953556][ T7557] R13: 0000000000000000 R14: 00007f7115576080 R15: 00007ffdb49a8a68
[  166.961549][ T7557]  </TASK>
[  166.964585][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.451045][ T7575] sctp: [Deprecated]: syz.4.345 (pid 7575) Use of int in maxseg socket option.
[  167.451045][ T7575] Use struct sctp_assoc_value instead
[  167.499863][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  167.499881][   T29] audit: type=1400 audit(1734825980.956:365): avc:  denied  { read } for  pid=7576 comm="syz.3.347" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  167.567294][   T29] audit: type=1400 audit(1734825980.956:366): avc:  denied  { open } for  pid=7576 comm="syz.3.347" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  167.635133][ T7581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.348'.
[  167.672507][   T29] audit: type=1400 audit(1734825981.126:367): avc:  denied  { setrlimit } for  pid=7583 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  167.699636][ T7581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.348'.
[  167.730055][ T7581] netlink: 32 bytes leftover after parsing attributes in process `syz.1.348'.
[  167.812502][ T5129] block nbd0: Receive control failed (result -107)
[  167.851642][ T7581] nbd0: detected capacity change from 0 to 256
[  167.878951][ T6463] block nbd0: Dead connection, failed to find a fallback
[  167.891522][    T8] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  167.927346][ T6463] block nbd0: shutting down sockets
[  167.945781][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  167.971987][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  167.979939][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.000453][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.017404][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.043093][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.061727][    T8] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  168.081959][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.094158][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.107592][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.125243][    T8] usb 4-1: config 0 descriptor??
[  168.140468][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.149122][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.151215][    T8] pwc: Askey VC010 type 2 USB webcam detected.
[  168.166652][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.175490][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.184741][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.192951][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.202216][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.210329][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.219560][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.227581][ T6463] ldm_validate_partition_table(): Disk read failed.
[  168.237246][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.246785][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.254815][ T6463] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  168.264123][ T6463] Buffer I/O error on dev nbd0, logical block 0, async page read
[  168.272276][ T6463] Dev nbd0: unable to read RDB block 0
[  168.279514][ T6463]  nbd0: unable to read partition table
[  168.296173][ T6463] ldm_validate_partition_table(): Disk read failed.
[  168.305638][ T6463] Dev nbd0: unable to read RDB block 0
[  168.315417][ T6463]  nbd0: unable to read partition table
[  168.351306][    T8] pwc: send_video_command error -71
[  168.357161][    T8] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  168.361643][ T5939] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  168.371947][    T8] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  168.396695][    T8] usb 4-1: USB disconnect, device number 13
[  168.564455][ T5939] usb 2-1: Using ep0 maxpacket: 32
[  168.573072][ T5939] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  168.711187][ T5939] usb 2-1: config 0 has no interface number 0
[  168.719299][ T5939] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  168.732831][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.740897][ T5939] usb 2-1: Product: syz
[  168.747567][ T5939] usb 2-1: Manufacturer: syz
[  168.753670][ T5939] usb 2-1: SerialNumber: syz
[  168.760801][ T5939] usb 2-1: config 0 descriptor??
[  168.769352][ T5939] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  168.778881][ T5939] usb 2-1: selecting invalid altsetting 1
[  168.784877][ T5939] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  168.874887][ T2148] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  169.064190][ T5939] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  169.255349][ T5939] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  169.304413][ T2148] usb 5-1: Using ep0 maxpacket: 8
[  169.336698][ T2148] usb 5-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=ba.13
[  169.346798][ T2148] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.355108][ T5939] usb 2-1: media controller created
[  169.363590][ T2148] usb 5-1: Product: syz
[  169.371829][ T5890] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  169.379414][ T2148] usb 5-1: Manufacturer: syz
[  169.386545][ T5939] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  169.395039][ T2148] usb 5-1: SerialNumber: syz
[  169.401847][    T8] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  169.403571][ T2148] usb 5-1: config 0 descriptor??
[  169.423641][ T2148] mct_u232 5-1:0.0: MCT U232 converter detected
[  169.430612][ T2148] mct_u232 ttyUSB0: expected endpoint missing
[  169.454976][ T5939] usb 2-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)...
[  169.465954][ T5939] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered.
[  169.496114][ T5939] DVB: Unable to find symbol mxl5005s_attach()
[  169.541724][ T5890] usb 1-1: Using ep0 maxpacket: 32
[  169.548503][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7
[  169.559526][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  169.610669][ T7606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.632885][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  169.648100][ T7606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.673559][ T5890] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  169.682685][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.690712][ T5890] usb 1-1: Product: syz
[  169.696375][    T8] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  169.702887][ T5890] usb 1-1: Manufacturer: syz
[  169.712498][ T5890] usb 1-1: SerialNumber: syz
[  169.731339][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.746674][ T7610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.775324][    T8] usb 4-1: config 0 descriptor??
[  169.780614][ T7610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.802420][    T8] pwc: Askey VC010 type 2 USB webcam detected.
[  169.870387][ T5939] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  169.885688][ T5890] usb 1-1: config 0 descriptor??
[  169.890171][   T29] audit: type=1400 audit(1734825983.346:368): avc:  denied  { execute } for  pid=7597 comm="syz.4.353" path="/75/cpu.stat" dev="tmpfs" ino=411 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  169.932611][ T5939] usb 2-1: USB disconnect, device number 11
[  169.959733][ T7610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  169.969236][ T7610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  169.989086][ T7614] FAULT_INJECTION: forcing a failure.
[  169.989086][ T7614] name failslab, interval 1, probability 0, space 0, times 0
[  170.001888][ T7614] CPU: 1 UID: 0 PID: 7614 Comm: syz.2.355 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  170.012485][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  170.022551][ T7614] Call Trace:
[  170.025929][ T7614]  <TASK>
[  170.028866][ T7614]  dump_stack_lvl+0x16c/0x1f0
[  170.033562][ T7614]  should_fail_ex+0x497/0x5b0
[  170.038254][ T7614]  ? fs_reclaim_acquire+0xae/0x150
[  170.043386][ T7614]  should_failslab+0xc2/0x120
[  170.048078][ T7614]  __kmalloc_noprof+0xcb/0x510
[  170.052854][ T7614]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  170.058504][ T7614]  tomoyo_realpath_from_path+0xb9/0x720
[  170.064066][ T7614]  ? tomoyo_path_number_perm+0x235/0x590
[  170.069724][ T7614]  ? tomoyo_path_number_perm+0x235/0x590
[  170.075367][ T7614]  tomoyo_path_number_perm+0x248/0x590
[  170.080837][ T7614]  ? tomoyo_path_number_perm+0x235/0x590
[  170.086484][ T7614]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  170.092497][ T7614]  ? __pfx_lock_release+0x10/0x10
[  170.097529][ T7614]  ? trace_lock_acquire+0x14e/0x1f0
[  170.102746][ T7614]  ? lock_acquire+0x2f/0xb0
[  170.107256][ T7614]  ? __fget_files+0x40/0x3a0
[  170.111858][ T7614]  ? __fget_files+0x206/0x3a0
[  170.116547][ T7614]  security_file_ioctl+0x9b/0x240
[  170.121851][ T7614]  __x64_sys_ioctl+0xb7/0x200
[  170.126560][ T7614]  do_syscall_64+0xcd/0x250
[  170.131096][ T7614]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.137009][ T7614] RIP: 0033:0x7f7115385d29
[  170.141433][ T7614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.161056][ T7614] RSP: 002b:00007f711623a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  170.169482][ T7614] RAX: ffffffffffffffda RBX: 00007f7115576160 RCX: 00007f7115385d29
[  170.177459][ T7614] RDX: 0000000020000440 RSI: 00000000000089f1 RDI: 0000000000000005
[  170.185436][ T7614] RBP: 00007f711623a090 R08: 0000000000000000 R09: 0000000000000000
[  170.193512][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.201489][ T7614] R13: 0000000000000000 R14: 00007f7115576160 R15: 00007ffdb49a8a68
[  170.209483][ T7614]  </TASK>
[  170.217365][ T7614] ERROR: Out of memory at tomoyo_realpath_from_path.
[  170.363259][ T5890] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  170.535881][ T7608] delete_channel: no stack
[  170.598650][    T8] pwc: recv_control_msg error -32 req 02 val 2b00
[  170.606200][    T8] pwc: recv_control_msg error -32 req 02 val 2700
[  170.619383][    T8] pwc: recv_control_msg error -32 req 02 val 2c00
[  170.637250][    T8] pwc: recv_control_msg error -32 req 04 val 1000
[  170.653036][    T8] pwc: recv_control_msg error -32 req 04 val 1300
[  170.661190][    T8] pwc: recv_control_msg error -32 req 04 val 1400
[  170.668834][    T8] pwc: recv_control_msg error -32 req 02 val 2000
[  170.734579][    T8] pwc: recv_control_msg error -32 req 02 val 2100
[  170.759891][    T8] pwc: recv_control_msg error -32 req 04 val 1500
[  170.812207][    T8] pwc: recv_control_msg error -32 req 02 val 2500
[  170.851629][    T8] pwc: recv_control_msg error -32 req 02 val 2400
[  170.912218][    T8] pwc: recv_control_msg error -32 req 02 val 2600
[  171.132018][    T8] pwc: recv_control_msg error -71 req 02 val 2800
[  171.146938][    T8] pwc: recv_control_msg error -71 req 04 val 1100
[  171.162567][    T8] pwc: recv_control_msg error -71 req 04 val 1200
[  171.624358][   T12] usb 1-1: Failed to submit usb control message: -110
[  171.640469][   T12] usb 1-1: unable to send the bmi data to the device: -110
[  171.824554][ T7621] delete_channel: no stack
[  171.955554][ T2148] usb 1-1: USB disconnect, device number 6
[  172.136365][  T116] usb 5-1: USB disconnect, device number 5
[  172.143414][  T116] mct_u232 5-1:0.0: device disconnected
[  172.173325][    T8] pwc: Registered as video103.
[  172.179287][    T8] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9
[  172.410311][   T12] usb 1-1: unable to get target info from device
[  172.501508][   T12] usb 1-1: could not get target info (-110)
[  172.507456][   T12] usb 1-1: could not probe fw (-110)
[  172.764417][    T8] usb 4-1: USB disconnect, device number 14
[  173.039471][ T7641] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'.
[  173.929746][   T29] audit: type=1400 audit(1734825987.366:369): avc:  denied  { setopt } for  pid=7628 comm="syz.2.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  173.963663][ T7649] syz.1.364 uses obsolete (PF_INET,SOCK_PACKET)
[  174.020301][   T29] audit: type=1400 audit(1734825987.476:370): avc:  denied  { mount } for  pid=7628 comm="syz.2.361" name="/" dev="ramfs" ino=12948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  174.462758][   T29] audit: type=1326 audit(1734825987.896:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7651 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff79a785d29 code=0x7ffc0000
[  174.862820][   T29] audit: type=1326 audit(1734825987.896:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7651 comm="syz.4.366" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff79a785d29 code=0x7ffc0000
[  175.098888][   T29] audit: type=1400 audit(1734825988.116:373): avc:  denied  { ioctl } for  pid=7650 comm="syz.3.365" path="socket:[13865]" dev="sockfs" ino=13865 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  175.167881][   T29] audit: type=1400 audit(1734825988.116:374): avc:  denied  { bind } for  pid=7650 comm="syz.3.365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  175.186904][    C0] vkms_vblank_simulate: vblank timer overrun
[  175.398334][ T7633] Process accounting resumed
[  175.573326][ T7664] netlink: 32 bytes leftover after parsing attributes in process `syz.1.367'.
