last executing test programs:

11.89117624s ago: executing program 3 (id=291):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000380)={0x60, 0x2, &(0x7f0000355000/0x4000)=nil, &(0x7f000030d000/0x1000)=nil, 0x3, &(0x7f0000000200)=[{0x15, 0x6}, {0xf, 0x8, 0x200}, {0xa541, 0x3ff, 0x7}, {0x9, 0x3, 0x10}, {0x6, 0x6, 0x6}], 0x5, 0xeb, 0x30, 0x61, 0x47, 0x43})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
get_robust_list(0x0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0)
recvmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0)

10.493503937s ago: executing program 3 (id=294):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}})
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000180000000000000000000005180100002020702500000000abc5fe2167d0f14dbef61ce6002020207b1af8ff00000000bfa10000001e20152e5251bf0ef8ffffffb702000008000000b70300000053732ad3b8df14e328b989506ad2552613e4c2ff8d7f9546", @ANYRES64=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = epoll_create1(0x0)
r3 = epoll_create1(0x0)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109022b00010000000009049c0002010351000905031300000000000725ec0200000009050f0000"], 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000040)={0xe000201a})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000200", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x24048844)
r5 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x1400}}, 0x1c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000140)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @remote}, {0x2, 0x0, @private}, 0xd0, 0x0, 0x0, 0x0, 0x5af})
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r8, 0x8953, &(0x7f0000000180)={{0x2, 0x2, @multicast2}, {0x0, @random="ae1457ad617e"}, 0x0, {0x2, 0xfffc, @multicast1=0xe000cc02}})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x1c}}, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xcfba, 0x0, 0x0)
dup3(r4, r3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300)
socket$packet(0x11, 0x2, 0x300)

8.076563s ago: executing program 0 (id=300):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x27, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f0000000000)=0x4, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x5, 0xdd5, 0x7, 0x8, 0x6}, 0x14)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000340)={{0x12, 0x1, 0x0, 0x5f, 0xb8, 0xe5, 0x20, 0xccd, 0x80, 0x4a83, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x6f, 0x0, 0x0, 0xaa, 0xd8, 0x23}}, {{0x9, 0x4, 0x0, 0x0, 0x0, 0xa4, 0x6a, 0xf}}]}}]}}, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x8000, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r1, 0xa667}], 0x1, 0x0, 0x0, 0x0)
signalfd4(r1, &(0x7f0000000340)={[0x1]}, 0x8, 0x80800)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0xffffffffffffffff, 0x9, 0x8}, 0xc)
clock_gettime(0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x2, r4, 0x1, &(0x7f00000001c0))
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sys_enter\x00', r5}, 0x10)
utime(0x0, 0xfffffffffffffffc)
timerfd_settime(r1, 0x3, &(0x7f00000000c0)={{r2, r3+60000000}, {0x77359400}}, &(0x7f0000000100))

7.117539854s ago: executing program 4 (id=304):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x13, &(0x7f00000009c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c250000000000202020630accff00000000bda100000000000026010000f8ffffffb702000008000000b703000000000000850000000800000018010000202070250000000000202020dd1af5ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4", 0xf4}], 0x1}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="d00000001800010600000000fedbdf251c140000fe0000010000000005001a0000"], 0xd0}}, 0x0)
ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000340)={0xfffffffc, 0x0, 0x0, 0x0, 0x0, "4d6b55f68502bfc6aafbd98ec07c45a8365ccb"})
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000a40))
readv(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000000280)=""/79, 0x4f}], 0x1)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @auto=[0x30, 0x35, 0x39, 0x65, 0x66, 0x33, 0x30, 0x34, 0x30, 0x63, 0x64, 0x63, 0x32, 0x31, 0x39, 0x33]}, &(0x7f0000000480)={0x0, "2a518689193a3e5d5a9927857acd3344b1b1f9cbe44359ddb8071d8c46987740e8f1043dff3cf5fc0a9601e793724dc91953acd6e0209f68d91b42a962b0edf9", 0x16}, 0x48, 0xfffffffffffffff9)

6.91780578s ago: executing program 1 (id=305):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000004000087ec2339a0755524f3e19e2d87808a6381192f100850000009c0000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = creat(0x0, 0x0)
r1 = syz_io_uring_setup(0x12e, &(0x7f0000000140)={0x0, 0x5885, 0x400, 0x0, 0x10b}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0x40, 0x0, r0, 0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x200})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
msgget$private(0x0, 0x4)

6.125600797s ago: executing program 4 (id=306):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x94b9c7be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x28, 0x3d, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@typed={0xc, 0xba, 0x0, 0x0, @u64=0xfc0000}, @nested={0x4, 0x1}, @nested={0x4, 0x2}]}, 0x28}}, 0x4c000)

6.04723523s ago: executing program 3 (id=307):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xf, &(0x7f0000000100)={0x9, 0x7fffffff}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, 0x0, 0x0)

5.502665351s ago: executing program 4 (id=308):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x1002, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000400000004d981cbaa00000000000000658a0300552a324ba21159204972ab9d44bb10c34f56f462c700fcff00000000bf668b6588f9eec3116255097e4414785e0100000000000000a2aeea3346df396ae6d6e897ac49414a01297f2480a0778b1793", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x9, &(0x7f0000000d80)=@raw=[@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x10}}, @jmp={0x5, 0x0, 0x9, 0x1, 0x2, 0xffffffffffffffc2, 0xfffffffffffffffc}], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x4e24}}, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d3f0e8b099b3f36006c090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05959a71243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0)
socketpair(0xa, 0xa, 0x2, &(0x7f0000000180)={<r4=>0xffffffffffffffff})
bind$vsock_stream(r4, &(0x7f0000000300), 0x10)
syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00')
acct(&(0x7f00000001c0)='./file0\x00')
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x90, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x7c, 0x1, [@m_connmark={0x34, 0x2, 0x0, 0x0, {{0xd}, {0x4, 0x20}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x0)
unshare(0x62040200)

5.453173566s ago: executing program 3 (id=310):
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='westwood\x00', 0x9)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r4, 0x110, 0x4, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100), 0xab7801, &(0x7f00000000c0)=ANY=[@ANYRES64=r3])
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5.342952282s ago: executing program 1 (id=311):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x1e4, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1b4, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_LOSS={0x44, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x8, 0x7, 0x0, 0x8, 0x8001}}, @NETEM_LOSS_GE={0x14, 0x2, {0x10, 0xfffffffc, 0x0, 0xbac}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x1, 0x1, 0x8001}}]}, @TCA_NETEM_RATE={0x14, 0x6, {0x3, 0x3, 0x1, 0x5}}, @TCA_NETEM_DELAY_DIST={0x33, 0x2, "9f2b57f6fd6d293bfe5b6d9a96ed3dddee6b7e412e5f234d15c69e5d9c27c84e38c1aec4c41bc1aca5f6f367d423db"}, @TCA_NETEM_CORR={0x10, 0x1, {0x7, 0xd654, 0x101}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x2}, @TCA_NETEM_REORDER={0xc, 0x3, {0x0, 0x3}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x1ff, 0x3, 0xf, 0x1}}]}, @TCA_NETEM_DELAY_DIST={0x5b, 0x2, "3c926845bef2777306c8ce8c9e7c870635d5063a53232e3f3126a9cd3087f541a50b088e7362039158e2fc77f6bfc8f0b0af636870d08dde0dc116b78164fa69b70291157cf17607d14c226735b4ee76cb739c4af72fcb"}, @TCA_NETEM_LOSS={0x6c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x3, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x0, 0x9, 0x8, 0x612}}, @NETEM_LOSS_GE={0x14, 0x2, {0x80, 0x1, 0xfe, 0x6}}, @NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x7, 0x6, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x7, 0x5, 0xf32, 0x1}}]}]}}}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

4.024313448s ago: executing program 4 (id=313):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000002180c20000000800450c00201f000f0004069078ac1414bbac1414aa00014e20000c907801febbd9"], 0x0)

3.883748136s ago: executing program 1 (id=314):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x2}}, './file0\x00'})
ioctl$vim2m_VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000140)={0xc4a, 0x3, 0x1, {0x0, @raw_data="744251283286b63de134f95d9fdec756edcca8185a268eab737493a73e8eefb12fd35ab033f9687328352f7b4fab2df17e8948baa0f19f6b62547c2c0d0bbde385a1e496845523cf077f0d9341fb2022a07098c252d6d0d0e16205b9547de84e226a308c3cb85440a8b2e294e8d504f0318fcc328632620e8ca84687e429ef93189b2bfed2db1185bb692f33b2b25e6ad0517d9c76097d4a415f694318f4fcd4bac649dcf4619bcb00f322bc70d5fae84e23dc636d0ff32efd3f49a78f32dd1a82661eb970b6f829"}, 0xf0a})
openat$cgroup_procs(r0, &(0x7f0000002a40)='cgroup.procs\x00', 0x2, 0x0)
r2 = io_uring_setup(0x1de0, &(0x7f0000000440))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0)
r7 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40f02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f0000000040))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000024000000030a0108000000000000000001000000040004800900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30010000002800048024000180090001006d657461000000001400028008000240000000140800014000000015140000001100010000000000000000000000000a"], 0xbc}, 0x1, 0x0, 0x0, 0x2000c045}, 0x0)
syz_emit_ethernet(0x66, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa429e82211cf808004555005800640000662f9078ac1e0001e00000010421880b000000000c000800080086dd080088be0000000314031a12010000000000002f080022eb000000032607840902000000000000040003150008006558000000018650d7c29c8acf6e278ae33c94480d3922b46c0259bf4b9e38c90a993088bebf11"], 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10)

3.782791687s ago: executing program 4 (id=315):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x397, &(0x7f0000000180)={0x0, 0xff90}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000100005070000fa00000000000000001a", @ANYRES32=r2, @ANYBLOB="0000005f41000000140012000c00010076657468"], 0x34}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x7fff, &(0x7f0000000080)=0x1)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = eventfd2(0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f00000000c0)={0x8000000000000004, 0x0, 0x1, r8, 0x11})
ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000100)={0x0, 0x0, 0x1, r8, 0xd})
r9 = socket(0x10, 0x803, 0x0)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@ipv6_deladdrlabel={0x44, 0x49, 0x2, 0x70bd2a, 0x25dfdbff, {0xa, 0x0, 0x78, 0x0, r2, 0x526b}, [@IFAL_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFAL_ADDRESS={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x44}}, 0x0)

3.74877523s ago: executing program 2 (id=316):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000ff07090400000000000000000ab5e2d6bbee0552cd000000ea5699fd07000000fddc3f3757e2218b518e382d048a2ef99157d77f2e9c17fba8835d1387c5cf14b2ec3ad4b15b4c94a03ffc21e62e1b36de653273"], 0x1c}}, 0x0) (async)
mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x110)
lsetxattr$security_capability(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000480)=@v3={0x3000000, [{0xf876, 0x102}, {0x6, 0x1}]}, 0x18, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000006"], 0x50)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) (async)
getresgid(&(0x7f0000000080), &(0x7f0000000280), &(0x7f00000002c0))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="8c00f6315ef57a11b822b86257f081a3ac3f60d811813fe7d06d5ee854baade8d7aee755fc4fbb9874a16dfebb0870d277544538be254a7c2b70cf359d381a9bd77e0eb4a2c20ffbcb9b51940d5f524e5b7e1800000000ce8022634460a2573fef3e23e7d405a02d71623e907fb19695e2813a6e20d9d0d2555cb6bc291c3e9fa4a27960ededce641b20a5d524d14378", @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES64=r2, @ANYBLOB=',\x00']) (async)
read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0xeea390}}, 0x50)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000084c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020025642532000000000900010073797a3000000000080005"], 0x40c4}}, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], &(0x7f00000003c0)=""/83, 0xf8, 0x53, 0x1, 0x2, 0x0, @void, @value}, 0x28)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x12, 0x200000000000037b, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESDEC=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095", @ANYRES64=r3, @ANYRESHEX=r1, @ANYRES16=r4, @ANYRESOCT, @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prctl$PR_CAPBSET_READ(0x17, 0x20) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x14, 0xc, &(0x7f00000005c0)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
userfaultfd(0x80001)
madvise(&(0x7f00008d7000/0x1000)=nil, 0x1000, 0x4) (async)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r6 = syz_open_pts(0xffffffffffffffff, 0x0)
ioctl$TIOCSTI(r6, 0x541e, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
ioctl$SIOCGETVIFCNT(r7, 0x89e0, 0x0) (async)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0xff00)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.843484592s ago: executing program 3 (id=317):
syz_init_net_socket$x25(0x9, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000280)={<r5=>0xffffffffffffffff}, 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000200)={0x16, 0x18, 0xfa00, @id_tos={&(0x7f0000000240)=0xfe, r5, 0x0, 0x0, 0x1}}, 0x20)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0xffffffffffffff72)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, 0x0, 0x20040000)
r9 = memfd_create(&(0x7f0000000000)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x6)
r10 = dup(r9)
finit_module(r10, 0x0, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0x6, 0x4b7, 0xe, 0x1280, 0xffffffffffffffff, 0x0, '\x00', r8, 0xffffffffffffffff, 0x4, 0x1, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

2.795539981s ago: executing program 1 (id=318):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={@cgroup, r0, 0x2f, 0x2020, 0x4, @void, @void, @value}, 0x20)

2.706700178s ago: executing program 0 (id=319):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000180)="c4c115f9da0fc75eeec4e1781101d8e20f009600000000f707f0020000c4e1a5d872000f0666baf80cb87c20a98cef66bafc0cb8c202ebf4eff3ad"}], 0xaaaab54, 0x4d, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@x86={0xfa, 0xc, 0x1, 0x0, 0xdc, 0x2, 0x7, 0x3, 0x8d, 0x29, 0x60, 0x7, 0x0, 0x5, 0x1, 0x0, 0x0, 0x7, 0x9, '\x00', 0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.970959067s ago: executing program 2 (id=320):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xf, &(0x7f0000000100)={0x9, 0x7fffffff}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, 0x0, 0x0)

1.923955463s ago: executing program 2 (id=321):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x20004000) (fail_nth: 2)

1.909642616s ago: executing program 1 (id=322):
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000380)={0x60, 0x2, &(0x7f0000355000/0x4000)=nil, &(0x7f000030d000/0x1000)=nil, 0x3, 0x0, 0x0, 0xeb, 0x30, 0x61, 0x47, 0x43})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
get_robust_list(0x0, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet(0x10, 0x3, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09ff3a150099a283ff04b8008000f0ffff0000000600401500240036001fc411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab", 0x42}, {&(0x7f0000000080)='G%\x00\x00\x00\x00\x00\x00\x00\x00', 0xa}], 0x2}, 0x0)
recvmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}}], 0x300, 0x48, 0x0)

