last executing test programs:

8m40.819851521s ago: executing program 3 (id=2088):
modify_ldt$write(0x1, &(0x7f0000000080)={0x800}, 0x10)
r0 = socket$kcm(0xa, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="2f32458a00"})
r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
rseq(0x0, 0xffffffffffffff99, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8d}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
madvise(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r4 = syz_clone(0x20200, &(0x7f0000000280)="7c4ddca10aa4b1", 0x7, 0x0, &(0x7f0000000100), &(0x7f0000000300)="aee77fb094b19b746b293e317dae7e7333319f8edfb8fd996d5c9a019826d61b6adba92378d822cdf0ed75d26bd2a03c60e2e52259848a9b0a17d7bc725efef7fe78726217feea6d7b22bf7abf85d5bf6af6b09bb241633c6271e42333a35de5a20025b6f1c8f3dbb2d3b0a4f589dede1a4122722f399ef0c8cb45daa9d09384bf3fd0d4fee15d0d0b1e5ddbba647f8a82e3ba5b428bed4f525e9b20639a4d943bc52f2084ae51ca709d4b5a1c482732d110a53a4675e30ee6942d73573c0b144a034c35a2bfb659f849b66709a6ba25845de12b1faea65cd9fbe7345887d3ed5bf19c3f746d0c031a396d6add0fbf1cdc9ae23739bfae2bf281c056cee6e416661c90550d9b97bec14b27d1d733009ce204726270512cbe2c3d14a7815da40f478a0443d677d0604f97886841d3924b5ba03c8a135b57")
ioprio_set$pid(0x3, r4, 0x4007)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_DELDEST(r5, 0x6, 0x9, &(0x7f00000001c0)={{0x21, @rand_addr, 0x1000, 0x0, 'none\x00', 0x21, 0x2, 0x2000004}, {@private=0xa010101}}, 0x44)
accept$netrom(r1, &(0x7f0000000200)={{0x3, @rose}, [@remote, @rose, @remote, @remote, @netrom, @rose, @default]}, &(0x7f00000000c0)=0x48)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
fcntl$getflags(r6, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in={0x2, 0x4e21, @remote}, 0x80, &(0x7f0000000000)=[{&(0x7f00000006c0)='@', 0x1}], 0x1, &(0x7f0000000040)=[{0x18, 0x84, 0x0, 'r'}], 0x18}, 0x41)

8m39.581763338s ago: executing program 3 (id=2094):
socket(0x10, 0x3, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r1 = socket(0x400000000010, 0x3, 0x0)
setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000000)='#!.\x00', 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
syz_open_dev$evdev(&(0x7f00000003c0), 0x742, 0x40)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800, 0x0, 0x8001, 0x8000000, 0xfffffffffffffffe, 0x0, 0x4}, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="5c00000014006b0300000000006c1d0010047e0c8131a6080c000af32c6e020075f800250002000f00e5aa000017d34460bc24eab556a705251e6182949a36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1bdd700", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x40040)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a14000000030a01010000000000000000010000006c030000060a010400000000000000000100000008000b400000000044030480340001800b000100657874686472000024000280080001400000000c0800034000000000080004400000002205000200070000000c0301800c0001006269747769736500fc020280080003400000000208000140000000140800024000000012e00205805800028008000340000000020900020073797a31000000000900020073797a32000000000800034000000001080003400000000108000180fffffffa08000180fffffffb0900020073797a310000000008000180fffffffe8d000100c128b3c34ba23f4ba5514c8ad9dce23bb7557215250e6012f76b8947717d23c487be3d8fd4cc13d1f15f118fbe57f96fa61608759f34ba1c408801be862aadab22208cabb413e16d21f1f7cf1653ee2a0fc145512b63b83bb7af6470dbd74932ec9ea0b6562645aefbed83e38a8aea29574e803277200539db1641335649cdd3ed4ab4c0dcdf0982ee0000004000028008000180000000000900020073797a30000000000900020073797a3100000000080003400000000308000340000000010900020073797a32000000002c0002800900020073797a300000000008000340000000010900020073797a31000000000800034000000002b10001004e42b5bd76f393024701f0fe98cc74142e52fb993591dc9ac1cf70e6fcf5fa96b302b8fc9c687b128c55b5c06dfce36354a3c74cd085ea558e8b98b7fdf4d15f7fee95127bf3bf05e9d682a47bee173a2a9708c370105f8e21aa690cbf7cebcfa456c72d50b3011e4a8e73a10c5cf550c267055775c9109e773adaf290e07d5f1839ccaa36d406fa798672fe6dc01412838b1984e35bd519ce43ec95ab565186c6e9224b5fa64e2715f88a25e80000000c00028008000340000000040c0002800800034000000001bb0001007942b62520a9117e1614c86d91a5300f6378ac9a8432244ae514cf9761d2cb517f2051170d307ad3e1a76ac922173bca61f912da2a21adfc85efa26a53e4ffeb5fc03f774598b584cc44690fb3709efc14b0c413eb4cafe39ece870c0224d14b6b908d43318fcf6866b57529d4bf70ce0d91e9e7b5191a12266cd39f9b8ed581658795da501bcf133cae0c7e57146717e8449fd0ae0c9eb48abce5b86e38e95367725161d10e5daa45fc4a9ac43cc5a2678fd8ed6dffbe000900010073797a3000000000140000001100010000000000000000000700000a"], 0x3a8}}, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/cpu_byteorder', 0x1add02, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$cec(&(0x7f0000000140), 0x0, 0x101040)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r6, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x90)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_open_pts(0xffffffffffffffff, 0x141601)
socket$can_raw(0x1d, 0x3, 0x1)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)

8m35.571187015s ago: executing program 3 (id=2105):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000003c0)={0x0, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f0000000a00)={0x0, r2, r3, 0x0, 0x100000, 0x1, 0x2, 0x82, 0x0, 0x0, 0x1, 0x401})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
syz_open_procfs(r7, &(0x7f00000000c0)='uid_map\x00')
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e21, 0x0, @loopback, 0x2}, 0x1c)
getpid()
capset(0x0, 0x0)
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, 0x0)
r8 = shmget$private(0x0, 0x4000, 0x54001800, &(0x7f0000000000/0x4000)=nil)
shmat(r8, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
shmctl$SHM_STAT(r8, 0xd, &(0x7f0000000180)=""/58)

8m33.502422577s ago: executing program 3 (id=2110):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={<r1=>0xffffffffffffffff, 0x0, 0xf37, 0x8})
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c010000100001000000000000000000fc00"/32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x13c}}, 0x0)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000080002000000000000020000", @ANYRES32=r1, @ANYBLOB="1200"/15, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="0200000003000000050400"/20], 0x50)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000300)={@map=r2, 0x1d, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0]}, 0x40)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f00000001c0)={0x0, 0x8, "e47d7a46566ece2f"}, &(0x7f0000000500)=0x10)
r3 = memfd_secret(0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
socket$inet6_icmp(0xa, 0x2, 0x3a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f00000006c0)={0x80000000, &(0x7f0000000600), &(0x7f0000000640)})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x8)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, r7)
sendmsg$NLBL_MGMT_C_LISTDEF(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000000), r8)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r9=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYBLOB="01002cbd7000fedbdf252e0000000c000500000000000000000008002c00fbffffff05002b000200000005002e000700000008000200", @ANYRES32=r9], 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x50)

8m32.65014933s ago: executing program 3 (id=2113):
ioperm(0x8, 0xa, 0x3)
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x85, 0x2}, 0x18, 0x3)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x20)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
write(r1, &(0x7f0000000000)="0a000000010000", 0x7)
landlock_restrict_self(r0, 0x0)
r3 = io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x0, 0x800})
io_uring_register$IORING_REGISTER_BUFFERS2(r3, 0xf, &(0x7f0000001580)={0x1, 0x0, 0x0, &(0x7f00000014c0)=[{0x0}], &(0x7f0000001540)=[0x8001]}, 0x20)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000f80), 0x2, 0x0)
ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000fc0)={0x1, 0x1})
socket$nl_generic(0x10, 0x3, 0x10)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000008c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x4)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000a80)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000ac0)=0x14)
r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000000b00)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0xc, [@var={0xa, 0x0, 0x0, 0xe, 0x3}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1, 0x80000001}}]}, {0x0, [0x2e, 0x0, 0x0, 0x61, 0x5f, 0x5f, 0x61, 0x5f, 0x61, 0xdc]}}, &(0x7f0000000b80)=""/234, 0x4c, 0xea, 0x1, 0x0, 0x10000, @value}, 0x28)
r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000d40)='blkio.bfq.io_queued\x00', 0x0, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000d80)=@base={0xf, 0xfffffffd, 0x1, 0x4, 0x1010, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ec0)={0x6, 0x1e, &(0x7f0000000900)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000a00)='GPL\x00', 0x0, 0x5, &(0x7f0000000a40)=""/5, 0x41100, 0x21, '\x00', r7, 0x25, r8, 0x8, &(0x7f0000000cc0)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000d00)={0x4, 0xe, 0x2, 0x10}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000e00)=[r9, r10], &(0x7f0000000e40)=[{0x1, 0x1, 0x4, 0xc}, {0x2, 0x1, 0x6, 0x6}, {0x3, 0x3, 0x6}, {0x2, 0x3, 0xb, 0xa}, {0x5, 0x1, 0x0, 0x4}, {0x2, 0x5, 0x0, 0x5}], 0x10, 0x40, @void, @value}, 0x94)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
r11 = memfd_secret(0x80000)
ftruncate(r11, 0x3)
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r14, 0x4048aecb, &(0x7f0000000000))

8m32.05249156s ago: executing program 3 (id=2116):
r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x8002)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000540)=0xa0000)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r2, 0x0)
syz_pidfd_open(r2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x1, [<r8=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x100002, 0x81], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x100001, 0x1, 0x5977})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newtaction={0x68, 0x30, 0x871a15abc695fa3d, 0x2000, 0x25dfdbff, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x80000000, 0x8, 0x10000000, 0x20001, 0xa}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x5}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x4}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8800}, 0x4040000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7cb, &(0x7f0000000980)={&(0x7f0000000100)={{@hyper}, {}, 0x400, "1710194bd1372be65d5d1be456d243acca17147843aa07e4676b6e5e13d51fe3b442ddd575b7ea5ad5807b65f6ffac80b65547d4a62858f758a3c310e491a45dff1707cfb8288781aa397d3e28b552db90c3fd57f459b4e3da5126b8963a25e860e40c989341b47e8b95063656f91660d61ae86764cd5302c60b77fff946ee5d5b95a65deb8a11af66212c0a3802da8734cf65656145658ef881a33b771b9134fe2e1407a2ffeb9ae90b1cd06a1e2438c7cd1667c0d3dc53f15fd720ed9adc68ca0bf8cb3a5f3e8f2b48ec05a30d52182f3be35dc35ddad91cd4123051996b766cf7f2791773011420d79b507bba3f90ba48eb066b68d56570e96cdac68675271dc756c582705ced77c094ae8f12a4f268fd1c5ed18f1264e27fcc5d2cced8dc50569b03dffbb749caffa1748c5f7c5fc60a7264e04c53bef6c2cba5ed946d420a97a2fa74cb564f80206f75b408bb69c27ab96ae43936e5c497bc56409f13221e4736c3229193f32dfeae901c32027c5941b73beee853b0fcccfb97d02b8675ca92bfe97adcf83d49f8a405dc9be0cfbaa239a73b40b37ee1c03ae15bf08b05d594d3ae80c131b6a0f958a0b5e09653d5d541c29fa4203671c3e8d3898a5618d7d05e7742dad4a6696ae13deef6c402e2afea4acf40d2c14ed5092a438170f1681d4b97eab16fcbfa86d7a361c02f89069d58c2b32c58d5ef7babf62b97c7ac97e413f53bea59cdbf72fc1c14718b1fa6306da64c9700df190c356a9e972d9e63cc9b0383cc8cab28a02a4b3d4f8b96d485dedb3e6a3f4e40d110676dc8de884d3f915b04f220072d4d68697b106faa3577b5011f3144f235439f1aac9f59d37adcc58ba20f209442df7c1328834bdd3933c0796e2975fa5e9b5cc2653b15b7be37172df2d84329307831f2977cac3cca11676512d2d351e00d09889681f9e0e6c172f2d0c3c15eb75ffe6297aecc1cc9d3ebc80735a50b07c7b1eedadbc9f637e26dd4035322abcb77f93fcd9feb2c33bf37c34595dc9bb2e16ada83dc541f98880dd6d4e0ef38e27adf412d1e08a5c1ce83acdc4f40674d9dc14fbff2f42eb71ba5fac19fc742e00c4c15154fcf8f79ad4cd4c8183d4b2d9693eab7f0da562a9ffba7058b272b280611d877f0b05dda462a5e605ea5a8803ad17ce5a9c5f88ec6fef54f407f5f26dc218b21ac5899d03946fdc4d95791f09a272ef0f1388d718c3d38727b1fbbb2c9f22f2d5091c2d0963b971ab47402130e3ca8e201609c34d4379f75257240f9ff0fe921e29bdcc1319bf77a469739ebfc1d1f8605bfb6d46c0cdc31692254715082be9152eabb5a9f2c562c06a985f573b63f02aad0eb63ff970e5a9a28d209b657cd20dc572238ef1d5bbc57041f77c70fca6b5314b6bff2a9b1a03ed2269456e6467664ac0ec2d2304916885fd1f91d5c3b32b924de"}, 0x418})
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0x7a)
r11 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r11, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0xf2, @time={0x4}, {}, {}, @control={0x0, 0x1000, 0x9}}, {0x6, 0x0, 0x2, 0x81, @tick=0x86, {0x8, 0x30}, {0x2}, @time=@tick=0x400001}], 0x38)

8m16.656285449s ago: executing program 32 (id=2116):
r0 = syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x8002)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000540)=0xa0000)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r2, 0x0)
syz_pidfd_open(r2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x1, [<r8=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x100002, 0x81], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x100001, 0x1, 0x5977})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newtaction={0x68, 0x30, 0x871a15abc695fa3d, 0x2000, 0x25dfdbff, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18, 0x3, {0x80000000, 0x8, 0x10000000, 0x20001, 0xa}}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x5}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x4}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x8800}, 0x4040000)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@my=0x0})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7cb, &(0x7f0000000980)={&(0x7f0000000100)={{@hyper}, {}, 0x400, "1710194bd1372be65d5d1be456d243acca17147843aa07e4676b6e5e13d51fe3b442ddd575b7ea5ad5807b65f6ffac80b65547d4a62858f758a3c310e491a45dff1707cfb8288781aa397d3e28b552db90c3fd57f459b4e3da5126b8963a25e860e40c989341b47e8b95063656f91660d61ae86764cd5302c60b77fff946ee5d5b95a65deb8a11af66212c0a3802da8734cf65656145658ef881a33b771b9134fe2e1407a2ffeb9ae90b1cd06a1e2438c7cd1667c0d3dc53f15fd720ed9adc68ca0bf8cb3a5f3e8f2b48ec05a30d52182f3be35dc35ddad91cd4123051996b766cf7f2791773011420d79b507bba3f90ba48eb066b68d56570e96cdac68675271dc756c582705ced77c094ae8f12a4f268fd1c5ed18f1264e27fcc5d2cced8dc50569b03dffbb749caffa1748c5f7c5fc60a7264e04c53bef6c2cba5ed946d420a97a2fa74cb564f80206f75b408bb69c27ab96ae43936e5c497bc56409f13221e4736c3229193f32dfeae901c32027c5941b73beee853b0fcccfb97d02b8675ca92bfe97adcf83d49f8a405dc9be0cfbaa239a73b40b37ee1c03ae15bf08b05d594d3ae80c131b6a0f958a0b5e09653d5d541c29fa4203671c3e8d3898a5618d7d05e7742dad4a6696ae13deef6c402e2afea4acf40d2c14ed5092a438170f1681d4b97eab16fcbfa86d7a361c02f89069d58c2b32c58d5ef7babf62b97c7ac97e413f53bea59cdbf72fc1c14718b1fa6306da64c9700df190c356a9e972d9e63cc9b0383cc8cab28a02a4b3d4f8b96d485dedb3e6a3f4e40d110676dc8de884d3f915b04f220072d4d68697b106faa3577b5011f3144f235439f1aac9f59d37adcc58ba20f209442df7c1328834bdd3933c0796e2975fa5e9b5cc2653b15b7be37172df2d84329307831f2977cac3cca11676512d2d351e00d09889681f9e0e6c172f2d0c3c15eb75ffe6297aecc1cc9d3ebc80735a50b07c7b1eedadbc9f637e26dd4035322abcb77f93fcd9feb2c33bf37c34595dc9bb2e16ada83dc541f98880dd6d4e0ef38e27adf412d1e08a5c1ce83acdc4f40674d9dc14fbff2f42eb71ba5fac19fc742e00c4c15154fcf8f79ad4cd4c8183d4b2d9693eab7f0da562a9ffba7058b272b280611d877f0b05dda462a5e605ea5a8803ad17ce5a9c5f88ec6fef54f407f5f26dc218b21ac5899d03946fdc4d95791f09a272ef0f1388d718c3d38727b1fbbb2c9f22f2d5091c2d0963b971ab47402130e3ca8e201609c34d4379f75257240f9ff0fe921e29bdcc1319bf77a469739ebfc1d1f8605bfb6d46c0cdc31692254715082be9152eabb5a9f2c562c06a985f573b63f02aad0eb63ff970e5a9a28d209b657cd20dc572238ef1d5bbc57041f77c70fca6b5314b6bff2a9b1a03ed2269456e6467664ac0ec2d2304916885fd1f91d5c3b32b924de"}, 0x418})
ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000000)=0x7a)
r11 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r11, &(0x7f0000000140)=[{0x0, 0x0, 0x0, 0xf2, @time={0x4}, {}, {}, @control={0x0, 0x1000, 0x9}}, {0x6, 0x0, 0x2, 0x81, @tick=0x86, {0x8, 0x30}, {0x2}, @time=@tick=0x400001}], 0x38)

2m42.387027635s ago: executing program 4 (id=3172):
r0 = eventfd2(0x76, 0x1)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0x40015b19, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000003640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newtfilter={0xac, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x80, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0xf, 0xef, 0x6, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0xb, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x4}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x200, 0x4, 0x8, 0x8}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xd, 0xa}}]}}]}, 0xac}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r6 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, 0x0)
read$eventfd(r0, &(0x7f0000000080), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x2, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x4, 0x8a}, 0x9c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
getresgid(0x0, 0x0, 0x0)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