[  175.603875][ T5129] Bluetooth: hci4: SCO packet for unknown connection handle 0
[  176.391511][   T29] audit: type=1400 audit(1734825989.046:375): avc:  denied  { mount } for  pid=7659 comm="syz.1.367" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  176.420970][    C0] vkms_vblank_simulate: vblank timer overrun
[  176.973757][   T29] audit: type=1400 audit(1734825989.056:376): avc:  denied  { mount } for  pid=7659 comm="syz.1.367" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  177.009030][   T29] audit: type=1400 audit(1734825990.466:377): avc:  denied  { unmount } for  pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  178.016791][ T5815] Bluetooth: hci4: link tx timeout
[  178.022004][ T5815] Bluetooth: hci4: command 0x0406 tx timeout
[  178.382772][ T5815] Bluetooth: hci4: link tx timeout
[  179.671951][   T29] audit: type=1400 audit(1734825993.136:378): avc:  denied  { audit_write } for  pid=7668 comm="syz.0.369" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  182.389714][ T7700] qnx4: no qnx4 filesystem (no root dir).
[  182.415473][ T7700] input: syz1 as /devices/virtual/input/input10
[  183.000562][   T29] audit: type=1400 audit(1734825996.396:379): avc:  denied  { bind } for  pid=7713 comm="syz.3.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  183.047918][   T29] audit: type=1400 audit(1734825996.396:380): avc:  denied  { write } for  pid=7713 comm="syz.3.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  183.680112][ T7736] netlink: 36 bytes leftover after parsing attributes in process `syz.4.380'.
[  183.689320][   T29] audit: type=1400 audit(1734825997.116:381): avc:  denied  { watch watch_reads } for  pid=7721 comm="syz.1.378" path="/77" dev="tmpfs" ino=413 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  183.833190][ T7743] netlink: 'syz.1.381': attribute type 4 has an invalid length.
[  184.057302][ T5129] Bluetooth: hci0: command tx timeout
[  184.062861][ T5815] Bluetooth: hci2: command tx timeout
[  184.068283][ T5815] Bluetooth: hci1: command tx timeout
[  184.074132][ T5819] Bluetooth: hci3: command 0x0406 tx timeout
[  184.310952][ T5815] Bluetooth: hci4: link tx timeout
[  184.316518][ T5815] Bluetooth: hci4: link tx timeout
[  184.322664][ T5815] Bluetooth: hci4: link tx timeout
[  184.410205][ T7764] FAULT_INJECTION: forcing a failure.
[  184.410205][ T7764] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.423348][ T7764] CPU: 0 UID: 0 PID: 7764 Comm: syz.4.383 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  184.433941][ T7764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  184.443995][ T7764] Call Trace:
[  184.447276][ T7764]  <TASK>
[  184.450207][ T7764]  dump_stack_lvl+0x16c/0x1f0
[  184.454903][ T7764]  should_fail_ex+0x497/0x5b0
[  184.459598][ T7764]  _copy_from_user+0x2e/0xd0
[  184.464203][ T7764]  do_ipt_set_ctl+0x8e1/0xbe0
[  184.468903][ T7764]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  184.474109][ T7764]  ? __mutex_unlock_slowpath+0x164/0x690
[  184.479751][ T7764]  ? irqentry_exit+0x3b/0x90
[  184.484348][ T7764]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  184.490352][ T7764]  ? nf_sockopt_find.constprop.0+0x221/0x290
[  184.496343][ T7764]  nf_setsockopt+0x8a/0xf0
[  184.500769][ T7764]  ip_setsockopt+0xcb/0xf0
[  184.505195][ T7764]  udp_setsockopt+0x7d/0xd0
[  184.509707][ T7764]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  184.515607][ T7764]  do_sock_setsockopt+0x222/0x480
[  184.520637][ T7764]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  184.526187][ T7764]  ? lock_acquire+0x2f/0xb0
[  184.530708][ T7764]  __sys_setsockopt+0x1a0/0x230
[  184.535576][ T7764]  __x64_sys_setsockopt+0xbd/0x160
[  184.540707][ T7764]  ? do_syscall_64+0x91/0x250
[  184.545394][ T7764]  ? lockdep_hardirqs_on+0x7c/0x110
[  184.550607][ T7764]  do_syscall_64+0xcd/0x250
[  184.555122][ T7764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.561041][ T7764] RIP: 0033:0x7ff79a785d29
[  184.565463][ T7764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.585076][ T7764] RSP: 002b:00007ff79b511038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  184.593505][ T7764] RAX: ffffffffffffffda RBX: 00007ff79a976160 RCX: 00007ff79a785d29
[  184.601482][ T7764] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000008
[  184.609461][ T7764] RBP: 00007ff79b511090 R08: 0000000000000310 R09: 0000000000000000
[  184.617432][ T7764] R10: 0000000020000340 R11: 0000000000000246 R12: 0000000000000001
[  184.625404][ T7764] R13: 0000000000000000 R14: 00007ff79a976160 R15: 00007ffe4a7d5158
[  184.633402][ T7764]  </TASK>
[  185.282418][   T29] audit: type=1400 audit(1734825998.716:382): avc:  denied  { setopt } for  pid=7783 comm="syz.0.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  185.333760][   T29] audit: type=1400 audit(1734825998.796:383): avc:  denied  { read } for  pid=7783 comm="syz.0.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  185.431579][   T29] audit: type=1400 audit(1734825998.846:384): avc:  denied  { write } for  pid=7783 comm="syz.0.387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  187.378053][ T7812] kernel read not supported for file /rmdF¼ì (pid: 7812 comm: syz.4.393)
[  187.388724][   T29] audit: type=1800 audit(1734826000.856:385): pid=7812 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.393" name=726D64461716BCEC dev="mqueue" ino=13995 res=0 errno=0
[  187.412137][ T7812] 9pnet_fd: Insufficient options for proto=fd
[  187.494129][   T29] audit: type=1400 audit(1734826000.876:386): avc:  denied  { write } for  pid=7811 comm="syz.4.393" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  187.666981][   T29] audit: type=1400 audit(1734826001.126:387): avc:  denied  { read } for  pid=7811 comm="syz.4.393" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  188.571608][ T7828] netlink: 'syz.2.396': attribute type 4 has an invalid length.
[  188.964282][   T29] audit: type=1400 audit(1734826002.426:388): avc:  denied  { associate } for  pid=7840 comm="syz.4.400" name=E91F7189591E9233614B dev="tmpfs" ino=480 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:cron_spool_t:s0"
[  190.319901][   T29] audit: type=1326 audit(1734826003.766:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7858 comm="syz.0.406" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe5ce185d29 code=0x0
[  190.471835][ T5939] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  190.545944][   T29] audit: type=1400 audit(1734826003.956:390): avc:  denied  { read } for  pid=7861 comm="syz.1.408" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  190.691877][ T5939] usb 5-1: Using ep0 maxpacket: 8
[  190.722120][ T5939] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  190.724207][   T29] audit: type=1400 audit(1734826003.956:391): avc:  denied  { open } for  pid=7861 comm="syz.1.408" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  190.754938][    C0] vkms_vblank_simulate: vblank timer overrun
[  190.794239][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.836500][ T5939] usb 5-1: Product: syz
[  190.860542][ T5939] usb 5-1: Manufacturer: syz
[  190.891080][ T5939] usb 5-1: SerialNumber: syz
[  190.970626][ T5939] usb 5-1: config 0 descriptor??
[  190.982874][   T29] audit: type=1400 audit(1734826003.996:392): avc:  denied  { ioctl } for  pid=7861 comm="syz.1.408" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  190.992598][ T5939] gspca_main: sq930x-2.14.0 probing 2770:930c
[  191.007737][    C0] vkms_vblank_simulate: vblank timer overrun
[  191.729224][ T7889] netlink: 'syz.1.413': attribute type 4 has an invalid length.
[  192.021156][   T29] audit: type=1400 audit(1734826005.466:393): avc:  denied  { mount } for  pid=7886 comm="syz.2.412" name="/" dev="hugetlbfs" ino=13243 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  192.151635][ T5939] gspca_sq930x: reg_w 0105 0f00 failed -71
[  192.159415][ T5939] sq930x 5-1:0.0: probe with driver sq930x failed with error -71
[  192.435426][ T5939] usb 5-1: USB disconnect, device number 6
[  192.709203][ T7900] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  192.731834][  T116] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  192.929530][ T7906] tmpfs: Bad value for 'mpol'
[  192.981667][  T116] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  193.095988][   T29] audit: type=1400 audit(1734826006.546:394): avc:  denied  { write } for  pid=7908 comm="syz.1.421" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  193.130207][ T7909] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.421'.
[  193.479370][ T7919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.425'.
[  193.501419][   T29] audit: type=1400 audit(1734826006.956:395): avc:  denied  { ioctl } for  pid=7920 comm="syz.1.424" path="/dev/sg0" dev="devtmpfs" ino=750 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  193.541971][    C0] vkms_vblank_simulate: vblank timer overrun
[  193.603274][ T7923] netlink: 'syz.0.426': attribute type 4 has an invalid length.
[  194.215269][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  194.230969][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  194.239284][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  195.453018][ T7940] FAULT_INJECTION: forcing a failure.
[  195.453018][ T7940] name failslab, interval 1, probability 0, space 0, times 0
[  195.467857][ T7940] CPU: 0 UID: 0 PID: 7940 Comm: syz.2.430 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  195.478573][ T7940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  195.488642][ T7940] Call Trace:
[  195.491922][ T7940]  <TASK>
[  195.494857][ T7940]  dump_stack_lvl+0x16c/0x1f0
[  195.499549][ T7940]  should_fail_ex+0x497/0x5b0
[  195.504241][ T7940]  ? fs_reclaim_acquire+0xae/0x150
[  195.509387][ T7940]  should_failslab+0xc2/0x120
[  195.514086][ T7940]  __kmalloc_noprof+0xcb/0x510
[  195.518862][ T7940]  ? avc_policy_seqno+0x9/0x20
[  195.523644][ T7940]  kernfs_fop_read_iter+0x3ef/0x580
[  195.528855][ T7940]  ? rw_verify_area+0xd0/0x700
[  195.533634][ T7940]  vfs_read+0x87f/0xbe0
[  195.537814][ T7940]  ? __pfx_vfs_read+0x10/0x10
[  195.542519][ T7940]  ksys_read+0x12b/0x250
[  195.546768][ T7940]  ? __pfx_ksys_read+0x10/0x10
[  195.551546][ T7940]  do_syscall_64+0xcd/0x250
[  195.556073][ T7940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.562008][ T7940] RIP: 0033:0x7f7115385d29
[  195.566429][ T7940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.586050][ T7940] RSP: 002b:00007f711627c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  195.594482][ T7940] RAX: ffffffffffffffda RBX: 00007f7115575fa0 RCX: 00007f7115385d29
[  195.602467][ T7940] RDX: 000000000000002d RSI: 0000000020000040 RDI: 0000000000000003
[  195.610443][ T7940] RBP: 00007f711627c090 R08: 0000000000000000 R09: 0000000000000000
[  195.618420][ T7940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.626833][ T7940] R13: 0000000000000000 R14: 00007f7115575fa0 R15: 00007ffdb49a8a68
[  195.635181][ T7940]  </TASK>
[  195.638215][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.743526][ T7944] FAULT_INJECTION: forcing a failure.
