last executing test programs:

9.430313275s ago: executing program 4 (id=231):
openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x8)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

8.781679144s ago: executing program 4 (id=233):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='dctcp\x00', 0x6)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(0x0, r1)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r2, 0x701, 0x0, 0x0, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0xf07f7f}, 0x4000800)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffa}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x8, 0x0, &(0x7f0000000140)="f9ad48cc42cb29fc", 0x0, 0x1400, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000006c0), 0x0, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700)
accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14, 0x800)

8.373225294s ago: executing program 3 (id=235):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, 0x0, &(0x7f00000000c0)={0x0, 0x5b7f, 0x7fffffff, 0x0, 0x9, 0x9, 0x0, 0x0, 0xde})

8.231042524s ago: executing program 3 (id=236):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r2, 0x1, 0xfffbfffe, 0x0, {0x54}}, 0x14}, 0x1, 0x0, 0x0, 0x14}, 0x0)

7.839302034s ago: executing program 3 (id=237):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@redirect_dir_follow}]})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioperm(0x0, 0x2, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv4_newaddr={0x48, 0x14, 0x509, 0x0, 0x25dfdbfd, {0x2, 0x1f, 0x0, 0xcb, r5}, [@IFA_ADDRESS={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x41}}, @IFA_LOCAL={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x6}, @IFA_ADDRESS={0x8, 0x1, @multicast1}, @IFA_RT_PRIORITY={0x8, 0x9, 0xfffff435}, @IFA_RT_PRIORITY={0x8, 0x9, 0x103}]}, 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000040)="0ff5514ec744240005000000c744240200000000c7442406000000000f011c240f01c8b9800000c00f3235001000000f300f01bd406600000f01d13e0f783cd7b9800000c00f3235004000000f300f20d835200000000f22d8f36f", 0x5b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r9, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
r10 = dup2(r9, r9)
sendmmsg$unix(r10, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000940)="2407dc14273b0d762fcd81573c63340fb23b2112a36e45ad6da7f180d667db004eea", 0x22}, {&(0x7f0000000880)="0000f60a0001", 0x6}], 0x2}}, {{&(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20004814}}], 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0x70}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r11 = socket(0x10, 0x803, 0x0)
getsockname$packet(r11, &(0x7f0000000200)={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r13 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r13, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r12, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r13], 0x3c}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000340)={@random="7c4da633a301", @random='\x00 \x00\x00\x00\b', @val={@void, {0x8100, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x1, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, {[@lsrr={0x83, 0x7, 0xe3, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp={0x44, 0x4, 0x2b, 0x0, 0xb}]}}, {{0x4, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)

7.545095224s ago: executing program 4 (id=239):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00'}, 0x10)
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000040)={0x9d, 0x3, 0x40, 0x9, 0x1, 0xdb46, "d7c55a9d6cafd5c7060eb5d8eb405155", 0x54, 0x10, 0x77, 0x12, 0x0, 0xf, 0x7})
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000940)={{}, 'syz0\x00', 0x40})
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
r1 = socket$inet6(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x8, 0x0, &(0x7f0000000040)=[@acquire], 0x0, 0x0, 0x0})
mlockall(0x1)
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x7)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x1002009, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000540)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0xd1, 0x4, 0x2, 0x401, 0x2, 0x1, "7098ec192a104d84cee08018ea054f9e7a70cd59fece98929461d713dabdc7b04bafdd1474add63887a283e621bf454953f5e8b256cbb351830b37476f8f9f08ef13f8e174085453eb1a78978045e6d334dbf52cc5753de7eedf91dc1df89c976a36a860b7016393a48b35212cb5158af023d3fd7960156abe9531e345e3f8f9ec2122a4c769831399b67349aee37730e79376b6730bec64da6aadae3e8468b696a0179cb4c22437ae39264dcd59f4f56f025b35fabdebfab13ce03f94e7931bea7c088c39dda8ff83fec65e8fd68cbee6"}}, 0x1e9)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(0xffffffffffffffff, 0x8002af76, &(0x7f00000000c0))
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)

6.990977986s ago: executing program 0 (id=240):
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0xc8)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000880)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0x2, 0x43, 0x9, 0x2c400000000000, 0x3, 0x6, 0x1, 0x348, 0x38, 0x41, 0x8, 0x0, 0x20, 0x2, 0xffff, 0x633, 0x5}, [{0x1, 0x81, 0x400, 0x2, 0xc, 0x4, 0x3, 0x5}, {0x60000000, 0x7, 0x6, 0x2, 0x6, 0x3c00000, 0x3ff, 0xd7ee}], "a0dde959a9ca88156d1b88cb88e8dd0dd1f3fffa5e3a3fe03cb50a6398d261ae9b4266ac62ad705ffa4a71f0b9b5de19b786bcb2cd8d1a6b37e3f28a19557310be69724bca5ab21630053847a8e262edc2aab8471ef5060d6587370c1104a928850c5a50fe5861825eb8296ed918c3f7d527873ce5c188fdc6de79081518c076cb89db661256ec503f4e0dee187928fd5afe282e922c7f06c7b6b2ed1f6cbb0ffaf2516f88d3c12aab27a4f71fe11ea674b7357c49a6a85ffb9a9f8246403d762ac133039492c3c9ba00128767954df47b94d4a903bab6de05a733c2bdbf78a0f3f952d6c165db9876e95041cfe4413cd22141a8aed1eba9c306af2da45be4dcabdffa44c314f0df78a62b7b38a109a5de022a3b5628e90186a00680e66c40e63490a9de738fe1b320ed52940929ae4b870851e9a6c891d35dd25cbf606a10e8b2c148d81048c2b4ba2757636733acdaeea461a75fbbcb98bac7d2daa955866e22165a985f09008a17bc8919718403509f16a66bbeefc8ae2afb4d54f6b945b0fee50352d894b6f48b94191079979cd6b74f50e0f8282248c17cf5fb97dca69626cb96b3649690350906a86938fb60d2608b0b64f736ac522162ffe83f272cd6266332259fa892948bfd862a81b61826cec6703cddd5da60607837aa2977aef1e98003525b8f9ef5923e697a3cf5701a945de66559ffc362b79b06386052d38ba8e3750c6a5f08d248ef7478b89a25e81bde1eb30818dc2ca0505d85a92d98baaab3bffb6f14fc08c8c29d3da4aa22f4b709dcfd5c359c69247af8eda1e84b285d0ca8543a83a2c269151ca025e861903db5e1fe098d96915a8a99bfec6c984cb7d8fd0b71e8d138b342935ac3866257622211b9d29fea3d40212022ebd2329f9205c308192f4ec2f89cec0709d5d2fd37ba97d0dff2ffeed77e1f3266eda85b3f2a9b1a3baa3e534dfac39eddfac96841df12b5a86aa3f6bc4012b96ee223e6dfbbdb09bc58b90a0a4ad0d801031e02fdad9f18e628a6587305059c43412de4b0aa2d8393c92619ae6d675024517409f011af967edb9565ac452c88e6f8056b0de5cd6e391a296e8a5c93251a7ff84843de5fbeb312bf046de772bbb9f51050a94ee1b246cce2972db3d7c41af721134f7f5dc2b626f202b0fb845afc1d4b15ed09df9e6337cd125375bcc7d2e2241d499fb45726252d65c91943c0fb09c40c7038faa512fa6d0e378606d161f512764fe21353335be958d8bac379c7036d97e70b018448b4520b2a92b62a4b9a1db9a8e4ef69d1ab02ab94555b4c7219bd84bf7f93a819a1a7ba152fe1866612c796ffa1d1fad50642f91a1fd56df46468ec7e9c7772bea9f5bbb2465a843d7233c3fd86269af88406e306589ec79147b41de700ff78ac9c1c32ed8c157f33df18e534008b25abb511e895a468fe2ccae89bd587c5132c0f109e6c54ae658447cb65f61949c5a4e66c4ad18945d24c47551eab7503ff6745a74b01f412f371d11cdf16198abf88202c420f645d013bc9e80a9452d2b952541c85411975c0506d38df73d36f399d269a85ae59ad1d1aa66ecc00bfab1fb72ef875553d91fb5a21f1e0eb8feb02beef270d5f940baffef9b0bc2a0fde83673063b11a76f76824eaf724a0c4095eb9e41d77852280581297c37ac650392aed746d6bc0b1f58135d3aafb3aa17e9d36af320245afefcef2ff5f7f6efdac42e2a73ef63cad7a98f457bbca0f8f554a11a8e635dcd26846566f11c6c9c08e40c94647fe7ff25fa79d6445ebd77ed1df6bac8af4b00cbf7c6cdb3b5710cf1ac6cfe9095fe3594246f9f6332a7ae73c6e7ed005cddf7f0d1d47a82eaa20d222051d5df17795a16247d66b4953cc4b8ee9270d9d1b50079055359fb6cd89449c1d88af3adbaf76b58253b0d2d91c43e85094e7bac8ca6ea25cb955d845c54141a854c79424e1417fc89c12eeb1ab607e5e327633655dc7f84bf16a719b2fcd4231cea08654c0375826a61f0dff3c87d194aa5a3314ac9ed0f4856fffe42d80626c9687f771ec42ea533a36b50d197ba85f4f1ada36840471f08afae01b3334479097a3bd6a884c8050c30576ae618150e09dcbff17b0ff26429b61eea3d610149dfe63b311c893fdb4e07329b9aab82a60ebcbf2dc54db3fd1c15be8046b6b26ea801367a0239293268e34723bf8e1c9f0cd12e2237fb8c637aa62e3b2c6f159fb17738bb81439034b8f7a6c2c30476c1b8a2441f7cf3369f48e8a883053cbc33b8543408ba86686c4354d84eacd156948d39a97d07f1875e14d3c4ba760e2571560a486261c79d327a484bacf5e0f06e68fc11265ae2614cc0ff2319a27ae5fe5a4dac1355a70bb6a1d0d4988b5b98ccb52fbe296b91e3894ef8f2aa1520e4024e9c6df742e225f2162bd4f73b89cb90092300ca5cb9a6004f9a903b5ccc59a5f8e48902f7416ffcc117cdaccab1e370580beb01dfe94fb7f4a74c1a0bd3f04b810017d198da8674a2c93858f67e06fce821cda393349eb0f4ca3eef00ae3e217d45936b38d495c74a56c5623a5e9085c9ab315ac4f12608526edb3e038a424ac970b091ed0fa51ba8e662df2411c3b6aa4fea9688b7d7f59bba14035ecbf873662d123c0e92edb0758d37660ae25aa2fe81038f09768e2f3a070a594b9e8db3931dcfa7a29c25f6fd88066c58f9d50d6e5657265a62a961ad0d22fdaa1811524448038a807116deb375845fde5b59786f341f5123ceac5f10ad3dad3cc51d7157a8cd6920d6ea18c45c26947e53a5ed40ba38eaae3d07f18763a0315b4f9450dc82755eee74a62fc17e85aaf164a23cdd6c2aeeef66d61f03782170999ed5006a60712715457baa29f5774fe288fd4ae1244152ab75e9dedba2c77b20fc94d0555798dc77c1e9c264601b1076bb3433232ae8fbbb7ff3ae66e86878958ec7a9fff571e9ef8d063248a9c9c15628985c2789623ba1ef73cec1b7d09030356ba39cd580f71fc883260cde45bebee1620730154ae779c29009d6241d8e2cbd4102b424fb15b822a8e712812ac9e7683d9a94c14007a33f0f90ad2bb322db6e8996849711d869eaa7626953cfe60210e9d9f49857707dc7106fc75c08898c8a9f11dca33cd9e78c3aefb3f8fbea8e8359aabb0115c55ab8350eec8916aca293c4fbf7992caab23b6f8239d31096124bbe0d4ceda8d0415fc1772ee4882825d7530c8a797f7085eb2d87efe810accc326b8a201889ecb908decaa32c9f9c60c69b3bd75f2b9434c1780ffab099f304fc9c9e036621f5861dc2396cf4ab77dcc0612d27bc2de04d1b7cc4b63495232a88ff2fa5eb0751d32f44fad984c3d5a55674195c3f6b0b0628541687fa10c70e472243c55a89143bae7987e04bbd565cfd02ef4cc38083bc1f89da609b8657dcbd431aadf57fc006ee2b0b55fdcf3e4439a3071b45533d07484aa8770ffae744af2533d67f2d9a9031d0431c8d672eb20a944ff716c466136b7785fd0ec2037be73d8d92e022365065bb74f6ce4237791c46fcb88aa8c86180af3286f2f56f96779123524ebf771d6bad1c8f6cc0cabe339e024540683951683e74fca33456738f4fc23099da933f324a3e251d954d71e9b3c322ed81bac393219326c9b10de016b3ebf61049c9c14cc2ff63aae1e542994d791078c5007a2c4d83a7e2af9cdc8f0d3e99429b1d57232a703ce7b52ec20f89698017122c974ed97ee040c4a66e9291554dad920670f0073fb94f7531c3a31787ab6e26f0e62570ede7fb5c34018130360a35cf3bf3bfbdf0c2c9142bd6a46743002fdf5f5d1d1063b51fbf2556dc85da908d80f51c7b071c6057903b1ca042c21957664d531357dd11623c16002401c46541fe4e28a3754daa0a8ceec0cce9f1a28df5ea68f95cce06118829afb6b6dbbe08824bf761114c5e3a15d0de200e25ca64272951b4ce16605f52d2eb980d929aacc0e5f071c7f5d0f53cc0e112912c656d73b22f7a21fe2710f823d0cb847ec448b2ec62f8920e2c3d765391b502ab7512bafbf520defcd28441043100968a56c95906504ba36c78201ac5643f8b87a808b320f874ab1a684d9471513d99a9721a03cb2566197cab8fdd357cf9ce78b46931c6c7e8fff1e053428a2e60411aedcd63bd0ea85eddd29373290462be57e238160c476074642557fc4ea4d5c41d2e1771b27e9207e9f888f5547bdaf5d209fb88872d70919f16711eae724ef4181c927ba1ebdc9b3818ceb8991303135e87e5c5ba5db28de5e9306269ac13d787e7125e0cc89404a2cbc55fcc5352cdc221013599944209984c59116a800353e494f80eb75b31f7ea93d77e14dd7fd804a96f02d45167f7b5049308b8a82e90240c97a3c427daef18bc7958714027b84d097d01246d023b28f121ad0cdb32e854fa3489c867a23d6e69934eff37cf02ebdacef2aa6e9eb0901fbc869e44b3f1bc2172abf25332b2d0280d9b066b14f0bc8703c4c76e46f930466c9dcd4c20d5c488fe22f3138ae863acc23895137bd96193a2ddddd95c3bf6c072204fa8119147aa7d457d2f71e0b15bda76ce4e2e3f5424303409015810f83acd3f53f71d30338f9bf2098724a05aee9ba2e24199c69f76438351c76cba83336502ba1a43391d844721c97a0ba350af0d6c391e0356e7a7c671ab19d907c9c28aeab6a8d92d6e5fa2064214ab5e69efec843e1ac2c57d4c0b3561dab31f094ccffd7e48ef443d46a7ad3b87d6b5a1cf8171d985821032b202720ccd74a8e53a34930837f6f376459bc908858e5e995317027b3ce958b2c9215deb7d35b8adbdcc762a974561ad889bb4f32c368491855c7d77a0d5e06719a534cb6c8520e9e120217bd1ff83b4f549e027c00055256dbcc03f725ecc5ad733fa2813e287bae7edd67995b9f6302aecb93e197cc8b426db37947f33a949506dae3de1da8c590ef05bd7fbe7c7b16e280b696f1ad4bc8807f2ac5dc585e4acb162c9f2872680ae3115d14292a4b46cd9f0920a163a9d16a69e072cd8ab2b45aa536939fe7fd8a8ab4c011ed21084ff1988f04d21b2f052b7ef6681aebb3759d83923b2a64a64eb0e9b068d0edae20fb7ad213e65fb37d7f55900815c3dcc231c620aee15bcaee221fb1ded6d1a0755000f3a90d21764ba8a00f65b05c924778b255d4a9f169ae27481828e80ddedaac7d8b92d75105c853bd143aa7f4a1b0c8b70066b13eb99249e1525a63109fcfebd695ca65b9ddd5349a161939a4c8d32066e4d39fb2956471ac99b625aa3b68f510c51da5140f15e36ed1e48a895d0ff2d9727ccda1ce860bd698c5870efcabbfc6ff170a4aab456aa06c6ecec945eb522ff69a0685b1b2915d53ecd338a1ed2dfa47654eaeac352e6c6394d2bf438674aa7d9fe461d0b1f46f64618ce2055989b1782eb1aafdbb32f699a3f4e3644c533228a485e29fdcd821bd673b1e23ac35be1c05852f129008df0ec9053ae41359319748df8e93eacdabf7353ca69c21344e5dc0691666bac4e6b09214444b1ddc6bb2913989bd9ffa530a9df786418d67dcd3a089909068766b29c4543fe19f8d029b37c3c7e5d1c72ba2a22eebc90b2b9c707ed20c5bb2aa6679ab7c663cbff60ca26c14f40c811f641e96897008218fb0ef3cb88848c7d5995f684cb0d7cd7ed4c899782fefecdc4617453aa561e6cb410b35e516b9244ee350a5238d8097ff0c7dc76a18e8be48815d8b670a199a8955abf7a059dc8d7e955478d998e5142cd07b858ec95d2b129506be3435c1f251088c156b6fa33e656eb757", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x1578)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x100000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r4, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, &(0x7f0000000080)={0x18, r4})

5.915424276s ago: executing program 1 (id=241):
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141101)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x90, 0x90, 0xb, [@union={0x7, 0x2, 0x0, 0x5, 0x0, 0x7, [{0xd, 0x1, 0x200}, {0xc, 0x4, 0x68f}]}, @typedef={0x2, 0x0, 0x0, 0x8, 0x4}, @struct={0xf, 0x7, 0x0, 0x4, 0x0, 0x8, [{0x9, 0x0, 0x8}, {0x2, 0x3, 0x7f}, {0x2, 0x8, 0x854}, {0xd, 0x2, 0xfc26}, {0xc, 0x5, 0x2}, {0xa, 0x0, 0x5}, {0x5, 0x2, 0x47872173}]}]}, {0x0, [0x5f, 0x61, 0x61, 0x0, 0x9d011106b8e7f0ee, 0x5f, 0x2e, 0x0, 0x30]}}, &(0x7f0000000440)=""/42, 0xb3, 0x2a, 0x1, 0x1, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef0100"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_open_dev$tty1(0xc, 0x4, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