2m39.298811001s ago: executing program 4 (id=3178):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score_adj\x00')
write$cgroup_int(r0, &(0x7f00000008c0)=0x400000000002, 0x12)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c00000073a25161c9adfc541d8252f06af4b4ddebe38ebbdf870cab60278f03a326b928edd8f05e4436cf79e80294464f6f482c24478be5eba00197f0f5b90db3f89e6d56268633c4ab5c823ece3f2852b7d05d56d57dcae231687f56f6eaba665b6c76ea", @ANYRES16=r2, @ANYBLOB="01000000000000000000050000001800018014000200776c616e3100"/37], 0x2c}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x44, r2, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x3ff}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0x1}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x1}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0xc1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000100)={0x28, 0x0, 0xffffffff, @host}, 0x10)
setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000000), 0x65)
socket(0x10, 0x803, 0x2)
r4 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r4, &(0x7f0000000fc0)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x31}, 0x80, &(0x7f0000001000)=[{&(0x7f0000000040)="b8b2cc1e00c1dba49d23bb66cb3a66bb0280000788fb", 0x16}], 0x1}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x8e, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r6, <r7=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)=r5}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r7, 0x0, &(0x7f00000005c0)=""/255}, 0x20)
syz_open_dev$tty1(0xc, 0x4, 0x1)
set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
write$cgroup_int(r9, &(0x7f0000000540), 0xfffffdd8)

2m38.867350585s ago: executing program 4 (id=3179):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat(0xffffffffffffff9c, 0x0, 0x2040, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000b346c8a9a19cf2d22b00000000155165f94d998f5155aa0eb900bd", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xa, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = creat(&(0x7f0000000000)='./file1\x00', 0xecf86c37d530491e)
inotify_rm_watch(r4, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r5, 0x0, 0xbe}, 0x18)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
waitid(0x0, r6, 0x0, 0x8, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r7=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r7, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
quotactl$Q_QUOTAON(0xffffffff80000102, 0x0, 0x0, 0x0)
fcntl$getownex(r7, 0x10, &(0x7f00000001c0))
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)

2m37.902818305s ago: executing program 4 (id=3180):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r5 = accept(r3, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a8"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r6, &(0x7f0000000080), &(0x7f00000002c0)=@tcp=r5}, 0x20)
close_range(r2, 0xffffffffffffffff, 0x0)

2m36.375150506s ago: executing program 4 (id=3185):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x58}}, 0x8000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)})
r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0xa, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
flock(r0, 0x2)
r2 = open(&(0x7f0000000180)='.\x00', 0x10000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
sendto$inet6(r4, 0x0, 0x0, 0x200c8084, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
sendto$inet6(r4, &(0x7f0000001cc0)="2501d77b330b7e73d6b1d1b8a473ff7420b4b43ce0861f000000714fa228ee1f5b48", 0xfffffffffffffe57, 0x8000, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000040)=0x6, 0x4)
recvmmsg(r4, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002003, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@broadcast, &(0x7f0000000840)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac=@device_b, {0x0, 0x30}}, 0x0, @default, 0x1, @val={0x0, 0x1f, @random="1e1db439fdca1fcc830d3d49f95edc98c5d9556118a5e2e4eb40636f4a7d74"}, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x20, 0x2, 0x3, 0x0, {0x8, 0x3, 0x0, 0x6, 0x0, 0x1, 0x0, 0x1, 0x1}, 0x1, 0x1ff, 0x40}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xa, 0x8}}, [{0xdd, 0x5b, "e58981adbb493c5789585557e89c6faabf78c33ea22db1f056c3d2094c1f1d7250f60b094d1d5855db6df0ce91a8e82739fd5bd6962cbde4d7fb4040d0ebaf8beb11cc551c9316eb0e42e1f00887a37e61674d2dc158607837c4ab"}]}, 0xcf)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000700)=@data_frame={@a_msdu=@type00={{0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}, {0x5}, @broadcast, @device_a, @from_mac=@broadcast, {0x0, 0x8}}, @a_msdu=[{@broadcast, @device_a, 0x90, "69789872757fb220f6bcd84c1650758f8d3baa043610dafb33e1516f07fba8ab87ac0295491b32119efdde92deb88eaf44e67ef62a0888a4bc6c35a55dc84a110ce5ad6e30a84344b63800093a0e48c7a565dc0b7f130ba6ee72776b238bd640d0f8cd42ed98cefd375019ee3973c1e7d3e0e0991e339bf10b641ce11754a81c96d3f37aea99813aa0de5c4185298706"}, {@device_b, @broadcast, 0x60, "f9aa1f642247e86db61b1dfa854e60288bcb697a6adbd76c444f5775e946e90485ebdc118f8b14b0ac96c528f92cf7ebcfcf3025a9f54a5648120e35d01a4621c4f8a1c2e60ceda2a683223d526d5a95a13f42332e6967bb427d6ae07a5c1ee8"}]}, 0x128)
flock(r2, 0x2)

2m33.93770238s ago: executing program 4 (id=3190):
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x80000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r0, 0xab03)
ioctl$NBD_CLEAR_SOCK(r0, 0xab00)
syz_open_dev$ndb(0x0, 0x0, 0x0)

2m18.899925275s ago: executing program 33 (id=3190):
r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x80000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_DO_IT(r0, 0xab03)
ioctl$NBD_CLEAR_SOCK(r0, 0xab00)
syz_open_dev$ndb(0x0, 0x0, 0x0)

14.25083498s ago: executing program 5 (id=3595):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000200))
r5 = socket(0x2, 0x80805, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x80005, 0x6f}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'lc\x00', 0x2, 0x3, 0x181a}, {@private=0xa010102, 0x4e20, 0x2, 0xa, 0x80012d58, 0x12d5c}}, 0x44)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x6, 0x3, 0x1815}, {@private=0xa010102, 0xce20, 0x4, 0xa, 0x80812f58, 0x12d5c}}, 0x44)
sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001800110101000000000000000a0080000002000800000000040008800fc5f4e6a846e6f6ec0f662d65ac84f39514a463ec851377d393fcfdc118fc8acabb2ca567a0fda6652aa1c03a66c414ccdaeda53db74f82a7b0a6c497f0b204bfbcfc576072472f68b1cc8673f30fa643d317e2f2022b9b3b84347a6ef9bae5a554e6"], 0x20}, 0x1, 0x0, 0x0, 0x4805}, 0x4)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

12.222313793s ago: executing program 2 (id=3597):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYBLOB="01980000000000002000128008000100677265001400028008", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r5, {0xfff3, 0x9}, {}, {0x2, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ct={0x2c, 0x7, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x48c0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$kcm(0x25, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff56, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
recvmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r8, 0x84, 0x7a, &(0x7f0000000340)={r10, @in6={{0xa, 0x0, 0x1, @local, 0x4}}}, &(0x7f0000000040)=0x84)

11.983787757s ago: executing program 5 (id=3600):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000440)={@map, r2, 0x36, 0x4, 0x0, @void, @value=r2}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0xbb}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)={{0x14}, [], {0x14}}, 0x28}}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
socket(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r4, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0)

10.91092987s ago: executing program 5 (id=3603):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000d00), 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IOCTL_VMCI_GET_CONTEXT_ID(r0, 0x7b3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0xc619acf2cb21dc6e, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x40)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000001a00)={&(0x7f0000000040)={0x2, 0x2, @rand_addr=0x64010102}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000880)=""/4089, 0xff9}], 0x1, 0x0, 0x0, 0x4000}, 0x0)

9.061055464s ago: executing program 0 (id=3606):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r1=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xfffffffe}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000200)=[{0x0}], 0x1, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_setup(0x6f9e, &(0x7f0000000600)={0x0, 0x1e28, 0x0, 0x3, 0x28b})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x4000810)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB="030700000000000000000800000068000480040007801300010062726f6164636173742d6c696e6b00001900078008000300000000000800020000000000080003000000000008000200000000000800030000000000040004"], 0x7c}}, 0x0)
io_submit(r1, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000080)='\r', 0x1}])

8.52856989s ago: executing program 2 (id=3609):
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet(0x2, 0x2, 0x7ffb)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

7.82490429s ago: executing program 0 (id=3611):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x207b00, 0x0)
socket$kcm(0x29, 0x2, 0x0)
execveat$binfmt(0xffffffffffffffff, 0x0, &(0x7f0000000a40)={[&(0x7f00000002c0)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', &(0x7f0000001900)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', &(0x7f0000000b00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x10p\xc6\x1eu2\xbb6e\xc9)\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\xbe\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x03\xeb\\ \xcf?\x95dV;@C\x97\v\xff\x84\xdaG\xc1\x19\xc5\xaa\"c\x17\x1f\x90=\xde\x86\xaa\xa8\x95=!f\xf61\xe8\xf0Dd\xa2\x02F\x92ih\xa5\x1f\xbf\xb6`\xb3\x87\x9en\xd1a\x11\xc6D[\x16\x92\x97]\x0f\x00\xf6\xa9\xf2\xa3\x84@\xb6\xf7\x901Y\x92|B\xac\x12\x9a\a\x1c\xc3\xbe8j\xb6JL\xa4\x91\xbeIXb\x17\xab\'\t\v\xbb}\xe8\xc3V\xcb\xc3\x9f\xf8S\x17.\x1f\xb9\xc6\\\xdf\x0eGk\x98\x15\xdc\"\x9f\xab\b\xac\x96\x89`\xa7AO\x05\x18\xe5\x19m\xe0]\r\xe8\xfeC%kE\n\x18\xc1\x0f~\x89s}r\x80\xe3^\xef`O\x908\x9cT\xda\b\xe6\x9b\x03#M', &(0x7f00000008c0)='/)\x00', &(0x7f0000000240)='-\x00', &(0x7f0000000940)='\xb5&\x00', &(0x7f0000000980)='){(+\x00', &(0x7f0000000100)='){(+\x00']}, &(0x7f0000000ac0), 0x1000)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0))
epoll_create1(0x0)
setresgid(0x0, 0xffffffffffffffff, 0x0)
setfsgid(0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)=@bridge_setlink={0x60, 0x13, 0x20, 0x70bd2d, 0x25dfdbff, {0x7, 0x0, 0x0, r3, 0x20400, 0x408}, [@IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x6ac47}, @IFLA_PORT_SELF={0x20, 0x19, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "f7a4003de6b60af1bef5dc48210de59d"}, @IFLA_PORT_VF={0x8, 0x1, 0x5431}]}, @IFLA_OPERSTATE={0x5}, @IFLA_EXT_MASK={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x9}]}, 0x60}, 0x1, 0x0, 0x0, 0x900}, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0x9}, 0x8)

7.278245048s ago: executing program 0 (id=3615):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r1, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]})
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r5 = accept(r3, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a8"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r6, &(0x7f0000000080), &(0x7f00000002c0)=@tcp=r5}, 0x20)
close_range(r2, 0xffffffffffffffff, 0x0)

7.216085034s ago: executing program 5 (id=3616):
r0 = eventfd2(0x76, 0x1)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0x40015b19, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000003640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newtfilter={0xac, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x80, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0xf, 0xef, 0x6, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0xb, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x4}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x200, 0x4, 0x8, 0x8}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xd, 0xa}}]}}]}, 0xac}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r6 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, 0x0)
read$eventfd(r0, &(0x7f0000000080), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x2, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x4, 0x8a}, 0x9c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
getresgid(0x0, 0x0, 0x0)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

6.510428539s ago: executing program 6 (id=3619):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000440)=0x2, 0x4)
r1 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r2=>0x0}, &(0x7f0000000000)=0xc)
setresuid(r2, r2, r2)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040))
getpid()
socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x801, 0xf84, 0x3}, 0x1c)
syz_emit_ethernet(0x1ec, &(0x7f0000000200)={@random="856b934629fa", @local, @val={@void, {0x8100, 0x4, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x2, 0x6, "251c85", 0x1b2, 0x3a, 0x1, @private1, @loopback, {[@routing={0x87, 0x14, 0x0, 0x0, 0x0, [@loopback, @private1, @private2, @dev={0xfe, 0x80, '\x00', 0x17}, @ipv4={'\x00', '\xff\xff', @remote}, @loopback, @rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x20}, @mcast1, @dev={0xfe, 0x80, '\x00', 0x14}]}, @hopopts={0x62, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x6c, 0x2, '\x00', [@hao={0xc9, 0x10, @loopback}]}], @param_prob={0x4, 0x1, 0x0, 0x5, {0x0, 0x6, "fc1501", 0x2, 0x21, 0x1, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast1, [@hopopts={0xc, 0x2, '\x00', [@calipso={0x7, 0x10, {0x3, 0x2, 0xe, 0xa, [0x4]}}]}], "113efc43d96995a4797f4f212456f1e58caf9c54ac1aa2fd3d4efc2ba7ff08c73c1f4b634abf7cda502f90893abf3d5d63f8703bc88c69a038d2ae7e8c6d918fefc0d5fce985ba8c432fbc523c9aa66d42b223c6c4705e0809a530b67070c728fc79da5604943298f56b307328cd17098b170b47a3735c9aa19e5ada6d76a851e0f7cb556e033b273f8c"}}}}}}}, 0x0)

6.446790274s ago: executing program 6 (id=3620):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x2c, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8}]}]}, 0x46}}, 0x4004)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

6.375229981s ago: executing program 6 (id=3621):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe)
socket$pptp(0x18, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfff7fffffffffff5}, 0x18)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000480)="abb6", 0x2}, {&(0x7f00000000c0)="c5", 0x1}], 0x2, 0x0, 0x0, 0x8810}], 0x1, 0x40)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r8, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', 0x0}}, 0x40)

6.286536409s ago: executing program 2 (id=3622):
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmmsg(r0, &(0x7f00000019c0)=[{{&(0x7f0000001a40)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @empty}}, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/187}], 0x0, &(0x7f00000003c0)=""/86}, 0x3}, {{&(0x7f0000000440)=@alg, 0x0, &(0x7f00000018c0), 0x0, &(0x7f0000001940)=""/100}, 0x80}], 0x27, 0x40, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r2, 0xc0405610, 0x0)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000040)={{}, {0x18}, 0x0, 0x7})

6.249526761s ago: executing program 0 (id=3623):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x4, 0x1d}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(0x0, 0xfff, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)

5.144801494s ago: executing program 6 (id=3625):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYBLOB="019800000000000020001280080001006772650014000280080001", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r5, {0xfff3, 0x9}, {}, {0x2, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ct={0x2c, 0x7, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x48c0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$kcm(0x25, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff56, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
recvmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r8, 0x84, 0x7a, &(0x7f0000000340)={r10, @in6={{0xa, 0x0, 0x1, @local, 0x4}}}, &(0x7f0000000040)=0x84)

5.076116339s ago: executing program 1 (id=3626):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000d00), 0x4000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$IOCTL_VMCI_GET_CONTEXT_ID(r0, 0x7b3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0xc619acf2cb21dc6e, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x40)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000001a00)={&(0x7f0000000040)={0x2, 0x2, @rand_addr=0x64010102}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000880)=""/4089, 0xff9}], 0x1, 0x0, 0x0, 0x4000}, 0x0)

5.073827023s ago: executing program 2 (id=3627):
r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='\t'], 0x50)
syz_io_uring_setup(0x4ba6, &(0x7f0000000080)={0x0, 0x2005, 0x1000, 0x1, 0xbfdffff9}, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r1, 0x5408, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000280)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53dedc33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f600"})
socket$nl_xfrm(0x10, 0x3, 0x6)
write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0))
r2 = syz_open_pts(r1, 0x101000)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17)

4.438934873s ago: executing program 0 (id=3628):
r0 = eventfd2(0x76, 0x1)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0x40015b19, &(0x7f0000000040))
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000003640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000003580)=@newtfilter={0xac, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0x80, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0xf, 0xef, 0x6, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0xb, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x4}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x200, 0x4, 0x8, 0x8}]}}, @TCA_U32_CLASSID={0x8, 0x1, {0xd, 0xa}}]}}]}, 0xac}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r6 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, 0x0)
read$eventfd(r0, &(0x7f0000000080), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x2, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x4, 0x8a}, 0x9c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
getresgid(0x0, 0x0, 0x0)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

3.066838855s ago: executing program 6 (id=3629):
read(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)={0x2, 0x400000000000003, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x3}, @sadb_address={0x5, 0x6, 0x6c, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_lifetime={0x4, 0x4, 0x0, 0x7}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3}, @sadb_address={0x5, 0x5, 0x0, 0x80, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}, @sadb_address={0x3, 0x7, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0xc8}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
capget(&(0x7f0000000200)={0x19971634}, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000400)={'bridge_slave_0\x00', &(0x7f0000000040)=@ethtool_sset_info={0x37, 0x60000, 0x7fffffff}})
unshare(0x46000200)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
r4 = memfd_secret(0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r6 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r5, r4, 0x2e, 0x4608, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r6, 0x4)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)

2.49032512s ago: executing program 6 (id=3630):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="120100006325a640402000498b4d000000010902240001000000000904000002214c6a0009050702000000da000905890e"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000240)=ANY=[@ANYBLOB="200f2e00"], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000600)={0xffffffffffffffff, &(0x7f0000000580)="124d2917", &(0x7f00000006c0)=""/208}, 0x20)
io_setup(0x8, &(0x7f0000000000))
socket$inet_udp(0x2, 0x2, 0x0)

2.479209754s ago: executing program 1 (id=3631):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x0)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

2.437842128s ago: executing program 2 (id=3632):
connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = syz_io_uring_setup(0x81d, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x0, 0x34b}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0xf0, &(0x7f0000000000)=[{&(0x7f0000000540)="8f00000014006b05c84e21000ab16d8b230675f802000000040002005817530461bc24eeb556a705251e6182149a36c23d3b48dfd8cd81bf9367b098fa51f60a64c9f4080000000000b6c0504bb9189d9193e9bd1c1b7376dc5214168eab57c736b13ae90298536c3aa6b230606b45823c8f8e9616afbb519374c3e3875b0f3252fc5dfbc28369efcd300a95fcfcda", 0x8f}], 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000500)=ANY=[@ANYRESOCT=r0, @ANYRES64=r2, @ANYRES64=r3, @ANYRES64=r1], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000000)={0x2a, 0x0, 0x2}, 0xc)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYRES8=0x0], 0xc8)
ptrace(0x10, 0x1)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000340)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100fcffffff000000001e007f00000e0001006e6574643cd4045d501ef9d90f0002006e657464657673696d30000008003e00090000000c008f0000000000000000000c00900000000000000000"], 0x54}, 0x1, 0x0, 0x0, 0x4000081}, 0x10)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0xb0, r9, 0x20, 0x70bd25, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7635}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}]}, 0xb0}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x18, 0x3a, 0x0, @private2, @loopback, {[], @mld={0x82, 0x0, 0x0, 0x9, 0xc036, @remote}}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.360821609s ago: executing program 1 (id=3633):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