[  195.743526][ T7944] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  195.759321][ T7944] CPU: 0 UID: 0 PID: 7944 Comm: syz.3.432 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  195.769919][ T7944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  195.779955][ T7944] Call Trace:
[  195.783214][ T7944]  <TASK>
[  195.786124][ T7944]  dump_stack_lvl+0x16c/0x1f0
[  195.790787][ T7944]  should_fail_ex+0x497/0x5b0
[  195.795449][ T7944]  _copy_from_user+0x2e/0xd0
[  195.800022][ T7944]  do_sock_getsockopt+0x5f6/0x800
[  195.805024][ T7944]  ? trace_lock_acquire+0xf0/0x1f0
[  195.810134][ T7944]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  195.815665][ T7944]  ? lock_acquire+0x2f/0xb0
[  195.820156][ T7944]  ? __fget_files+0x40/0x3a0
[  195.824745][ T7944]  ? __fget_files+0x206/0x3a0
[  195.829412][ T7944]  __sys_getsockopt+0x12f/0x260
[  195.834241][ T7944]  __x64_sys_getsockopt+0xbd/0x160
[  195.839326][ T7944]  ? do_syscall_64+0x91/0x250
[  195.843982][ T7944]  ? lockdep_hardirqs_on+0x7c/0x110
[  195.849174][ T7944]  do_syscall_64+0xcd/0x250
[  195.853674][ T7944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.859568][ T7944] RIP: 0033:0x7f2519185d29
[  195.863974][ T7944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.883674][ T7944] RSP: 002b:00007f251a09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  195.892130][ T7944] RAX: ffffffffffffffda RBX: 00007f2519375fa0 RCX: 00007f2519185d29
[  195.900095][ T7944] RDX: 000000000000007c RSI: 0000000000000084 RDI: 0000000000000004
[  195.908054][ T7944] RBP: 00007f251a09e090 R08: 00000000200005c0 R09: 0000000000000000
[  195.916024][ T7944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.923980][ T7944] R13: 0000000000000000 R14: 00007f2519375fa0 R15: 00007ffdd8e321f8
[  195.931943][ T7944]  </TASK>
[  195.982710][   T29] audit: type=1400 audit(1734826009.446:396): avc:  denied  { getopt } for  pid=7941 comm="syz.1.431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  199.393040][ T7986] FAULT_INJECTION: forcing a failure.
[  199.393040][ T7986] name failslab, interval 1, probability 0, space 0, times 0
[  199.469647][ T7987] trusted_key: encrypted_key: insufficient parameters specified
[  200.197352][ T7986] CPU: 1 UID: 0 PID: 7986 Comm: syz.2.445 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  200.207975][ T7986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  200.218052][ T7986] Call Trace:
[  200.221334][ T7986]  <TASK>
[  200.224266][ T7986]  dump_stack_lvl+0x16c/0x1f0
[  200.228956][ T7986]  should_fail_ex+0x497/0x5b0
[  200.233644][ T7986]  ? fs_reclaim_acquire+0xae/0x150
[  200.238775][ T7986]  should_failslab+0xc2/0x120
[  200.243457][ T7986]  __kmalloc_node_noprof+0xd1/0x510
[  200.248661][ T7986]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  200.254136][ T7986]  __kvmalloc_node_noprof+0xad/0x1a0
[  200.259429][ T7986]  io_sqe_buffers_register+0x136/0x740
[  200.264894][ T7986]  ? __lock_acquire+0xcc5/0x3c40
[  200.269841][ T7986]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  200.275838][ T7986]  ? __pfx___mutex_trylock_common+0x10/0x10
[  200.281737][ T7986]  __io_uring_register+0x222f/0x2290
[  200.287025][ T7986]  ? trace_contention_end+0xee/0x140
[  200.292317][ T7986]  ? __pfx___io_uring_register+0x10/0x10
[  200.297954][ T7986]  ? __mutex_lock+0x1cc/0xa60
[  200.302640][ T7986]  ? __fget_files+0x1fc/0x3a0
[  200.307323][ T7986]  ? __x64_sys_io_uring_register+0x168/0x2b0
[  200.313303][ T7986]  ? __pfx_lock_release+0x10/0x10
[  200.318333][ T7986]  ? __pfx___mutex_lock+0x10/0x10
[  200.323367][ T7986]  ? __fget_files+0x40/0x3a0
[  200.327964][ T7986]  ? __fget_files+0x206/0x3a0
[  200.332657][ T7986]  __x64_sys_io_uring_register+0x17a/0x2b0
[  200.338485][ T7986]  do_syscall_64+0xcd/0x250
[  200.342996][ T7986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.348871][ T7986] RIP: 0033:0x7f7115385d29
[  200.353264][ T7986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  200.372850][ T7986] RSP: 002b:00007f711627c038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  200.381241][ T7986] RAX: ffffffffffffffda RBX: 00007f7115575fa0 RCX: 00007f7115385d29
[  200.389190][ T7986] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000003
[  200.397150][ T7986] RBP: 00007f711627c090 R08: 0000000000000000 R09: 0000000000000000
[  200.405097][ T7986] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  200.413040][ T7986] R13: 0000000000000000 R14: 00007f7115575fa0 R15: 00007ffdb49a8a68
[  200.420994][ T7986]  </TASK>
[  200.424097][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.761945][ T5815] Bluetooth: hci4: link tx timeout
[  201.124279][ T8004] netlink: 20 bytes leftover after parsing attributes in process `syz.2.450'.
[  202.392541][ T8012] ALSA: mixer_oss: invalid OSS volume '00000000000000000'
[  205.941949][ T8059] FAULT_INJECTION: forcing a failure.
[  205.941949][ T8059] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  205.955270][ T8059] CPU: 1 UID: 0 PID: 8059 Comm: syz.4.458 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  205.965874][ T8059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  205.975911][ T8059] Call Trace:
[  205.979166][ T8059]  <TASK>
[  205.982077][ T8059]  dump_stack_lvl+0x16c/0x1f0
[  205.986742][ T8059]  should_fail_ex+0x497/0x5b0
[  205.991410][ T8059]  _copy_from_user+0x2e/0xd0
[  205.995992][ T8059]  ucma_write+0x129/0x330
[  206.000325][ T8059]  ? __pfx_ucma_write+0x10/0x10
[  206.005168][ T8059]  ? bpf_lsm_file_permission+0x9/0x10
[  206.010555][ T8059]  ? security_file_permission+0x71/0x210
[  206.016180][ T8059]  ? __pfx_ucma_write+0x10/0x10
[  206.021034][ T8059]  vfs_write+0x24c/0x1150
[  206.025357][ T8059]  ? __fget_files+0x1fc/0x3a0
[  206.030028][ T8059]  ? __pfx_lock_release+0x10/0x10
[  206.035048][ T8059]  ? __pfx_vfs_write+0x10/0x10
[  206.039804][ T8059]  ? lock_acquire+0x2f/0xb0
[  206.044300][ T8059]  ? __fget_files+0x40/0x3a0
[  206.048884][ T8059]  ? __fget_files+0x206/0x3a0
[  206.053561][ T8059]  ksys_write+0x207/0x250
[  206.057881][ T8059]  ? __pfx_ksys_write+0x10/0x10
[  206.062735][ T8059]  do_syscall_64+0xcd/0x250
[  206.067242][ T8059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.073140][ T8059] RIP: 0033:0x7ff79a785d29
[  206.077545][ T8059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.097142][ T8059] RSP: 002b:00007ff79b553038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  206.105546][ T8059] RAX: ffffffffffffffda RBX: 00007ff79a975fa0 RCX: 00007ff79a785d29
[  206.113507][ T8059] RDX: 0000000000000020 RSI: 0000000020000380 RDI: 0000000000000003
[  206.121466][ T8059] RBP: 00007ff79b553090 R08: 0000000000000000 R09: 0000000000000000
[  206.129425][ T8059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.137383][ T8059] R13: 0000000000000000 R14: 00007ff79a975fa0 R15: 00007ffe4a7d5158
[  206.145355][ T8059]  </TASK>
[  206.148459][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.218980][ T8061] FAULT_INJECTION: forcing a failure.
[  206.218980][ T8061] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  206.232185][ T8061] CPU: 1 UID: 0 PID: 8061 Comm: syz.2.459 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  206.242772][ T8061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  206.252815][ T8061] Call Trace:
[  206.256080][ T8061]  <TASK>
[  206.259001][ T8061]  dump_stack_lvl+0x16c/0x1f0
[  206.263677][ T8061]  should_fail_ex+0x497/0x5b0
[  206.268357][ T8061]  _copy_from_user+0x2e/0xd0
[  206.272948][ T8061]  copy_msghdr_from_user+0x99/0x160
[  206.278137][ T8061]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  206.283943][ T8061]  ___sys_sendmsg+0xff/0x1e0
[  206.288523][ T8061]  ? __pfx____sys_sendmsg+0x10/0x10
[  206.293722][ T8061]  ? __pfx_lock_release+0x10/0x10
[  206.298738][ T8061]  ? trace_lock_acquire+0x14e/0x1f0
[  206.303939][ T8061]  ? __fget_files+0x206/0x3a0
[  206.308614][ T8061]  __sys_sendmsg+0x16e/0x220
[  206.313197][ T8061]  ? __pfx___sys_sendmsg+0x10/0x10
[  206.318312][ T8061]  do_syscall_64+0xcd/0x250
[  206.322811][ T8061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.328696][ T8061] RIP: 0033:0x7f7115385d29
[  206.333101][ T8061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.352701][ T8061] RSP: 002b:00007f711623a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.361107][ T8061] RAX: ffffffffffffffda RBX: 00007f7115576160 RCX: 00007f7115385d29
[  206.369070][ T8061] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 000000000000000a
[  206.377031][ T8061] RBP: 00007f711623a090 R08: 0000000000000000 R09: 0000000000000000
[  206.384991][ T8061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.392949][ T8061] R13: 0000000000000000 R14: 00007f7115576160 R15: 00007ffdb49a8a68
[  206.400921][ T8061]  </TASK>
[  206.403942][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.889295][ T8066] netlink: 'syz.4.460': attribute type 2 has an invalid length.
[  206.897468][ T8066] netlink: 'syz.4.460': attribute type 1 has an invalid length.
[  206.923778][ T8066] 9pnet_fd: Insufficient options for proto=fd
[  208.095260][   T29] audit: type=1400 audit(1734826021.556:397): avc:  denied  { mounton } for  pid=8074 comm="syz.4.464" path="/102/file0/file0/bus" dev="ramfs" ino=14534 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  208.095426][ T8092] overlayfs: failed to resolve './file1': -2
[  208.837339][ T8096] FAULT_INJECTION: forcing a failure.
[  208.837339][ T8096] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  208.856117][ T8096] CPU: 0 UID: 0 PID: 8096 Comm: syz.2.469 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  208.866775][ T8096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  208.876834][ T8096] Call Trace:
[  208.880097][ T8096]  <TASK>
[  208.883036][ T8096]  dump_stack_lvl+0x16c/0x1f0
[  208.887736][ T8096]  should_fail_ex+0x497/0x5b0
[  208.892442][ T8096]  _copy_from_user+0x2e/0xd0
[  208.897080][ T8096]  copy_msghdr_from_user+0x99/0x160
[  208.902312][ T8096]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  208.908136][ T8096]  ? __lock_acquire+0xcc5/0x3c40
[  208.913106][ T8096]  ___sys_sendmsg+0xff/0x1e0
[  208.917702][ T8096]  ? __pfx____sys_sendmsg+0x10/0x10
[  208.922975][ T8096]  ? trace_lock_acquire+0x14e/0x1f0
[  208.928188][ T8096]  __sys_sendmmsg+0x201/0x420
[  208.932899][ T8096]  ? __pfx___sys_sendmmsg+0x10/0x10
[  208.938105][ T8096]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  208.944083][ T8096]  ? fput+0x67/0x440
[  208.947965][ T8096]  ? ksys_write+0x1ba/0x250
[  208.952449][ T8096]  ? __pfx_ksys_write+0x10/0x10
[  208.957296][ T8096]  __x64_sys_sendmmsg+0x9c/0x100
[  208.962214][ T8096]  ? lockdep_hardirqs_on+0x7c/0x110
[  208.967398][ T8096]  do_syscall_64+0xcd/0x250
[  208.971899][ T8096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  208.977782][ T8096] RIP: 0033:0x7f7115385d29
[  208.982180][ T8096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.001771][ T8096] RSP: 002b:00007f711627c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  209.010165][ T8096] RAX: ffffffffffffffda RBX: 00007f7115575fa0 RCX: 00007f7115385d29
[  209.018119][ T8096] RDX: 0000000000000001 RSI: 0000000020006900 RDI: 0000000000000004
[  209.026092][ T8096] RBP: 00007f711627c090 R08: 0000000000000000 R09: 0000000000000000
[  209.034048][ T8096] R10: 0000000000000840 R11: 0000000000000246 R12: 0000000000000001
[  209.042008][ T8096] R13: 0000000000000000 R14: 00007f7115575fa0 R15: 00007ffdb49a8a68
[  209.049968][ T8096]  </TASK>
[  209.067402][  T116] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  209.152429][ T8098] xt_TPROXY: Can be used only with -p tcp or -p udp
[  209.238024][  T116] usb 4-1: Using ep0 maxpacket: 8
[  209.244079][ T8103] FAULT_INJECTION: forcing a failure.