1.812620324s ago: executing program 3 (id=323):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r1, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000b40)=""/263, 0x107, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000540)=""/219, 0xdb, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000400)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x24b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0xa0, 0xc9, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x1, 0x1, 0x8, {0x9, 0x21, 0x7, 0x2, 0x1, {0x22, 0x34}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x4, 0x7, 0xc}}}}}]}}]}}, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0xc07}}, {0x5c, &(0x7f0000000780)=@string={0x5c, 0x3, "b7357e43ce344cb8c3ea8271170cc852270a901d3fdc3432a7a58eaf1c43e8861c520af27ec0028163f075f8a6f87895063a465f784e35b37ea237afc87e52acb45727db3ba85c15ad391ac0cf78413df7969c39fe5314bdb47e"}}]})
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000001840)={0x14, 0x0, 0x0}, &(0x7f0000001b40)={0x44, 0x0, 0x0, &(0x7f00000019c0)={0x0, 0x8, 0x1, 0x57}, 0x0, 0x0, &(0x7f0000001a80)={0x20, 0x83, 0x2, "3ee6"}, 0x0, &(0x7f0000001b00)={0x20, 0x85, 0x3, "c89593"}})
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$packet(r2, &(0x7f0000000000)={0x1f, 0xf8, 0x0, 0x1, 0x2, 0x6, @broadcast}, 0x14)
shutdown(r2, 0x1)

1.73684879s ago: executing program 0 (id=324):
r0 = syz_open_dev$loop(&(0x7f0000000300), 0x75f, 0x107783)
ioctl$LOOP_SET_STATUS(r0, 0x1277, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x0, 0x0, 0xc, 0x9, "4b8b3ea46929dfed0b2f34380d308f95a023d009852471dd5a94a9fe9549918ae7fd1f0ececd9bada8b108403362cfe0f4fccffb1b6a2115354d4df15d017a3f", "2363f18d9acc6c25af21ca2af6d2e80e4caadd6d126cfb80c92dc817d44dcdec", [0x1]})

1.106794969s ago: executing program 2 (id=325):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000002180c20000000800450c00201f000f0004069078ac1414bbac1414aa00014e20000c907801febbd9"], 0x0)

1.09960734s ago: executing program 0 (id=326):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x1e4, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1b4, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_LOSS={0x44, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x8, 0x7, 0x0, 0x8, 0x8001}}, @NETEM_LOSS_GE={0x14, 0x2, {0x10, 0xfffffffc, 0x0, 0xbac}}, @NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x1, 0x1, 0x8001}}]}, @TCA_NETEM_RATE={0x14, 0x6, {0x3, 0x3, 0x1, 0x5}}, @TCA_NETEM_DELAY_DIST={0x33, 0x2, "9f2b57f6fd6d293bfe5b6d9a96ed3dddee6b7e412e5f234d15c69e5d9c27c84e38c1aec4c41bc1aca5f6f367d423db"}, @TCA_NETEM_CORR={0x10, 0x1, {0x7, 0xd654, 0x101}}, @TCA_NETEM_LATENCY64={0xc, 0xa, 0x2}, @TCA_NETEM_REORDER={0xc, 0x3, {0x0, 0x3}}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x1ff, 0x3, 0xf, 0x1}}]}, @TCA_NETEM_DELAY_DIST={0x5b, 0x2, "3c926845bef2777306c8ce8c9e7c870635d5063a53232e3f3126a9cd3087f541a50b088e7362039158e2fc77f6bfc8f0b0af636870d08dde0dc116b78164fa69b70291157cf17607d14c226735b4ee76cb739c4af72fcb"}, @TCA_NETEM_LOSS={0x6c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x8, 0x4, 0x3, 0x5}}, @NETEM_LOSS_GE={0x14, 0x2, {0x0, 0x9, 0x8, 0x612}}, @NETEM_LOSS_GE={0x14, 0x2, {0x80, 0x1, 0xfe, 0x6}}, @NETEM_LOSS_GI={0x18, 0x1, {0x3, 0x7, 0x6, 0x9}}, @NETEM_LOSS_GE={0x14, 0x2, {0x7, 0x5, 0xf32, 0x1}}]}]}}}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

1.032868357s ago: executing program 2 (id=327):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
semctl$IPC_RMID(0x0, 0x0, 0x0)
write$selinux_access(0xffffffffffffffff, 0x0, 0x0)
getrlimit(0xb, &(0x7f00000000c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x6, 0x66c, 0x0, 'queue1\x00'})
write$sndseq(r2, 0x0, 0x0)
poll(0x0, 0x0, 0x9d)
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', 0xffffffffffffffff, 0x0, 0x4000000000000}, 0x18)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)

575.985077ms ago: executing program 0 (id=328):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
socket$unix(0x1, 0x2, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
socket$unix(0x1, 0x2, 0x0)
connect$unix(r0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0e00000004000000", @ANYRES32, @ANYBLOB="0000000000800000000000000000000000000000922a"], 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x10, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20)

510.935755ms ago: executing program 1 (id=329):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000ac0)={0xfffffffffffffffc, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01020000000000000000020000070900010073797a300000000014000000020a010200000000000000000000000a140000001100010000000000000000000000000a516ee6b7efa1de54a91b1bab550d081fdc31a726ec2ee5d0d5d3206d77758acdcd9bc9c484b424c3a27602bae959979d24abdae75d0a572138ef0137a3"], 0x5c}, 0x1, 0x0, 0x0, 0x4000018}, 0x40)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000100)={0x0, 0x2, 0x6}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0x8, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001980)={0x765, {"a2e3ad084fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3245078b089b39353b0e1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b33300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r7, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x6)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0), 0x4)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)

65.538434ms ago: executing program 2 (id=330):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r1, 0x0, 0x9, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0x7, 0xfe, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x7ff, 0x5, "cb630dab3a0338057401a192419598961f50dc45c87d55b42a28b8f01c0e0e7a"}})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000140)={0x10000000, 0x101})
io_setup(0x7, &(0x7f0000000040)=<r3=>0x0)
syz_clone3(&(0x7f0000000040)={0x200126000, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000680)=<r8=>0xffffffffffffffff)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r9}, 0x2c, {'wfdno', 0x3d, r10}})
r11 = eventfd2(0x1b, 0x80001)
r12 = eventfd(0x7)
r13 = openat2(0xffffffffffffff9c, &(0x7f0000000a40)='./file0\x00', &(0x7f0000000a80)={0x40, 0x1c, 0x34}, 0x18)
io_submit(r3, 0x9, &(0x7f0000000b00)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x9fb30251fcdf4d9, 0x8, r0, &(0x7f0000000080)="a4b15e388020d4046cf99113fb282e23c0dd6d75a16748f024657cad11f05fed070c43a62ff33536b5dfedae8de09312306a1f2e7633f8d9627e6ce04c6aa776c7971ff5c6d68c3cd7d63c605652067662ef10f2e18a9ef1139bafe8ea78b91fe9524464b19a66a4f444efbb4dfc65232a47ce35bd0a8ba146adcd91137b870ce240e406efd4c03e519c417354752de8a76b757a53f1c3cc7f178a969badff0685fabe515139db3923c2717caebd", 0xae, 0x6, 0x0, 0x3, r7}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x5, 0x8, r2, &(0x7f0000000340)="f2e7712e7ae3546c002601ba19916dcf3cd2346523b77cfb994e7ec619bcff55f19ee2125c3a559fb8a206787bdfbe5d507b1b7d44c4fac11584bb60d9ba3ebbd903f432a123e2595b03033a110c872bec094e9e3f07b077fd923a87c84f57112fbd483e2925b7f9b29ddce70b085e401528bff8229a3c8732a75c9cef29506419707f7746b499bc6d6130292462cd34c3539be7b4846191cc936942d154daabaaefbfc060d3c90b", 0xa8, 0x2, 0x0, 0x1}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8, 0xd, r2, &(0x7f0000000400)="a8d6b60ec84497582873415ce4df79c2ddf68dc59a136e8a4c0cb2ad2a44a6faf0b6fdfb45f4c0bc5079715e1d723865e046f785d5ab990b6cb73563df3269771011568f91d8210fa954d5cf3e7c7310c68f32c46a827c20948cb295f3e79418659dcd8309398c2fff4386a04864a9373db103b8164b54cd524a72d3ba0b", 0x7e, 0x1, 0x0, 0x2}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, &(0x7f0000000480)="3612841443e7dd5b3161a7e510f4083480d12d74302cc080d92c97e8902d904238e1a8e11a3176a5e04b0dfa28aa71381ddc79085aafc1ea90210e969a03357cb3770063619551f0ba9b75867883cde0e0a59eae0f60aa9fc7c21d3dfa10eeb5108cfd486a12075035cfd04ca07c9f44e23fe5b2dfff28bd842a34a74b09fedf4df87a28aac86f47e58465b3effea719511f8895b63db3621f703b8ef20e83fcff642005f6f4c17f91b8ec7d115c8bf5a130ceaaeb648684783844978afc46989cbe93fea7613d32cbef7d3a72e5c68dcf17aa0594135bca204dc45964a75c693a9c79f2d9526eb052ba41bec2", 0xed, 0x80000001, 0x0, 0x1}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x3, 0x81, r0, &(0x7f00000005c0)="e9219c353b903e802bd9f87b64e466e5a617922e68c9d0e5628652a776a6ee7d0c5db6266ddcdb46fb614025c738e484752d507e9cebb40bc5eecb331a1ec5f03eca52b60813d993e42b4263c5dd89b38a281ecfc4650913477baece259b3b25167409ae", 0x64, 0x5, 0x0, 0x1}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x5, 0x3, r8, &(0x7f00000006c0)="45ae7cdbefe7a2a0b3cab8bf63a147c802f30517ae7780a1734fc90f916c0bcc582a77158171f43427d745397aca472593f1d175129abc920fa1bee00a15d3d6057adb73015939d1d8445cebc5ad75f7a0959b76636176fadcd315aafe2f975e49b5fa774a39710bf7ee332b863779d2ea58d0b6b49bd95dc28a6466277ba76b072e0bc0ca6b19cd88fcaddb1ffac018c13818edaea5ccb5f38fd20ee7f74bcf778f6d2bd4441f7462b54f497eb9", 0xae, 0x7fff, 0x0, 0x7, r9}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x3, 0x8b39, r2, &(0x7f00000007c0)="f0e1653a47505f81558c23a5a550dcac3b023d40eda972db16dd4dd2d68c4a21e1a04eb3a080103ff97403b8783fd6c8c7d7911ba4993dae5dbff2262814a7358df976bb489926c2a21d674e412d71ce36e63395388efefd5ae8613545aefb29c9c21e079595a7088cdd260dd2606cd7ee715fbd83696c8b5a18eddd61ce097b46e04f2f285117e8fa3604f2ae4d324de37fed557a063e3ab4563ec65029164e1b5ac75f79880233a5a37b520f7d9964a43f4a40f5b4a36b375e42ed7c8cb112ee873a3246", 0xc5, 0xd1, 0x0, 0x0, r11}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0xe, 0x8001, r0, &(0x7f0000000900)="fd999cbecced901fdf62e3cda8654e5845313ad98a859e1809b1bc12cde06399e5636c635581f84c96aa6034639c7ea72898b99b9cddc4aa33d20d34ef63a009e87d41e570ad1b11444faa6c7b166fb59c6700258fabe7f59383406664e0b4a40dfd547f205d5f67d4c590ee8fc3fe9304c023074efa70", 0x77, 0xffff, 0x0, 0x2, r12}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f00000009c0)="4ca61d740ef1daa03418408dab8b9b4cda310c3031fad5577363342b67f64d66a8a89c6a624d17d91a9868d028b96d92fe26a63367afd49efc3a5c12373d7d1d702d", 0x42, 0x4, 0x0, 0x2, r13}])

48.557582ms ago: executing program 4 (id=331):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prlimit64(0x0, 0xf, &(0x7f0000000100)={0x9, 0x7fffffff}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

0s ago: executing program 0 (id=332):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r0 = dup(0xffffffffffffffff)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x26)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10)
sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4004050}, 0x0)
socket(0x1e, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000a40)={'wlan1\x00'})
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2600, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000140)={0x28, 0x3, r7, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000007000000080001006e00000008000300", @ANYRES32=r10, @ANYBLOB="0c0099000000000000000000050053000100000014000400776c616e310000000000000000000000140006"], 0x60}}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r7, 0x0, &(0x7f00006a2000/0x2000)=nil, 0x2000, 0x1000000001})
ioctl$IOMMU_IOAS_COPY(r6, 0x3b83, &(0x7f0000000180)={0x28, 0x3, r7, r7, 0x6, 0x4, 0x3fff})
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}})

kernel console output (not intermixed with test programs):

batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.719442][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.745058][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.768771][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.779755][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.800556][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.815944][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   53.822880][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.848885][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   53.874950][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   53.881892][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   53.910148][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   53.931039][ T5821] hsr_slave_0: entered promiscuous mode
[   53.937139][ T5821] hsr_slave_1: entered promiscuous mode
[   53.958762][ T5813] team0: Port device team_slave_0 added
[   53.968876][ T5825] team0: Port device team_slave_0 added
[   53.976267][ T5825] team0: Port device team_slave_1 added
[   54.008544][ T5813] team0: Port device team_slave_1 added
[   54.047879][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.054928][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.081608][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.101534][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.108967][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.140122][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.160032][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.169266][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.195686][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.209342][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.216526][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.242581][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.253532][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.260773][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.268803][ T5823] bridge_slave_0: entered allmulticast mode
[   54.275554][ T5823] bridge_slave_0: entered promiscuous mode
[   54.284333][ T5817] hsr_slave_0: entered promiscuous mode
[   54.290319][ T5817] hsr_slave_1: entered promiscuous mode
[   54.296463][ T5817] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.304399][ T5817] Cannot create hsr debugfs directory
[   54.320883][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.328066][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.335586][ T5823] bridge_slave_1: entered allmulticast mode
[   54.341938][ T5823] bridge_slave_1: entered promiscuous mode
[   54.362133][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.372836][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.432683][ T5823] team0: Port device team_slave_0 added
[   54.451461][ T5825] hsr_slave_0: entered promiscuous mode
[   54.457534][ T5825] hsr_slave_1: entered promiscuous mode
[   54.463387][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.471021][ T5825] Cannot create hsr debugfs directory
[   54.478916][ T5813] hsr_slave_0: entered promiscuous mode
[   54.485885][ T5813] hsr_slave_1: entered promiscuous mode
[   54.491711][ T5813] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.499292][ T5813] Cannot create hsr debugfs directory
[   54.506530][ T5823] team0: Port device team_slave_1 added
[   54.549368][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.556364][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.582870][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.596978][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.603924][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.631143][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.692240][ T5823] hsr_slave_0: entered promiscuous mode
[   54.699119][ T5823] hsr_slave_1: entered promiscuous mode
[   54.705780][ T5823] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   54.713307][ T5823] Cannot create hsr debugfs directory
[   54.755084][ T5816] Bluetooth: hci1: command tx timeout
[   54.760800][ T5816] Bluetooth: hci2: command tx timeout
[   54.766660][ T5138] Bluetooth: hci0: command tx timeout
[   54.789837][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   54.822491][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   54.852321][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   54.860809][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   54.914406][ T5816] Bluetooth: hci3: command tx timeout
[   54.914603][   T55] Bluetooth: hci4: command tx timeout
[   54.928406][ T5817] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   54.937082][ T5817] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   54.949018][ T5817] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   54.957925][ T5817] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   54.992873][ T5813] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.001628][ T5813] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.015726][ T5813] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.034716][ T5813] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.094835][ T5825] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   55.104231][ T5825] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   55.122686][ T5825] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   55.136997][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.161060][ T5825] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   55.201955][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   55.216867][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.229426][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.236633][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.252573][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.262809][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.276635][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.286878][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.296490][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.311696][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.318775][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.344866][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   55.377437][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.384534][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.396216][ T5813] 8021q: adding VLAN 0 to HW filter on device team0
[   55.419743][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.426829][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.436219][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.443285][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.462471][ T5821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.479958][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.487044][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.547434][   T29] kauditd_printk_skb: 13 callbacks suppressed
[   55.547448][   T29] audit: type=1400 audit(1736915330.357:111): avc:  denied  { sys_module } for  pid=5821 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   55.549502][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.618618][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.649984][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.686479][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   55.702514][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   55.721302][   T81] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.728467][   T81] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.767674][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.774794][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.787812][ T1082] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.794927][ T1082] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.803916][ T1082] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.811004][ T1082] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.841749][ T5823] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.853214][ T5823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.893531][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.916157][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.938685][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.985887][ T5821] veth0_vlan: entered promiscuous mode
[   56.016691][ T5821] veth1_vlan: entered promiscuous mode
[   56.081323][ T5813] veth0_vlan: entered promiscuous mode
[   56.098975][ T5821] veth0_macvtap: entered promiscuous mode
[   56.109647][ T5821] veth1_macvtap: entered promiscuous mode
[   56.139225][ T5813] veth1_vlan: entered promiscuous mode
[   56.171435][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.186220][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.211866][ T5813] veth0_macvtap: entered promiscuous mode
[   56.231150][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.240684][ T5821] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.250724][ T5821] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.259905][ T5821] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.268916][ T5821] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.292561][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.300826][ T5813] veth1_macvtap: entered promiscuous mode
[   56.332298][ T5823] veth0_vlan: entered promiscuous mode
[   56.357763][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   56.373381][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.384215][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.394356][ T5813] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   56.405577][ T5813] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.416543][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.430267][ T5813] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.439470][ T5813] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.448901][ T5813] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.457901][ T5813] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.482715][ T5823] veth1_vlan: entered promiscuous mode
[   56.511537][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.519534][ T5817] veth0_vlan: entered promiscuous mode
[   56.529814][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.575093][ T1082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.585272][ T5817] veth1_vlan: entered promiscuous mode
[   56.592483][ T1082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.593341][ T5825] veth0_vlan: entered promiscuous mode
[   56.623079][ T5823] veth0_macvtap: entered promiscuous mode
[   56.631655][   T29] audit: type=1400 audit(1736915331.447:112): avc:  denied  { mounton } for  pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   56.642130][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.657195][ T5825] veth1_vlan: entered promiscuous mode
[   56.682166][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.701810][   T29] audit: type=1400 audit(1736915331.477:113): avc:  denied  { mount } for  pid=5821 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   56.724819][   T29] audit: type=1400 audit(1736915331.477:114): avc:  denied  { mounton } for  pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   56.731211][ T5823] veth1_macvtap: entered promiscuous mode
[   56.756969][   T29] audit: type=1400 audit(1736915331.477:115): avc:  denied  { mount } for  pid=5821 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   56.780912][   T29] audit: type=1400 audit(1736915331.487:116): avc:  denied  { mounton } for  pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   56.816489][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.825531][ T5817] veth0_macvtap: entered promiscuous mode
[   56.844147][   T55] Bluetooth: hci2: command tx timeout
[   56.849564][   T55] Bluetooth: hci0: command tx timeout
[   56.852318][ T5825] veth0_macvtap: entered promiscuous mode
[   56.855322][ T5816] Bluetooth: hci1: command tx timeout
[   56.866483][   T29] audit: type=1400 audit(1736915331.487:117): avc:  denied  { mounton } for  pid=5821 comm="syz-executor" path="/root/syzkaller.BzYviF/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6596 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   56.882709][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.898052][   T29] audit: type=1400 audit(1736915331.487:118): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   56.922840][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   56.926737][   T29] audit: type=1400 audit(1736915331.497:119): avc:  denied  { mounton } for  pid=5821 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   56.938058][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.957036][   T29] audit: type=1400 audit(1736915331.497:120): avc:  denied  { mount } for  pid=5821 comm="syz-executor" name="/" dev="gadgetfs" ino=6597 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   56.969347][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   56.994214][ T5816] Bluetooth: hci3: command tx timeout
[   56.997452][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.001876][ T5816] Bluetooth: hci4: command tx timeout
[   57.012696][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.028663][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.039452][ T5817] veth1_macvtap: entered promiscuous mode
[   57.053082][ T5825] veth1_macvtap: entered promiscuous mode
[   57.078420][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.101641][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.111876][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.122547][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.132545][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.143350][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.154703][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.176595][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.191529][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.202544][ T5823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.222458][ T5823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.240027][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.259817][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.276277][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.286956][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.300054][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.309946][ T5817] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.320811][ T5817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.332342][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.348173][ T5823] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.374157][ T5823] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.544063][ T5894] binder: 5888:5894 ioctl c0306201 0 returned -14
[   57.575086][ T5823] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.586512][ T5823] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.367999][ T5817] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.394401][ T5817] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.424039][ T5817] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.432767][ T5817] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.520336][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.531574][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.541491][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.602974][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.631241][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.671420][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.700903][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.712436][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.730246][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.770232][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.785929][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.798467][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.809962][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.820398][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.831377][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.844121][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.854774][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.865903][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.876682][ T5825] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.886274][ T5825] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.895185][ T5825] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.903891][ T5825] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.914577][   T55] Bluetooth: hci1: command tx timeout
[   58.918707][ T5816] Bluetooth: hci0: command tx timeout
[   58.925373][   T55] Bluetooth: hci2: command tx timeout
[   58.948852][ T3537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.957346][ T3537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.004401][ T1070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.022384][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.030473][ T1070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.033825][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.071171][ T2134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.079112][ T5816] Bluetooth: hci4: command tx timeout
[   59.079144][ T5816] Bluetooth: hci3: command tx timeout
[   59.100660][ T2134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.123910][ T1070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.132155][ T1070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.154552][ T5858] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   59.182762][ T5908] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1'.
[   59.185628][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.216814][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.429508][ T5858] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   59.439951][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.453536][ T5918] netlink: 256 bytes leftover after parsing attributes in process `syz.2.10'.