2.189643734s ago: executing program 1 (id=3634):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
chdir(0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x10)
r1 = socket(0x15, 0x5, 0x0)
getsockopt(r1, 0x200000000114, 0x2711, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
socket$nl_generic(0x10, 0x3, 0x10)

1.569789837s ago: executing program 1 (id=3635):
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000007c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4}, 0xe)
bind$pptp(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xfff7fffffffffff5}, 0x18)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000480)="abb6", 0x2}, {&(0x7f00000000c0)="c5", 0x1}], 0x2, 0x0, 0x0, 0x8810}], 0x1, 0x40)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r8, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', 0x0}}, 0x40)

1.532518008s ago: executing program 5 (id=3636):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000100)={&(0x7f000052b000/0x4000)=nil, 0x4000})
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRESOCT=0x0, @ANYRES32=r2], 0x48)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, &(0x7f00000000c0)=0x7fff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000080)={0x1, 0x0, @ioapic={0x4, 0x1, 0x3, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x1, 0x1, 0x7, '\x00', 0x3}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x3, 0x9, 0x0, '\x00', 0x4}, {0xa, 0x6, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0xc, '\x00', 0x3}, {0x9, 0x7, 0x81, '\x00', 0x9}, {0x0, 0x6, 0x4, '\x00', 0x9}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0x2, 0xb, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0x3, 0xfe, '\x00', 0x81}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xfe, 0x0, 0x6, '\x00', 0xfd}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x6, 0x7, 0x4, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x3, 0x3, 0x2, '\x00', 0x86}, {0x9, 0x3, 0xa, '\x00', 0x1}, {0x8a, 0x8e, 0x5, '\x00', 0x9}, {0x56, 0x1, 0x4, '\x00', 0x7f}]}})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/sockstat\x00')
read$FUSE(r6, &(0x7f0000000780)={0x2020}, 0x2020)

792.967568ms ago: executing program 2 (id=3637):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0xd, 0x4, &(0x7f0000000180)=@raw=[@map_idx_val={0x18, 0x8, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x8}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x4}], &(0x7f0000000240)='GPL\x00', 0x2, 0xf2, &(0x7f0000000440)=""/242, 0x0, 0x77, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0x9, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xa83, @void, @value}, 0x94)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
pread64(r3, &(0x7f0000000080)=""/75, 0x8e, 0x0)
memfd_secret(0x0)
r4 = socket$inet(0x2, 0x1, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000b0e0000000000000000800018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000030000007b8af8ff00000000bfa200000000000007020074041b8b67300700f8ffffffb703000008000000b704000000000000850000005400000095"], &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94)
setsockopt$inet_mreqn(r4, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc)
r6 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r6, &(0x7f0000001b80)=[{&(0x7f0000000a40)=""/65, 0x41}, {&(0x7f0000000080)=""/101, 0x65}], 0x2, 0x0, 0x0)

558.282698ms ago: executing program 1 (id=3638):
r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='\t'], 0x50)
syz_io_uring_setup(0x4ba6, &(0x7f0000000080)={0x0, 0x2005, 0x1000, 0x1, 0xbfdffff9}, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r2, 0x5408, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000280)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53dedc33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f600"})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES16=r0, @ANYRES32=0x0, @ANYRES64=r1, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x40880)
write$binfmt_aout(r2, &(0x7f0000000180)=ANY=[], 0xff2e)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r4}, 0x10)
pipe2$watch_queue(&(0x7f0000000000)={<r5=>0xffffffffffffffff}, 0x80)
syncfs(r5)
r6 = getpgid(0x0)
sched_setscheduler(r6, 0x3, &(0x7f0000000140)=0x5)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0x5)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000180)=0xdd)
ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f0000000100))
r8 = dup3(0xffffffffffffffff, r2, 0x0)
ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x17)

625.912µs ago: executing program 0 (id=3639):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYBLOB="019800000000000020001280080001006772650014000280080001", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=@newtfilter={0x64, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r5, {0xfff3, 0x9}, {}, {0x2, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_ACT={0x30, 0x1, [@m_ct={0x2c, 0x7, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x48c0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
r9 = socket$kcm(0x25, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff56, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
recvmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x20)
prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r8, 0x84, 0x7a, &(0x7f0000000340)={r10, @in6={{0xa, 0x0, 0x1, @local, 0x4}}}, &(0x7f0000000040)=0x84)

0s ago: executing program 5 (id=3640):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000100)={&(0x7f000052b000/0x4000)=nil, 0x4000})
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRES32=r2], 0x48)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$USBDEVFS_DISCARDURB(0xffffffffffffffff, 0x550b, &(0x7f00000000c0)=0x7fff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000080)={0x1, 0x0, @ioapic={0x4, 0x1, 0x3, 0x2, 0x0, [{0xf, 0x0, 0x0, '\x00', 0xe}, {0x5, 0x0, 0x0, '\x00', 0xfc}, {0x1, 0x1, 0x7, '\x00', 0x3}, {0xfa, 0x8, 0x5, '\x00', 0xa0}, {0x3, 0x9, 0x0, '\x00', 0x4}, {0xa, 0x6, 0x5}, {0xb8, 0xda, 0xd, '\x00', 0x59}, {0xb, 0x1, 0xc, '\x00', 0x3}, {0x9, 0x7, 0x81, '\x00', 0x9}, {0x0, 0x6, 0x4, '\x00', 0x9}, {0xfe, 0x5, 0xd, '\x00', 0xa}, {0x2, 0xb, 0x45, '\x00', 0xc2}, {0xd2, 0xab, 0x8, '\x00', 0x3}, {0x1, 0x3, 0xfe, '\x00', 0x81}, {0x5, 0xfb, 0x1, '\x00', 0x2}, {0xfe, 0x0, 0x6, '\x00', 0xfd}, {0x1b, 0x9, 0x7, '\x00', 0x4}, {0x6, 0x7, 0x4, '\x00', 0x9}, {0xab, 0xef, 0x40, '\x00', 0x6}, {0x8, 0x10, 0x80}, {0x3, 0x3, 0x2, '\x00', 0x86}, {0x9, 0x3, 0xa, '\x00', 0x1}, {0x8a, 0x8e, 0x5, '\x00', 0x9}, {0x56, 0x1, 0x4, '\x00', 0x7f}]}})
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/sockstat\x00')
read$FUSE(r6, &(0x7f0000000780)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

