last executing test programs:

3m33.742315004s ago: executing program 2 (id=53):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x4000850)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8923, &(0x7f0000000040)={'bond0\x00', 0x1001})
sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x81)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000c5e9abdb17bd8f26356887bcd2f78aeec77d079ed499cf32e3ac447e64f4dd0cbc510a7bc28fdd1a11905e4318e1db9ed93fbdf59ce2710d9ae7be87f82c647d98c6501b59666500000002904a5d79aed38d8a071d176f95daef0bce85efbb111f2d118175000000010100000000000000d8cce1fc88a333a08d964e29718cbba0239c0eaaecdf57c1bcfa6270d1f383eedd515713d1c48ed7e976b80cf0d9e60e1d359fa02a1cdd4ed4b27275bae516be6b4aef0cb030c23b8b05c7742ade4eaa66084820ac46c0672e253fac91bc36fde2473bf66bba7145c4d241d53d50ff7f0000000000005236b941f8f4232fc063d3f7d449e0d00f381502eb01ea1e54096eddf872dc277456edbc0519dbf7bd9308d8b2be27c894b9ce66c37d153af8872aa5356aecff710cc8247f21e2a3cf1011ff0e0e489837991a25dd89828f85d1477c25329a683ca60a192195a8b6ecde5ac6e210f85a8592f6c90535140517e8fd7052fdee8266d518ae9fdf927ca71053fc2898a00fc66d58acf7d1a13a8a519f08a4e87abf666fa9923173f6c38edf08e6ed56acee6f1ab94e0770f3e2397c63dc8c4476f6b373dc7ea47fb54a5ff3842bb201a8fd0b90eac6597a0fc9d8be2adea17e831b30b90f49f5300c58c82b2bb0081340e0426f7cb6c267d8a01fb1fdf03fb9f917553aedcf4d4ba6f48d96e71b1dd600000000952d11f20000000000000000000000000000000000000000000070993da90a2af1da51ff57855ebbf4d865b578325b7770a681f52707176b60c624d18220922e73"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='sched_switch\x00', r5, 0x0, 0xed}, 0x18)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x3c1, 0x3, 0x560, 0x0, 0xffffff80, 0x178, 0x900, 0x178, 0x490, 0x230, 0x258, 0x490, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x308, 0x330, 0x340, {0x1e0002a8, 0x7203000000000c00}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}]}}, @common=@unspec=@cluster={{0x30}}]}, @common=@unspec=@AUDIT={0x28}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_bridge\x00', 'geneve1\x00'}, 0x0, 0x100, 0x160, 0x0, {}, [@common=@ah={{0x30}}, @common=@ipv6header={{0x28}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@private0, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, 0x0}, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r7}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
socket$pppoe(0x18, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)

3m32.821727075s ago: executing program 2 (id=54):
syz_open_dev$ndb(0x0, 0x0, 0x400840)
r0 = dup(0xffffffffffffffff)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0xffffffff80000000, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4d811}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x20}}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x40}, 0x1, 0x0, 0x0, 0x51}, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, &(0x7f0000000200)={0x6a74, <r5=>0xffffffffffffffff, 0x3})
write$6lowpan_enable(r5, &(0x7f0000000000)='1', 0x1)
getpid()
r6 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1fffff, 0x8, 0x0, 0x314}, &(0x7f0000000180)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x4000000000000, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x41, 0x3, 0x208, 0x0, 0x19, 0x0, 0x0, 0x0, 0x170, 0x1f0, 0x1f0, 0x170, 0x1f0, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'wlan1\x00', 'wg1\x00'}, 0x0, 0xc0, 0xe0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@inet=@ecn={{0x28}, {0x0, 0x2}}, @inet=@rpfilter={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@ip={@broadcast, @remote, 0x0, 0x0, 'veth0_vlan\x00', 'bond_slave_1\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x268)
io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x13, r10, 0x0)
ioctl$FS_IOC_RESVSP(r10, 0x40305829, &(0x7f0000000100)={0x1100, 0x0, 0x800, 0x10000})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r11 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r11, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000500)="12", 0x1}], 0x1}, 0x0)
recvmsg$kcm(r11, &(0x7f0000000ac0)={0x0, 0xfffffffffffffea2, 0x0, 0xffffffffffffff4a}, 0x40010100)
r12 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)=ANY=[@ANYBLOB="130100003a982a08cd0ca310a223010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r12, 0x0, &(0x7f0000000a00)={0x18, &(0x7f0000000000)=ANY=[@ANYBLOB="0000060000004f982237babb9e7eb03638"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r12, 0x0, 0x0)

3m31.948276519s ago: executing program 2 (id=62):
open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @private}, 0xc)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'lo\x00', <r2=>0x0})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x4c, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @empty}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20008041}, 0x8190)
r4 = socket$packet(0x11, 0x2, 0x300)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc3400000000001090224"], 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x20, 0x12, 0xa01, 0x0, 0x0, {0x80}}, 0x26}}, 0x0)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x4}, 0x4)
r6 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r6, &(0x7f00000001c0)={0x11, 0x0, r2, 0x1, 0xff, 0x6, @link_local}, 0x14)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8)
r7 = socket$netlink(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000300)='vfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='iocha\x00\x80\x00\x00', &(0x7f0000000100)='io#har\xb9\xcaset\x03?\xb1\x1c\xe3o\xf9\t\xc7\xcaB#o\xf3\xb2\xc8\x1e\x94!\xdf\xe7^\xf4\xcd\xa8\xc9\xa8\xd9HG\x80_\x81U\xa9\xf4\xcf\"\xe6e\xe2\xc2\x1d\xf2\xfd\xb1\x06\xda\x90;\x8b0\xe3\x9b\xe0-\xa1\x92\x8f3\xc8|\xf5#\x00^\x97\x11\v\xe3\xffE\xf6JaN\xff{&\x02\x9fG\xe9\xf2\xeaCg\xb6\xca9\x1e\xcc\xe0Ar\x0fF\xbf\x97\xe1ix\x021\xc4\xc8\"\xea\xf6\xdf\x14D;?\x8b\xe8\xd1\f\xf1\xfb\xa62Y\xd2\x00oN\xb7N\xfaDo\x8c\x8a\x83\x06\x1e[\xecBF\x0e\x10OnT\xbb\x11\xdeq\xb0\xa0\r\xf3\xe5\x8a\x1d\xd8!;\xe0\xea\x9a\xfd?\xa1\xf0%9\xdcZ\x1bG\x1a\xf8\xc8\x012\xccx\xca\xaeT\x87\xab\'B\xb5\x83\a\x7f\xf8\xfa\xcdQ\xbct%u&\x8b\xb41\x16\x83^t\x1c=x<\x85\xe8\xdc\x82\xfc\x9f\xc0M\xc5Hm\xd0b\xfc\x16\xac\r:\x87\xdaA\xa3\x1aJ\x93u\x92\xb2\xa1\x81\xdej\x9c\xa6\x8d\xdd\xef\xb2\x10H\xd2D\x9ff+A\x06x\xf4\xbd\xb7o5\x80S\xfe\xd6:x\x80\xdfBY*R?U\x84\x1b\xaf\xdb\xfb7\x91\xd5\xeb\xe2\xcb\xc5D\f\xc7I\xbe\v\xb1\xd4\x9a\x89\xdc\t\xbaW\xa1\r\xb1\xfb4eM\xcf\x1c', 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)

3m29.698535447s ago: executing program 2 (id=68):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='hugetlbfs\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x1230023, &(0x7f0000000480)=ANY=[@ANYBLOB="6e725f696e236e75d53d672c00cc85b398c20a02c140e6aca3944d350fc6ab58f8047595f21f257fe94a9c6ed2287d21dfbe4b7b92c525c7c91e06122554655d2c7d3e73e12890f5bd9b43a5d9c16d88368cf63ca7e6da74622ec83fab8db36b602975dcb640215e1da187e28ea4f48429b2225bb7d0aea397e08d4cc49409012532fd895ab18f1a9d8ecfa92b4f464dd16335b4acf6af276ba8f3faf463cc6a94a3d91b"])
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netfilter\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
preadv(r3, &(0x7f0000001080)=[{&(0x7f0000000080)=""/32, 0x20}], 0x1, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="04130dfa"], 0x10)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x408100, 0x182, 0x2}, 0x18)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000002c0)=@o_path={&(0x7f0000000180)='./file0\x00', 0x0, 0x8, r0}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x3, 0x13, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xe0}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@call={0x85, 0x0, 0x0, 0x52}, @map_fd={0x18, 0x6, 0x1, 0x0, r4}, @alu={0x7, 0x0, 0xb, 0x7, 0x5, 0xfffffffffffffff8, 0xfffffffffffffffc}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x800000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff, @void, @value}, 0x94)

3m29.372686625s ago: executing program 2 (id=71):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
syslog(0x3, 0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = getpgid(0x0)
r4 = syz_pidfd_open(r3, 0x0)
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0xac63094eb3328933, 0x0)
pidfd_getfd(r4, r5, 0x0)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x20, r1, 0x7d243a6ea807936d, 0x0, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)

3m28.231058137s ago: executing program 2 (id=75):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x4800}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x58}}, 0x0)

3m28.087444772s ago: executing program 32 (id=75):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x4800}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x58}}, 0x0)

2m14.170038875s ago: executing program 3 (id=356):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000020000000010002"], 0x40}, 0x1, 0x0, 0x0, 0x1f}, 0x0)

2m13.967381855s ago: executing program 3 (id=358):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x19}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000029c0)=[{&(0x7f0000000180)="90885facfd72735d6a05232c53e659c78f4a64568710d09d", 0x18}, {&(0x7f0000000300)="1e0eb4bf65f6e6723f35c228f842010474716d26a3641070847e5ed15a952a5759fc1eec483aaf3b8c9b4693b9962419363318c1d1f2b75f4551c48ed1bad58f2c41", 0x42}, {&(0x7f00000003c0)="863aa402b37131162355d0129f21452956953490e1de4ef7aa012fe0211d89ebc6ff61fc19a5fe75ee579759ac8fe0fdfe5e3956323a5e7b248ddaa8d1598161", 0x40}, {&(0x7f0000000580)="7135d13175fd2e8babf39111e69dcd7c26fccd8eafc249785ea8e3df5039bb9cd00bbc4b3e77bd00b50967dbc419560275d7d1ba9d94f1c772f2fa4f3b292a7f20c5641792f0aa954ad2e49d7c857805941be02150dd484ea5144a5922f8b46cfb70e327b4bca6e8901ed9490bd4e11ccd5b21ab52783609f1effaa0e8770af2e892f772a1941af5531a97132d4bf0a9957dda9d254126a1bddd8f82dcf0a7261b1530bc1acb327dbbfd0771ba49af222d14095ca828d733d283537d96c76435abbeb35b1f49b95545f38f2ce5e6a480757647b8", 0xd4}, {&(0x7f0000000680)="27ad326b13d22314dc917436f817d9935b4841bc8431af42ef85a62872d7075b4f01701289d86725940fac51472495b2e8334fd7b49838ca48b41e04f92c1963e2dc5d663527f10687d2e567347cd9fecba79eaadadcff11e036431462284ad80bee4bfbe0fef8f5e015e5c452fb2bf28b8bcea17ab6ac86b9a782ceacce28f7c2a3af68d4227e94d6dfe806ebb4a9035c042eb1a3b8ae14e136dd524c8b6f1e05cbbe980d3ceedece876e185cd7f8be34736edfa1a88b4ea6543215829b5aca1e5f28fab26eedde7050c3f3180f9a8a87d870483b475c4f717b8574308e271732d529791f0243a95b20a08867c7ad4c0386b9dc1a0de12bbabcbb8f50f7038cd763fab2f522cc59e4b5389f3ffa387b4e981b590e78e393985aef45918e4130ec57662d05bee0eacf8acb39e108fc2191821932e37b90c66be5d43a2202fa24df2aeea8183ad2ddccfc26501b1d82e97682fda3908cbc269668b0335edf7e09deedc52796a1dc610dfadb428a5180e232b77d2cf9df5c324b134f43407788069b5de45003a1e880f8ef78b344a9fcb4a2b634c14e71effbbad2ad76b5adfe226105e70e02dc744ae4edf32991c34870d40e329a5d2792f054a55929b6f0c9c031266dbd1bcbd30a6f6bb849a87345ef15f144c67637e7f3728b30e443f658e82f9b22ca6a34fbc94be25fac29ed340fa850ae7384f3e35f77b6414cdbdffdb63df3815ac49118d3144cb42e30e512f9dff1fa0ddf411376ef6190d5c58021d9392c289d36fe200aaeae8bac5f5cc1bfecea5fd8e84e6d0318e39428e20adf2ff414d697", 0x244}], 0x5, 0x0, 0x0, 0x24000080}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
dup3(r5, r6, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0000000000000000ff0000000000000000d17d000000000000000000000000000000000000000000ffffffff0000000000000000000000000000001200000000000000000000000000080000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e72300000000000000000000000000079616d3000000001000000000000b40079616d30000000000000000000000000766574b7708ad56f5f7465616d0000000180c2000000000000000000aaaaaaaaaa000000000000000000b0000000b0000000e000000071756f746100000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000a0000000000000000000000415544495400000000000000000100000000000000000000000000000000000008"]}, 0x1d9)
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmmsg$alg(r8, &(0x7f0000003a80)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000001a80)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg$can_bcm(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)=""/47, 0x2f}], 0x1}, 0x40000000)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r9, 0x0, 0x80, &(0x7f0000000640)=@broute={'broute\x00', 0x20, 0x1, 0x170, [], 0x0, 0x0, 0x0}, 0x1e8)

2m13.119689242s ago: executing program 3 (id=361):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x80000)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r1, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1) (fail_nth: 8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

2m12.80004668s ago: executing program 3 (id=363):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x34)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0/file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffe000/0x1000)=nil)
r1 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000003980)={'filter\x00', 0x7, 0x4, 0x3e0, 0xf0, 0xf0, 0xf0, 0x2f8, 0x2f8, 0x2f8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0xa}}, {{@arp={@broadcast, @private, 0x0, 0x0, 0x0, 0x0, {@mac=@random="d9718e5629db"}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'hsr0\x00', 'vlan1\x00'}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x430)
capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340))
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
kexec_load(0x0, 0x1, &(0x7f00000004c0)=[{0x0, 0x0, 0x8}], 0x1)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x1415, 0x0, 0x1}, 0x10}}, 0x0)
ppoll(0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0x40086602, &(0x7f0000000080)={@desc={0x4000, 0x0, @auto="b8f92416074d3848"}})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000009b40)=@newtaction={0x4c, 0x30, 0x871a15abc695fb3d, 0x0, 0x25dfdbfe, {}, [{0x38, 0x1, [@m_tunnel_key={0x34, 0x8, 0x0, 0x0, {{0xf}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}]}]}, 0x4c}}, 0x10)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
sendmsg$inet6(r4, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="60000000000000002900b928c367764a3bc9c910fc02000000000000000000000000c9100000000000000000000000000000000107200000000006000000005747ee9a000000000000000000000000000000000000000000180000fb00000000290000000400eb00"/118], 0x78}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x70, 0x70, 0x9, [@enum={0x10, 0x8, 0x0, 0x6, 0x4, [{0x0, 0x100008}, {0x10, 0xfffffff0}, {0xa, 0x2}, {0x4}, {0xd}, {0x6, 0x2}, {0x8, 0x8001}, {0xc}]}, @fwd={0x1}, @type_tag={0x9, 0x0, 0x0, 0x12, 0x2}, @fwd={0xa}]}, {0x0, [0x30, 0x2e, 0x61, 0x61, 0x30, 0x0, 0x61]}}, &(0x7f0000000500)=""/150, 0x91, 0x96, 0x0, 0x10001, 0x0, @void, @value}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)

2m12.724631145s ago: executing program 3 (id=364):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
timerfd_create(0x1, 0x800)
socket$inet_mptcp(0x2, 0x1, 0x106)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff", @ANYRES16=r2, @ANYRESDEC], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

2m12.462918626s ago: executing program 3 (id=366):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00'})
ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x50}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b323675149783ec057ec6d6e8e600b9eced07ddcc56b77d8ea08223"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f0000000140)=0x5, 0x4)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r7, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r8, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r6}, 0x20)
sendto$inet(r6, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf408, 0x0, 0xf06)

2m11.943539351s ago: executing program 33 (id=366):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00'})
ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x1)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x50, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x3}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x50}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, 0x0, 0x0)
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b323675149783ec057ec6d6e8e600b9eced07ddcc56b77d8ea08223"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
setsockopt$inet_tcp_int(r6, 0x6, 0x19, &(0x7f0000000140)=0x5, 0x4)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r7, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r8, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r6}, 0x20)
sendto$inet(r6, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf408, 0x0, 0xf06)

8.748399939s ago: executing program 5 (id=860):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='map_files\x00')
lseek(r0, 0xffffff7efffffffe, 0x2)
r1 = io_uring_setup(0x1de0, &(0x7f00000007c0))
io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000000)=ANY=[@ANYBLOB="32040280"], 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = syz_open_dev$video4linux(0x0, 0x10000, 0x440)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x5, 0x80002, 0x4)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000440)={0x14, 0x0, &(0x7f0000000400)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000040)={0x2, 0x0, r6})
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200))
bpf$MAP_UPDATE_BATCH(0x1b, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={<r7=>0x0}, &(0x7f0000000080)=0xc)
r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SIOCNRDECOBS(r8, 0x89e2)
syz_open_procfs(r7, &(0x7f00000000c0)='mountstats\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.state\x00', 0x26e1, 0x0)

5.831899812s ago: executing program 5 (id=874):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in=@local, @in6=@mcast1}, {@in=@multicast1, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000}, {}, {}, 0x70bd26, 0x0, 0x2, 0x0, 0x0, 0x6a}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0)

5.62810788s ago: executing program 5 (id=876):
syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0xe8202)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000001600)='./file0\x00', 0x10, 0x1)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
unlinkat(r3, &(0x7f0000000040)='./file1\x00', 0x0)
open(&(0x7f00000002c0)='./bus\x00', 0x14927e, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f00000001c0)='asymmetric\x00', 0x0, 0x0, 0x0, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(r4, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_UNMAP(0xffffffffffffffff, 0x3b86, &(0x7f0000000240)={0x18, r5})