[  209.244079][ T8103] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  209.264765][  T116] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  209.282458][  T116] usb 4-1: config 0 has no interface number 0
[  209.290849][  T116] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  209.311538][ T8103] CPU: 0 UID: 0 PID: 8103 Comm: syz.2.471 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  209.322151][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  209.332216][ T8103] Call Trace:
[  209.335503][ T8103]  <TASK>
[  209.338446][ T8103]  dump_stack_lvl+0x16c/0x1f0
[  209.343142][ T8103]  should_fail_ex+0x497/0x5b0
[  209.347841][ T8103]  _copy_from_user+0x2e/0xd0
[  209.352454][ T8103]  copy_msghdr_from_user+0x99/0x160
[  209.357663][ T8103]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  209.363491][ T8103]  ___sys_sendmsg+0xff/0x1e0
[  209.368095][ T8103]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.373315][ T8103]  ? __pfx_lock_release+0x10/0x10
[  209.378350][ T8103]  ? trace_lock_acquire+0x14e/0x1f0
[  209.383574][ T8103]  ? __fget_files+0x206/0x3a0
[  209.388270][ T8103]  __sys_sendmsg+0x16e/0x220
[  209.392884][ T8103]  ? __pfx___sys_sendmsg+0x10/0x10
[  209.398025][ T8103]  do_syscall_64+0xcd/0x250
[  209.402552][ T8103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.408458][ T8103] RIP: 0033:0x7f7115385d29
[  209.412894][ T8103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  209.432511][ T8103] RSP: 002b:00007f711627c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.440937][ T8103] RAX: ffffffffffffffda RBX: 00007f7115575fa0 RCX: 00007f7115385d29
[  209.448916][ T8103] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  209.456903][ T8103] RBP: 00007f711627c090 R08: 0000000000000000 R09: 0000000000000000
[  209.464883][ T8103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.472871][ T8103] R13: 0000000000000000 R14: 00007f7115575fa0 R15: 00007ffdb49a8a68
[  209.480860][ T8103]  </TASK>
[  209.484451][  T116] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  209.494758][  T116] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.511385][  T116] usb 4-1: config 0 descriptor??
[  209.526496][  T116] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  210.840692][ T5939] usb 4-1: USB disconnect, device number 15
[  211.381709][ T5939] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  212.465885][   T29] audit: type=1400 audit(1734826025.926:398): avc:  denied  { nlmsg_write } for  pid=8127 comm="syz.3.479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  212.737437][ T8134] netlink: 68 bytes leftover after parsing attributes in process `syz.3.479'.
[  212.782103][ T5939] usb 3-1: Using ep0 maxpacket: 32
[  212.807155][ T5939] usb 3-1: config 0 has an invalid interface number: 244 but max is 0
[  212.815446][ T5939] usb 3-1: config 0 has no interface number 0
[  212.822200][ T5939] usb 3-1: config 0 interface 244 has no altsetting 0
[  212.831637][ T8133] usb usb4: usbfs: process 8133 (syz.3.479) did not claim interface 0 before use
[  212.962382][ T5939] usb 3-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  212.971417][ T5939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.981677][ T5939] usb 3-1: Product: syz
[  212.985867][ T5939] usb 3-1: Manufacturer: syz
[  212.990519][ T5939] usb 3-1: SerialNumber: syz
[  213.011921][ T5890] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  213.061218][ T5939] usb 3-1: config 0 descriptor??
[  213.104441][ T5939] snd_usb_toneport 3-1:0.244: Line 6 GuitarPort found
[  213.148764][ T8144] netlink: 'syz.0.483': attribute type 4 has an invalid length.
[  213.164909][   T29] audit: type=1400 audit(1734826026.626:399): avc:  denied  { call } for  pid=8141 comm="syz.3.484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  213.184044][ T5890] usb 5-1: Using ep0 maxpacket: 32
[  213.190965][ T5890] usb 5-1: config 0 has an invalid interface number: 244 but max is 0
[  213.216998][ T5890] usb 5-1: config 0 has no interface number 0
[  213.241874][ T5890] usb 5-1: config 0 interface 244 has no altsetting 0
[  213.255645][ T5890] usb 5-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice=26.9c
[  213.267228][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.308363][ T5939] snd_usb_toneport 3-1:0.244: set_interface failed
[  213.319775][ T5890] usb 5-1: Product: syz
[  213.323549][ T8151] binder_alloc: 8146: binder_alloc_buf, no vma
[  213.341668][ T5890] usb 5-1: Manufacturer: syz
[  213.346565][ T5939] snd_usb_toneport 3-1:0.244: Line 6 GuitarPort now disconnected
[  213.354720][ T5890] usb 5-1: SerialNumber: syz
[  213.360706][ T5939] snd_usb_toneport 3-1:0.244: probe with driver snd_usb_toneport failed with error -71
[  213.373693][ T5890] usb 5-1: config 0 descriptor??
[  213.383194][ T5890] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort found
[  213.390230][ T5939] usb 3-1: USB disconnect, device number 5
[  213.483032][   T29] audit: type=1400 audit(1734826026.926:400): avc:  denied  { mount } for  pid=8152 comm="syz.1.486" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  213.519729][   T29] audit: type=1400 audit(1734826026.976:401): avc:  denied  { unmount } for  pid=5812 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  213.603335][ T8139] FAULT_INJECTION: forcing a failure.
[  213.603335][ T8139] name failslab, interval 1, probability 0, space 0, times 0
[  213.622015][ T8139] CPU: 1 UID: 0 PID: 8139 Comm: syz.4.482 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  213.632634][ T8139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  213.642699][ T8139] Call Trace:
[  213.645981][ T8139]  <TASK>
[  213.648913][ T8139]  dump_stack_lvl+0x16c/0x1f0
[  213.653605][ T8139]  should_fail_ex+0x497/0x5b0
[  213.658297][ T8139]  ? fs_reclaim_acquire+0xae/0x150
[  213.663428][ T8139]  should_failslab+0xc2/0x120
[  213.668117][ T8139]  __kmalloc_noprof+0xcb/0x510
[  213.672891][ T8139]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  213.678538][ T8139]  tomoyo_realpath_from_path+0xb9/0x720
[  213.684094][ T8139]  ? tomoyo_path_number_perm+0x235/0x590
[  213.689723][ T8139]  ? tomoyo_path_number_perm+0x235/0x590
[  213.695356][ T8139]  tomoyo_path_number_perm+0x248/0x590
[  213.700804][ T8139]  ? tomoyo_path_number_perm+0x235/0x590
[  213.706435][ T8139]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  213.712428][ T8139]  ? __pfx_lock_release+0x10/0x10
[  213.717445][ T8139]  ? trace_lock_acquire+0x14e/0x1f0
[  213.722643][ T8139]  ? lock_acquire+0x2f/0xb0
[  213.727135][ T8139]  ? __fget_files+0x40/0x3a0
[  213.731720][ T8139]  ? __fget_files+0x206/0x3a0
[  213.736398][ T8139]  security_file_ioctl+0x9b/0x240
[  213.741421][ T8139]  __x64_sys_ioctl+0xb7/0x200
[  213.746104][ T8139]  do_syscall_64+0xcd/0x250
[  213.750607][ T8139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.756496][ T8139] RIP: 0033:0x7ff79a785d29
[  213.760903][ T8139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.780501][ T8139] RSP: 002b:00007ff79b553038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  213.788904][ T8139] RAX: ffffffffffffffda RBX: 00007ff79a975fa0 RCX: 00007ff79a785d29
[  213.796866][ T8139] RDX: 0000000020000900 RSI: 00000000000089f0 RDI: 000000000000000b
[  213.804825][ T8139] RBP: 00007ff79b553090 R08: 0000000000000000 R09: 0000000000000000
[  213.812789][ T8139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.820752][ T8139] R13: 0000000000000000 R14: 00007ff79a975fa0 R15: 00007ffe4a7d5158
[  213.828726][ T8139]  </TASK>
[  213.841616][ T8139] ERROR: Out of memory at tomoyo_realpath_from_path.
[  213.861817][ T5890] snd_usb_toneport 5-1:0.244: set_interface failed
[  213.868489][ T5890] snd_usb_toneport 5-1:0.244: Line 6 GuitarPort now disconnected
[  213.876503][ T5890] snd_usb_toneport 5-1:0.244: probe with driver snd_usb_toneport failed with error -71
[  213.901532][ T5890] usb 5-1: USB disconnect, device number 7
[  213.989662][   T29] audit: type=1400 audit(1734826027.446:402): avc:  denied  { ioctl } for  pid=8160 comm="syz.1.489" path="socket:[15611]" dev="sockfs" ino=15611 ioctlcmd=0x940b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  214.034566][   T29] audit: type=1400 audit(1734826027.496:403): avc:  denied  { module_load } for  pid=8162 comm="syz.2.490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  214.221595][  T116] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  215.191505][  T116] usb 2-1: not running at top speed; connect to a high speed hub
[  215.231927][  T116] usb 2-1: config 1 interface 0 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  215.321653][  T116] usb 2-1: config 1 interface 0 has no altsetting 0
[  215.344017][  T116] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  215.356385][  T116] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.403258][  T116] usb 2-1: Product: syz
[  215.414446][  T116] usb 2-1: Manufacturer: syz
[  215.427103][  T116] usb 2-1: SerialNumber: syz
[  215.554510][ T8161] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  215.562377][   T29] audit: type=1400 audit(1734826028.996:404): avc:  denied  { write } for  pid=8173 comm="syz.2.493" name="task" dev="proc" ino=15630 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  215.621717][   T29] audit: type=1400 audit(1734826029.056:405): avc:  denied  { add_name } for  pid=8173 comm="syz.2.493" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  216.359166][ T8181] Invalid logical block size (68)
[  216.372239][  T116] usblp 2-1:1.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 5 proto 2 vid 0x0525 pid 0xA4A8
[  216.397612][  T116] usb 2-1: USB disconnect, device number 12
[  216.420397][  T116] usblp0: removed
[  216.493507][   T29] audit: type=1400 audit(1734826029.056:406): avc:  denied  { create } for  pid=8173 comm="syz.2.493" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  216.530122][   T29] audit: type=1400 audit(1734826029.056:407): avc:  denied  { associate } for  pid=8173 comm="syz.2.493" name="file0" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  216.824140][ T8191] ALSA: mixer_oss: invalid OSS volume '000'
[  217.126771][   T29] audit: type=1400 audit(1734826030.446:408): avc:  denied  { read } for  pid=8188 comm="syz.3.497" lport=45486 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  217.731517][ T5890] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  217.953009][ T5890] usb 2-1: not running at top speed; connect to a high speed hub
[  217.961638][ T5939] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  218.127442][ T5939] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 16
[  218.243940][ T5939] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  218.301694][ T5939] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= 0.40
[  218.310765][ T5939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  218.318867][ T5939] usb 3-1: SerialNumber: syz
[  218.335912][ T5890] usb 2-1: unable to read config index 0 descriptor/start: -71
[  218.343562][ T5890] usb 2-1: can't read configurations, error -71
[  218.363897][ T8200] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  218.372598][ T5939] cdc_ether 3-1:1.0: skipping garbage
[  218.377997][ T5939] usb 3-1: bad CDC descriptors
[  218.383793][ T5939] usbtest 3-1:1.0: Linux gadget zero
[  218.389098][ T5939] usbtest 3-1:1.0: high-speed {control in/out bulk-in bulk-out} tests (+alt)
[  218.457222][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  218.457238][   T29] audit: type=1400 audit(1734826031.916:410): avc:  denied  { setopt } for  pid=8203 comm="syz.4.501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  221.157012][  T116] usb 3-1: USB disconnect, device number 6
[  221.316260][ T8215] netlink: 12 bytes leftover after parsing attributes in process `syz.4.505'.