[   59.508306][ T5918] netlink: 48 bytes leftover after parsing attributes in process `syz.2.10'.
[   59.590959][ T5858] usb 2-1: Product: syz
[   59.595311][ T5858] usb 2-1: Manufacturer: syz
[   59.599987][ T5858] usb 2-1: SerialNumber: syz
[   59.615408][ T5858] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   59.630093][ T5906] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   59.640528][ T5815] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   59.684008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[   59.716405][   T47] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   59.754186][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   59.801440][ T5906] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   59.811787][ T5906] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[   59.837712][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   59.856371][ T5906] usb 5-1: config 0 descriptor??
[   59.870557][ T5906] pwc: Askey VC010 type 2 USB webcam detected.
[   59.874781][   T47] usb 1-1: Using ep0 maxpacket: 16
[   59.890009][   T47] usb 1-1: unable to get BOS descriptor or descriptor too short
[   59.901163][   T47] usb 1-1: config index 0 descriptor too short (expected 2093, got 45)
[   59.930695][   T47] usb 1-1: config 7 has an invalid interface number: 117 but max is 0
[   59.946354][   T47] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[   59.970342][   T47] usb 1-1: config 7 has no interface number 0
[   59.977054][   T47] usb 1-1: config 7 interface 117 has no altsetting 0
[   60.000121][   T47] usb 1-1: New USB device found, idVendor=0421, idProduct=04c9, bcdDevice=ed.ff
[   60.017506][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   60.038249][   T47] usb 1-1: Product: syz
[   60.060405][   T47] usb 1-1: Manufacturer: syz
[   60.070771][   T47] usb 1-1: SerialNumber: syz
[   60.275518][ T5906] pwc: recv_control_msg error -32 req 02 val 2b00
[   60.292245][ T5906] pwc: recv_control_msg error -32 req 02 val 2700
[   60.314642][ T5906] pwc: recv_control_msg error -32 req 02 val 2c00
[   60.315372][ T5906] pwc: recv_control_msg error -32 req 04 val 1000
[   60.315787][ T5906] pwc: recv_control_msg error -32 req 04 val 1300
[   60.316685][ T5913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.316928][ T5913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.318055][ T5913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   60.318264][ T5913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   60.319249][ T5906] pwc: recv_control_msg error -32 req 04 val 1400
[   60.319713][ T5906] pwc: recv_control_msg error -32 req 02 val 2000
[   60.320147][ T5906] pwc: recv_control_msg error -32 req 02 val 2100
[   60.321528][ T5906] pwc: recv_control_msg error -32 req 04 val 1500
[   60.419140][ T5860] usb 2-1: USB disconnect, device number 2
[   60.530363][ T5906] pwc: recv_control_msg error -71 req 02 val 2400
[   60.537325][ T5933] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1'.
[   60.538729][ T5906] pwc: recv_control_msg error -71 req 02 val 2600
[   60.565072][   T29] kauditd_printk_skb: 77 callbacks suppressed
[   60.565087][   T29] audit: type=1400 audit(1736915335.377:198): avc:  denied  { name_bind } for  pid=5907 comm="syz.0.1" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   60.622312][   T29] audit: type=1400 audit(1736915335.427:199): avc:  denied  { create } for  pid=5927 comm="syz.2.13" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   60.623237][ T5906] pwc: recv_control_msg error -71 req 02 val 2900
[   60.648926][ T5906] pwc: recv_control_msg error -71 req 02 val 2800
[   60.660250][ T5906] pwc: recv_control_msg error -71 req 04 val 1100
[   60.664508][ T5908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'.
[   60.668665][ T5906] pwc: recv_control_msg error -71 req 04 val 1200
[   60.675694][ T5815] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[   60.676122][ T5815] ath9k_htc: Failed to initialize the device
[   60.694236][ T5908] openvswitch: netlink: Flow key attr not present in new flow.
[   60.706726][ T5860] usb 2-1: ath9k_htc: USB layer deinitialized
[   60.721124][   T29] audit: type=1400 audit(1736915335.457:200): avc:  denied  { ioctl } for  pid=5927 comm="syz.2.13" path="socket:[6888]" dev="sockfs" ino=6888 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   60.753305][ T5906] pwc: Registered as video103.
[   60.769610][ T5906] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input5
[   60.782374][   T29] audit: type=1400 audit(1736915335.587:201): avc:  denied  { read } for  pid=5176 comm="acpid" name="event4" dev="devtmpfs" ino=2731 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   60.787581][ T5906] usb 5-1: USB disconnect, device number 2
[   60.804821][    C1] vkms_vblank_simulate: vblank timer overrun
[   60.841296][   T29] audit: type=1400 audit(1736915335.587:202): avc:  denied  { open } for  pid=5176 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2731 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   60.892144][   T29] audit: type=1400 audit(1736915335.587:203): avc:  denied  { ioctl } for  pid=5176 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2731 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   60.995056][   T55] Bluetooth: hci2: command tx timeout
[   61.001136][   T55] Bluetooth: hci1: command tx timeout
[   61.009435][   T29] audit: type=1400 audit(1736915335.817:204): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   61.057148][   T29] audit: type=1400 audit(1736915335.867:205): avc:  denied  { create } for  pid=5935 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   61.098381][ T5936] Bluetooth: MGMT ver 1.23
[   61.105662][   T29] audit: type=1400 audit(1736915335.907:206): avc:  denied  { bind } for  pid=5935 comm="syz.2.14" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   61.125335][   T29] audit: type=1400 audit(1736915335.907:207): avc:  denied  { write } for  pid=5935 comm="syz.2.14" path="socket:[8348]" dev="sockfs" ino=8348 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   61.159378][ T5816] Bluetooth: hci3: command tx timeout
[   61.160011][   T55] Bluetooth: hci4: command tx timeout
[   61.374039][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   61.973287][ T5860] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   62.004063][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   62.160465][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   62.190596][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   62.242913][ T1200] IPVS: starting estimator thread 0...
[   62.304003][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[   62.317816][ T5929] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[   62.320229][ T5860] usb 3-1: Using ep0 maxpacket: 32
[   62.334302][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   62.343206][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   62.395398][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   62.414772][ T5949] IPVS: using max 30 ests per chain, 72000 per kthread
[   62.446102][ T5948] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[   62.574772][ T5860] usb 3-1: config 0 has an invalid interface number: 23 but max is 0
[   62.585197][ T5860] usb 3-1: config 0 has no interface number 0
[   62.591332][ T5860] usb 3-1: config 0 interface 23 has no altsetting 0
[   62.665383][ T5860] usb 3-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice= c.62
[   62.695796][   T47] usb 1-1: bad CDC descriptors
[   62.717070][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.724233][   T47] usb 1-1: USB disconnect, device number 2
[   62.783017][ T5860] usb 3-1: config 0 descriptor??
[   62.796991][ T5860] gspca_main: sunplus-2.14.0 probing 052b:1803
[   63.205789][ T5921] usb 3-1: USB disconnect, device number 2
[   63.650365][ T5968] tmpfs: Bad value for 'mpol'
[   64.284084][   T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   64.607208][   T25] usb 2-1: New USB device found, idVendor=0424, idProduct=7505, bcdDevice=74.82
[   64.628611][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   64.665248][   T25] usb 2-1: Product: syz
[   64.669482][   T25] usb 2-1: Manufacturer: syz
[   64.692473][   T25] usb 2-1: SerialNumber: syz
[   64.707325][ T5982] lo speed is unknown, defaulting to 1000
[   64.726877][ T5982] lo speed is unknown, defaulting to 1000
[   64.748997][ T5982] lo speed is unknown, defaulting to 1000
[   64.773841][   T25] usb 2-1: config 0 descriptor??
[   64.783738][   T25] smsc75xx v1.0.0
[   64.787492][   T25] smsc75xx 2-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[   64.797584][   T25] smsc75xx 2-1:0.0: probe with driver smsc75xx failed with error -22
[   64.833277][ T5982] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   65.177305][ T5982] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   65.509104][ T5982] lo speed is unknown, defaulting to 1000
[   65.516980][ T5982] lo speed is unknown, defaulting to 1000
[   65.676286][ T5982] lo speed is unknown, defaulting to 1000
[   65.697887][ T5982] lo speed is unknown, defaulting to 1000
[   65.705234][ T5982] lo speed is unknown, defaulting to 1000
[   65.745247][   T29] kauditd_printk_skb: 25 callbacks suppressed
[   65.745263][   T29] audit: type=1400 audit(1736915340.537:233): avc:  denied  { audit_write } for  pid=5988 comm="syz.2.27" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   65.859948][   T29] audit: type=1107 audit(1736915340.537:234): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='x
�iH�a���ۗ�L���)P���Eu��m�D�کrQ�p��3�P�Q6�4mL�a'�;1�$��5�F,L�`W\}�<��S�MC��U@A�������텮EC�YwB��8�|ϛX�@���#�zbwW�O��[�&�޻6����ꇑ��������!�3c;U�
��P��'
[   66.622080][   T29] audit: type=1400 audit(1736915341.037:235): avc:  denied  { ioctl } for  pid=5996 comm="syz.3.29" path="socket:[6963]" dev="sockfs" ino=6963 ioctlcmd=0x943c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   66.770954][   T29] audit: type=1400 audit(1736915341.577:236): avc:  denied  { write } for  pid=5996 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   66.862072][   T29] audit: type=1400 audit(1736915341.577:237): avc:  denied  { connect } for  pid=5996 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   66.885099][   T29] audit: type=1400 audit(1736915341.577:238): avc:  denied  { name_connect } for  pid=5996 comm="syz.3.29" dest=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[   67.055465][   T25] usb 2-1: USB disconnect, device number 3
[   67.148344][   T29] audit: type=1400 audit(1736915341.917:239): avc:  denied  { create } for  pid=5996 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   67.397990][   T29] audit: type=1400 audit(1736915342.207:240): avc:  denied  { ioctl } for  pid=6003 comm="syz.4.33" path="socket:[8529]" dev="sockfs" ino=8529 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   67.398350][ T6004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.33'.
[   67.534575][   T29] audit: type=1400 audit(1736915342.247:241): avc:  denied  { name_bind } for  pid=6006 comm="syz.1.31" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   67.971532][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.980079][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.039928][ T6013] warning: `syz.3.32' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   68.194449][   T55] Bluetooth: hci0: unexpected subevent 0x0e length: 28 > 15
[   68.202335][   T55] Bluetooth: hci0: Unable to find connection for dst 00:00:00:00:00:00 sid 0xbc
[   68.222748][   T29] audit: type=1400 audit(1736915343.027:242): avc:  denied  { mounton } for  pid=6017 comm="syz.1.36" path="/7/file0" dev="tmpfs" ino=55 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   68.244818][    C1] vkms_vblank_simulate: vblank timer overrun
[   68.868051][ T6032] netlink: 20 bytes leftover after parsing attributes in process `syz.0.42'.
[   69.019152][ T5860] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   69.390715][ T5860] usb 4-1: Using ep0 maxpacket: 8
[   69.845624][ T5860] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   69.855578][ T5860] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   69.865516][ T5860] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   69.876259][ T5860] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   69.897565][ T5860] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   69.908433][ T5860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.451618][ T6056] NILFS (loop2): device size too small
[   70.905539][ T5860] usb 4-1: usb_control_msg returned -32
[   70.911154][ T5860] usbtmc 4-1:16.0: can't read capabilities
[   70.925252][ T5860] usb 4-1: USB disconnect, device number 2
[   71.101916][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[   71.110989][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[   71.873665][   T29] kauditd_printk_skb: 5 callbacks suppressed
[   71.873681][   T29] audit: type=1400 audit(1736915345.947:248): avc:  denied  { read } for  pid=6058 comm="syz.0.49" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   71.927431][   T29] audit: type=1400 audit(1736915345.947:249): avc:  denied  { open } for  pid=6058 comm="syz.0.49" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   71.981248][ T6068] Cannot find del_set index 0 as target
[   71.989509][   T29] audit: type=1400 audit(1736915345.947:250): avc:  denied  { ioctl } for  pid=6058 comm="syz.0.49" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   72.097885][   T29] audit: type=1400 audit(1736915346.017:251): avc:  denied  { shutdown } for  pid=6058 comm="syz.0.49" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   72.126584][   T29] audit: type=1400 audit(1736915346.907:252): avc:  denied  { create } for  pid=6069 comm="syz.0.52" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   72.179024][ T6072] tipc: Started in network mode
[   72.179929][ T6070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.52'.
[   72.196624][ T6072] tipc: Node identity ac14140f, cluster identity 4711
[   72.233786][ T6072] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[   72.317618][ T6078] Zero length message leads to an empty skb
[   72.397350][   T29] audit: type=1400 audit(1736915347.197:253): avc:  denied  { connect } for  pid=6074 comm="syz.4.54" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[   72.462585][   T29] audit: type=1400 audit(1736915347.197:254): avc:  denied  { name_connect } for  pid=6074 comm="syz.4.54" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[   72.732538][   T29] audit: type=1400 audit(1736915347.207:255): avc:  denied  { name_connect } for  pid=6069 comm="syz.0.52" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   73.524319][ T6085] syz.3.55 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   73.894285][   T29] audit: type=1400 audit(1736915348.687:256): avc:  denied  { open } for  pid=6086 comm="syz.0.57" path="/dev/ptyq5" dev="devtmpfs" ino=124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[   74.043589][   T29] audit: type=1400 audit(1736915348.707:257): avc:  denied  { ioctl } for  pid=6086 comm="syz.0.57" path="/dev/ptyq5" dev="devtmpfs" ino=124 ioctlcmd=0x5438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[   76.203648][  T969] cfg80211: failed to load regulatory.db
[   77.976771][ T6137] netlink: 'syz.1.68': attribute type 11 has an invalid length.
[   78.236171][   T29] kauditd_printk_skb: 6 callbacks suppressed
[   78.236188][   T29] audit: type=1400 audit(1736915352.777:264): avc:  denied  { append } for  pid=6131 comm="syz.1.68" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   78.264573][    C1] vkms_vblank_simulate: vblank timer overrun
[   78.478401][   T29] audit: type=1400 audit(1736915353.197:265): avc:  denied  { bind } for  pid=6127 comm="syz.3.67" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   78.499038][   T29] audit: type=1400 audit(1736915353.197:266): avc:  denied  { name_bind } for  pid=6127 comm="syz.3.67" src=20010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[   78.520728][   T29] audit: type=1400 audit(1736915353.197:267): avc:  denied  { node_bind } for  pid=6127 comm="syz.3.67" saddr=fe80::aa src=20010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[   78.662919][ T6140] mmap: syz.0.69 (6140) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   79.154121][ T5906] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   79.797100][ T5906] usb 1-1: device descriptor read/64, error -71
[   80.057142][ T5906] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   80.184057][ T5906] usb 1-1: device descriptor read/64, error -71
[   80.294351][ T5906] usb usb1-port1: attempt power cycle
[   80.424177][ T6159] gfs2: gfs2 mount does not exist
[   80.516567][   T29] audit: type=1400 audit(1736915355.227:268): avc:  denied  { read write } for  pid=6154 comm="syz.3.73" name="sg0" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   80.604925][   T29] audit: type=1400 audit(1736915355.227:269): avc:  denied  { open } for  pid=6154 comm="syz.3.73" path="/dev/sg0" dev="devtmpfs" ino=718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   80.628587][    C1] vkms_vblank_simulate: vblank timer overrun
[   80.794202][ T5906] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   80.814453][ T5906] usb 1-1: device descriptor read/8, error -71
[   81.084144][ T5906] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   81.103857][ T6163] program syz.3.75 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   81.158137][ T5906] usb 1-1: device descriptor read/8, error -71
[   81.173664][   T29] audit: type=1400 audit(1736915355.977:270): avc:  denied  { write } for  pid=6161 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   81.175411][ T6163] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'.
[   81.193539][    C1] vkms_vblank_simulate: vblank timer overrun
[   81.275109][ T6166] netlink: 8 bytes leftover after parsing attributes in process `syz.3.75'.