4.647603766s ago: executing program 5 (id=882):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x25b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x7, 0x5, 0x1, {0x22, 0x5e4}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x7f, 0x9}}}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xa, 0x7, 0x94, 0xff, 0x7}, 0x5, &(0x7f0000000080)={0x5, 0xf, 0x5}, 0x9, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x1409}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x407}}, {0x30, &(0x7f0000000140)=@string={0x30, 0x3, "5c7a08a642d2aec1de7268a640c47c0ec6ce8772b88e8e47fa77755a56c1c8c8bad6023323600c52688fb2b00b8c"}}, {0x61, &(0x7f0000000180)=@string={0x61, 0x3, "915ecce66318734d7ac9e984894c4d8ce1cda65dd8614b36de6218686a407ff9e7f0ed787b10284012645a0cdb2e1d7d654a4e38aae5ea5e9bfb1f9dd8a1aa55e1a6a1197bac69c5498fe69da72fcbaef52ac5e68993c0d4251719376379c8"}}, {0x1b, &(0x7f0000000200)=@string={0x1b, 0x3, "35f86f7c1355510c612c0a8f1561725cd589ab13898e37c3c0"}}, {0xa7, &(0x7f0000000240)=@string={0xa7, 0x3, "bae5bb33944f73cbed2b94b88f6ef10e358bcc7bf54c791d3537d72913b088cf41565c650acb39418104c362d9a6bc9e989d0c9ef5981f2f32c2294e4aae19f001354e1f5f09e97dad05398114be1cf057a635493011dcb61cc64c8167c843cdd95bcfa0e1506cd46fd56e8474fd3daa7ef92554c1ee00a85a5371fec488fefb96995cda2cf36e0361b4275d5fcc68e3de554524660da84f2e12f3f36268775879fd9db234"}}, {0x13, &(0x7f0000000300)=@string={0x13, 0x3, "8d264a0e3abebe96cb004c35acd82f3298"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x2809}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x860}}]})
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000480), 0x44882, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f00000004c0))
ioctl$BTRFS_IOC_DEFRAG_RANGE(r1, 0x40309410, &(0x7f0000000500)={0x87e, 0x7, 0x2, 0x7, 0x3, [0x200, 0xf, 0x1, 0x5]})
pipe(&(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet(0x2, 0xa, 0x1)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r3, 0xf50f, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000580)=@assoc_value={<r5=>0x0}, &(0x7f00000005c0)=0x8)
r6 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r6, &(0x7f0000000600)={{0x7f, 0x45, 0x4c, 0x46, 0xe0, 0xb, 0x0, 0x3, 0xff, 0x2, 0x3, 0x2, 0x22d, 0x40, 0x123, 0xc, 0xfffa, 0x38, 0x1, 0x50f2, 0x10, 0x40}, [{0x2, 0x400, 0x1, 0xbe, 0x1, 0x8001, 0x7, 0xcace}], "7f2292136631e85a97457533a1f7a209638fdd2ccbad86462c906d46b9703776b0a8eee951d95544ae06afa5a2824a705f94"}, 0xaa)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000006c0)={r5, 0x2c8}, 0x8)
r7 = msgget(0x2, 0x2)
msgctl$IPC_RMID(r7, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x101000)
getsockopt$netrom_NETROM_T1(r1, 0x103, 0x1, &(0x7f0000000740), &(0x7f0000000780)=0x4)
syz_usb_control_io(r0, &(0x7f0000000900)={0x2c, &(0x7f00000007c0)={0x20, 0x3, 0x3a, {0x3a, 0xf, "04a5edd6d8ba7213f1e60f536942d10022704eee8ab9b2efc9ad275810d3cad2c1f86bd646601b1acb04c350df469ffd572b97f5d6363ed5"}}, &(0x7f0000000800)={0x0, 0x3, 0xe, @string={0xe, 0x3, "6087afaaff15f82059eb6746"}}, &(0x7f0000000840)={0x0, 0xf, 0x23, {0x5, 0xf, 0x23, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "f6b1f77fc3ccee5d51565b4e56094182"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xb, 0x6, 0x0, 0x2}]}}, &(0x7f0000000880)={0x20, 0x29, 0xf, {0xf, 0x29, 0x7, 0x2, 0x2, 0x1, "4a6870de", "83a777ad"}}, &(0x7f00000008c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x18, 0x34, 0xb3, 0x81, 0x7, 0x7fff}}}, &(0x7f0000000d40)={0x84, &(0x7f0000000940)={0x0, 0x30, 0x1f, "e33da18fa3a309e024d2d69cc0ab3e86faf8801aaf42cb79dd9376f247460a"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0xf8}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x0, 0x2}}, &(0x7f0000000a40)={0x20, 0x0, 0x8, {0xe0, 0x40, [0xf]}}, &(0x7f0000000a80)={0x40, 0x7, 0x2, 0xf4}, &(0x7f0000000ac0)={0x40, 0x9, 0x1, 0x2}, &(0x7f0000000b00)={0x40, 0xb, 0x2, "fa09"}, &(0x7f0000000b40)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000b80)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000bc0)={0x40, 0x17, 0x6, @random="4fbbcab82c53"}, &(0x7f0000000c00)={0x40, 0x19, 0x2, "28da"}, &(0x7f0000000c40)={0x40, 0x1a, 0x2, 0x859}, &(0x7f0000000c80)={0x40, 0x1c, 0x1, 0x4}, &(0x7f0000000cc0)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000d00)={0x40, 0x21, 0x1}})
r8 = pidfd_getfd(r3, r3, 0x0)
sendmsg$nl_route_sched_retired(r8, &(0x7f0000001040)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000001000)={&(0x7f0000000e40)=@newqdisc={0x19c, 0x24, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xa, 0xffff}, {0xfff3, 0x15}, {0xffe0, 0x2}}, [@q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x8}]}}, @q_dsmark={{0xb}, {0x4c, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0xc}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x8}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x8}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1a}]}}, @q_dsmark={{0xb}, {0x1c, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xf9a7}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x7}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x20}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x7fb2}]}}, @q_dsmark={{0xb}, {0x1c, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x2}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x12}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x12}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x30}]}}, @q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x36}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x39}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x11}]}}, @q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x81}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x2}]}}]}, 0x19c}, 0x1, 0x0, 0x0, 0x4040080}, 0xc010)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000001080))
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001100), r3)
sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000001200)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000011c0)={&(0x7f0000001140)={0x48, r9, 0x200, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x233}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x41e}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x4, 0xff}}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xfff8}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000051}, 0x20040844)
syz_usb_connect$uac1(0x5, 0xe6, &(0x7f0000001240)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd4, 0x3, 0x1, 0x8b, 0x10, 0xf7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x8}, [@processing_unit={0xd, 0x24, 0x7, 0x6, 0x5, 0x9, "006e42792680"}, @feature_unit={0xf, 0x24, 0x6, 0x5, 0x3, 0x4, [0xa, 0xa, 0x6, 0xa], 0x4}, @selector_unit={0x7, 0x24, 0x5, 0x6, 0x8, "3312"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0xf3, 0x4, 0x3, "c2f6"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0xb1, 0x7, 0x2, "b7247c21"}, @as_header={0x7, 0x24, 0x1, 0x8, 0x7, 0x4}, @as_header={0x7, 0x24, 0x1, 0x4, 0x8, 0x7}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0xa, 0x1, 0x56, 0x10, "864296b11a"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0xff, {0x7, 0x25, 0x1, 0x0, 0x0, 0xfff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x38, 0x81, 0x1}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0xf, 0xc371, 0x4, "a12407c9284e7a13"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x8, 0x4}]}, {{0x9, 0x5, 0x82, 0x9, 0x268, 0xa8, 0x2, 0x3, {0x7, 0x25, 0x1, 0x1, 0x4, 0x1}}}}}}}]}}, &(0x7f0000001580)={0xa, &(0x7f0000001340)={0xa, 0x6, 0x0, 0x0, 0x8, 0xd, 0x10, 0x96}, 0x2a, &(0x7f0000001380)={0x5, 0xf, 0x2a, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xd9, "eae5300c89a21479e7411f658234b0bf"}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x8, 0x1, 0x432}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x1, 0x3}]}, 0x4, [{0x4, &(0x7f00000013c0)=@lang_id={0x4, 0x3, 0x403}}, {0x4, &(0x7f0000001400)=@lang_id={0x4, 0x3, 0x41b}}, {0xed, &(0x7f0000001440)=@string={0xed, 0x3, "6f04e1401089c7439f207dfee2572adbdc8350ff45c224f02317eb39668becd5a06f0fd21365ee2b2a3b7e5e4794bd3efba5a223cb61c122a36e1334b3b145c9f8d4818cb80913724051f59bef607a4fd2767546b044683e268b68ccd4b1e857d7fe8ac31e8841f3a93b4316c6ca15a9ed2ad513778c92d63ee09be0f916b09ebe9865a7785f36df6359648303a9b856a6fb01c55a36d9025c7a82df59b34e108397853500fb6a61d3944fbaa777005a83ce903d19874f3adbd98df19ca49f4803fe930ddedcb0a13aa808a33841f768714f45f6b93158861c4fe1264457ae5bc0f0b67b760c4fece2ed8b"}}, {0x4, &(0x7f0000001540)=@lang_id={0x4, 0x3, 0x280a}}]})
socket$netlink(0x10, 0x3, 0xb)
syz_genetlink_get_family_id$tipc(&(0x7f0000001600), r3)
socket$inet6(0xa, 0x4, 0x10000)
r10 = accept(r4, &(0x7f0000001640)=@rc={0x1f, @fixed}, &(0x7f00000016c0)=0x80)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000001700)=<r11=>0x0, &(0x7f0000001740)=0x4)
setsockopt$inet_mreqn(r10, 0x0, 0x23, &(0x7f0000001780)={@local, @broadcast, r11}, 0xc)
ioprio_set$uid(0x0, 0xffffffffffffffff, 0x4004)

4.548807837s ago: executing program 1 (id=884):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a300000000014000780080008400000000008001240200000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}, 0x1, 0x0, 0x0, 0x8000010}, 0x8000) (async)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a300000000014000780080008400000000008001240200000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}, 0x1, 0x0, 0x0, 0x8000010}, 0x8000)
syz_usb_control_io$printer(r0, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x0, 0x23, 0x52, {0x52, 0x24, "1e9a0b0247c1f5e7254b9306ce817dadda83a201d76ffb6214eb6a16233505fc4582fc7c9890ca9ce54a2d4fd817659cabe76b9cf9d5292999b454aad29b253406ad781b50d2c193db717109fe3095bb"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}}, &(0x7f00000003c0)={0x34, &(0x7f0000000240)={0x0, 0x18, 0x65, "266ce1a4c42bdbec2f89a4c20a267bdf9f923702b12bbf73dc8b40c5a34eac629f88e0c0d5af4f69e1c292b3b9821f4c75d17d41ab67386895ad4e841ced655a53be07bc21415da6b092539956fcf6fd8667be499afa4af7c3cd602c6ddacabf81c43efed9"}, &(0x7f0000000140)={0x0, 0xa, 0x1}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0x1}, &(0x7f00000002c0)={0x20, 0x0, 0x66, {0x64, "f38bde4ddfbaadfb436fb48476383ebe281329d268c764c7260cfe8072315f2a597493db1e8950515be7611688e3a712163152016f26adb8707b81aac474f14aa00530f9b57edd3d01c3123716259434b527acbc3964977b0d6f985e550f545d95d020a4"}}, &(0x7f0000000340)={0x20, 0x1, 0x1, 0x71}, &(0x7f0000000380)={0x20, 0x0, 0x1, 0x2}})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r4, 0x13)
ptrace(0x4206, r4)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000180)={0x40, 0x6, 0x4, "99095632"}, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000180)={0x40, 0x6, 0x4, "99095632"}, 0x0, 0x0, 0x0, 0x0, 0x0})

3.273328544s ago: executing program 4 (id=887):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x40}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7528e000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
recvmsg(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00)
sendmsg$tipc(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x73220c8b}], 0x1}, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x8b20, &(0x7f0000000240)={'wlan1\x00', @random})
r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r8, 0x40000000af01, 0x0)

2.351025447s ago: executing program 4 (id=892):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001160010100"/20, @ANYRES32=r3], 0x20}}, 0x20008040)

2.198559204s ago: executing program 4 (id=896):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b11d25a806c8c6f94f90424fc601000407a0a000600053582c137153e37000c1180fc0b2f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0xa}, 0x0)

2.092315583s ago: executing program 4 (id=897):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000e5c000)={0x2, 0x0, @remote}, 0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
ioctl$FS_IOC_GETFSMAP(r3, 0x40305839, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_timeval(r4, 0x1, 0x2, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, &(0x7f0000000000)=""/152, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r4, 0x4018f50b, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000002c0)={0x1, 0x2, 0x3, "64c5df933425daa7838d5ea3b8c184d43b00006591efe577a83f0e08e4ecd0d6", 0x30324c4a})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r6, &(0x7f0000000280)=ANY=[@ANYBLOB="0200080003850e00ffff1300060045c0002800660000070690780a010102ac1414aa4e234e21", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5102000090780046"], 0x36)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r7)
r8 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r8, 0xab0a, 0x1000001000104)

1.930749831s ago: executing program 1 (id=898):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x8, &(0x7f0000000600)=<r0=>0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x1000000, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}])

1.741755693s ago: executing program 5 (id=901):
ioperm(0x0, 0x8, 0x400)
syz_open_dev$sndctrl(&(0x7f0000000640), 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
getpid() (async)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x40020, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x40020, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = openat$incfs(0xffffffffffffff9c, &(0x7f00000000c0)='.log\x00', 0x1a0c0, 0x8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) (async)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x80, r6, 0x200, 0x0, 0x0, {0x2a}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000300)={'ip6_vti0\x00', &(0x7f0000000280)={'ip6tnl0\x00', <r7=>0x0, 0x29, 0x2, 0x6, 0x4000, 0x39, @loopback, @loopback, 0x10, 0x80, 0x81, 0x2}})
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000340)={&(0x7f0000000680)={0x868, r6, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x2fc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x6c, 0x4, "4e0da6611db983b9f5b84b7eae2a37f71afb9f21d00c22f495be02d996d8b92436fef6791e92893e8fed02938884e673e0eadde2ec007e91229dc8ff23e69af63e270dda85216254eb26eee9ed4cccb729c7763e0a30e22e344586e00a6e13120762fac48015b091"}, @ETHTOOL_A_BITSET_BITS={0x38, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xbd45}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x44, 0x4, "82c65eeed5f16a3ff629f8ebddc738db4ae8defbd772ef9389489d0496068a9c7ee7406b2edfbe5563f8f83fd9ad398bd91e8d25d552f5d77b85dd96c32ca7dd"}, @ETHTOOL_A_BITSET_BITS={0x88, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, '/dev/snd/controlC#\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, '/dev/snd/controlC#\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x47000}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '(&\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfff}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0xff, 0x4, "94bf492dd3e33fdf60934bb3ba56907f408d1a9fed1012e55ab1726872eb7ca04973090be2bf02b2ed01ab47027c838a427fbdacfd6b4c4cbfdb3579b55087aa2fd31060e10186b5d4cd949e12d57bb70652172bd2a466faf91660e91e996243750c44089a90be69ba34872015817a41852c0a0c0fefa8ef96c8bdd69131c5ed527a3ec5b8549c7b64f44005e9cca7aa74aeae2ce13dc09929470e3c3ef14fe5c8aed67e35fc82fcd395e2e71440dcf067f8e31c231ac64f63c69d18693d0cd9bc58d8c614e1e81327889d8d78348caf0167695c705ec6482af07a8ab0c87b2fd589add5483a6912145556c633e0af72f3a383c6c4e5735c6e3b8c"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x79, 0x4, "6a964a560de14fd37f7b332917b0c52cdfdf246e518255b366db8458c7faea9706bd055d8f61d469ec152a33d258fd0de3cf2fdf8d885d8df95692c40ef830cd626f6dcc45118e6a13212eb295e951e47ea66b557c53204b941fb61506d26304a006ff3db5179cde6defe0f5f7b446dfeb37b5796d"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x1d0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xe5, 0x5, "eb0cf652b736dc4932884e5eee623497efd945cc55f29ee82c3b0c9d01d3a8ff90533ffa1a05292b2fb18dd156a8ec15851c32e77e1aca796e4e394e4b03d91bb25cbfdcf1167698b2dbe6fd9c67d7c08eac663450a4dc698a13d4902ed0b5b8ea637ba157a4adb9af645230a410b0dfd4ff2aa799a4a303cb5c76c6cc8991d4f92dd7636582a5df4fe735cac52c74c424690ecb94fe0f82e5331f95bfa5f2b140677a2b0a73b6d7f8ed161961bb55bc34d8389a8f522940f599df71855ebb16a456ed1c36226d60d7b2c5efeb65cf3dd929904c87900c232a5d4e0296d5c8b178"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x28, 0x3, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0xa5, 0x4, "15f03c5e937c499e3774ba27621412a74a0d3d4868f95c50a5795b483df3f270e47032500eb704c812f0a09e5138e23cb5cfb24f01f84f5017393fb6ceee69defff99fba92a78a766886e3872d260d8474b7e73ee776940afcaf789ae193d8f59a974540a0725b613728ad49acae409b4dc2f787ff20ae11e94f8f8ff485ed1da1bbf12af386a38b60a5c25e53cace6a118a9e6c7b3ec51de37860a457f9bb2951"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x2c8, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xd0, 0x4, "1bb2074b0310760c41537e78f60e144e468773668a2aeccabd31a9f42d4bf67e19b15996aed0daf4abc21c3ec5f1586db2a56b6ea8142df176305ab68d1769b1dca8f4fddfff86aa3bc6f6efe3f564b50099d4dd7ddac2ea86eb003651614f8f0185cfd216fa9b08419fe07b8c24d6408976edf9313ff4b9bfbbd2ba27f65839301a3c93a0a69e6559b1ef025935fec49dbaaf8b5159743757160a0e3d1d254ab1846fce48b3f6482cdb8a3924bee0be5fa93ed8801d5c49cfa03f52f0b2d6666f04a9a2693b3238101e4290"}, @ETHTOOL_A_BITSET_VALUE={0xed, 0x4, "cdb5572894c44bb1469e1252106760b850ffa3e3ef159c3d5949c0bdf3460ba50d42100cc8431f5ed9b92652766842f3cce596b4560052fc3c903edbed2e2bd7c9aca1f02cac2fafb4562abbfe00b415c44c901a77745ac954d3527b4e8c53e263d26009f686017e23f6ed84957e8669642182178555232e16ab2c88da1eac43dbd4945eb77c9bba6672402343bb5b05b391fe0286662967f61d7a3a91b003188e34568e523cd9eb451bbff30418a8571803ea6e9d8735095a0a2ee21eba4d42c186a0ddee075fb502957cb57e3bb7902b93fb84aa82ee5bdf1dffdebc778293c0249efa02f7407b2c"}, @ETHTOOL_A_BITSET_BITS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x81}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1ff}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, '/dev/snd/controlC#\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x17, 0x5, "7ec7c09cbd15a0539ec19a6aef354b4e429950"}, @ETHTOOL_A_BITSET_MASK={0xb2, 0x5, "fd0236bcc9c2e9395fe9b1ca33105ede703521d13e171920099f804528e7011addffb838147edad09ccdee428c8e4f997010b8a54bbf56f331d9e201e8558bf47098b49e88c1b86053f50b338e3728e0dcf3175852bed31128d655f6d1b48edfe40a6af9cf1a325c8155728942ce6b3ebcebcd4398d35c236970b8ab615daf3c053182fdfff6290b0c1861b6be13c6c018175f14b890bfe8219793fa62423fa08626882acd55a5e58be06a7ed58c"}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x30, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x2b, 0x5, "5b1dbf9433f369548e4e12ed160580cd9a602fcf11b79aa883715d187f55269f071bfc58336028"}]}]}, 0x868}, 0x1, 0x0, 0x0, 0x24008800}, 0x4000)
shutdown(r3, 0x1)
ioctl$int_in(r3, 0x5452, &(0x7f0000000180)=0x401)
listen(r3, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETOFFLOAD(r8, 0x400454d0, 0x10) (async)
ioctl$TUNSETOFFLOAD(r8, 0x400454d0, 0x10)

1.741249097s ago: executing program 1 (id=902):
socket(0x2b, 0x1, 0xfffffffe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
prlimit64(r0, 0x6, 0x0, &(0x7f00000000c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
r4 = syz_open_procfs(r0, &(0x7f0000000080)='net/rt6_stats\x00')
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x0, 0x1a8, 0xb0, 0xffffffff, 0xffffffff, 0x2a0, 0x1a8, 0x2a0, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @dev, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x0, 0x70, 0xb0, 0x1ba, {0x46010000, 0x2c000000000000}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "6bc128419cfb67daad5b4809088400ed0000006c00000000000100040500"}}}, {{@uncond, 0x287, 0xd0, 0xf8, 0x0, {}, [@common=@unspec=@cpu={{0x28}}, @common=@unspec=@statistic={{0x38}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@inet=@set1={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)
ioctl$DRM_IOCTL_GET_STATS(r4, 0x80f86406, &(0x7f00000002c0)=""/183)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f00000003c0), 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)

1.741098451s ago: executing program 0 (id=903):
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x22001500, 0x0, 0x0, 0x0, {}, 0x0, 0x4000, 0x0, 0x0}, 0x58)

1.658888217s ago: executing program 0 (id=904):
r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x29, 0x1, 0x1, "3ad3cbcfd20f0b897fae83e997aa43ca6cf8a69a00", 0x34524742})

1.526005397s ago: executing program 0 (id=905):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
syz_open_procfs(0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @time={0x80000000, 0xef}, {}, {0x0, 0xfd}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}], 0x38)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000007000000850000000300000095"], 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
syz_io_uring_setup(0x24b9, 0x0, &(0x7f0000000080)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r5 = getpgrp(0xffffffffffffffff)
ptrace$setopts(0x4206, r5, 0x0, 0x20004f)
prlimit64(r5, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r9, 0x0, 0x20008804)

1.340256588s ago: executing program 6 (id=906):
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB='\n'], 0x48)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) (async, rerun: 64)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000240)="c4", 0x1, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @empty}, 0x1c)
shutdown(r1, 0x2) (async)
sendto$inet6(r1, &(0x7f0000000300)="6cf3", 0x2, 0x20000010, &(0x7f0000000000)={0xa, 0x4e21, 0x80, @dev={0xfe, 0x80, '\x00', 0xe}, 0x8}, 0x1c) (async)
futex(&(0x7f000000cffc)=0x4, 0x3, 0x4, &(0x7f000000b000), &(0x7f0000048000), 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) (rerun: 64)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcad, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async, rerun: 32)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) (rerun: 32)
write$UHID_CREATE2(r3, &(0x7f0000000800)=ANY=[], 0x118) (async, rerun: 64)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) (rerun: 64)
clock_nanosleep(0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f00000001c0)) (async)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r4, 0x541c, &(0x7f0000000000)) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0500000000f9ffffffff0500000008000300", @ANYRES32=r7], 0x24}}, 0x0)

1.129074442s ago: executing program 6 (id=907):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000002000000000a20000000000a01010000000000000000010000040900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d657461000000001400028008000140000000120800024000000019140000001100"], 0xd8}}, 0x80)

1.058814831s ago: executing program 6 (id=908):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20)
bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r2, 0x4)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448e0, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x9, &(0x7f0000000040)=0xffffffff, 0x4)
bind$bt_hci(r3, &(0x7f0000000240)={0x1f, 0x1}, 0x6)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x0, 0x11, r0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000300))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040))
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000200)={0xffffff80, 0x0, &(0x7f0000000680)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000000180)=[{&(0x7f0000000240)=""/52, 0x34}], 0x1, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000400), 0x1, 0x0)
r11 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r10, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000500)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000002bbce3c429628f5337d63b48ed1b42723568c8964afefad887038b45ea89695c78794b1a36b15d8b2207544a76f1e2bb7c5b6c5c698c19bff32e058a75228236581a68a052b8e67262375f576d7216813923ad78a7675e6c8973b15138b93d7a268f89bcf786f0ea3bfe02d4a9f55422f9814b340598c1e76f9ba2b6dca76196e9e539521b6edf49a67dd21f4cbf1cf11aa812a2910cf9a9921cd224c056392890a54a5d9fb7715758d1d916320fd61ffbcac944076750dd1bd5", @ANYRES16=r11, @ANYBLOB="00032abd7000fedbdf2501000000000000000c410000000c001473797a3100000000"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x8040)

778.252324ms ago: executing program 4 (id=909):
r0 = gettid()
timer_create(0x7, &(0x7f0000000040)={0x0, 0xc, 0x0, @tid=r0}, &(0x7f0000000080)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x77359400}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x367}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setparam(0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
accept4(r3, 0x0, 0x0, 0x0)
r4 = getpid()
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0)
pipe2$9p(&(0x7f0000000000)={<r5=>0xffffffffffffffff}, 0x0)
r6 = epoll_create1(0x80000)
kcmp$KCMP_EPOLL_TFD(r0, r4, 0x7, r6, &(0x7f0000000100)={r6, r5, 0x71fe2516}) (fail_nth: 1)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x10000000020016, 0x1)

777.876909ms ago: executing program 5 (id=910):
syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0xe8202)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4800)
write$P9_RVERSION(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030302e75"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
open(&(0x7f0000000180)='./file0\x00', 0x80, 0xc2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r6 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r6, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r7 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r7, &(0x7f0000000200)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)

777.523267ms ago: executing program 6 (id=911):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
tkill(r0, 0x27)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe0500000000000000000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x10, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000711048000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_open_procfs$pagemap(r0, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r4)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[@ANYRES32], 0x20)
r5 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x0, 0x4, {0x60, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6}]}, 0x38}}, 0x0)

560.439401ms ago: executing program 0 (id=912):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x44, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0xfeffffff}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @local}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @multicast2}]}, 0x44}, 0x1, 0x3f00}, 0x0)

529.514687ms ago: executing program 1 (id=913):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f00000000c0)=0x1)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001b00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x20001400)
r4 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r5, &(0x7f00000000c0), 0x12)
r6 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
mount$9p_tcp(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0xa848, &(0x7f0000000200)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@loose}, {@cachetag={'cachetag', 0x3d, '^'}}, {@access_any}], [{@obj_type={'obj_type', 0x3d, 'c'}}]}})
syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
ioctl$RTC_PIE_OFF(r4, 0x7006)
ioctl$VIDIOC_S_STD(0xffffffffffffffff, 0x40085618, &(0x7f00000002c0))
io_uring_enter(r6, 0x567, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r3, 0x40047451, 0x2000000a)
ioctl$TUNSETOFFLOAD(r3, 0x40047451, 0x20000015)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000001, 0xc3072, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000280)={0x0, @bt={0x5, 0xd, 0x1, 0x1, 0x2098, 0x4, 0x0, 0x200, 0xdad, 0xfffffffe, 0x67, 0x8, 0x3, 0x7, 0x4, 0x8, {0x5, 0x3}, 0xb1, 0x3}})