5.857733135s ago: executing program 0 (id=242):
r0 = socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x400000000000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="24000000240035b90000000000000000070000000600040000ef000006000300"], 0x24}}, 0x0)
r6 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c", 0x68, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r3, r4, r6}, 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="68000000d70000002bbd7000ffdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="100001800c0004800800010000080000100001800c00048008000200130000000c00018005000300030000000c000180060002000c0000000c00018005000300030000000c00018008000100ceb50400"], 0x68}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$media(&(0x7f0000000040), 0x7, 0x20000)
ioctl$MEDIA_IOC_ENUM_LINKS(r8, 0xc0287c02, &(0x7f00000003c0)={0x80000000, &(0x7f0000000300), &(0x7f0000000880)})
sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x3, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@delneigh={0x30, 0x1a, 0x1, 0x8, 0x25dfdbfc, {0x2}, [@NDA_CACHEINFO={0x14, 0x3, {0x7}}]}, 0x30}}, 0x0)

5.069814406s ago: executing program 3 (id=244):
socket$tipc(0x1e, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00\a\x00'/20, @ANYRES32, @ANYBLOB="0000000000802edaf21f887ae171284094ca3b5b013f4554e209e3e2561dfc295ff1b97bc4fd12e32396f06422f2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
fsopen(&(0x7f0000000000)='iso9660\x00', 0x0)
write$binfmt_script(r0, &(0x7f00000006c0)={'#! ', './file2'}, 0xb)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x8380, 0x1850, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0xf, 0x2, 0x3, 0x1, 0x4, 0x80, {0x9, 0x21, 0x6, 0x7, 0x1, {0x22, 0xdaf}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x8, 0xe, 0x3}}}}}]}}]}}, &(0x7f0000000400)={0x0, 0x0, 0x51, &(0x7f00000001c0)={0x5, 0xf, 0x51, 0x1, [@generic={0x4c, 0x10, 0xa, "182f8e3721323db857cf69d5f194b343e6e46447e5c7355a224fc49431e03902e6343b17698a3fc9442946a969fa8fa5a88aa16103f309f34478711f7e94da63ff355e215f1214a44d"}]}})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="02200000c04471d7300012800b000100697036746e6c000020000280050009002900000014000200"/52], 0x58}}, 0x0)
getpid()
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040ed7e54e20"], 0x7)

5.041637946s ago: executing program 0 (id=245):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r1, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10)

4.956878238s ago: executing program 1 (id=246):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, 0x0, &(0x7f00000000c0)={0x0, 0x5b7f, 0x7fffffff, 0x0, 0x9, 0x9, 0x0, 0x0, 0xde})

4.551219656s ago: executing program 1 (id=247):
syz_io_uring_setup(0x111, 0x0, &(0x7f0000000340), &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
fcntl$getflags(0xffffffffffffffff, 0x401)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x362b82, 0x0)
fallocate(0xffffffffffffffff, 0x10, 0x0, 0x72200)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x3)
write(r1, &(0x7f00000000c0)="4b00030000", 0x5)
r2 = syz_open_procfs(0x0, &(0x7f00000008c0)='wchan\x00')
pread64(r2, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x20001, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x8, 0x0, 0x0, 0x0, 0x0, "008000"}, 0x9, 0x1, {0x0}, 0x3ff})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_ASSOCIATE_REQ(r4, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x20048080)

4.550794206s ago: executing program 0 (id=248):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_ZERO(r3, 0x0, 0x48f, &(0x7f0000000240)={0x2f, @local, 0x4e24, 0x2, 'ovf\x00', 0x4, 0x7f, 0x17}, 0x2c)
sendmmsg$inet_sctp(r2, &(0x7f0000001a00)=[{&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f00000001c0)=[{&(0x7f00000000c0)="a5", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="3000000000000000840000000100"/44, @ANYRES32=0x0, @ANYBLOB="20000000000000008400000002000000000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="18"], 0x68}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000000)=0x33, 0x4)
close(r2)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4000000000000000, &(0x7f0000000000)={<r4=>0xffffffffffffffff}, 0x13f, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000080)={0x7, 0x8, 0xfa00, {r4}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000180)={0x1, 0x10, 0xfa00, {&(0x7f0000000140), r4}}, 0x18)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_setup(0x253c, &(0x7f0000000000)={0x0, 0x0, 0x1000, 0x3, 0x2})
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="14000000250001"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

4.070098781s ago: executing program 2 (id=249):
r0 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000801) (async)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bda", 0x7) (async)
pipe2$watch_queue(&(0x7f00000004c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r4, 0x5761, &(0x7f0000000500)={0x1, 0x0, [{0xb7, 0x1, 0x15, [0x7, 0x2400, 0x1, 0x1000, 0x9, 0x7, 0x201, 0x4]}]}) (async)
write$UHID_INPUT(r1, &(0x7f0000001300)={0x8, {"af0014920c989bde943127351c7e048fe805d44569c987d51286ac5e80b0961cfe3629729c82e28c53b31e3ecbb8722bff9c0906027d5cb6fbd929cb4b5e657cc88a443809e6a720828c27b6519e7c18904d67528373733934aa5240afd60544d489e1ec3779ac45095c12c6c5f13c086306dfbbd31926b74150ff2c87db2be1d995e9b3a16fb7360de12618b05d94c291acfcdab84c919de60133f54a0a18d2517c1d0de417ae39fec1c9fa306573205051a9880da1f213b9a27c22b72d42d92b7b260b41bcc1868a0404936774ea5209f02929ec3eef4298818ddb708de6c0e1fda05436037d7d4042d2de3adebc8a62f58ec6ccb4160435c4393ba913250b56ec2fce544a01a5a3ce4363fd497fb256910f31e9416f5b719d64f931bd6d71b54787841b3e49e01fe6ac9598ddb5ef1aeb3d1cabb75845d46806a494b6cf89ec9c8203b92dd0dadc5a3c02545cd005b5f26b7d2b848cb684cb58245d591472d5109e7fbe1175656d729fdd689af57802b33d7d53d427aa57eb0af7a63d9f73be83cd9c12bd06463083b4cc853aad416e9faf484fa069d3b7599b6fc6d94152811403201b91da2547ff6721b0ea237c37464b47b3b4f37384e50ba5773a63356991a5abef659e089cc95e5c3b6d8428115efcf9e89e2743b167d7b9824392d868c159fd1264bea8b9b8b26769d15a27df3af350e2a6e9e37b35c153bf980e8ad15de3b0f3add5f98eb2cbc03eeb2b04e6fb032991d7a88b14c7d2cf2959fc4ed27c4c93c13f5760d0803f10afb91effb45967b4793c58e4bc2e4348c93b4e59f1544a01e89530f6056cda3f972050ae79d9297af71cce0d82c764db2422967f05c9847715c66321e8ab0075a361e8fd78a956074945e687ec1ad01f8dfeb7f3ae2c25daff35617a5d752ad5b019689f10c789d0196f73011f5a4e002aebb676ccb2d8b92ff6c1eb60de10ed0d42f2d19fe96786938eca0fd09a3f16f7b52ef806183282c05ff9fccf96abd096b442c73c494c78c4161ce0599bf6e637664f5dbefa129e69a0d53525d77f871716052385649c1249a402a4a9ecadfd7182a4aba3fc48d76890dfe8a5442ff1b833b95fdb7ae5f052e5c18e9b0ad482ed80c4567f0d0645e6525e3390195b3a4314ab063ffca639d2b181efe15d5bb09e967900fd55ad9db7f6ba99268e0d7e2785c5b14f801b16b6fe9966bb3fa88352bc2ca79aa9a77ec5f9c271dcc62b6124a4d5ed1014fa6eb98521d4be4ca4323311d39e44002e71469326056d98af69fd42eed1dfec48d191587b35e2641abe8c80a2553b92cb43feea49505b5b5ca35dfaf06c693730033ebcad45b6b8026d4722b5c7e13d69269808f438816f77a7b1ed2d31ab44968657e70a51e8d98e520e3628014a09e55f36ca5c4c630d687b20e5a7bdfd6d43613fd3738c8ec1464561586987388885b7a424c949a3110e5de795ffdcf1ef43fb8b5b0364cdb0e9a62c1c6922f08125d456f0ee5d58fa670ff071a8d5b57c06efe30d960f9a67d3dd7dd6ec13c799f9b89d90593ba794c5c582f8bd583af0a59043a1da36cee8e2cc173610960e33300ec48cf7281887ffe66e7ec113a29ed339556d84d638ae9554bb20f2a7695da8bcad10e5f155fe5d54eb511087f7abb4a8ae9e78e233b1e079a44c9cdf2529ed3166c24f80a2bda3b2dfdd2e1c2f650cc35fccf8cb17c03681c6f379f535eeaf46caa1dd95f0b72ea6cf301f2d713844b36c7e90e052528f04a668e1dc5ed11e95bbb86268c712af3f6c77d538c9d3dafeceaacc7ba6b20d9266d75c7470d627725700bfd36a9faf5488532a0871a00e18466f3499e3e3270513168d05f52472045b8558d3fb7880805b6fe3a56b3df9eaea72d147f94ee09e763fcf66d0c71b708fb842bbe619eeeaf483fa717864ab435ca03503285591364727a3615582c80d2023897f7bfdda9b00d095ec11f42482f3851a9232ed09ec6733d54020a9e3b98cb3a014f094e9d968672632a30f967a6d2f00c64fb0aefbeb64510edca5496c9f69379f71412f08fe6afeeb604040a42f00290bc04a40f66f0b84c9c6d7e4d1bc213ed49142215b259be08a0a305c68cbec769ce195ea62b7a2ce632da0a98b469284fd7802bb8c47943ac1c8a7a2b0ee36ed45cde2d13cc00ecc11ca9516d9e917fa28d703566b8d5743c5aba0da662f0446768c6d0df6773d1b0c46dac6a6213aa7b5095a8bd9f34048394a8baac9ec65d740ad8acb8eb683702eaf509c30b547bf355561ca00841efdccd413295a430344d17d2d5f4f435d0a33fafe1b4f6826e9d91436b379cc46039551997e54692487562f65a406b769f2856d37c87a73e2e3738c9afdfa5e0f088bbd2799c7c722c23a7cc37266af557beecb9cc8340bc76ba85a147530f3a9bd8cfe82358c0d799f0687540d463e0f010d1e914f043027284292bf31af75301e27689910393e41f877832797dd7c184249e7b2ec0a79b0decb9a3eead5b3c82ac60fe1485829bf75b8af597b5fd9e47460ebb6d809733eb790027094b019ef2bfb76d75876a5e1e312e80e841c5e074c78b35be6a4070c99372dbb13dc27966a8d448b8e3225b11af907985f3142d41da70a682166814fce9e535cca37058bbb3a02894f6ada82c266e763f431d7e1926da2fc86805b02d6af712c82e7a36e667bd3091661be9cc0cdbd3b3cc690594cf8bac39dd9dac1f883cfb0e500759b0e5dc36721b3ed452addc26d39733a2d76d852d897298009dea9546bae66e9aac7f35277e025d440ca93fdec4bbd58970a130fc79056af96f81b0461ef0e16d4fb12014313438a4bb95b2f9cac98e24a713ed14b539ceddf55e90b6c000044a24be6597e2c5a397a772d7c493ad53a05d6076b584ee7c1615ee7f9de627ac9d7d0d4a12b5a080a9c4977da436704bc9eb9f1d25ba91498e4b575550a69aab83e9157a910c4b2907ea97bcc171dcb7ff6fa982dee16d5c5aaaf93fcc225a6c67c96e54ead190f9c6f949b8025988a46d29c86cf18623882d5aa996a3ece81881ba63e0e7d62b585a179631c7e22f924be7aad5699af389c6651c92848153007d9929683648c8a3fb102a50d9a3e9c83e6cabeae5f97d7faad7a803f8c6dbd9237fa4bec7b33db2cc4db5cd7b3baf1c4f4ddc1f16ec6484cbd1adecab06617045b2d5bac8d1bf97a37ed2780a967a678095a6849cabd87256dbe46f52c960ba8ead52e666a131abfb019d2ac7dd2b055bf91168322b23821a522d241f27a2e7ef892d589a0e55b606167e53b0725a089cae5ef65f02f8a2f32dedb370bf2dc34dac5218be294e755915b399cece7e5c3fa887909961a3d626e4a43bab7edd193a9bc0a7a764640943a635fec7722ff8b3add819b26b78c4e54ff970c15d6b27971cd135d288f081a66e792a8ee5b2d89d5945a99f4216ac21fd9a61e305b4a908f4cbe38e5ccd5eab65f5962877a570524809dffa4ca0ed90d505601d7d244273f20cc47feca7259bd1362e334be459e25a59d4873fc8ede03744c88599a5e5f2a6fb0ca08d085e40c8bd71a0777f7715153e71f4a67f6bb73bbbcd766a9dd4287671dcf6b7daacc4f4b81b32ea0d0381fc32807fe9393249e596d3d5ae4bc5a1cb3e48d63478679eb381fbe8cafd2c6890ba29c1af695f2597c6b472a163b7584dde7327933b9d5e88e0d77e3a3d526a619966dde7f82c7ab7a67a59ded2c880ee0e2f736f054b7d99cc68df48c28d76ab12762c85d07a1f3215d3d4ef2ebd65b0f7eacf62ec12997ccdada731992513263a06e063c27eccfdb3c9d1199136c1a2c3d6b5ea6b2e96c9aa6be3bfbda408b2779ad4eba91809a495c1b872e40d49b0acf4b19b4677e6ea8d07b9a621816c4c5f0e5aa364d4803567da0b2b646604563b31aaa298130576690cbab52bf1ddad7c64a7a416ceb36d6b3202f377ed003e8d74cabd4a6a7be18c95716022cc30c45157d6743785746cf8b0e21ec3208336ab0a43ad9c058fffa3021f84ca8b037dea55254ab944493ca03d025a4b42df3e5b830b81471cddf81fd14aed18e45cfed27b1ef015827942f833a0eee4cc0fcd57f0180f83f32e17d27e4784e42eb1a256404aa6e12f9daabddb907230b20693f3bc74723be6808d95c6463ef7bb6bc4a756fdc805ef4077303e5cd504e6c1754ee8303ee92b94808782984f75c0df49436d3859c092133b0545dac0d8f84fc95a1f0f38e4ecbe3f935d33e86b97bb11ca6f502a602bc7e05b4e6514ddc8ae4d8231874b350b32f96ff6cfbe03f1bf5a0fda73c15eca00afe85c026f5e34e699910ab16502b224b8f383a9a863ca351a1e87c17baadb3f7141aa1295a2a6be4d88d1347da9c356ba9b3bfcc678b58add1b224a0c9b7c3cc4c828abc56acd320e8a8ad22da90a0cf6ae40a471c150581da040297aed0e4889c5963bd8c1415acecbd932f9acda87315e3b2dade276b8324dc7d95141cdd8c4fba82c834a95f9efeb2c74c31e7fd32f96a6a68d9e9942c0bdc55bedd1617e47420877b9f640094a37ceea39656468215ebe789a277f585adc1cc0285b53e33afae1616b0806aeed78b6cc4da54e3bdfa3d49ead4e4fa3623f86a4dfa3042ed403684c62a5d148a30c99c24c3cf9a8858e02800e49e0eed84472a559c9f208f6c3310050e4c5948320b5b4eeefe583bb0bcc0bc01356e76e3465f66a7d0c56ca7abc069db5bd7ad20ec01307f391b5bc890b5034271ee31d5bd374a9422a08ce949667512c8d0bb60eb5d4d22fa0e2a5d172edc7b7386abe63222ef8fc5c676828a1441c5ed19ed5827b0d73d568efc51f46f65ea4f205ac26924d6a7f11477fe23049e0de65bd534c81756556c1cd8bc70b3ce71e4e13d44500773e0767bc735c98f0e1d06dc79e43b946a2faaf698e188cf5909e433edbc546beffcbdea76064ff9d5d56273ca05af42c541b896bc5a942665599c9a8f52db36dbd6d42e8f9bb3446df5f44e3971eb408d0c63381b4aa5997441e01a5eff9fa51d82b7d60d8c3ead784e50b562db074b19e855e8290896b808611c40ed7e0691f758103208900d69cd4c86310318d339eeb473b4bea27be94622560cf35416eea7333bb72110afe202dfcc55c755ed32ea9b4851378b554546b52ebd71b90828733ac3040daf1e3d23bfcadd20bb9248731ab11155aebd259b7e693ebad5d43e6a85f14ea317f31eca905634f9e8d5b1ff73dc5dbd2bbeef6c2965932c885969e00e1939685b472c097b4504c9e6f273e1038045e5ac4010ac232288b77de7d3433a143292f145465b6d1f9020aa4f8405bda4310059b82ad8fd41e698a7824456e11f44e577dc5d5a0eb93b98421a2867c3d40627f9061c1d5689205915c7a91da42348ad3bd12038d84175bddaee423b73c93aebf873c850ef44d66324a80ad0cf268998d71fac6988cb0b1879ebcb6c4c3bce2c45daf73db246bc55fb8221341ef760f5f5264113a437e03cbcf03bb276cdc4100138afc6a1eeb9d90e7f43ce8abbd8be6b9c5b54920f76f07d1557167292feb4c970da3f582d40c0661af8f043e01db8016e2600f655175fa7d705bda3a14d1733ccf6603b7f8709b71f2046211468460791330234fa21f417e6a68cdb1d4496808923a87d02f0ebfb09e102a7c9f7c870c082d6993d10e0de2dbe119ac811848661ab30ab8d7a528acf262bf7d21c2f235e5638be58171b61bed99ac3fef801562aabcf3feff77fe9498d09de3e9c3cf18914392433030595aa31d9c79abc29350a2a2a1d0c2f311246", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c) (async)
ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x100c})
keyctl$clear(0x7, 0x0) (async)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000009) (async)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0xf, 0x1, 0x1, "7e0efe3287fdaced3d4fd6e8c46a2ca55aab2500000000b482b200", 0x31363553})

3.962028066s ago: executing program 1 (id=250):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002740)='/proc/tty/drivers\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000002780)=""/59, 0x3b, 0xf27b)
socket$inet6(0xa, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0xe00})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.events\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000680)={'#! ', './file0', [], 0xa, "e0b50b22520ae388630d4f16b4b2a406077367f92156060a9d4d6b80b301f7e93cb9c91125c88680dde85b7eca0d6678a8cac4d72dd1"}, 0x41)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f0000000040)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x3})
r5 = dup(r2)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffa, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000180), &(0x7f00000001c0))
io_uring_enter(r6, 0x708, 0x41e3, 0x0, 0x0, 0x0)
flock(r6, 0x5)
mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x20000000, 0x4000000000003, 0x2})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.swap.current\x00', 0x275a, 0x0)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)