[  221.325327][ T8215] netlink: 12 bytes leftover after parsing attributes in process `syz.4.505'.
[  221.424419][   T29] audit: type=1400 audit(1734826034.886:411): avc:  denied  { bind } for  pid=8231 comm="syz.2.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  221.515628][   T29] audit: type=1400 audit(1734826034.906:412): avc:  denied  { setopt } for  pid=8231 comm="syz.2.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  223.711552][ T5939] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  223.881545][ T5939] usb 5-1: Using ep0 maxpacket: 32
[  223.952128][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7
[  224.023523][ T5939] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024
[  224.111082][ T5939] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  224.154603][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.205984][ T5939] usb 5-1: Product: syz
[  224.220447][ T5939] usb 5-1: Manufacturer: syz
[  224.256285][ T5939] usb 5-1: SerialNumber: syz
[  224.298087][ T5939] usb 5-1: config 0 descriptor??
[  224.330813][ T5939] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  225.416322][ T6188] usb 5-1: Failed to submit usb control message: -110
[  225.428885][ T6188] usb 5-1: unable to send the bmi data to the device: -110
[  225.454349][ T6188] usb 5-1: unable to get target info from device
[  225.487070][ T6188] usb 5-1: could not get target info (-110)
[  225.512620][ T6188] usb 5-1: could not probe fw (-110)
[  226.468879][ T2148] usb 5-1: USB disconnect, device number 8
[  226.804451][ T8290] xt_l2tp: wrong L2TP version: 0
[  227.061566][ T5939] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  227.111727][ T2148] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  227.211597][ T5939] usb 2-1: Using ep0 maxpacket: 16
[  227.224608][ T5939] usb 2-1: config index 0 descriptor too short (expected 42, got 18)
[  227.237331][ T5939] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 219, using maximum allowed: 30
[  227.260694][ T5939] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 219
[  227.279130][ T2148] usb 5-1: Using ep0 maxpacket: 8
[  227.312045][ T2148] usb 5-1: config 0 has an invalid interface number: 84 but max is 0
[  227.326439][ T2148] usb 5-1: config 0 has no interface number 0
[  227.349533][ T2148] usb 5-1: New USB device found, idVendor=0733, idProduct=1314, bcdDevice=56.3e
[  227.370226][ T5939] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice= 7.06
[  227.389501][ T2148] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.404227][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  227.438451][ T2148] usb 5-1: Product: syz
[  227.450738][ T5939] usb 2-1: Product: syz
[  227.459624][ T2148] usb 5-1: Manufacturer: syz
[  227.468817][ T5939] usb 2-1: SerialNumber: syz
[  227.507849][ T2148] usb 5-1: SerialNumber: syz
[  227.546185][ T5939] r8152-cfgselector 2-1: Unknown version 0x0000
[  227.569049][ T2148] usb 5-1: config 0 descriptor??
[  227.576410][ T5939] r8152-cfgselector 2-1: config 0 descriptor??
[  227.599528][ T2148] gspca_main: sunplus-2.14.0 probing 0733:1314
[  227.621013][ T5939] hub 2-1:0.0: bad descriptor, ignoring hub
[  227.661579][ T5939] hub 2-1:0.0: probe with driver hub failed with error -5
[  228.091168][ T2148] gspca_sunplus: reg_r err -71
[  228.632963][ T2148] sunplus 5-1:0.84: probe with driver sunplus failed with error -71
[  229.351703][ T2148] usb 5-1: USB disconnect, device number 9
[  230.127092][ T5815] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  230.247164][ T8303] FAULT_INJECTION: forcing a failure.
[  230.247164][ T8303] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.280793][ T8303] CPU: 1 UID: 0 PID: 8303 Comm: syz.4.524 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  230.291418][ T8303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  230.301494][ T8303] Call Trace:
[  230.304777][ T8303]  <TASK>
[  230.307718][ T8303]  dump_stack_lvl+0x16c/0x1f0
[  230.312415][ T8303]  should_fail_ex+0x497/0x5b0
[  230.317112][ T8303]  _copy_from_user+0x2e/0xd0
[  230.321721][ T8303]  move_addr_to_kernel+0x68/0x160
[  230.326761][ T8303]  __sys_sendto+0x1ba/0x4f0
[  230.331282][ T8303]  ? __pfx___sys_sendto+0x10/0x10
[  230.336346][ T8303]  ? ksys_write+0x1ba/0x250
[  230.340860][ T8303]  ? __pfx_ksys_write+0x10/0x10
[  230.345725][ T8303]  __x64_sys_sendto+0xe0/0x1c0
[  230.350506][ T8303]  ? do_syscall_64+0x91/0x250
[  230.355198][ T8303]  ? lockdep_hardirqs_on+0x7c/0x110
[  230.360410][ T8303]  do_syscall_64+0xcd/0x250
[  230.364928][ T8303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.370833][ T8303] RIP: 0033:0x7ff79a785d29
[  230.375256][ T8303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.394876][ T8303] RSP: 002b:00007ff79b532038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  230.403297][ T8303] RAX: ffffffffffffffda RBX: 00007ff79a976080 RCX: 00007ff79a785d29
[  230.411273][ T8303] RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000004
[  230.419249][ T8303] RBP: 00007ff79b532090 R08: 0000000020000000 R09: 000000000000001c
[  230.427223][ T8303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.435199][ T8303] R13: 0000000000000000 R14: 00007ff79a976080 R15: 00007ffe4a7d5158
[  230.443192][ T8303]  </TASK>
[  230.612257][ T2148] r8152-cfgselector 2-1: reset high-speed USB device number 15 using dummy_hcd
[  230.873011][ T2148] r8152-cfgselector 2-1: device firmware changed
[  230.917978][ T2148] r8152-cfgselector 2-1: USB disconnect, device number 15
[  231.511799][   T29] audit: type=1400 audit(1734826044.876:413): avc:  denied  { sqpoll } for  pid=8307 comm="syz.1.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  233.079254][ T5815] Bluetooth: hci4: link tx timeout
[  233.084642][ T5815] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  233.095247][ T5815] Bluetooth: hci4: link tx timeout
[  233.269595][ T8322] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  235.253066][ T5129] Bluetooth: hci4: command 0x0406 tx timeout
[  237.750789][ T8331] FAULT_INJECTION: forcing a failure.
[  237.750789][ T8331] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  237.768724][ T8331] CPU: 1 UID: 0 PID: 8331 Comm: syz.3.531 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  237.779339][ T8331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  237.789405][ T8331] Call Trace:
[  237.792689][ T8331]  <TASK>
[  237.795624][ T8331]  dump_stack_lvl+0x16c/0x1f0
[  237.800318][ T8331]  should_fail_ex+0x497/0x5b0
[  237.805017][ T8331]  _copy_from_user+0x2e/0xd0
[  237.809627][ T8331]  __do_sys_clock_adjtime+0x97/0x290
[  237.814925][ T8331]  ? __pfx___do_sys_clock_adjtime+0x10/0x10
[  237.820851][ T8331]  ? __pfx_ksys_write+0x10/0x10
[  237.825724][ T8331]  do_syscall_64+0xcd/0x250
[  237.830245][ T8331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.836152][ T8331] RIP: 0033:0x7f2519185d29
[  237.840573][ T8331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.860193][ T8331] RSP: 002b:00007f251a09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000131
[  237.868620][ T8331] RAX: ffffffffffffffda RBX: 00007f2519375fa0 RCX: 00007f2519185d29
[  237.876602][ T8331] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000000
[  237.884578][ T8331] RBP: 00007f251a09e090 R08: 0000000000000000 R09: 0000000000000000
[  237.892554][ T8331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.900534][ T8331] R13: 0000000000000001 R14: 00007f2519375fa0 R15: 00007ffdd8e321f8
[  237.908528][ T8331]  </TASK>
[  239.656136][   T29] audit: type=1326 audit(1734826052.876:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8344 comm="syz.0.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ce185d29 code=0x7ffc0000
[  239.795613][   T29] audit: type=1326 audit(1734826052.876:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8344 comm="syz.0.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5ce185d29 code=0x7ffc0000
[  240.464312][   T29] audit: type=1400 audit(1734826053.916:416): avc:  denied  { create } for  pid=8348 comm="syz.3.534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  240.483553][    C1] vkms_vblank_simulate: vblank timer overrun
[  242.502293][ T5129] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  242.525365][ T5129] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  242.534639][ T5129] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  242.544328][ T5129] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  242.552100][ T5129] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  242.560162][ T5129] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  242.577205][   T29] audit: type=1400 audit(1734826055.924:417): avc:  denied  { mounton } for  pid=8371 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  242.598569][    C1] vkms_vblank_simulate: vblank timer overrun
[  244.085653][ T8376] fuse: Bad value for 'fd'
[  244.110039][   T29] audit: type=1400 audit(1734826057.356:418): avc:  denied  { unlink } for  pid=8375 comm="syz.0.543" name="#1" dev="tmpfs" ino=559 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.150099][   T29] audit: type=1400 audit(1734826057.393:419): avc:  denied  { mount } for  pid=8375 comm="syz.0.543" name="/" dev="overlay" ino=555 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  244.893131][ T5129] Bluetooth: hci5: command tx timeout
[  247.096153][ T5129] Bluetooth: hci5: command tx timeout
[  249.078964][ T8392] FAULT_INJECTION: forcing a failure.