07.595790][T18950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1007.625026][T18950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1007.830929][T13500] mac80211_hwsim hwsim10 wlan0 (unregistering): left allmulticast mode
[ 1007.854427][T13500] mac80211_hwsim hwsim10 wlan0 (unregistering): left promiscuous mode
[ 1008.384182][T19112] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=55 sclass=netlink_xfrm_socket pid=19112 comm=syz.1.2997
[ 1008.484706][T19110] (syz.1.2997,19110,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1008.493596][T19110] (syz.1.2997,19110,1):ocfs2_fill_super:1177 ERROR: status = -22
[ 1008.562080][   T30] audit: type=1400 audit(1747108744.091:2148): avc:  denied  { watch watch_reads } for  pid=19109 comm="syz.1.2997" path="/589" dev="tmpfs" ino=3147 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1009.600329][ T5822] Bluetooth: hci1: command 0x0405 tx timeout
[ 1009.778653][T19131] fuse: Bad value for 'fd'
[ 1009.784445][T18950] team0: Port device team_slave_0 added
[ 1009.901367][T13500] hsr_slave_0: left promiscuous mode
[ 1009.922658][T13500] batman_adv: batadv0: Removing interface: macvtap0
[ 1010.011520][T13500] veth1_macvtap: left promiscuous mode
[ 1010.038244][ T5909] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1010.207505][ T5909] usb 6-1: Using ep0 maxpacket: 32
[ 1010.275766][ T5909] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1010.292689][   T30] audit: type=1400 audit(1747108745.831:2149): avc:  denied  { read write } for  pid=19139 comm="syz.0.3004" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1010.328054][   T30] audit: type=1400 audit(1747108745.831:2150): avc:  denied  { open } for  pid=19139 comm="syz.0.3004" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1010.353650][ T5909] usb 6-1: New USB device found, idVendor=04cb, idProduct=013f, bcdDevice=45.a3
[ 1010.366094][ T5909] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1010.375614][ T5909] usb 6-1: Product: syz
[ 1010.380416][ T5909] usb 6-1: Manufacturer: syz
[ 1010.385016][ T5909] usb 6-1: SerialNumber: syz
[ 1010.395389][ T5909] usb 6-1: config 0 descriptor??
[ 1010.410623][ T5909] gspca_main: finepix-2.14.0 probing 04cb:013f
[ 1010.692218][   T30] audit: type=1400 audit(1747108746.231:2151): avc:  denied  { mount } for  pid=19132 comm="syz.5.3001" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 1011.742748][T19158] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3007'.
[ 1012.197989][   T10] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1012.382478][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1012.394450][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1012.404163][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1012.421608][   T10] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1012.432593][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.448084][   T10] usb 3-1: config 0 descriptor??
[ 1012.472152][   T10] hdpvr 3-1:0.0: Could not find bulk-in endpoint
[ 1012.483691][   T10] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[ 1012.668938][T19165] fuse: Bad value for 'fd'
[ 1012.913285][T18950] team0: Port device team_slave_1 added
[ 1013.582170][    T9] usb 6-1: USB disconnect, device number 15
[ 1013.745080][T18950] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1013.788009][   T30] audit: type=1400 audit(1747108749.321:2152): avc:  denied  { execute_no_trans } for  pid=19173 comm="syz.1.3014" path="/593/file1" dev="tmpfs" ino=3175 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1013.817645][T18950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1013.994166][T18950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1014.231045][T18950] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1014.254463][T18950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1014.322993][T18950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1014.324150][T19183] Invalid option length (0) for dns_resolver key
[ 1014.384313][   T30] audit: type=1400 audit(1747108749.921:2153): avc:  denied  { append } for  pid=19182 comm="syz.5.3015" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1014.478062][   T30] audit: type=1400 audit(1747108749.921:2154): avc:  denied  { setopt } for  pid=19182 comm="syz.5.3015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1014.522029][T18950] hsr_slave_0: entered promiscuous mode
[ 1014.529227][T18950] hsr_slave_1: entered promiscuous mode
[ 1014.542167][T18950] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1014.551485][T18950] Cannot create hsr debugfs directory
[ 1014.642083][T13500] IPVS: stop unused estimator thread 0...
[ 1014.785302][T16923] usb 3-1: USB disconnect, device number 64
[ 1014.819537][T19191] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1014.825995][T19191] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1015.851900][T19213] fuse: Bad value for 'fd'
[ 1017.466136][T19232] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3026'.
[ 1018.185394][T19235] lo speed is unknown, defaulting to 1000
[ 1020.092512][T19264] fuse: Invalid rootmode
[ 1020.582493][   T30] audit: type=1400 audit(1747108755.771:2155): avc:  denied  { name_bind } for  pid=19259 comm="syz.1.3032" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[ 1021.138934][T19276] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3034'.
[ 1021.155343][T18950] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1021.905438][T18950] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1021.927368][T18950] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1021.946809][T18950] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1022.070801][T18950] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1022.110056][T18950] 8021q: adding VLAN 0 to HW filter on device team0
[ 1022.122544][T19281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3035'.
[ 1022.139348][T15569] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1022.146452][T15569] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1022.199894][ T1002] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1022.206971][ T1002] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1022.836636][T18950] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1023.575240][T18950] veth0_vlan: entered promiscuous mode
[ 1023.592629][T18950] veth1_vlan: entered promiscuous mode
[ 1023.660296][ T5909] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[ 1023.668994][T18950] veth0_macvtap: entered promiscuous mode
[ 1023.703676][T19328] fuse: Invalid rootmode
[ 1023.724915][T18950] veth1_macvtap: entered promiscuous mode
[ 1023.773944][T18950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1023.807969][T18950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1023.830329][ T5909] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1023.840613][T18950] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1023.854854][ T5909] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1023.856688][T18950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1023.997031][T19336] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3045'.
[ 1024.052421][T19337] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3045'.
[ 1024.373977][ T5909] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1024.412182][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.416154][T18950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1024.451542][T18950] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1024.523769][T18950] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.544044][T18950] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.573006][T18950] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.595446][T18950] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1024.988612][ T5909] usb 3-1: usb_control_msg returned -32
[ 1024.994238][ T5909] usbtmc 3-1:16.0: can't read capabilities
[ 1025.006220][T19348] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3048'.
[ 1025.548343][   T30] audit: type=1400 audit(1747108761.081:2156): avc:  denied  { setopt } for  pid=19351 comm="syz.1.3049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1025.946794][T19365] sd 0:0:1:0: device reset
[ 1026.841107][   T30] audit: type=1400 audit(1747108761.081:2157): avc:  denied  { write } for  pid=19351 comm="syz.1.3049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1026.860496][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1027.021110][T13502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1027.029865][T15570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1027.036863][   T30] audit: type=1400 audit(1747108762.441:2158): avc:  denied  { listen } for  pid=19354 comm="syz.5.3050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1027.051237][T13502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1027.058024][T15570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1027.328470][ T5900] usb 3-1: USB disconnect, device number 65
[ 1027.514803][T19371] fuse: Invalid rootmode
[ 1027.532273][   T30] audit: type=1400 audit(1747108763.071:2159): avc:  denied  { create } for  pid=19370 comm="syz.2.3052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1027.580275][   T30] audit: type=1400 audit(1747108763.071:2160): avc:  denied  { write } for  pid=19370 comm="syz.2.3052" path="socket:[61432]" dev="sockfs" ino=61432 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1028.415325][   T30] audit: type=1326 audit(1747108763.951:2161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19387 comm="syz.4.3057" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18fef8e969 code=0x0
[ 1029.019226][T19399] FAULT_INJECTION: forcing a failure.
[ 1029.019226][T19399] name failslab, interval 1, probability 0, space 0, times 0
[ 1029.068893][T19399] CPU: 0 UID: 0 PID: 19399 Comm: syz.2.3060 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1029.068919][T19399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1029.068929][T19399] Call Trace:
[ 1029.068936][T19399]  <TASK>
[ 1029.068943][T19399]  dump_stack_lvl+0x16c/0x1f0
[ 1029.068976][T19399]  should_fail_ex+0x512/0x640
[ 1029.069000][T19399]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1029.069019][T19399]  should_failslab+0xc2/0x120
[ 1029.069039][T19399]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1029.069055][T19399]  ? __alloc_skb+0x2b2/0x380
[ 1029.069077][T19399]  __alloc_skb+0x2b2/0x380
[ 1029.069095][T19399]  ? __pfx___alloc_skb+0x10/0x10
[ 1029.069112][T19399]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1029.069135][T19399]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1029.069164][T19399]  netlink_alloc_large_skb+0x69/0x130
[ 1029.069189][T19399]  netlink_sendmsg+0x6a1/0xdd0
[ 1029.069215][T19399]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1029.069246][T19399]  ____sys_sendmsg+0xa98/0xc70
[ 1029.069269][T19399]  ? copy_msghdr_from_user+0x10a/0x160
[ 1029.069288][T19399]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1029.069323][T19399]  ___sys_sendmsg+0x134/0x1d0
[ 1029.069343][T19399]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1029.069391][T19399]  __sys_sendmsg+0x16d/0x220
[ 1029.069410][T19399]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1029.069434][T19399]  ? rcu_is_watching+0x12/0xc0
[ 1029.069461][T19399]  do_syscall_64+0xcd/0x260
[ 1029.069486][T19399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1029.069504][T19399] RIP: 0033:0x7f6ce898e969
[ 1029.069520][T19399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1029.069537][T19399] RSP: 002b:00007f6ce974e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1029.069554][T19399] RAX: ffffffffffffffda RBX: 00007f6ce8bb5fa0 RCX: 00007f6ce898e969
[ 1029.069565][T19399] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005
[ 1029.069576][T19399] RBP: 00007f6ce974e090 R08: 0000000000000000 R09: 0000000000000000
[ 1029.069587][T19399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1029.069597][T19399] R13: 0000000000000000 R14: 00007f6ce8bb5fa0 R15: 00007ffc1970c778
[ 1029.069621][T19399]  </TASK>
[ 1029.633592][   T30] audit: type=1400 audit(1747108765.151:2162): avc:  denied  { ioctl } for  pid=19400 comm="syz.0.3061" path="socket:[60363]" dev="sockfs" ino=60363 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1029.976167][   T30] audit: type=1400 audit(1747108765.151:2163): avc:  denied  { bind } for  pid=19400 comm="syz.0.3061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1030.861135][T19415] fuse: Bad value for 'rootmode'
[ 1031.080141][ T5822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1031.141873][ T5822] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1031.154668][ T5822] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1031.185097][ T5822] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1031.196675][ T5822] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1032.111529][T19427] syz.2.3068 (19427): drop_caches: 2
[ 1032.132301][T19427] syz.2.3068 (19427): drop_caches: 2
[ 1032.243419][T19424] lo speed is unknown, defaulting to 1000
[ 1032.288235][   T10] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1032.359202][   T30] audit: type=1400 audit(1747108767.901:2164): avc:  denied  { listen } for  pid=19417 comm="syz.5.3066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1032.395730][T13500] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1032.478170][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1032.487854][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1032.690525][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1032.701487][   T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1032.755023][T19451] FAULT_INJECTION: forcing a failure.
[ 1032.755023][T19451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1032.778131][T19451] CPU: 1 UID: 0 PID: 19451 Comm: syz.0.3072 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1032.778157][T19451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1032.778168][T19451] Call Trace:
[ 1032.778174][T19451]  <TASK>
[ 1032.778181][T19451]  dump_stack_lvl+0x16c/0x1f0
[ 1032.778210][T19451]  should_fail_ex+0x512/0x640
[ 1032.778237][T19451]  _copy_to_user+0x32/0xd0
[ 1032.778264][T19451]  simple_read_from_buffer+0xcb/0x170
[ 1032.778292][T19451]  proc_fail_nth_read+0x197/0x270
[ 1032.778319][T19451]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1032.778346][T19451]  ? rw_verify_area+0xcf/0x680
[ 1032.778365][T19451]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1032.778386][T19451]  vfs_read+0x1de/0xc70
[ 1032.778415][T19451]  ? __pfx___mutex_lock+0x10/0x10
[ 1032.778440][T19451]  ? __pfx_vfs_read+0x10/0x10
[ 1032.778472][T19451]  ? __fget_files+0x20e/0x3c0
[ 1032.778496][T19451]  ksys_read+0x12a/0x240
[ 1032.778519][T19451]  ? __pfx_ksys_read+0x10/0x10
[ 1032.778541][T19451]  ? rcu_is_watching+0x12/0xc0
[ 1032.778569][T19451]  do_syscall_64+0xcd/0x260
[ 1032.778594][T19451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1032.778612][T19451] RIP: 0033:0x7fdc24d8d37c
[ 1032.778626][T19451] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1032.778642][T19451] RSP: 002b:00007fdc25c88030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1032.778658][T19451] RAX: ffffffffffffffda RBX: 00007fdc24fb6080 RCX: 00007fdc24d8d37c
[ 1032.778669][T19451] RDX: 000000000000000f RSI: 00007fdc25c880a0 RDI: 0000000000000007
[ 1032.778679][T19451] RBP: 00007fdc25c88090 R08: 0000000000000000 R09: 0000000000000000
[ 1032.778689][T19451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1032.778706][T19451] R13: 0000000000000000 R14: 00007fdc24fb6080 R15: 00007ffeb3e1a6a8
[ 1032.778729][T19451]  </TASK>
[ 1032.779281][   T10] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1033.042753][   T30] audit: type=1400 audit(1747108768.561:2165): avc:  denied  { unmount } for  pid=17675 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1033.123982][T13500] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1033.560101][ T5822] Bluetooth: hci0: command tx timeout
[ 1033.911171][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1033.950370][   T10] usb 5-1: config 0 descriptor??
[ 1033.996424][T19456] IPv6: Can't replace route, no match found
[ 1034.191129][T19468] fuse: Bad value for 'rootmode'
[ 1034.196164][   T10] hdpvr 5-1:0.0: unexpected answer of status request, len -32
[ 1034.221822][   T10] hdpvr 5-1:0.0: device init failed
[ 1034.250130][T19472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1034.348032][   T10] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[ 1034.425313][T13500] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1034.437563][T19469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1034.579164][T19469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1034.919355][T13500] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1035.146989][   T30] audit: type=1400 audit(1747108770.681:2166): avc:  denied  { watch watch_reads } for  pid=19503 comm="syz.2.3080" path="pipe:[3618]" dev="pipefs" ino=3618 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1035.170937][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1035.246664][   T30] audit: type=1400 audit(1747108770.721:2167): avc:  denied  { create } for  pid=19503 comm="syz.2.3080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[ 1035.285925][T13500] batadv0: left allmulticast mode
[ 1035.326433][T13500] batadv0: left promiscuous mode
[ 1035.340379][T13500] bridge0: port 2(batadv0) entered disabled state
[ 1035.384094][T13500] batadv1: left promiscuous mode
[ 1035.397829][T13500] bridge0: port 1(batadv1) entered disabled state
[ 1035.427449][   T30] audit: type=1400 audit(1747108770.961:2168): avc:  denied  { setopt } for  pid=19512 comm="syz.0.3084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1035.460525][T19509] syz.5.3082 (19509): drop_caches: 2
[ 1035.467610][   T30] audit: type=1400 audit(1747108770.961:2169): avc:  denied  { bind } for  pid=19512 comm="syz.0.3084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1035.502764][T19509] syz.5.3082 (19509): drop_caches: 2
[ 1035.617576][ T5822] Bluetooth: hci0: command tx timeout
[ 1036.640072][ T5909] usb 5-1: USB disconnect, device number 66
[ 1036.678078][   T30] audit: type=1400 audit(1747108770.961:2170): avc:  denied  { write } for  pid=19512 comm="syz.0.3084" path="socket:[61640]" dev="sockfs" ino=61640 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1036.980068][T19525] fuse: Bad value for 'rootmode'
[ 1037.171275][T19529] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1037.177648][T19529] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1037.689480][ T5822] Bluetooth: hci0: command tx timeout
[ 1038.113532][T13500] dvmrp0 (unregistering): left allmulticast mode
[ 1038.228471][T13500] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1038.251423][T13500] bond0 (unregistering): (slave bridge0): the permanent HWaddr of slave - aa:aa:aa:aa:aa:0c - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1038.278902][T13500] bridge0 (unregistering): left allmulticast mode
[ 1038.325989][T19545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3092'.
[ 1038.790384][T13500] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1038.790448][T19553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3095'.
[ 1038.810447][T19553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3095'.
[ 1038.810839][T13500] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[ 1038.819434][T19553] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3095'.
[ 1038.842789][T13500] bond0 (unregistering): Released all slaves
[ 1038.864678][T13500] bond1 (unregistering): Released all slaves
[ 1038.962942][T19424] chnl_net:caif_netlink_parms(): no params data found
[ 1039.008282][T19555] netlink: 'syz.2.3096': attribute type 4 has an invalid length.
[ 1039.057976][ T5895] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[ 1039.253942][T19557] netlink: 'syz.2.3096': attribute type 4 has an invalid length.
[ 1040.270203][ T5822] Bluetooth: hci0: command tx timeout
[ 1040.333063][ T5895] usb 5-1: config 0 has an invalid interface number: 121 but max is 0
[ 1040.353835][   T30] audit: type=1326 audit(1747108775.011:2171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19558 comm="syz.5.3097" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa72f18e969 code=0x0
[ 1040.380097][ T5895] usb 5-1: config 0 has no interface number 0
[ 1040.389237][ T5895] usb 5-1: config 0 interface 121 has no altsetting 0
[ 1040.416596][ T5895] usb 5-1: New USB device found, idVendor=04dd, idProduct=8007, bcdDevice=30.4b
[ 1040.463389][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1040.491953][ T5895] usb 5-1: Product: syz
[ 1040.505254][ T5895] usb 5-1: Manufacturer: syz
[ 1040.522489][ T5895] usb 5-1: SerialNumber: syz
[ 1040.565737][ T5895] usb 5-1: config 0 descriptor??
[ 1040.675466][T19424] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1040.693985][T19424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1040.724127][T19424] bridge_slave_0: entered allmulticast mode
[ 1040.756900][T19424] bridge_slave_0: entered promiscuous mode
[ 1040.815641][ T5895] usb 5-1: unsupported MDLM descriptors
[ 1040.835862][T19424] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1040.866932][ T5895] usb 5-1: USB disconnect, device number 67
[ 1040.893257][T19424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1040.914486][T19424] bridge_slave_1: entered allmulticast mode
[ 1040.967399][T19424] bridge_slave_1: entered promiscuous mode
[ 1041.052446][T13500] hsr_slave_0: left promiscuous mode
[ 1041.062989][T13500] hsr_slave_1: left promiscuous mode
[ 1041.092326][T13500] veth1_macvtap: left promiscuous mode
[ 1041.113619][T13500] veth0_macvtap: left allmulticast mode
[ 1041.122814][T13500] veth0_macvtap: left promiscuous mode
[ 1041.133231][T13500] veth1_vlan: left promiscuous mode
[ 1041.143103][T13500] veth0_vlan: left promiscuous mode
[ 1041.355297][T19591] input: syz1 as /devices/virtual/input/input49
[ 1042.048049][   T10] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1042.197962][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1042.205851][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1042.219638][   T10] usb 6-1: New USB device found, idVendor=04cb, idProduct=013f, bcdDevice=45.a3
[ 1042.239772][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1042.247771][   T10] usb 6-1: Product: syz
[ 1042.262158][   T10] usb 6-1: Manufacturer: syz
[ 1042.276866][   T10] usb 6-1: SerialNumber: syz
[ 1042.285637][   T10] usb 6-1: config 0 descriptor??
[ 1042.312966][   T10] gspca_main: finepix-2.14.0 probing 04cb:013f
[ 1042.797212][T19591] syz.5.3101: attempt to access beyond end of device
[ 1042.797212][T19591] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0
[ 1042.810243][T19591] syz.5.3101: attempt to access beyond end of device
[ 1042.810243][T19591] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0
[ 1042.823161][T19591] Mount JFS Failure: -5
[ 1042.832430][   T10] usb 6-1: USB disconnect, device number 16
[ 1043.658045][T19615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1043.791933][T19424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1043.876611][T19616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1043.937350][T19613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1043.958346][ T5895] lo speed is unknown, defaulting to 1000
[ 1044.248568][ T5895] infiniband syz2: ib_query_port failed (-19)
[ 1044.271434][T19424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1044.446622][T19628] audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=64
[ 1044.447077][T19627] netlink: 'syz.4.3107': attribute type 11 has an invalid length.
[ 1044.462489][T19628] audit: out of memory in audit_log_start