513.328022ms ago: executing program 4 (id=914):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000240)=@ready={0x0, 0x0, 0x8, "b326b0dc", {0x1, 0x8, 0x7, 0x9}})
ioperm(0x0, 0xba, 0x4)
msync(&(0x7f0000951000/0x2000)=nil, 0x2000, 0x2)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x10, &(0x7f0000000f40)={[{0xc, 0x4e00, "155038aad51c1e2bedcda6bd"}]})
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3ef4, 0x222000)
ioctl$EVIOCGABS3F(r1, 0x8018457f, &(0x7f0000000080)=""/84)
socket$tipc(0x1e, 0x2, 0x0)

452.299309ms ago: executing program 0 (id=915):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2$watch_queue(0x0, 0x80)
syz_open_dev$media(0x0, 0x3, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r1 = open$dir(&(0x7f0000000140)='./file0\x00', 0xc0a41, 0x0)
sendfile(r1, 0xffffffffffffffff, 0x0, 0x7ffff000)
socket$nl_generic(0x10, 0x3, 0x10)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x3)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)

428.651199ms ago: executing program 1 (id=916):
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = mq_open(&(0x7f00000000c0)=',):\x00', 0x40, 0xf4, 0x0)
lseek(r3, 0x0, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000001980))

400.358144ms ago: executing program 0 (id=917):
syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mremap(&(0x7f0000dde000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000bb3000/0x1000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x30, 0x10, 0x0, &(0x7f0000000240)='GPL\x00', 0x8, 0xb4, &(0x7f0000000140)=""/180, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x119)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000200)=0x8, 0x4)
bind$inet6(r3, &(0x7f0000f65000)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000000414010026bd7000ffdbdf2508000100000000000800"], 0x20}, 0x1, 0x0, 0x0, 0x20048001}, 0x20000000)
sendto$inet6(r3, 0x0, 0x0, 0x20000002, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c)
getsockopt$inet6_buf(r3, 0x29, 0x6, 0x0, &(0x7f0000000080))
ioctl$KVM_CAP_MAX_VCPU_ID(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x80, 0x0, 0x8000000000000001})

123.672254ms ago: executing program 1 (id=918):
r0 = socket(0x10, 0x2, 0x0)
write(r0, &(0x7f0000000800)="240000001e005f031420000000000000000004000100000000000800080008c013000000", 0x24)

57.180242ms ago: executing program 6 (id=919):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @local}}}}, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000500), 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r1, 0x40044103, 0xf0ff1f00000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f0000000300), 0x100040000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000001380)={0x0, 0x10, 0xf109, 0x8, 0x0, 0x4, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x15, 0x1, 0x0, 0xf0ffffff, {0x1}}, 0x14}}, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000040), 0x0)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getsockopt$X25_QBITINCL(r5, 0x106, 0x1, 0x0, &(0x7f0000000240)=0xfffffffffffffee0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0x1000a)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000200)=""/49, &(0x7f0000000080)=0x31)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r7=>0x0})
r8 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r8, &(0x7f0000000000)={0x1d, r7}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xc}, {0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)

0s ago: executing program 6 (id=920):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x3, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x0, 0x9e, 0xde, 0x5c, 0x10, 0x582, 0x44, 0x24d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xfe, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x38, 0x1, 0x0, 0x49, 0x81, 0xee, 0x3}}]}}]}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040), 0x480, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0xfff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r10, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, 0x1, 0x8, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20004000)
ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f00000000c0)={0xfffffbff, 0x0, 0x5})
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000190a01020000000000000000000000000900010073797a31000000000c00034000000000000000014000000062"], 0x38}}, 0x0)

kernel console output (not intermixed with test programs):