[  249.078964][ T8392] name failslab, interval 1, probability 0, space 0, times 0
[  249.099196][ T8392] CPU: 1 UID: 0 PID: 8392 Comm: syz.0.548 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  249.109814][ T8392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  249.119878][ T8392] Call Trace:
[  249.123158][ T8392]  <TASK>
[  249.126091][ T8392]  dump_stack_lvl+0x16c/0x1f0
[  249.130785][ T8392]  should_fail_ex+0x497/0x5b0
[  249.135481][ T8392]  ? fs_reclaim_acquire+0xae/0x150
[  249.140618][ T8392]  should_failslab+0xc2/0x120
[  249.145309][ T8392]  __kmalloc_noprof+0xcb/0x510
[  249.150087][ T8392]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  249.155738][ T8392]  tomoyo_realpath_from_path+0xb9/0x720
[  249.161304][ T8392]  ? tomoyo_path_number_perm+0x235/0x590
[  249.166950][ T8392]  ? tomoyo_path_number_perm+0x235/0x590
[  249.172597][ T8392]  tomoyo_path_number_perm+0x248/0x590
[  249.178066][ T8392]  ? tomoyo_path_number_perm+0x235/0x590
[  249.183720][ T8392]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  249.189740][ T8392]  ? __pfx_lock_release+0x10/0x10
[  249.194781][ T8392]  ? trace_lock_acquire+0x14e/0x1f0
[  249.200001][ T8392]  ? lock_acquire+0x2f/0xb0
[  249.204516][ T8392]  ? __fget_files+0x40/0x3a0
[  249.209129][ T8392]  ? __fget_files+0x206/0x3a0
[  249.213820][ T8392]  security_file_ioctl+0x9b/0x240
[  249.218860][ T8392]  __x64_sys_ioctl+0xb7/0x200
[  249.223561][ T8392]  do_syscall_64+0xcd/0x250
[  249.228086][ T8392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.233995][ T8392] RIP: 0033:0x7fe5ce185d29
[  249.238430][ T8392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.258048][ T8392] RSP: 002b:00007fe5cefcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  249.266474][ T8392] RAX: ffffffffffffffda RBX: 00007fe5ce375fa0 RCX: 00007fe5ce185d29
[  249.274450][ T8392] RDX: 0000000020000000 RSI: 0000000000003b72 RDI: 0000000000000003
[  249.282422][ T8392] RBP: 00007fe5cefcf090 R08: 0000000000000000 R09: 0000000000000000
[  249.290400][ T8392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.298377][ T8392] R13: 0000000000000000 R14: 00007fe5ce375fa0 R15: 00007ffc293149b8
[  249.306371][ T8392]  </TASK>
[  249.309497][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.336425][ T5129] Bluetooth: hci5: command tx timeout
[  249.368991][ T8392] ERROR: Out of memory at tomoyo_realpath_from_path.
[  249.497560][   T29] audit: type=1400 audit(1734826062.397:420): avc:  denied  { create } for  pid=8393 comm="syz.0.549" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  251.543712][ T5129] Bluetooth: hci5: command tx timeout
[  255.488616][   T29] audit: type=1400 audit(1734826068.000:421): avc:  denied  { create } for  pid=8411 comm="syz.0.554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  256.677282][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  256.683636][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  257.394314][ T5815] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  257.406356][ T5815] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  257.415525][ T5815] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  257.431323][ T5815] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  257.439179][ T5815] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  257.446692][ T5815] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  258.956003][ T5815] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  258.965637][ T5815] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  258.975925][ T5815] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  258.985949][ T5815] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  259.000287][ T5815] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  259.007636][ T5815] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  259.671957][ T5815] Bluetooth: hci6: command tx timeout
[  261.207911][ T5815] Bluetooth: hci7: command tx timeout
[  261.892029][ T5815] Bluetooth: hci6: command tx timeout
[  263.431644][ T5815] Bluetooth: hci7: command tx timeout
[  264.115526][ T5815] Bluetooth: hci6: command tx timeout
[  265.655120][ T5815] Bluetooth: hci7: command tx timeout
[  266.339177][ T5815] Bluetooth: hci6: command tx timeout
[  267.878964][ T5815] Bluetooth: hci7: command tx timeout
[  272.986576][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  273.005489][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  273.021698][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  273.032741][ T5129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  273.040380][ T5129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  273.047944][ T5129] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  273.157163][ T5129] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  273.170841][ T5129] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  273.182560][ T5129] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  273.195795][ T5129] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  273.204801][ T5129] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  273.213960][ T5129] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  275.233837][ T5129] Bluetooth: hci1: command tx timeout
[  275.404899][ T5129] Bluetooth: hci8: command tx timeout
[  277.457479][ T5129] Bluetooth: hci1: command tx timeout
[  277.628593][ T5129] Bluetooth: hci8: command tx timeout
[  279.681686][ T5129] Bluetooth: hci1: command tx timeout
[  279.852579][ T5129] Bluetooth: hci8: command tx timeout
[  280.388597][ T8415] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.431209][ T8415] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.784565][ T8422] chnl_net:caif_netlink_parms(): no params data found
[  281.908462][ T5129] Bluetooth: hci1: command tx timeout
[  281.921250][ T8422] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.937039][ T8422] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.946926][ T8422] bridge_slave_0: entered allmulticast mode
[  281.959191][ T8422] bridge_slave_0: entered promiscuous mode
[  281.973158][ T8422] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.982229][ T8422] bridge0: port 2(bridge_slave_1) entered disabled state
[  281.989446][ T8422] bridge_slave_1: entered allmulticast mode
[  282.003795][ T8422] bridge_slave_1: entered promiscuous mode
[  282.045923][ T8422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.058260][ T8422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.090035][ T5129] Bluetooth: hci8: command tx timeout
[  282.125409][ T8422] team0: Port device team_slave_0 added
[  282.137817][ T8422] team0: Port device team_slave_1 added
[  282.178804][ T8422] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.187926][ T8422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.225432][ T8422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.245620][ T8422] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.252917][ T8422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.290173][ T8422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.357548][ T8422] hsr_slave_0: entered promiscuous mode
[  282.372814][ T8422] hsr_slave_1: entered promiscuous mode
[  282.383588][ T8422] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  282.398508][ T8422] Cannot create hsr debugfs directory
[  282.597671][ T8422] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  282.625935][ T8422] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  282.639129][ T8422] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  282.657699][ T8422] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  282.695587][ T8422] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.702731][ T8422] bridge0: port 2(bridge_slave_1) entered forwarding state
[  282.710356][ T8422] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.717476][ T8422] bridge0: port 1(bridge_slave_0) entered forwarding state
[  282.801458][ T8422] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.833268][ T8422] 8021q: adding VLAN 0 to HW filter on device team0
[  283.087889][ T8422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  283.376053][ T8422] veth0_vlan: entered promiscuous mode
[  283.398068][ T8422] veth1_vlan: entered promiscuous mode
[  283.432357][ T8422] veth0_macvtap: entered promiscuous mode
[  283.442350][ T8422] veth1_macvtap: entered promiscuous mode
[  283.474082][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.486750][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.503029][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.517548][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.534818][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.547473][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.561342][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.580693][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.593229][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  283.609703][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.622564][ T8422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  283.641301][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.656590][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.672647][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.688182][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.713688][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.728247][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.741396][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.761339][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.772729][ T8422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  283.789206][ T8422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  283.806785][ T8422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  283.825665][ T8422] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  283.837589][ T8422] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  283.853528][ T8422] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  283.865933][ T8422] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  284.007359][ T6167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.032474][ T6167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.071948][ T6167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  284.082659][ T6167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.117409][   T29] audit: type=1400 audit(1734826094.781:422): avc:  denied  { mounton } for  pid=8422 comm="syz-executor" path="/root/syzkaller.xNCsYo/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  297.479473][   T29] audit: type=1400 audit(1734826107.278:423): avc:  denied  { map } for  pid=8476 comm="syz.7.559" path="socket:[17462]" dev="sockfs" ino=17462 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  298.512001][ T8486] ALSA: mixer_oss: invalid OSS volume '000'
[  299.650891][ T8492] netlink: 12 bytes leftover after parsing attributes in process `syz.7.562'.
[  299.667639][ T8492] binder: 8489:8492 ioctl f503 0 returned -22
[  307.596957][ T5815] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  307.607535][ T5815] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  307.616888][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  307.626276][ T5815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  307.634089][ T5815] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  307.641347][ T5815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  309.871464][ T5129] Bluetooth: hci0: command tx timeout
[  312.095999][ T5129] Bluetooth: hci0: command tx timeout
[  314.318785][ T5129] Bluetooth: hci0: command tx timeout
[  316.542348][ T5129] Bluetooth: hci0: command tx timeout
[  322.288385][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  322.302230][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  322.314302][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  322.322487][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  322.332062][ T5815] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  322.340033][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  322.361951][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  322.368268][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  324.496116][ T5815] Bluetooth: hci2: command tx timeout
[  326.719821][ T5815] Bluetooth: hci2: command tx timeout
[  328.943566][ T5815] Bluetooth: hci2: command tx timeout
[  331.167145][ T5815] Bluetooth: hci2: command tx timeout
[  333.305971][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  336.594352][ T5129] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  336.605170][ T5129] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  336.613153][ T5129] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  336.622182][ T5129] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  336.889804][ T5129] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  336.897333][ T5129] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  337.065158][ T5129] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  337.192722][ T5129] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  337.203610][ T5129] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  337.211555][ T5129] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  337.220184][ T5129] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  337.229470][ T5129] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  337.375572][ T5815] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  337.384391][ T5815] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  337.392144][ T5815] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  337.409379][ T5815] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  337.428954][ T5815] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  337.437607][ T5815] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  339.206600][ T5815] Bluetooth: hci3: command tx timeout
[  339.463056][ T5815] Bluetooth: hci4: command tx timeout
[  339.634150][ T5815] Bluetooth: hci9: command tx timeout
[  341.430310][ T5815] Bluetooth: hci3: command tx timeout
[  341.686634][ T5815] Bluetooth: hci4: command tx timeout
[  341.857634][ T5815] Bluetooth: hci9: command tx timeout
[  343.653828][ T5815] Bluetooth: hci3: command tx timeout
[  343.910285][ T5815] Bluetooth: hci4: command tx timeout
[  344.081301][ T5815] Bluetooth: hci9: command tx timeout
[  345.877584][ T5815] Bluetooth: hci3: command tx timeout
[  346.133924][ T5815] Bluetooth: hci4: command tx timeout
[  346.305172][ T5815] Bluetooth: hci9: command tx timeout
[  373.855629][   T53] Bluetooth: hci5: command 0x0406 tx timeout
[  374.040397][ T5129] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  374.086445][ T5129] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  374.116073][ T5129] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  374.179981][ T5129] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  374.208018][ T5129] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  374.233602][ T5129] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  376.495236][ T5129] Bluetooth: hci10: command tx timeout
[  378.718978][ T5129] Bluetooth: hci10: command tx timeout
[  380.950178][ T5129] Bluetooth: hci10: command tx timeout
[  383.166246][ T5129] Bluetooth: hci10: command tx timeout
[  387.532805][ T5815] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  387.549535][ T5815] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  387.558562][ T5815] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  387.568151][ T5815] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  387.577086][ T5815] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  387.584472][ T5815] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  388.056573][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  388.075645][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  389.751780][ T5815] Bluetooth: hci11: command tx timeout
[  390.273380][   T53] Bluetooth: hci6: command 0x0406 tx timeout
[  390.279628][ T5815] Bluetooth: hci7: command 0x0406 tx timeout
[  391.985942][ T5129] Bluetooth: hci11: command tx timeout
[  392.120254][   T29] audit: type=1400 audit(1734826195.813:424): avc:  denied  { write } for  pid=5172 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  392.152201][   T29] audit: type=1400 audit(1734826195.832:425): avc:  denied  { remove_name } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  392.186338][   T29] audit: type=1400 audit(1734826195.832:426): avc:  denied  { add_name } for  pid=5172 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  394.198918][ T5129] Bluetooth: hci11: command tx timeout
[  396.422627][ T5129] Bluetooth: hci11: command tx timeout
[  400.747909][ T5819] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  400.758311][ T5819] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  400.772682][ T5819] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  400.782727][ T5819] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  400.795646][ T5819] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  400.806883][ T5819] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  401.301610][ T5129] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  401.313223][ T5129] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  401.321475][ T5129] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  401.330309][ T5129] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  401.338892][ T5129] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[  401.346320][ T5129] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  401.539736][ T5819] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  401.553725][ T5819] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  401.566136][ T5819] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  401.574016][ T5819] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  401.582001][ T5819] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[  401.591730][ T5819] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  403.008686][ T5819] Bluetooth: hci12: command tx timeout
[  403.521375][ T5819] Bluetooth: hci13: command tx timeout
[  403.788630][ T5819] Bluetooth: hci14: command tx timeout
[  405.231627][   T53] Bluetooth: hci12: command tx timeout
[  405.755642][   T53] Bluetooth: hci13: command tx timeout
[  406.001494][   T53] Bluetooth: hci14: command tx timeout
[  406.691790][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[  406.698045][ T5129] Bluetooth: hci8: command 0x0406 tx timeout
[  407.457111][ T5815] Bluetooth: hci12: command tx timeout
[  407.968478][ T5815] Bluetooth: hci13: command tx timeout
[  408.225142][ T5815] Bluetooth: hci14: command tx timeout
[  409.678979][ T5815] Bluetooth: hci12: command tx timeout
[  410.192068][ T5815] Bluetooth: hci13: command tx timeout
[  410.448745][ T5815] Bluetooth: hci14: command tx timeout
[  431.841402][   T30] INFO: task syz-executor:8429 blocked for more than 143 seconds.