[ 1044.548474][T19627] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3107'.
[ 1044.713640][T19624] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1044.714866][T19424] team0: Port device team_slave_0 added
[ 1044.782050][T19424] team0: Port device team_slave_1 added
[ 1045.865708][T19645] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3112'.
[ 1046.991334][T19645] vcan0: entered promiscuous mode
[ 1046.996756][T19645] vcan0: entered allmulticast mode
[ 1047.012440][T19424] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1047.028411][T19424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.226927][T19424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1047.249296][T19424] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1047.256243][T19424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1047.300176][T19424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1047.371910][ T5909] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1047.375968][T13500] IPVS: stop unused estimator thread 0...
[ 1047.498260][T19424] hsr_slave_0: entered promiscuous mode
[ 1047.519300][T19424] hsr_slave_1: entered promiscuous mode
[ 1047.556592][T19424] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1047.722240][ T5909] usb 5-1: config index 0 descriptor too short (expected 26898, got 18)
[ 1047.730696][T19424] Cannot create hsr debugfs directory
[ 1047.810634][ T5909] usb 5-1: config 221 has too many interfaces: 237, using maximum allowed: 32
[ 1047.846622][ T5909] usb 5-1: config 221 has an invalid descriptor of length 25, skipping remainder of the config
[ 1047.877653][ T5909] usb 5-1: config 221 has 0 interfaces, different from the descriptor's value: 237
[ 1047.901541][ T5909] usb 5-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=de.7f
[ 1047.917910][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1047.935535][ T5909] usb 5-1: Product: syz
[ 1047.941753][ T5909] usb 5-1: Manufacturer: syz
[ 1047.946358][ T5909] usb 5-1: SerialNumber: syz
[ 1048.455998][T19678] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3121'.
[ 1049.068017][ T5909] usb 5-1: USB disconnect, device number 68
[ 1049.236442][   T30] audit: type=1400 audit(1747108784.761:2172): avc:  denied  { listen } for  pid=19704 comm="syz.5.3125" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1049.366343][T19708] FAULT_INJECTION: forcing a failure.
[ 1049.366343][T19708] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1049.417102][T19708] CPU: 0 UID: 0 PID: 19708 Comm: syz.4.3126 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1049.417119][T19708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1049.417125][T19708] Call Trace:
[ 1049.417130][T19708]  <TASK>
[ 1049.417134][T19708]  dump_stack_lvl+0x16c/0x1f0
[ 1049.417154][T19708]  should_fail_ex+0x512/0x640
[ 1049.417171][T19708]  _copy_to_user+0x32/0xd0
[ 1049.417187][T19708]  simple_read_from_buffer+0xcb/0x170
[ 1049.417205][T19708]  proc_fail_nth_read+0x197/0x270
[ 1049.417222][T19708]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1049.417239][T19708]  ? rw_verify_area+0xcf/0x680
[ 1049.417253][T19708]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1049.417269][T19708]  vfs_read+0x1de/0xc70
[ 1049.417286][T19708]  ? __pfx___mutex_lock+0x10/0x10
[ 1049.417302][T19708]  ? __pfx_vfs_read+0x10/0x10
[ 1049.417321][T19708]  ? __fget_files+0x20e/0x3c0
[ 1049.417334][T19708]  ksys_read+0x12a/0x240
[ 1049.417349][T19708]  ? __pfx_ksys_read+0x10/0x10
[ 1049.417369][T19708]  do_syscall_64+0xcd/0x260
[ 1049.417385][T19708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1049.417396][T19708] RIP: 0033:0x7f18fef8d37c
[ 1049.417405][T19708] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1049.417415][T19708] RSP: 002b:00007f18ffe87030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1049.417425][T19708] RAX: ffffffffffffffda RBX: 00007f18ff1b5fa0 RCX: 00007f18fef8d37c
[ 1049.417432][T19708] RDX: 000000000000000f RSI: 00007f18ffe870a0 RDI: 0000000000000004
[ 1049.417438][T19708] RBP: 00007f18ffe87090 R08: 0000000000000000 R09: 0000000000000000
[ 1049.417444][T19708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1049.417451][T19708] R13: 0000000000000000 R14: 00007f18ff1b5fa0 R15: 00007fff4cdac548
[ 1049.417464][T19708]  </TASK>
[ 1049.621569][T19424] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1049.720801][T19424] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1049.848336][T19720] netlink: 'syz.5.3127': attribute type 4 has an invalid length.
[ 1050.007920][T19702] IPv6: Can't replace route, no match found
[ 1050.294492][T19726] netlink: 'syz.5.3127': attribute type 4 has an invalid length.
[ 1050.407929][T19424] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1050.469591][T19424] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1050.664888][T19424] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1050.696310][T19424] 8021q: adding VLAN 0 to HW filter on device team0
[ 1050.719462][ T2965] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1050.726522][ T2965] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1050.740821][ T2965] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1050.747915][ T2965] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1050.784821][T19424] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1050.805240][T19424] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1051.958235][ T5895] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[ 1052.269220][ T5895] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1052.277227][ T5895] usb 6-1: config 0 has no interface number 0
[ 1052.286526][ T5895] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1052.307684][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1052.737443][ T5895] usb 6-1: config 0 descriptor??
[ 1052.751291][ T5895] usb 6-1: selecting invalid altsetting 1
[ 1052.757123][ T5895] dvb_ttusb_budget: ttusb_init_controller: error
[ 1052.946298][ T5895] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1053.231192][T19424] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1053.413871][ T5895] DVB: Unable to find symbol cx22700_attach()
[ 1053.442844][ T5895] DVB: Unable to find symbol tda10046_attach()
[ 1053.454495][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1053.463643][T19771] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1053.491666][ T5895] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1053.542363][T19424] veth0_vlan: entered promiscuous mode
[ 1053.556432][ T5895] usb 6-1: USB disconnect, device number 17
[ 1053.585830][T19424] veth1_vlan: entered promiscuous mode
[ 1053.682002][T19424] veth0_macvtap: entered promiscuous mode
[ 1053.703049][T19424] veth1_macvtap: entered promiscuous mode
[ 1053.735937][T19424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1053.774541][T19424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1053.814160][T19424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1053.840557][T19424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1053.859250][T19424] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1053.909094][T19424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1053.948052][T19424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1053.959640][T19424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1053.970622][T19424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1053.982069][T19424] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1053.992836][T19424] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.001722][T19424] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.011540][T19424] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.241194][T19424] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1054.494275][T15570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1054.522763][T15570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1054.961060][T15569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1055.054824][T15569] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1055.654118][T19813] FAULT_INJECTION: forcing a failure.
[ 1055.654118][T19813] name failslab, interval 1, probability 0, space 0, times 0
[ 1055.667242][T19813] CPU: 0 UID: 0 PID: 19813 Comm: syz.1.3059 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1055.667268][T19813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1055.667279][T19813] Call Trace:
[ 1055.667286][T19813]  <TASK>
[ 1055.667294][T19813]  dump_stack_lvl+0x16c/0x1f0
[ 1055.667323][T19813]  should_fail_ex+0x512/0x640
[ 1055.667350][T19813]  ? io_cqring_event_overflow+0xcb/0x6f0
[ 1055.667374][T19813]  should_failslab+0xc2/0x120
[ 1055.667392][T19813]  __kmalloc_noprof+0xd2/0x510
[ 1055.667417][T19813]  io_cqring_event_overflow+0xcb/0x6f0
[ 1055.667445][T19813]  io_req_cqe_overflow+0x101/0x1e0
[ 1055.667472][T19813]  __io_submit_flush_completions+0x94a/0x1750
[ 1055.667499][T19813]  io_submit_sqes+0x9e2/0x25d0
[ 1055.667535][T19813]  __do_sys_io_uring_enter+0xd6a/0x1630
[ 1055.667560][T19813]  ? __fget_files+0x20e/0x3c0
[ 1055.667576][T19813]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1055.667601][T19813]  ? fput+0x70/0xf0
[ 1055.667620][T19813]  ? ksys_write+0x1b9/0x240
[ 1055.667652][T19813]  ? __pfx_ksys_write+0x10/0x10
[ 1055.667677][T19813]  ? rcu_is_watching+0x12/0xc0
[ 1055.667705][T19813]  do_syscall_64+0xcd/0x260
[ 1055.667733][T19813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1055.667751][T19813] RIP: 0033:0x7f3720b8e969
[ 1055.667766][T19813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1055.667783][T19813] RSP: 002b:00007f3721a50038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1055.667801][T19813] RAX: ffffffffffffffda RBX: 00007f3720db5fa0 RCX: 00007f3720b8e969
[ 1055.667813][T19813] RDX: 0000000000000000 RSI: 0000000000002d3e RDI: 0000000000000003
[ 1055.667824][T19813] RBP: 00007f3721a50090 R08: 0000000000000000 R09: 0000000000000000
[ 1055.667835][T19813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1055.667845][T19813] R13: 0000000000000000 R14: 00007f3720db5fa0 R15: 00007ffdacea18f8
[ 1055.667873][T19813]  </TASK>
[ 1056.994186][T19828] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1057.003005][   T30] audit: type=1400 audit(1747108792.551:2173): avc:  denied  { mount } for  pid=19829 comm="syz.5.3149" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1057.075108][   T30] audit: type=1400 audit(1747108792.551:2174): avc:  denied  { map } for  pid=19829 comm="syz.5.3149" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1057.166605][   T30] audit: type=1400 audit(1747108792.551:2175): avc:  denied  { execute } for  pid=19829 comm="syz.5.3149" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1057.199173][ T5822] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1057.222018][ T5822] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1057.233971][ T5822] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1057.243249][ T5822] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1057.256200][ T5822] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1057.275403][ T2965] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1057.460517][ T2965] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1057.554295][   T30] audit: type=1326 audit(1747108793.091:2176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19840 comm="syz.4.3152" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18fef8e969 code=0x0
[ 1057.588722][ T2965] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1057.747248][ T2965] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1058.423653][T19832] chnl_net:caif_netlink_parms(): no params data found
[ 1059.536100][ T5822] Bluetooth: hci3: command tx timeout
[ 1059.793200][T19865] fuse: Unknown parameter 'fd0x000000000000000a'
[ 1060.317376][T19870] fuse: Bad value for 'user_id'
[ 1060.322316][T19870] fuse: Bad value for 'user_id'
[ 1060.960458][T19832] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.021389][T19832] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1061.050656][T19832] bridge_slave_0: entered allmulticast mode
[ 1061.069403][T19832] bridge_slave_0: entered promiscuous mode
[ 1061.075632][T19876] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1061.082956][T19832] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.113242][T19832] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1061.149198][T19878] kvm: emulating exchange as write
[ 1061.154527][T19832] bridge_slave_1: entered allmulticast mode
[ 1061.163513][T19832] bridge_slave_1: entered promiscuous mode
[ 1061.223083][ T2965] batman_adv: batadv0: Interface deactivated: ip6gretap1
[ 1061.413379][ T2965] batman_adv: batadv0: Removing interface: ip6gretap1
[ 1061.608233][ T5822] Bluetooth: hci3: command tx timeout
[ 1061.740751][T19880] Falling back ldisc for ttyS3.
[ 1061.786108][ T2965] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1062.037488][   T30] audit: type=1400 audit(1747108797.571:2177): avc:  denied  { ioctl } for  pid=19891 comm="syz.1.3164" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1062.110475][   T30] audit: type=1400 audit(1747108797.611:2178): avc:  denied  { override_creds } for  pid=19891 comm="syz.1.3164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1062.730440][   T30] audit: type=1326 audit(1747108798.261:2179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19905 comm="syz.4.3168" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18fef8e969 code=0x0
[ 1062.776864][T19907] netlink: 'syz.1.3166': attribute type 4 has an invalid length.
[ 1062.999541][T19917] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1063.005948][T19917] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1063.078146][T19919] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1063.468070][T19914] netlink: 'syz.1.3166': attribute type 4 has an invalid length.
[ 1063.549632][ T2965] bond0 (unregistering): Released all slaves
[ 1063.602444][ T2965] bond1 (unregistering): Released all slaves
[ 1063.689916][ T5822] Bluetooth: hci3: command tx timeout
[ 1063.978262][ T5909] usb 5-1: new full-speed USB device number 69 using dummy_hcd
[ 1064.152059][ T5909] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1064.175787][T19832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1064.185067][ T5909] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1064.203395][ T2965] : left promiscuous mode
[ 1064.270051][ T5909] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1064.273463][T19832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1064.292371][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1064.411678][   T30] audit: type=1400 audit(1747108799.951:2180): avc:  denied  { read write } for  pid=19931 comm="syz.0.3174" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 1064.436884][ T2965] tipc: Left network mode
[ 1064.476150][   T30] audit: type=1400 audit(1747108799.951:2181): avc:  denied  { open } for  pid=19931 comm="syz.0.3174" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 1064.517971][   T24] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1064.530835][T19832] team0: Port device team_slave_0 added
[ 1064.540863][T19832] team0: Port device team_slave_1 added
[ 1064.551000][ T5909] usb 5-1: usb_control_msg returned -32
[ 1064.563623][ T5909] usbtmc 5-1:16.0: can't read capabilities
[ 1064.678165][   T24] usb 6-1: Using ep0 maxpacket: 16
[ 1064.684912][T19832] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1064.711188][T19832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1064.743211][   T24] usb 6-1: config 252 has an invalid interface number: 15 but max is 0
[ 1064.757258][   T24] usb 6-1: config 252 has no interface number 0
[ 1064.763780][   T24] usb 6-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1064.778835][T19832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1064.816015][   T24] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[ 1064.826417][T19949] netlink: 'syz.0.3176': attribute type 39 has an invalid length.
[ 1064.836231][T19832] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1064.843379][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1064.851501][T19832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1064.878546][   T24] usb 6-1: Product: syz
[ 1064.882724][   T24] usb 6-1: Manufacturer: syz
[ 1064.887319][   T24] usb 6-1: SerialNumber: syz
[ 1064.927549][T19832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1065.763292][   T24] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1065.767937][ T5822] Bluetooth: hci3: command tx timeout
[ 1066.026360][ T2965] hsr_slave_0: left promiscuous mode
[ 1066.577442][ T2965] hsr_slave_1: left promiscuous mode
[ 1066.621586][ T2965] batman_adv: batadv0: Removing interface: macvtap0
[ 1066.731429][ T2965] veth1_macvtap: left promiscuous mode
[ 1066.748921][   T10] usb 5-1: USB disconnect, device number 69
[ 1066.765824][ T2965] veth1_vlan: left promiscuous mode
[ 1066.783647][T19961] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1066.790085][T19961] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1066.790164][ T2965] veth0_vlan: left promiscuous mode
[ 1066.854548][T19963] netlink: 'syz.1.3177': attribute type 1 has an invalid length.
[ 1066.891862][T15576] usb 6-1: Failed to submit usb control message: -110
[ 1066.911503][T15576] usb 6-1: unable to send the bmi data to the device: -110
[ 1066.932249][T15576] usb 6-1: unable to get target info from device
[ 1066.950516][T15576] usb 6-1: could not get target info (-110)
[ 1066.964694][T15576] usb 6-1: could not probe fw (-110)
[ 1068.202364][   T30] audit: type=1326 audit(1747108803.741:2182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19974 comm="syz.4.3180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18fef8e969 code=0x0
[ 1068.538565][ T5909] usb 6-1: USB disconnect, device number 18
[ 1068.633831][T19963] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1068.773068][T19832] hsr_slave_0: entered promiscuous mode
[ 1068.795774][T19832] hsr_slave_1: entered promiscuous mode
[ 1068.805279][T19832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1068.812367][T19981] netlink: 60 bytes leftover after parsing attributes in process `syz.5.3182'.
[ 1068.814015][T19832] Cannot create hsr debugfs directory
[ 1069.091518][T19992] netlink: 'syz.5.3182': attribute type 4 has an invalid length.
[ 1069.261127][   T30] audit: type=1400 audit(1747108804.681:2183): avc:  denied  { connect } for  pid=19982 comm="syz.0.3183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1070.203469][T20006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.307949][T20006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.554660][T20002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1070.823437][T20019] netlink: 'syz.5.3186': attribute type 4 has an invalid length.
[ 1071.015704][ T2965] IPVS: stop unused estimator thread 0...
[ 1071.035643][T20019] netlink: 'syz.5.3186': attribute type 4 has an invalid length.
[ 1072.297930][T20039] nbd4: detected capacity change from 0 to 4294967296
[ 1072.657652][T20044] syz.5.3193: attempt to access beyond end of device
[ 1072.657652][T20044] nbd5: rw=0, sector=2, nr_sectors = 1 limit=0
[ 1073.000708][   T30] audit: type=1400 audit(1747108808.531:2184): avc:  denied  { setopt } for  pid=20043 comm="syz.5.3193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1073.021783][ T5822] block nbd4: Receive control failed (result -104)
[ 1074.616299][T19832] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1074.684452][T19832] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1074.742688][T19832] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1074.803121][T19832] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1076.023516][T19832] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1076.105590][T19832] 8021q: adding VLAN 0 to HW filter on device team0
[ 1076.129945][T13500] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1076.137085][T13500] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1076.158428][T13500] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1076.165532][T13500] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1076.303675][T20093] fuse: Unknown parameter '00000000000000000003ÿÿ'
[ 1077.162518][T19832] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1077.229479][T19832] veth0_vlan: entered promiscuous mode
[ 1077.362882][T19832] veth1_vlan: entered promiscuous mode
[ 1077.405105][T20122] IPVS: set_ctl: invalid protocol: 92 0.0.0.0:20004
[ 1077.409310][T19832] veth0_macvtap: entered promiscuous mode
[ 1077.423495][T19832] veth1_macvtap: entered promiscuous mode
[ 1078.086504][T20105] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3203'.
[ 1078.116527][T19832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1078.146376][T19832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1078.156719][T19832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1078.174519][T19832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1078.189566][T19832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1078.206532][T19832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1078.532868][T19832] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1078.642264][T19832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1079.467302][T19832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1079.515686][T19832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1079.552489][T19832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1079.571214][T19832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1079.587945][T19832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1079.703474][T19832] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1079.902706][T19832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1079.939576][T19832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1079.983216][T19832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1080.008236][T19832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1080.070108][T20150] netlink: 'syz.5.3209': attribute type 4 has an invalid length.
[ 1081.254207][T20150] netlink: 'syz.5.3209': attribute type 4 has an invalid length.
[ 1081.299524][T20164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3210'.
[ 1081.566855][T15569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1082.307901][T15569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1082.526472][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1082.582968][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1085.891374][T20215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1085.901159][   T30] audit: type=1400 audit(1747108821.431:2185): avc:  denied  { getopt } for  pid=20214 comm="syz.5.3219" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1085.967746][   T30] audit: type=1400 audit(1747108821.431:2186): avc:  denied  { audit_write } for  pid=20214 comm="syz.5.3219" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1086.959537][T20225] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1087.068298][T20217] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3220'.
[ 1087.116145][T20224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1087.183674][T20224] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1087.357948][ T5865] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[ 1088.040198][ T5865] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1088.057878][ T5865] usb 6-1: config 0 has no interface number 0
[ 1088.063990][ T5865] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1088.082648][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1088.121589][ T5865] usb 6-1: config 0 descriptor??
[ 1088.149471][ T5865] usb 6-1: selecting invalid altsetting 1