.229186][ T8003] ip6gretap0 speed is unknown, defaulting to 1000
[  189.241667][ T8003] ip6gretap0 speed is unknown, defaulting to 1000
[  189.253464][ T8003] ip6gretap0 speed is unknown, defaulting to 1000
[  189.841802][ T5929] usb 2-1: Using ep0 maxpacket: 16
[  189.848676][ T5929] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[  189.859193][ T5929] usb 2-1: can't read configurations, error -22
[  190.046683][ T5929] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  190.155845][ T8022] netlink: 4124 bytes leftover after parsing attributes in process `syz.4.485'.
[  190.160235][ T8017] netlink: 256 bytes leftover after parsing attributes in process `syz.5.483'.
[  190.165005][ T8022] openvswitch: netlink: Flow key attr not present in new flow.
[  190.445787][ T8017] netlink: 48 bytes leftover after parsing attributes in process `syz.5.483'.
[  190.589405][ T5929] usb 2-1: Using ep0 maxpacket: 16
[  190.751352][ T5929] usb 2-1: config index 0 descriptor too short (expected 9, got 0)
[  190.762211][ T5929] usb 2-1: can't read configurations, error -22
[  190.768809][ T5929] usb usb2-port1: attempt power cycle
[  191.051747][ T8035] CUSE: unknown device info "�"
[  191.056712][ T8035] CUSE: zero length info key specified
[  191.183005][ T5929] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  191.326900][ T5929] usb 2-1: device descriptor read/8, error -71
[  191.409167][ T8041] xt_TCPMSS: Only works on TCP SYN packets
[  192.571452][   T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  193.046384][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  193.072200][   T25] usb 1-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  193.115266][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.167149][   T25] usb 1-1: config 0 descriptor??
[  193.709274][   T25] uclogic 0003:145F:0212.0008: interface is invalid, ignoring
[  193.883818][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  193.986262][   T25] usb 1-1: USB disconnect, device number 13
[  194.854981][ T8105] process 'syz.1.506' launched './file0' with NULL argv: empty string added
[  194.863110][ T8122] syz.1.506 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  194.898249][ T8130] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  195.214699][ T5874] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  195.302371][ T8149] Invalid ELF header magic: != ELF
[  195.302660][   T29] audit: type=1400 audit(1731242250.686:447): avc:  denied  { module_load } for  pid=8147 comm="syz.6.512" path="/22/bus" dev="tmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  195.366611][   T29] audit: type=1400 audit(1731242250.746:448): avc:  denied  { setopt } for  pid=8147 comm="syz.6.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  195.409568][ T5874] usb 5-1: Using ep0 maxpacket: 16
[  195.416803][ T5874] usb 5-1: New USB device found, idVendor=102c, idProduct=6151, bcdDevice=44.e6
[  195.435101][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.500369][ T5874] usb 5-1: config 0 descriptor??
[  195.531028][ T5874] gspca_main: etoms-2.14.0 probing 102c:6151
[  196.516281][   T29] audit: type=1400 audit(1731242251.896:449): avc:  denied  { mount } for  pid=8148 comm="syz.1.511" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  196.533617][ T8172] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8172 comm=syz.6.515
[  196.646868][   T29] audit: type=1400 audit(1731242251.916:450): avc:  denied  { getopt } for  pid=8170 comm="syz.6.515" lport=40827 faddr=::ffff:172.30.0.7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  196.669938][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.707781][ T5874] usb 5-1: USB disconnect, device number 10
[  196.899571][   T29] audit: type=1400 audit(1731242251.946:451): avc:  denied  { read } for  pid=8170 comm="syz.6.515" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  197.739232][ T8203] netlink: 'syz.0.520': attribute type 10 has an invalid length.
[  197.749884][ T8197] nbd1: detected capacity change from 0 to 12
[  197.764421][ T5837] block nbd1: Send control failed (result -89)
[  197.819772][ T5875] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  198.259687][ T5837] block nbd1: Request send failed, requeueing
[  198.358688][   T58] block nbd1: Dead connection, failed to find a fallback
[  198.366242][   T58] block nbd1: shutting down sockets
[  198.372537][   T58] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.382240][   T58] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.392564][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.406142][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.415630][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.425088][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.428807][ T8209] FAULT_INJECTION: forcing a failure.
[  198.428807][ T8209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  198.433701][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.455600][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.462294][ T8209] CPU: 0 UID: 0 PID: 8209 Comm: syz.5.522 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  198.465784][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.473852][ T8209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  198.473865][ T8209] Call Trace:
[  198.473872][ T8209]  <TASK>
[  198.473879][ T8209]  dump_stack_lvl+0x16c/0x1f0
[  198.493036][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.496162][ T8209]  should_fail_ex+0x497/0x5b0
[  198.499208][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.503717][ T8209]  _copy_from_user+0x2e/0xd0
[  198.503741][ T8209]  input_event_from_user+0x134/0x3b0
[  198.534922][ T8209]  ? __pfx_input_event_from_user+0x10/0x10
[  198.540717][ T8209]  ? __pfx___might_resched+0x10/0x10
[  198.545988][ T8209]  ? input_inject_event+0x193/0x370
[  198.551173][ T8209]  evdev_write+0x377/0x750
[  198.555575][ T8209]  ? __pfx_evdev_write+0x10/0x10
[  198.560497][ T8209]  ? bpf_lsm_file_permission+0x9/0x10
[  198.565851][ T8209]  ? security_file_permission+0x71/0x210
[  198.571469][ T8209]  ? __pfx_evdev_write+0x10/0x10
[  198.576388][ T8209]  vfs_write+0x24c/0x1150
[  198.580706][ T8209]  ? __fget_files+0x23a/0x3f0
[  198.585369][ T8209]  ? __pfx_lock_release+0x10/0x10
[  198.590385][ T8209]  ? trace_lock_acquire+0x14a/0x1d0
[  198.595595][ T8209]  ? __pfx_vfs_write+0x10/0x10
[  198.600357][ T8209]  ? lock_acquire+0x2f/0xb0
[  198.604840][ T8209]  ? __fget_files+0x40/0x3f0
[  198.609421][ T8209]  ? __fget_files+0x244/0x3f0
[  198.614092][ T8209]  ksys_write+0x1fa/0x260
[  198.618414][ T8209]  ? __pfx_ksys_write+0x10/0x10
[  198.623275][ T8209]  do_syscall_64+0xcd/0x250
[  198.627766][ T8209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.633650][ T8209] RIP: 0033:0x7ff7fa97e719
[  198.638050][ T8209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.657645][ T8209] RSP: 002b:00007ff7fb6b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  198.666041][ T8209] RAX: ffffffffffffffda RBX: 00007ff7fab35f80 RCX: 00007ff7fa97e719
[  198.673995][ T8209] RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000003
[  198.681949][ T8209] RBP: 00007ff7fb6b3090 R08: 0000000000000000 R09: 0000000000000000
[  198.689902][ T8209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  198.697854][ T8209] R13: 0000000000000000 R14: 00007ff7fab35f80 R15: 00007ffdbf6f07b8
[  198.705813][ T8209]  </TASK>
[  198.747254][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.759861][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.768911][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.776846][ T5875] usb 2-1: config 1 interface 0 has no altsetting 0
[  198.784202][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.797850][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.807161][ T5837] ldm_validate_partition_table(): Disk read failed.
[  198.819562][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.848418][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.868399][ T5837] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  198.905407][ T5837] Buffer I/O error on dev nbd1, logical block 0, async page read
[  198.928416][ T5837] Dev nbd1: unable to read RDB block 0
[  198.936667][ T8219] netlink: 'syz.4.521': attribute type 10 has an invalid length.
[  198.936817][ T5837]  nbd1: unable to read partition table
[  198.962006][ T5837] nbd1: partition table beyond EOD, truncated
[  198.994538][ T5837] ldm_validate_partition_table(): Disk read failed.
[  199.004397][ T5837] Dev nbd1: unable to read RDB block 0
[  199.012245][ T5837]  nbd1: unable to read partition table
[  199.019224][ T5837] nbd1: partition table beyond EOD, truncated
[  199.095097][ T8219] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.103635][ T8219] team0: Port device bond0 added
[  199.141141][ T5875] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  199.318142][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.326625][ T5875] usb 2-1: Product: syz
[  199.471797][ T5875] usb 2-1: Manufacturer: syz
[  199.477427][ T5875] usb 2-1: SerialNumber: syz
[  200.400533][ T8242] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8242 comm=syz.1.529
[  200.433161][ T8242] netlink: 'syz.1.529': attribute type 1 has an invalid length.
[  200.477678][ T5875] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  200.510398][ T8245] capability: warning: `syz.6.530' uses deprecated v2 capabilities in a way that may be insecure
[  200.520977][   T29] audit: type=1400 audit(1731242255.876:452): avc:  denied  { read } for  pid=8244 comm="syz.6.530" name="usbmon5" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  200.547660][ T8242] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.574720][   T29] audit: type=1400 audit(1731242255.876:453): avc:  denied  { open } for  pid=8244 comm="syz.6.530" path="/dev/usbmon5" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  200.673909][ T5875] usb 2-1: USB disconnect, device number 14
[  200.687360][ T5875] usblp0: removed
[  200.708117][   T29] audit: type=1400 audit(1731242255.876:454): avc:  denied  { ioctl } for  pid=8244 comm="syz.6.530" path="/dev/usbmon5" dev="devtmpfs" ino=736 ioctlcmd=0x9208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  200.740668][ T8247] 8021q: adding VLAN 0 to HW filter on device bond1
[  200.754355][ T8247] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  200.771161][ T8252] overlay: filesystem on ./bus not supported as upperdir
[  200.787250][ T8247] bond1: (slave vti0): Error -95 calling set_mac_address
[  200.794131][   T29] audit: type=1400 audit(1731242256.166:455): avc:  denied  { module_request } for  pid=8253 comm="syz.6.531" kmod="net-pf-16-proto-16-family-" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  200.998503][ T8260] dummy0: entered promiscuous mode
[  201.052660][ T8266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.534'.
[  201.509478][ T5874] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  201.681387][ T5874] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  201.697543][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.725460][ T5874] usb 6-1: config 0 descriptor??
[  201.755950][ T8292] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8292 comm=syz.4.533
[  201.947453][ T8273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.963276][ T8273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.012174][ T8273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.058966][ T8273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.095506][ T5874] [drm] vendor descriptor length:c3 data:ea 02 98 48 a4 15 b5 c4 16 1e 0b
[  202.189319][ T5874] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  202.353318][ T5874] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2
[  202.401077][ T5874] [drm] Initialized udl on minor 2
[  202.497661][ T5874] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  202.513475][ T8314] sch_fq: defrate 0 ignored.
[  202.569778][ T5874] udl 6-1:0.0: [drm] Cannot find any crtc or sizes
[  202.732835][ T8323] fuse: Bad value for 'fd'
[  203.094467][   T45] usb 6-1: USB disconnect, device number 8
[  203.100862][ T5824] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 1 failed err ffffffb9
[  203.109065][ T5824] udl 6-1:0.0: [drm] Cannot find any crtc or sizes
[  203.289547][ T5875] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  203.322740][ T8331] FAULT_INJECTION: forcing a failure.
[  203.322740][ T8331] name failslab, interval 1, probability 0, space 0, times 0
[  203.335426][ T8331] CPU: 0 UID: 0 PID: 8331 Comm: syz.0.542 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  203.346011][ T8331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  203.356058][ T8331] Call Trace:
[  203.359328][ T8331]  <TASK>
[  203.362252][ T8331]  dump_stack_lvl+0x16c/0x1f0
[  203.366939][ T8331]  should_fail_ex+0x497/0x5b0
[  203.371612][ T8331]  ? fs_reclaim_acquire+0xae/0x150
[  203.376722][ T8331]  should_failslab+0xc2/0x120
[  203.381395][ T8331]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  203.386780][ T8331]  ? skb_clone+0x190/0x3f0
[  203.391210][ T8331]  skb_clone+0x190/0x3f0
[  203.395462][ T8331]  pfkey_process+0xc7/0x840
[  203.399978][ T8331]  ? pfkey_sendmsg+0x42d/0x840
[  203.404759][ T8331]  ? __pfx_pfkey_process+0x10/0x10
[  203.409876][ T8331]  ? trace_contention_end+0xea/0x140
[  203.415174][ T8331]  ? __virt_addr_valid+0x2e0/0x590
[  203.420290][ T8331]  ? __virt_addr_valid+0x5e/0x590
[  203.425318][ T8331]  ? __phys_addr_symbol+0x30/0x80
[  203.430350][ T8331]  pfkey_sendmsg+0x43b/0x840
[  203.434952][ T8331]  ____sys_sendmsg+0xaaf/0xc90
[  203.439722][ T8331]  ? copy_msghdr_from_user+0x10b/0x160
[  203.445180][ T8331]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.450478][ T8331]  ? __pfx___lock_acquire+0x10/0x10
[  203.455675][ T8331]  ? __pfx_lock_release+0x10/0x10
[  203.460693][ T8331]  ___sys_sendmsg+0x135/0x1e0
[  203.465371][ T8331]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.470579][ T8331]  ? lock_acquire+0x2f/0xb0
[  203.475077][ T8331]  ? __fget_files+0x40/0x3f0
[  203.479684][ T8331]  ? fdget+0x176/0x210
[  203.483758][ T8331]  __sys_sendmsg+0x117/0x1f0
[  203.488343][ T8331]  ? __pfx___sys_sendmsg+0x10/0x10
[  203.493456][ T8331]  ? bpf_trace_run2+0x2a6/0x590
[  203.498321][ T8331]  ? rcu_is_watching+0x12/0xc0
[  203.503088][ T8331]  do_syscall_64+0xcd/0x250
[  203.507588][ T8331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.513482][ T8331] RIP: 0033:0x7f0e1ef7e719
[  203.517893][ T8331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  203.537501][ T8331] RSP: 002b:00007f0e1fd85038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  203.545899][ T8331] RAX: ffffffffffffffda RBX: 00007f0e1f136130 RCX: 00007f0e1ef7e719
[  203.553854][ T8331] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000008
[  203.561806][ T8331] RBP: 00007f0e1fd85090 R08: 0000000000000000 R09: 0000000000000000
[  203.569759][ T8331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.577711][ T8331] R13: 0000000000000000 R14: 00007f0e1f136130 R15: 00007ffed3abdad8
[  203.585675][ T8331]  </TASK>
[  203.672783][ T5875] usb 2-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  203.681946][ T5875] usb 2-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  203.695178][ T5875] usb 2-1: Manufacturer: syz
[  203.704585][ T5875] usb 2-1: config 0 descriptor??
[  203.826581][   T29] audit: type=1400 audit(1731242259.206:456): avc:  denied  { getopt } for  pid=8333 comm="syz.6.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  203.960163][ T8335] futex_wake_op: syz.6.543 tries to shift op by 36; fix this program
[  204.245192][ T5875] gs_usb 2-1:0.0: Couldn't get device config: (err=-121)
[  204.252847][ T5875] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -121
[  204.542271][ T8341] netlink: 16 bytes leftover after parsing attributes in process `syz.0.546'.
[  204.620119][ T8341] openvswitch: netlink: Missing key (keys=40, expected=200000)
[  204.746563][ T8347] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.545'.
[  204.779745][ T8347] debugfs: Directory '�!' with parent 'ieee80211' already present!
[  204.790112][ T5839] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  204.824178][ T5839] Bluetooth: hci4: Injecting HCI hardware error event
[  204.839736][ T5828] Bluetooth: hci4: hardware error 0x00
[  205.555084][ T8368] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  205.590088][ T5875] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  205.839821][ T5875] usb 6-1: Using ep0 maxpacket: 32
[  205.892005][ T5875] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  205.951186][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.008855][ T5875] usb 6-1: Product: syz
[  206.013840][ T5875] usb 6-1: Manufacturer: syz
[  206.018672][ T5875] usb 6-1: SerialNumber: syz
[  206.027045][ T5875] usb 6-1: config 0 descriptor??
[  206.139494][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[  206.256541][    T9] usb 2-1: USB disconnect, device number 15
[  207.036409][ T5875] airspy 6-1:0.0: Board ID: 00
[  207.040069][ T5826] Bluetooth: hci3: command 0x0406 tx timeout
[  207.041334][ T5875] airspy 6-1:0.0: Firmware version: 
[  207.191865][ T5828] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  208.673795][ T8414] mmap: syz.1.562 (8414) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  208.929536][    T9] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  209.084223][ T5875] airspy 6-1:0.0: Registered as swradio24
[  209.094523][ T5875] airspy 6-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  209.127647][    T9] usb 2-1: config 0 has an invalid interface number: 243 but max is 0
[  209.146173][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.313193][    T9] usb 2-1: config 0 has no interface number 0
[  209.319796][    T9] usb 2-1: config 0 interface 243 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 10
[  209.331316][    T9] usb 2-1: config 0 interface 243 altsetting 0 endpoint 0xC has invalid maxpacket 768, setting to 64
[  210.291265][    T9] usb 2-1: config 0 interface 243 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  210.841295][    T9] usb 2-1: New USB device found, idVendor=2c7c, idProduct=0191, bcdDevice=73.e7
[  210.861365][    T9] usb 2-1: New USB device strings: Mfr=157, Product=104, SerialNumber=3
[  210.900996][    T9] usb 2-1: Product: syz
[  210.905170][    T9] usb 2-1: Manufacturer: syz
[  210.917757][    T9] usb 2-1: SerialNumber: syz
[  210.940281][    T9] usb 2-1: config 0 descriptor??
[  210.955921][ T8412] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  211.151416][ T5929] usb 6-1: USB disconnect, device number 9
[  211.181429][    T9] usb 2-1: USB disconnect, device number 16
[  211.205161][   T45] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  211.216316][   T45] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  212.409493][   T29] audit: type=1400 audit(1731242267.766:457): avc:  denied  { watch watch_reads } for  pid=8470 comm="syz.0.574" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=1106 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  212.461104][   T29] audit: type=1400 audit(1731242267.766:458): avc:  denied  { ioctl } for  pid=8470 comm="syz.0.574" path="socket:[18399]" dev="sockfs" ino=18399 ioctlcmd=0x4947 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  212.485605][    C1] vkms_vblank_simulate: vblank timer overrun
[  214.064776][ T8500] xt_connbytes: Forcing CT accounting to be enabled
[  214.071634][ T8500] Cannot find set identified by id 0 to match
[  214.560787][ T8503] netlink: 20 bytes leftover after parsing attributes in process `syz.4.582'.
[  214.670994][   T29] audit: type=1400 audit(1731242270.056:459): avc:  denied  { listen } for  pid=8490 comm="syz.1.580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  214.914461][ T8518] netlink: 20 bytes leftover after parsing attributes in process `syz.6.587'.
[  214.939880][ T8518] netlink: 4 bytes leftover after parsing attributes in process `syz.6.587'.
[  215.379479][   T29] audit: type=1400 audit(1731242270.576:460): avc:  denied  { read write } for  pid=8519 comm="syz.4.588" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  215.402451][    C1] vkms_vblank_simulate: vblank timer overrun
[  215.700338][   T29] audit: type=1400 audit(1731242270.576:461): avc:  denied  { open } for  pid=8519 comm="syz.4.588" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  215.796417][   T29] audit: type=1400 audit(1731242270.576:462): avc:  denied  { map } for  pid=8519 comm="syz.4.588" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  215.892219][   T29] audit: type=1400 audit(1731242270.576:463): avc:  denied  { execute } for  pid=8519 comm="syz.4.588" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  215.915411][    C1] vkms_vblank_simulate: vblank timer overrun
[  215.978290][   T29] audit: type=1400 audit(1731242270.626:464): avc:  denied  { ioctl } for  pid=8519 comm="syz.4.588" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x125f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  216.002632][    C1] vkms_vblank_simulate: vblank timer overrun
[  216.009512][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  216.659418][    T9] usb 6-1: Using ep0 maxpacket: 8
[  216.667365][    T9] usb 6-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=de.43
[  216.676540][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.685069][   T29] audit: type=1400 audit(1731242271.616:465): avc:  denied  { nlmsg_read } for  pid=8536 comm="syz.1.591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  216.709423][    T9] usb 6-1: Product: syz
[  216.716002][    T9] usb 6-1: Manufacturer: syz
[  216.725875][    T9] usb 6-1: SerialNumber: syz
[  216.737108][ T8534] netlink: 209852 bytes leftover after parsing attributes in process `syz.6.592'.
[  216.750783][    T9] usb 6-1: config 0 descriptor??
[  216.766869][    T9] gspca_main: stk014-2.14.0 probing 05e1:0893
[  216.778746][    T9] usb 6-1: selecting invalid altsetting 1
[  216.788146][ T8534] sysfs: cannot create duplicate filename '/class/ieee80211/�!'
[  216.796517][ T8534] CPU: 1 UID: 0 PID: 8534 Comm: syz.6.592 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  216.807127][ T8534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  216.817191][ T8534] Call Trace:
[  216.820482][ T8534]  <TASK>
[  216.823424][ T8534]  dump_stack_lvl+0x16c/0x1f0
[  216.828126][ T8534]  sysfs_warn_dup+0x7f/0xa0
[  216.832649][ T8534]  sysfs_do_create_link_sd+0x124/0x140
[  216.838151][ T8534]  sysfs_create_link+0x61/0xc0
[  216.842951][ T8534]  device_add+0x62e/0x1a70
[  216.847387][ T8534]  ? __pfx_device_add+0x10/0x10
[  216.852258][ T8534]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  216.858177][ T8534]  ? ieee80211_set_bitrate_flags+0x249/0x6a0
[  216.864187][ T8534]  wiphy_register+0x2101/0x2d00
[  216.869058][ T8534]  ? __pfx_wiphy_register+0x10/0x10
[  216.874267][ T8534]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  216.880330][ T8534]  ieee80211_register_hw+0x2aaa/0x41b0
[  216.885821][ T8534]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  216.891618][ T8534]  ? net_generic+0xea/0x2a0
[  216.896133][ T8534]  ? __asan_memset+0x23/0x50
[  216.900712][ T8534]  ? __hrtimer_init+0x106/0x2c0
[  216.905549][ T8534]  mac80211_hwsim_new_radio+0x304e/0x54d0
[  216.911270][ T8534]  ? trace_kmalloc+0x2d/0xe0
[  216.915863][ T8534]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  216.921923][ T8534]  ? hwsim_new_radio_nl+0x9ff/0x12b0
[  216.927195][ T8534]  ? __asan_memcpy+0x3c/0x60
[  216.931775][ T8534]  hwsim_new_radio_nl+0xb42/0x12b0
[  216.936880][ T8534]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  216.942430][ T8534]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  216.949848][ T8534]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  216.957817][ T8534]  genl_family_rcv_msg_doit+0x202/0x2f0
[  216.963374][ T8534]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  216.969446][ T8534]  ? bpf_lsm_capable+0x9/0x10
[  216.974125][ T8534]  ? security_capable+0x7e/0x260
[  216.979068][ T8534]  ? ns_capable+0xd7/0x110
[  216.983474][ T8534]  genl_rcv_msg+0x565/0x800
[  216.987975][ T8534]  ? __pfx_genl_rcv_msg+0x10/0x10
[  216.992987][ T8534]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  216.998539][ T8534]  netlink_rcv_skb+0x16b/0x440
[  217.003288][ T8534]  ? __pfx_genl_rcv_msg+0x10/0x10
[  217.008313][ T8534]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  217.013594][ T8534]  ? down_read+0xc9/0x330
[  217.017921][ T8534]  ? __pfx_down_read+0x10/0x10
[  217.022672][ T8534]  ? netlink_deliver_tap+0x1ae/0xd90
[  217.027955][ T8534]  genl_rcv+0x28/0x40
[  217.031921][ T8534]  netlink_unicast+0x53c/0x7f0
[  217.036681][ T8534]  ? __pfx_netlink_unicast+0x10/0x10
[  217.041950][ T8534]  ? const_folio_flags.constprop.0+0x56/0x150
[  217.048007][ T8534]  netlink_sendmsg+0x8b8/0xd70
[  217.052762][ T8534]  ? __pfx_netlink_sendmsg+0x10/0x10
[  217.058038][ T8534]  ____sys_sendmsg+0xaaf/0xc90
[  217.062797][ T8534]  ? copy_msghdr_from_user+0x10b/0x160
[  217.068242][ T8534]  ? __pfx_____sys_sendmsg+0x10/0x10
[  217.073526][ T8534]  ? __pfx___lock_acquire+0x10/0x10
[  217.078712][ T8534]  ___sys_sendmsg+0x135/0x1e0
[  217.083379][ T8534]  ? __pfx____sys_sendmsg+0x10/0x10
[  217.088580][ T8534]  ? lock_acquire+0x2f/0xb0
[  217.093076][ T8534]  ? __fget_files+0x40/0x3f0
[  217.097671][ T8534]  ? fdget+0x176/0x210
[  217.101737][ T8534]  __sys_sendmsg+0x117/0x1f0
[  217.106314][ T8534]  ? __pfx___sys_sendmsg+0x10/0x10
[  217.111413][ T8534]  ? __x64_sys_futex+0x1e1/0x4c0
[  217.116355][ T8534]  do_syscall_64+0xcd/0x250
[  217.120844][ T8534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.126739][ T8534] RIP: 0033:0x7f52e0f7e719
[  217.131146][ T8534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  217.150743][ T8534] RSP: 002b:00007f52e1dac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  217.159144][ T8534] RAX: ffffffffffffffda RBX: 00007f52e1135f80 RCX: 00007f52e0f7e719
[  217.167105][ T8534] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
[  217.175069][ T8534] RBP: 00007f52e0ff139e R08: 0000000000000000 R09: 0000000000000000
[  217.183027][ T8534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  217.190988][ T8534] R13: 0000000000000000 R14: 00007f52e1135f80 R15: 00007ffe233cf948
[  217.198963][ T8534]  </TASK>
[  217.201984][    C1] vkms_vblank_simulate: vblank timer overrun
[  217.215729][ T8541] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.593'.
[  217.231353][ T8541] debugfs: Directory '�!' with parent 'ieee80211' already present!