3.818785218s ago: executing program 2 (id=251):
r0 = io_uring_setup(0x64ec, &(0x7f0000000180)={0x0, 0x8064, 0x2, 0x3, 0x2})
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x19, 0x20000000, 0x0)

3.81769774s ago: executing program 0 (id=252):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x100004, "c501440f42745b24ec8dfb60b21508f286600000000000000000963300"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x100004, "c501440f4274b21508f28600"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, r5)
ioctl$PPPIOCSFLAGS(0xffffffffffffffff, 0x40047459, &(0x7f0000000080)=0x8000000)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x14)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x5)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), 0xffffffffffffffff)
r6 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$inet_MCAST_JOIN_GROUP(r6, 0x0, 0x2a, &(0x7f0000000480)={0x9, {{0x2, 0x4e20, @private=0xa010100}}}, 0x88)

3.7310136s ago: executing program 1 (id=253):
openat$fb0(0xffffffffffffff9c, &(0x7f0000004380), 0x40, 0x0)
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x1, &(0x7f0000000240))
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_wait(r8, &(0x7f0000000340)=[{}], 0x1, 0x1000)

3.728312036s ago: executing program 2 (id=254):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @void, @value}, 0x90)
socket$inet6(0xa, 0x1, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$llc(0xffffffffffffffff, 0x0, 0x0)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/210, 0xd2}], 0x1}, 0x61)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x34}}, 0x0)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, 0x0, 0x0)
r3 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000000)
socket$nl_route(0x10, 0x3, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)

2.362443069s ago: executing program 2 (id=255):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000004c0)={r0, 0x0, 0x0, 0x4}, 0x20)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan1\x00'})
socket$inet6_sctp(0xa, 0x0, 0x84)
getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000006c0), &(0x7f0000000000)=0x8)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x56)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r6=>0x0})
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r7, &(0x7f0000000080)={0x1d, r6, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r7, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
close(r7)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600))
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x0, {0x0, 0x0, 0x74, r8, {0x6, 0x8}, {0x5, 0xfff3}, {0xfff1, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0x0)

1.685231292s ago: executing program 4 (id=256):
r0 = socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x400000000000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="24000000240035b90000000000000000070000000600040000ef000006000300"], 0x24}}, 0x0)
r6 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c", 0x68, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r3, r4, r6}, 0x0, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="68000000d70000002bbd7000ffdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="100001800c0004800800010000080000100001800c00048008000200130000000c00018005000300030000000c000180060002000c0000000c00018005000300030000000c00018008000100ceb50400"], 0x68}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$media(&(0x7f0000000040), 0x7, 0x20000)
ioctl$MEDIA_IOC_ENUM_LINKS(r8, 0xc0287c02, &(0x7f00000003c0)={0x80000000, &(0x7f0000000300), &(0x7f0000000880)})
sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x3, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@delneigh={0x30, 0x1a, 0x1, 0x8, 0x25dfdbfc, {0x2}, [@NDA_CACHEINFO={0x14, 0x3, {0x7}}]}, 0x30}}, 0x0)

1.530841265s ago: executing program 1 (id=257):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = getpgid(0xffffffffffffffff)
timer_create(0x3, &(0x7f0000000180)={0x0, 0x5, 0x4, @tid=r0}, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = socket$isdn_base(0x22, 0x3, 0x0)
bind$isdn_base(r4, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x6, 0x400000)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r6, 0x4008af13, &(0x7f0000000300)={0x0, 0xfffffff3})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810)
socket$l2tp6(0xa, 0x2, 0x73)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0xa400, 0x0)

1.49213598s ago: executing program 4 (id=258):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000801, 0x0, &(0x7f00000000c0)={0x0, 0x5b7f, 0x7fffffff, 0x0, 0x9, 0x9, 0x0, 0x0, 0xde})

1.383470956s ago: executing program 3 (id=259):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000"], 0x48)
socket$tipc(0x1e, 0x5, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="540000000a0601020000000000000000020000000900020073797a310000000005000100070000002c0007800c00018008000140ffffffff0500070029000000060004404e2100000c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_udp(0xa, 0x2, 0x0)
epoll_create1(0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x8, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
sendmsg$NL80211_CMD_JOIN_MESH(r2, 0x0, 0x40)
ppoll(&(0x7f0000000500), 0x0, 0x0, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.266918415s ago: executing program 4 (id=260):
r0 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x58}}, 0x0) (async, rerun: 32)
r5 = gettid() (rerun: 32)
ptrace$ARCH_SHSTK_STATUS(0x1e, r5, &(0x7f0000002140), 0x5005) (async, rerun: 64)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0xfffffffe, 0x4002}, &(0x7f0000001840), &(0x7f00000004c0)) (rerun: 64)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>r0, {0x10001}}, './file0\x00'})
read$FUSE(r6, &(0x7f0000000100)={0x2020}, 0x2020) (async)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='%*{*\x00', &(0x7f0000000040)='hfs\x00', 0x0)

1.174423335s ago: executing program 2 (id=261):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r0)
mknod(&(0x7f0000000040)='./file0\x00', 0x8, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0xff09, 0x0)

1.032070507s ago: executing program 2 (id=262):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x5e, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x22)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="ae29ace5bffbc200dcef2baf5bbc28ac204007cc4c0784e23101dc35cce21e5a5715d965b5a69a59cb035e5c23e652aadca701e62946a0674a7656ae3a6b4405dc1bed87d00942fe0b2a51a2ccf301cc8535a94dd879801de36f7d241b90f38b5e1d807b220645", @ANYRESHEX=r1], 0x70}, 0x1, 0x0, 0x0, 0x20008010}, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(0xffffffffffffffff, 0x3ba0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf09000000"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502) (fail_nth: 1)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
flock(0xffffffffffffffff, 0x2)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x109, 0x0)
socket$inet(0x2, 0x2, 0x7)

351.621664ms ago: executing program 0 (id=263):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x5e, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x22)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="ae29ace5bffbc200dcef2baf5bbc28ac204007cc4c0784e23101dc35cce21e5a5715d965b5a69a59cb035e5c23e652aadca701e62946a0674a7656ae3a6b4405dc1bed87d00942fe0b2a51a2ccf301cc8535a94dd879801de36f7d241b90f38b5e1d807b220645", @ANYRESHEX=r1], 0x70}, 0x1, 0x0, 0x0, 0x20008010}, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000640)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000680)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(0xffffffffffffffff, 0x3ba0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000440)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48801}, 0x4)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x15, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000800000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000a0000000bf09000000"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, @sk_reuseport, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r4, 0x40186f40, 0x20000502)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})
flock(0xffffffffffffffff, 0x2)
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='befs\x00', 0x109, 0x0)
socket$inet(0x2, 0x2, 0x7)

0s ago: executing program 3 (id=264):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000240))
pipe(&(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3800000, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_int(r3, &(0x7f0000000200)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000280)=0x100000000000000, 0x12)
open_tree(r2, &(0x7f0000000680)='./file0\x00', 0x80000)
r5 = socket$inet_dccp(0x2, 0x6, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$int_in(r5, 0x5452, &(0x7f0000000400)=0x9)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e23, 0x7f, @remote, 0xffffffff}, 0x1c)
connect$inet(r5, &(0x7f0000e5c000)={0x2, 0x4e23, @local}, 0x10)

kernel console output (not intermixed with test programs):