[ 1088.156322][ T5865] dvb_ttusb_budget: ttusb_init_controller: error
[ 1088.167595][ T5865] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1089.141148][T16923] usb 2-1: new full-speed USB device number 50 using dummy_hcd
[ 1089.159368][ T5865] DVB: Unable to find symbol cx22700_attach()
[ 1089.218026][ T5865] DVB: Unable to find symbol tda10046_attach()
[ 1089.322531][T16923] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1089.419525][T16923] usb 2-1: config 0 has no interface number 0
[ 1089.788041][T16923] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1089.902956][T16923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1090.213558][ T5865] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1090.224129][ T5865] usb 6-1: USB disconnect, device number 19
[ 1090.267302][T16923] usb 2-1: config 0 descriptor??
[ 1090.304274][T16923] usb 2-1: selecting invalid altsetting 1
[ 1090.335232][T18951] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1090.346876][T18951] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1090.358039][T18951] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1090.372572][T16923] dvb_ttusb_budget: ttusb_init_controller: error
[ 1090.381740][T18951] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1090.382827][T16923] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1090.383751][T18951] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1090.485744][   T30] audit: type=1326 audit(1747108826.021:2187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20256 comm="syz.5.3230" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa72f18e969 code=0x0
[ 1090.962371][T16923] DVB: Unable to find symbol cx22700_attach()
[ 1090.986267][T16923] DVB: Unable to find symbol tda10046_attach()
[ 1090.986277][T16923] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1091.046082][T20270] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1091.884509][ T5900] usb 2-1: USB disconnect, device number 50
[ 1091.980135][T20285] (syz.0.3237,20285,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[ 1092.024106][T20254] chnl_net:caif_netlink_parms(): no params data found
[ 1092.044710][T20280] syz.2.3236 (20280): drop_caches: 2
[ 1092.055128][T20285] (syz.0.3237,20285,0):ocfs2_fill_super:1177 ERROR: status = -22
[ 1092.068570][T20280] syz.2.3236 (20280): drop_caches: 2
[ 1092.488179][T18951] Bluetooth: hci4: command tx timeout
[ 1092.827321][   T30] audit: type=1400 audit(1747108828.361:2188): avc:  denied  { write } for  pid=20295 comm="syz.2.3239" name="file0" dev="tmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1093.186200][   T30] audit: type=1400 audit(1747108828.401:2189): avc:  denied  { open } for  pid=20295 comm="syz.2.3239" path="/6/file0" dev="tmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1093.268486][   T30] audit: type=1400 audit(1747108828.541:2190): avc:  denied  { ioctl } for  pid=20295 comm="syz.2.3239" path="/6/file0" dev="tmpfs" ino=49 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1093.308082][T20254] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1093.336172][T20254] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1093.353967][T20254] bridge_slave_0: entered allmulticast mode
[ 1093.422605][T20254] bridge_slave_0: entered promiscuous mode
[ 1093.444130][T20254] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1093.459146][T20254] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1093.478994][T20254] bridge_slave_1: entered allmulticast mode
[ 1093.512894][T20254] bridge_slave_1: entered promiscuous mode
[ 1093.817247][T20254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1093.935991][T20254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1094.568707][T18951] Bluetooth: hci4: command tx timeout
[ 1096.113658][T20254] team0: Port device team_slave_0 added
[ 1096.224894][   T30] audit: type=1400 audit(1747108831.761:2191): avc:  denied  { map } for  pid=20319 comm="syz.0.3246" path="/dev/video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1096.986394][T18951] Bluetooth: hci4: command tx timeout
[ 1097.178059][   T30] audit: type=1400 audit(1747108831.791:2192): avc:  denied  { mounton } for  pid=20319 comm="syz.0.3246" path="/109/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[ 1097.202811][   T30] audit: type=1400 audit(1747108831.791:2193): avc:  denied  { watch } for  pid=20319 comm="syz.0.3246" path="/109/file0/file0" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[ 1097.227328][T20254] team0: Port device team_slave_1 added
[ 1097.422892][T20254] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1097.437881][T20254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1097.498019][T20254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1097.508032][T20330] syz.0.3248 (20330): drop_caches: 2
[ 1097.510303][T20254] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1097.519505][T20330] syz.0.3248 (20330): drop_caches: 2
[ 1097.521250][T20254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1097.565906][ T5895] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 1097.575223][T20254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1097.927917][ T5900] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1098.439448][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1098.573768][T20254] hsr_slave_0: entered promiscuous mode
[ 1099.226118][ T5895] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1099.236450][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1099.246418][ T5900] usb 6-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[ 1099.256794][ T5895] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1099.267543][ T5895] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1099.267689][ T5822] Bluetooth: hci4: command tx timeout
[ 1099.287881][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1099.296146][T20254] hsr_slave_1: entered promiscuous mode
[ 1099.298144][ T5895] usb 3-1: config 0 descriptor??
[ 1099.307957][ T5900] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1099.314777][T20254] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1099.317038][ T5900] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[ 1099.333595][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1099.345329][ T5900] usb 6-1: config 0 descriptor??
[ 1099.360846][T20254] Cannot create hsr debugfs directory
[ 1099.589695][ T5895] hdpvr 3-1:0.0: unexpected answer of status request, len 0
[ 1099.629205][ T5895] hdpvr 3-1:0.0: device init failed
[ 1099.701070][ T5895] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[ 1100.156983][T20254] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1100.215253][T20254] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1100.298473][T20254] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1100.369698][T20254] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1100.482163][T20254] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1101.188619][T20254] 8021q: adding VLAN 0 to HW filter on device team0
[ 1101.214063][T13502] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1101.221157][T13502] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1101.377049][T13502] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1101.384146][T13502] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1101.441494][ T5865] usb 3-1: USB disconnect, device number 66
[ 1101.758183][T20364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3256'.
[ 1101.888099][T20254] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1101.898477][ T5865] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[ 1102.071963][ T5865] usb 3-1: config 0 has no interfaces?
[ 1102.081460][ T5865] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1102.103130][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1102.140702][ T5865] usb 3-1: Product: syz
[ 1102.165131][ T5865] usb 3-1: Manufacturer: syz
[ 1102.190107][ T5865] usb 3-1: SerialNumber: syz
[ 1102.214669][ T5895] usb 6-1: USB disconnect, device number 20
[ 1102.275889][ T5865] usb 3-1: config 0 descriptor??
[ 1102.477398][T20381] FAULT_INJECTION: forcing a failure.
[ 1102.477398][T20381] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1102.491098][T20381] CPU: 1 UID: 0 PID: 20381 Comm: syz.0.3258 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1102.491128][T20381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1102.491139][T20381] Call Trace:
[ 1102.491145][T20381]  <TASK>
[ 1102.491152][T20381]  dump_stack_lvl+0x16c/0x1f0
[ 1102.491182][T20381]  should_fail_ex+0x512/0x640
[ 1102.491210][T20381]  _copy_to_iter+0x477/0x15a0
[ 1102.491244][T20381]  ? __pfx__copy_to_iter+0x10/0x10
[ 1102.491276][T20381]  ? proc_pid_personality+0x107/0x180
[ 1102.491308][T20381]  seq_read_iter+0x719/0x12c0
[ 1102.491347][T20381]  seq_read+0x39e/0x4e0
[ 1102.491374][T20381]  ? __pfx_seq_read+0x10/0x10
[ 1102.491406][T20381]  ? avc_policy_seqno+0x9/0x20
[ 1102.491430][T20381]  ? iov_iter_advance+0x1e3/0x6c0
[ 1102.491454][T20381]  ? rw_verify_area+0xcf/0x680
[ 1102.491479][T20381]  ? __pfx_seq_read+0x10/0x10
[ 1102.491503][T20381]  vfs_readv+0x6bf/0x8a0
[ 1102.491527][T20381]  ? preempt_schedule_common+0x44/0xc0
[ 1102.491557][T20381]  ? __pfx_vfs_readv+0x10/0x10
[ 1102.491581][T20381]  ? __mutex_lock+0x33e/0xb90
[ 1102.491612][T20381]  ? __pfx___mutex_lock+0x10/0x10
[ 1102.491644][T20381]  ? __fget_files+0x20e/0x3c0
[ 1102.491660][T20381]  ? __fget_files+0x1c0/0x3c0
[ 1102.491683][T20381]  ? do_readv+0x132/0x330
[ 1102.491705][T20381]  do_readv+0x132/0x330
[ 1102.491730][T20381]  ? __pfx_do_readv+0x10/0x10
[ 1102.491753][T20381]  ? rcu_is_watching+0x12/0xc0
[ 1102.491783][T20381]  do_syscall_64+0xcd/0x260
[ 1102.491811][T20381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.491830][T20381] RIP: 0033:0x7fdc24d8e969
[ 1102.491855][T20381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1102.491872][T20381] RSP: 002b:00007fdc25c88038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1102.491890][T20381] RAX: ffffffffffffffda RBX: 00007fdc24fb6080 RCX: 00007fdc24d8e969
[ 1102.491902][T20381] RDX: 0000000000000002 RSI: 0000200000001440 RDI: 0000000000000007
[ 1102.491913][T20381] RBP: 00007fdc25c88090 R08: 0000000000000000 R09: 0000000000000000
[ 1102.491924][T20381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1102.491934][T20381] R13: 0000000000000000 R14: 00007fdc24fb6080 R15: 00007ffeb3e1a6a8
[ 1102.491959][T20381]  </TASK>
[ 1102.719556][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1102.959777][T20380] syz.1.3260 (20380): drop_caches: 2
[ 1103.017733][T20380] syz.1.3260 (20380): drop_caches: 2
[ 1103.229303][T18580] block nbd4: Possible stuck request ffff888026330000: control (read@0,4096B). Runtime 30 seconds
[ 1103.346727][T20254] veth0_vlan: entered promiscuous mode
[ 1103.376469][T20254] veth1_vlan: entered promiscuous mode
[ 1103.501020][T20254] veth0_macvtap: entered promiscuous mode
[ 1103.510573][T20254] veth1_macvtap: entered promiscuous mode
[ 1103.512079][   T30] audit: type=1400 audit(1747108839.041:2194): avc:  denied  { write } for  pid=20387 comm="syz.0.3261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1103.524526][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1103.565975][ T5895] usb 3-1: USB disconnect, device number 67
[ 1104.445836][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1104.457606][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1104.468587][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1104.478417][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1104.507893][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1104.533157][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1104.858852][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1104.870186][ T5868] IPVS: starting estimator thread 0...
[ 1104.935405][T20254] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1104.977901][T20408] IPVS: using max 36 ests per chain, 86400 per kthread
[ 1105.000841][T20407] IPv6: Can't replace route, no match found
[ 1105.029166][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.067920][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.103477][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.210363][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.271586][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.294104][T20414] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1105.322917][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.409955][   T30] audit: type=1400 audit(1747108840.861:2195): avc:  denied  { remount } for  pid=20410 comm="syz.0.3265" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1105.457890][T20254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1105.477377][T20254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1105.980814][T20254] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1106.110116][T20254] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.242460][T20254] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.281686][T20254] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.317868][T20254] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.694568][T15569] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1107.203487][   T30] audit: type=1400 audit(1747108842.741:2196): avc:  denied  { create } for  pid=20431 comm="syz.5.3270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1107.387095][   T10] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1107.757903][T15569] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1107.813782][T19611] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1107.892926][T19611] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1107.962896][   T10] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[ 1107.987042][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1107.994901][T20438] syz.5.3271 (20438): drop_caches: 2
[ 1108.059970][   T10] usb 2-1: Product: syz
[ 1108.068209][T20438] syz.5.3271 (20438): drop_caches: 2
[ 1108.427462][   T10] usb 2-1: Manufacturer: syz
[ 1108.443082][   T10] usb 2-1: SerialNumber: syz
[ 1108.515232][   T10] usb 2-1: config 0 descriptor??
[ 1109.017379][   T10] usb-storage 2-1:0.0: USB Mass Storage device detected
[ 1109.320142][   T10] usb 2-1: USB disconnect, device number 51
[ 1111.228450][   T30] audit: type=1400 audit(1747108846.771:2197): avc:  denied  { bind } for  pid=20458 comm="syz.1.3274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1111.527023][T20472] fuse: Unknown parameter 'fd0x000000000000000a'
[ 1111.995418][T20472] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 1112.006433][T20472] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1112.013068][T20472] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1112.038782][T20472] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1113.193965][T20496] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1113.200347][T20496] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1115.024454][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.074922][T20505] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3285'.
[ 1115.075897][   T30] audit: type=1400 audit(1747108850.171:2198): avc:  denied  { map } for  pid=20503 comm="syz.6.3285" path="socket:[66905]" dev="sockfs" ino=66905 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1117.022124][   T30] audit: type=1400 audit(1747108852.511:2199): avc:  denied  { unmount } for  pid=20254 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 1117.127940][T18951] Bluetooth: hci2: command 0x0406 tx timeout
[ 1118.141726][T20534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.262304][T20534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.425624][T20529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1118.876668][T20548] fuse: Unknown parameter 'fd0x000000000000000a'
[ 1119.146087][T20545] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1119.152574][T20545] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1119.182334][T20548] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 1119.194328][T20548] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1119.201012][T20548] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1119.226809][T20548] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1123.999973][   T30] audit: type=1400 audit(1747108859.171:2200): avc:  denied  { setopt } for  pid=20576 comm="syz.5.3308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1124.202483][T20588] FAULT_INJECTION: forcing a failure.
[ 1124.202483][T20588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1124.219770][T20588] CPU: 1 UID: 0 PID: 20588 Comm: syz.5.3309 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1124.219795][T20588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1124.219805][T20588] Call Trace:
[ 1124.219811][T20588]  <TASK>
[ 1124.219819][T20588]  dump_stack_lvl+0x16c/0x1f0
[ 1124.219856][T20588]  should_fail_ex+0x512/0x640
[ 1124.219884][T20588]  _copy_from_user+0x2e/0xd0
[ 1124.219910][T20588]  __sys_bpf+0x21d/0x4d80
[ 1124.219936][T20588]  ? __pfx___sys_bpf+0x10/0x10
[ 1124.219958][T20588]  ? ksys_write+0x190/0x240
[ 1124.219989][T20588]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1124.220030][T20588]  ? fput+0x70/0xf0
[ 1124.220049][T20588]  ? ksys_write+0x1b9/0x240
[ 1124.220074][T20588]  ? __pfx_ksys_write+0x10/0x10
[ 1124.220097][T20588]  ? rcu_is_watching+0x12/0xc0
[ 1124.220121][T20588]  __x64_sys_bpf+0x78/0xc0
[ 1124.220143][T20588]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1124.220167][T20588]  do_syscall_64+0xcd/0x260
[ 1124.220193][T20588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1124.220210][T20588] RIP: 0033:0x7fa72f18e969
[ 1124.220224][T20588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1124.220242][T20588] RSP: 002b:00007fa73001e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1124.220258][T20588] RAX: ffffffffffffffda RBX: 00007fa72f3b5fa0 RCX: 00007fa72f18e969
[ 1124.220269][T20588] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 000000000000000a
[ 1124.220280][T20588] RBP: 00007fa73001e090 R08: 0000000000000000 R09: 0000000000000000
[ 1124.220290][T20588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1124.220301][T20588] R13: 0000000000000000 R14: 00007fa72f3b5fa0 R15: 00007fffb72f8b08
[ 1124.220324][T20588]  </TASK>
[ 1124.508222][ T5900] IPVS: starting estimator thread 0...
[ 1124.617909][T20596] IPVS: using max 38 ests per chain, 91200 per kthread
[ 1124.923764][T20602] fuse: Unknown parameter 'grou00000000000000000000'
[ 1125.191984][T20606] xt_socket: unknown flags 0xc
[ 1126.658699][   T30] audit: type=1400 audit(1747108862.171:2201): avc:  denied  { block_suspend } for  pid=20615 comm="syz.6.3318" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1126.859952][T20618] FAULT_INJECTION: forcing a failure.
[ 1126.859952][T20618] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1126.982490][T20618] CPU: 1 UID: 0 PID: 20618 Comm: syz.1.3317 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1126.982520][T20618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1126.982531][T20618] Call Trace:
[ 1126.982538][T20618]  <TASK>
[ 1126.982546][T20618]  dump_stack_lvl+0x16c/0x1f0
[ 1126.982577][T20618]  should_fail_ex+0x512/0x640
[ 1126.982605][T20618]  _copy_to_user+0x32/0xd0
[ 1126.982633][T20618]  simple_read_from_buffer+0xcb/0x170
[ 1126.982662][T20618]  proc_fail_nth_read+0x197/0x270
[ 1126.982690][T20618]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1126.982718][T20618]  ? rw_verify_area+0xcf/0x680
[ 1126.982741][T20618]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1126.982768][T20618]  vfs_read+0x1de/0xc70
[ 1126.982797][T20618]  ? __pfx___mutex_lock+0x10/0x10
[ 1126.982827][T20618]  ? __pfx_vfs_read+0x10/0x10
[ 1126.982859][T20618]  ? __fget_files+0x20e/0x3c0
[ 1126.982884][T20618]  ksys_read+0x12a/0x240
[ 1126.982909][T20618]  ? __pfx_ksys_read+0x10/0x10
[ 1126.982943][T20618]  do_syscall_64+0xcd/0x260
[ 1126.982970][T20618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1126.982988][T20618] RIP: 0033:0x7f3720b8d37c
[ 1126.983003][T20618] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1126.983020][T20618] RSP: 002b:00007f3721a2f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1126.983037][T20618] RAX: ffffffffffffffda RBX: 00007f3720db6080 RCX: 00007f3720b8d37c
[ 1126.983049][T20618] RDX: 000000000000000f RSI: 00007f3721a2f0a0 RDI: 0000000000000005
[ 1126.983059][T20618] RBP: 00007f3721a2f090 R08: 0000000000000000 R09: 0000000000000000
[ 1126.983069][T20618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1126.983080][T20618] R13: 0000000000000001 R14: 00007f3720db6080 R15: 00007ffdacea18f8
[ 1126.983109][T20618]  </TASK>
[ 1130.045937][T20635] block device autoloading is deprecated and will be removed.
[ 1130.055891][T20635] syz.0.3322: attempt to access beyond end of device
[ 1130.055891][T20635] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1130.077940][T11264] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1130.410081][ T5900] IPVS: starting estimator thread 0...
[ 1130.513680][T11264] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1130.528681][T11264] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1130.556205][T11264] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1130.592662][T11264] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1130.627987][T20653] IPVS: using max 76 ests per chain, 182400 per kthread
[ 1130.654559][T11264] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1130.691543][T11264] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.746363][T11264] usb 3-1: config 0 descriptor??
[ 1130.982071][T11264] hdpvr 3-1:0.0: firmware version 0x0 dated 
[ 1130.989869][T11264] hdpvr 3-1:0.0: untested firmware, the driver might not work.
[ 1131.405493][T11264] hdpvr 3-1:0.0: max device number reached, device register failed
[ 1131.518117][T11264] usb 3-1: USB disconnect, device number 68
[ 1131.810465][T20673] mkiss: ax0: crc mode is auto.
[ 1133.303234][   T30] audit: type=1400 audit(1747108868.841:2202): avc:  denied  { bind } for  pid=20695 comm="syz.6.3333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1133.323428][T16923] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1133.429883][T20700] veth1_macvtap: left promiscuous mode
[ 1133.435373][T20700] macsec0: entered promiscuous mode
[ 1133.440673][T20700] macsec0: entered allmulticast mode
[ 1133.908030][ T6556] block nbd4: Possible stuck request ffff888026330000: control (read@0,4096B). Runtime 60 seconds
[ 1133.928152][   T30] audit: type=1400 audit(1747108868.841:2203): avc:  denied  { name_bind } for  pid=20695 comm="syz.6.3333" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1133.949294][   T30] audit: type=1400 audit(1747108868.841:2204): avc:  denied  { node_bind } for  pid=20695 comm="syz.6.3333" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[ 1133.972837][   T30] audit: type=1400 audit(1747108868.971:2205): avc:  denied  { bind } for  pid=20697 comm="syz.5.3334" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1134.005182][T16923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1134.072892][T20705] FAULT_INJECTION: forcing a failure.
[ 1134.072892][T20705] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1134.075701][T16923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1134.110366][T20705] CPU: 0 UID: 0 PID: 20705 Comm: syz.5.3336 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1134.110384][T20705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1134.110390][T20705] Call Trace:
[ 1134.110394][T20705]  <TASK>
[ 1134.110399][T20705]  dump_stack_lvl+0x16c/0x1f0
[ 1134.110419][T20705]  should_fail_ex+0x512/0x640
[ 1134.110436][T20705]  _copy_to_iter+0x477/0x15a0