[  217.420902][    T9] gspca_stk014: reg_r err -110
[  217.426005][    T9] stk014 6-1:0.0: probe with driver stk014 failed with error -110
[  217.770637][ T8551] 9pnet_fd: Insufficient options for proto=fd
[  218.249278][ T8562] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms
[  218.628986][ T8562] bond1: entered promiscuous mode
[  218.634187][ T8562] bond1: entered allmulticast mode
[  218.640131][ T8562] 8021q: adding VLAN 0 to HW filter on device bond1
[  218.784498][ T8576] FAULT_INJECTION: forcing a failure.
[  218.784498][ T8576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.804192][ T8576] CPU: 0 UID: 0 PID: 8576 Comm: syz.6.596 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  218.814805][ T8576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  218.824865][ T8576] Call Trace:
[  218.828135][ T8576]  <TASK>
[  218.831056][ T8576]  dump_stack_lvl+0x16c/0x1f0
[  218.835731][ T8576]  should_fail_ex+0x497/0x5b0
[  218.840475][ T8576]  __fpu_restore_sig+0xf5/0x1430
[  218.845404][ T8576]  ? __pfx___fpu_restore_sig+0x10/0x10
[  218.850869][ T8576]  ? lock_acquire+0x2f/0xb0
[  218.855365][ T8576]  ? __might_fault+0xe3/0x190
[  218.860751][ T8576]  fpu__restore_sig+0x113/0x190
[  218.865586][ T8576]  restore_sigcontext+0x4ca/0x6a0
[  218.870588][ T8576]  ? __pfx_restore_sigcontext+0x10/0x10
[  218.876133][ T8576]  ? __pfx_restore_altstack+0x10/0x10
[  218.881484][ T8576]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.886679][ T8576]  ? lockdep_hardirqs_on+0x7c/0x110
[  218.891878][ T8576]  __do_sys_rt_sigreturn+0x1bd/0x240
[  218.897156][ T8576]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  218.902943][ T8576]  do_syscall_64+0xcd/0x250
[  218.907430][ T8576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.913315][ T8576] RIP: 0033:0x7f52e0f7e717
[  218.917708][ T8576] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  218.937298][ T8576] RSP: 002b:00007f52e1dac038 EFLAGS: 00000246
[  218.943367][ T8576] RAX: 0000000000000013 RBX: 00007f52e1135f80 RCX: 00007f52e0f7e719
[  218.951343][ T8576] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000003
[  218.959315][ T8576] RBP: 00007f52e1dac090 R08: 0000000000000000 R09: 0000000000000000
[  218.967290][ T8576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  218.975267][ T8576] R13: 0000000000000000 R14: 00007f52e1135f80 R15: 00007ffe233cf948
[  218.983243][ T8576]  </TASK>
[  219.090543][   T45] usb 6-1: USB disconnect, device number 10
[  220.374173][ T8618] netlink: 56 bytes leftover after parsing attributes in process `syz.6.603'.
[  220.393359][   T29] audit: type=1400 audit(1731242275.756:466): avc:  denied  { getopt } for  pid=8613 comm="syz.6.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  220.512587][   T29] audit: type=1400 audit(1731242275.846:467): avc:  denied  { write } for  pid=8613 comm="syz.6.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  220.689520][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  220.881959][ T8633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.608'.
[  220.934715][   T29] audit: type=1400 audit(1731242276.316:468): avc:  denied  { mount } for  pid=8632 comm="syz.0.608" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  220.957025][   T29] audit: type=1400 audit(1731242276.316:469): avc:  denied  { unmount } for  pid=8632 comm="syz.0.608" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  220.977881][   T29] audit: type=1400 audit(1731242276.316:470): avc:  denied  { mounton } for  pid=8632 comm="syz.0.608" path="/130/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  221.000592][   T29] audit: type=1400 audit(1731242276.316:471): avc:  denied  { mount } for  pid=8632 comm="syz.0.608" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  221.022747][   T29] audit: type=1400 audit(1731242276.316:472): avc:  denied  { create } for  pid=8632 comm="syz.0.608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  221.077274][    T9] usb 6-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=9f.d4
[  221.086391][    T9] usb 6-1: New USB device strings: Mfr=188, Product=0, SerialNumber=0
[  221.097211][    T9] usb 6-1: Manufacturer: syz
[  221.103165][   T29] audit: type=1400 audit(1731242276.486:473): avc:  denied  { mounton } for  pid=8632 comm="syz.0.608" path="/130/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  221.147429][   T29] audit: type=1400 audit(1731242276.526:474): avc:  denied  { mount } for  pid=8632 comm="syz.0.608" name="/" dev="ramfs" ino=19574 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  221.186917][    T9] usb 6-1: config 0 descriptor??
[  221.603441][    T9] gs_usb 6-1:0.0: Couldn't get device config: (err=-32)
[  221.617974][ T5839] Bluetooth: hci2: unexpected event for opcode 0x2042
[  221.627866][   T29] audit: type=1400 audit(1731242276.996:475): avc:  denied  { ioctl } for  pid=8615 comm="syz.5.606" path="socket:[20537]" dev="sockfs" ino=20537 ioctlcmd=0x89b0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  221.663897][    T9] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -32
[  221.682424][ T5837] udevd[5837]: failed to send result of seq 14090 to main daemon: Connection refused
[  221.705147][    T9] usb 6-1: USB disconnect, device number 11
[  221.916501][ T8676] syz_tun: refused to change device tx_queue_len
[  221.929025][ T8676] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  222.016614][ T8673] netlink: 'syz.6.611': attribute type 9 has an invalid length.
[  222.029417][ T8673] netlink: 134672 bytes leftover after parsing attributes in process `syz.6.611'.
[  222.046458][ T8673] openvswitch: netlink: Key 2 has unexpected len 20 expected 4
[  223.268764][ T8692] netlink: 8 bytes leftover after parsing attributes in process `syz.5.621'.
[  223.894232][ T8716] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.623'.
[  224.072753][ T8710] mkiss: ax0: crc mode is auto.
[  224.094346][ T8716] sysfs: cannot create duplicate filename '/class/ieee80211/�!'
[  224.111377][ T8716] CPU: 0 UID: 0 PID: 8716 Comm: syz.1.623 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  224.121969][ T8716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  224.132005][ T8716] Call Trace:
[  224.135264][ T8716]  <TASK>
[  224.138185][ T8716]  dump_stack_lvl+0x16c/0x1f0
[  224.142842][ T8716]  sysfs_warn_dup+0x7f/0xa0
[  224.147322][ T8716]  sysfs_do_create_link_sd+0x124/0x140
[  224.152758][ T8716]  sysfs_create_link+0x61/0xc0
[  224.157496][ T8716]  device_add+0x62e/0x1a70
[  224.161905][ T8716]  ? __pfx_device_add+0x10/0x10
[  224.166767][ T8716]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  224.172679][ T8716]  ? ieee80211_set_bitrate_flags+0x249/0x6a0
[  224.178673][ T8716]  wiphy_register+0x2101/0x2d00
[  224.183532][ T8716]  ? __pfx_wiphy_register+0x10/0x10
[  224.188717][ T8716]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  224.194766][ T8716]  ieee80211_register_hw+0x2aaa/0x41b0
[  224.200227][ T8716]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  224.206014][ T8716]  ? net_generic+0xea/0x2a0
[  224.210505][ T8716]  ? __asan_memset+0x23/0x50
[  224.215070][ T8716]  ? __hrtimer_init+0x106/0x2c0
[  224.219897][ T8716]  mac80211_hwsim_new_radio+0x304e/0x54d0
[  224.225600][ T8716]  ? trace_kmalloc+0x2d/0xe0
[  224.230174][ T8716]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  224.236217][ T8716]  ? hwsim_new_radio_nl+0x9ff/0x12b0
[  224.241478][ T8716]  ? __asan_memcpy+0x3c/0x60
[  224.246043][ T8716]  hwsim_new_radio_nl+0xb42/0x12b0
[  224.251132][ T8716]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  224.256657][ T8716]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  224.264007][ T8716]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  224.271372][ T8716]  genl_family_rcv_msg_doit+0x202/0x2f0
[  224.276910][ T8716]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  224.282970][ T8716]  ? bpf_lsm_capable+0x9/0x10
[  224.287632][ T8716]  ? security_capable+0x7e/0x260
[  224.292563][ T8716]  ? ns_capable+0xd7/0x110
[  224.296968][ T8716]  genl_rcv_msg+0x565/0x800
[  224.301462][ T8716]  ? __pfx_genl_rcv_msg+0x10/0x10
[  224.306470][ T8716]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  224.312022][ T8716]  netlink_rcv_skb+0x16b/0x440
[  224.316769][ T8716]  ? __pfx_genl_rcv_msg+0x10/0x10
[  224.321794][ T8716]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  224.327071][ T8716]  ? down_read+0xc9/0x330
[  224.331389][ T8716]  ? __pfx_down_read+0x10/0x10
[  224.336137][ T8716]  ? rcu_is_watching+0x12/0xc0
[  224.340893][ T8716]  genl_rcv+0x28/0x40
[  224.344860][ T8716]  netlink_unicast+0x53c/0x7f0
[  224.349610][ T8716]  ? __pfx_netlink_unicast+0x10/0x10
[  224.354884][ T8716]  netlink_sendmsg+0x8b8/0xd70
[  224.359635][ T8716]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.364910][ T8716]  ____sys_sendmsg+0xaaf/0xc90
[  224.369665][ T8716]  ? copy_msghdr_from_user+0x10b/0x160
[  224.375111][ T8716]  ? __pfx_____sys_sendmsg+0x10/0x10
[  224.380394][ T8716]  ? __pfx___lock_acquire+0x10/0x10
[  224.385579][ T8716]  ___sys_sendmsg+0x135/0x1e0
[  224.390247][ T8716]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.395440][ T8716]  ? lock_acquire+0x2f/0xb0
[  224.399927][ T8716]  ? __fget_files+0x40/0x3f0
[  224.404516][ T8716]  ? fdget+0x176/0x210
[  224.408579][ T8716]  __sys_sendmsg+0x117/0x1f0
[  224.413170][ T8716]  ? __pfx___sys_sendmsg+0x10/0x10
[  224.418269][ T8716]  ? __x64_sys_futex+0x1e1/0x4c0
[  224.423208][ T8716]  do_syscall_64+0xcd/0x250
[  224.427711][ T8716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.433593][ T8716] RIP: 0033:0x7f8b9317e719
[  224.437991][ T8716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.457679][ T8716] RSP: 002b:00007f8b915f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.466100][ T8716] RAX: ffffffffffffffda RBX: 00007f8b93336130 RCX: 00007f8b9317e719
[  224.474056][ T8716] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004
[  224.482013][ T8716] RBP: 00007f8b931f139e R08: 0000000000000000 R09: 0000000000000000
[  224.489969][ T8716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.497941][ T8716] R13: 0000000000000000 R14: 00007f8b93336130 R15: 00007ffe463bf718
[  224.505916][ T8716]  </TASK>
[  224.534149][ T8722] netlink: 20 bytes leftover after parsing attributes in process `syz.4.628'.
[  224.569528][ T5929] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  224.750610][ T5929] usb 7-1: Using ep0 maxpacket: 32
[  224.768872][ T5929] usb 7-1: config 0 has an invalid interface number: 151 but max is 0
[  224.794409][ T5929] usb 7-1: config 0 has no interface number 0
[  224.979506][ T5929] usb 7-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  224.998473][ T5929] usb 7-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  225.031863][ T8729] netlink: 20 bytes leftover after parsing attributes in process `syz.1.631'.
[  225.061955][ T5929] usb 7-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  225.079401][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.134527][ T5929] usb 7-1: Product: syz
[  225.138721][ T5929] usb 7-1: Manufacturer: syz
[  225.167264][ T5929] usb 7-1: SerialNumber: syz
[  225.177681][ T5929] usb 7-1: config 0 descriptor??
[  225.719945][ T5839] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  225.729194][ T5839] Bluetooth: hci2: Injecting HCI hardware error event
[  225.737232][ T5839] Bluetooth: hci2: hardware error 0x00
[  225.765481][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies.
[  226.000243][ T8741] netlink: 24 bytes leftover after parsing attributes in process `syz.5.632'.
[  226.109525][ T8725] mmap: syz.0.630 (8725): VmData 25841664 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  226.160665][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  226.160680][   T29] audit: type=1400 audit(1731242281.546:481): avc:  denied  { ioctl } for  pid=8742 comm="syz.4.635" path="socket:[19798]" dev="sockfs" ino=19798 ioctlcmd=0x943e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  226.213691][ T8750] netlink: 32 bytes leftover after parsing attributes in process `syz.1.637'.
[  226.234583][   T29] audit: type=1326 audit(1731242281.616:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8730 comm="syz.5.632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7fa97e719 code=0x0
[  227.488099][   T29] audit: type=1400 audit(1731242282.446:483): avc:  denied  { create } for  pid=8762 comm="syz.0.641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  227.519484][   T29] audit: type=1400 audit(1731242282.446:484): avc:  denied  { setopt } for  pid=8762 comm="syz.0.641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  227.557239][ T5929] usb 7-1: USB disconnect, device number 4
[  228.030190][ T5839] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  228.064526][  T965] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  228.477178][  T965] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  228.503009][  T965] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  228.536658][  T965] usb 2-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  228.561623][  T965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.588729][  T965] usb 2-1: config 0 descriptor??
[  228.739465][    T9] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  228.892071][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  228.904964][ T8793] netlink: 'syz.5.651': attribute type 10 has an invalid length.
[  228.906523][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  228.924032][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  228.927327][ T8793] netlink: 210880 bytes leftover after parsing attributes in process `syz.5.651'.
[  228.934140][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  228.967162][    T9] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  228.977140][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.060817][    T9] usb 7-1: config 0 descriptor??
[  229.307439][ T8799] netlink: 24 bytes leftover after parsing attributes in process `syz.4.652'.
[  229.355237][   T29] audit: type=1400 audit(1731242284.726:485): avc:  denied  { connect } for  pid=8794 comm="syz.4.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  229.374535][    C1] vkms_vblank_simulate: vblank timer overrun
[  229.470033][  T965] usbhid 2-1:0.0: can't add hid device: -71
[  229.476773][  T965] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  229.723855][   T29] audit: type=1400 audit(1731242284.736:486): avc:  denied  { write } for  pid=8794 comm="syz.4.652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  229.734377][  T965] usb 2-1: USB disconnect, device number 17
[  229.746810][    T9] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  229.820541][    T9] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  229.999555][   T29] audit: type=1400 audit(1731242285.316:487): avc:  denied  { write } for  pid=8809 comm="syz.5.656" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  231.109438][    T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  231.281895][    T9] usb 6-1: Using ep0 maxpacket: 8
[  231.303015][    T9] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  231.329462][    T9] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  231.359426][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  231.369198][    T9] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 216
[  231.399416][    T9] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  231.437557][    T9] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  231.459453][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.674296][    T9] usb 6-1: usb_control_msg returned -32
[  231.699700][    T9] usbtmc 6-1:16.0: can't read capabilities
[  232.271612][   T45] usb 7-1: USB disconnect, device number 5
[  232.303131][ T8842] batadv_slave_0: entered promiscuous mode
[  232.482606][   T29] audit: type=1400 audit(1731242287.846:488): avc:  denied  { bind } for  pid=8809 comm="syz.5.656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  232.579552][ T5929] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  232.777427][   T29] audit: type=1400 audit(1731242288.156:489): avc:  denied  { connect } for  pid=8854 comm="syz.0.670" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  232.849595][   T45] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  232.992484][ T5929] usb 2-1: config 0 has an invalid interface number: 74 but max is 1
[  233.001115][ T5929] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  233.094335][   T45] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  233.127489][   T45] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.149510][ T5929] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  233.166619][   T45] usb 7-1: config 0 descriptor??
[  233.180166][ T5929] usb 2-1: config 0 has no interface number 0
[  233.188395][ T5929] usb 2-1: config 0 interface 74 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 10
[  233.207636][   T45] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  233.218679][ T5929] usb 2-1: config 0 interface 74 altsetting 0 endpoint 0xE has invalid maxpacket 46080, setting to 64
[  233.236249][ T5929] usb 2-1: config 0 interface 74 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  233.261633][ T5929] usb 2-1: New USB device found, idVendor=6737, idProduct=0001, bcdDevice=de.66
[  233.295837][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.309170][ T5929] usb 2-1: Product: syz
[  233.323729][ T5929] usb 2-1: Manufacturer: syz
[  233.328450][ T5929] usb 2-1: SerialNumber: syz
[  233.336345][ T5929] usb 2-1: config 0 descriptor??
[  233.354868][ T8858] netlink: 4 bytes leftover after parsing attributes in process `syz.4.668'.
[  233.377511][ T8858] syz.4.668(8858): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  233.416227][ T8850] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  233.440689][   T45] gp8psk: usb in 128 operation failed.
[  233.502677][    T9] usb 6-1: USB disconnect, device number 12
[  233.512214][   T45] gp8psk: usb in 137 operation failed.
[  233.517718][   T45] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  233.551509][   T45] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  233.569524][   T45] usb 7-1: media controller created
[  233.595274][   T29] audit: type=1400 audit(1731242288.976:490): avc:  denied  { listen } for  pid=8862 comm="syz.5.672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  233.626834][   T45] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  233.689633][   T45] gp8psk_fe: Frontend attached
[  233.694873][   T45] usb 7-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  233.726664][   T45] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  233.800011][   T45] gp8psk: usb in 138 operation failed.
[  233.815131][   T45] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  233.843182][   T45] gp8psk: found Genpix USB device pID = 203 (hex)
[  233.878563][ T5929] cypress_m8 2-1:0.74: HID->COM RS232 Adapter converter detected
[  233.890000][   T45] usb 7-1: USB disconnect, device number 6
[  233.902059][ T5929] cyphidcom ttyUSB0: required endpoint is missing
[  233.930918][ T5929] usb 2-1: USB disconnect, device number 18
[  233.958029][ T5929] cypress_m8 2-1:0.74: device disconnected
[  234.008388][   T45] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  236.734166][ T8900] netlink: 28 bytes leftover after parsing attributes in process `syz.4.683'.
[  236.907992][ T8895] netlink: 24 bytes leftover after parsing attributes in process `syz.4.683'.
[  236.990458][   T29] audit: type=1400 audit(1731242292.306:491): avc:  denied  { read } for  pid=8894 comm="syz.4.683" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  237.224218][ T8907] netlink: 68 bytes leftover after parsing attributes in process `syz.0.685'.
[  237.462092][ T8916] input: syz0 as /devices/virtual/input/input14
[  238.939485][ T5839] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  239.596234][   T29] audit: type=1400 audit(1731242294.206:492): avc:  denied  { bind } for  pid=8927 comm="syz.0.695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  242.082218][ T8975] netlink: 'syz.1.705': attribute type 1 has an invalid length.
[  242.090219][ T8975] netlink: 'syz.1.705': attribute type 2 has an invalid length.
[  243.249470][   T45] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  243.264119][ T8987] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22
[  243.274075][ T8987] netdevsim netdevsim1: Direct firmware load for . failed with error -22
[  243.283000][ T8987] netdevsim netdevsim1: Falling back to sysfs fallback for: .
[  243.479665][   T45] usb 5-1: Using ep0 maxpacket: 16
[  243.496090][   T45] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  243.991080][   T45] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  244.038687][ T8994] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.712'.
[  244.039788][   T45] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.068604][   T45] usb 5-1: config 0 descriptor??
[  244.074759][ T8994] sysfs: cannot create duplicate filename '/class/ieee80211/�!'
[  244.086679][ T8994] CPU: 0 UID: 0 PID: 8994 Comm: syz.0.712 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  244.097276][ T8994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  244.107322][ T8994] Call Trace:
[  244.110587][ T8994]  <TASK>
[  244.113510][ T8994]  dump_stack_lvl+0x16c/0x1f0
[  244.118178][ T8994]  sysfs_warn_dup+0x7f/0xa0
[  244.122669][ T8994]  sysfs_do_create_link_sd+0x124/0x140
[  244.128121][ T8994]  sysfs_create_link+0x61/0xc0
[  244.132874][ T8994]  device_add+0x62e/0x1a70
[  244.137280][ T8994]  ? __pfx_device_add+0x10/0x10
[  244.142118][ T8994]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  244.148005][ T8994]  ? ieee80211_set_bitrate_flags+0x249/0x6a0
[  244.153980][ T8994]  wiphy_register+0x2101/0x2d00
[  244.158827][ T8994]  ? __pfx_wiphy_register+0x10/0x10
[  244.164024][ T8994]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  244.170083][ T8994]  ieee80211_register_hw+0x2aaa/0x41b0
[  244.175544][ T8994]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  244.181341][ T8994]  ? net_generic+0xea/0x2a0
[  244.185840][ T8994]  ? __asan_memset+0x23/0x50
[  244.190419][ T8994]  ? __hrtimer_init+0x106/0x2c0
[  244.195254][ T8994]  mac80211_hwsim_new_radio+0x304e/0x54d0
[  244.200971][ T8994]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  244.207030][ T8994]  ? memcpy_orig+0x115/0x140
[  244.211613][ T8994]  hwsim_new_radio_nl+0xb42/0x12b0
[  244.216711][ T8994]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  244.222252][ T8994]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  244.229610][ T8994]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  244.236973][ T8994]  genl_family_rcv_msg_doit+0x202/0x2f0
[  244.242504][ T8994]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  244.248570][ T8994]  ? bpf_lsm_capable+0x9/0x10
[  244.253233][ T8994]  ? security_capable+0x7e/0x260
[  244.258165][ T8994]  ? ns_capable+0xd7/0x110
[  244.262568][ T8994]  genl_rcv_msg+0x565/0x800
[  244.267061][ T8994]  ? __pfx_genl_rcv_msg+0x10/0x10
[  244.272078][ T8994]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  244.277620][ T8994]  netlink_rcv_skb+0x16b/0x440
[  244.282366][ T8994]  ? __pfx_genl_rcv_msg+0x10/0x10
[  244.287376][ T8994]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  244.292649][ T8994]  ? down_read+0xc9/0x330
[  244.296961][ T8994]  ? __pfx_down_read+0x10/0x10
[  244.301711][ T8994]  ? genl_rcv+0xd/0x40
[  244.305764][ T8994]  genl_rcv+0x28/0x40
[  244.309730][ T8994]  netlink_unicast+0x53c/0x7f0
[  244.314484][ T8994]  ? __pfx_netlink_unicast+0x10/0x10
[  244.319764][ T8994]  ? security_netlink_send+0x53/0x210
[  244.325130][ T8994]  ? __sanitizer_cov_trace_pc+0x56/0x70
[  244.330667][ T8994]  netlink_sendmsg+0x8b8/0xd70
[  244.335419][ T8994]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.340699][ T8994]  ____sys_sendmsg+0xaaf/0xc90
[  244.345455][ T8994]  ? copy_msghdr_from_user+0x10b/0x160
[  244.350900][ T8994]  ? __pfx_____sys_sendmsg+0x10/0x10
[  244.356181][ T8994]  ? find_held_lock+0x2d/0x110
[  244.360939][ T8994]  ___sys_sendmsg+0x135/0x1e0
[  244.365608][ T8994]  ? __pfx____sys_sendmsg+0x10/0x10
[  244.370794][ T8994]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  244.376605][ T8994]  ? fdget+0x176/0x210
[  244.380671][ T8994]  __sys_sendmsg+0x117/0x1f0
[  244.385245][ T8994]  ? __pfx___sys_sendmsg+0x10/0x10
[  244.390356][ T8994]  do_syscall_64+0xcd/0x250
[  244.394843][ T8994]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.400730][ T8994] RIP: 0033:0x7f0e1ef7e719
[  244.405128][ T8994] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.424719][ T8994] RSP: 002b:00007f0e1fda6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.433203][ T8994] RAX: ffffffffffffffda RBX: 00007f0e1f136058 RCX: 00007f0e1ef7e719
[  244.441157][ T8994] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004
[  244.449115][ T8994] RBP: 00007f0e1eff139e R08: 0000000000000000 R09: 0000000000000000
[  244.457074][ T8994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  244.465028][ T8994] R13: 0000000000000000 R14: 00007f0e1f136058 R15: 00007ffed3abdad8
[  244.473000][ T8994]  </TASK>
[  244.761554][   T45] usb 5-1: USB disconnect, device number 11
[  244.861363][ T8996] ptm ptm26: ldisc open failed (-12), clearing slot 26
[  245.886962][ T9012] netlink: 'syz.1.717': attribute type 29 has an invalid length.
[  245.960419][ T9015] netlink: 'syz.1.717': attribute type 29 has an invalid length.
[  246.009623][ T5936] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  246.169582][ T5936] usb 7-1: Using ep0 maxpacket: 8
[  246.177206][ T5936] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  246.200271][ T9012] netlink: 500 bytes leftover after parsing attributes in process `syz.1.717'.
[  246.200993][ T5936] usb 7-1: config 0 has no interface number 0
[  246.213715][ T9012] unsupported nla_type 40
[  246.229564][ T5936] usb 7-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92
[  246.248836][ T5936] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.266315][ T5936] usb 7-1: Product: syz
[  246.270923][ T5936] usb 7-1: Manufacturer: syz
[  246.275525][ T5936] usb 7-1: SerialNumber: syz
[  246.362727][ T5936] usb 7-1: config 0 descriptor??
[  246.376403][ T5936] usb 7-1: selecting invalid altsetting 2
[  246.389630][ T5936] i2c-cp2615 7-1:0.1: probe with driver i2c-cp2615 failed with error -22
[  246.527086][ T9024] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  248.005767][ T5875] usb 7-1: USB disconnect, device number 7