[   81.282410][   T29] audit: type=1400 audit(1736915355.977:271): avc:  denied  { nlmsg_write } for  pid=6161 comm="syz.3.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   81.289412][ T5906] usb usb1-port1: unable to enumerate USB device
[   81.474787][   T29] audit: type=1400 audit(1736915356.287:272): avc:  denied  { read write } for  pid=6170 comm="syz.3.78" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   81.497808][    C1] vkms_vblank_simulate: vblank timer overrun
[   81.829149][   T29] audit: type=1400 audit(1736915356.287:273): avc:  denied  { open } for  pid=6170 comm="syz.3.78" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[   82.377946][ T5906] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   82.596980][ T5906] usb 5-1: Using ep0 maxpacket: 8
[   82.606719][ T5906] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[   82.626489][ T5906] usb 5-1: config 179 has no interface number 0
[   82.642308][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   82.673099][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   82.696463][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   82.763050][ T5906] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   82.788335][ T5906] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   82.818673][ T5906] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   82.834401][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.936150][ T6168] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[   83.136694][ T6200] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.655333][ T6201] netlink: 'syz.3.84': attribute type 3 has an invalid length.
[   83.706854][ T6201] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.84'.
[   83.769502][ T6201] NILFS (loop3): device size too small
[   83.875683][    C0] Illegal XDP return value 16128 on prog  (id 20) dev bond_slave_0, expect packet loss!
[   83.982464][   T29] kauditd_printk_skb: 5 callbacks suppressed
[   83.982483][   T29] audit: type=1400 audit(1736915357.967:279): avc:  denied  { connect } for  pid=6193 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   84.275880][   T29] audit: type=1400 audit(1736915357.967:280): avc:  denied  { write } for  pid=6193 comm="syz.2.83" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   85.229349][   T29] audit: type=1400 audit(1736915360.017:281): avc:  denied  { sys_module } for  pid=6208 comm="syz.0.86" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   85.282874][   T25] usb 5-1: USB disconnect, device number 3
[   85.282913][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   85.298615][    C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending?
[   85.354740][ T6209] capability: warning: `syz.0.86' uses deprecated v2 capabilities in a way that may be insecure
[   85.390992][   T29] audit: type=1400 audit(1736915360.197:282): avc:  denied  { mount } for  pid=6208 comm="syz.0.86" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   85.412639][    C1] vkms_vblank_simulate: vblank timer overrun
[   85.604135][   T29] audit: type=1400 audit(1736915360.287:283): avc:  denied  { unmount } for  pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   86.080244][   T29] audit: type=1400 audit(1736915360.887:284): avc:  denied  { unmount } for  pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   86.165327][ T1200] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   86.249708][ T6233] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[   86.734843][ T1200] usb 1-1: Using ep0 maxpacket: 16
[   86.741503][ T1200] usb 1-1: config index 0 descriptor too short (expected 16456, got 72)
[   86.760513][ T1200] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[   86.783985][ T1200] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[   86.799013][ T1200] usb 1-1: config 0 has an invalid interface number: 125 but max is 1
[   86.807693][ T1200] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[   86.818994][ T1200] usb 1-1: config 0 has no interface number 0
[   86.835314][ T1200] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[   86.851423][ T1200] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[   86.863161][ T1200] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[   86.900009][ T1200] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   86.913989][ T1200] usb 1-1: config 0 interface 125 has no altsetting 0
[   86.920872][ T1200] usb 1-1: config 0 interface 125 has no altsetting 2
[   86.936250][ T1200] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[   86.979969][ T1200] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.994874][ T1200] usb 1-1: Product: syz
[   86.999128][ T1200] usb 1-1: Manufacturer: syz
[   87.003772][ T1200] usb 1-1: SerialNumber: syz
[   87.325378][ T1200] usb 1-1: config 0 descriptor??
[   87.365598][ T1200] usb 1-1: selecting invalid altsetting 2
[   87.385711][   T29] audit: type=1400 audit(1736915362.147:285): avc:  denied  { read write } for  pid=6241 comm="syz.3.95" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   87.433165][   T29] audit: type=1400 audit(1736915362.147:286): avc:  denied  { open } for  pid=6241 comm="syz.3.95" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[   87.467712][   T29] audit: type=1400 audit(1736915362.147:287): avc:  denied  { execute } for  pid=6241 comm="syz.3.95" path="/21/memory.current" dev="tmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   87.944322][ T6250] FAULT_INJECTION: forcing a failure.
[   87.944322][ T6250] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   87.957544][ T6250] CPU: 0 UID: 0 PID: 6250 Comm: syz.3.100 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[   87.968145][ T6250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   87.978208][ T6250] Call Trace:
[   87.981486][ T6250]  <TASK>
[   87.984422][ T6250]  dump_stack_lvl+0x16c/0x1f0
[   87.989111][ T6250]  should_fail_ex+0x497/0x5b0
[   87.993801][ T6250]  _copy_from_user+0x2e/0xd0
[   87.998396][ T6250]  drm_ioctl+0x501/0xc00
[   88.002655][ T6250]  ? __pfx_drm_wait_vblank_ioctl+0x10/0x10
[   88.008472][ T6250]  ? __pfx_drm_ioctl+0x10/0x10
[   88.013241][ T6250]  ? __pfx_lock_release+0x10/0x10
[   88.018280][ T6250]  ? selinux_file_ioctl+0x180/0x270
[   88.023489][ T6250]  ? selinux_file_ioctl+0xb4/0x270
[   88.028609][ T6250]  ? __pfx_drm_ioctl+0x10/0x10
[   88.033381][ T6250]  __x64_sys_ioctl+0x190/0x200
[   88.038155][ T6250]  do_syscall_64+0xcd/0x250
[   88.042667][ T6250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.048569][ T6250] RIP: 0033:0x7f7c07185d29
[   88.052991][ T6250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.072615][ T6250] RSP: 002b:00007f7c07edd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   88.081040][ T6250] RAX: ffffffffffffffda RBX: 00007f7c07375fa0 RCX: 00007f7c07185d29
[   88.089014][ T6250] RDX: 0000000020000140 RSI: 00000000c018643a RDI: 0000000000000004
[   88.096982][ T6250] RBP: 00007f7c07edd090 R08: 0000000000000000 R09: 0000000000000000
[   88.104941][ T6250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.112899][ T6250] R13: 0000000000000000 R14: 00007f7c07375fa0 R15: 00007ffcb3e7a858
[   88.120865][ T6250]  </TASK>
[   88.125169][  T969] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   88.159056][   T29] audit: type=1400 audit(1736915362.967:288): avc:  denied  { read } for  pid=6253 comm="syz.4.99" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   88.284701][  T969] usb 2-1: Using ep0 maxpacket: 8
[   88.300075][  T969] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[   88.316254][  T969] usb 2-1: config 179 has no interface number 0
[   88.317138][    T9] hid (null): unknown global tag 0xe
[   88.322565][  T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   88.322614][  T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   88.334084][    T9] hid (null): unknown global tag 0xc
[   88.342157][  T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   88.441090][ T1200] get_1284_register timeout
[   88.449841][  T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   88.450918][ T1200] uss720 1-1:0.125: probe with driver uss720 failed with error -5
[   88.461375][    C0] usb 1-1: async_complete: urb error -104
[   88.463775][  T969] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   88.474109][    T9] hid-generic 001B:0009:0001.0001: unknown main item tag 0x3
[   88.497155][  T969] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   88.543119][    T9] hid-generic 001B:0009:0001.0001: unknown global tag 0xe
[   88.554399][    T9] hid-generic 001B:0009:0001.0001: item 0 2 1 14 parsing failed
[   88.656505][  T969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.675156][ T6245] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   88.679486][    T9] hid-generic 001B:0009:0001.0001: probe with driver hid-generic failed with error -22
[   88.940524][   T25] usb 2-1: USB disconnect, device number 4
[   88.946397][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   88.946433][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   89.063764][   T29] audit: type=1400 audit(1736915363.867:289): avc:  denied  { connect } for  pid=6224 comm="syz.0.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   89.345742][   T29] audit: type=1400 audit(1736915364.137:290): avc:  denied  { audit_control } for  pid=6261 comm="syz.4.102" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   91.821157][   T25] usb 1-1: USB disconnect, device number 7
[   91.950770][   T29] audit: type=1400 audit(1736915366.757:291): avc:  denied  { read write } for  pid=6289 comm="syz.2.108" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   91.972814][ T6294] vivid-001: disconnect
[   91.998821][   T29] audit: type=1400 audit(1736915366.757:292): avc:  denied  { open } for  pid=6289 comm="syz.2.108" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[   92.027836][   T29] audit: type=1400 audit(1736915366.757:293): avc:  denied  { create } for  pid=6292 comm="syz.0.110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   92.170109][ T6293] vivid-001: reconnect
[   92.187592][   T29] audit: type=1400 audit(1736915366.997:294): avc:  denied  { create } for  pid=6299 comm="syz.4.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   92.331173][   T29] audit: type=1400 audit(1736915367.077:295): avc:  denied  { write } for  pid=6290 comm="syz.1.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[   92.901090][   T29] audit: type=1400 audit(1736915367.707:296): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[   92.991165][ T5860] hid (null): unknown global tag 0xe
[   93.070002][ T5860] hid (null): unknown global tag 0xc
[   93.293291][ T5860] hid-generic 001B:0009:0001.0002: unknown main item tag 0x3
[   93.301059][ T5860] hid-generic 001B:0009:0001.0002: unknown global tag 0xe
[   93.309086][ T5860] hid-generic 001B:0009:0001.0002: item 0 2 1 14 parsing failed
[   93.326234][ T5860] hid-generic 001B:0009:0001.0002: probe with driver hid-generic failed with error -22
[   94.249673][   T29] audit: type=1400 audit(1736915369.057:297): avc:  denied  { create } for  pid=6319 comm="syz.4.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   94.280196][ T5860] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   94.337642][   T29] audit: type=1400 audit(1736915369.057:298): avc:  denied  { write } for  pid=6319 comm="syz.4.117" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[   94.444620][ T5860] usb 2-1: Using ep0 maxpacket: 8
[   94.503003][  T969] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   94.526926][ T5860] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[   94.535401][ T5860] usb 2-1: config 179 has no interface number 0
[   94.546286][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   94.562042][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   94.576955][   T29] audit: type=1400 audit(1736915369.387:299): avc:  denied  { setopt } for  pid=6326 comm="syz.2.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   94.630253][ T6333] FAULT_INJECTION: forcing a failure.
[   94.630253][ T6333] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   94.664874][ T6333] CPU: 0 UID: 0 PID: 6333 Comm: syz.4.120 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[   94.675472][ T6333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   94.685527][ T6333] Call Trace:
[   94.688802][ T6333]  <TASK>
[   94.691731][ T6333]  dump_stack_lvl+0x16c/0x1f0
[   94.696421][ T6333]  should_fail_ex+0x497/0x5b0
[   94.701110][ T6333]  _copy_from_user+0x2e/0xd0
[   94.705706][ T6333]  snd_pcm_oss_write2+0x1c6/0x3f0
[   94.710739][ T6333]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[   94.716290][ T6333]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[   94.721662][ T6333]  ? snd_pcm_oss_prepare+0x11e/0x220
[   94.726956][ T6333]  snd_pcm_oss_write+0x727/0xa00
[   94.731907][ T6333]  ? rw_verify_area+0xd0/0x700
[   94.736679][ T6333]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[   94.742145][ T6333]  vfs_write+0x24c/0x1150
[   94.746478][ T6333]  ? __fget_files+0x1fc/0x3a0
[   94.751155][ T6333]  ? __pfx_lock_release+0x10/0x10
[   94.756186][ T6333]  ? __pfx_vfs_write+0x10/0x10
[   94.760956][ T6333]  ? lock_acquire+0x2f/0xb0
[   94.765460][ T6333]  ? __fget_files+0x40/0x3a0
[   94.770058][ T6333]  ? __fget_files+0x206/0x3a0
[   94.774744][ T6333]  ksys_write+0x12b/0x250
[   94.779076][ T6333]  ? __pfx_ksys_write+0x10/0x10
[   94.783936][ T6333]  do_syscall_64+0xcd/0x250
[   94.788446][ T6333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.794347][ T6333] RIP: 0033:0x7f10f7385d29
[   94.798760][ T6333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.818368][ T6333] RSP: 002b:00007f10f8113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   94.826785][ T6333] RAX: ffffffffffffffda RBX: 00007f10f7576160 RCX: 00007f10f7385d29
[   94.834754][ T6333] RDX: 00000000ffffffd9 RSI: 00000000200001c0 RDI: 0000000000000008
[   94.842724][ T6333] RBP: 00007f10f8113090 R08: 0000000000000000 R09: 0000000000000000
[   94.850692][ T6333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.858662][ T6333] R13: 0000000000000000 R14: 00007f10f7576160 R15: 00007fffb54b5bc8
[   94.866649][ T6333]  </TASK>
[   94.869714][    C0] vkms_vblank_simulate: vblank timer overrun
[   95.523547][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   95.534814][ T5860] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   95.546363][ T5860] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   95.559775][ T5860] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   95.568934][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.621470][  T969] usb 4-1: config 0 interface 0 has no altsetting 0
[   95.628299][  T969] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[   95.648155][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.669612][  T969] usb 4-1: config 0 descriptor??
[   95.685078][ T6314] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   95.849858][ T6337] sp0: Synchronizing with TNC
[   95.862391][   T29] audit: type=1400 audit(1736915370.667:300): avc:  denied  { search } for  pid=5485 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   95.886735][   T29] audit: type=1400 audit(1736915370.697:301): avc:  denied  { read } for  pid=5485 comm="dhcpcd" name="n100" dev="tmpfs" ino=2278 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   95.908881][   T29] audit: type=1400 audit(1736915370.697:302): avc:  denied  { open } for  pid=5485 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2278 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   95.932175][   T29] audit: type=1400 audit(1736915370.697:303): avc:  denied  { getattr } for  pid=5485 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=2278 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[   96.111468][ T6344] netlink: 'syz.0.123': attribute type 3 has an invalid length.
[   96.119441][ T6344] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.123'.
[   96.147787][ T6344] NILFS (loop0): device size too small
[   96.404131][   T29] audit: type=1400 audit(1736915371.187:304): avc:  denied  { read } for  pid=6346 comm="syz.2.125" name="cec2" dev="devtmpfs" ino=961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   96.426386][    C0] vkms_vblank_simulate: vblank timer overrun
[   96.437223][ T5860] usb 2-1: USB disconnect, device number 5
[   96.443113][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   96.443151][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   96.463014][  T969]  (null): keene_cmd_main failed (-110)
[   96.484410][  T969] video4linux radio48: keene_cmd_main failed (-32)
[   96.491277][  T969] radio-keene 4-1:0.0: V4L2 device registered as radio48
[   96.984307][ T6353] netlink: 'syz.4.124': attribute type 3 has an invalid length.
[   96.992110][ T6353] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.124'.
[   97.072041][ T6353] NILFS (loop4): device size too small
[   97.293160][   T29] audit: type=1400 audit(1736915371.187:305): avc:  denied  { open } for  pid=6346 comm="syz.2.125" path="/dev/cec2" dev="devtmpfs" ino=961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   97.381022][  T969] usb 4-1: USB disconnect, device number 3
[   97.442636][   T29] audit: type=1400 audit(1736915371.517:306): avc:  denied  { ioctl } for  pid=6346 comm="syz.2.125" path="/dev/cec2" dev="devtmpfs" ino=961 ioctlcmd=0x6104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   97.674127][ T5860] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[   97.706202][ T6368] overlayfs: missing 'lowerdir'
[   97.834093][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   97.849947][ T5860] usb 2-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[   97.864378][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3
[   97.882752][ T5860] usb 2-1: Product: syz
[   97.910866][ T5860] usb 2-1: Manufacturer: syz
[   97.926064][ T5860] usb 2-1: SerialNumber: syz