[ 1134.110455][T20705]  ? __pfx__copy_to_iter+0x10/0x10
[ 1134.110472][T20705]  ? find_held_lock+0x2b/0x80
[ 1134.110486][T20705]  ? ac6_seq_stop+0x31/0xb0
[ 1134.110505][T20705]  seq_read_iter+0xcf8/0x12c0
[ 1134.110527][T20705]  seq_read+0x39e/0x4e0
[ 1134.110542][T20705]  ? __pfx_seq_read+0x10/0x10
[ 1134.110563][T20705]  ? avc_policy_seqno+0x9/0x20
[ 1134.110577][T20705]  ? __pfx_seq_read+0x10/0x10
[ 1134.110591][T20705]  proc_reg_read+0x23d/0x330
[ 1134.110604][T20705]  ? __pfx_proc_reg_read+0x10/0x10
[ 1134.110616][T20705]  vfs_readv+0x6bf/0x8a0
[ 1134.110630][T20705]  ? get_pid_task+0x106/0x250
[ 1134.110643][T20705]  ? __pfx_vfs_readv+0x10/0x10
[ 1134.110658][T20705]  ? find_held_lock+0x2b/0x80
[ 1134.110679][T20705]  ? __fget_files+0x20e/0x3c0
[ 1134.110692][T20705]  ? do_preadv+0x1af/0x270
[ 1134.110706][T20705]  do_preadv+0x1af/0x270
[ 1134.110721][T20705]  ? __pfx_do_preadv+0x10/0x10
[ 1134.110734][T20705]  ? rcu_is_watching+0x12/0xc0
[ 1134.110753][T20705]  do_syscall_64+0xcd/0x260
[ 1134.110770][T20705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1134.110780][T20705] RIP: 0033:0x7fa72f18e969
[ 1134.110790][T20705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1134.110801][T20705] RSP: 002b:00007fa73001e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 1134.110811][T20705] RAX: ffffffffffffffda RBX: 00007fa72f3b5fa0 RCX: 00007fa72f18e969
[ 1134.110818][T20705] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 000000000000000b
[ 1134.110824][T20705] RBP: 00007fa73001e090 R08: 000000000000000d R09: 0000000000000000
[ 1134.110831][T20705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1134.110837][T20705] R13: 0000000000000000 R14: 00007fa72f3b5fa0 R15: 00007fffb72f8b08
[ 1134.110850][T20705]  </TASK>
[ 1134.116074][T16923] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[ 1134.417290][T20715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3337'.
[ 1134.427229][T20714] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1134.433640][T20714] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1134.620061][T16923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1134.630539][T16923] usb 3-1: config 0 descriptor??
[ 1134.691326][   T30] audit: type=1400 audit(1747108870.221:2206): avc:  denied  { map } for  pid=20712 comm="syz.0.3337" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1135.114214][T16923] usbhid 3-1:0.0: can't add hid device: -71
[ 1135.120214][T16923] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1135.142616][T16923] usb 3-1: USB disconnect, device number 69
[ 1136.022870][   T30] audit: type=1400 audit(1747108871.561:2207): avc:  denied  { ioctl } for  pid=20736 comm="syz.0.3342" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x541c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1136.048915][T20737] SELinux:  Context system_u:object_r:fsadm_ex is not valid (left unmapped).
[ 1136.060215][   T30] audit: type=1400 audit(1747108871.601:2208): avc:  denied  { relabelto } for  pid=20736 comm="syz.0.3342" name="130" dev="tmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_ex"
[ 1136.101087][   T30] audit: type=1400 audit(1747108871.601:2209): avc:  denied  { associate } for  pid=20736 comm="syz.0.3342" name="130" dev="tmpfs" ino=709 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_ex"
[ 1136.224534][ T5870] IPVS: starting estimator thread 0...
[ 1136.327991][T20741] IPVS: using max 39 ests per chain, 93600 per kthread
[ 1137.160739][T20749] No source specified
[ 1137.876467][T20758] vxfs: WRONG superblock magic 00000000 at 1
[ 1137.883592][T20758] vxfs: WRONG superblock magic 00000000 at 8
[ 1137.896025][T20758] vxfs: can't find superblock.
[ 1138.080558][T20760] tmpfs: User quota block hardlimit too large.
[ 1138.080614][   T30] audit: type=1400 audit(1747108873.621:2210): avc:  denied  { mounton } for  pid=20759 comm="syz.6.3348" path="/17/file0" dev="tmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[ 1138.143282][   T30] audit: type=1400 audit(1747108873.681:2211): avc:  denied  { accept } for  pid=20759 comm="syz.6.3348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1139.096433][   T30] audit: type=1400 audit(1747108874.601:2212): avc:  denied  { read } for  pid=20765 comm="syz.6.3350" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1139.716580][   T30] audit: type=1400 audit(1747108874.611:2213): avc:  denied  { open } for  pid=20765 comm="syz.6.3350" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[ 1139.750259][T20768] netlink: 'syz.6.3350': attribute type 10 has an invalid length.
[ 1139.766179][T20768] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3350'.
[ 1139.806009][T20770] CUSE: unknown device info "ÿ
"
[ 1139.811092][T20770] CUSE: zero length info key specified
[ 1139.822288][T20770] netlink: 'syz.6.3350': attribute type 1 has an invalid length.
[ 1139.999511][T20768] team0: Port device geneve0 added
[ 1140.141110][   T30] audit: type=1400 audit(1747108874.631:2214): avc:  denied  { write } for  pid=17675 comm="syz-executor" name="130" dev="tmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_ex"
[ 1140.166715][   T30] audit: type=1400 audit(1747108874.631:2215): avc:  denied  { remove_name } for  pid=17675 comm="syz-executor" name="binderfs" dev="tmpfs" ino=713 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_ex"
[ 1140.209674][   T30] audit: type=1400 audit(1747108874.691:2216): avc:  denied  { rmdir } for  pid=17675 comm="syz-executor" name="130" dev="tmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_ex"
[ 1140.361455][   T30] audit: type=1400 audit(1747108875.341:2217): avc:  denied  { ioctl } for  pid=20765 comm="syz.6.3350" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x1267 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1140.389750][   T30] audit: type=1400 audit(1747108875.821:2218): avc:  denied  { read } for  pid=20772 comm="syz.0.3352" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1140.444292][   T30] audit: type=1400 audit(1747108875.831:2219): avc:  denied  { open } for  pid=20772 comm="syz.0.3352" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1140.474952][   T30] audit: type=1400 audit(1747108875.871:2220): avc:  denied  { ioctl } for  pid=20772 comm="syz.0.3352" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1140.698851][T20784] Bluetooth: MGMT ver 1.23
[ 1141.462620][   T30] audit: type=1400 audit(1747108877.001:2221): avc:  denied  { append } for  pid=20793 comm="syz.0.3358" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1141.498550][T20780] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1141.528025][   T10] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1141.699308][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1141.717948][   T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1141.727784][T20796] Malformed UNC in devname
[ 1141.727784][T20796] 
[ 1141.737524][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1141.753891][T20796] CIFS: VFS: Malformed UNC in devname
[ 1141.760683][   T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1141.777972][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1141.787164][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1141.806984][   T10] usb 2-1: config 0 descriptor??
[ 1141.878491][ T5865] usb 7-1: new full-speed USB device number 2 using dummy_hcd
[ 1142.079186][ T5865] usb 7-1: device descriptor read/64, error -71
[ 1142.085661][   T10] hdpvr 2-1:0.0: firmware version 0x0 dated 
[ 1142.091978][   T10] hdpvr 2-1:0.0: untested firmware, the driver might not work.
[ 1142.332448][ T5865] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[ 1142.637892][   T10] hdpvr 2-1:0.0: max device number reached, device register failed
[ 1142.727773][   T10] usb 2-1: USB disconnect, device number 52
[ 1142.750158][ T5865] usb 7-1: device descriptor read/64, error -71
[ 1142.868163][ T5865] usb usb7-port1: attempt power cycle
[ 1143.209934][T20811] fuse: Unknown parameter 'fd0x000000000000000a'
[ 1143.487945][ T5865] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[ 1143.518008][ T5865] usb 7-1: device descriptor read/8, error -71
[ 1143.528007][ T5822] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1144.436823][   T30] audit: type=1400 audit(1747108879.971:2222): avc:  denied  { shutdown } for  pid=20814 comm="syz.1.3364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1144.522280][T20815] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input52
[ 1144.560215][ T5865] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[ 1144.598056][ T5865] usb 7-1: device descriptor read/8, error -71
[ 1144.728502][ T5865] usb usb7-port1: unable to enumerate USB device
[ 1145.796145][T20836] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3369'.
[ 1147.317542][T20846] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3373'.
[ 1147.602010][   T30] audit: type=1400 audit(1747108883.141:2223): avc:  denied  { nlmsg_read } for  pid=20843 comm="syz.0.3372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1147.656757][   T30] audit: type=1400 audit(1747108883.171:2224): avc:  denied  { read write } for  pid=20843 comm="syz.0.3372" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1147.730301][   T30] audit: type=1400 audit(1747108883.171:2225): avc:  denied  { open } for  pid=20843 comm="syz.0.3372" path="/136/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1148.417133][   T30] audit: type=1400 audit(1747108883.951:2226): avc:  denied  { unmount } for  pid=17675 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1149.024513][T20871] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1152.317505][   T30] audit: type=1400 audit(1747108887.851:2227): avc:  denied  { ioctl } for  pid=20878 comm="syz.1.3380" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1152.917893][   T10] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1153.068201][   T10] usb 2-1: Using ep0 maxpacket: 16
[ 1153.707244][   T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1153.799696][   T10] usb 2-1: config 0 has no interface number 0
[ 1153.961398][   T10] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1153.998611][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.012865][T20898] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3386'.
[ 1154.037927][   T30] audit: type=1400 audit(1747108889.551:2228): avc:  denied  { mount } for  pid=20897 comm="syz.0.3386" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[ 1154.044282][   T10] usb 2-1: Product: syz
[ 1154.134126][   T10] usb 2-1: Manufacturer: syz
[ 1154.165986][   T10] usb 2-1: SerialNumber: syz
[ 1154.183201][   T10] usb 2-1: config 0 descriptor??
[ 1154.195322][   T30] audit: type=1400 audit(1747108889.551:2229): avc:  denied  { kexec_image_load } for  pid=20897 comm="syz.0.3386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1154.221435][   T10] gspca_main: spca1528-2.14.0 probing 04fc:1528
[ 1154.229443][   T30] audit: type=1400 audit(1747108889.661:2230): avc:  denied  { checkpoint_restore } for  pid=20900 comm="syz.5.3387" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1154.348347][T20908] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1155.228052][   T10] gspca_spca1528: reg_w err -110
[ 1155.597530][   T10] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110
[ 1155.830342][T20920] netem: change failed
[ 1156.124994][T20919] x_tables: duplicate underflow at hook 1
[ 1156.216019][   T30] audit: type=1400 audit(1747108891.661:2231): avc:  denied  { setopt } for  pid=20918 comm="syz.0.3394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1156.363382][   T30] audit: type=1400 audit(1747108891.671:2232): avc:  denied  { ioctl } for  pid=20918 comm="syz.0.3394" path="socket:[67569]" dev="sockfs" ino=67569 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1156.393522][T20925] netem: change failed
[ 1157.252339][ T5865] usb 2-1: USB disconnect, device number 53
[ 1157.690271][T20942] netlink: 'syz.5.3400': attribute type 3 has an invalid length.
[ 1157.708226][T20943] netlink: 'syz.5.3400': attribute type 3 has an invalid length.
[ 1157.837926][T11264] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1158.335553][T11264] usb 7-1: config 0 has an invalid interface number: 49 but max is 0
[ 1158.814817][T11264] usb 7-1: config 0 has no interface number 0
[ 1158.870536][T11264] usb 7-1: too many endpoints for config 0 interface 49 altsetting 124: 240, using maximum allowed: 30
[ 1158.949610][T20940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3399'.
[ 1158.968696][T11264] usb 7-1: config 0 interface 49 altsetting 124 has 0 endpoint descriptors, different from the interface descriptor's value: 240
[ 1158.982087][T11264] usb 7-1: config 0 interface 49 has no altsetting 0
[ 1158.988918][T11264] usb 7-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=2d.ad
[ 1158.998108][T11264] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.010399][T11264] usb 7-1: config 0 descriptor??
[ 1159.339834][T11264] usb 7-1: string descriptor 0 read error: -71
[ 1159.349414][   T30] audit: type=1400 audit(1747108894.871:2233): avc:  denied  { getopt } for  pid=20936 comm="syz.6.3398" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1159.463992][T20961] x_tables: duplicate underflow at hook 1
[ 1159.825264][T11264] usb 7-1: USB disconnect, device number 6
[ 1159.923777][   T30] audit: type=1326 audit(1747108895.461:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20962 comm="syz.2.3406" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49cd78e969 code=0x0
[ 1160.102941][   T30] audit: type=1400 audit(1747108895.641:2235): avc:  denied  { getopt } for  pid=20965 comm="syz.1.3407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1162.519680][T20990] x_tables: duplicate underflow at hook 1
[ 1164.194431][ T6556] block nbd4: Possible stuck request ffff888026330000: control (read@0,4096B). Runtime 90 seconds
[ 1164.357904][   T10] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[ 1164.377682][T21007] netem: change failed
[ 1164.634448][T21011] mkiss: ax0: crc mode is auto.
[ 1164.655762][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1164.677890][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1164.721478][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1164.748205][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1164.984711][   T10] usb 2-1: usb_control_msg returned -32
[ 1165.010084][   T10] usbtmc 2-1:16.0: can't read capabilities
[ 1165.152099][T11264] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[ 1165.350512][T11264] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1165.661444][T11264] usb 6-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[ 1165.673174][T11264] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.681876][T11264] usb 6-1: Product: syz
[ 1165.686400][T11264] usb 6-1: Manufacturer: syz
[ 1165.694649][T11264] usb 6-1: SerialNumber: syz
[ 1165.719475][T11264] usb 6-1: config 0 descriptor??
[ 1165.818795][T11264] imon_raw 6-1:0.0: IR endpoint missing
[ 1166.426913][T20447] usb 6-1: USB disconnect, device number 21
[ 1167.309419][ T5900] usb 2-1: USB disconnect, device number 54
[ 1168.108852][T21034] x_tables: duplicate underflow at hook 1
[ 1168.441614][T21035] snd_dummy snd_dummy.0: control 1:1:0:syz0:-3 is already present
[ 1168.899573][T21041] syz.2.3427: attempt to access beyond end of device
[ 1168.899573][T21041] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1169.455171][T21047] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21047 comm=syz.5.3430
[ 1169.625295][T21056] mkiss: ax0: crc mode is auto.
[ 1169.630737][   T30] audit: type=1400 audit(1747108905.141:2236): avc:  denied  { bind } for  pid=21052 comm="syz.1.3431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1170.354200][T21068] netem: change failed
[ 1170.652944][   T30] audit: type=1400 audit(1747108906.001:2237): avc:  denied  { read } for  pid=21065 comm="syz.6.3437" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1171.256681][T21074] /dev/nullb0: Can't open blockdev
[ 1171.363281][T21076] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3439'.
[ 1172.187635][T21083] x_tables: duplicate underflow at hook 1
[ 1173.442684][T21099] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3447'.
[ 1173.617914][T20447] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1173.783654][T21110] netem: change failed
[ 1174.588079][T20447] usb 3-1: config 0 has an invalid interface number: 53 but max is 0
[ 1174.617877][T20447] usb 3-1: config 0 has no interface number 0
[ 1174.627948][T20447] usb 3-1: config 0 interface 53 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1174.648856][T21112] mkiss: ax0: crc mode is auto.
[ 1174.664915][T20447] usb 3-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=48.83
[ 1174.678062][T20447] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1174.686104][T20447] usb 3-1: Product: syz
[ 1174.690466][T20447] usb 3-1: Manufacturer: syz
[ 1174.695500][T20447] usb 3-1: SerialNumber: syz
[ 1174.702884][T20447] usb 3-1: config 0 descriptor??
[ 1174.855859][   T30] audit: type=1400 audit(1747108910.391:2238): avc:  denied  { read } for  pid=21113 comm="syz.5.3451" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1174.916129][   T30] audit: type=1400 audit(1747108910.451:2239): avc:  denied  { getopt } for  pid=21096 comm="syz.2.3442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1174.962572][T21097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1175.001680][T21097] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1175.161777][T20447] metro_usb 3-1:0.53: Metrologic USB to Serial converter detected
[ 1175.216295][T20447] usb 3-1: Metrologic USB to Serial converter now attached to ttyUSB0
[ 1175.248045][T20447] usb 3-1: USB disconnect, device number 70
[ 1175.276107][T20447] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0
[ 1175.333965][T20447] metro_usb 3-1:0.53: device disconnected
[ 1175.689025][T21125] x_tables: duplicate underflow at hook 1
[ 1176.332327][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[ 1176.417123][   T30] audit: type=1400 audit(1747108911.951:2240): avc:  denied  { connect } for  pid=21127 comm="syz.1.3454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1176.476834][   T30] audit: type=1400 audit(1747108911.991:2241): avc:  denied  { bind } for  pid=21127 comm="syz.1.3454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1176.496160][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1176.502727][T21134] af_packet: tpacket_rcv: packet too big, clamped from 488 to 4294967286. macoff=82
[ 1177.472591][T21140] netlink: 'syz.0.3460': attribute type 4 has an invalid length.
[ 1177.727585][T21143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3459'.
[ 1177.903092][T21140] netlink: 'syz.0.3460': attribute type 4 has an invalid length.
[ 1178.846307][T21150] netem: change failed
[ 1179.350531][T21162] x_tables: duplicate underflow at hook 1
[ 1180.411660][T21166] mkiss: ax0: crc mode is auto.
[ 1180.528192][T21171] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3468'.
[ 1180.829590][   T30] audit: type=1400 audit(1747108916.361:2242): avc:  denied  { create } for  pid=21175 comm="syz.6.3469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1180.902334][   T30] audit: type=1400 audit(1747108916.361:2243): avc:  denied  { ioctl } for  pid=21175 comm="syz.6.3469" path="socket:[69948]" dev="sockfs" ino=69948 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1181.106612][T21186] netlink: 'syz.0.3472': attribute type 4 has an invalid length.
[ 1181.366365][T21186] netlink: 'syz.0.3472': attribute type 4 has an invalid length.
[ 1181.596269][T21175] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1182.245334][T21207] fuse: Unknown parameter 'fd0x000000000000000a'
[ 1182.871487][T21207] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 1182.883381][T21207] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1182.890323][T21207] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1182.916086][T21207] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1183.614954][T21224] x_tables: duplicate underflow at hook 1
[ 1183.699711][T18951] Bluetooth: hci3: command 0x0406 tx timeout
[ 1185.944645][T21239] IPv6: Can't replace route, no match found
[ 1187.580256][    C0] hrtimer: interrupt took 13632 ns
[ 1187.962159][T21271] x_tables: duplicate underflow at hook 1
[ 1187.969855][ T5870] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1188.243722][ T5870] usb 2-1: Using ep0 maxpacket: 8
[ 1188.331115][ T5870] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1188.537433][ T5870] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1188.547680][ T5870] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1188.558879][ T5870] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1188.569112][ T5870] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1188.582406][ T5870] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1188.737508][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1190.078028][ T5870] usb 2-1: usb_control_msg returned -71
[ 1190.181205][ T5870] usbtmc 2-1:16.0: can't read capabilities
[ 1190.266126][ T5870] usb 2-1: USB disconnect, device number 55
[ 1191.837616][T21299] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[ 1191.844166][T21299] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1191.853309][T21299] vhci_hcd vhci_hcd.0: Device attached
[ 1192.905329][ T5869] usb 35-1: new low-speed USB device number 5 using vhci_hcd
[ 1193.339298][T21301] vhci_hcd: connection closed
[ 1193.344160][T15576] vhci_hcd: stop threads
[ 1193.358276][T15576] vhci_hcd: release socket
[ 1193.384539][T15576] vhci_hcd: disconnect device
[ 1193.443403][T21318] trusted_key: encrypted_key: insufficient parameters specified
[ 1193.651742][T21322] x_tables: duplicate underflow at hook 1
[ 1194.273645][ T6556] block nbd4: Possible stuck request ffff888026330000: control (read@0,4096B). Runtime 120 seconds
[ 1194.367344][T21326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3503'.
[ 1195.180564][   T10] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1195.408276][T21335] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3508'.
[ 1195.517260][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1195.541677][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1195.567639][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1195.587703][   T10] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1195.597694][   T10] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1196.590736][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1196.608341][   T10] usb 3-1: config 0 descriptor??
[ 1196.852863][   T10] hdpvr 3-1:0.0: firmware version 0x0 dated 
[ 1196.872463][   T10] hdpvr 3-1:0.0: untested firmware, the driver might not work.
[ 1197.734452][T21357] [U] .ú
[ 1197.783144][   T10] hdpvr 3-1:0.0: max device number reached, device register failed
[ 1198.020389][   T10] usb 3-1: USB disconnect, device number 71
[ 1198.040865][T21365] FAULT_INJECTION: forcing a failure.
[ 1198.040865][T21365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1198.110108][T21367] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3516'.
[ 1198.120324][T21365] CPU: 1 UID: 0 PID: 21365 Comm: syz.1.3515 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1198.120349][T21365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1198.120360][T21365] Call Trace:
[ 1198.120367][T21365]  <TASK>
[ 1198.120374][T21365]  dump_stack_lvl+0x16c/0x1f0
[ 1198.120405][T21365]  should_fail_ex+0x512/0x640
[ 1198.120433][T21365]  _copy_to_user+0x32/0xd0
[ 1198.120461][T21365]  simple_read_from_buffer+0xcb/0x170
[ 1198.120490][T21365]  proc_fail_nth_read+0x197/0x270