[  431.849266][   T30]       Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  431.893929][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  431.902700][   T30] task:syz-executor    state:D stack:27120 pid:8429  tgid:8429  ppid:1      flags:0x00000004
[  431.965047][   T30] Call Trace:
[  431.968371][   T30]  <TASK>
[  432.000815][   T30]  __schedule+0xe58/0x5ad0
[  432.005307][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  432.010526][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  432.063024][   T30]  ? __pfx___schedule+0x10/0x10
[  432.081313][   T30]  ? schedule+0x298/0x350
[  432.085699][   T30]  ? __pfx_lock_release+0x10/0x10
[  432.158522][   T30]  ? __mutex_trylock_common+0x78/0x250
[  432.246715][   T30]  ? lock_acquire+0x2f/0xb0
[  432.251363][   T30]  ? schedule+0x1fd/0x350
[  432.255714][   T30]  schedule+0xe7/0x350
[  432.328292][   T30]  schedule_preempt_disabled+0x13/0x30
[  432.370570][   T30]  __mutex_lock+0x62b/0xa60
[  432.376291][   T30]  ? inet_rtm_newaddr+0x316/0x1560
[  432.381443][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  432.407268][   T30]  ? __pfx___nla_validate_parse+0x10/0x10
[  432.413034][   T30]  ? hlock_class+0x4e/0x130
[  432.417581][   T30]  ? inet_rtm_newaddr+0x316/0x1560
[  432.439226][   T30]  ? rtnl_lock+0x9/0x20
[  432.443424][   T30]  inet_rtm_newaddr+0x316/0x1560
[  432.448376][   T30]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  432.487487][   T30]  ? find_held_lock+0x2d/0x110
[  432.492311][   T30]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  432.560158][   T30]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  432.566954][   T30]  rtnetlink_rcv_msg+0x95b/0xea0
[  432.620862][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  432.626383][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  432.781391][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  432.788021][   T30]  ? __pfx_sock_has_perm+0x10/0x10
[  432.796842][   T30]  ? __lock_acquire+0xcc5/0x3c40
[  432.801822][   T30]  netlink_rcv_skb+0x16b/0x440
[  432.845361][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  432.850878][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  432.877646][   T30]  ? netlink_deliver_tap+0x1ae/0xd30
[  432.882999][   T30]  netlink_unicast+0x53c/0x7f0
[  432.887797][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  432.941669][   T30]  netlink_sendmsg+0x8b8/0xd70
[  432.946490][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  432.951814][   T30]  __sys_sendto+0x488/0x4f0
[  432.989323][   T30]  ? __pfx___sys_sendto+0x10/0x10
[  432.994410][   T30]  ? reacquire_held_locks+0x20b/0x4c0
[  433.005787][   T30]  ? do_user_addr_fault+0xdc7/0x13f0
[  433.011156][   T30]  __x64_sys_sendto+0xe0/0x1c0
[  433.015950][   T30]  ? do_syscall_64+0x91/0x250
[  433.048153][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  433.062529][   T30]  do_syscall_64+0xcd/0x250
[  433.067090][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.088030][   T30] RIP: 0033:0x7f11a3387bbc
[  433.101929][   T30] RSP: 002b:00007fff01870930 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  433.110458][   T30] RAX: ffffffffffffffda RBX: 00007f11a40a4620 RCX: 00007f11a3387bbc
[  433.140697][   T30] RDX: 0000000000000028 RSI: 00007f11a40a4670 RDI: 0000000000000003
[  433.153331][   T30] RBP: 0000000000000000 R08: 00007fff01870984 R09: 000000000000000c
[  433.178140][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  433.186139][   T30] R13: 0000000000000000 R14: 00007f11a40a4670 R15: 0000000000000000
[  433.212785][   T30]  </TASK>
[  433.219576][   T30] INFO: task syz-executor:8431 blocked for more than 144 seconds.
[  433.248567][   T30]       Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  433.267403][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  433.291001][   T30] task:syz-executor    state:D stack:27120 pid:8431  tgid:8431  ppid:1      flags:0x00000004
[  433.312386][   T30] Call Trace:
[  433.315703][   T30]  <TASK>
[  433.323360][   T30]  __schedule+0xe58/0x5ad0
[  433.342849][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  433.358524][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  433.363760][   T30]  ? __pfx___schedule+0x10/0x10
[  433.368637][   T30]  ? schedule+0x298/0x350
[  433.390650][   T30]  ? __pfx_lock_release+0x10/0x10
[  433.395711][   T30]  ? __mutex_trylock_common+0x78/0x250
[  433.401196][   T30]  ? lock_acquire+0x2f/0xb0
[  433.430553][   T30]  ? schedule+0x1fd/0x350
[  433.448871][   T30]  schedule+0xe7/0x350
[  433.453231][   T30]  schedule_preempt_disabled+0x13/0x30
[  433.465480][   T30]  __mutex_lock+0x62b/0xa60
[  433.470016][   T30]  ? inet_rtm_newaddr+0x316/0x1560
[  433.475151][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  433.500855][   T30]  ? __pfx___nla_validate_parse+0x10/0x10
[  433.506610][   T30]  ? hlock_class+0x4e/0x130
[  433.529279][   T30]  ? inet_rtm_newaddr+0x316/0x1560
[  433.548911][   T30]  ? rtnl_lock+0x9/0x20
[  433.560983][   T30]  inet_rtm_newaddr+0x316/0x1560
[  433.577303][   T30]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  433.593738][   T30]  ? find_held_lock+0x2d/0x110
[  433.598625][   T30]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  433.604038][   T30]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  433.629867][   T30]  rtnetlink_rcv_msg+0x95b/0xea0
[  433.634846][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  433.654966][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  433.672156][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  433.677385][   T30]  ? __pfx_sock_has_perm+0x10/0x10
[  433.698805][   T30]  ? __lock_acquire+0xcc5/0x3c40
[  433.709678][   T30]  netlink_rcv_skb+0x16b/0x440
[  433.726172][   T30]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  433.731682][   T30]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  433.753785][   T30]  ? netlink_deliver_tap+0x1ae/0xd30
[  433.764933][   T30]  netlink_unicast+0x53c/0x7f0
[  433.771125][   T30]  ? __pfx_netlink_unicast+0x10/0x10
[  433.796194][   T30]  netlink_sendmsg+0x8b8/0xd70
[  433.809782][   T30]  ? __pfx_netlink_sendmsg+0x10/0x10
[  433.815119][   T30]  __sys_sendto+0x488/0x4f0
[  433.833696][   T30]  ? __pfx___sys_sendto+0x10/0x10
[  433.838760][   T30]  ? reacquire_held_locks+0x20b/0x4c0
[  433.850345][   T30]  ? do_user_addr_fault+0xdc7/0x13f0
[  433.855694][   T30]  __x64_sys_sendto+0xe0/0x1c0
[  433.860485][   T30]  ? do_syscall_64+0x91/0x250
[  433.887178][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  433.892428][   T30]  do_syscall_64+0xcd/0x250
[  433.919270][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.935994][   T30] RIP: 0033:0x7f59b0587bbc
[  433.940442][   T30] RSP: 002b:00007ffd0a261690 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  433.968232][   T30] RAX: ffffffffffffffda RBX: 00007f59b12a4620 RCX: 00007f59b0587bbc
[  433.976238][   T30] RDX: 0000000000000028 RSI: 00007f59b12a4670 RDI: 0000000000000003
[  434.010802][   T30] RBP: 0000000000000000 R08: 00007ffd0a2616e4 R09: 000000000000000c
[  434.018841][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  434.053396][   T30] R13: 0000000000000000 R14: 00007f59b12a4670 R15: 0000000000000000
[  434.061429][   T30]  </TASK>
[  434.085653][   T30] 
[  434.085653][   T30] Showing all locks held in the system:
[  434.093390][   T30] 3 locks held by kworker/u8:0/11:
[  434.123224][   T30]  #0: ffff88803166e148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  434.165982][   T30]  #1: ffffc90000107d80 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  434.192416][   T30]  #2: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0xcf/0x14d0
[  434.201878][   T30] 4 locks held by kworker/u8:1/12:
[  434.231300][   T30]  #0: ffff88801beeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  434.260606][   T30]  #1: ffffc90000117d80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  434.286957][   T30]  #2: ffffffff8fec6d10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xbb/0xbd0
[  434.315619][   T30]  #3: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: cangw_pernet_exit_batch+0x15/0xa0
[  434.347870][   T30] 4 locks held by ksoftirqd/0/16:
[  434.352949][   T30] 1 lock held by khungtaskd/30:
[  434.357806][   T30]  #0: ffffffff8e1bb900 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390
[  434.395513][   T30] 3 locks held by kworker/1:2/2148:
[  434.400737][   T30]  #0: ffff88801b078948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  434.434939][   T30]  #1: ffffc9000592fd80 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  434.462206][   T30]  #2: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20
[  434.500697][   T30] 1 lock held by klogd/5179:
[  434.506986][   T30] 1 lock held by dhcpcd/5484:
[  434.511683][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_deladdr+0x15e/0x7c0
[  434.543139][   T30] 2 locks held by getty/5575:
[  434.560715][   T30]  #0: ffff88814d5de0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  434.591556][   T30]  #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480
[  434.616507][   T30] 3 locks held by kworker/1:5/5890:
[  434.639692][   T30]  #0: ffff88801b079948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  434.668141][   T30]  #1: ffffc900041a7d80 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  434.692302][   T30]  #2: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x84/0x1130
[  434.708640][   T30] 3 locks held by kworker/u8:11/6116:
[  434.714032][   T30] 3 locks held by kworker/u8:19/6177:
[  434.735976][   T30]  #0: ffff88801b081148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  434.765618][   T30]  #1: ffffc90003367d80 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  434.787646][   T30]  #2: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0
[  434.800464][   T30] 2 locks held by syz.2.519/8284:
[  434.817283][   T30] 1 lock held by syz.4.536/8356:
[  434.822239][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  434.850492][   T30] 2 locks held by syz-executor/8371:
[  434.865703][   T30]  #0: ffffffff8fec6d10 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x292/0x6c0
[  434.930216][   T30]  #1: ffffffff8fb253b0 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x234/0x530
[  434.939941][   T30] 1 lock held by syz.0.554/8415:
[  435.001650][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  435.011026][   T30] 1 lock held by syz-executor/8418:
[  435.026474][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x5d9/0x1d60
[  435.035595][   T30] 2 locks held by syz-executor/8429:
[  435.058378][   T30] 1 lock held by syz-executor/8494:
[  435.063601][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.111846][   T30] 1 lock held by syz.7.564/8502:
[  435.116817][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x372/0xea0
[  435.154571][   T30] 1 lock held by syz-executor/8504:
[  435.159801][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.190671][   T30] 1 lock held by syz-executor/8509:
[  435.206567][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.218216][   T30] 1 lock held by syz-executor/8512:
[  435.228440][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.243867][   T30] 1 lock held by syz-executor/8515:
[  435.249078][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.267116][   T30] 1 lock held by syz-executor/8518:
[  435.273505][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.288927][   T30] 1 lock held by syz-executor/8524:
[  435.295382][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.313107][   T30] 1 lock held by syz-executor/8531:
[  435.323886][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.340965][   T30] 1 lock held by syz-executor/8536:
[  435.346174][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.361647][   T30] 1 lock held by syz-executor/8539:
[  435.366866][   T30]  #0: ffffffff8fedc908 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x316/0x1560
[  435.378598][   T30] 
[  435.452835][   T30] =============================================
[  435.452835][   T30] 
[  435.489016][   T30] NMI backtrace for cpu 1
[  435.493366][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  435.503875][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  435.513935][   T30] Call Trace:
[  435.517215][   T30]  <TASK>
[  435.520156][   T30]  dump_stack_lvl+0x116/0x1f0
[  435.524849][   T30]  nmi_cpu_backtrace+0x27b/0x390
[  435.529799][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  435.535789][   T30]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  435.541868][   T30]  watchdog+0xf14/0x1240
[  435.546127][   T30]  ? __pfx_watchdog+0x10/0x10
[  435.550812][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  435.556024][   T30]  ? __kthread_parkme+0x148/0x220
[  435.561064][   T30]  ? __pfx_watchdog+0x10/0x10
[  435.565753][   T30]  kthread+0x2c1/0x3a0
[  435.569830][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  435.575040][   T30]  ? __pfx_kthread+0x10/0x10
[  435.579644][   T30]  ret_from_fork+0x45/0x80
[  435.584079][   T30]  ? __pfx_kthread+0x10/0x10
[  435.588687][   T30]  ret_from_fork_asm+0x1a/0x30
[  435.593479][   T30]  </TASK>
[  435.597451][   T30] Sending NMI from CPU 1 to CPUs 0:
[  435.602672][    C0] NMI backtrace for cpu 0
[  435.602684][    C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  435.602706][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  435.602717][    C0] RIP: 0010:__skb_flow_dissect+0xde8/0x7ab0
[  435.602745][    C0] Code: ff ff e8 8b 37 92 f8 90 0f 0b 90 e9 14 f6 ff ff 4c 89 e8 66 41 81 fe 08 06 4d 89 fd 49 89 c7 0f 84 82 f7 ff ff e9 99 f9 ff ff <66> 41 81 fe 81 00 0f 84 e1 06 00 00 66 41 81 fe 89 02 0f 85 15 09
[  435.602762][    C0] RSP: 0018:ffffc90000156c80 EFLAGS: 00000287
[  435.602778][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8907d50e
[  435.602790][    C0] RDX: ffff88801d6c0000 RSI: 000000000000fb88 RDI: 0000000000000003
[  435.602802][    C0] RBP: ffffc900001570b0 R08: 0000000000000003 R09: 000000000000fb88
[  435.602816][    C0] R10: 0000000000000008 R11: 0000000000000002 R12: 0000000000000000
[  435.602827][    C0] R13: ffffffff8da97740 R14: 0000000000000008 R15: ffff8880abba83c0
[  435.602840][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  435.602858][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  435.602871][    C0] CR2: 0000001b3270dff8 CR3: 000000000df7e000 CR4: 00000000003526f0
[  435.602884][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  435.602895][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  435.602911][    C0] Call Trace:
[  435.602917][    C0]  <NMI>
[  435.602924][    C0]  ? nmi_cpu_backtrace+0x1d8/0x390
[  435.602945][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  435.602963][    C0]  ? nmi_handle+0x1ac/0x5d0
[  435.602989][    C0]  ? __skb_flow_dissect+0xde8/0x7ab0
[  435.603011][    C0]  ? default_do_nmi+0x6a/0x160
[  435.603029][    C0]  ? exc_nmi+0x170/0x1e0
[  435.603046][    C0]  ? end_repeat_nmi+0xf/0x53
[  435.603071][    C0]  ? __skb_flow_dissect+0x50e/0x7ab0
[  435.603090][    C0]  ? __skb_flow_dissect+0xde8/0x7ab0
[  435.603112][    C0]  ? __skb_flow_dissect+0xde8/0x7ab0
[  435.603133][    C0]  ? __skb_flow_dissect+0xde8/0x7ab0
[  435.603154][    C0]  </NMI>
[  435.603159][    C0]  <TASK>
[  435.603165][    C0]  ? hlock_class+0x4e/0x130
[  435.603188][    C0]  ? mark_lock+0xb5/0xc60
[  435.603209][    C0]  ? __pfx___skb_flow_dissect+0x10/0x10
[  435.603229][    C0]  ? hlock_class+0x4e/0x130
[  435.603251][    C0]  ? mark_lock+0xb5/0xc60
[  435.603270][    C0]  ? __pfx_mark_lock+0x10/0x10
[  435.603291][    C0]  ? __pfx_mark_lock+0x10/0x10
[  435.603309][    C0]  ? netif_rx_internal+0x10f/0x5f0
[  435.603329][    C0]  ? __pfx_netif_rx_internal+0x10/0x10
[  435.603351][    C0]  ? hlock_class+0x4e/0x130
[  435.603376][    C0]  ? __lock_acquire+0xcc5/0x3c40
[  435.603401][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  435.603425][    C0]  ? rcu_is_watching+0x12/0xc0
[  435.603450][    C0]  ? trace_fib_table_lookup+0x1b0/0x230
[  435.603478][    C0]  ? find_held_lock+0x2d/0x110
[  435.603523][    C0]  ? fib_lookup.constprop.0+0x205/0x530
[  435.603552][    C0]  ? find_held_lock+0x2d/0x110
[  435.603580][    C0]  ? ip_route_output_key_hash+0x162/0x2e0
[  435.603607][    C0]  ? __pfx_lock_release+0x10/0x10
[  435.603629][    C0]  ? ip_route_output_key_hash_rcu+0xdf7/0x2770
[  435.603658][    C0]  ? __xfrm_decode_session+0xea/0xd20
[  435.603678][    C0]  __xfrm_decode_session+0xea/0xd20
[  435.603703][    C0]  ? __pfx___xfrm_decode_session+0x10/0x10
[  435.603732][    C0]  ? lock_acquire+0x2f/0xb0
[  435.603756][    C0]  ip_route_me_harder+0x89f/0x12f0
[  435.603779][    C0]  ? __pfx_ip_route_me_harder+0x10/0x10
[  435.603799][    C0]  ? rcu_is_watching+0x12/0xc0
[  435.603831][    C0]  ? __pfx_cookie_hash+0x10/0x10
[  435.603858][    C0]  synproxy_send_tcp.isra.0+0x2fa/0x630
[  435.603883][    C0]  synproxy_send_client_synack+0x6f7/0x900
[  435.603914][    C0]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  435.603940][    C0]  nft_synproxy_do_eval+0xa49/0xd60
[  435.603966][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  435.603989][    C0]  ? hlock_class+0x4e/0x130
[  435.604011][    C0]  ? mark_lock+0xb5/0xc60
[  435.604028][    C0]  ? find_held_lock+0x2d/0x110
[  435.604051][    C0]  ? hlock_class+0x4e/0x130
[  435.604074][    C0]  ? hlock_class+0x4e/0x130
[  435.604098][    C0]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  435.604121][    C0]  nft_do_chain+0x2e6/0x18f0
[  435.604144][    C0]  ? mark_lock+0xb5/0xc60
[  435.604163][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  435.604186][    C0]  ? __local_bh_enable_ip+0xa4/0x120
[  435.604210][    C0]  ? __local_bh_enable_ip+0xa4/0x120
[  435.604231][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  435.604261][    C0]  nft_do_chain_inet+0x18b/0x350
[  435.604283][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  435.604305][    C0]  ? __pfx_ipt_do_table+0x10/0x10
[  435.604327][    C0]  ? nf_nat_ipv4_local_in+0x181/0x720
[  435.604355][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  435.604376][    C0]  nf_hook_slow+0xbb/0x200
[  435.604394][    C0]  nf_hook.constprop.0+0x42e/0x750
[  435.604412][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  435.604432][    C0]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  435.604449][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  435.604468][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  435.604491][    C0]  ip_local_deliver+0x169/0x1f0
[  435.604508][    C0]  ? __pfx_ip_local_deliver+0x10/0x10
[  435.604527][    C0]  ip_rcv+0x2c3/0x5d0
[  435.604544][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  435.604560][    C0]  __netif_receive_skb_one_core+0x199/0x1e0
[  435.604585][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  435.604609][    C0]  ? rcu_is_watching+0x12/0xc0
[  435.604633][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  435.604654][    C0]  ? process_backlog+0x3f1/0x15f0
[  435.604678][    C0]  ? process_backlog+0x3f1/0x15f0
[  435.604699][    C0]  __netif_receive_skb+0x1d/0x160
[  435.604722][    C0]  process_backlog+0x443/0x15f0
[  435.604747][    C0]  __napi_poll.constprop.0+0xb7/0x550
[  435.604772][    C0]  net_rx_action+0xa94/0x1010
[  435.604798][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  435.604822][    C0]  ? sched_balance_domains+0x285/0xec0
[  435.604843][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  435.604863][    C0]  ? sched_clock+0x38/0x60
[  435.604888][    C0]  ? sched_clock_cpu+0x6d/0x4d0
[  435.604918][    C0]  handle_softirqs+0x213/0x8f0
[  435.604941][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  435.604963][    C0]  ? rcu_is_watching+0x12/0xc0
[  435.604986][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  435.605006][    C0]  ? smpboot_thread_fn+0x59d/0xa30
[  435.605029][    C0]  run_ksoftirqd+0x3a/0x60
[  435.605048][    C0]  smpboot_thread_fn+0x661/0xa30
[  435.605071][    C0]  ? __kthread_parkme+0x148/0x220
[  435.605094][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  435.605117][    C0]  kthread+0x2c1/0x3a0
[  435.605138][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  435.605158][    C0]  ? __pfx_kthread+0x10/0x10
[  435.605180][    C0]  ret_from_fork+0x45/0x80
[  435.605197][    C0]  ? __pfx_kthread+0x10/0x10
[  435.605219][    C0]  ret_from_fork_asm+0x1a/0x30
[  435.605249][    C0]  </TASK>
[  436.468619][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  436.475500][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00258-ge84a3bf7f4aa #0
[  436.486008][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  436.496064][   T30] Call Trace:
[  436.499340][   T30]  <TASK>
[  436.502271][   T30]  dump_stack_lvl+0x3d/0x1f0
[  436.506879][   T30]  panic+0x71d/0x800
[  436.510788][   T30]  ? __pfx_panic+0x10/0x10
[  436.515219][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  436.520607][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  436.526591][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  436.531978][   T30]  ? watchdog+0xd7e/0x1240
[  436.536401][   T30]  ? watchdog+0xd71/0x1240
[  436.540826][   T30]  watchdog+0xd8f/0x1240
[  436.545078][   T30]  ? __pfx_watchdog+0x10/0x10
[  436.549759][   T30]  ? lockdep_hardirqs_on+0x7c/0x110
[  436.554967][   T30]  ? __kthread_parkme+0x148/0x220
[  436.560006][   T30]  ? __pfx_watchdog+0x10/0x10
[  436.564690][   T30]  kthread+0x2c1/0x3a0
[  436.568766][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  436.573976][   T30]  ? __pfx_kthread+0x10/0x10
[  436.578575][   T30]  ret_from_fork+0x45/0x80
[  436.583002][   T30]  ? __pfx_kthread+0x10/0x10
[  436.587606][   T30]  ret_from_fork_asm+0x1a/0x30
[  436.592391][   T30]  </TASK>
[  436.595633][   T30] Kernel Offset: disabled
[  436.599937][   T30] Rebooting in 86400 seconds..