 249 > 1
[   56.860584][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   56.861327][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   56.868842][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   56.882402][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   56.891043][ T5830] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   56.891823][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   56.903225][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   56.906573][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   56.913404][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   56.920268][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   56.927025][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   56.934346][ T5827] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   56.942324][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   56.947323][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   56.954735][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   56.961712][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   56.968791][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   56.983020][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   56.983435][ T5830] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   56.990291][ T5827] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   56.998125][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.004379][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   57.019435][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.026434][   T29] kauditd_printk_skb: 9 callbacks suppressed
[   57.026449][   T29] audit: type=1400 audit(1738101501.993:107): avc:  denied  { read } for  pid=5814 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   57.055249][   T29] audit: type=1400 audit(1738101501.993:108): avc:  denied  { open } for  pid=5814 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   57.108097][   T29] audit: type=1400 audit(1738101501.993:109): avc:  denied  { mounton } for  pid=5814 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   57.309560][   T29] audit: type=1400 audit(1738101502.283:110): avc:  denied  { module_request } for  pid=5814 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   57.417144][ T5813] chnl_net:caif_netlink_parms(): no params data found
[   57.431253][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   57.440988][ T5812] chnl_net:caif_netlink_parms(): no params data found
[   57.491798][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   57.500668][ T5816] chnl_net:caif_netlink_parms(): no params data found
[   57.597727][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.605559][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.613084][ T5814] bridge_slave_0: entered allmulticast mode
[   57.619964][ T5814] bridge_slave_0: entered promiscuous mode
[   57.629800][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.636859][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.644215][ T5813] bridge_slave_0: entered allmulticast mode
[   57.650685][ T5813] bridge_slave_0: entered promiscuous mode
[   57.662147][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.669252][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.676657][ T5814] bridge_slave_1: entered allmulticast mode
[   57.683236][ T5814] bridge_slave_1: entered promiscuous mode
[   57.694766][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.701906][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.709037][ T5813] bridge_slave_1: entered allmulticast mode
[   57.715688][ T5813] bridge_slave_1: entered promiscuous mode
[   57.757561][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.764861][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.772422][ T5812] bridge_slave_0: entered allmulticast mode
[   57.778809][ T5812] bridge_slave_0: entered promiscuous mode
[   57.794303][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.808988][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.817227][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.824671][ T5823] bridge_slave_0: entered allmulticast mode
[   57.832207][ T5823] bridge_slave_0: entered promiscuous mode
[   57.840669][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   57.851156][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.858273][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.865478][ T5812] bridge_slave_1: entered allmulticast mode
[   57.871999][ T5812] bridge_slave_1: entered promiscuous mode
[   57.879632][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.888821][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.896133][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.903334][ T5816] bridge_slave_0: entered allmulticast mode
[   57.910059][ T5816] bridge_slave_0: entered promiscuous mode
[   57.916630][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.923713][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.931082][ T5823] bridge_slave_1: entered allmulticast mode
[   57.937485][ T5823] bridge_slave_1: entered promiscuous mode
[   57.945081][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   57.971149][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.978237][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.986573][ T5816] bridge_slave_1: entered allmulticast mode
[   57.993594][ T5816] bridge_slave_1: entered promiscuous mode
[   58.035279][ T5814] team0: Port device team_slave_0 added
[   58.043656][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.054640][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.065521][ T5813] team0: Port device team_slave_0 added
[   58.074875][ T5813] team0: Port device team_slave_1 added
[   58.082381][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.094028][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.104444][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.114878][ T5814] team0: Port device team_slave_1 added
[   58.141340][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.166244][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.173443][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.199807][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.213548][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.220814][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.246762][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.274937][ T5812] team0: Port device team_slave_0 added
[   58.283085][ T5812] team0: Port device team_slave_1 added
[   58.295063][ T5816] team0: Port device team_slave_0 added
[   58.302520][ T5823] team0: Port device team_slave_0 added
[   58.308570][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.316435][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.342507][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.375380][ T5816] team0: Port device team_slave_1 added
[   58.382434][ T5823] team0: Port device team_slave_1 added
[   58.388482][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.395495][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.421485][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.437256][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.444329][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.470795][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.482886][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.489943][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.517764][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.560584][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.567543][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.594461][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.608088][ T5813] hsr_slave_0: entered promiscuous mode
[   58.615093][ T5813] hsr_slave_1: entered promiscuous mode
[   58.622825][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.629897][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.655844][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.667556][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.674663][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.700896][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.712264][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.719200][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.745486][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.785408][ T5814] hsr_slave_0: entered promiscuous mode
[   58.792145][ T5814] hsr_slave_1: entered promiscuous mode
[   58.797943][ T5814] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.805769][ T5814] Cannot create hsr debugfs directory
[   58.824760][ T5812] hsr_slave_0: entered promiscuous mode
[   58.830854][ T5812] hsr_slave_1: entered promiscuous mode
[   58.836633][ T5812] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.844317][ T5812] Cannot create hsr debugfs directory
[   58.887548][ T5816] hsr_slave_0: entered promiscuous mode
[   58.893852][ T5816] hsr_slave_1: entered promiscuous mode
[   58.900058][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.907599][ T5816] Cannot create hsr debugfs directory
[   58.930988][ T5823] hsr_slave_0: entered promiscuous mode
[   58.936982][ T5823] hsr_slave_1: entered promiscuous mode
[   58.943615][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   58.951220][ T5823] Cannot create hsr debugfs directory
[   59.070186][   T54] Bluetooth: hci4: command tx timeout
[   59.070341][ T5817] Bluetooth: hci3: command tx timeout
[   59.075723][ T5820] Bluetooth: hci1: command tx timeout
[   59.081278][ T5827] Bluetooth: hci0: command tx timeout
[   59.149711][ T5827] Bluetooth: hci2: command tx timeout
[   59.166440][ T5813] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   59.178076][ T5813] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   59.197440][ T5813] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   59.206599][ T5813] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   59.253422][ T5814] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   59.262702][ T5814] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   59.274064][ T5814] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   59.285475][ T5814] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   59.332474][ T5812] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   59.343092][ T5812] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   59.362228][ T5812] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   59.371303][ T5812] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   59.440156][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   59.448571][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   59.457982][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   59.470403][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   59.520242][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.557686][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.575098][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.598310][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   59.606335][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.616324][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.627067][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.645763][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   59.656448][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.666841][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.674129][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.686507][ T4372] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.693641][ T4372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.712302][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.719420][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.752760][ T4372] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.759882][ T4372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.787405][ T5812] 8021q: adding VLAN 0 to HW filter on device team0
[   59.815732][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.830710][ T3568] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.837753][ T3568] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.847868][ T3568] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.854963][ T3568] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.897040][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[   59.917472][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.948934][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.956079][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.960214][   T29] audit: type=1400 audit(1738101504.913:111): avc:  denied  { sys_module } for  pid=5814 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   60.013358][ T5812] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.043224][ T1334] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.050379][ T1334] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.083725][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   60.138849][ T4372] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.146012][ T4372] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.155856][ T4372] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.162986][ T4372] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.200225][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.207753][ T5823] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   60.219239][ T5823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.270862][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.364498][ T5813] veth0_vlan: entered promiscuous mode
[   60.376414][ T5814] veth0_vlan: entered promiscuous mode
[   60.394092][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.406467][ T5813] veth1_vlan: entered promiscuous mode
[   60.428035][ T5814] veth1_vlan: entered promiscuous mode
[   60.462215][ T5813] veth0_macvtap: entered promiscuous mode
[   60.476145][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.502246][ T5813] veth1_macvtap: entered promiscuous mode
[   60.514654][ T5814] veth0_macvtap: entered promiscuous mode
[   60.535654][ T5814] veth1_macvtap: entered promiscuous mode
[   60.547768][ T5812] veth0_vlan: entered promiscuous mode
[   60.566799][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.582377][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.594054][ T5813] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.603353][ T5813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.612892][ T5813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.621753][ T5813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.631975][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.642825][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.653766][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.664050][ T5812] veth1_vlan: entered promiscuous mode
[   60.677921][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.701040][ T5814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.712560][ T5814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.724315][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.734724][ T5814] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.743898][ T5814] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.757328][ T5814] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.766873][ T5814] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.788241][ T5823] veth0_vlan: entered promiscuous mode
[   60.817722][ T5823] veth1_vlan: entered promiscuous mode
[   60.845759][ T5812] veth0_macvtap: entered promiscuous mode
[   60.868308][ T5812] veth1_macvtap: entered promiscuous mode
[   60.926222][ T5823] veth0_macvtap: entered promiscuous mode
[   60.935975][ T5823] veth1_macvtap: entered promiscuous mode
[   60.979858][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.983620][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.987836][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.001897][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.016203][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.027419][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.038287][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.046060][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.056873][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.068237][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.080183][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.090077][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   61.100641][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.111694][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.139547][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.147401][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.151384][ T5827] Bluetooth: hci4: command tx timeout
[   61.155143][ T5817] Bluetooth: hci1: command tx timeout
[   61.164032][   T54] Bluetooth: hci0: command tx timeout
[   61.165476][ T5817] Bluetooth: hci3: command tx timeout
[   61.173653][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.187205][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.197269][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.207926][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.218620][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.228463][ T5823] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.239646][ T5817] Bluetooth: hci2: command tx timeout
[   61.245245][ T5823] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.254181][ T5823] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.263045][ T5823] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.278805][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.289785][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.299620][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.310700][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.320559][ T5812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   61.331088][ T5812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   61.341705][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.354774][ T5812] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.363791][ T5812] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.372845][ T5812] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.381832][ T5812] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.395710][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.404791][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.426438][   T29] audit: type=1400 audit(1738101506.393:112): avc:  denied  { mounton } for  pid=5813 comm="syz-executor" path="/root/syzkaller.koGt19/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   61.453594][   T29] audit: type=1400 audit(1738101506.393:113): avc:  denied  { mount } for  pid=5813 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   61.456060][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.487890][   T29] audit: type=1400 audit(1738101506.393:114): avc:  denied  { mounton } for  pid=5813 comm="syz-executor" path="/root/syzkaller.koGt19/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   61.495107][ T5816] veth0_vlan: entered promiscuous mode
[   61.518735][   T29] audit: type=1400 audit(1738101506.393:115): avc:  denied  { mount } for  pid=5813 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   61.534954][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.546184][   T29] audit: type=1400 audit(1738101506.393:116): avc:  denied  { mounton } for  pid=5813 comm="syz-executor" path="/root/syzkaller.koGt19/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   61.592398][ T5816] veth1_vlan: entered promiscuous mode
[   61.603216][ T5813] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   61.692717][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.707003][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.764902][ T4372] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.791603][ T3568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.803181][ T4372] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.816289][ T3568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.845702][ T5816] veth0_macvtap: entered promiscuous mode
[   62.140614][ T5900] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=215 sclass=netlink_route_socket pid=5900 comm=syz.3.4
[   62.197318][   T29] kauditd_printk_skb: 16 callbacks suppressed
[   62.197357][   T29] audit: type=1400 audit(1738101507.163:133): avc:  denied  { read } for  pid=5896 comm="syz.3.4" name="media7" dev="devtmpfs" ino=999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   62.199658][ T5816] veth1_macvtap: entered promiscuous mode
[   62.317100][   T29] audit: type=1400 audit(1738101507.283:134): avc:  denied  { open } for  pid=5896 comm="syz.3.4" path="/dev/media7" dev="devtmpfs" ino=999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   62.348013][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.359127][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.379464][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.394913][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.417295][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.428363][ T5897] netlink: 'syz.3.4': attribute type 3 has an invalid length.
[   62.439430][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.463007][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   62.490025][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.523436][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.534920][   T29] audit: type=1400 audit(1738101507.503:135): avc:  denied  { create } for  pid=5902 comm="syz.3.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   62.535271][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.626732][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.726105][   T29] audit: type=1400 audit(1738101507.693:136): avc:  denied  { create } for  pid=5907 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   62.768470][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.770279][   T29] audit: type=1400 audit(1738101507.713:137): avc:  denied  { mounton } for  pid=5812 comm="syz-executor" path="/root/syzkaller.68iBIH/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   62.789474][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.805366][   T29] audit: type=1400 audit(1738101507.713:138): avc:  denied  { write } for  pid=5907 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   62.920771][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   62.931298][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   62.941235][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.229445][ T5827] Bluetooth: hci4: command tx timeout
[   63.235700][ T5827] Bluetooth: hci0: command tx timeout
[   63.242165][ T5827] Bluetooth: hci1: command tx timeout
[   63.249028][ T5827] Bluetooth: hci3: command tx timeout
[   63.310719][ T5827] Bluetooth: hci2: command tx timeout