[   97.944363][ T5860] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[   97.994091][    T9] usb 1-1: Using ep0 maxpacket: 8
[   98.003671][    T9] usb 1-1: config 2 has an invalid interface number: 31 but max is 0
[   98.023317][    T9] usb 1-1: config 2 has no interface number 0
[   98.041612][    T9] usb 1-1: config 2 interface 31 has no altsetting 0
[   98.048620][ T5906] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   98.065976][    T9] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[   98.084191][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.102375][    T9] usb 1-1: Product: syz
[   98.112488][    T9] usb 1-1: Manufacturer: syz
[   98.127330][    T9] usb 1-1: SerialNumber: syz
[   98.214060][ T5906] usb 3-1: Using ep0 maxpacket: 32
[   98.225664][ T5906] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   98.270661][ T5906] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   98.292260][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.323648][ T5906] usb 3-1: config 0 descriptor??
[   98.361977][ T5860] vp7045: USB control message 'in' went wrong.
[   98.376604][ T5860] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   98.399986][ T5906] hub 3-1:0.0: bad descriptor, ignoring hub
[   98.424418][ T5906] hub 3-1:0.0: probe with driver hub failed with error -5
[   98.435224][ T5860] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[   98.456686][ T5906] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[   98.474224][  T969] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   98.482896][ T5860] usb 2-1: USB disconnect, device number 6
[   98.580667][ T6366] netlink: 168 bytes leftover after parsing attributes in process `syz.0.129'.
[   98.634143][  T969] usb 4-1: Using ep0 maxpacket: 8
[   98.657392][  T969] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[   98.674098][ T5978] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   98.692549][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.710959][  T969] usb 4-1: Product: syz
[   98.737024][  T969] usb 4-1: Manufacturer: syz
[   98.751851][  T969] usb 4-1: SerialNumber: syz
[   98.781008][  T969] usb 4-1: config 0 descriptor??
[   98.795553][  T969] gspca_main: sonixj-2.14.0 probing 0c45:613a
[   98.812846][    T9] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22
[   98.846454][ T5978] usb 5-1: Using ep0 maxpacket: 16
[   98.863457][    T9] usb 1-1: USB disconnect, device number 8
[   98.864252][ T5978] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[   98.893742][    T8] usb 3-1: USB disconnect, device number 3
[   98.942386][ T5978] usb 5-1: config 0 has no interface number 0
[   98.961695][ T5978] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[   99.005263][ T5978] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[   99.040850][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.091543][ T5978] usb 5-1: Product: syz
[   99.310100][ T6377] NILFS (loop1): device size too small
[   99.425804][ T5978] usb 5-1: Manufacturer: syz
[   99.430488][ T5978] usb 5-1: SerialNumber: syz
[   99.532600][ T6379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   99.534099][  T969] gspca_sonixj: reg_r err -110
[   99.545149][ T6379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   99.579204][ T5978] usb 5-1: config 0 descriptor??
[   99.588172][  T969] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[  100.904179][ T5858] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  101.134136][ T5858] usb 1-1: Using ep0 maxpacket: 16
[  101.141199][ T5858] usb 1-1: config 0 has no interfaces?
[  101.152601][ T5858] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  101.162495][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.230084][ T6392] siw: device registration error -23
[  101.241497][ T5858] usb 1-1: Product: syz
[  101.245812][ T5858] usb 1-1: Manufacturer: syz
[  101.250465][ T5858] usb 1-1: SerialNumber: syz
[  101.414477][ T5858] usb 1-1: config 0 descriptor??
[  101.446982][  T969] usb 4-1: USB disconnect, device number 4
[  101.670006][ T5978] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71
[  101.685814][    T8] usb 1-1: USB disconnect, device number 9
[  101.699827][ T5978] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71
[  101.781946][ T5978] usb 5-1: USB disconnect, device number 4
[  101.797896][ T6399] netlink: 'syz.3.137': attribute type 10 has an invalid length.
[  101.805883][ T6399] netlink: 40 bytes leftover after parsing attributes in process `syz.3.137'.
[  102.023370][ T6403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'.
[  102.064945][ T6403] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6403 comm=syz.3.139
[  102.099789][ T6403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.139'.
[  102.196196][ T6406] netlink: 'syz.1.140': attribute type 3 has an invalid length.
[  102.204301][ T6406] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.140'.
[  102.232983][ T6406] NILFS (loop1): device size too small
[  102.714180][ T5978] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  102.884138][ T5978] usb 5-1: Using ep0 maxpacket: 8
[  102.939345][ T5978] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  102.984076][ T5978] usb 5-1: config 6 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  103.106857][ T5978] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  103.116076][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.124575][ T5978] usb 5-1: Product: syz
[  103.128735][ T5978] usb 5-1: Manufacturer: syz
[  103.133299][ T5978] usb 5-1: SerialNumber: syz
[  103.224533][ T6418] misc userio: Invalid payload size
[  103.230925][ T6418] misc userio: No port type given on /dev/userio
[  103.274184][   T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  103.317624][ T6419] misc userio: Invalid payload size
[  103.733337][ T5978] hso 5-1:6.0: Can't find BULK IN endpoint
[  103.780584][ T6421] ALSA: mixer_oss: invalid OSS volume ''
[  103.894052][   T25] usb 3-1: Using ep0 maxpacket: 16
[  103.920325][   T25] usb 3-1: config 0 has no interfaces?
[  103.928767][   T25] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  103.946673][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.990088][   T25] usb 3-1: Product: syz
[  104.007834][   T25] usb 3-1: Manufacturer: syz
[  104.080832][   T25] usb 3-1: SerialNumber: syz
[  104.404500][   T25] usb 3-1: config 0 descriptor??
[  104.445335][    T9] usb 5-1: USB disconnect, device number 5
[  104.509100][ T6427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.145'.
[  104.734518][ T6424] x_tables: unsorted underflow at hook 3
[  104.744981][ T6424] netlink: 16 bytes leftover after parsing attributes in process `syz.0.146'.
[  104.760769][ T6424] syz.0.146: attempt to access beyond end of device
[  104.760769][ T6424] loop0: rw=0, sector=0, nr_sectors = 1 limit=0
[  104.893673][   T29] kauditd_printk_skb: 9 callbacks suppressed
[  104.893705][   T29] audit: type=1400 audit(1736915379.667:316): avc:  denied  { bind } for  pid=6422 comm="syz.3.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  105.041981][ T6431] lo speed is unknown, defaulting to 1000
[  105.275324][ T5860] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  105.354565][   T29] audit: type=1400 audit(1736915380.107:317): avc:  denied  { create } for  pid=6414 comm="syz.2.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  105.378062][   T29] audit: type=1400 audit(1736915380.107:318): avc:  denied  { read } for  pid=6414 comm="syz.2.143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  105.454006][ T5860] usb 2-1: Using ep0 maxpacket: 16
[  105.465805][ T5860] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  105.519756][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.560393][ T5860] usb 2-1: Product: syz
[  105.720564][ T5860] usb 2-1: Manufacturer: syz
[  105.725343][ T5860] usb 2-1: SerialNumber: syz
[  105.845299][   T25] usb 3-1: USB disconnect, device number 4
[  105.852881][ T6435] netlink: 558 bytes leftover after parsing attributes in process `syz.2.143'.
[  105.986475][ T5860] r8152-cfgselector 2-1: Unknown version 0x0000
[  105.994069][ T5860] r8152-cfgselector 2-1: config 0 descriptor??
[  106.404016][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  107.020250][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  107.048379][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.075812][    T9] usb 5-1: Product: syz
[  107.087414][    T9] usb 5-1: Manufacturer: syz
[  107.107167][ T6448] sctp: [Deprecated]: syz.0.148 (pid 6448) Use of struct sctp_assoc_value in delayed_ack socket option.
[  107.107167][ T6448] Use struct sctp_sack_info instead
[  107.127026][    T9] usb 5-1: SerialNumber: syz
[  107.148213][    T9] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  107.182945][ T5906] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  108.427468][ T6471] FAULT_INJECTION: forcing a failure.
[  108.427468][ T6471] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.496328][ T6471] CPU: 1 UID: 0 PID: 6471 Comm: syz.3.154 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  108.506962][ T6471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  108.517037][ T6471] Call Trace:
[  108.520331][ T6471]  <TASK>
[  108.523275][ T6471]  dump_stack_lvl+0x16c/0x1f0
[  108.527977][ T6471]  should_fail_ex+0x497/0x5b0
[  108.532681][ T6471]  _copy_from_user+0x2e/0xd0
[  108.537292][ T6471]  ucma_join_multicast+0xa2/0x160
[  108.542350][ T6471]  ? __pfx_ucma_join_multicast+0x10/0x10
[  108.548019][ T6471]  ? __might_fault+0xe3/0x190
[  108.552700][ T6471]  ? __pfx_ucma_join_multicast+0x10/0x10
[  108.558331][ T6471]  ucma_write+0x1f9/0x330
[  108.562658][ T6471]  ? __pfx_ucma_write+0x10/0x10
[  108.567490][ T6471]  ? bpf_lsm_file_permission+0x9/0x10
[  108.572840][ T6471]  ? security_file_permission+0x71/0x210
[  108.578473][ T6471]  ? __pfx_ucma_write+0x10/0x10
[  108.583405][ T6471]  vfs_write+0x24c/0x1150
[  108.587723][ T6471]  ? __fget_files+0x1fc/0x3a0
[  108.592394][ T6471]  ? __pfx_lock_release+0x10/0x10
[  108.597434][ T6471]  ? __pfx_vfs_write+0x10/0x10
[  108.602198][ T6471]  ? lock_acquire+0x2f/0xb0
[  108.606694][ T6471]  ? __fget_files+0x40/0x3a0
[  108.611274][ T6471]  ? __fget_files+0x206/0x3a0
[  108.615943][ T6471]  ksys_write+0x207/0x250
[  108.620266][ T6471]  ? __pfx_ksys_write+0x10/0x10
[  108.625120][ T6471]  do_syscall_64+0xcd/0x250
[  108.629631][ T6471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.635519][ T6471] RIP: 0033:0x7f7c07185d29
[  108.639912][ T6471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.659519][ T6471] RSP: 002b:00007f7c07edd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  108.667918][ T6471] RAX: ffffffffffffffda RBX: 00007f7c07375fa0 RCX: 00007f7c07185d29
[  108.675968][ T6471] RDX: 00000000000000a0 RSI: 0000000020000340 RDI: 0000000000000003
[  108.683943][ T6471] RBP: 00007f7c07edd090 R08: 0000000000000000 R09: 0000000000000000
[  108.691931][ T6471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.699901][ T6471] R13: 0000000000000000 R14: 00007f7c07375fa0 R15: 00007ffcb3e7a858
[  108.707889][ T6471]  </TASK>
[  108.742428][ T5978] usb 5-1: USB disconnect, device number 6
[  109.169376][ T5906] usb 5-1: Service connection timeout for: 256
[  109.195292][ T5906] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  109.259932][ T5906] ath9k_htc: Failed to initialize the device
[  109.326907][ T5978] usb 5-1: ath9k_htc: USB layer deinitialized
[  109.437461][ T5860] r8152-cfgselector 2-1: USB disconnect, device number 7
[  109.486027][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.157'.
[  109.566671][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.157'.
[  109.637577][   T29] audit: type=1400 audit(1736915384.377:319): avc:  denied  { create } for  pid=6478 comm="syz.3.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  109.672294][   T29] audit: type=1400 audit(1736915384.377:320): avc:  denied  { write } for  pid=6478 comm="syz.3.157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  109.844300][ T6489] siw: device registration error -23
[  109.890186][ T6490] netlink: 'syz.4.156': attribute type 3 has an invalid length.
[  109.898136][ T6490] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.156'.
[  109.954631][ T6490] NILFS (loop4): device size too small
[  110.637601][ T6496] lo speed is unknown, defaulting to 1000
[  110.934034][ T5978] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  111.517369][ T5978] usb 2-1: Using ep0 maxpacket: 32
[  112.346123][ T5978] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.465614][ T5978] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  112.580330][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.606155][ T5906] hid (null): unknown global tag 0xe
[  112.608872][ T5978] usb 2-1: Product: syz
[  112.614023][ T5906] hid (null): unknown global tag 0xc
[  112.616740][ T5978] usb 2-1: Manufacturer: syz
[  112.626091][ T5978] usb 2-1: SerialNumber: syz
[  112.695013][ T5906] hid-generic 001B:0009:0001.0003: unknown main item tag 0x3
[  112.727222][ T5906] hid-generic 001B:0009:0001.0003: unknown global tag 0xe
[  112.735457][ T5978] usb 2-1: config 0 descriptor??
[  112.819478][ T5906] hid-generic 001B:0009:0001.0003: item 0 2 1 14 parsing failed
[  112.876791][ T5906] hid-generic 001B:0009:0001.0003: probe with driver hid-generic failed with error -22
[  112.927588][ T5978] cdc_ether 2-1:0.0: skipping garbage
[  113.115182][ T5978] usb 2-1: bad CDC descriptors
[  113.154779][ T5978] usb 2-1: unsupported MDLM descriptors
[  113.323656][ T6532] lo speed is unknown, defaulting to 1000
[  113.365508][   T29] audit: type=1400 audit(1736915388.107:321): avc:  denied  { ioctl } for  pid=6531 comm="syz.2.169" path="/dev/sg0" dev="devtmpfs" ino=718 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  113.391100][   T29] audit: type=1400 audit(1736915388.107:322): avc:  denied  { ioctl } for  pid=6531 comm="syz.2.169" path="/dev/input/event3" dev="devtmpfs" ino=1018 ioctlcmd=0x45a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  113.416839][   T29] audit: type=1326 audit(1736915388.107:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000
[  113.440206][   T29] audit: type=1326 audit(1736915388.107:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000
[  113.463832][   T29] audit: type=1326 audit(1736915388.107:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000
[  113.487025][   T29] audit: type=1326 audit(1736915388.107:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000
[  113.510526][   T29] audit: type=1326 audit(1736915388.107:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef6c985d29 code=0x7ffc0000
[  113.534084][   T29] audit: type=1326 audit(1736915388.107:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef6c987c47 code=0x7ffc0000
[  113.557317][   T29] audit: type=1326 audit(1736915388.107:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fef6c987bbc code=0x7ffc0000
[  113.569572][ T5978] usb 2-1: USB disconnect, device number 8
[  113.580498][   T29] audit: type=1326 audit(1736915388.107:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6531 comm="syz.2.169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fef6c987af4 code=0x7ffc0000
[  114.761541][ T6548] netlink: 340 bytes leftover after parsing attributes in process `syz.0.173'.
[  114.994633][ T6553] netlink: 'syz.0.175': attribute type 3 has an invalid length.
[  115.002519][ T6553] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.175'.
[  115.038318][ T6553] NILFS (loop0): device size too small
[  116.477637][ T6564] lo speed is unknown, defaulting to 1000
[  116.533385][ T6561] tty tty28: ldisc open failed (-12), clearing slot 27
[  116.854043][ T1200] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  117.681014][ T1200] usb 2-1: Using ep0 maxpacket: 8
[  117.691899][ T1200] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  117.702293][ T1200] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  117.712139][ T1200] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  118.272939][ T1200] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  118.286147][ T1200] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  118.295238][ T1200] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.489064][ T5906] hid (null): unknown global tag 0xe
[  118.494476][ T5906] hid (null): unknown global tag 0xc
[  118.505679][ T5906] hid-generic 001B:0009:0001.0004: unknown main item tag 0x3
[  118.513744][ T5906] hid-generic 001B:0009:0001.0004: unknown global tag 0xe
[  118.534201][ T5906] hid-generic 001B:0009:0001.0004: item 0 2 1 14 parsing failed
[  118.763173][ T5906] hid-generic 001B:0009:0001.0004: probe with driver hid-generic failed with error -22
[  118.831284][   T29] kauditd_printk_skb: 74 callbacks suppressed
[  118.831295][   T29] audit: type=1326 audit(1736915393.637:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  118.925728][   T29] audit: type=1326 audit(1736915393.637:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  118.948939][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.051276][ T6595] netlink: 'syz.1.178': attribute type 4 has an invalid length.
[  119.127875][   T29] audit: type=1326 audit(1736915393.677:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  119.151090][    C1] vkms_vblank_simulate: vblank timer overrun
[  119.384520][ T1200] usb 2-1: usb_control_msg returned -32
[  119.390296][   T29] audit: type=1326 audit(1736915393.687:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  120.375375][ T1200] usbtmc 2-1:16.0: can't read capabilities
[  120.425559][   T29] audit: type=1326 audit(1736915393.687:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  121.047574][ T6601] Invalid logical block size (1792)
[  121.066955][   T29] audit: type=1326 audit(1736915393.687:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  121.090436][   T29] audit: type=1326 audit(1736915393.687:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  121.113640][    C1] vkms_vblank_simulate: vblank timer overrun