[  248.260343][ T9040] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  248.359429][   T29] audit: type=1400 audit(1731242303.726:493): avc:  denied  { write } for  pid=9041 comm="syz.6.727" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  248.396091][   T29] audit: type=1400 audit(1731242303.736:494): avc:  denied  { getopt } for  pid=9016 comm="syz.4.720" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  249.369093][   T29] audit: type=1400 audit(1731242304.486:495): avc:  denied  { ioctl } for  pid=9048 comm="syz.5.728" path="socket:[20258]" dev="sockfs" ino=20258 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  249.589421][ T5875] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  249.598522][   T29] audit: type=1400 audit(1731242304.976:496): avc:  denied  { map } for  pid=9058 comm="syz.0.730" path="socket:[21243]" dev="sockfs" ino=21243 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  250.101106][   T29] audit: type=1400 audit(1731242304.976:497): avc:  denied  { read } for  pid=9058 comm="syz.0.730" path="socket:[21243]" dev="sockfs" ino=21243 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  250.232875][ T5875] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  250.242184][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.259131][ T5875] usb 2-1: config 0 descriptor??
[  251.500661][ T5875] ath6kl: Failed to submit usb control message: -110
[  251.593378][ T5875] ath6kl: unable to send the bmi data to the device: -110
[  251.595540][ T9085] netlink: 28 bytes leftover after parsing attributes in process `syz.0.737'.
[  251.609433][ T5875] ath6kl: Unable to send get target info: -110
[  251.626690][ T5875] ath6kl: Failed to init ath6kl core: -110
[  251.633353][ T5875] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110
[  251.700965][ T9085] netlink: 'syz.0.737': attribute type 7 has an invalid length.
[  251.708797][ T9085] netlink: 'syz.0.737': attribute type 8 has an invalid length.
[  251.719408][ T9085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.737'.
[  251.850735][ T5936] usb 2-1: USB disconnect, device number 19
[  252.967488][ T9106] bond0: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms
[  253.040025][ T9108] netlink: 'syz.1.743': attribute type 10 has an invalid length.
[  253.079514][ T9108] bridge0: port 3(erspan0) entered blocking state
[  253.086036][ T9108] bridge0: port 3(erspan0) entered forwarding state
[  253.092848][ T9108] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.099949][ T9108] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.107267][ T9108] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.114400][ T9108] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.159865][ T9108] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  253.187137][ T6225] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex
[  253.359493][ T5875] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  253.509541][ T5875] usb 7-1: Using ep0 maxpacket: 16
[  253.632625][ T5875] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  253.655043][ T5875] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  254.249267][ T5875] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  254.260134][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.268146][ T5875] usb 7-1: Product: syz
[  254.276988][ T5875] usb 7-1: Manufacturer: syz
[  254.285793][ T5875] usb 7-1: SerialNumber: syz
[  254.290712][   T29] audit: type=1400 audit(1731242309.176:498): avc:  denied  { read } for  pid=9119 comm="syz.1.748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  254.526692][   T29] audit: type=1400 audit(1731242309.906:499): avc:  denied  { connect } for  pid=9132 comm="syz.0.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  254.676274][ T9110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.697844][ T9110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.315268][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  255.487965][ T5875] usb 7-1: 0:2 : does not exist
[  255.529610][ T5875] usb 7-1: USB disconnect, device number 8
[  256.348017][   T29] audit: type=1400 audit(1731242311.716:500): avc:  denied  { read } for  pid=9142 comm="syz.0.752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  256.673827][ T9163] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49936 sclass=netlink_route_socket pid=9163 comm=syz.1.756
[  257.453197][ T9162] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  257.514669][ T9180] FAULT_INJECTION: forcing a failure.
[  257.514669][ T9180] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.518950][   T29] audit: type=1400 audit(1731242312.896:501): avc:  denied  { append } for  pid=5181 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  257.531690][ T9180] CPU: 1 UID: 0 PID: 9180 Comm: syz.5.764 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  257.561053][ T9180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  257.571089][ T9180] Call Trace:
[  257.574349][ T9180]  <TASK>
[  257.577262][ T9180]  dump_stack_lvl+0x16c/0x1f0
[  257.581926][ T9180]  should_fail_ex+0x497/0x5b0
[  257.586588][ T9180]  _copy_from_user+0x2e/0xd0
[  257.591164][ T9180]  input_event_from_user+0x134/0x3b0
[  257.596432][ T9180]  ? __pfx_input_event_from_user+0x10/0x10
[  257.602219][ T9180]  ? __pfx___might_resched+0x10/0x10
[  257.607487][ T9180]  ? input_inject_event+0x193/0x370
[  257.612671][ T9180]  evdev_write+0x377/0x750
[  257.617073][ T9180]  ? __pfx_evdev_write+0x10/0x10
[  257.622005][ T9180]  ? bpf_lsm_file_permission+0x9/0x10
[  257.627365][ T9180]  ? security_file_permission+0x71/0x210
[  257.632987][ T9180]  ? __pfx_evdev_write+0x10/0x10
[  257.637912][ T9180]  vfs_write+0x24c/0x1150
[  257.642233][ T9180]  ? __fget_files+0x23a/0x3f0
[  257.646899][ T9180]  ? __pfx_lock_release+0x10/0x10
[  257.651904][ T9180]  ? trace_lock_acquire+0x14a/0x1d0
[  257.657108][ T9180]  ? __pfx_vfs_write+0x10/0x10
[  257.661881][ T9180]  ? lock_acquire+0x2f/0xb0
[  257.666367][ T9180]  ? __fget_files+0x40/0x3f0
[  257.670948][ T9180]  ? __fget_files+0x244/0x3f0
[  257.675619][ T9180]  ksys_write+0x1fa/0x260
[  257.679952][ T9180]  ? __pfx_ksys_write+0x10/0x10
[  257.684801][ T9180]  do_syscall_64+0xcd/0x250
[  257.689292][ T9180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.695176][ T9180] RIP: 0033:0x7ff7fa97e719
[  257.699573][ T9180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.719169][ T9180] RSP: 002b:00007ff7fb6b3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  257.727572][ T9180] RAX: ffffffffffffffda RBX: 00007ff7fab35f80 RCX: 00007ff7fa97e719
[  257.735528][ T9180] RDX: 0000000000002250 RSI: 0000000020000040 RDI: 0000000000000003
[  257.743498][ T9180] RBP: 00007ff7fb6b3090 R08: 0000000000000000 R09: 0000000000000000
[  257.751461][ T9180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  257.759423][ T9180] R13: 0000000000000000 R14: 00007ff7fab35f80 R15: 00007ffdbf6f07b8
[  257.767390][ T9180]  </TASK>
[  257.774742][   T29] audit: type=1400 audit(1731242312.896:502): avc:  denied  { write } for  pid=9179 comm="syz.5.764" path="/dev/input/event2" dev="devtmpfs" ino=935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  257.798793][   T29] audit: type=1400 audit(1731242313.176:503): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  257.820887][   T29] audit: type=1400 audit(1731242313.176:504): avc:  denied  { search } for  pid=5181 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  257.842679][   T29] audit: type=1400 audit(1731242313.176:505): avc:  denied  { open } for  pid=5181 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  257.865444][   T29] audit: type=1400 audit(1731242313.176:506): avc:  denied  { getattr } for  pid=5181 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  257.873374][ T9183] netlink: 'syz.0.763': attribute type 10 has an invalid length.
[  257.888306][   T29] audit: type=1400 audit(1731242313.206:507): avc:  denied  { create } for  pid=9174 comm="syz.1.762" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  258.264731][ T5828] Bluetooth: hci3: command 0x0406 tx timeout
[  258.646311][ T9193] bridge_slave_0: left allmulticast mode
[  258.691377][ T9193] bridge_slave_0: left promiscuous mode
[  258.712635][ T9193] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.781750][ T9193] bridge_slave_1: left allmulticast mode
[  258.795684][ T9193] bridge_slave_1: left promiscuous mode
[  258.830091][ T9193] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.620164][   T29] kauditd_printk_skb: 44 callbacks suppressed
[  259.620180][   T29] audit: type=1400 audit(1731242315.006:552): avc:  denied  { create } for  pid=9210 comm="syz.5.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  259.661194][ T9193] bond0: (slave bond_slave_0): Releasing backup interface
[  259.673000][ T9193] bond0: (slave bond_slave_1): Releasing backup interface
[  259.722837][   T29] audit: type=1400 audit(1731242315.006:553): avc:  denied  { create } for  pid=9203 comm="syz.0.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  259.768612][   T29] audit: type=1400 audit(1731242315.006:554): avc:  denied  { connect } for  pid=9210 comm="syz.5.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  259.789470][   T29] audit: type=1400 audit(1731242315.006:555): avc:  denied  { bind } for  pid=9210 comm="syz.5.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  259.797460][ T9223] FAULT_INJECTION: forcing a failure.
[  259.797460][ T9223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  259.828828][ T9223] CPU: 1 UID: 0 PID: 9223 Comm: syz.5.776 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  259.839415][ T9223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  259.849629][ T9223] Call Trace:
[  259.852887][ T9223]  <TASK>
[  259.855791][ T9223]  dump_stack_lvl+0x16c/0x1f0
[  259.860442][ T9223]  should_fail_ex+0x497/0x5b0
[  259.865095][ T9223]  _copy_from_user+0x2e/0xd0
[  259.869672][ T9223]  copy_msghdr_from_user+0x99/0x160
[  259.874846][ T9223]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  259.880643][ T9223]  ? __pfx___lock_acquire+0x10/0x10
[  259.885821][ T9223]  ___sys_sendmsg+0xff/0x1e0
[  259.890385][ T9223]  ? __pfx____sys_sendmsg+0x10/0x10
[  259.895559][ T9223]  ? lock_acquire+0x2f/0xb0
[  259.900034][ T9223]  ? __fget_files+0x40/0x3f0
[  259.904604][ T9223]  ? fdget+0x176/0x210
[  259.908649][ T9223]  __sys_sendmsg+0x117/0x1f0
[  259.913212][ T9223]  ? __pfx___sys_sendmsg+0x10/0x10
[  259.918297][ T9223]  ? __fget_files+0x244/0x3f0
[  259.922955][ T9223]  do_syscall_64+0xcd/0x250
[  259.927431][ T9223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.933299][ T9223] RIP: 0033:0x7ff7fa97e719
[  259.937686][ T9223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.957265][ T9223] RSP: 002b:00007ff7fb6b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  259.965650][ T9223] RAX: ffffffffffffffda RBX: 00007ff7fab35f80 RCX: 00007ff7fa97e719
[  259.973683][ T9223] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[  259.981634][ T9223] RBP: 00007ff7fb6b3090 R08: 0000000000000000 R09: 0000000000000000
[  259.989591][ T9223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.997532][ T9223] R13: 0000000000000000 R14: 00007ff7fab35f80 R15: 00007ffdbf6f07b8
[  260.005479][ T9223]  </TASK>
[  260.009038][   T29] audit: type=1400 audit(1731242315.026:556): avc:  denied  { create } for  pid=9192 comm="syz.6.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  260.028305][   T29] audit: type=1400 audit(1731242315.026:557): avc:  denied  { ioctl } for  pid=9192 comm="syz.6.767" path="socket:[22545]" dev="sockfs" ino=22545 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  260.052819][   T29] audit: type=1400 audit(1731242315.026:558): avc:  denied  { bind } for  pid=9203 comm="syz.0.771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  260.095617][   T29] audit: type=1400 audit(1731242315.026:559): avc:  denied  { name_bind } for  pid=9203 comm="syz.0.771" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  260.159314][ T9193] team0: Port device team_slave_0 removed
[  260.189772][   T29] audit: type=1400 audit(1731242315.026:560): avc:  denied  { node_bind } for  pid=9203 comm="syz.0.771" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  260.243343][ T9193] team0: Port device team_slave_1 removed
[  260.253357][ T9193] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  260.269891][ T9193] batman_adv: batadv0: Removing interface: batadv_slave_0
[  260.313508][ T9193] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  260.321168][   T29] audit: type=1400 audit(1731242315.026:561): avc:  denied  { write } for  pid=9203 comm="syz.0.771" lport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  260.344515][ T9193] batman_adv: batadv0: Removing interface: batadv_slave_1
[  260.396526][ T9204] dummy0: entered promiscuous mode
[  260.429445][ T9199] netlink: 4 bytes leftover after parsing attributes in process `syz.6.767'.
[  260.556822][ T9217] netlink: 24 bytes leftover after parsing attributes in process `syz.1.774'.
[  260.678462][ T9229] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9229 comm=syz.0.771
[  260.790125][   T45] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  260.959840][   T45] usb 5-1: Using ep0 maxpacket: 16
[  260.973404][   T45] usb 5-1: config 0 has an invalid interface number: 214 but max is 1
[  260.999988][   T45] usb 5-1: config 0 has an invalid interface number: 10 but max is 1
[  261.087660][   T45] usb 5-1: config 0 has no interface number 0
[  261.117768][   T45] usb 5-1: config 0 has no interface number 1
[  261.129137][   T45] usb 5-1: config 0 interface 214 altsetting 0 has a duplicate endpoint with address 0x3, skipping
[  261.152790][   T45] usb 5-1: config 0 interface 214 altsetting 0 has an endpoint descriptor with address 0xB4, changing to 0x84
[  261.164640][   T45] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x84 has an invalid bInterval 21, changing to 8
[  261.175872][   T45] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x84 has invalid maxpacket 9284, setting to 1024
[  261.187175][   T45] usb 5-1: config 0 interface 214 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  261.200262][   T45] usb 5-1: config 0 interface 10 has no altsetting 0
[  261.232432][   T45] usb 5-1: New USB device found, idVendor=1b80, idProduct=e425, bcdDevice=3d.92
[  261.256164][   T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.272980][   T45] usb 5-1: Product: syz
[  261.277216][   T45] usb 5-1: Manufacturer: syz
[  261.284373][   T45] usb 5-1: SerialNumber: syz
[  261.330647][   T45] usb 5-1: config 0 descriptor??
[  261.350588][ T9228] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  261.370034][ T9228] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  261.620223][   T45] em28xx 5-1:0.214: New device syz syz @ 480 Mbps (1b80:e425, interface 214, class 214)
[  261.630036][   T45] em28xx 5-1:0.214: DVB interface 214 found: bulk
[  261.720558][   T45] em28xx 5-1:0.214: unknown em28xx chip ID (0)
[  261.795556][   T45] em28xx 5-1:0.214: reading from i2c device at 0xa0 failed (error=-5)
[  261.804659][   T45] em28xx 5-1:0.214: board has no eeprom
[  261.869383][   T45] em28xx 5-1:0.214: Identified as MaxMedia UB425-TC (card=84)
[  261.888635][   T45] em28xx 5-1:0.214: dvb set to bulk mode.
[  261.905553][ T5936] em28xx 5-1:0.214: Binding DVB extension
[  261.953418][   T45] usb 5-1: USB disconnect, device number 12
[  261.996632][   T45] em28xx 5-1:0.214: Disconnecting em28xx
[  262.026266][ T5936] DVB: Unable to find symbol drxk_attach()
[  262.058440][ T5936] em28xx 5-1:0.214: frontend initialization failed
[  262.086783][ T5936] em28xx 5-1:0.214: Registering input extension
[  262.133441][   T45] em28xx 5-1:0.214: Closing input extension
[  262.185437][   T45] em28xx 5-1:0.214: Freeing device
[  262.434891][   T45] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  262.443884][   T45] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  263.631080][ T9265] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  264.144667][ T9265] batadv_slave_0: entered promiscuous mode
[  264.329977][ T5875] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  264.579446][    T9] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  264.634972][   T29] kauditd_printk_skb: 34 callbacks suppressed
[  264.634982][   T29] audit: type=1400 audit(1731242320.016:596): avc:  denied  { write } for  pid=9285 comm="syz.0.795" path="socket:[21764]" dev="sockfs" ino=21764 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  264.775408][   T29] audit: type=1400 audit(1731242320.156:597): avc:  denied  { map_read map_write } for  pid=9293 comm="syz.1.798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  264.821793][   T29] audit: type=1400 audit(1731242320.156:598): avc:  denied  { read } for  pid=9298 comm="syz.5.799" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  264.844212][    C1] vkms_vblank_simulate: vblank timer overrun
[  264.942540][   T29] audit: type=1400 audit(1731242320.156:599): avc:  denied  { open } for  pid=9298 comm="syz.5.799" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  264.975992][    T9] usb 5-1: Using ep0 maxpacket: 16
[  264.988323][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  265.024053][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  265.829400][   T29] audit: type=1400 audit(1731242320.156:600): avc:  denied  { setopt } for  pid=9293 comm="syz.1.798" lport=8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  265.849702][   T29] audit: type=1400 audit(1731242320.436:601): avc:  denied  { getopt } for  pid=9294 comm="syz.0.800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  265.866105][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.912178][   T29] audit: type=1400 audit(1731242320.436:602): avc:  denied  { listen } for  pid=9294 comm="syz.0.800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  265.931624][   T29] audit: type=1400 audit(1731242320.436:603): avc:  denied  { accept } for  pid=9294 comm="syz.0.800" lport=55309 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  265.954852][   T29] audit: type=1400 audit(1731242320.496:604): avc:  denied  { write } for  pid=9294 comm="syz.0.800" name="video36" dev="devtmpfs" ino=1044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  265.977886][    C1] vkms_vblank_simulate: vblank timer overrun
[  265.984072][   T29] audit: type=1400 audit(1731242321.176:605): avc:  denied  { mounton } for  pid=9298 comm="syz.5.799" path="/145/file0" dev="tmpfs" ino=787 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  266.006391][    C1] vkms_vblank_simulate: vblank timer overrun
[  266.165226][    T9] usb 5-1: Product: syz
[  266.169511][    T9] usb 5-1: Manufacturer: syz
[  266.174202][    T9] usb 5-1: SerialNumber: syz
[  266.183457][    T9] usb 5-1: config 0 descriptor??
[  266.192187][    T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  266.202683][    T9] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  266.802628][ T9332] fuse: Unknown parameter '��'
[  266.842782][    T9] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  266.891977][ T9332] input: syz0 as /devices/virtual/input/input18
[  267.225508][   T45] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  267.411603][   T45] usb 1-1: New USB device found, idVendor=0bda, idProduct=0139, bcdDevice=b4.99
[  267.464284][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.594904][   T45] usb 1-1: Product: syz
[  267.662506][   T45] usb 1-1: Manufacturer: syz
[  267.783562][ T9349] FAULT_INJECTION: forcing a failure.
[  267.783562][ T9349] name failslab, interval 1, probability 0, space 0, times 0
[  267.804779][ T9349] CPU: 0 UID: 0 PID: 9349 Comm: syz.1.815 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  267.815386][ T9349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  267.825444][ T9349] Call Trace:
[  267.828720][ T9349]  <TASK>
[  267.831646][ T9349]  dump_stack_lvl+0x16c/0x1f0
[  267.836333][ T9349]  should_fail_ex+0x497/0x5b0
[  267.841011][ T9349]  ? fs_reclaim_acquire+0xae/0x150
[  267.846122][ T9349]  should_failslab+0xc2/0x120
[  267.850803][ T9349]  __kmalloc_cache_noprof+0x6b/0x300
[  267.856089][ T9349]  ? nfnl_err_add+0x4e/0x2d0
[  267.860694][ T9349]  nfnl_err_add+0x4e/0x2d0
[  267.865120][ T9349]  nfnetlink_rcv_batch+0xe40/0x24e0
[  267.870153][   T45] usb 1-1: SerialNumber: syz
[  267.870329][ T9349]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  267.880515][ T9349]  ? avc_has_perm_noaudit+0x119/0x3a0
[  267.885885][ T9349]  ? avc_has_perm_noaudit+0x143/0x3a0
[  267.891285][ T9349]  ? __nla_parse+0x40/0x60
[  267.895690][ T9349]  nfnetlink_rcv+0x3c3/0x430
[  267.900271][ T9349]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  267.905376][ T9349]  netlink_unicast+0x53c/0x7f0
[  267.910125][ T9349]  ? __pfx_netlink_unicast+0x10/0x10
[  267.915396][ T9349]  netlink_sendmsg+0x8b8/0xd70
[  267.920145][ T9349]  ? __pfx_netlink_sendmsg+0x10/0x10
[  267.925416][ T9349]  ____sys_sendmsg+0xaaf/0xc90
[  267.930170][ T9349]  ? copy_msghdr_from_user+0x10b/0x160
[  267.935613][ T9349]  ? __pfx_____sys_sendmsg+0x10/0x10
[  267.940889][ T9349]  ? __pfx___lock_acquire+0x10/0x10
[  267.946071][ T9349]  ___sys_sendmsg+0x135/0x1e0
[  267.950735][ T9349]  ? __pfx____sys_sendmsg+0x10/0x10
[  267.955925][ T9349]  ? lock_acquire+0x2f/0xb0
[  267.960409][ T9349]  ? __fget_files+0x40/0x3f0
[  267.964997][ T9349]  ? fdget+0x176/0x210
[  267.969053][ T9349]  __sys_sendmsg+0x117/0x1f0
[  267.973627][ T9349]  ? __pfx___sys_sendmsg+0x10/0x10
[  267.978722][ T9349]  ? bpf_trace_run2+0x2a6/0x590
[  267.983567][ T9349]  ? rcu_is_watching+0x12/0xc0
[  267.988315][ T9349]  do_syscall_64+0xcd/0x250
[  267.992800][ T9349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.998680][ T9349] RIP: 0033:0x7f8b9317e719
[  268.003077][ T9349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  268.022669][ T9349] RSP: 002b:00007f8b93ec4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  268.031065][ T9349] RAX: ffffffffffffffda RBX: 00007f8b93335f80 RCX: 00007f8b9317e719
[  268.039024][ T9349] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  268.046974][ T9349] RBP: 00007f8b93ec4090 R08: 0000000000000000 R09: 0000000000000000
[  268.054929][ T9349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.062884][ T9349] R13: 0000000000000000 R14: 00007f8b93335f80 R15: 00007ffe463bf718
[  268.070847][ T9349]  </TASK>
[  268.113602][   T45] usb 1-1: config 0 descriptor??
[  268.269616][   T45] rtsx_usb 1-1:0.0: probe with driver rtsx_usb failed with error -22
[  268.651440][    T9] em28xx 5-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  268.660918][    T9] em28xx 5-1:0.0: board has no eeprom
[  268.721016][    T9] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  268.756534][    T9] em28xx 5-1:0.0: dvb set to bulk mode.
[  268.824931][  T968] em28xx 5-1:0.0: Binding DVB extension
[  268.875795][ T9352] blktrace: Concurrent blktraces are not allowed on nullb0
[  268.917579][    T9] usb 5-1: USB disconnect, device number 13
[  268.969726][ T5929] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  268.999589][    T9] em28xx 5-1:0.0: Disconnecting em28xx
[  269.155986][  T968] em28xx 5-1:0.0: Registering input extension
[  269.169576][ T5929] usb 2-1: Using ep0 maxpacket: 16
[  269.169640][    T9] em28xx 5-1:0.0: Closing input extension
[  269.199179][  T968] usb 1-1: USB disconnect, device number 14
[  269.207632][    T9] em28xx 5-1:0.0: Freeing device
[  269.211172][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.234396][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.244749][ T5929] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  269.253861][ T5929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.280155][ T5929] usb 2-1: config 0 descriptor??
[  269.287650][ T9361] 9pnet_fd: Insufficient options for proto=fd
[  269.651032][   T29] kauditd_printk_skb: 36 callbacks suppressed
[  269.651059][   T29] audit: type=1400 audit(1731242325.038:642): avc:  denied  { write } for  pid=9355 comm="syz.1.816" path="socket:[21990]" dev="sockfs" ino=21990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  269.847403][   T29] audit: type=1400 audit(1731242325.068:643): avc:  denied  { create } for  pid=9353 comm="syz.5.817" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  269.877781][   T29] audit: type=1400 audit(1731242325.088:644): avc:  denied  { write } for  pid=9355 comm="syz.1.816" name="001" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  270.439671][ T5929] usbhid 2-1:0.0: can't add hid device: -71
[  270.445671][ T5929] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  270.457888][ T5929] usb 2-1: USB disconnect, device number 21
[  270.948130][   T29] audit: type=1400 audit(1731242326.328:645): avc:  denied  { create } for  pid=9384 comm="syz.6.825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  271.121571][ T9391] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  271.139464][ T9391] Cannot find set identified by id 0 to match
[  271.166068][ T5839] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  271.279630][   T29] audit: type=1400 audit(1731242326.538:646): avc:  denied  { write } for  pid=9390 comm="syz.4.828" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  271.571149][ T9401] openvswitch: netlink: Actions may not be safe on all matching packets
[  271.665104][   T29] audit: type=1400 audit(1731242327.028:647): avc:  denied  { remount } for  pid=9393 comm="syz.5.829" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  272.250949][ T9410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.834'.
[  272.286355][ T9410] macvtap1: entered promiscuous mode
[  272.291799][ T9410] bond0: entered promiscuous mode
[  272.297259][ T9410] macvtap1: entered allmulticast mode
[  272.303027][ T9410] bond0: entered allmulticast mode
[  272.308525][ T9410] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  272.362330][ T9411] bond0: left allmulticast mode
[  272.376032][ T9411] bond0: left promiscuous mode
[  272.693909][   T29] audit: type=1400 audit(1731242327.808:648): avc:  denied  { write } for  pid=9384 comm="syz.6.825" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  272.713017][   T29] audit: type=1400 audit(1731242327.828:649): avc:  denied  { watch watch_reads } for  pid=9404 comm="syz.1.831" path="/169" dev="tmpfs" ino=932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  272.736115][   T29] audit: type=1400 audit(1731242327.858:650): avc:  denied  { ioctl } for  pid=9404 comm="syz.1.831" path="socket:[22898]" dev="sockfs" ino=22898 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  272.762131][   T29] audit: type=1400 audit(1731242328.138:651): avc:  denied  { unmount } for  pid=7484 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  272.904665][ T9422] netlink: 28 bytes leftover after parsing attributes in process `syz.6.836'.