[   63.340099][   T29] audit: type=1400 audit(1738101507.833:139): avc:  denied  { map_create } for  pid=5902 comm="syz.3.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   63.362689][   T29] audit: type=1400 audit(1738101507.833:140): avc:  denied  { perfmon } for  pid=5902 comm="syz.3.6" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   63.372961][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.399457][ T5816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.410311][ T5816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.422787][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   63.448483][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.455954][   T29] audit: type=1400 audit(1738101507.833:141): avc:  denied  { map_read map_write } for  pid=5902 comm="syz.3.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   63.478852][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   63.490481][   T29] audit: type=1400 audit(1738101507.863:142): avc:  denied  { connect } for  pid=5902 comm="syz.3.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   63.665722][ T5816] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.681010][ T5816] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.844189][ T5816] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.907635][ T5816] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.139753][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   64.252417][ T5925] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   64.288985][ T5925] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   64.370226][ T5815] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   64.550097][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   64.752998][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.763090][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.899550][ T5815] usb 3-1: Using ep0 maxpacket: 32
[   64.912195][ T5815] usb 3-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   64.925549][ T5815] usb 3-1: config 1 interface 0 has no altsetting 0
[   64.935321][ T5815] usb 3-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[   64.945078][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   65.005572][ T5815] usb 3-1: Product: syz
[   65.010340][ T5815] usb 3-1: Manufacturer: syz
[   65.015025][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.023596][ T5815] usb 3-1: SerialNumber: syz
[   65.030360][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.321551][ T5827] Bluetooth: hci1: command tx timeout
[   65.327336][   T54] Bluetooth: hci0: command tx timeout
[   65.333294][ T5827] Bluetooth: hci4: command 0x0419 tx timeout
[   65.342172][ T5820] Bluetooth: hci3: command tx timeout
[   65.400240][ T5820] Bluetooth: hci2: command tx timeout
[   65.675968][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   65.699561][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   65.777493][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   65.879323][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   66.028919][ T5815] usbhid 3-1:1.0: can't add hid device: -71
[   66.054538][ T5815] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[   66.349822][ T5943] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   66.850073][ T5815] usb 3-1: USB disconnect, device number 2
[   66.895090][ T5821] udevd[5821]: setting mode of /dev/bus/usb/003/002 to 020664 failed: No such file or directory
[   66.909611][ T5821] udevd[5821]: setting owner of /dev/bus/usb/003/002 to uid=0, gid=0 failed: No such file or directory
[   67.241445][   T29] kauditd_printk_skb: 23 callbacks suppressed
[   67.241460][   T29] audit: type=1400 audit(1738101512.213:166): avc:  denied  { write } for  pid=5929 comm="syz.1.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   67.429472][ T5817] Bluetooth: hci4: command 0x0419 tx timeout
[   67.928896][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   67.937851][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   68.065981][   T29] audit: type=1400 audit(1738101512.673:167): avc:  denied  { create } for  pid=5951 comm="syz.4.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   68.066238][ T5955] lo speed is unknown, defaulting to 1000
[   68.091766][ T5955] lo speed is unknown, defaulting to 1000
[   68.099154][ T5955] lo speed is unknown, defaulting to 1000
[   68.106924][ T5955] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   68.117228][ T5955] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   68.134721][ T5955] lo speed is unknown, defaulting to 1000
[   68.141598][ T5955] lo speed is unknown, defaulting to 1000
[   68.148731][ T5955] lo speed is unknown, defaulting to 1000
[   68.154951][ T5955] lo speed is unknown, defaulting to 1000
[   68.161110][ T5955] lo speed is unknown, defaulting to 1000
[   68.168892][ T5955] lo speed is unknown, defaulting to 1000
[   68.297008][   T29] audit: type=1400 audit(1738101512.723:168): avc:  denied  { write } for  pid=5951 comm="syz.4.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   69.449373][   T29] audit: type=1400 audit(1738101513.743:169): avc:  denied  { create } for  pid=5959 comm="syz.2.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[   69.479462][ T5817] Bluetooth: hci4: command 0x0419 tx timeout
[   70.456666][   T29] audit: type=1400 audit(1738101515.093:170): avc:  denied  { unlink } for  pid=5959 comm="syz.2.16" name="#1" dev="tmpfs" ino=30 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   70.491866][   T29] audit: type=1400 audit(1738101515.093:171): avc:  denied  { mount } for  pid=5959 comm="syz.2.16" name="/" dev="overlay" ino=25 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   70.839128][   T29] audit: type=1400 audit(1738101515.803:172): avc:  denied  { read } for  pid=5970 comm="syz.3.18" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   70.876166][   T29] audit: type=1400 audit(1738101515.833:173): avc:  denied  { open } for  pid=5970 comm="syz.3.18" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   71.023298][   T29] audit: type=1400 audit(1738101515.903:174): avc:  denied  { bind } for  pid=5967 comm="syz.4.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   71.620834][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[   71.629984][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[   71.990254][   T29] audit: type=1400 audit(1738101515.913:175): avc:  denied  { listen } for  pid=5967 comm="syz.4.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   72.108865][ T5983] FAULT_INJECTION: forcing a failure.
[   72.108865][ T5983] name failslab, interval 1, probability 0, space 0, times 1
[   72.231652][ T5983] CPU: 1 UID: 0 PID: 5983 Comm: syz.1.20 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   72.231679][ T5983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   72.231689][ T5983] Call Trace:
[   72.231694][ T5983]  <TASK>
[   72.231701][ T5983]  dump_stack_lvl+0x16c/0x1f0
[   72.231732][ T5983]  should_fail_ex+0x50a/0x650
[   72.231756][ T5983]  ? fs_reclaim_acquire+0xae/0x150
[   72.231781][ T5983]  should_failslab+0xc2/0x120
[   72.231799][ T5983]  kmem_cache_alloc_lru_noprof+0x73/0x3d0
[   72.231817][ T5983]  ? ksys_write+0x12b/0x250
[   72.231841][ T5983]  ? sock_alloc_inode+0x25/0x1c0
[   72.231866][ T5983]  ? __pfx_sock_alloc_inode+0x10/0x10
[   72.231885][ T5983]  sock_alloc_inode+0x25/0x1c0
[   72.231905][ T5983]  alloc_inode+0x5d/0x230
[   72.231923][ T5983]  sock_alloc+0x40/0x280
[   72.231943][ T5983]  do_accept+0xf8/0x530
[   72.231967][ T5983]  ? do_raw_spin_lock+0x12d/0x2c0
[   72.231984][ T5983]  ? __pfx_do_accept+0x10/0x10
[   72.232023][ T5983]  __sys_accept4+0xfe/0x1b0
[   72.232048][ T5983]  ? __pfx___sys_accept4+0x10/0x10
[   72.232071][ T5983]  ? ksys_write+0x1ba/0x250
[   72.232095][ T5983]  ? __pfx_ksys_write+0x10/0x10
[   72.232124][ T5983]  __x64_sys_accept+0x74/0xb0
[   72.232148][ T5983]  ? lockdep_hardirqs_on+0x7c/0x110
[   72.232172][ T5983]  do_syscall_64+0xcd/0x250
[   72.232188][ T5983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.232211][ T5983] RIP: 0033:0x7f884818cda9
[   72.232224][ T5983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.232239][ T5983] RSP: 002b:00007f8849092038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[   72.232256][ T5983] RAX: ffffffffffffffda RBX: 00007f88483a5fa0 RCX: 00007f884818cda9
[   72.232267][ T5983] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   72.232276][ T5983] RBP: 00007f8849092090 R08: 0000000000000000 R09: 0000000000000000
[   72.232285][ T5983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.232294][ T5983] R13: 0000000000000000 R14: 00007f88483a5fa0 R15: 00007ffead407998
[   72.232315][ T5983]  </TASK>
[   72.514349][   T29] kauditd_printk_skb: 2 callbacks suppressed
[   72.514364][   T29] audit: type=1400 audit(1738101517.483:178): avc:  denied  { read write } for  pid=5989 comm="syz.0.23" name="video0" dev="devtmpfs" ino=930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   72.666712][ T5997] FAULT_INJECTION: forcing a failure.
[   72.666712][ T5997] name failslab, interval 1, probability 0, space 0, times 0
[   72.673419][   T29] audit: type=1400 audit(1738101517.483:179): avc:  denied  { open } for  pid=5989 comm="syz.0.23" path="/dev/video0" dev="devtmpfs" ino=930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   72.720317][ T5997] CPU: 1 UID: 0 PID: 5997 Comm: syz.1.24 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   72.720348][ T5997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   72.720359][ T5997] Call Trace:
[   72.720364][ T5997]  <TASK>
[   72.720371][ T5997]  dump_stack_lvl+0x16c/0x1f0
[   72.720405][ T5997]  should_fail_ex+0x50a/0x650
[   72.720438][ T5997]  ? fs_reclaim_acquire+0xae/0x150
[   72.720464][ T5997]  ? tomoyo_realpath_from_path+0xb9/0x720
[   72.720487][ T5997]  should_failslab+0xc2/0x120
[   72.720508][ T5997]  __kmalloc_noprof+0xcb/0x510
[   72.720525][ T5997]  ? __pfx_lock_acquire.part.0+0x10/0x10
[   72.720555][ T5997]  tomoyo_realpath_from_path+0xb9/0x720
[   72.720579][ T5997]  ? tomoyo_path_number_perm+0x235/0x590
[   72.720599][ T5997]  ? tomoyo_path_number_perm+0x235/0x590
[   72.720616][ T5997]  tomoyo_path_number_perm+0x248/0x590
[   72.720630][ T5997]  ? tomoyo_path_number_perm+0x235/0x590
[   72.720649][ T5997]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   72.720689][ T5997]  ? __pfx_lock_release+0x10/0x10
[   72.720711][ T5997]  ? trace_lock_acquire+0x14e/0x1f0
[   72.720733][ T5997]  ? lock_acquire+0x2f/0xb0
[   72.720753][ T5997]  ? __fget_files+0x40/0x3a0
[   72.720772][ T5997]  ? __fget_files+0x206/0x3a0
[   72.720791][ T5997]  security_file_ioctl+0x9b/0x240
[   72.720814][ T5997]  __x64_sys_ioctl+0xb7/0x200
[   72.720841][ T5997]  do_syscall_64+0xcd/0x250
[   72.720859][ T5997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.720883][ T5997] RIP: 0033:0x7f884818cda9
[   72.720895][ T5997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.720910][ T5997] RSP: 002b:00007f8849092038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.720926][ T5997] RAX: ffffffffffffffda RBX: 00007f88483a5fa0 RCX: 00007f884818cda9
[   72.720935][ T5997] RDX: 00000000200001c0 RSI: 00000000c05c6104 RDI: 0000000000000003
[   72.720944][ T5997] RBP: 00007f8849092090 R08: 0000000000000000 R09: 0000000000000000
[   72.720952][ T5997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   72.720960][ T5997] R13: 0000000000000000 R14: 00007f88483a5fa0 R15: 00007ffead407998
[   72.720977][ T5997]  </TASK>
[   72.721006][ T5997] ERROR: Out of memory at tomoyo_realpath_from_path.
[   72.950095][   T29] audit: type=1400 audit(1738101517.483:180): avc:  denied  { read write } for  pid=5989 comm="syz.0.23" name="sg0" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   73.075172][   T29] audit: type=1400 audit(1738101517.483:181): avc:  denied  { open } for  pid=5989 comm="syz.0.23" path="/dev/sg0" dev="devtmpfs" ino=726 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   73.099161][   T29] audit: type=1400 audit(1738101517.553:182): avc:  denied  { ioctl } for  pid=5989 comm="syz.0.23" path="/dev/video0" dev="devtmpfs" ino=930 ioctlcmd=0x5644 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   73.123847][   T29] audit: type=1400 audit(1738101517.813:183): avc:  denied  { name_bind } for  pid=5994 comm="syz.0.25" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   73.144766][   T29] audit: type=1400 audit(1738101517.813:184): avc:  denied  { node_bind } for  pid=5994 comm="syz.0.25" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   73.166400][   T29] audit: type=1400 audit(1738101517.813:185): avc:  denied  { read } for  pid=5994 comm="syz.0.25" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   73.193985][   T29] audit: type=1400 audit(1738101517.813:186): avc:  denied  { open } for  pid=5994 comm="syz.0.25" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   73.369362][ T5865] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   73.696049][ T6006] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=215 sclass=netlink_route_socket pid=6006 comm=syz.4.29
[   73.712011][ T6006] netlink: 'syz.4.29': attribute type 3 has an invalid length.
[   73.735607][ T5865] usb 1-1: unable to get BOS descriptor or descriptor too short
[   73.759996][ T5865] usb 1-1: not running at top speed; connect to a high speed hub
[   73.802070][ T5865] usb 1-1: config 129 has an invalid interface number: 135 but max is 0
[   73.818130][ T5865] usb 1-1: config 129 has an invalid interface number: 5 but max is 0
[   73.969377][ T5831] Bluetooth: hci4: command 0x0419 tx timeout
[   74.083408][ T6015] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   74.608219][ T5865] usb 1-1: config 129 descriptor has 1 excess byte, ignoring
[   74.666592][ T5865] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[   74.758095][ T5865] usb 1-1: config 129 has no interface number 0
[   74.764893][ T5865] usb 1-1: config 129 has no interface number 1
[   74.775520][ T5865] usb 1-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[   74.789878][ T5865] usb 1-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[   74.853549][ T5865] usb 1-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[   74.887288][ T5865] usb 1-1: config 129 interface 135 has no altsetting 0
[   74.905369][ T5865] usb 1-1: config 129 interface 5 has no altsetting 0
[   74.923474][ T5865] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[   74.940253][ T5865] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.968694][ T5865] usb 1-1: Product: syz
[   74.978806][ T5865] usb 1-1: Manufacturer: syz
[   74.985711][ T5865] usb 1-1: SerialNumber: syz
[   75.263795][ T5865] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   75.274216][ T5865] usb 1-1: MIDIStreaming interface descriptor not found
[   75.381002][ T5865] usb 1-1: USB disconnect, device number 2
[   75.399618][ T5867] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   75.496795][   T29] audit: type=1400 audit(1738101520.463:187): avc:  denied  { ioctl } for  pid=6025 comm="syz.3.34" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=7585 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   75.665255][ T5867] usb 3-1: Using ep0 maxpacket: 32
[   75.704509][ T5867] usb 3-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   75.743054][ T5867] usb 3-1: config 1 interface 0 has no altsetting 0
[   75.753407][ T5867] usb 3-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[   75.764719][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.812069][ T6029] udevd[6029]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   76.049531][ T5817] Bluetooth: hci4: command 0x0419 tx timeout
[   76.049565][ T5867] usb 3-1: Product: syz
[   76.080949][ T5867] usb 3-1: Manufacturer: syz
[   76.085648][ T5867] usb 3-1: SerialNumber: syz
[   76.376221][ T6024] netlink: 56 bytes leftover after parsing attributes in process `syz.2.33'.
[   76.397996][ T5867] usbhid 3-1:1.0: can't add hid device: -71
[   76.404588][ T5867] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[   76.428932][ T5867] usb 3-1: USB disconnect, device number 3
[   76.526419][ T6039] FAULT_INJECTION: forcing a failure.
[   76.526419][ T6039] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   76.540039][ T6039] CPU: 0 UID: 0 PID: 6039 Comm: syz.3.36 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   76.540052][ T6039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   76.540057][ T6039] Call Trace:
[   76.540060][ T6039]  <TASK>
[   76.540063][ T6039]  dump_stack_lvl+0x16c/0x1f0
[   76.540081][ T6039]  should_fail_ex+0x50a/0x650
[   76.540097][ T6039]  _copy_to_user+0x32/0xd0
[   76.540111][ T6039]  simple_read_from_buffer+0xd0/0x160
[   76.540126][ T6039]  proc_fail_nth_read+0x198/0x270
[   76.540139][ T6039]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   76.540151][ T6039]  ? rw_verify_area+0xcf/0x680
[   76.540163][ T6039]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   76.540175][ T6039]  vfs_read+0x1df/0xbf0
[   76.540188][ T6039]  ? __fget_files+0x1fc/0x3a0
[   76.540196][ T6039]  ? __pfx___mutex_lock+0x10/0x10
[   76.540210][ T6039]  ? __pfx_vfs_read+0x10/0x10
[   76.540226][ T6039]  ? __fget_files+0x206/0x3a0
[   76.540238][ T6039]  ksys_read+0x12b/0x250
[   76.540250][ T6039]  ? __pfx_ksys_read+0x10/0x10
[   76.540266][ T6039]  do_syscall_64+0xcd/0x250
[   76.540276][ T6039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.540289][ T6039] RIP: 0033:0x7f7b7c78b7bc
[   76.540298][ T6039] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   76.540306][ T6039] RSP: 002b:00007f7b7d66e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   76.540314][ T6039] RAX: ffffffffffffffda RBX: 00007f7b7c9a5fa0 RCX: 00007f7b7c78b7bc
[   76.540320][ T6039] RDX: 000000000000000f RSI: 00007f7b7d66e0a0 RDI: 0000000000000006
[   76.540325][ T6039] RBP: 00007f7b7d66e090 R08: 0000000000000000 R09: 0000000000000000
[   76.540330][ T6039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   76.540334][ T6039] R13: 0000000000000000 R14: 00007f7b7c9a5fa0 R15: 00007ffd98b8d2e8
[   76.540345][ T6039]  </TASK>
[   76.549833][ T5894] usb 1-1: new low-speed USB device number 3 using dummy_hcd
[   76.561805][  T973] cfg80211: failed to load regulatory.db
[   77.086339][ T5894] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[   77.609665][   T29] audit: type=1400 audit(1738101522.113:188): avc:  denied  { create } for  pid=6040 comm="syz.1.38" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   77.616886][ T5894] usb 1-1: config 179 has no interface number 0
[   77.683031][ T5894] usb 1-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[   77.709415][ T5894] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10
[   77.731968][ T5894] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x87 has invalid maxpacket 65535, setting to 8
[   77.936571][ T6051] vxfs: WRONG superblock magic 00000000 at 1
[   77.944345][ T6051] vxfs: WRONG superblock magic 00000000 at 8
[   77.950422][ T6051] vxfs: can't find superblock.
[   77.980387][ T6051] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.40'.
[   78.011794][   T29] audit: type=1400 audit(1738101522.933:189): avc:  denied  { write } for  pid=6050 comm="syz.1.40" name="config" dev="proc" ino=4026532950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   78.026322][ T5894] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[   78.078568][ T5894] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   78.171880][ T6058] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=215 sclass=netlink_route_socket pid=6058 comm=syz.4.41
[   78.316572][ T6058] netlink: 'syz.4.41': attribute type 3 has an invalid length.
[   78.498085][ T5894] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   78.532497][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.563901][ T6037] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   78.596968][   T29] audit: type=1400 audit(1738101523.563:190): avc:  denied  { setopt } for  pid=6055 comm="syz.2.42" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   78.660847][   T29] audit: type=1400 audit(1738101523.563:191): avc:  denied  { append } for  pid=6059 comm="syz.4.44" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   78.743391][   T29] audit: type=1400 audit(1738101523.563:192): avc:  denied  { ioctl } for  pid=6059 comm="syz.4.44" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   78.810881][  T973] usb 1-1: USB disconnect, device number 3
[   78.847874][   T29] audit: type=1400 audit(1738101523.633:193): avc:  denied  { write } for  pid=6059 comm="syz.4.44" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   79.491786][ T6075] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   80.186736][ T6074] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   80.701987][ T6082] netlink: 12 bytes leftover after parsing attributes in process `syz.4.50'.
[   80.811222][ T6085] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   81.334815][   T29] audit: type=1400 audit(1738101526.303:194): avc:  denied  { create } for  pid=6081 comm="syz.4.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   81.463812][   T29] audit: type=1400 audit(1738101526.353:195): avc:  denied  { setopt } for  pid=6081 comm="syz.4.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   81.559438][   T29] audit: type=1400 audit(1738101526.353:196): avc:  denied  { bind } for  pid=6081 comm="syz.4.50" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   81.640756][   T29] audit: type=1400 audit(1738101526.463:197): avc:  denied  { create } for  pid=6088 comm="syz.1.51" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   81.841208][ T6091] block nbd1: NBD_DISCONNECT
[   81.860315][ T6091] block nbd1: Disconnected due to user request.
[   81.870987][ T6091] block nbd1: shutting down sockets
[   82.243550][ T6098] warning: `syz.2.48' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   82.577375][ T6107] mkiss: ax0: crc mode is auto.
[   83.124234][   T29] kauditd_printk_skb: 1 callbacks suppressed
[   83.124250][   T29] audit: type=1400 audit(1738101527.693:199): avc:  denied  { setopt } for  pid=6099 comm="syz.3.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   84.139477][ T5865] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   84.438194][   T29] audit: type=1400 audit(1738101529.343:200): avc:  denied  { read write } for  pid=6115 comm="syz.4.58" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   84.521972][ T5865] usb 2-1: unable to get BOS descriptor or descriptor too short
[   84.525406][   T29] audit: type=1400 audit(1738101529.343:201): avc:  denied  { open } for  pid=6115 comm="syz.4.58" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   84.544497][ T5865] usb 2-1: not running at top speed; connect to a high speed hub
[   84.552919][   T29] audit: type=1400 audit(1738101529.353:202): avc:  denied  { mounton } for  pid=6115 comm="syz.4.58" path="/14/file0" dev="tmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   84.566234][ T5865] usb 2-1: config 129 has an invalid interface number: 135 but max is 0
[   84.598753][ T5865] usb 2-1: config 129 has an invalid interface number: 5 but max is 0
[   84.607636][ T5865] usb 2-1: config 129 descriptor has 1 excess byte, ignoring
[   84.615312][ T5865] usb 2-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[   84.631206][ T5865] usb 2-1: config 129 has no interface number 0
[   84.637735][ T5865] usb 2-1: config 129 has no interface number 1
[   84.717049][   T29] audit: type=1400 audit(1738101529.463:203): avc:  denied  { read } for  pid=6115 comm="syz.4.58" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   84.744398][ T5865] usb 2-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[   84.758505][ T5865] usb 2-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[   84.770104][ T5865] usb 2-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[   84.783353][ T5865] usb 2-1: config 129 interface 135 has no altsetting 0