[  121.120216][   T29] audit: type=1326 audit(1736915393.687:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  121.148327][   T29] audit: type=1326 audit(1736915393.687:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  121.204400][   T29] audit: type=1326 audit(1736915393.687:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6578 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c07185d29 code=0x7ffc0000
[  121.382372][ T6572] syz.1.178 (6572): drop_caches: 2
[  121.459157][   T25] usb 2-1: USB disconnect, device number 9
[  123.354106][ T1200] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  123.391237][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  123.410849][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x24ad
[  123.444384][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xb58b
[  123.471300][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xf8be
[  123.495189][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xa207
[  123.504591][ T6617] kvm: kvm [6614]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x7e9d
[  123.594619][ T6639] binder: Unknown parameter 'st�Z�ats'
[  123.636964][ T1200] usb 1-1: Using ep0 maxpacket: 8
[  123.756319][ T1200] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  123.764961][ T1200] usb 1-1: config 179 has no interface number 0
[  123.771239][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  123.845850][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  123.845884][   T29] audit: type=1400 audit(1736915398.647:448): avc:  denied  { setopt } for  pid=6640 comm="syz.2.198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  124.007286][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  124.018853][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  124.030121][ T1200] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  124.041938][ T1200] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  124.055687][ T1200] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  124.864578][ T1200] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.114331][ T6620] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  125.228031][   T29] audit: type=1326 audit(1736915400.037:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000
[  125.231372][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  125.251248][    C1] vkms_vblank_simulate: vblank timer overrun
[  125.259824][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  125.274476][ T1200] usb 1-1: USB disconnect, device number 10
[  125.282471][ T6652] lo speed is unknown, defaulting to 1000
[  125.422239][   T29] audit: type=1326 audit(1736915400.037:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000
[  125.445466][    C1] vkms_vblank_simulate: vblank timer overrun
[  125.695316][   T29] audit: type=1326 audit(1736915400.077:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000
[  125.725646][ T6665] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  125.795738][   T29] audit: type=1326 audit(1736915400.077:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000
[  125.823956][   T29] audit: type=1326 audit(1736915400.077:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1464b85d29 code=0x7ffc0000
[  125.852987][   T29] audit: type=1326 audit(1736915400.077:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1464b87c47 code=0x7ffc0000
[  125.883977][   T29] audit: type=1326 audit(1736915400.077:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f1464b87bbc code=0x7ffc0000
[  125.907423][   T29] audit: type=1326 audit(1736915400.077:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1464b87af4 code=0x7ffc0000
[  125.936625][   T29] audit: type=1326 audit(1736915400.077:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6649 comm="syz.1.199" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f1464b87af4 code=0x7ffc0000
[  125.971623][ T5860] IPVS: starting estimator thread 0...
[  126.184567][ T6666] IPVS: using max 27 ests per chain, 64800 per kthread
[  126.514037][  T969] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  126.598921][ T6674] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.221185][ T6674] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.552978][ T6674] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.615037][  T969] usb 5-1: Using ep0 maxpacket: 16
[  127.621609][  T969] usb 5-1: config index 0 descriptor too short (expected 16456, got 72)
[  127.630741][  T969] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  127.657580][ T6674] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.674069][  T969] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  127.720349][  T969] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  127.734307][  T969] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  127.743255][  T969] usb 5-1: config 0 has no interface number 0
[  127.749625][  T969] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  127.760886][  T969] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  127.770883][  T969] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  127.781904][  T969] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  127.795131][  T969] usb 5-1: config 0 interface 125 has no altsetting 0
[  127.802109][  T969] usb 5-1: config 0 interface 125 has no altsetting 2
[  127.803568][ T6688] netlink: 12 bytes leftover after parsing attributes in process `syz.0.209'.
[  127.814808][  T969] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  127.836173][  T969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.852746][  T969] usb 5-1: Product: syz
[  127.852989][ T6674] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.859457][  T969] usb 5-1: Manufacturer: syz
[  127.877040][ T6688] x_tables: duplicate underflow at hook 1
[  127.878154][ T6674] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.893844][ T6688] ������: renamed from lo (while UP)
[  127.902154][  T969] usb 5-1: SerialNumber: syz
[  127.916517][ T6674] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.923455][  T969] usb 5-1: config 0 descriptor??
[  127.939318][ T6688] netlink: 24 bytes leftover after parsing attributes in process `syz.0.209'.
[  127.939593][ T6674] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.973564][  T969] usb 5-1: selecting invalid altsetting 2
[  129.039810][  T969] get_1284_register timeout
[  129.044434][  T969] uss720 5-1:0.125: probe with driver uss720 failed with error -5
[  129.052326][    C1] usb 5-1: async_complete: urb error -104
[  129.052395][    C1] usb 5-1: async_complete: urb error -104
[  129.385031][ T6708] netlink: 'syz.2.214': attribute type 2 has an invalid length.
[  129.399453][ T6708] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.214'.
[  129.444364][   T29] kauditd_printk_skb: 64 callbacks suppressed
[  129.444379][   T29] audit: type=1400 audit(1736915404.257:522): avc:  denied  { setopt } for  pid=6711 comm="syz.3.215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  130.034778][   T29] audit: type=1400 audit(1736915404.827:523): avc:  denied  { mount } for  pid=6716 comm="syz.2.217" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  130.447158][ T6727] fuse: Bad value for 'fd'
[  131.111482][    T9] usb 5-1: USB disconnect, device number 7
[  131.370066][ T6731] fuse: Bad value for 'fd'
[  131.891972][   T29] audit: type=1400 audit(1736915406.687:524): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  131.911920][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.118109][   T29] audit: type=1400 audit(1736915406.927:525): avc:  denied  { listen } for  pid=6733 comm="syz.0.222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  132.139201][   T29] audit: type=1400 audit(1736915406.927:526): avc:  denied  { accept } for  pid=6733 comm="syz.0.222" lport=42738 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  132.550254][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  132.557034][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  133.081392][   T29] audit: type=1400 audit(1736915407.817:527): avc:  denied  { read } for  pid=6742 comm="syz.1.225" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  133.433089][   T29] audit: type=1400 audit(1736915408.237:528): avc:  denied  { mounton } for  pid=6751 comm="syz.1.227" path="/proc/155/task" dev="proc" ino=11121 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  133.492026][ T6755] mkiss: ax0: crc mode is auto.
[  133.510334][ T6755] netlink: 'syz.2.228': attribute type 1 has an invalid length.
[  133.535538][ T6755] bond1: entered promiscuous mode
[  133.540576][ T6755] bond1: entered allmulticast mode
[  133.560494][ T6755] 8021q: adding VLAN 0 to HW filter on device batadv1
[  133.568428][ T6755] bond1: (slave batadv1): making interface the new active one
[  133.575960][ T6755] batadv1: entered promiscuous mode
[  133.581199][ T6755] batadv1: entered allmulticast mode
[  133.587280][ T6755] bond1: (slave batadv1): Enslaving as an active interface with an up link
[  133.761846][   T29] audit: type=1400 audit(1736915408.517:529): avc:  denied  { listen } for  pid=6750 comm="syz.2.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  134.284020][ T5906] usb 1-1: new full-speed USB device number 11 using dummy_hcd
[  135.708462][ T5906] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[  135.717080][ T5906] usb 1-1: config 8 has no interface number 0
[  135.723182][ T5906] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  135.735825][ T5906] usb 1-1: config 8 interface 177 has no altsetting 0
[  135.742631][ T5906] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  135.756936][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.779836][ T6756] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  136.003238][   T29] audit: type=1400 audit(1736915410.807:530): avc:  denied  { write } for  pid=6752 comm="syz.0.226" name="001" dev="devtmpfs" ino=747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  136.009620][ T5906] usb 1-1: string descriptor 0 read error: -71
[  136.088111][ T6779] fuse: Bad value for 'fd'
[  136.101297][  T969] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  136.342340][  T969] usb 2-1: Using ep0 maxpacket: 8
[  136.361229][  T969] usb 2-1: config 0 has an invalid descriptor of length 60, skipping remainder of the config
[  136.483159][  T969] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  136.520962][    C0] ir_toy 1-1:8.177: out urb status: -71
[  136.535834][  T969] usb 2-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  136.547264][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.555482][ T5978] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  136.568195][  T969] usb 2-1: Product: syz
[  136.573141][  T969] usb 2-1: Manufacturer: syz
[  136.577875][  T969] usb 2-1: SerialNumber: syz
[  136.584468][  T969] usb 2-1: config 0 descriptor??
[  136.826461][ T5978] usb 5-1: Using ep0 maxpacket: 8
[  136.980110][   T29] audit: type=1400 audit(1736915411.767:531): avc:  denied  { accept } for  pid=6787 comm="syz.0.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  137.034183][ T5906] ir_toy 1-1:8.177: could not write reset command: -110
[  137.042047][ T5906] ir_toy 1-1:8.177: probe with driver ir_toy failed with error -110
[  137.261154][   T29] audit: type=1400 audit(1736915412.047:532): avc:  denied  { create } for  pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  137.307765][ T6793] FAULT_INJECTION: forcing a failure.
[  137.307765][ T6793] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.389708][ T5906] usb 1-1: USB disconnect, device number 11
[  137.515330][ T5978] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  137.525155][ T5978] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  137.533810][   T29] audit: type=1400 audit(1736915412.157:533): avc:  denied  { read } for  pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  137.534944][ T5978] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  137.534970][ T5978] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  137.535007][ T5978] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  137.586911][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.601378][ T6793] CPU: 1 UID: 0 PID: 6793 Comm: syz.3.236 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  137.612018][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  137.622066][ T6793] Call Trace:
[  137.625330][ T6793]  <TASK>
[  137.628248][ T6793]  dump_stack_lvl+0x16c/0x1f0
[  137.632920][ T6793]  should_fail_ex+0x497/0x5b0
[  137.637606][ T6793]  _copy_from_user+0x2e/0xd0
[  137.642180][ T6793]  __x64_sys_rt_sigaction+0x194/0x310
[  137.647543][ T6793]  ? __pfx___x64_sys_rt_sigaction+0x10/0x10
[  137.653431][ T6793]  do_syscall_64+0xcd/0x250
[  137.657930][ T6793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.663813][ T6793] RIP: 0033:0x7f7c07185d29
[  137.668214][ T6793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.687828][ T6793] RSP: 002b:00007f7c04fd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000000d
[  137.696229][ T6793] RAX: ffffffffffffffda RBX: 00007f7c07376160 RCX: 00007f7c07185d29
[  137.704187][ T6793] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000019
[  137.712142][ T6793] RBP: 00007f7c04fd5090 R08: 0000000020000440 R09: 0000000000000000
[  137.720097][ T6793] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  137.728053][ T6793] R13: 0000000000000001 R14: 00007f7c07376160 R15: 00007ffcb3e7a858
[  137.736023][ T6793]  </TASK>
[  137.739091][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.746417][   T29] audit: type=1400 audit(1736915412.157:534): avc:  denied  { setopt } for  pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  137.765649][ T6798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.237'.
[  137.765872][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.780940][   T29] audit: type=1400 audit(1736915412.167:535): avc:  denied  { connect } for  pid=6773 comm="syz.1.232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  137.934816][   T29] audit: type=1400 audit(1736915412.737:536): avc:  denied  { append } for  pid=6801 comm="syz.3.239" name="001" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  137.958341][ T6803] usb usb9: usbfs: process 6803 (syz.3.239) did not claim interface 0 before use
[  137.977193][ T5906] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  138.049569][ T5978] usb 5-1: usb_control_msg returned -71
[  138.055403][ T5978] usbtmc 5-1:16.0: can't read capabilities
[  138.143030][ T5978] usb 5-1: USB disconnect, device number 8
[  138.305757][ T5906] usb 1-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=98.53
[  138.314936][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.323207][ T5906] usb 1-1: Product: syz
[  138.327552][ T5906] usb 1-1: Manufacturer: syz
[  138.332317][ T5906] usb 1-1: SerialNumber: syz
[  138.357505][ T5906] usb 1-1: config 0 descriptor??
[  138.368313][   T29] audit: type=1400 audit(1736915413.177:537): avc:  denied  { nlmsg_read } for  pid=6804 comm="syz.3.240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  138.385362][ T5906] gspca_main: spca506-2.14.0 probing 99fa:8988
[  138.845035][ T5906] usb 1-1: USB disconnect, device number 12
[  138.856874][ T5978] usb 2-1: USB disconnect, device number 10
[  140.914573][   T29] audit: type=1400 audit(1736915415.197:538): avc:  denied  { append } for  pid=6832 comm="syz.3.250" name="iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  141.630228][   T29] audit: type=1400 audit(1736915416.437:539): avc:  denied  { create } for  pid=6839 comm="syz.3.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  141.704140][   T29] audit: type=1400 audit(1736915416.507:540): avc:  denied  { ioctl } for  pid=6839 comm="syz.3.251" path="socket:[12294]" dev="sockfs" ino=12294 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  141.767944][ T6840] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.813186][ T5978] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  141.821511][   T29] audit: type=1400 audit(1736915416.547:541): avc:  denied  { ioctl } for  pid=6839 comm="syz.3.251" path="socket:[12299]" dev="sockfs" ino=12299 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  141.829856][ T6840] bond0: (slave rose0): Enslaving as an active interface with an up link
[  141.866869][   T29] audit: type=1400 audit(1736915416.677:542): avc:  denied  { read } for  pid=6845 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  141.916778][   T29] audit: type=1400 audit(1736915416.707:543): avc:  denied  { open } for  pid=6845 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  142.200524][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.414774][   T29] audit: type=1400 audit(1736915416.707:544): avc:  denied  { getattr } for  pid=6845 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  142.419246][ T5978] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  142.574003][ T5978] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00
[  142.583642][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.629278][ T5978] usb 5-1: config 0 descriptor??
[  142.766799][ T6856] netlink: 'syz.0.253': attribute type 3 has an invalid length.
[  142.774729][ T6856] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.253'.
[  142.822179][ T6856] NILFS (loop0): device size too small
[  142.924020][   T29] audit: type=1400 audit(1736915417.677:545): avc:  denied  { write } for  pid=6843 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  143.041915][ T5978] usbhid 5-1:0.0: can't add hid device: -71