[  272.921575][ T9422] netlink: 28 bytes leftover after parsing attributes in process `syz.6.836'.
[  272.949562][    T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  273.131559][    T9] usb 5-1: Using ep0 maxpacket: 16
[  273.138060][    T9] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  273.148724][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  273.159625][    T9] usb 5-1: config 0 has no interface number 0
[  273.171148][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  273.181045][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.209401][    T9] usb 5-1: Product: syz
[  273.217384][    T9] usb 5-1: Manufacturer: syz
[  273.228694][    T9] usb 5-1: SerialNumber: syz
[  273.253289][    T9] usb 5-1: config 0 descriptor??
[  273.966062][ T9418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  273.975177][ T9418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  273.984352][ T5929] usb 5-1: USB disconnect, device number 14
[  274.100164][ T9431] input: syz1 as /devices/virtual/input/input20
[  274.181166][ T9437] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.841'.
[  274.250059][ T9437] sysfs: cannot create duplicate filename '/class/ieee80211/�!'
[  274.268113][ T9437] CPU: 0 UID: 0 PID: 9437 Comm: syz.1.841 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  274.279327][ T9437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  274.289388][ T9437] Call Trace:
[  274.292668][ T9437]  <TASK>
[  274.295600][ T9437]  dump_stack_lvl+0x16c/0x1f0
[  274.300285][ T9437]  sysfs_warn_dup+0x7f/0xa0
[  274.304794][ T9437]  sysfs_do_create_link_sd+0x124/0x140
[  274.310266][ T9437]  sysfs_create_link+0x61/0xc0
[  274.315043][ T9437]  device_add+0x62e/0x1a70
[  274.319474][ T9437]  ? __pfx_device_add+0x10/0x10
[  274.324360][ T9437]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  274.330272][ T9437]  ? ieee80211_set_bitrate_flags+0x249/0x6a0
[  274.336278][ T9437]  wiphy_register+0x2101/0x2d00
[  274.341149][ T9437]  ? __pfx_wiphy_register+0x10/0x10
[  274.346358][ T9437]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  274.352526][ T9437]  ieee80211_register_hw+0x2aaa/0x41b0
[  274.358006][ T9437]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  274.363821][ T9437]  ? net_generic+0xea/0x2a0
[  274.368344][ T9437]  ? __asan_memset+0x23/0x50
[  274.372937][ T9437]  ? __hrtimer_init+0x106/0x2c0
[  274.377790][ T9437]  mac80211_hwsim_new_radio+0x304e/0x54d0
[  274.383526][ T9437]  ? trace_kmalloc+0x2d/0xe0
[  274.388120][ T9437]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  274.394195][ T9437]  ? hwsim_new_radio_nl+0x9ff/0x12b0
[  274.399484][ T9437]  ? __asan_memcpy+0x3c/0x60
[  274.404077][ T9437]  hwsim_new_radio_nl+0xb42/0x12b0
[  274.409192][ T9437]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  274.414751][ T9437]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  274.422127][ T9437]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  274.429519][ T9437]  genl_family_rcv_msg_doit+0x202/0x2f0
[  274.435075][ T9437]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  274.441157][ T9437]  ? bpf_lsm_capable+0x9/0x10
[  274.445846][ T9437]  ? security_capable+0x7e/0x260
[  274.450827][ T9437]  ? ns_capable+0xd7/0x110
[  274.455254][ T9437]  genl_rcv_msg+0x565/0x800
[  274.459767][ T9437]  ? __pfx_genl_rcv_msg+0x10/0x10
[  274.464799][ T9437]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  274.470365][ T9437]  netlink_rcv_skb+0x16b/0x440
[  274.475132][ T9437]  ? __pfx_genl_rcv_msg+0x10/0x10
[  274.480162][ T9437]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  274.485461][ T9437]  ? down_read+0xc9/0x330
[  274.489796][ T9437]  ? __pfx_down_read+0x10/0x10
[  274.494563][ T9437]  ? netlink_deliver_tap+0x1ae/0xd90
[  274.499865][ T9437]  genl_rcv+0x28/0x40
[  274.503850][ T9437]  netlink_unicast+0x53c/0x7f0
[  274.508617][ T9437]  ? __pfx_netlink_unicast+0x10/0x10
[  274.513908][ T9437]  ? const_folio_flags.constprop.0+0x56/0x150
[  274.519997][ T9437]  netlink_sendmsg+0x8b8/0xd70
[  274.524769][ T9437]  ? __pfx_netlink_sendmsg+0x10/0x10
[  274.530095][ T9437]  ____sys_sendmsg+0xaaf/0xc90
[  274.534870][ T9437]  ? copy_msghdr_from_user+0x10b/0x160
[  274.540330][ T9437]  ? __pfx_____sys_sendmsg+0x10/0x10
[  274.545632][ T9437]  ? __pfx___lock_acquire+0x10/0x10
[  274.550832][ T9437]  ___sys_sendmsg+0x135/0x1e0
[  274.555517][ T9437]  ? __pfx____sys_sendmsg+0x10/0x10
[  274.560735][ T9437]  ? lock_acquire+0x2f/0xb0
[  274.565238][ T9437]  ? __fget_files+0x40/0x3f0
[  274.569854][ T9437]  ? fdget+0x176/0x210
[  274.573938][ T9437]  __sys_sendmsg+0x117/0x1f0
[  274.578533][ T9437]  ? __pfx___sys_sendmsg+0x10/0x10
[  274.583652][ T9437]  ? __x64_sys_futex+0x1e1/0x4c0
[  274.588614][ T9437]  do_syscall_64+0xcd/0x250
[  274.593123][ T9437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.599023][ T9437] RIP: 0033:0x7f8b9317e719
[  274.603438][ T9437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.623081][ T9437] RSP: 002b:00007f8b93ec4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  274.631505][ T9437] RAX: ffffffffffffffda RBX: 00007f8b93335f80 RCX: 00007f8b9317e719
[  274.639505][ T9437] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  274.647479][ T9437] RBP: 00007f8b931f139e R08: 0000000000000000 R09: 0000000000000000
[  274.655453][ T9437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  274.663426][ T9437] R13: 0000000000000000 R14: 00007f8b93335f80 R15: 00007ffe463bf718
[  274.671414][ T9437]  </TASK>
[  275.439749][ T5936] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  275.739852][ T5936] usb 5-1: Using ep0 maxpacket: 8
[  275.747111][ T5936] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  275.755150][ T5936] usb 5-1: config 0 has no interface number 0
[  275.763172][ T5936] usb 5-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=f7.92
[  275.772427][ T5936] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.783972][ T5936] usb 5-1: Product: syz
[  275.788292][ T5936] usb 5-1: Manufacturer: syz
[  275.795684][ T5936] usb 5-1: SerialNumber: syz
[  275.901638][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  275.901680][   T29] audit: type=1400 audit(1731242331.228:654): avc:  denied  { name_bind } for  pid=9449 comm="syz.1.845" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  276.261763][   T29] audit: type=1400 audit(1731242331.228:655): avc:  denied  { node_bind } for  pid=9449 comm="syz.1.845" saddr=::1 src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  276.371432][ T5936] usb 5-1: config 0 descriptor??
[  276.407210][ T5936] usb 5-1: selecting invalid altsetting 2
[  276.410080][   T29] audit: type=1400 audit(1731242331.368:656): avc:  denied  { unlink } for  pid=9449 comm="syz.1.845" name="#1a" dev="tmpfs" ino=964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  276.421687][ T5936] i2c-cp2615 5-1:0.1: probe with driver i2c-cp2615 failed with error -22
[  276.499665][ T5929] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  276.599179][   T29] audit: type=1400 audit(1731242331.768:657): avc:  denied  { listen } for  pid=9454 comm="syz.6.847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  276.695740][ T5929] usb 6-1: config 0 interface 0 altsetting 65 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  276.709400][ T5929] usb 6-1: config 0 interface 0 altsetting 65 endpoint 0x81 has invalid wMaxPacketSize 0
[  276.719262][ T5929] usb 6-1: config 0 interface 0 has no altsetting 0
[  276.726112][ T5929] usb 6-1: New USB device found, idVendor=1e71, idProduct=2010, bcdDevice= 0.00
[  276.735283][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.788920][ T5929] usb 6-1: config 0 descriptor??
[  277.253455][ T9473] hub 2-0:1.0: USB hub found
[  277.260873][ T9473] hub 2-0:1.0: 1 port detected
[  277.696772][ T5929] nzxt-smart2 0003:1E71:2010.000C: hidraw0: USB HID v0.05 Device [HID 1e71:2010] on usb-dummy_hcd.5-1/input0
[  277.756108][   T45] usb 5-1: USB disconnect, device number 15
[  277.891299][ T9476] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9476 comm=syz.4.853
[  277.919537][ T5929] usb 6-1: USB disconnect, device number 13
[  277.985225][ T9476] ip6gretap1: entered promiscuous mode
[  278.158816][ T9490] netdevsim netdevsim6: Direct firmware load for itch failed with error -2
[  278.167813][ T9490] netdevsim netdevsim6: Falling back to sysfs fallback for: itch
[  278.950611][   T29] audit: type=1400 audit(1731242334.338:658): avc:  denied  { create } for  pid=9491 comm="syz.6.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  279.009843][ T9492] CIFS: VFS: Malformed UNC in devname
[  279.068343][   T29] audit: type=1400 audit(1731242334.388:659): avc:  denied  { listen } for  pid=9491 comm="syz.6.859" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  279.644428][ T9483] kvm: emulating exchange as write
[  279.768917][  T968] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  279.884845][ T9507] netlink: 28 bytes leftover after parsing attributes in process `syz.1.862'.
[  279.893841][ T9507] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  279.912181][ T5824] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  279.939465][  T968] usb 7-1: Using ep0 maxpacket: 16
[  280.011834][  T968] usb 7-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=e8.cf
[  280.069484][ T5824] usb 5-1: Using ep0 maxpacket: 8
[  280.649480][  T968] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.669017][ T5824] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.680190][ T9511] netlink: 8 bytes leftover after parsing attributes in process `syz.1.863'.
[  280.700809][   T29] audit: type=1400 audit(1731242335.968:660): avc:  denied  { create } for  pid=9496 comm="syz.5.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  280.701098][  T968] usb 7-1: Product: syz
[  280.758202][ T5824] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  280.823808][ T5824] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  280.962724][ T5824] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  280.972623][  T968] usb 7-1: Manufacturer: syz
[  280.984598][  T968] usb 7-1: SerialNumber: syz
[  281.008778][ T5824] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.030450][   T29] audit: type=1400 audit(1731242336.408:661): avc:  denied  { create } for  pid=9496 comm="syz.5.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  281.032145][  T968] usb 7-1: config 0 descriptor??
[  281.055625][   T29] audit: type=1400 audit(1731242336.408:662): avc:  denied  { ioctl } for  pid=9496 comm="syz.5.860" path="socket:[22215]" dev="sockfs" ino=22215 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  281.058029][ T5824] usb 5-1: Product: syz
[  281.080334][    C1] vkms_vblank_simulate: vblank timer overrun
[  281.080824][   T29] audit: type=1400 audit(1731242336.438:663): avc:  denied  { shutdown } for  pid=9514 comm="syz.1.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  281.085963][ T5824] usb 5-1: Manufacturer: syz
[  281.118572][  T968] cypress_cy7c63 7-1:0.0: Cypress CY7C63xxx device now attached
[  281.133353][ T5824] usb 5-1: SerialNumber: syz
[  281.139385][   T29] audit: type=1400 audit(1731242336.518:664): avc:  denied  { write } for  pid=5181 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  281.160880][   T29] audit: type=1400 audit(1731242336.518:665): avc:  denied  { remove_name } for  pid=5181 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  281.183358][    C1] vkms_vblank_simulate: vblank timer overrun
[  281.190002][   T29] audit: type=1400 audit(1731242336.518:666): avc:  denied  { rename } for  pid=5181 comm="syslogd" name="messages" dev="tmpfs" ino=8 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  281.212360][   T29] audit: type=1400 audit(1731242336.518:667): avc:  denied  { add_name } for  pid=5181 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  281.234753][    C1] vkms_vblank_simulate: vblank timer overrun
[  281.241161][   T29] audit: type=1400 audit(1731242336.518:668): avc:  denied  { unlink } for  pid=5181 comm="syslogd" name="messages.0" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  281.263459][    C1] vkms_vblank_simulate: vblank timer overrun
[  281.269546][   T29] audit: type=1400 audit(1731242336.518:669): avc:  denied  { create } for  pid=5181 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  281.275335][ T9523] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  281.290450][   T29] audit: type=1400 audit(1731242336.648:670): avc:  denied  { bind } for  pid=9513 comm="syz.0.864" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  281.342265][ T5875] usb 7-1: USB disconnect, device number 9
[  281.351656][ T5875] cypress_cy7c63 7-1:0.0: Cypress CY7C63xxx device now disconnected
[  281.913368][ T9534] 9pnet_fd: Insufficient options for proto=fd
[  281.965525][ T9536] sch_fq: defrate 0 ignored.
[  282.019901][ T9537] xt_cluster: node mask cannot exceed total number of nodes
[  282.054630][ T9539] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9539 comm=syz.6.873
[  282.069935][  T968] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  282.086729][ T9539] netlink: 64 bytes leftover after parsing attributes in process `syz.6.873'.
[  282.229796][  T968] usb 1-1: Using ep0 maxpacket: 32
[  282.380487][  T968] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  282.401774][  T968] usb 1-1: config 0 has no interface number 0
[  282.981165][ T5824] cdc_ncm 5-1:1.0: bind() failure
[  282.994259][ T5824] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  283.026271][ T5824] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  283.038735][  T968] usb 1-1: New USB device found, idVendor=0856, idProduct=ac29, bcdDevice=a8.3c
[  283.053031][  T968] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.064521][  T968] usb 1-1: Product: syz
[  283.131016][  T968] usb 1-1: Manufacturer: syz
[  283.135641][  T968] usb 1-1: SerialNumber: syz
[  283.142627][  T968] usb 1-1: config 0 descriptor??
[  283.148493][ T5824] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  283.162557][ T5824] usb 5-1: USB disconnect, device number 16
[  283.493590][ T9572] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43024 sclass=netlink_route_socket pid=9572 comm=syz.4.880
[  284.268421][ T9573] overlayfs: failed to resolve './file0': -2
[  284.320359][  T968] mos7840 1-1:0.186: missing endpoints
[  284.327548][  T968] usb 1-1: USB disconnect, device number 15
[  284.399434][    T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  284.456816][ T5929] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  284.609420][    T9] usb 2-1: Using ep0 maxpacket: 32
[  284.616091][    T9] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  284.629433][    T9] usb 2-1: config 0 has no interface number 0
[  284.637406][    T9] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  284.653814][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.664800][    T9] usb 2-1: Product: syz
[  284.668975][    T9] usb 2-1: Manufacturer: syz
[  284.676573][    T9] usb 2-1: SerialNumber: syz
[  284.685588][    T9] usb 2-1: config 0 descriptor??
[  284.699416][ T5929] usb 6-1: Using ep0 maxpacket: 32
[  284.702205][    T9] smsc95xx v2.0.0
[  284.706622][ T5929] usb 6-1: config 1 interface 0 has no altsetting 0
[  284.716584][ T5929] usb 6-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.40
[  284.725703][ T5929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.733767][ T5929] usb 6-1: Product: 穜ꘈ퉂솮狞Ꙩ쑀๼컆犇躸䞎矺婵셖죈횺㌂怣刌轨낲谋
[  284.743793][ T5929] usb 6-1: Manufacturer: Ї
[  284.748378][ T5929] usb 6-1: SerialNumber: 庑ᡣ䵳쥺蓩䲉豍췡嶦懘㙋拞栘䁪勵磭ၻ䀨搒ౚ⻛紝䩥㡎廪ﮛ鴟ꇘ喪ꛡᦡ걻앩轉鷦⾧껋⫵鎉퓀ᜥ㜙祣
[  284.819561][  T965] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  285.045084][  T965] usb 7-1: Using ep0 maxpacket: 32
[  285.067823][  T965] usb 7-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  285.146708][  T965] usb 7-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  285.224755][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  285.232869][  T965] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.235874][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  285.258193][  T965] usb 7-1: Product: syz
[  285.262584][  T965] usb 7-1: Manufacturer: syz
[  285.271786][  T965] usb 7-1: SerialNumber: syz
[  285.274198][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  285.295963][    T9] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -32
[  285.471170][ T5929] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input21
[  285.507839][ T5929] usb 6-1: USB disconnect, device number 14
[  285.516298][  T965] usb 7-1: selecting invalid altsetting 1
[  285.540911][  T965] LME2510(C): Firmware Status: 00 00 00 00 00 00
[  285.540978][  T965] dvb_usb_lmedm04 7-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  285.564099][ T9603] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24593 sclass=netlink_route_socket pid=9603 comm=syz.4.892
[  285.565656][  T965] usb 7-1: USB disconnect, device number 10
[  285.596947][ T9607] FAULT_INJECTION: forcing a failure.
[  285.596947][ T9607] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.610941][ T9607] CPU: 1 UID: 0 PID: 9607 Comm: syz.0.895 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  285.621538][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  285.631597][ T9607] Call Trace:
[  285.634873][ T9607]  <TASK>
[  285.637832][ T9607]  dump_stack_lvl+0x16c/0x1f0
[  285.642509][ T9607]  should_fail_ex+0x497/0x5b0
[  285.647166][ T9607]  _copy_from_user+0x2e/0xd0
[  285.651752][ T9607]  kstrtouint_from_user+0xd7/0x1c0
[  285.657388][ T9607]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  285.663106][ T9607]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  285.668746][ T9607]  proc_fail_nth_write+0x84/0x250
[  285.673774][ T9607]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  285.679420][ T9607]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  285.685058][ T9607]  vfs_write+0x24c/0x1150
[  285.689404][ T9607]  ? __fget_files+0x23a/0x3f0
[  285.694089][ T9607]  ? fdget_pos+0x24c/0x360
[  285.698495][ T9607]  ? __pfx_lock_release+0x10/0x10
[  285.703497][ T9607]  ? trace_lock_acquire+0x14a/0x1d0
[  285.708674][ T9607]  ? __pfx_vfs_write+0x10/0x10
[  285.713428][ T9607]  ? __pfx___mutex_lock+0x10/0x10
[  285.718462][ T9607]  ? __fget_files+0x244/0x3f0
[  285.723138][ T9607]  ksys_write+0x12f/0x260
[  285.727481][ T9607]  ? __pfx_ksys_write+0x10/0x10
[  285.732345][ T9607]  do_syscall_64+0xcd/0x250
[  285.736845][ T9607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  285.742721][ T9607] RIP: 0033:0x7f0e1ef7d1ff
[  285.747127][ T9607] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
[  285.766714][ T9607] RSP: 002b:00007f0e1fdc7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  285.775107][ T9607] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0e1ef7d1ff
[  285.783056][ T9607] RDX: 0000000000000001 RSI: 00007f0e1fdc70a0 RDI: 0000000000000003
[  285.791010][ T9607] RBP: 00007f0e1fdc7090 R08: 0000000000000000 R09: 0000000000000000
[  285.798979][ T9607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  285.806925][ T9607] R13: 0000000000000000 R14: 00007f0e1f135f80 R15: 00007ffed3abdad8
[  285.814895][ T9607]  </TASK>
[  285.818087][    C1] vkms_vblank_simulate: vblank timer overrun
Nov 10 12:39:01 syzkaller daemon.err dhcpcd[5493]: ps_sendpsmmsg: Connection refused
Nov 10 12:39:01 syzkaller daemon.err dhcpcd[5493]: ps_root_recvmsgcb: failed to send message to pid 8657: Connection refused
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.610941][ T9607] CPU: 1 UID: 0 PID: 9607 Comm: syz.0.895 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.621538][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Nov 10 12:39:01 syzkaller kern.warn kernel[  285.875143][ T5936] usb 2-1: USB disconnect, device number 22
: [  285.631597][ T9607] Call Trace:
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.634873][ T9607]  <TASK>
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.637832][ T9607]  dump_stack_lvl+0x16c/0x1f0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.642509][ T9607]  should_fail_ex+0x497/0x5b0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.647166][ T9607]  _copy_from_user+0x2e/0xd0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.651752][ T9607]  kstrtouint_from_user+0xd7/0x1c0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.657388][ T9607]  ? __pfx_kstrtouint_fro[  285.934511][ T9616] ALSA: mixer_oss: invalid OSS volume ''
m_user+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.663106][ T9607]  ? __pfx_lock_acquire.part.0+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.668746][ T9607]  proc_fail_nth_write+0x84/0x250
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.673774][ T9607]  ? __pfx_proc_fail_nth_write+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.679420][ T9607]  ? __pfx_proc_fail_nth_write+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.685058][ T9607]  vfs_write+0x24c/0x1150
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.689404][ T9607]  ? __fget_files+0x23a/0x3f0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.694089][ T9607]  ? fdget_pos+0x24c/0x360
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.698495][ T9607]  ? __pfx_lock_release+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.703497][ T9607]  ? trace_lock_acquire+0x14a/0x1d0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.708674][ T9607]  ? __pfx_vfs_write+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.713428][ T9607]  ? __pfx___mutex_lock+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.718462][ T9607]  ? __fget_file[  286.044187][   T29] kauditd_printk_skb: 164 callbacks suppressed
s+0x244/0x3f0
N[  286.044201][   T29] audit: type=1400 audit(1731242341.428:835): avc:  denied  { read write } for  pid=5821 comm="syz-executor" name="loop1" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
ov 10 12:39:01 syzkaller kern.warn kernel: [  285.723138][ T9607]  ksys_write+0x12f/0x260
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.727481][ T9607]  ? __pfx_ksys_write+0x10/0x10
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.732345][ T9607]  do_syscall_64+0xcd/0x250
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.736845][ T9607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
Nov 10 [  286.111220][   T29] audit: type=1400 audit(1731242341.428:836): avc:  denied  { read write } for  pid=5822 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0
12:39:01 syzkall[  286.135484][    C1] vkms_vblank_simulate: vblank timer overrun
er kern.warn kernel: [  285.742721][ T9607] RIP: 0033:0x7f0e1ef7d1ff
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.747127][ T9607] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48
Nov 10 12:39:0[  286.172599][   T29] audit: type=1400 audit(1731242341.468:837): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0
1 syzkaller kern.warn kernel: [  285.766714][ T9607] RSP: 002b:00007f0e1fdc7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.775107][ T9607] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0e1ef7d1ff
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.783056][ T9607] RDX: 0000000000000001 RSI: 00007f0e1fdc70a[  286.227095][   T29] audit: type=1400 audit(1731242341.468:838): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0
0 RDI: 000000000[  286.249149][    C1] vkms_vblank_simulate: vblank timer overrun
0000003
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.791010][ T9607] RBP: 00007f0e1fdc7090 R08: 0000000000000000 R09: 0000000000000000
Nov 10 12:39:01 syzkaller kern.warn kernel: [  28[  286.272951][ T9634] SET target dimension over the limit!
5.798979][ T9607] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.806925][ T9607] R13: 0000000000000000 R14: 00007f0e1f135f80 R15: 00007ffed3abdad8
Nov 10 12:39:01 syzka[  286.298900][   T29] audit: type=1400 audit(1731242341.478:839): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0
ller kern.warn kernel: [  285.814895][ T9607]  </TASK>
Nov 10 12:39:01 syzkaller kern.warn kernel: [  285.818087][    C1] vkms_vblank_simulate: vblank timer overrun
Nov 10 12:39:01 syzkaller kern.info kernel: [  285.875143][ T5936] usb 2-1: USB disconnect, device number 22
Nov 10 12:39:01 syzkaller kern.err kernel: [  285.934511][ T9616] ALSA: mixer_oss: invalid OSS volume ''
Nov 10 12:39:01 syzkaller kern.warn kernel: [  28[  286.358058][   T29] audit: type=1400 audit(1731242341.478:840): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=0
6.044187][   T29[  286.380703][    C1] vkms_vblank_simulate: vblank timer overrun
] kauditd_printk_skb: 164 callbacks suppressed
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.044201][   T29] audit: type=1400 audit(1731242341.428:835): avc:  denied  { read write } for  pid=5821 comm="syz-executor" name="loop1" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fix
Nov 10 12:39:01 syzkaller daemon.err dhcpcd[5493]: ps_sendpsmmsg: Connection refused
Nov 10 12:39:01 syzkal[  286.424186][   T29] audit: type=1400 audit(1731242341.518:841): avc:  denied  { create } for  pid=9626 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=0
ler daemon.err dhcpcd[5493]: ps_root_recvmsgcb: failed to send message to pid 8655: Connection refused
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.111220][   T29] audit: type=1400 audit(1731242341.428:836): avc:  denied  { read write } for  pid=5822 comm="syz-executor" name="loop0" dev="devtmpfs" ino=647 scontext=root:sysadm_r:sysadm_t tcontext=system_u:ob[  286.476481][   T29] audit: type=1400 audit(1731242341.518:842): avc:  denied  { prog_load } for  pid=9626 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
ject_r:fix
Nov 10 12:39:01 syzkaller kern.warn kernel: [  286.135484][    C1] vkms_vblank_simulate: vblank timer overrun
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.172599][   T29] audit: type=1400 audit(1731242341.468:837): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=l
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.227095][   T29] audit: type=[  286.537226][   T29] audit: type=1400 audit(1731242341.518:843): avc:  denied  { execmem } for  pid=9626 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
1400 audit(1731242341.468:838): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=l
Nov 10 12:39:01 syzkaller kern.warn kernel: [  286.249149][    C1] vkms_vblank_simulate: vblank timer overrun[  286.583186][ T9640] audit: audit_backlog=65 > audit_backlog_limit=64