[   84.791957][ T5865] usb 2-1: config 129 interface 5 has no altsetting 0
[   84.803909][ T5865] usb 2-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[   84.813281][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.821365][ T5865] usb 2-1: Product: syz
[   84.826092][ T5865] usb 2-1: Manufacturer: syz
[   84.831217][ T5865] usb 2-1: SerialNumber: syz
[   84.848319][   T29] audit: type=1400 audit(1738101529.473:204): avc:  denied  { open } for  pid=6115 comm="syz.4.58" path="/dev/dri/renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   85.055382][ T5865] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[   85.074791][ T5865] usb 2-1: MIDIStreaming interface descriptor not found
[   85.171450][   T29] audit: type=1400 audit(1738101530.133:205): avc:  denied  { mounton } for  pid=6137 comm="syz.2.64" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[   85.202743][ T6142] syz.2.64: attempt to access beyond end of device
[   85.202743][ T6142] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[   85.215813][ T6142] exFAT-fs (nbd2): unable to read boot sector
[   85.222213][ T6142] exFAT-fs (nbd2): failed to read boot sector
[   85.228407][ T6142] exFAT-fs (nbd2): failed to recognize exfat type
[   85.296241][ T5865] usb 2-1: USB disconnect, device number 2
[   85.418867][   T29] audit: type=1400 audit(1738101530.383:206): avc:  denied  { bind } for  pid=6139 comm="syz.0.65" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[   85.553465][ T6145] siw: device registration error -23
[   85.966995][ T6153] siw: device registration error -23
[   85.991186][ T5940] udevd[5940]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   86.132712][   T29] audit: type=1400 audit(1738101531.103:207): avc:  denied  { unmount } for  pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   86.241908][ T6160] Zero length message leads to an empty skb
[   86.289407][ T5831] Bluetooth: hci4: command 0x0419 tx timeout
[   86.525707][ T6166] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   88.037009][ T6184] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   89.693410][   T29] audit: type=1400 audit(1738101534.633:208): avc:  denied  { connect } for  pid=6193 comm="syz.4.77" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   89.774564][   T29] audit: type=1400 audit(1738101534.643:209): avc:  denied  { write } for  pid=6193 comm="syz.4.77" laddr=fe80::16 lport=58 faddr=fe80::38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   90.203892][ T6201] netlink: 56 bytes leftover after parsing attributes in process `syz.3.78'.
[   90.231295][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   90.330549][ T6201] netlink: 12 bytes leftover after parsing attributes in process `syz.3.78'.
[   90.494243][   T29] audit: type=1400 audit(1738101535.453:210): avc:  denied  { getopt } for  pid=6199 comm="syz.3.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   90.513371][ T6201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.78'.
[   90.556283][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.665924][    T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   90.681944][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.710150][ T6209] FAULT_INJECTION: forcing a failure.
[   90.710150][ T6209] name failslab, interval 1, probability 0, space 0, times 0
[   90.732128][ T6209] CPU: 0 UID: 0 PID: 6209 Comm: syz.2.80 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   90.732154][ T6209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   90.732164][ T6209] Call Trace:
[   90.732169][ T6209]  <TASK>
[   90.732175][ T6209]  dump_stack_lvl+0x16c/0x1f0
[   90.732209][ T6209]  should_fail_ex+0x50a/0x650
[   90.732234][ T6209]  ? fs_reclaim_acquire+0xae/0x150
[   90.732259][ T6209]  should_failslab+0xc2/0x120
[   90.732278][ T6209]  kmem_cache_alloc_noprof+0x6e/0x3d0
[   90.732296][ T6209]  ? getname_flags.part.0+0x4c/0x550
[   90.732317][ T6209]  ? vfs_write+0x306/0x1150
[   90.732344][ T6209]  getname_flags.part.0+0x4c/0x550
[   90.732368][ T6209]  getname+0x8d/0xe0
[   90.732392][ T6209]  do_sys_openat2+0x104/0x1e0
[   90.732412][ T6209]  ? __pfx_do_sys_openat2+0x10/0x10
[   90.732435][ T6209]  ? __fget_files+0x206/0x3a0
[   90.732455][ T6209]  __x64_sys_openat+0x175/0x210
[   90.732476][ T6209]  ? __pfx___x64_sys_openat+0x10/0x10
[   90.732495][ T6209]  ? ksys_write+0x1ba/0x250
[   90.732527][ T6209]  do_syscall_64+0xcd/0x250
[   90.732545][ T6209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.732568][ T6209] RIP: 0033:0x7fdf73d8cda9
[   90.732582][ T6209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   90.732597][ T6209] RSP: 002b:00007fdf74b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   90.732614][ T6209] RAX: ffffffffffffffda RBX: 00007fdf73fa6080 RCX: 00007fdf73d8cda9
[   90.732625][ T6209] RDX: 0000000000513802 RSI: 0000000020000280 RDI: ffffffffffffff9c
[   90.732635][ T6209] RBP: 00007fdf74b3e090 R08: 0000000000000000 R09: 0000000000000000
[   90.732645][ T6209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.732654][ T6209] R13: 0000000000000001 R14: 00007fdf73fa6080 R15: 00007fffd217c3f8
[   90.732675][ T6209]  </TASK>
[   91.027776][    T9] usb 5-1: config 0 descriptor??
[   91.034143][ T6211] FAULT_INJECTION: forcing a failure.
[   91.034143][ T6211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   91.050041][ T6211] CPU: 1 UID: 0 PID: 6211 Comm: syz.3.81 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   91.050065][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   91.050074][ T6211] Call Trace:
[   91.050078][ T6211]  <TASK>
[   91.050083][ T6211]  dump_stack_lvl+0x16c/0x1f0
[   91.050111][ T6211]  should_fail_ex+0x50a/0x650
[   91.050132][ T6211]  _copy_from_user+0x2e/0xd0
[   91.050153][ T6211]  __sys_bpf+0x21c/0x49c0
[   91.050170][ T6211]  ? __pfx_lock_release+0x10/0x10
[   91.050191][ T6211]  ? __pfx___sys_bpf+0x10/0x10
[   91.050203][ T6211]  ? vfs_write+0x306/0x1150
[   91.050227][ T6211]  ? __mutex_unlock_slowpath+0x164/0x6a0
[   91.050258][ T6211]  ? fput+0x67/0x440
[   91.050272][ T6211]  ? ksys_write+0x1ba/0x250
[   91.050291][ T6211]  ? __pfx_ksys_write+0x10/0x10
[   91.050316][ T6211]  __x64_sys_bpf+0x78/0xc0
[   91.050330][ T6211]  ? lockdep_hardirqs_on+0x7c/0x110
[   91.050349][ T6211]  do_syscall_64+0xcd/0x250
[   91.050363][ T6211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   91.050381][ T6211] RIP: 0033:0x7f7b7c78cda9
[   91.050393][ T6211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   91.050405][ T6211] RSP: 002b:00007f7b7d66e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   91.050418][ T6211] RAX: ffffffffffffffda RBX: 00007f7b7c9a5fa0 RCX: 00007f7b7c78cda9
[   91.050431][ T6211] RDX: 0000000000000048 RSI: 0000000020000500 RDI: 000000000000000a
[   91.050440][ T6211] RBP: 00007f7b7d66e090 R08: 0000000000000000 R09: 0000000000000000
[   91.050449][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   91.050457][ T6211] R13: 0000000000000000 R14: 00007f7b7c9a5fa0 R15: 00007ffd98b8d2e8
[   91.050473][ T6211]  </TASK>
[   91.233387][ T5831] Bluetooth: hci4: command 0x0419 tx timeout
[   91.243209][   T29] audit: type=1400 audit(1738101536.213:211): avc:  denied  { sqpoll } for  pid=6202 comm="syz.4.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   91.245929][    T9] usbhid 5-1:0.0: can't add hid device: -71
[   91.274150][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   91.299067][    T9] usb 5-1: USB disconnect, device number 2
[   92.318870][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   92.579464][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.613730][    T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[   92.626451][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.641460][    T9] usb 5-1: config 0 descriptor??
[   92.649511][   T29] audit: type=1400 audit(1738101537.613:212): avc:  denied  { create } for  pid=6217 comm="syz.3.84" name="#7" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   92.715294][   T29] audit: type=1400 audit(1738101537.663:213): avc:  denied  { link } for  pid=6217 comm="syz.3.84" name="#7" dev="tmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   92.947317][   T29] audit: type=1400 audit(1738101537.663:214): avc:  denied  { rename } for  pid=6217 comm="syz.3.84" name="#8" dev="tmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[   93.359494][ T5831] Bluetooth: hci4: command 0x0419 tx timeout
[   93.499443][    T9] usbhid 5-1:0.0: can't add hid device: -71
[   93.505734][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[   93.539576][    T9] usb 5-1: USB disconnect, device number 3
[   93.804137][ T6254] FAULT_INJECTION: forcing a failure.
[   93.804137][ T6254] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.817478][ T6254] CPU: 1 UID: 0 PID: 6254 Comm: syz.3.92 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[   93.817500][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   93.817510][ T6254] Call Trace:
[   93.817516][ T6254]  <TASK>
[   93.817522][ T6254]  dump_stack_lvl+0x16c/0x1f0
[   93.817554][ T6254]  should_fail_ex+0x50a/0x650
[   93.817580][ T6254]  _copy_from_user+0x2e/0xd0
[   93.817605][ T6254]  copy_msghdr_from_user+0x99/0x160
[   93.817623][ T6254]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   93.817651][ T6254]  ___sys_sendmsg+0xff/0x1e0
[   93.817669][ T6254]  ? __pfx____sys_sendmsg+0x10/0x10
[   93.817695][ T6254]  ? __pfx_lock_release+0x10/0x10
[   93.817717][ T6254]  ? trace_lock_acquire+0x14e/0x1f0
[   93.817743][ T6254]  ? __fget_files+0x206/0x3a0
[   93.817765][ T6254]  __sys_sendmsg+0x16e/0x220
[   93.817783][ T6254]  ? __pfx___sys_sendmsg+0x10/0x10
[   93.817814][ T6254]  do_syscall_64+0xcd/0x250
[   93.817832][ T6254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.817855][ T6254] RIP: 0033:0x7f7b7c78cda9
[   93.817869][ T6254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.817885][ T6254] RSP: 002b:00007f7b7d66e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   93.817901][ T6254] RAX: ffffffffffffffda RBX: 00007f7b7c9a5fa0 RCX: 00007f7b7c78cda9
[   93.817912][ T6254] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   93.817922][ T6254] RBP: 00007f7b7d66e090 R08: 0000000000000000 R09: 0000000000000000
[   93.817932][ T6254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   93.817941][ T6254] R13: 0000000000000000 R14: 00007f7b7c9a5fa0 R15: 00007ffd98b8d2e8
[   93.817963][ T6254]  </TASK>
[   94.062960][ T6255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   95.390990][ T5831] Bluetooth: hci4: command 0x0419 tx timeout
[   95.699466][  T973] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   95.733519][ T6270] overlayfs: missing 'lowerdir'
[   95.870128][  T973] usb 1-1: Using ep0 maxpacket: 8
[   95.887566][  T973] usb 1-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice= 1.ef
[   95.901749][  T973] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   95.912277][  T973] usb 1-1: SerialNumber: syz
[   95.923567][  T973] usb 1-1: config 0 descriptor??
[   96.195435][ T6278] mkiss: ax0: crc mode is auto.
[   96.715736][   T29] audit: type=1400 audit(1738101541.683:215): avc:  denied  { create } for  pid=6267 comm="syz.0.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   96.738785][   T29] audit: type=1400 audit(1738101541.693:216): avc:  denied  { create } for  pid=6267 comm="syz.0.97" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[   98.563335][   T29] audit: type=1400 audit(1738101543.533:217): avc:  denied  { getopt } for  pid=6292 comm="syz.4.103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   98.729376][ T5864] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[   98.952400][ T5864] usb 4-1: unable to get BOS descriptor or descriptor too short
[   98.961383][ T5864] usb 4-1: not running at top speed; connect to a high speed hub
[   98.970350][ T5864] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[   98.978998][ T5864] usb 4-1: config 129 has an invalid interface number: 5 but max is 0
[   98.987352][ T5864] usb 4-1: config 129 descriptor has 1 excess byte, ignoring
[   98.994959][ T5864] usb 4-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[   99.004286][ T5864] usb 4-1: config 129 has no interface number 0
[   99.025654][ T5864] usb 4-1: config 129 has no interface number 1
[   99.041809][ T5864] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[   99.103888][ T5864] usb 4-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[   99.116396][ T5864] usb 4-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[   99.131953][ T5864] usb 4-1: config 129 interface 135 has no altsetting 0
[   99.138998][ T5864] usb 4-1: config 129 interface 5 has no altsetting 0
[   99.148842][ T5864] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[   99.707757][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.759365][ T5867] usb 1-1: USB disconnect, device number 4
[   99.778652][ T5864] usb 4-1: Product: syz
[   99.796849][ T5864] usb 4-1: Manufacturer: syz
[   99.812840][   T29] audit: type=1400 audit(1738101544.743:218): avc:  denied  { rename } for  pid=5172 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   99.818903][ T6303] netlink: 'syz.1.105': attribute type 3 has an invalid length.
[   99.849386][ T5864] usb 4-1: SerialNumber: syz
[   99.899234][   T29] audit: type=1400 audit(1738101544.753:219): avc:  denied  { unlink } for  pid=5172 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   99.994884][   T29] audit: type=1400 audit(1738101544.753:220): avc:  denied  { create } for  pid=5172 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  100.059029][   T29] audit: type=1400 audit(1738101544.773:221): avc:  denied  { write } for  pid=6298 comm="syz.1.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  100.091385][   T29] audit: type=1400 audit(1738101544.773:222): avc:  denied  { nlmsg_write } for  pid=6298 comm="syz.1.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  100.159109][ T5864] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  100.177714][ T5864] usb 4-1: MIDIStreaming interface descriptor not found
[  100.228324][ T6306] netlink: 'syz.0.106': attribute type 3 has an invalid length.
[  100.297907][ T5864] usb 4-1: USB disconnect, device number 2
[  100.714738][ T5940] udevd[5940]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  100.913749][ T6320] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=215 sclass=netlink_route_socket pid=6320 comm=syz.2.110
[  102.038144][ T6317] netlink: 'syz.2.110': attribute type 3 has an invalid length.
[  102.140182][ T6328] FAULT_INJECTION: forcing a failure.
[  102.140182][ T6328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  102.171814][ T6328] CPU: 0 UID: 0 PID: 6328 Comm: syz.2.112 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  102.171832][ T6328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  102.171837][ T6328] Call Trace:
[  102.171841][ T6328]  <TASK>
[  102.171845][ T6328]  dump_stack_lvl+0x16c/0x1f0
[  102.171865][ T6328]  should_fail_ex+0x50a/0x650
[  102.171882][ T6328]  _copy_from_user+0x2e/0xd0
[  102.171897][ T6328]  copy_msghdr_from_user+0x99/0x160
[  102.171908][ T6328]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  102.171922][ T6328]  ___sys_sendmsg+0xff/0x1e0
[  102.171932][ T6328]  ? __pfx____sys_sendmsg+0x10/0x10
[  102.171946][ T6328]  ? __pfx_lock_release+0x10/0x10
[  102.171960][ T6328]  ? trace_lock_acquire+0x14e/0x1f0
[  102.171973][ T6328]  ? __fget_files+0x206/0x3a0
[  102.171985][ T6328]  __sys_sendmsg+0x16e/0x220
[  102.171995][ T6328]  ? __pfx___sys_sendmsg+0x10/0x10
[  102.172011][ T6328]  do_syscall_64+0xcd/0x250
[  102.172021][ T6328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.172034][ T6328] RIP: 0033:0x7fdf73d8cda9
[  102.172042][ T6328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.172050][ T6328] RSP: 002b:00007fdf74b5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  102.172060][ T6328] RAX: ffffffffffffffda RBX: 00007fdf73fa5fa0 RCX: 00007fdf73d8cda9
[  102.172066][ T6328] RDX: 0000000000000040 RSI: 0000000020000200 RDI: 0000000000000003
[  102.172071][ T6328] RBP: 00007fdf74b5f090 R08: 0000000000000000 R09: 0000000000000000
[  102.172076][ T6328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.172081][ T6328] R13: 0000000000000000 R14: 00007fdf73fa5fa0 R15: 00007fffd217c3f8
[  102.172091][ T6328]  </TASK>
[  102.731042][ T6334] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  103.492717][   T29] audit: type=1400 audit(1738101547.953:223): avc:  denied  { setopt } for  pid=6332 comm="syz.2.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  104.042792][ T5865] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  104.210074][ T5865] usb 3-1: Using ep0 maxpacket: 16
[  104.217842][ T5865] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.278898][ T5865] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.295724][ T5865] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  104.314142][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.333254][ T5865] usb 3-1: config 0 descriptor??
[  105.578785][ T5865] usbhid 3-1:0.0: can't add hid device: -71
[  105.803364][ T5865] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  105.822254][ T6363] syz.4.123 uses obsolete (PF_INET,SOCK_PACKET)
[  106.001242][ T5865] usb 3-1: USB disconnect, device number 4
[  106.621589][ T6365] overlayfs: missing 'lowerdir'
[  106.790902][ T5865] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  106.954746][ T5865] usb 5-1: Using ep0 maxpacket: 32
[  107.084224][ T6379] process 'syz.0.128' launched '/dev/fd/3' with NULL argv: empty string added
[  107.129440][   T29] audit: type=1400 audit(1738101552.073:224): avc:  denied  { execute_no_trans } for  pid=6377 comm="syz.0.128" path=2F6D656D66643A5B0BDB58AE641AA9FDFAADD15564C8854858A9250C1A4FE008202864656C6574656429 dev="tmpfs" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  107.131313][ T5865] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  107.222492][ T5865] usb 5-1: config 0 has no interface number 0
[  107.230813][ T5865] usb 5-1: config 0 interface 184 has no altsetting 0
[  107.247659][ T5815] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  107.328033][ T5865] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  107.343434][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.351837][ T5865] usb 5-1: Product: syz
[  107.361951][ T5865] usb 5-1: Manufacturer: syz
[  107.372034][ T5865] usb 5-1: SerialNumber: syz
[  107.384248][ T5865] usb 5-1: config 0 descriptor??
[  107.394438][ T5865] smsc75xx v1.0.0
[  107.441810][   T29] audit: type=1400 audit(1738101552.403:225): avc:  denied  { setopt } for  pid=6377 comm="syz.0.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  107.474332][   T29] audit: type=1400 audit(1738101552.413:226): avc:  denied  { read } for  pid=6377 comm="syz.0.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  107.512331][ T5815] usb 3-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  107.522009][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.530353][ T5815] usb 3-1: Product: syz
[  107.534638][ T5815] usb 3-1: Manufacturer: syz
[  107.539634][ T5815] usb 3-1: SerialNumber: syz
[  107.548197][ T5815] usb 3-1: config 0 descriptor??
[  107.564159][ T5815] hub 3-1:0.0: bad descriptor, ignoring hub
[  107.570816][ T5815] hub 3-1:0.0: probe with driver hub failed with error -5
[  107.583507][ T5815] f81232 3-1:0.0: f81534a converter detected
[  107.769647][ T6374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  107.779528][ T6374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  107.794004][ T5815] f81534a ttyUSB0: f81232_set_register failed status: -71
[  107.806054][ T5815] f81534a ttyUSB0: probe with driver f81534a failed with error -5
[  107.848304][ T5815] usb 3-1: USB disconnect, device number 5
[  107.866215][ T5815] f81232 3-1:0.0: device disconnected
[  107.919362][   T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  108.139538][ T6369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=6369 comm=syz.4.125
[  108.152171][ T6369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=6369 comm=syz.4.125
[  108.164954][   T25] usb 1-1: Using ep0 maxpacket: 16
[  108.172471][   T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.182766][   T25] usb 1-1: config 0 has no interfaces?
[  108.190583][   T25] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  108.199985][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.208289][   T25] usb 1-1: Product: syz
[  108.212956][   T25] usb 1-1: Manufacturer: syz
[  108.217990][   T25] usb 1-1: SerialNumber: syz
[  108.224917][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  108.238187][ T6369] netlink: 6193 bytes leftover after parsing attributes in process `syz.4.125'.
[  108.240429][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  108.272185][ T6385] FAULT_INJECTION: forcing a failure.
[  108.272185][ T6385] name failslab, interval 1, probability 0, space 0, times 0
[  108.274726][   T25] usb 1-1: config 0 descriptor??
[  108.291007][ T6385] CPU: 0 UID: 0 PID: 6385 Comm: syz.3.129 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  108.291033][ T6385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  108.291043][ T6385] Call Trace:
[  108.291048][ T6385]  <TASK>
[  108.291055][ T6385]  dump_stack_lvl+0x16c/0x1f0
[  108.291085][ T6385]  should_fail_ex+0x50a/0x650
[  108.291107][ T6385]  ? fs_reclaim_acquire+0xae/0x150
[  108.291129][ T6385]  should_failslab+0xc2/0x120
[  108.291146][ T6385]  __kmalloc_node_noprof+0xd1/0x510
[  108.291162][ T6385]  ? load_msg+0x43/0x470
[  108.291183][ T6385]  load_msg+0x43/0x470
[  108.291205][ T6385]  do_msgsnd+0x1a8/0x1750
[  108.291228][ T6385]  ? find_held_lock+0x2d/0x110
[  108.291247][ T6385]  ? __pfx_do_msgsnd+0x10/0x10
[  108.291267][ T6385]  ? trace_lock_acquire+0x14e/0x1f0
[  108.291278][ T6385]  ? lock_acquire+0x2f/0xb0
[  108.291290][ T6385]  ? __might_fault+0xe3/0x190
[  108.291308][ T6385]  ? __x64_sys_msgsnd+0xe5/0x130
[  108.291321][ T6385]  __x64_sys_msgsnd+0xe5/0x130
[  108.291341][ T6385]  do_syscall_64+0xcd/0x250
[  108.291358][ T6385]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.291377][ T6385] RIP: 0033:0x7f7b7c78cda9
[  108.291391][ T6385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.291405][ T6385] RSP: 002b:00007f7b7d64d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000045
[  108.291421][ T6385] RAX: ffffffffffffffda RBX: 00007f7b7c9a6080 RCX: 00007f7b7c78cda9
[  108.291430][ T6385] RDX: 0000000000000401 RSI: 0000000020000980 RDI: 0000000000000000
[  108.291438][ T6385] RBP: 00007f7b7d64d090 R08: 0000000000000000 R09: 0000000000000000
[  108.291446][ T6385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.291453][ T6385] R13: 0000000000000000 R14: 00007f7b7c9a6080 R15: 00007ffd98b8d2e8
[  108.291472][ T6385]  </TASK>
[  108.293087][   T29] audit: type=1400 audit(1738101553.243:227): avc:  denied  { create } for  pid=6382 comm="syz.3.129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  108.557604][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  108.623764][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  108.644197][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  108.654631][ T5865] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  108.664864][ T5865] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  108.682517][ T5865] usb 5-1: USB disconnect, device number 4