[ 1198.120518][T21365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1198.120546][T21365]  ? rw_verify_area+0xcf/0x680
[ 1198.120569][T21365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1198.120595][T21365]  vfs_read+0x1de/0xc70
[ 1198.120624][T21365]  ? __pfx___mutex_lock+0x10/0x10
[ 1198.120649][T21365]  ? __pfx_vfs_read+0x10/0x10
[ 1198.120682][T21365]  ? __fget_files+0x20e/0x3c0
[ 1198.120706][T21365]  ksys_read+0x12a/0x240
[ 1198.120731][T21365]  ? __pfx_ksys_read+0x10/0x10
[ 1198.120755][T21365]  ? v4l2_ioctl+0x1c5/0x250
[ 1198.120783][T21365]  do_syscall_64+0xcd/0x260
[ 1198.120810][T21365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.120828][T21365] RIP: 0033:0x7f3720b8d37c
[ 1198.120843][T21365] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1198.120861][T21365] RSP: 002b:00007f3721a50030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1198.120878][T21365] RAX: ffffffffffffffda RBX: 00007f3720db5fa0 RCX: 00007f3720b8d37c
[ 1198.120890][T21365] RDX: 000000000000000f RSI: 00007f3721a500a0 RDI: 0000000000000004
[ 1198.120901][T21365] RBP: 00007f3721a50090 R08: 0000000000000000 R09: 0000000000000000
[ 1198.120912][T21365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1198.120922][T21365] R13: 0000000000000000 R14: 00007f3720db5fa0 R15: 00007ffdacea18f8
[ 1198.120946][T21365]  </TASK>
[ 1198.520984][   T30] audit: type=1326 audit(1747108934.051:2244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1198.557864][ T5869] vhci_hcd: vhci_device speed not set
[ 1198.593769][T21369] usb usb8: usbfs: process 21369 (syz.1.3517) did not claim interface 0 before use
[ 1198.603649][T21371] netlink: 'syz.0.3518': attribute type 4 has an invalid length.
[ 1198.626750][   T30] audit: type=1326 audit(1747108934.051:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1198.797102][T21374] netlink: 'syz.0.3518': attribute type 4 has an invalid length.
[ 1198.852938][   T30] audit: type=1326 audit(1747108934.051:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.006266][   T30] audit: type=1326 audit(1747108934.051:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.036077][T21377] Bluetooth: MGMT ver 1.23
[ 1199.042147][T21377] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3519'.
[ 1199.062338][   T30] audit: type=1326 audit(1747108934.051:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.186983][   T30] audit: type=1326 audit(1747108934.051:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.213445][   T30] audit: type=1326 audit(1747108934.051:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.399336][   T30] audit: type=1326 audit(1747108934.051:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.424191][   T30] audit: type=1326 audit(1747108934.051:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.447745][   T30] audit: type=1326 audit(1747108934.051:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.1.3517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3720b8e969 code=0x7ffc0000
[ 1199.565379][T21384] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3521'.
[ 1199.773287][T21391] gtp0: entered promiscuous mode
[ 1200.277705][T21408] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=21408 comm=syz.2.3530
[ 1200.355534][T21415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3532'.
[ 1200.376316][T21415] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3532'.
[ 1200.933040][T21446] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1200.944441][T21446] bond0: (slave bond1): Enslaving as an active interface with an up link
[ 1200.952886][T21455] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3544'.
[ 1201.101585][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.107524][ T5822] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1201.122247][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.127371][ T5822] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1201.136068][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.141393][ T5822] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1201.149239][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.155529][ T5822] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1201.343165][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.348746][ T5822] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1201.362380][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.367510][ T5822] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1201.410422][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.415655][ T5822] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1201.423515][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.428745][ T5822] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1201.429445][T21475] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3547'.
[ 1201.446679][T21476] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3548'.
[ 1201.514252][T21485] netlink: 'syz.2.3551': attribute type 1 has an invalid length.
[ 1201.613889][T21490] bond1: (slave ip6gretap2): Enslaving as a backup interface with an up link
[ 1201.687499][   T52] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1201.702991][T21485] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1201.792137][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.797519][ T5822] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1201.813591][ T5822] Bluetooth: hci4: link tx timeout
[ 1201.819605][ T5822] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1201.835857][T19611] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[ 1202.407416][T21520] fuse: Unknown parameter 'fd0x000000000000000a'
[ 1202.667722][T21499] Bluetooth: hci4: link tx timeout
[ 1202.673003][T21499] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1202.680969][T21499] Bluetooth: hci4: link tx timeout
[ 1202.686120][T21499] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1202.920992][T21520] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 1202.932870][T21520] batman_adv: batadv0: Adding interface: ip6gretap1
[ 1202.939519][T21520] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1202.965115][T21520] batman_adv: batadv0: Interface activated: ip6gretap1
[ 1202.977949][T21499] Bluetooth: hci4: link tx timeout
[ 1202.983075][T21499] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 1202.990842][T21499] Bluetooth: hci4: link tx timeout
[ 1202.997178][T21499] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1203.208029][T21499] Bluetooth: hci4: command 0x0406 tx timeout
[ 1204.504095][   T30] kauditd_printk_skb: 47 callbacks suppressed
[ 1204.504112][   T30] audit: type=1400 audit(1747108940.041:2301): avc:  denied  { getopt } for  pid=21555 comm="syz.5.3567" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1204.569408][   T30] audit: type=1400 audit(1747108940.041:2302): avc:  denied  { setopt } for  pid=21555 comm="syz.5.3567" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1204.646063][   T30] audit: type=1400 audit(1747108940.041:2303): avc:  denied  { read } for  pid=21555 comm="syz.5.3567" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1205.288320][T21499] Bluetooth: hci4: command 0x0406 tx timeout
[ 1206.153500][T21584] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3572'.
[ 1206.287986][T20447] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[ 1206.451193][T20447] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1206.497896][T20447] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1206.592163][T20447] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1206.601304][T20447] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1207.283070][T20447] usb 3-1: usb_control_msg returned -32
[ 1207.388332][T20447] usbtmc 3-1:16.0: can't read capabilities
[ 1207.559712][ T5870] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[ 1207.755281][ T5870] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1207.775915][ T5870] usb 7-1: config 0 has no interface number 0
[ 1207.845307][ T5870] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1208.901368][ T5870] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1208.936331][ T5870] usb 7-1: config 0 descriptor??
[ 1208.954118][ T5870] usb 7-1: selecting invalid altsetting 1
[ 1208.961691][ T5870] dvb_ttusb_budget: ttusb_init_controller: error
[ 1208.970114][ T5870] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1209.046983][ T5870] DVB: Unable to find symbol cx22700_attach()
[ 1209.114890][ T5870] DVB: Unable to find symbol tda10046_attach()
[ 1209.127538][T21639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3583'.
[ 1209.163518][ T5870] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1209.563972][ T5870] usb 7-1: USB disconnect, device number 7
[ 1210.594077][ T5870] usb 3-1: USB disconnect, device number 72
[ 1211.487388][ T5870] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1211.717077][ T5870] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1211.736614][ T5870] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1211.745317][ T5870] usb 2-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice=15.eb
[ 1211.764432][T21679] tipc: Started in network mode
[ 1211.769385][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1211.779524][T21679] tipc: Node identity a60bee7a1266, cluster identity 4711
[ 1211.786702][ T5870] usb 2-1: Product: syz
[ 1211.791734][ T5870] usb 2-1: Manufacturer: syz
[ 1211.796335][ T5870] usb 2-1: SerialNumber: syz
[ 1211.797007][T21679] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1211.819078][ T5870] usb 2-1: config 0 descriptor??
[ 1211.976265][T21682] syzkaller0: entered promiscuous mode
[ 1211.981912][T21682] syzkaller0: entered allmulticast mode
[ 1211.988125][T21682] tipc: Resetting bearer <eth:syzkaller0>
[ 1212.057477][T21678] tipc: Resetting bearer <eth:syzkaller0>
[ 1212.251579][ T5870] snd_usb_podhd 2-1:0.0: Line 6 POD HDDESKTOP found
[ 1212.461304][ T5870] snd_usb_podhd 2-1:0.0: endpoint not available, using fallback values
[ 1212.478149][ T5870] snd_usb_podhd 2-1:0.0: invalid control EP
[ 1212.493661][ T5870] snd_usb_podhd 2-1:0.0: cannot start listening: -22
[ 1212.503111][ T5870] snd_usb_podhd 2-1:0.0: Line 6 POD HDDESKTOP now disconnected
[ 1212.522509][ T5870] snd_usb_podhd 2-1:0.0: probe with driver snd_usb_podhd failed with error -22
[ 1212.901215][ T5909] tipc: Node number set to 3027103354
[ 1213.716502][T21678] tipc: Disabling bearer <eth:syzkaller0>
[ 1213.728471][T21686] IPv6: Can't replace route, no match found
[ 1213.734496][T21665] 8021q: VLANs not supported on ip_vti0
[ 1213.786747][   T10] usb 2-1: USB disconnect, device number 56
[ 1213.846518][T21689] netlink: 'syz.1.3596': attribute type 1 has an invalid length.
[ 1213.869572][T21689] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3596'.
[ 1214.051249][T21694] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3597'.
[ 1217.525863][T21722] netlink: 'syz.6.3608': attribute type 1 has an invalid length.
[ 1217.645217][T21722] netlink: 228 bytes leftover after parsing attributes in process `syz.6.3608'.
[ 1217.768235][T21729] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[ 1219.105443][   T30] audit: type=1326 audit(1747108954.641:2304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21741 comm="syz.0.3615" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc24d8e969 code=0x0
[ 1219.467833][ T5900] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[ 1219.647370][T21761] netlink: 'syz.6.3620': attribute type 1 has an invalid length.
[ 1219.657163][T21761] netlink: 228 bytes leftover after parsing attributes in process `syz.6.3620'.
[ 1219.699715][ T5900] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1219.723933][ T5900] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1219.774988][ T5900] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1219.804166][ T5900] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1220.366090][ T5900] usb 6-1: usb_control_msg returned -32
[ 1220.403900][ T5900] usbtmc 6-1:16.0: can't read capabilities
[ 1222.126028][T21780] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3625'.
[ 1223.625468][T21797] netlink: 'syz.1.3631': attribute type 1 has an invalid length.
[ 1223.635166][T21797] netlink: 184 bytes leftover after parsing attributes in process `syz.1.3631'.
[ 1223.644912][T21797] netlink: 'syz.1.3631': attribute type 1 has an invalid length.
[ 1223.970668][T21808] ptrace attach of "./syz-executor exec"[19832] was attempted by "./syz-executor exec"[21808]
[ 1224.000996][T21808] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3632'.
[ 1224.354367][    T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1224.363050][ T6556] block nbd4: Possible stuck request ffff888026330000: control (read@0,4096B). Runtime 150 seconds
[ 1224.384822][T20447] usb 6-1: USB disconnect, device number 22
[ 1224.668623][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1224.684915][    T9] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1224.694771][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 1224.712639][    T9] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[ 1225.336945][    T9] usb 7-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1225.358538][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1225.548878][    T9] usb 7-1: config 0 descriptor??
[ 1225.988798][    T9] hdpvr 7-1:0.0: firmware version 0x0 dated 
[ 1226.037008][    T9] hdpvr 7-1:0.0: untested firmware, the driver might not work.
[ 1226.095464][T21827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3639'.
[ 1226.102686][T21825] mkiss: ax0: crc mode is auto.
[ 1227.431667][    T9] hdpvr 7-1:0.0: max device number reached, device register failed
[ 1227.531219][   T31] INFO: task syz.4.3190:20039 blocked for more than 143 seconds.
[ 1228.639214][   T31]       Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0
[ 1228.646880][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1228.757944][   T31] task:syz.4.3190      state:D stack:26840 pid:20039 tgid:20035 ppid:18950  task_flags:0x400140 flags:0x00004006
[ 1228.792172][    T9] usb 7-1: USB disconnect, device number 8
[ 1228.806253][   T31] Call Trace:
[ 1228.820117][   T31]  <TASK>
[ 1228.825581][   T31]  __schedule+0x116f/0x5de0
[ 1228.834313][   T31]  ? register_lock_class+0x41/0x4c0
[ 1228.844824][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[ 1228.856093][   T31]  ? __pfx___schedule+0x10/0x10
[ 1228.866164][   T31]  ? find_held_lock+0x2b/0x80
[ 1228.877832][   T31]  ? schedule+0x2d7/0x3a0
[ 1228.882201][   T31]  schedule+0xe7/0x3a0
[ 1228.908196][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1228.913707][   T31]  __mutex_lock+0x6c7/0xb90
[ 1228.930462][   T31]  ? bdev_release+0x15a/0x6d0
[ 1228.935182][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1228.947952][   T31]  ? find_held_lock+0x2b/0x80
[ 1228.952673][   T31]  ? do_raw_spin_unlock+0x172/0x230
[ 1228.968032][   T31]  ? bdev_release+0x15a/0x6d0
[ 1228.972740][   T31]  bdev_release+0x15a/0x6d0
[ 1228.977251][   T31]  ? __pfx_blkdev_release+0x10/0x10
[ 1228.992335][   T31]  blkdev_release+0x15/0x20
[ 1228.996957][   T31]  __fput+0x3ff/0xb70
[ 1229.003047][   T31]  task_work_run+0x150/0x240
[ 1229.011948][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1229.017188][   T31]  get_signal+0x1d1/0x26d0
[ 1229.023828][   T31]  ? __pfx_get_signal+0x10/0x10
[ 1229.029792][   T31]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1229.035438][   T31]  ? task_work_add+0x1d5/0x360
[ 1229.042233][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1229.049618][   T31]  ? __fput_deferred+0x118/0x370
[ 1229.054581][   T31]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1229.062984][   T31]  do_syscall_64+0xda/0x260
[ 1229.074475][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.087871][   T31] RIP: 0033:0x7f18fef8e969
[ 1229.092398][   T31] RSP: 002b:00007f18ffe66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1229.109167][   T31] RAX: 0000000000000000 RBX: 00007f18ff1b6080 RCX: 00007f18fef8e969
[ 1229.117312][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[ 1229.128402][   T31] RBP: 00007f18ff010ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1229.136502][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1229.147074][   T31] R13: 0000000000000001 R14: 00007f18ff1b6080 R15: 00007fff4cdac548
[ 1229.160028][   T31]  </TASK>
[ 1229.163251][   T31] 
[ 1229.163251][   T31] Showing all locks held in the system:
[ 1229.181619][T21826] caif:caif_disconnect_client(): nothing to disconnect
[ 1229.195698][   T31] 2 locks held by rcu_tasks_trace/29:
[ 1229.202261][   T31]  #0: ffffffff8e3bf070 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{4:4}, at: rcu_tasks_one_gp+0x72d/0xe20
[ 1229.221262][   T31]  #1: ffffffff8e3cb138 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x280/0x3c0
[ 1229.232360][   T31] 1 lock held by khungtaskd/31:
[ 1229.237279][   T31]  #0: ffffffff8e3bfc00 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[ 1229.256909][   T31] 2 locks held by getty/5574:
[ 1229.262253][   T31]  #0: ffff88803660a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 1229.275375][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[ 1229.285949][   T31] 1 lock held by udevd/12391:
[ 1229.292344][   T31]  #0: ffff88802620a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[ 1229.303457][   T31] 2 locks held by kworker/u8:27/15580:
[ 1229.313015][   T31]  #0: ffff88801c326948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1229.324589][   T31]  #1: ffffc9000c31fd18 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1229.337709][   T31] 1 lock held by syz.4.3190/20039:
[ 1229.342959][   T31]  #0: ffff88802620a358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x15a/0x6d0
[ 1229.354224][   T31] 3 locks held by syz.0.3639/21826:
[ 1229.359451][   T31]  #0: ffff8880750ddc08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[ 1229.370341][   T31]  #1: ffff88804b720258 (sk_lock-AF_CAIF){+.+.}-{0:0}, at: caif_release+0x10b/0x3f0
[ 1229.379907][   T31]  #2: ffffffff8e3cb138 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[ 1229.389982][   T31] 1 lock held by syz.5.3640/21829:
[ 1229.395077][   T31]  #0: ffffffff8e3cb000 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[ 1229.405798][   T31] 
[ 1229.423951][   T31] =============================================
[ 1229.423951][   T31] 
[ 1229.451436][   T31] NMI backtrace for cpu 1
[ 1229.451452][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1229.451469][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1229.451476][   T31] Call Trace:
[ 1229.451480][   T31]  <TASK>
[ 1229.451484][   T31]  dump_stack_lvl+0x116/0x1f0
[ 1229.451504][   T31]  nmi_cpu_backtrace+0x27b/0x390
[ 1229.451515][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[ 1229.451530][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1229.451542][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[ 1229.451555][   T31]  watchdog+0xf70/0x12c0
[ 1229.451568][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1229.451577][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1229.451592][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1229.451609][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1229.451618][   T31]  kthread+0x3c2/0x780
[ 1229.451629][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.451638][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.451649][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.451658][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.451667][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1229.451681][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.451691][   T31]  ret_from_fork+0x45/0x80
[ 1229.451701][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.451711][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1229.451732][   T31]  </TASK>
[ 1229.451736][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1229.590198][    C0] NMI backtrace for cpu 0
[ 1229.590212][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1229.590230][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1229.590237][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 1229.590260][    C0] Code: 05 62 02 e9 53 fc 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 ef 1c 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 1229.590273][    C0] RSP: 0018:ffffffff8e007e10 EFLAGS: 000002c6
[ 1229.590285][    C0] RAX: 0000000005275509 RBX: 0000000000000000 RCX: ffffffff8b6d0419
[ 1229.590294][    C0] RDX: 0000000000000000 RSI: ffffffff8dbe2848 RDI: ffffffff8bf48920
[ 1229.590303][    C0] RBP: fffffbfff1c12ee8 R08: 0000000000000001 R09: ffffed10170865bd
[ 1229.590311][    C0] R10: ffff8880b8432deb R11: 0000000000000000 R12: 0000000000000000
[ 1229.590320][    C0] R13: ffffffff8e097740 R14: ffffffff9084ff10 R15: 0000000000000000
[ 1229.590328][    C0] FS:  0000000000000000(0000) GS:ffff8881249df000(0000) knlGS:0000000000000000
[ 1229.590342][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1229.590351][    C0] CR2: 00007fdc25c87f98 CR3: 0000000041b06000 CR4: 00000000003526f0
[ 1229.590360][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1229.590368][    C0] DR3: 00000000000000d8 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1229.590376][    C0] Call Trace:
[ 1229.590381][    C0]  <TASK>
[ 1229.590394][    C0]  default_idle+0x13/0x20
[ 1229.590414][    C0]  default_idle_call+0x6d/0xb0
[ 1229.590426][    C0]  do_idle+0x391/0x510
[ 1229.590443][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1229.590459][    C0]  ? trace_sched_exit_tp+0x31/0x130
[ 1229.590479][    C0]  cpu_startup_entry+0x4f/0x60
[ 1229.590495][    C0]  rest_init+0x16b/0x2b0
[ 1229.590506][    C0]  ? acpi_subsystem_init+0x133/0x180
[ 1229.590525][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1229.590538][    C0]  start_kernel+0x3e9/0x4d0
[ 1229.590557][    C0]  x86_64_start_reservations+0x18/0x30
[ 1229.590577][    C0]  x86_64_start_kernel+0xb0/0xc0
[ 1229.590596][    C0]  common_startup_64+0x13e/0x148
[ 1229.590616][    C0]  </TASK>
[ 1229.814443][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1229.821313][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00025-g627277ba7c23 #0 PREEMPT(full) 
[ 1229.833115][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1229.843175][   T31] Call Trace:
[ 1229.846453][   T31]  <TASK>
[ 1229.849378][   T31]  dump_stack_lvl+0x3d/0x1f0
[ 1229.853992][   T31]  panic+0x71c/0x800
[ 1229.857905][   T31]  ? __pfx_panic+0x10/0x10
[ 1229.862333][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1229.867707][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1229.873685][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1229.879059][   T31]  ? watchdog+0xdda/0x12c0
[ 1229.883476][   T31]  ? watchdog+0xdcd/0x12c0
[ 1229.887901][   T31]  watchdog+0xdeb/0x12c0
[ 1229.892151][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1229.896819][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1229.902015][   T31]  ? __kthread_parkme+0x19e/0x250
[ 1229.907029][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1229.911684][   T31]  kthread+0x3c2/0x780
[ 1229.915736][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.920314][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.924880][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.929450][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.934016][   T31]  ? rcu_is_watching+0x12/0xc0
[ 1229.938758][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.943328][   T31]  ret_from_fork+0x45/0x80
[ 1229.947720][   T31]  ? __pfx_kthread+0x10/0x10
[ 1229.952289][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1229.957039][   T31]  </TASK>
[ 1229.960230][   T31] Kernel Offset: disabled
[ 1229.964534][   T31] Rebooting in 86400 seconds..