Nov 10 12:39:01 syzkaller kern.info kernel: [  286.272951][ T9634] SET target dimension over the limit!
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.298900][   T29] audit: type=1400 audit(1731242341.478:839): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=l
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.358058][   T29] audit: type=1400 audit(1731242341.478:840): avc:  denied  { read } for  pid=5181 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=l
Nov 10 12:39:01 syzkaller kern.warn kernel: [  286.380703][    C1] vkms_vblank_simulate: vblank timer overrun
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.424186][   T29] audit: type=1400 audit(1731242341.518:841): avc:  denied  { create } for  pid=9626 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=0
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.476481][   T29] audit: type=1400 audit(1731242341.518:842): avc:  denied  { prog_load } for  pid=9626 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0
Nov 10 12:39:01 syzkaller kern.notice kernel: [  286.537226][   T29] audit: type=1400 audit(1731242341.518:843): avc:  denied  { execmem } for  pid=9626 comm="syz.1.902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0
Nov 10 12:39:01 syzkaller kern.warn kernel: [  286.583186][ T9640] audit: audit_backlog=65 > audit_backlog_limit=64
[  287.082592][ T9650] FAULT_INJECTION: forcing a failure.
[  287.082592][ T9650] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.116420][ T9650] CPU: 1 UID: 0 PID: 9650 Comm: syz.4.909 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  287.127027][ T9650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  287.137089][ T9650] Call Trace:
[  287.140367][ T9650]  <TASK>
[  287.143296][ T9650]  dump_stack_lvl+0x16c/0x1f0
[  287.147982][ T9650]  should_fail_ex+0x497/0x5b0
[  287.152677][ T9650]  _copy_from_user+0x2e/0xd0
[  287.157269][ T9650]  __do_sys_kcmp+0x849/0xd90
[  287.161878][ T9650]  ? __pfx___do_sys_kcmp+0x10/0x10
[  287.167009][ T9650]  do_syscall_64+0xcd/0x250
[  287.171516][ T9650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.177424][ T9650] RIP: 0033:0x7f7fbcf7e719
[  287.181840][ T9650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.201454][ T9650] RSP: 002b:00007f7fbdc9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000138
[  287.209874][ T9650] RAX: ffffffffffffffda RBX: 00007f7fbd135f80 RCX: 00007f7fbcf7e719
[  287.217843][ T9650] RDX: 0000000000000007 RSI: 00000000000000ea RDI: 00000000000000eb
[  287.225822][ T9650] RBP: 00007f7fbdc9c090 R08: 0000000020000100 R09: 0000000000000000
[  287.233795][ T9650] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
[  287.241771][ T9650] R13: 0000000000000000 R14: 00007f7fbd135f80 R15: 00007ffcacba0a08
[  287.249846][ T9650]  </TASK>
[  287.252926][    C1] vkms_vblank_simulate: vblank timer overrun
Nov 10 12:39:02 syzkaller kern.notice kernel: [  287.082592][ T9650] FAULT_INJECTION: forcing a failure.
Nov 10 12:39:02 syzkaller kern.notice kernel: [  287.082592][ T9650] name fail_usercopy, interval 1, probability 0, space 0, times 0
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.116420][ T9650] CPU: 1 UID: 0 PID: 9650 Comm: syz.4.909 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.127027][ T9650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.137089][ T9650] Call Trace:
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.140367][ T9650]  <TASK>
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.143296][ T9650]  dump_stack_lvl+0x16c/0x1f0
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.147982][ T9650]  should_fail_ex+0x497/0x5b0
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.152677][ T9650]  _copy_from_user+0x2e/0xd0
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.157269][ T9650]  __do_sys_kcmp+0x849/0xd90
Nov 10 12:39:02 syzkaller kern.warn [  287.405542][ T5821] cgroup: fork rejected by pids controller in /syz1
kernel: [  287.161878][ T9650]  ? __pfx___do_sys_kcmp+0x10/0x10
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.167009][ T9650]  do_syscall_64+0xcd/0x250
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.171516][ T9650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.177424][ T9650] RIP: 0033:0x7f7fbcf7e719
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.181840][ T9650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.201454][ T9650] RSP: 002b:00007f7fbdc9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000138
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.209874][ T9650] RAX: ffffffffffffffda RBX: 00007f7fbd135f80 RCX: 00007f7fbcf7e719
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.217843][ T9650] RDX: 0000000000000007 RSI: 00000000000000ea RDI: 00000000000000eb
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.225822][ T9650] RBP: 00007f7fbdc9c090 R08: 0000000020000100 R09: 0000000000000000
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.233795][ T9650] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.241771][ T9650] R13: 0000000000000000 R14: 00007f7fbd135f80 R15: 00007ffcacba0a08
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.249846][ T9650]  </TASK>
Nov 10 12:39:02 syzkaller kern.warn kernel: [  287.252926][    C1] vkms_vblank_simulate: vblank timer overrun
Nov 10 12:39:02 syzkaller kern.info kernel: [  287.405542][ T5821] cgroup: fork rejected by pids controller in /syz1
Nov 10 12:39:02 syzkaller daemon.err dhcpcd[5493]: ps_sendpsmmsg: Connection refused
Nov 10 12:39:02 syzkaller daemon.err dhcpcd[5493]: ps_root_recvmsgcb: failed to send message to pid 8695: Connection refused
[  287.719734][ T1024] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Nov 10 12:39:03 syzkaller kern.info kernel: [  287.719734][ T1024] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.821612][ T1024] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Nov 10 12:39:03 syzkaller kern.info kernel: [  287.821612][ T1024] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.907148][ T1024] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Nov 10 12:39:03 syzkaller kern.info kernel: [  287.907148][ T1024] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.982849][ T1024] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
Nov 10 12:39:03 syzkaller kern.info kernel: [  287.982849][ T1024] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  288.046897][ T1024] erspan0: left allmulticast mode
[  288.052032][ T1024] erspan0: left promiscuous mode
[  288.057060][ T1024] bridge0: port 3(erspan0) entered disabled state
Nov 10 12:39:03 syzkaller kern.info kernel: [  288.046897][ T102[  288.071253][ T1024] bridge_slave_1: left allmulticast mode
4] erspan0: left[  288.077767][ T1024] bridge_slave_1: left promiscuous mode
 allmulticast mo[  288.084857][ T1024] bridge0: port 2(bridge_slave_1) entered disabled state
de
Nov 10 12:39:03 syzkaller ke[  288.096288][ T1024] bridge_slave_0: left allmulticast mode
rn.info kernel: [  288.102240][ T1024] bridge_slave_0: left promiscuous mode
[  288.052032][ [  288.109768][ T1024] bridge0: port 1(bridge_slave_0) entered disabled state
T1024] erspan0: left promiscuous[  288.119638][ T6390] 
 mode
Nov 10 12[  288.122499][ T6390] =============================
:39:03 syzkaller[  288.128669][ T6390] WARNING: suspicious RCU usage
 kern.info kerne[  288.135316][ T6390] 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 Not tainted
l: [  288.057060[  288.143732][ T6390] -----------------------------
][ T1024] bridge[  288.149741][ T6390] net/sched/sch_generic.c:1290 suspicious rcu_dereference_protected() usage!
0: port 3(erspan[  288.159834][ T6390] 
[  288.159834][ T6390] other info that might help us debug this:
[  288.159834][ T6390] 
0) entered disab[  288.159853][ T6390] 
[  288.159853][ T6390] rcu_scheduler_active = 2, debug_locks = 1
led state
Nov 1[  288.159867][ T6390] 3 locks held by kworker/u8:11/6390:
0 12:39:03 syzka[  288.187464][ T6390]  #0: ffff888068d0d948 ((wq_completion)bond0#2){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0
ller kern.info k[  288.199531][ T6390]  #1: ffffc9000b45fd80 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
ernel: [  288.07[  288.212948][ T6390]  #2: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x140/0x2d90
1253][ T1024] br[  288.224119][ T6390] 
[  288.224119][ T6390] stack backtrace:
idge_slave_1: le[  288.231359][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: kworker/u8:11 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  288.243643][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  288.253707][ T6390] Workqueue: bond0 bond_mii_monitor
ft allmulticast [  288.258910][ T6390] Call Trace:
[  288.263550][ T6390]  <TASK>
mode
Nov 10 12:[  288.266487][ T6390]  dump_stack_lvl+0x16c/0x1f0
[  288.266509][ T6390]  lockdep_rcu_suspicious+0x210/0x3c0
[  288.266536][ T6390]  dev_deactivate_queue+0x167/0x190
[  288.266558][ T6390]  dev_deactivate_many+0xe7/0xb20
39:03 syzkaller [  288.266591][ T6390]  dev_deactivate+0xf9/0x1c0
kern.info kernel[  288.294016][ T6390]  ? __pfx_dev_deactivate+0x10/0x10
[  288.300600][ T6390]  ? __sanitizer_cov_trace_switch+0x54/0x90
: [  288.077767][  288.306524][ T6390]  linkwatch_do_dev+0x11e/0x160
[  288.312752][ T6390]  linkwatch_sync_dev+0x181/0x210
[ T1024] bridge_[  288.317788][ T6390]  ? __pfx_ethtool_op_get_link+0x10/0x10
slave_1: left pr[  288.325567][ T6390]  ethtool_op_get_link+0x1d/0x70
[  288.331074][ T6390]  bond_check_dev_link+0x197/0x490
omiscuous mode
[  288.336188][ T6390]  ? __pfx_bond_check_dev_link+0x10/0x10
Nov 10 12:39:03 [  288.343169][ T6390]  ? rcu_is_watching+0x12/0xc0
syzkaller kern.i[  288.349291][ T6390]  bond_mii_monitor+0x3c1/0x2d90
nfo kernel: [  2[  288.355597][ T6390]  ? __pfx_bond_mii_monitor+0x10/0x10
88.084857][ T102[  288.362312][ T6390]  ? rcu_is_watching+0x12/0xc0
4] bridge0: port[  288.368438][ T6390]  ? trace_lock_acquire+0x14a/0x1d0
 2(bridge_slave_[  288.374995][ T6390]  ? process_one_work+0x921/0x1ba0
1) entered disab[  288.381473][ T6390]  ? lock_acquire+0x2f/0xb0
led state
Nov 1[  288.387339][ T6390]  ? process_one_work+0x921/0x1ba0
0 12:39:03 syzka[  288.393811][ T6390]  process_one_work+0x9c5/0x1ba0
ller kern.info k[  288.400191][ T6390]  ? __pfx_lock_acquire.part.0+0x10/0x10
ernel: [  288.09[  288.407177][ T6390]  ? __pfx_process_one_work+0x10/0x10
6288][ T1024] br[  288.413903][ T6390]  ? assign_work+0x1a0/0x250
idge_slave_0: le[  288.419841][ T6390]  worker_thread+0x6c8/0xf00
ft allmulticast [  288.425789][ T6390]  ? __kthread_parkme+0x148/0x220
mode
Nov 10 12:[  288.432165][ T6390]  ? __pfx_worker_thread+0x10/0x10
39:03 syzkaller [  288.438621][ T6390]  kthread+0x2c1/0x3a0
kern.info kernel[  288.444056][ T6390]  ? _raw_spin_unlock_irq+0x23/0x50
: [  288.102240][  288.450635][ T6390]  ? __pfx_kthread+0x10/0x10
[ T1024] bridge_[  288.456575][ T6390]  ret_from_fork+0x45/0x80
slave_0: left pr[  288.462342][ T6390]  ? __pfx_kthread+0x10/0x10
omiscuous mode
[  288.468282][ T6390]  ret_from_fork_asm+0x1a/0x30
Nov 10 12:39:03 [  288.474403][ T6390]  </TASK>
syzkaller kern.info kernel: [  288.109768][ T1024] bridge0: port 1(bridge_slave_0) entered disabled state
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.119638][ T6390] 
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.122499][ T6390] =============================
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.128669][ T6390] WARNING: suspicious RCU usage
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.135316][ T6390] 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 Not tainted
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.143732][ T6390] -----------------------------
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.149741][ T6390] net/sched/sch_generic.c:1290 suspicious rcu_dereference_protected() usage!
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.159834][ T6390] 
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.159834][ T6390] other i[  288.554806][ T6390] 
nfo that might h[  288.557452][ T6390] =============================
elp us debug thi[  288.563800][ T6390] WARNING: suspicious RCU usage
s:
Nov 10 12:39[  288.569953][ T6390] 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 Not tainted
:03 syzkaller ke[  288.578320][ T6390] -----------------------------
rn.warn kernel: [  288.584563][ T6390] include/linux/rtnetlink.h:100 suspicious rcu_dereference_protected() usage!
[  288.159834][ [  288.594829][ T6390] 
[  288.594829][ T6390] other info that might help us debug this:
[  288.594829][ T6390] 
T6390] 
Nov 10 [  288.606375][ T6390] 
[  288.606375][ T6390] rcu_scheduler_active = 2, debug_locks = 1
12:39:03 syzkall[  288.615765][ T6390] 3 locks held by kworker/u8:11/6390:
er kern.warn ker[  288.622477][ T6390]  #0: ffff888068d0d948 ((wq_completion)bond0#2){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0
nel: [  288.1598[  288.634359][ T6390]  #1: ffffc9000b45fd80 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
53][ T6390] 
No[  288.648370][ T6390]  #2: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x140/0x2d90
v 10 12:39:03 sy[  288.659388][ T6390] 
[  288.659388][ T6390] stack backtrace:
zkaller kern.war[  288.666145][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: kworker/u8:11 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
n kernel: [  288[  288.678441][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
.159853][ T6390][  288.689857][ T6390] Workqueue: bond0 bond_mii_monitor
 rcu_scheduler_a[  288.696447][ T6390] Call Trace:
ctive = 2, debug[  288.701091][ T6390]  <TASK>
_locks = 1
Nov [  288.705382][ T6390]  dump_stack_lvl+0x16c/0x1f0
10 12:39:03 syzk[  288.711414][ T6390]  lockdep_rcu_suspicious+0x210/0x3c0
aller kern.warn [  288.718162][ T6390]  dev_deactivate_many+0x8af/0xb20
kernel: [  288.1[  288.724626][ T6390]  dev_deactivate+0xf9/0x1c0
59867][ T6390] 3[  288.730563][ T6390]  ? __pfx_dev_deactivate+0x10/0x10
 locks held by k[  288.737110][ T6390]  ? __sanitizer_cov_trace_switch+0x54/0x90
worker/u8:11/639[  288.744357][ T6390]  linkwatch_do_dev+0x11e/0x160
0:
Nov 10 12:39[  288.750557][ T6390]  linkwatch_sync_dev+0x181/0x210
:03 syzkaller ke[  288.757536][ T6390]  ? __pfx_ethtool_op_get_link+0x10/0x10
rn.warn kernel: [  288.764514][ T6390]  ethtool_op_get_link+0x1d/0x70
[  288.187464][ [  288.770824][ T6390]  bond_check_dev_link+0x197/0x490
T6390]  #0: ffff[  288.777300][ T6390]  ? __pfx_bond_check_dev_link+0x10/0x10
888068d0d948 ((w[  288.784279][ T6390]  ? rcu_is_watching+0x12/0xc0
q_completion)bon[  288.790404][ T6390]  bond_mii_monitor+0x3c1/0x2d90
d0#2){+.+.}-{0:0[  288.796687][ T6390]  ? __pfx_bond_mii_monitor+0x10/0x10
}, at: process_o[  288.803415][ T6390]  ? rcu_is_watching+0x12/0xc0
ne_work+0x129b/0[  288.809527][ T6390]  ? trace_lock_acquire+0x14a/0x1d0
x1ba0
Nov 10 12[  288.816072][ T6390]  ? process_one_work+0x921/0x1ba0
:39:03 syzkaller[  288.822536][ T6390]  ? lock_acquire+0x2f/0xb0
 kern.warn kerne[  288.828383][ T6390]  ? process_one_work+0x921/0x1ba0
l: [  288.199531[  288.834848][ T6390]  process_one_work+0x9c5/0x1ba0
][ T6390]  #1: f[  288.841142][ T6390]  ? __pfx_lock_acquire.part.0+0x10/0x10
fffc9000b45fd80 [  288.848115][ T6390]  ? __pfx_process_one_work+0x10/0x10
((work_completio[  288.854844][ T6390]  ? assign_work+0x1a0/0x250
n)(&(&bond->mii_[  288.860781][ T6390]  worker_thread+0x6c8/0xf00
work)->work)){+.[  288.866722][ T6390]  ? __kthread_parkme+0x148/0x220
+.}-{0:0}, at: p[  288.873091][ T6390]  ? __pfx_worker_thread+0x10/0x10
rocess_one_work+[  288.879551][ T6390]  kthread+0x2c1/0x3a0
0x921/0x1ba0
No[  288.884966][ T6390]  ? _raw_spin_unlock_irq+0x23/0x50
v 10 12:39:03 sy[  288.891513][ T6390]  ? __pfx_kthread+0x10/0x10
zkaller kern.war[  288.897454][ T6390]  ret_from_fork+0x45/0x80
n kernel: [  288[  288.903232][ T6390]  ? __pfx_kthread+0x10/0x10
.212948][ T6390][  288.909177][ T6390]  ret_from_fork_asm+0x1a/0x30
  #2: ffffffff8e[  288.915298][ T6390]  </TASK>
1b8340 (rcu_read_lock){....}-{1:2}, at: bond_mii_monitor+0x140/0x2d90
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.224119][ T6390] 
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.224119][ T6390] stack backtrace:
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.231359][ T6390] CPU: 0 UID: 0 PID: 6390 Comm: kworker/u8:11 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.243643][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.253707][ T6390] Workqueue: bond0 bond_mii_monitor
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.258910][ T6390] Call Trace:
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.263550][ T6390]  <TASK>
Nov 10 12:39:03 syzkaller kern.warn kernel: [  288.266487][ T6390]  dump_stack_lvl+0x16c/0x1f0
Nov 10 12:39:03 syzkall[  289.005277][ T6390] ==================================================================
[  289.013752][ T6390] BUG: KASAN: stack-out-of-bounds in dev_deactivate_queue+0x17e/0x190
[  289.021913][ T6390] Read of size 8 at addr ffffc90003cf7b20 by task kworker/u8:11/6390
[  289.029971][ T6390] 
[  289.032287][ T6390] CPU: 1 UID: 0 PID: 6390 Comm: kworker/u8:11 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  289.043220][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  289.053272][ T6390] Workqueue: bond0 bond_mii_monitor
[  289.058484][ T6390] Call Trace:
[  289.061760][ T6390]  <TASK>
[  289.061768][ T6390]  dump_stack_lvl+0x116/0x1f0
[  289.061788][ T6390]  print_report+0xc3/0x620
[  289.061808][ T6390]  ? __virt_addr_valid+0x5e/0x590
[  289.078775][ T6390]  kasan_report+0xd9/0x110
[  289.083213][ T6390]  ? dev_deactivate_queue+0x17e/0x190
er kern.warn ker[  289.083234][ T6390]  ? dev_deactivate_queue+0x17e/0x190
nel: [  288.2665[  289.083252][ T6390]  dev_deactivate_queue+0x17e/0x190
09][ T6390]  loc[  289.083269][ T6390]  dev_deactivate_many+0xe7/0xb20
[  289.083289][ T6390]  dev_deactivate+0xf9/0x1c0
[  289.083307][ T6390]  ? __pfx_dev_deactivate+0x10/0x10
[  289.083330][ T6390]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  289.083352][ T6390]  linkwatch_do_dev+0x11e/0x160
[  289.083370][ T6390]  linkwatch_sync_dev+0x181/0x210
[  289.083387][ T6390]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  289.083400][ T6390]  ethtool_op_get_link+0x1d/0x70
[  289.083413][ T6390]  bond_check_dev_link+0x197/0x490
[  289.083431][ T6390]  ? __pfx_bond_check_dev_link+0x10/0x10
[  289.083446][ T6390]  ? rcu_is_watching+0x12/0xc0
[  289.083465][ T6390]  bond_mii_monitor+0x3c1/0x2d90
[  289.083485][ T6390]  ? __pfx_bond_mii_monitor+0x10/0x10
[  289.083503][ T6390]  ? rcu_is_watching+0x12/0xc0
[  289.083518][ T6390]  ? trace_lock_acquire+0x14a/0x1d0
[  289.083535][ T6390]  ? process_one_work+0x921/0x1ba0
[  289.083549][ T6390]  ? lock_acquire+0x2f/0xb0
[  289.083560][ T6390]  ? process_one_work+0x921/0x1ba0
[  289.083574][ T6390]  process_one_work+0x9c5/0x1ba0
[  289.083589][ T6390]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  289.083602][ T6390]  ? __pfx_process_one_work+0x10/0x10
[  289.083616][ T6390]  ? assign_work+0x1a0/0x250
[  289.083636][ T6390]  worker_thread+0x6c8/0xf00
[  289.083650][ T6390]  ? __kthread_parkme+0x148/0x220
[  289.083666][ T6390]  ? __pfx_worker_thread+0x10/0x10
[  289.083679][ T6390]  kthread+0x2c1/0x3a0
[  289.083694][ T6390]  ? _raw_spin_unlock_irq+0x23/0x50
[  289.083712][ T6390]  ? __pfx_kthread+0x10/0x10
[  289.083727][ T6390]  ret_from_fork+0x45/0x80
[  289.083740][ T6390]  ? __pfx_kthread+0x10/0x10
[  289.083755][ T6390]  ret_from_fork_asm+0x1a/0x30
[  289.083776][ T6390]  </TASK>
[  289.083781][ T6390] 
[  289.083787][ T6390] The buggy address belongs to the virtual mapping at
[  289.083787][ T6390]  [ffffc90003cf0000, ffffc90003cf9000) created by:
[  289.083787][ T6390]  kernel_clone+0xfd/0x960
[  289.083808][ T6390] 
[  289.083811][ T6390] The buggy address belongs to the physical page:
[  289.083815][ T6390] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26960
[  289.083828][ T6390] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  289.083844][ T6390] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  289.083856][ T6390] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  289.083863][ T6390] page dumped because: kasan: bad access detected
[  289.083869][ T6390] page_owner tracks the page as allocated
[  289.083873][ T6390] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 11, tgid 11 (kworker/u8:0), ts 5769021026, free_ts 0
[  289.083895][ T6390]  post_alloc_hook+0x2d1/0x350
[  289.083908][ T6390]  get_page_from_freelist+0xf7d/0x2d10
[  289.083923][ T6390]  __alloc_pages_noprof+0x223/0x25a0
[  289.083937][ T6390]  alloc_pages_mpol_noprof+0x2c9/0x610
[  289.083954][ T6390]  __vmalloc_node_range_noprof+0x724/0x15a0
[  289.083967][ T6390]  copy_process+0x3076/0x8cb0
[  289.083981][ T6390]  kernel_clone+0xfd/0x960
[  289.083995][ T6390]  user_mode_thread+0xb4/0xf0
[  289.084010][ T6390]  call_usermodehelper_exec_work+0xcb/0x170
[  289.084023][ T6390]  process_one_work+0x9c5/0x1ba0
[  289.084034][ T6390]  worker_thread+0x6c8/0xf00
[  289.084044][ T6390]  kthread+0x2c1/0x3a0
[  289.084058][ T6390]  ret_from_fork+0x45/0x80
[  289.084068][ T6390]  ret_from_fork_asm+0x1a/0x30
[  289.084084][ T6390] page_owner free stack trace missing
[  289.084088][ T6390] 
[  289.084091][ T6390] Memory state around the buggy address:
[  289.084098][ T6390]  ffffc90003cf7a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  289.084106][ T6390]  ffffc90003cf7a80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 00 f2
[  289.084115][ T6390] >ffffc90003cf7b00: f2 f2 00 00 f2 f2 00 00 f2 f2 00 00 00 00 00 f3
[  289.084122][ T6390]                                ^
[  289.084129][ T6390]  ffffc90003cf7b80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[  289.084137][ T6390]  ffffc90003cf7c00: 00 00 f1 f1 f1 f1 00 00 f2 f2 00 00 f3 f3 00 00
[  289.084143][ T6390] ==================================================================
[  289.104678][ T6390] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  289.104689][ T6390] CPU: 1 UID: 0 PID: 6390 Comm: kworker/u8:11 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0
[  289.104706][ T6390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  289.104716][ T6390] Workqueue: bond0 bond_mii_monitor
[  289.104738][ T6390] Call Trace:
[  289.104743][ T6390]  <TASK>
[  289.104748][ T6390]  dump_stack_lvl+0x3d/0x1f0
[  289.104765][ T6390]  panic+0x71d/0x800
[  289.104784][ T6390]  ? __pfx_panic+0x10/0x10
[  289.104805][ T6390]  ? preempt_schedule_thunk+0x1a/0x30
[  289.104820][ T6390]  ? preempt_schedule_common+0x44/0xc0
[  289.104841][ T6390]  ? check_panic_on_warn+0x1f/0xb0
[  289.104862][ T6390]  check_panic_on_warn+0xab/0xb0
[  289.104882][ T6390]  end_report+0x117/0x180
[  289.104899][ T6390]  kasan_report+0xe9/0x110
[  289.104915][ T6390]  ? dev_deactivate_queue+0x17e/0x190
[  289.104934][ T6390]  ? dev_deactivate_queue+0x17e/0x190
[  289.104954][ T6390]  dev_deactivate_queue+0x17e/0x190
[  289.104972][ T6390]  dev_deactivate_many+0xe7/0xb20
[  289.104993][ T6390]  dev_deactivate+0xf9/0x1c0
[  289.105012][ T6390]  ? __pfx_dev_deactivate+0x10/0x10
[  289.105031][ T6390]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  289.105056][ T6390]  linkwatch_do_dev+0x11e/0x160
[  289.105074][ T6390]  linkwatch_sync_dev+0x181/0x210
[  289.105092][ T6390]  ? __pfx_ethtool_op_get_link+0x10/0x10
[  289.105106][ T6390]  ethtool_op_get_link+0x1d/0x70
[  289.105121][ T6390]  bond_check_dev_link+0x197/0x490
[  289.105138][ T6390]  ? __pfx_bond_check_dev_link+0x10/0x10
[  289.105154][ T6390]  ? rcu_is_watching+0x12/0xc0
[  289.105175][ T6390]  bond_mii_monitor+0x3c1/0x2d90
[  289.105198][ T6390]  ? __pfx_bond_mii_monitor+0x10/0x10
[  289.105217][ T6390]  ? rcu_is_watching+0x12/0xc0
[  289.105235][ T6390]  ? trace_lock_acquire+0x14a/0x1d0
[  289.105253][ T6390]  ? process_one_work+0x921/0x1ba0
[  289.105268][ T6390]  ? lock_acquire+0x2f/0xb0
[  289.105281][ T6390]  ? process_one_work+0x921/0x1ba0
[  289.105297][ T6390]  process_one_work+0x9c5/0x1ba0
[  289.105313][ T6390]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  289.105332][ T6390]  ? __pfx_process_one_work+0x10/0x10
[  289.105348][ T6390]  ? assign_work+0x1a0/0x250
[  289.105369][ T6390]  worker_thread+0x6c8/0xf00
[  289.105385][ T6390]  ? __kthread_parkme+0x148/0x220
[  289.105403][ T6390]  ? __pfx_worker_thread+0x10/0x10
[  289.105417][ T6390]  kthread+0x2c1/0x3a0
[  289.105433][ T6390]  ? _raw_spin_unlock_irq+0x23/0x50
[  289.105452][ T6390]  ? __pfx_kthread+0x10/0x10
[  289.105469][ T6390]  ret_from_fork+0x45/0x80
[  289.105482][ T6390]  ? __pfx_kthread+0x10/0x10
[  289.105499][ T6390]  ret_from_fork_asm+0x1a/0x30
[  289.105522][ T6390]  </TASK>
[  289.109409][ T6390] Kernel Offset: disabled