[  108.713598][   T29] audit: type=1400 audit(1738101553.673:228): avc:  denied  { map } for  pid=6386 comm="syz.2.130" path="socket:[9455]" dev="sockfs" ino=9455 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  108.740142][   T29] audit: type=1400 audit(1738101553.673:229): avc:  denied  { accept } for  pid=6386 comm="syz.2.130" path="socket:[9455]" dev="sockfs" ino=9455 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  109.006033][   T29] audit: type=1400 audit(1738101553.973:230): avc:  denied  { name_bind } for  pid=6389 comm="syz.4.131" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  109.341982][ T6394] FAULT_INJECTION: forcing a failure.
[  109.341982][ T6394] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.355274][ T6394] CPU: 1 UID: 0 PID: 6394 Comm: syz.3.133 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  109.355288][ T6394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  109.355301][ T6394] Call Trace:
[  109.355305][ T6394]  <TASK>
[  109.355309][ T6394]  dump_stack_lvl+0x16c/0x1f0
[  109.355330][ T6394]  should_fail_ex+0x50a/0x650
[  109.355346][ T6394]  _copy_from_user+0x2e/0xd0
[  109.355360][ T6394]  do_tcp_setsockopt+0x5f9/0x24a0
[  109.355375][ T6394]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  109.355387][ T6394]  ? sock_has_perm+0x25a/0x2f0
[  109.355398][ T6394]  ? selinux_netlbl_socket_setsockopt+0x184/0x470
[  109.355410][ T6394]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  109.355427][ T6394]  tcp_setsockopt+0xe2/0x100
[  109.355441][ T6394]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  109.355464][ T6394]  do_sock_setsockopt+0x222/0x480
[  109.355485][ T6394]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  109.355506][ T6394]  ? lock_acquire+0x2f/0xb0
[  109.355525][ T6394]  __sys_setsockopt+0x1a0/0x230
[  109.355536][ T6394]  __x64_sys_setsockopt+0xbd/0x160
[  109.355545][ T6394]  ? do_syscall_64+0x91/0x250
[  109.355553][ T6394]  ? lockdep_hardirqs_on+0x7c/0x110
[  109.355566][ T6394]  do_syscall_64+0xcd/0x250
[  109.355575][ T6394]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.355589][ T6394] RIP: 0033:0x7f7b7c78cda9
[  109.355598][ T6394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  109.355607][ T6394] RSP: 002b:00007f7b7d66e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  109.355616][ T6394] RAX: ffffffffffffffda RBX: 00007f7b7c9a5fa0 RCX: 00007f7b7c78cda9
[  109.355621][ T6394] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000003
[  109.355627][ T6394] RBP: 00007f7b7d66e090 R08: 00000000000000c7 R09: 0000000000000000
[  109.355631][ T6394] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001
[  109.355636][ T6394] R13: 0000000000000000 R14: 00007f7b7c9a5fa0 R15: 00007ffd98b8d2e8
[  109.355647][ T6394]  </TASK>
[  109.613911][   T29] audit: type=1400 audit(1738101554.583:231): avc:  denied  { setattr } for  pid=6395 comm="syz.2.134" name="vcsa" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  110.404556][   T29] audit: type=1400 audit(1738101555.013:232): avc:  denied  { write } for  pid=6395 comm="syz.2.134" laddr=172.20.20.10 lport=255 faddr=172.20.20.26 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  110.581706][ T5864] usb 1-1: USB disconnect, device number 5
[  110.870632][   T29] audit: type=1400 audit(1738101555.833:233): avc:  denied  { setopt } for  pid=6419 comm="syz.3.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  110.981103][ T5867] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  111.160285][   T29] audit: type=1400 audit(1738101555.973:234): avc:  denied  { read } for  pid=6419 comm="syz.3.140" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  111.208321][ T5867] usb 3-1: unable to get BOS descriptor or descriptor too short
[  111.252922][  T973] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  111.272941][ T6421] mmap: syz.4.139 (6421) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  111.289409][   T29] audit: type=1400 audit(1738101556.243:235): avc:  denied  { watch watch_reads } for  pid=6413 comm="syz.4.139" path="/30" dev="tmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  111.345998][ T5867] usb 3-1: not running at top speed; connect to a high speed hub
[  111.353919][   T29] audit: type=1400 audit(1738101556.243:236): avc:  denied  { read } for  pid=6413 comm="syz.4.139" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  111.377342][   T29] audit: type=1400 audit(1738101556.243:237): avc:  denied  { open } for  pid=6413 comm="syz.4.139" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  111.419435][  T973] usb 1-1: Using ep0 maxpacket: 32
[  111.438346][  T973] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  111.448488][  T973] usb 1-1: config 0 has no interface number 0
[  111.465607][  T973] usb 1-1: config 0 interface 184 has no altsetting 0
[  111.568079][ T5867] usb 3-1: config 129 has an invalid interface number: 135 but max is 0
[  111.579528][ T5867] usb 3-1: config 129 has an invalid interface number: 5 but max is 0
[  111.587760][ T5867] usb 3-1: config 129 descriptor has 1 excess byte, ignoring
[  111.595244][ T5867] usb 3-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  111.604886][ T5867] usb 3-1: config 129 has no interface number 0
[  111.611274][ T5867] usb 3-1: config 129 has no interface number 1
[  111.617848][ T5867] usb 3-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  111.628321][  T973] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  112.232596][  T973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.247047][  T973] usb 1-1: Product: syz
[  112.252782][  T973] usb 1-1: Manufacturer: syz
[  112.257404][  T973] usb 1-1: SerialNumber: syz
[  112.266838][  T973] usb 1-1: config 0 descriptor??
[  112.273636][  T973] smsc75xx v1.0.0
[  112.284445][ T5867] usb 3-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  112.305792][ T5867] usb 3-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  112.329581][ T5867] usb 3-1: config 129 interface 135 has no altsetting 0
[  112.336647][ T5867] usb 3-1: config 129 interface 5 has no altsetting 0
[  112.346323][ T5867] usb 3-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  112.358690][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.449609][ T5867] usb 3-1: Product: syz
[  112.523125][ T5867] usb 3-1: Manufacturer: syz
[  112.531544][ T6433] overlayfs: missing 'lowerdir'
[  112.569522][ T5867] usb 3-1: SerialNumber: syz
[  112.823936][ T5867] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  112.832710][ T5867] usb 3-1: MIDIStreaming interface descriptor not found
[  113.169600][ T6418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=6418 comm=syz.0.141
[  113.182453][ T6418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=6418 comm=syz.0.141
[  113.204308][ T6447] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  113.261568][  T973] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  113.274885][ T6418] netlink: 6193 bytes leftover after parsing attributes in process `syz.0.141'.
[  113.291762][  T973] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  113.304638][  T973] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  113.328311][  T973] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  113.348359][  T973] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  113.371237][  T973] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  113.401522][  T973] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  113.470926][  T973] usb 1-1: USB disconnect, device number 6
[  113.669899][ T5867] usb 3-1: USB disconnect, device number 6
[  114.169180][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  114.340735][   T29] audit: type=1400 audit(1738101558.933:248): avc:  denied  { write } for  pid=6455 comm="syz.2.150" path="socket:[9563]" dev="sockfs" ino=9563 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  114.414686][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  116.788935][   T29] audit: type=1400 audit(1738101561.743:249): avc:  denied  { read } for  pid=6492 comm="syz.4.160" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  116.837702][   T29] audit: type=1400 audit(1738101561.753:250): avc:  denied  { open } for  pid=6492 comm="syz.4.160" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  116.862746][   T29] audit: type=1400 audit(1738101561.803:251): avc:  denied  { read } for  pid=6491 comm="syz.1.159" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  116.945821][   T29] audit: type=1400 audit(1738101561.803:252): avc:  denied  { open } for  pid=6491 comm="syz.1.159" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  117.075793][   T29] audit: type=1400 audit(1738101561.863:253): avc:  denied  { read } for  pid=6499 comm="syz.0.161" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  117.102306][   T29] audit: type=1400 audit(1738101561.863:254): avc:  denied  { open } for  pid=6499 comm="syz.0.161" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  117.149067][   T29] audit: type=1326 audit(1738101562.113:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b7c78cda9 code=0x7ffc0000
[  117.224385][   T29] audit: type=1326 audit(1738101562.113:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b7c78cda9 code=0x7ffc0000
[  117.251992][   T29] audit: type=1326 audit(1738101562.143:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6507 comm="syz.3.163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f7b7c78cda9 code=0x7ffc0000
[  117.469576][ T5831] Bluetooth: hci4: command 0x0419 tx timeout
[  119.467860][ T6537] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  119.560471][ T5817] Bluetooth: hci4: command 0x0419 tx timeout
[  122.086017][ T6550] overlayfs: missing 'lowerdir'
[  122.232184][ T6557] netlink: 28 bytes leftover after parsing attributes in process `syz.3.174'.
[  122.241260][ T6557] netlink: 28 bytes leftover after parsing attributes in process `syz.3.174'.
[  122.689580][  T973] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  122.849414][  T973] usb 5-1: Using ep0 maxpacket: 32
[  122.863698][ T6567] batadv_slave_1: entered promiscuous mode
[  122.863740][  T973] usb 5-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  122.883831][  T973] usb 5-1: config 1 interface 0 has no altsetting 0
[  122.893808][  T973] usb 5-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[  122.929626][ T6566] batadv_slave_1: left promiscuous mode
[  123.042702][  T973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.111401][  T973] usb 5-1: Product: syz
[  123.261422][  T973] usb 5-1: Manufacturer: syz
[  123.271521][  T973] usb 5-1: SerialNumber: syz
[  123.491465][ T6561] netlink: 8 bytes leftover after parsing attributes in process `syz.4.176'.
[  124.033611][  T973] usbhid 5-1:1.0: can't add hid device: -71
[  124.049143][  T973] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  124.080417][  T973] usb 5-1: USB disconnect, device number 5
[  124.309447][   T29] kauditd_printk_skb: 5 callbacks suppressed
[  124.309488][   T29] audit: type=1400 audit(1738101569.133:263): avc:  denied  { create } for  pid=6575 comm="syz.0.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  124.783359][ T6583] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  126.840903][ T5867] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  126.860494][ T6612] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  127.020322][ T5894] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  127.095090][ T5867] usb 4-1: unable to get BOS descriptor or descriptor too short
[  127.138293][ T5867] usb 4-1: not running at top speed; connect to a high speed hub
[  127.180726][ T5867] usb 4-1: config 129 has an invalid interface number: 135 but max is 0
[  127.223837][ T5867] usb 4-1: config 129 has an invalid interface number: 5 but max is 0
[  127.235832][ T5867] usb 4-1: config 129 descriptor has 1 excess byte, ignoring
[  127.245683][ T5867] usb 4-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  127.266219][ T5894] usb 1-1: unable to get BOS descriptor or descriptor too short
[  127.308448][ T5867] usb 4-1: config 129 has no interface number 0
[  127.330613][ T5894] usb 1-1: not running at top speed; connect to a high speed hub
[  127.359832][ T5867] usb 4-1: config 129 has no interface number 1
[  127.366343][ T5867] usb 4-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  127.381724][ T5894] usb 1-1: config 129 has an invalid interface number: 135 but max is 0
[  127.390603][ T5867] usb 4-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  127.401726][ T5894] usb 1-1: config 129 has an invalid interface number: 5 but max is 0
[  127.410245][ T5867] usb 4-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  127.437748][ T5894] usb 1-1: config 129 descriptor has 1 excess byte, ignoring
[  127.458016][ T5894] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  127.467355][ T5867] usb 4-1: config 129 interface 135 has no altsetting 0
[  127.483002][ T5894] usb 1-1: config 129 has no interface number 0
[  127.493649][ T5867] usb 4-1: config 129 interface 5 has no altsetting 0
[  127.507988][ T5894] usb 1-1: config 129 has no interface number 1
[  127.534006][ T5867] usb 4-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  127.559210][ T5894] usb 1-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  127.576672][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.585136][ T5867] usb 4-1: Product: syz
[  127.605876][ T5894] usb 1-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  127.714290][ T5867] usb 4-1: Manufacturer: syz
[  127.719179][ T5867] usb 4-1: SerialNumber: syz
[  127.726266][ T5894] usb 1-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  127.756451][ T5894] usb 1-1: config 129 interface 135 has no altsetting 0
[  129.039959][ T5894] usb 1-1: config 129 interface 5 has no altsetting 0
[  129.072354][ T5894] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  129.114051][ T5867] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  129.126328][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.138472][ T5867] usb 4-1: MIDIStreaming interface descriptor not found
[  129.145581][ T5894] usb 1-1: Product: syz
[  129.149832][ T5894] usb 1-1: Manufacturer: syz
[  129.154433][ T5894] usb 1-1: SerialNumber: syz
[  129.198986][ T5867] usb 4-1: USB disconnect, device number 3
[  129.389932][ T6630] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  130.184116][ T5894] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  130.193374][ T5894] usb 1-1: MIDIStreaming interface descriptor not found
[  130.432686][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  130.680332][ T5894] usb 1-1: USB disconnect, device number 7
[  130.875112][ T5940] udevd[5940]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  130.935191][    T9] usb 2-1: Using ep0 maxpacket: 32
[  130.974025][    T9] usb 2-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  131.006906][    T9] usb 2-1: config 1 interface 0 has no altsetting 0
[  131.071239][    T9] usb 2-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[  131.100324][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.108505][    T9] usb 2-1: Product: syz
[  131.116844][    T9] usb 2-1: Manufacturer: syz
[  131.122516][ T6035] udevd[6035]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  131.146985][    T9] usb 2-1: SerialNumber: syz
[  131.364639][ T6624] netlink: 8 bytes leftover after parsing attributes in process `syz.1.193'.
[  131.379393][ T5867] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  131.519506][   T51] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  131.579764][ T5867] usb 5-1: device descriptor read/64, error -71
[  131.898509][    T9] usbhid 2-1:1.0: can't add hid device: -71
[  131.904558][   T51] usb 4-1: config 0 has an invalid interface number: 176 but max is 2
[  131.919430][    T9] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  131.924666][   T51] usb 4-1: config 0 has an invalid interface number: 255 but max is 2
[  131.929425][    T9] usb 2-1: USB disconnect, device number 3
[  131.950265][   T51] usb 4-1: config 0 has no interface number 0
[  131.957028][   T51] usb 4-1: config 0 has no interface number 1
[  131.965808][   T51] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  131.978847][   T51] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  131.995920][   T51] usb 4-1: config 0 interface 255 has no altsetting 0
[  132.068690][ T5867] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  132.081507][   T51] usb 4-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  132.091892][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.114165][   T51] usb 4-1: config 0 descriptor??
[  132.175539][   T29] audit: type=1400 audit(1738101577.133:264): avc:  denied  { write } for  pid=6647 comm="syz.0.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  132.247775][ T5867] usb 5-1: device descriptor read/64, error -71
[  132.370780][ T5867] usb usb5-port1: attempt power cycle
[  132.564714][   T51] qcserial 4-1:0.2: Qualcomm USB modem converter detected
[  132.577109][   T51] usb 4-1: selecting invalid altsetting 0
[  132.584761][   T51] usb 4-1: Could not set interface, error -22
[  132.653907][   T29] audit: type=1400 audit(1738101577.603:265): avc:  denied  { write } for  pid=6654 comm="syz.1.201" path="socket:[9779]" dev="sockfs" ino=9779 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  132.695646][   T29] audit: type=1400 audit(1738101577.623:266): avc:  denied  { nlmsg_read } for  pid=6654 comm="syz.1.201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  132.877718][ T5867] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  132.885924][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  132.908197][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  132.941828][ T5867] usb 5-1: device descriptor read/8, error -71
[  133.680341][ T6639] netlink: 6193 bytes leftover after parsing attributes in process `syz.3.196'.
[  133.697775][   T51] usb 4-1: USB disconnect, device number 4
[  133.705195][   T51] qcserial 4-1:0.2: device disconnected
[  133.752946][ T5867] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  133.800781][ T5867] usb 5-1: device descriptor read/8, error -71
[  133.933822][ T5867] usb usb5-port1: unable to enumerate USB device
[  134.900576][ T6681] mkiss: ax0: crc mode is auto.
[  134.971875][ T5815] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  134.992981][ T6684] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  135.105518][  T970] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  135.249344][ T5815] usb 3-1: Using ep0 maxpacket: 32
[  135.329019][  T970] usb 2-1: unable to get BOS descriptor or descriptor too short
[  135.363509][  T970] usb 2-1: not running at top speed; connect to a high speed hub
[  135.426424][  T970] usb 2-1: config 129 has an invalid interface number: 135 but max is 0
[  135.460861][  T970] usb 2-1: config 129 has an invalid interface number: 5 but max is 0
[  135.480244][ T5815] usb 3-1: config 0 interface 0 has no altsetting 0
[  135.487125][ T5815] usb 3-1: New USB device found, idVendor=1e71, idProduct=2011, bcdDevice= 0.00
[  135.503756][ T5815] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.518979][  T970] usb 2-1: config 129 descriptor has 1 excess byte, ignoring
[  135.603073][  T970] usb 2-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  135.610031][ T5815] usb 3-1: config 0 descriptor??
[  135.625352][  T970] usb 2-1: config 129 has no interface number 0
[  135.633269][  T970] usb 2-1: config 129 has no interface number 1
[  135.639774][  T970] usb 2-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  135.654730][  T970] usb 2-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  135.667345][  T970] usb 2-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  135.687190][  T970] usb 2-1: config 129 interface 135 has no altsetting 0
[  135.767348][  T970] usb 2-1: config 129 interface 5 has no altsetting 0
[  135.791768][  T970] usb 2-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  135.812605][  T970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.843892][  T970] usb 2-1: Product: syz
[  135.857544][  T970] usb 2-1: Manufacturer: syz
[  135.899034][  T970] usb 2-1: SerialNumber: syz
[  136.204147][    T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  136.318429][ T6676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.443564][ T6676] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  136.466511][ T5815] usbhid 3-1:0.0: can't add hid device: -71
[  136.482833][ T5815] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  136.484616][  T970] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  136.498753][  T970] usb 2-1: MIDIStreaming interface descriptor not found
[  136.504161][ T5815] usb 3-1: USB disconnect, device number 7
[  136.512049][    T8] usb 1-1: Using ep0 maxpacket: 32
[  136.532930][    T8] usb 1-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  136.548536][  T970] usb 2-1: USB disconnect, device number 4
[  136.577538][    T8] usb 1-1: config 1 interface 0 has no altsetting 0
[  136.652450][    T8] usb 1-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[  136.683216][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.691980][    T8] usb 1-1: Product: syz
[  136.696276][    T8] usb 1-1: Manufacturer: syz
[  136.701243][    T8] usb 1-1: SerialNumber: syz
[  136.810144][ T6322] udevd[6322]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  136.910911][ T6689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.212'.
[  136.933778][ T5817] Bluetooth: hci4: unexpected event for opcode 0x204e
[  136.954733][    T8] usbhid 1-1:1.0: can't add hid device: -71
[  136.964231][    T8] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  136.976592][    T8] usb 1-1: USB disconnect, device number 8
[  138.402373][ T6713] FAULT_INJECTION: forcing a failure.
[  138.402373][ T6713] name failslab, interval 1, probability 0, space 0, times 0
[  138.415498][ T6713] CPU: 0 UID: 0 PID: 6713 Comm: syz.3.219 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  138.415520][ T6713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  138.415529][ T6713] Call Trace:
[  138.415535][ T6713]  <TASK>
[  138.415541][ T6713]  dump_stack_lvl+0x16c/0x1f0
[  138.415575][ T6713]  should_fail_ex+0x50a/0x650
[  138.415597][ T6713]  ? fs_reclaim_acquire+0xae/0x150
[  138.415623][ T6713]  should_failslab+0xc2/0x120
[  138.415642][ T6713]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  138.415659][ T6713]  ? __pfx_tcp_current_mss+0x10/0x10
[  138.415681][ T6713]  ? __alloc_skb+0x2b1/0x380
[  138.415703][ T6713]  __alloc_skb+0x2b1/0x380
[  138.415721][ T6713]  ? __pfx___alloc_skb+0x10/0x10
[  138.415741][ T6713]  ? hlock_class+0x4e/0x130
[  138.415762][ T6713]  tcp_stream_alloc_skb+0x34/0x570
[  138.415783][ T6713]  tcp_sendmsg_locked+0xf13/0x37c0
[  138.415797][ T6713]  ? __pfx___lock_acquire+0x10/0x10
[  138.415812][ T6713]  ? __pfx_avc_has_perm+0x10/0x10
[  138.415833][ T6713]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  138.415845][ T6713]  ? tcp_sendmsg+0x20/0x50
[  138.415855][ T6713]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  138.415864][ T6713]  ? mark_held_locks+0x9f/0xe0
[  138.415876][ T6713]  ? __local_bh_enable_ip+0xa4/0x120
[  138.415893][ T6713]  tcp_sendmsg+0x2e/0x50
[  138.415902][ T6713]  ? __pfx_tcp_sendmsg+0x10/0x10
[  138.415913][ T6713]  inet_sendmsg+0xb9/0x140
[  138.415924][ T6713]  __sys_sendto+0x42a/0x4f0
[  138.415933][ T6713]  ? __pfx___sys_sendto+0x10/0x10
[  138.415952][ T6713]  ? ksys_write+0x1ba/0x250
[  138.415965][ T6713]  ? __pfx_ksys_write+0x10/0x10
[  138.415980][ T6713]  __x64_sys_sendto+0xe0/0x1c0
[  138.415988][ T6713]  ? do_syscall_64+0x91/0x250
[  138.415997][ T6713]  ? lockdep_hardirqs_on+0x7c/0x110
[  138.416011][ T6713]  do_syscall_64+0xcd/0x250
[  138.416019][ T6713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.416033][ T6713] RIP: 0033:0x7f7b7c78cda9
[  138.416042][ T6713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.416051][ T6713] RSP: 002b:00007f7b7d66e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  138.416067][ T6713] RAX: ffffffffffffffda RBX: 00007f7b7c9a5fa0 RCX: 00007f7b7c78cda9
[  138.416073][ T6713] RDX: ffffffffffffff94 RSI: 0000000020000000 RDI: 0000000000000003
[  138.416078][ T6713] RBP: 00007f7b7d66e090 R08: 0000000000000000 R09: 0000000000000000
[  138.416084][ T6713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.416089][ T6713] R13: 0000000000000000 R14: 00007f7b7c9a5fa0 R15: 00007ffd98b8d2e8
[  138.416100][ T6713]  </TASK>
[  138.887119][  T970] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  139.459361][    T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  139.565358][   T29] audit: type=1400 audit(1738101584.533:267): avc:  denied  { mount } for  pid=6729 comm="syz.3.223" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  139.589475][    T8] usb 3-1: device descriptor read/64, error -71
[  139.600834][  T970] usb 5-1: Using ep0 maxpacket: 32
[  139.617443][  T970] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  139.643252][   T29] audit: type=1400 audit(1738101584.583:268): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  139.663309][  T970] usb 5-1: config 0 has no interface number 0
[  139.670101][  T970] usb 5-1: config 0 interface 184 has no altsetting 0
[  139.687820][  T970] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  139.697207][  T970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.705385][  T970] usb 5-1: Product: syz
[  139.709790][  T970] usb 5-1: Manufacturer: syz
[  139.715778][  T970] usb 5-1: SerialNumber: syz
[  139.747914][  T970] usb 5-1: config 0 descriptor??
[  139.839998][  T970] smsc75xx v1.0.0
[  139.900625][    T8] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  140.696923][   T29] audit: type=1400 audit(1738101584.913:269): avc:  denied  { name_connect } for  pid=6731 comm="syz.0.224" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  140.722122][   T29] audit: type=1400 audit(1738101584.973:270): avc:  denied  { listen } for  pid=6731 comm="syz.0.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  140.744772][   T29] audit: type=1400 audit(1738101584.973:271): avc:  denied  { accept } for  pid=6731 comm="syz.0.224" lport=50517 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  140.859621][    T8] usb 3-1: device descriptor read/64, error -71
[  140.969646][    T8] usb usb3-port1: attempt power cycle
[  141.128279][ T5815] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  141.238128][ T6747] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=6747 comm=syz.4.221
[  141.251345][ T6747] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2563 sclass=netlink_route_socket pid=6747 comm=syz.4.221
[  141.323835][ T6747] netlink: 6193 bytes leftover after parsing attributes in process `syz.4.221'.
[  141.334574][  T970] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  141.458401][ T6745] overlayfs: missing 'lowerdir'
[  141.484103][  T970] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  141.506269][  T970] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  141.519577][    T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  141.541339][ T5815] usb 1-1: Using ep0 maxpacket: 32
[  141.542610][  T970] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  141.550312][ T5815] usb 1-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  141.581505][ T6751] syzkaller0: entered allmulticast mode
[  141.587879][ T5815] usb 1-1: config 1 interface 0 has no altsetting 0
[  141.596629][  T970] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  141.600740][ T5815] usb 1-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[  141.612850][  T970] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  141.625870][ T5815] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.637768][ T5815] usb 1-1: Product: syz
[  141.640765][  T970] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -71
[  141.642127][ T5815] usb 1-1: Manufacturer: syz
[  141.659054][ T5815] usb 1-1: SerialNumber: syz
[  141.667344][  T970] usb 5-1: USB disconnect, device number 10
[  141.749453][    T8] usb 3-1: device not accepting address 10, error -71
[  141.891730][ T6742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.226'.
[  141.916251][ T5817] Bluetooth: hci4: unexpected event for opcode 0x204e
[  141.936532][ T5815] usbhid 1-1:1.0: can't add hid device: -71
[  141.946161][ T5815] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  141.966456][ T5815] usb 1-1: USB disconnect, device number 9
[  142.094964][ T6757] mkiss: ax0: crc mode is auto.
[  142.125366][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  142.303786][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  142.389066][    T8] usb 3-1: New USB device found, idVendor=0582, idProduct=d728, bcdDevice=a0.a7
[  142.439476][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.483155][    T8] usb 3-1: config 0 descriptor??
[  142.882927][ T6750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  142.907820][ T6750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  142.973509][ T6750] syzkaller0 (unregistering): left allmulticast mode
[  142.994937][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  143.139780][  T970] usb 3-1: USB disconnect, device number 11
[  143.634521][ T6785] overlayfs: missing 'lowerdir'
[  143.668326][   T29] audit: type=1400 audit(1738101588.633:272): avc:  denied  { ioctl } for  pid=6784 comm="syz.3.237" path="socket:[10062]" dev="sockfs" ino=10062 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  143.725819][ T6785] kvm: MONITOR instruction emulated as NOP!
[  143.858052][ T6785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.237'.
[  143.920478][ T6785] bond_slave_0: entered promiscuous mode
[  143.926540][ T6785] bond_slave_1: entered promiscuous mode
[  143.973968][ T6785] macvtap1: entered promiscuous mode
[  144.015529][ T6785] bond0: entered promiscuous mode
[  144.039694][ T6785] macvtap1: entered allmulticast mode
[  144.049951][ T6785] bond0: entered allmulticast mode
[  144.590767][ T6785] bond_slave_0: entered allmulticast mode
[  144.597552][   T29] audit: type=1400 audit(1738101589.023:273): avc:  denied  { set_context_mgr } for  pid=6793 comm="syz.4.239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  144.654731][ T6785] bond_slave_1: entered allmulticast mode
[  144.719354][ T6785] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  144.955866][ T6802] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  146.333254][ T6811] netlink: 'syz.0.242': attribute type 3 has an invalid length.
[  146.910659][ T5867] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  147.039475][   T29] audit: type=1400 audit(1738101591.933:274): avc:  denied  { write } for  pid=6793 comm="syz.4.239" path="socket:[10145]" dev="sockfs" ino=10145 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  147.109583][ T5867] usb 4-1: Using ep0 maxpacket: 32
[  147.186620][ T5867] usb 4-1: config 1 interface 0 altsetting 15 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  147.321812][ T5867] usb 4-1: config 1 interface 0 has no altsetting 0
[  147.368873][ T5867] usb 4-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.40
[  147.416091][   T29] audit: type=1400 audit(1738101591.963:275): avc:  denied  { bind } for  pid=6823 comm="syz.1.247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  147.421634][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.465296][ T6829] IPVS: set_ctl: invalid protocol: 47 172.20.20.170:20004
[  147.519384][ T5867] usb 4-1: Product: syz
[  147.523792][ T5867] usb 4-1: Manufacturer: syz
[  147.541433][ T5867] usb 4-1: SerialNumber: syz
[  147.552492][   T29] audit: type=1400 audit(1738101591.963:276): avc:  denied  { write } for  pid=6823 comm="syz.1.247" path="socket:[10191]" dev="sockfs" ino=10191 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  147.792031][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz.3.244'.
[  147.996788][ T6847] mkiss: ax0: crc mode is auto.
[  148.618530][ T5867] usbhid 4-1:1.0: can't add hid device: -71
[  148.632266][ T5867] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  148.655625][ T5867] usb 4-1: USB disconnect, device number 5
[  149.776253][   T29] audit: type=1400 audit(1738101594.743:277): avc:  denied  { bind } for  pid=6853 comm="syz.2.255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  149.875853][ T6858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.255'.
[  149.887065][   T29] audit: type=1400 audit(1738101594.843:278): avc:  denied  { ioctl } for  pid=6853 comm="syz.2.255" path="socket:[11106]" dev="sockfs" ino=11106 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  149.944374][ T6860] netlink: 'syz.4.256': attribute type 3 has an invalid length.
[  150.397597][ T6873] siw: device registration error -23
[  150.699040][ T6881] FAULT_INJECTION: forcing a failure.
[  150.699040][ T6881] name failslab, interval 1, probability 0, space 0, times 0
[  150.740614][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.2.262 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  150.740645][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  150.740654][ T6881] Call Trace:
[  150.740658][ T6881]  <TASK>
[  150.740664][ T6881]  dump_stack_lvl+0x16c/0x1f0
[  150.740695][ T6881]  should_fail_ex+0x50a/0x650
[  150.740718][ T6881]  ? fs_reclaim_acquire+0xae/0x150
[  150.740740][ T6881]  ? tomoyo_realpath_from_path+0xb9/0x720
[  150.740760][ T6881]  should_failslab+0xc2/0x120
[  150.740779][ T6881]  __kmalloc_noprof+0xcb/0x510
[  150.740796][ T6881]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  150.740824][ T6881]  tomoyo_realpath_from_path+0xb9/0x720
[  150.740845][ T6881]  ? tomoyo_path_number_perm+0x235/0x590
[  150.740864][ T6881]  ? tomoyo_path_number_perm+0x235/0x590
[  150.740884][ T6881]  tomoyo_path_number_perm+0x248/0x590
[  150.740901][ T6881]  ? tomoyo_path_number_perm+0x235/0x590
[  150.740921][ T6881]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  150.740953][ T6881]  ? lockdep_hardirqs_on+0x7c/0x110
[  150.740992][ T6881]  ? lockdep_hardirqs_on+0x7c/0x110
[  150.741025][ T6881]  ? hook_file_ioctl+0x13/0x180
[  150.741050][ T6881]  ? hook_file_ioctl+0x5e/0x180
[  150.741077][ T6881]  security_file_ioctl+0x9b/0x240
[  150.741099][ T6881]  __x64_sys_ioctl+0xb7/0x200
[  150.741125][ T6881]  do_syscall_64+0xcd/0x250
[  150.741142][ T6881]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  150.741165][ T6881] RIP: 0033:0x7fdf73d8cda9
[  150.741179][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  150.741194][ T6881] RSP: 002b:00007fdf74b3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  150.741211][ T6881] RAX: ffffffffffffffda RBX: 00007fdf73fa6080 RCX: 00007fdf73d8cda9
[  150.741223][ T6881] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006
[  150.741232][ T6881] RBP: 00007fdf74b3e090 R08: 0000000000000000 R09: 0000000000000000
[  150.741242][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  150.741251][ T6881] R13: 0000000000000000 R14: 00007fdf73fa6080 R15: 00007fffd217c3f8
[  150.741274][ T6881]  </TASK>
[  150.964324][ T6881] ERROR: Out of memory at tomoyo_realpath_from_path.
[  150.976713][ T6881] ubi0: attaching mtd0
[  150.995012][ T6881] ubi0: scanning is finished
[  150.999772][ T6881] ubi0: empty MTD device detected
[  151.799984][ T6881] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4
[  152.119527][   T29] audit: type=1400 audit(1738101596.823:279): avc:  denied  { connect } for  pid=6890 comm="syz.3.264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  152.143547][   T29] audit: type=1400 audit(1738101596.823:280): avc:  denied  { name_connect } for  pid=6890 comm="syz.3.264" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  152.189940][ T6886] ubi0: attaching mtd0
[  152.196730][ T6886] ubi0: scanning is finished
[  152.202875][ T6886] ==================================================================
[  152.210949][ T6886] BUG: KASAN: slab-use-after-free in notifier_chain_register+0x3ac/0x420
[  152.219385][ T6886] Read of size 4 at addr ffff8880793d58d8 by task syz.0.263/6886
[  152.227115][ T6886] 
[  152.229444][ T6886] CPU: 1 UID: 0 PID: 6886 Comm: syz.0.263 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  152.229469][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  152.229482][ T6886] Call Trace:
[  152.229489][ T6886]  <TASK>
[  152.229496][ T6886]  dump_stack_lvl+0x116/0x1f0
[  152.229529][ T6886]  print_report+0xc3/0x620
[  152.229551][ T6886]  ? __virt_addr_valid+0x5e/0x590
[  152.229570][ T6886]  ? __phys_addr+0xc6/0x150
[  152.229592][ T6886]  kasan_report+0xd9/0x110
[  152.229611][ T6886]  ? notifier_chain_register+0x3ac/0x420
[  152.229632][ T6886]  ? notifier_chain_register+0x3ac/0x420
[  152.229653][ T6886]  notifier_chain_register+0x3ac/0x420
[  152.229675][ T6886]  blocking_notifier_chain_register+0x76/0xd0
[  152.229696][ T6886]  ubi_wl_init+0x1018/0x17b0
[  152.229728][ T6886]  ubi_attach+0x1b92/0x4c00
[  152.229760][ T6886]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  152.229798][ T6886]  ? lockdep_init_map_type+0x16d/0x7d0
[  152.229830][ T6886]  ? __pfx_ubi_attach+0x10/0x10
[  152.229858][ T6886]  ? ubi_attach_mtd_dev+0x1543/0x3590
[  152.229889][ T6886]  ubi_attach_mtd_dev+0x158f/0x3590
[  152.229919][ T6886]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  152.229942][ T6886]  ? __pfx_get_mtd_device+0x10/0x10
[  152.229964][ T6886]  ctrl_cdev_ioctl+0x339/0x3d0
[  152.229979][ T6886]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  152.229995][ T6886]  ? selinux_file_ioctl+0x180/0x270
[  152.230016][ T6886]  ? selinux_file_ioctl+0xb4/0x270
[  152.230038][ T6886]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  152.230054][ T6886]  __x64_sys_ioctl+0x190/0x200
[  152.230077][ T6886]  do_syscall_64+0xcd/0x250
[  152.230093][ T6886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.230118][ T6886] RIP: 0033:0x7f369798cda9
[  152.230131][ T6886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  152.230149][ T6886] RSP: 002b:00007f36957f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  152.230165][ T6886] RAX: ffffffffffffffda RBX: 00007f3697ba6080 RCX: 00007f369798cda9
[  152.230176][ T6886] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006
[  152.230187][ T6886] RBP: 00007f3697a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  152.230197][ T6886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  152.230208][ T6886] R13: 0000000000000000 R14: 00007f3697ba6080 R15: 00007ffdcc7d4de8
[  152.230224][ T6886]  </TASK>
[  152.230230][ T6886] 
[  152.467388][ T6886] Allocated by task 6881:
[  152.471718][ T6886]  kasan_save_stack+0x33/0x60
[  152.476381][ T6886]  kasan_save_track+0x14/0x30
[  152.481037][ T6886]  __kasan_kmalloc+0xaa/0xb0
[  152.485606][ T6886]  ubi_attach_mtd_dev+0x3ce/0x3590
[  152.490708][ T6886]  ctrl_cdev_ioctl+0x339/0x3d0
[  152.495456][ T6886]  __x64_sys_ioctl+0x190/0x200
[  152.500208][ T6886]  do_syscall_64+0xcd/0x250
[  152.504691][ T6886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.510579][ T6886] 
[  152.512891][ T6886] Freed by task 6881:
[  152.516849][ T6886]  kasan_save_stack+0x33/0x60
[  152.521509][ T6886]  kasan_save_track+0x14/0x30
[  152.526165][ T6886]  kasan_save_free_info+0x3b/0x60
[  152.531177][ T6886]  __kasan_slab_free+0x51/0x70
[  152.535919][ T6886]  kfree+0x2c4/0x4d0
[  152.539800][ T6886]  device_release+0xa1/0x240
[  152.544377][ T6886]  kobject_put+0x1e4/0x5a0
[  152.548775][ T6886]  put_device+0x1f/0x30
[  152.552912][ T6886]  ubi_attach_mtd_dev+0xe25/0x3590
[  152.558010][ T6886]  ctrl_cdev_ioctl+0x339/0x3d0
[  152.562753][ T6886]  __x64_sys_ioctl+0x190/0x200
[  152.567499][ T6886]  do_syscall_64+0xcd/0x250
[  152.571981][ T6886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.577878][ T6886] 
[  152.580182][ T6886] The buggy address belongs to the object at ffff8880793d4000
[  152.580182][ T6886]  which belongs to the cache kmalloc-8k of size 8192
[  152.594216][ T6886] The buggy address is located 6360 bytes inside of
[  152.594216][ T6886]  freed 8192-byte region [ffff8880793d4000, ffff8880793d6000)
[  152.608162][ T6886] 
[  152.610466][ T6886] The buggy address belongs to the physical page:
[  152.616857][ T6886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x793d0
[  152.625599][ T6886] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  152.634074][ T6886] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  152.641596][ T6886] page_type: f5(slab)
[  152.645558][ T6886] raw: 00fff00000000040 ffff88801b042280 dead000000000122 0000000000000000
[  152.654126][ T6886] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  152.662703][ T6886] head: 00fff00000000040 ffff88801b042280 dead000000000122 0000000000000000
[  152.671359][ T6886] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  152.680010][ T6886] head: 00fff00000000003 ffffea0001e4f401 ffffffffffffffff 0000000000000000
[  152.688662][ T6886] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  152.697308][ T6886] page dumped because: kasan: bad access detected
[  152.703716][ T6886] page_owner tracks the page as allocated
[  152.709410][ T6886] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6858, tgid 6853 (syz.2.255), ts 149875423598, free_ts 149825158945
[  152.728584][ T6886]  post_alloc_hook+0x181/0x1b0
[  152.733342][ T6886]  get_page_from_freelist+0xfce/0x2f80
[  152.738783][ T6886]  __alloc_frozen_pages_noprof+0x221/0x2470
[  152.744661][ T6886]  alloc_pages_mpol+0x1fc/0x540
[  152.749492][ T6886]  new_slab+0x23d/0x330
[  152.753634][ T6886]  ___slab_alloc+0xc5d/0x1720
[  152.758313][ T6886]  __slab_alloc.constprop.0+0x56/0xb0
[  152.763686][ T6886]  __kmalloc_cache_noprof+0xfa/0x410
[  152.768977][ T6886]  audit_log_d_path+0xce/0x1e0
[  152.773730][ T6886]  common_lsm_audit+0x12b0/0x2290
[  152.778738][ T6886]  slow_avc_audit+0x17d/0x210
[  152.783419][ T6886]  avc_has_extended_perms+0xa34/0x1580
[  152.788865][ T6886]  ioctl_has_perm.constprop.0.isra.0+0x2f2/0x450
[  152.795179][ T6886]  selinux_file_ioctl+0x180/0x270
[  152.800203][ T6886]  security_file_ioctl+0xc6/0x240
[  152.805231][ T6886]  __x64_sys_ioctl+0xb7/0x200
[  152.809939][ T6886] page last free pid 6859 tgid 6859 stack trace:
[  152.816294][ T6886]  free_frozen_pages+0x6db/0xfb0
[  152.821235][ T6886]  __put_partials+0x14c/0x170
[  152.825909][ T6886]  qlist_free_all+0x4e/0x120
[  152.830496][ T6886]  kasan_quarantine_reduce+0x195/0x1e0
[  152.835960][ T6886]  __kasan_slab_alloc+0x69/0x90
[  152.840793][ T6886]  __kmalloc_node_track_caller_noprof+0x1d3/0x510
[  152.847189][ T6886]  kmemdup_noprof+0x29/0x60
[  152.851676][ T6886]  shmem_symlink+0x24d/0x790
[  152.856254][ T6886]  vfs_symlink+0x3e8/0x660
[  152.860656][ T6886]  do_symlinkat+0x263/0x310
[  152.865145][ T6886]  __x64_sys_symlinkat+0x93/0xc0
[  152.870066][ T6886]  do_syscall_64+0xcd/0x250
[  152.874548][ T6886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.880429][ T6886] 
[  152.882733][ T6886] Memory state around the buggy address:
[  152.888341][ T6886]  ffff8880793d5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.896385][ T6886]  ffff8880793d5800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.904427][ T6886] >ffff8880793d5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.912468][ T6886]                                                     ^
[  152.919379][ T6886]  ffff8880793d5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.927420][ T6886]  ffff8880793d5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  152.935462][ T6886] ==================================================================
[  153.030606][ T6886] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  153.037840][ T6886] CPU: 0 UID: 0 PID: 6886 Comm: syz.0.263 Not tainted 6.13.0-syzkaller-08265-g9c5968db9e62 #0
[  153.048113][ T6886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  153.058176][ T6886] Call Trace:
[  153.061494][ T6886]  <TASK>
[  153.064438][ T6886]  dump_stack_lvl+0x3d/0x1f0
[  153.069043][ T6886]  panic+0x71d/0x800
[  153.072940][ T6886]  ? __pfx_panic+0x10/0x10
[  153.077354][ T6886]  ? irqentry_exit+0x3b/0x90
[  153.081949][ T6886]  ? lockdep_hardirqs_on+0x7c/0x110
[  153.087153][ T6886]  ? preempt_schedule_thunk+0x1a/0x30
[  153.092530][ T6886]  ? preempt_schedule_common+0x44/0xc0
[  153.097981][ T6886]  ? check_panic_on_warn+0x1f/0xb0
[  153.103090][ T6886]  check_panic_on_warn+0xab/0xb0
[  153.108018][ T6886]  end_report+0x117/0x180
[  153.112332][ T6886]  kasan_report+0xe9/0x110
[  153.116732][ T6886]  ? notifier_chain_register+0x3ac/0x420
[  153.122348][ T6886]  ? notifier_chain_register+0x3ac/0x420
[  153.127966][ T6886]  notifier_chain_register+0x3ac/0x420
[  153.133412][ T6886]  blocking_notifier_chain_register+0x76/0xd0
[  153.139464][ T6886]  ubi_wl_init+0x1018/0x17b0
[  153.144052][ T6886]  ubi_attach+0x1b92/0x4c00
[  153.148549][ T6886]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  153.154872][ T6886]  ? lockdep_init_map_type+0x16d/0x7d0
[  153.160417][ T6886]  ? __pfx_ubi_attach+0x10/0x10
[  153.165258][ T6886]  ? ubi_attach_mtd_dev+0x1543/0x3590
[  153.170621][ T6886]  ubi_attach_mtd_dev+0x158f/0x3590
[  153.175812][ T6886]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  153.181346][ T6886]  ? __pfx_get_mtd_device+0x10/0x10
[  153.186544][ T6886]  ctrl_cdev_ioctl+0x339/0x3d0
[  153.191313][ T6886]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  153.196681][ T6886]  ? selinux_file_ioctl+0x180/0x270
[  153.201895][ T6886]  ? selinux_file_ioctl+0xb4/0x270
[  153.206998][ T6886]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  153.212268][ T6886]  __x64_sys_ioctl+0x190/0x200
[  153.217024][ T6886]  do_syscall_64+0xcd/0x250
[  153.221534][ T6886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.227419][ T6886] RIP: 0033:0x7f369798cda9
[  153.231818][ T6886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  153.251431][ T6886] RSP: 002b:00007f36957f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  153.259830][ T6886] RAX: ffffffffffffffda RBX: 00007f3697ba6080 RCX: 00007f369798cda9
[  153.267786][ T6886] RDX: 0000000020000502 RSI: 0000000040186f40 RDI: 0000000000000006
[  153.275742][ T6886] RBP: 00007f3697a0e2a0 R08: 0000000000000000 R09: 0000000000000000
[  153.283699][ T6886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  153.291655][ T6886] R13: 0000000000000000 R14: 00007f3697ba6080 R15: 00007ffdcc7d4de8
[  153.299617][ T6886]  </TASK>
[  153.302832][ T6886] Kernel Offset: disabled
[  153.307131][ T6886] Rebooting in 86400 seconds..