[  143.043969][   T29] audit: type=1400 audit(1736915417.677:546): avc:  denied  { add_name } for  pid=6843 comm="dhcpcd-run-hook" name="resolv.conf.lapb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  143.214227][ T5978] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  143.244374][   T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  143.254764][   T29] audit: type=1400 audit(1736915417.687:547): avc:  denied  { create } for  pid=6843 comm="dhcpcd-run-hook" name="resolv.conf.lapb0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  143.277271][   T29] audit: type=1400 audit(1736915417.687:548): avc:  denied  { write } for  pid=6843 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.lapb0.link" dev="tmpfs" ino=2693 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  143.303324][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.310166][ T5978] usb 5-1: USB disconnect, device number 9
[  144.320472][   T25] usb 3-1: Using ep0 maxpacket: 8
[  144.346000][   T25] usb 3-1: config 0 has an invalid descriptor of length 60, skipping remainder of the config
[  144.361486][   T25] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  144.383880][   T25] usb 3-1: New USB device found, idVendor=187f, idProduct=0200, bcdDevice=6b.ad
[  144.406805][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.464029][   T25] usb 3-1: Product: syz
[  144.474125][  T969] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  144.494002][   T25] usb 3-1: Manufacturer: syz
[  144.623959][   T25] usb 3-1: SerialNumber: syz
[  144.631291][   T25] usb 3-1: config 0 descriptor??
[  144.718387][  T969] usb 4-1: config 0 interface 0 has no altsetting 0
[  144.755541][  T969] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  144.775396][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.052887][  T969] usb 4-1: config 0 descriptor??
[  145.656085][  T969]  (null): keene_cmd_main failed (-110)
[  145.732422][  T969] video4linux radio48: keene_cmd_main failed (-32)
[  145.739715][  T969] radio-keene 4-1:0.0: V4L2 device registered as radio48
[  147.025103][ T5921] usb 3-1: USB disconnect, device number 5
[  147.167327][ T6915] lo speed is unknown, defaulting to 1000
[  147.265842][ T6928] syz.4.264[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  147.266233][ T6928] syz.4.264[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  147.277977][ T6928] syz.4.264[6928] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  148.074598][    T8] usb 4-1: USB disconnect, device number 5
[  148.145538][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  148.145552][   T29] audit: type=1400 audit(1736915422.957:553): avc:  denied  { create } for  pid=6934 comm="syz.1.268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  148.838707][   T29] audit: type=1400 audit(1736915422.957:554): avc:  denied  { getopt } for  pid=6938 comm="syz.2.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  148.937382][ T6952] vivid-007: disconnect
[  149.841124][   T29] audit: type=1400 audit(1736915424.157:555): avc:  denied  { write } for  pid=6938 comm="syz.2.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  150.200365][ T6938] vivid-007: reconnect
[  150.522601][    T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  150.784836][ T6984] lo speed is unknown, defaulting to 1000
[  151.896012][    T8] usb 2-1: config 0 interface 0 has no altsetting 0
[  151.914020][    T8] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  151.923090][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.976568][    T8] usb 2-1: config 0 descriptor??
[  152.608031][    T8]  (null): keene_cmd_main failed (-110)
[  152.666779][    T8] video4linux radio48: keene_cmd_main failed (-32)
[  152.673339][    T8] radio-keene 2-1:0.0: V4L2 device registered as radio48
[  152.716963][   T29] audit: type=1400 audit(1736915427.497:556): avc:  denied  { write } for  pid=6996 comm="syz.3.280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  153.404130][   T29] audit: type=1400 audit(1736915427.517:557): avc:  denied  { map } for  pid=6966 comm="syz.1.272" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  153.429356][    T8] usb 2-1: USB disconnect, device number 11
[  153.452382][   T29] audit: type=1400 audit(1736915428.227:558): avc:  denied  { setrlimit } for  pid=7008 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[  153.525250][ T1200] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  153.694030][ T1200] usb 5-1: Using ep0 maxpacket: 16
[  153.792465][   T29] audit: type=1400 audit(1736915428.597:559): avc:  denied  { create } for  pid=6998 comm="syz.2.279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  153.819531][ T1200] usb 5-1: config 0 interface 0 has no altsetting 0
[  153.826330][ T1200] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00
[  153.834003][   T29] audit: type=1400 audit(1736915428.627:560): avc:  denied  { write } for  pid=6998 comm="syz.2.279" path="socket:[12594]" dev="sockfs" ino=12594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  153.849026][ T1200] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.456789][ T1200] usb 5-1: config 0 descriptor??
[  154.805039][ T7005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.820268][ T7005] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  155.169809][ T1200] usbhid 5-1:0.0: can't add hid device: -71
[  155.184249][ T1200] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  155.464324][ T1200] usb 5-1: USB disconnect, device number 10
[  155.792664][ T7035] netlink: 'syz.3.287': attribute type 11 has an invalid length.
[  156.630947][ T7043] usb usb9: usbfs: process 7043 (syz.2.288) did not claim interface 0 before use
[  156.960775][ T7046] netlink: 'syz.1.289': attribute type 3 has an invalid length.
[  156.968583][ T7046] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.289'.
[  156.990780][ T7046] NILFS (loop1): device size too small
[  157.154350][   T29] audit: type=1400 audit(1736915431.897:561): avc:  denied  { setopt } for  pid=7048 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  158.685309][   T29] audit: type=1400 audit(1736915433.487:562): avc:  denied  { connect } for  pid=7048 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  158.838976][   T29] audit: type=1400 audit(1736915433.607:563): avc:  denied  { connect } for  pid=7066 comm="syz.1.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  158.964158][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  159.550242][    T9] usb 4-1: config 0 has an invalid interface number: 156 but max is 0
[  159.587223][    T9] usb 4-1: config 0 has no interface number 0
[  159.593366][    T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  159.594082][   T29] audit: type=1400 audit(1736915433.687:564): avc:  denied  { listen } for  pid=7059 comm="syz.4.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  159.610728][    T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  159.635822][    T9] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  159.654493][    T9] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  159.658119][ T7049] overlayfs: missing 'workdir'
[  159.744039][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.754133][   T29] audit: type=1400 audit(1736915434.117:565): avc:  denied  { shutdown } for  pid=7048 comm="syz.2.292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  159.817310][    T9] usb 4-1: config 0 descriptor??
[  159.838016][    T9] gspca_main: spca561-2.14.0 probing abcd:cdee
[  160.180908][   T29] audit: type=1400 audit(1736915434.987:566): avc:  denied  { block_suspend } for  pid=7064 comm="syz.3.294" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  160.486969][ T7075] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  160.579787][ T7093] netlink: 'syz.4.301': attribute type 11 has an invalid length.
[  160.669565][    T9] spca561 4-1:0.156: probe with driver spca561 failed with error -22
[  160.688666][    T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  160.697425][    T9] usb 4-1: MIDIStreaming interface descriptor not found
[  161.108300][ T7083] netlink: 36 bytes leftover after parsing attributes in process `syz.1.297'.
[  161.208636][    T9] usb 4-1: USB disconnect, device number 6
[  161.337712][  T969] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  161.590636][ T5806] udevd[5806]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  161.881366][  T969] usb 1-1: Using ep0 maxpacket: 32
[  162.141393][  T969] usb 1-1: config 0 has an invalid interface number: 111 but max is 1
[  162.165928][  T969] usb 1-1: config 0 has no interface number 1
[  162.179412][  T969] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  162.191926][  T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.203829][  T969] usb 1-1: Product: syz
[  162.210535][  T969] usb 1-1: Manufacturer: syz
[  162.374092][  T969] usb 1-1: SerialNumber: syz
[  162.397495][  T969] usb 1-1: config 0 descriptor??
[  162.407504][ T7110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.306'.
[  162.584050][ T7110] openvswitch: netlink: Flow key attr not present in new flow.
[  162.893189][ T7090] syz.0.300: attempt to access beyond end of device
[  162.893189][ T7090] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0
[  163.474491][  T969] snd-usb-6fire 1-1:0.111: unable to receive device firmware state.
[  163.482704][  T969] snd-usb-6fire 1-1:0.111: probe with driver snd-usb-6fire failed with error -110
[  163.520386][ T7130] lo speed is unknown, defaulting to 1000
[  164.577437][   T29] audit: type=1400 audit(1736915439.367:567): avc:  denied  { setopt } for  pid=7133 comm="syz.3.310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  164.676560][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.4.315'.
[  165.548050][ T7164] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2047 sclass=netlink_route_socket pid=7164 comm=syz.2.316
[  165.662412][ T5861] usb 1-1: USB disconnect, device number 13
[  166.612838][ T7184] FAULT_INJECTION: forcing a failure.
[  166.612838][ T7184] name failslab, interval 1, probability 0, space 0, times 0
[  166.680103][ T7184] CPU: 0 UID: 0 PID: 7184 Comm: syz.2.321 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  166.690734][ T7184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  166.700800][ T7184] Call Trace:
[  166.704078][ T7184]  <TASK>
[  166.707004][ T7184]  dump_stack_lvl+0x16c/0x1f0
[  166.711692][ T7184]  should_fail_ex+0x497/0x5b0
[  166.716391][ T7184]  ? fs_reclaim_acquire+0xae/0x150
[  166.721521][ T7184]  should_failslab+0xc2/0x120
[  166.726218][ T7184]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  166.732043][ T7184]  ? __alloc_skb+0x2b1/0x380
[  166.736645][ T7184]  __alloc_skb+0x2b1/0x380
[  166.741052][ T7184]  ? __pfx___alloc_skb+0x10/0x10
[  166.745975][ T7184]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  166.751940][ T7184]  netlink_alloc_large_skb+0x69/0x130
[  166.757292][ T7184]  netlink_sendmsg+0x689/0xd70
[  166.762041][ T7184]  ? __pfx_netlink_sendmsg+0x10/0x10
[  166.767309][ T7184]  ____sys_sendmsg+0xaaf/0xc90
[  166.772058][ T7184]  ? copy_msghdr_from_user+0x10b/0x160
[  166.777520][ T7184]  ? __pfx_____sys_sendmsg+0x10/0x10
[  166.782790][ T7184]  ___sys_sendmsg+0x135/0x1e0
[  166.787446][ T7184]  ? __pfx____sys_sendmsg+0x10/0x10
[  166.792628][ T7184]  ? __pfx_lock_release+0x10/0x10
[  166.797629][ T7184]  ? trace_lock_acquire+0x14e/0x1f0
[  166.802810][ T7184]  ? __fget_files+0x206/0x3a0
[  166.807466][ T7184]  __sys_sendmsg+0x16e/0x220
[  166.812032][ T7184]  ? __pfx___sys_sendmsg+0x10/0x10
[  166.817126][ T7184]  do_syscall_64+0xcd/0x250
[  166.821629][ T7184]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.827501][ T7184] RIP: 0033:0x7fef6c985d29
[  166.831891][ T7184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  166.851480][ T7184] RSP: 002b:00007fef6d87b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  166.859869][ T7184] RAX: ffffffffffffffda RBX: 00007fef6cb75fa0 RCX: 00007fef6c985d29
[  166.867817][ T7184] RDX: 0000000020004000 RSI: 0000000020000600 RDI: 0000000000000003
[  166.875764][ T7184] RBP: 00007fef6d87b090 R08: 0000000000000000 R09: 0000000000000000
[  166.883713][ T7184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.891659][ T7184] R13: 0000000000000000 R14: 00007fef6cb75fa0 R15: 00007ffd028f0318
[  166.899617][ T7184]  </TASK>
[  166.931738][   T29] audit: type=1400 audit(1736915441.727:568): avc:  denied  { ioctl } for  pid=7185 comm="syz.3.323" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  167.164408][  T969] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  167.408899][  T969] usb 4-1: unable to get BOS descriptor or descriptor too short
[  167.491362][  T969] usb 4-1: not running at top speed; connect to a high speed hub
[  167.631891][  T969] usb 4-1: config 1 interface 0 has no altsetting 0
[  167.878353][  T969] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.40
[  167.887624][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.913995][  T969] usb 4-1: Product: syz
[  167.924939][  T969] usb 4-1: Manufacturer: 㖷䍾㓎롌熂గ勈ਧᶐ㈴ꖧ꾎䌜蛨刜쁾脂镸㨆彆乸댵ꉾ꼷终걒垴꠻ᕜ㦭쀚磏㵁雷㦜叾봔纴
[  167.981150][  T969] usb 4-1: SerialNumber: syz
[  168.585807][   T29] audit: type=1400 audit(1736915443.387:569): avc:  denied  { read } for  pid=7185 comm="syz.3.323" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  168.585859][   T29] audit: type=1400 audit(1736915443.387:570): avc:  denied  { open } for  pid=7185 comm="syz.3.323" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  273.663878][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  273.663896][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P7209/1:b..l P5817/2:b..l
[  273.664440][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=12229, q=132 ncpus=2)
[  273.664458][    C1] task:syz-executor    state:R  running task     stack:23008 pid:5817  tgid:5817  ppid:5812   flags:0x00004002
[  273.664519][    C1] Call Trace:
[  273.664526][    C1]  <TASK>
[  273.664537][    C1]  __schedule+0xe58/0x5ad0
[  273.664579][    C1]  ? __pfx___schedule+0x10/0x10
[  273.664608][    C1]  ? mark_held_locks+0x9f/0xe0
[  273.664633][    C1]  preempt_schedule_irq+0x51/0x90
[  273.664655][    C1]  irqentry_exit+0x36/0x90
[  273.664677][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  273.664702][    C1] RIP: 0010:lock_acquire.part.0+0x155/0x380
[  273.664723][    C1] Code: b8 ff ff ff ff 65 0f c1 05 40 b0 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
[  273.664740][    C1] RSP: 0018:ffffc90004aaf268 EFLAGS: 00000206
[  273.664756][    C1] RAX: 0000000000000046 RBX: 1ffff92000955e4e RCX: 00000000c70002c2
[  273.664769][    C1] RDX: 0000000000000001 RSI: ffffffff8b6cdce0 RDI: ffffffff8bd1ef20
[  273.664782][    C1] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dca798
[  273.664794][    C1] R10: ffffffff96e53cc7 R11: 0000000000000002 R12: 0000000000000000
[  273.664806][    C1] R13: ffffffff8e1bb900 R14: 0000000000000000 R15: 0000000000000000
[  273.664833][    C1]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  273.664854][    C1]  ? rcu_is_watching+0x12/0xc0
[  273.664878][    C1]  ? trace_lock_acquire+0x14e/0x1f0
[  273.664904][    C1]  ? is_bpf_text_address+0x30/0x1a0
[  273.664927][    C1]  ? lock_acquire+0x2f/0xb0
[  273.664945][    C1]  ? is_bpf_text_address+0x30/0x1a0
[  273.664966][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  273.664993][    C1]  is_bpf_text_address+0x36/0x1a0
[  273.665014][    C1]  ? is_bpf_text_address+0x30/0x1a0
[  273.665035][    C1]  kernel_text_address+0x8d/0x100
[  273.665055][    C1]  __kernel_text_address+0xd/0x40
[  273.665075][    C1]  unwind_get_return_address+0x59/0xa0
[  273.665096][    C1]  arch_stack_walk+0xa7/0x100
[  273.665129][    C1]  stack_trace_save+0x95/0xd0
[  273.665154][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  273.665186][    C1]  save_stack+0x162/0x1f0
[  273.665206][    C1]  ? __pfx_save_stack+0x10/0x10
[  273.665223][    C1]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  273.665242][    C1]  ? free_unref_folios+0xa7b/0x14f0
[  273.665262][    C1]  ? folios_put_refs+0x587/0x7b0
[  273.665281][    C1]  ? shmem_undo_range+0x586/0x1170
[  273.665297][    C1]  ? shmem_evict_inode+0x3a3/0xba0
[  273.665313][    C1]  ? evict+0x409/0x960
[  273.665334][    C1]  ? iput+0x52a/0x890
[  273.665355][    C1]  ? do_unlinkat+0x5c3/0x760
[  273.665373][    C1]  ? __x64_sys_unlink+0xc5/0x110
[  273.665392][    C1]  ? do_syscall_64+0xcd/0x250
[  273.665415][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.665450][    C1]  __reset_page_owner+0x8d/0x400
[  273.665476][    C1]  free_unref_folios+0xa7b/0x14f0
[  273.665508][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  273.665534][    C1]  folios_put_refs+0x587/0x7b0
[  273.665558][    C1]  ? __pfx_folios_put_refs+0x10/0x10
[  273.665582][    C1]  ? folio_batch_remove_exceptionals+0x115/0x1a0
[  273.665610][    C1]  shmem_undo_range+0x586/0x1170
[  273.665638][    C1]  ? __pfx_shmem_undo_range+0x10/0x10
[  273.665678][    C1]  ? unwind_get_return_address+0x59/0xa0
[  273.665699][    C1]  ? arch_stack_walk+0xa7/0x100
[  273.665722][    C1]  ? hlock_class+0x4e/0x130
[  273.665767][    C1]  ? kasan_save_stack+0x33/0x60
[  273.665789][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  273.665807][    C1]  ? hlock_class+0x4e/0x130
[  273.665830][    C1]  ? __lock_acquire+0x15a9/0x3c40
[  273.665853][    C1]  shmem_evict_inode+0x3a3/0xba0
[  273.665873][    C1]  ? find_held_lock+0x2d/0x110
[  273.665898][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  273.665916][    C1]  ? evict+0x3c8/0x960
[  273.665938][    C1]  ? __pfx_lock_release+0x10/0x10
[  273.665962][    C1]  ? lock_acquire+0x2f/0xb0
[  273.665985][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[  273.666003][    C1]  evict+0x409/0x960
[  273.666027][    C1]  ? __pfx_evict+0x10/0x10
[  273.666063][    C1]  iput+0x52a/0x890
[  273.666086][    C1]  ? __pfx_generic_delete_inode+0x10/0x10
[  273.666107][    C1]  do_unlinkat+0x5c3/0x760
[  273.666128][    C1]  ? __virt_addr_valid+0x5e/0x590
[  273.666151][    C1]  ? __pfx_do_unlinkat+0x10/0x10
[  273.666170][    C1]  ? __check_object_size+0x488/0x710
[  273.666203][    C1]  ? getname_flags.part.0+0x1c5/0x550
[  273.666230][    C1]  __x64_sys_unlink+0xc5/0x110
[  273.666250][    C1]  do_syscall_64+0xcd/0x250
[  273.666275][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.666298][    C1] RIP: 0033:0x7f10f73852d7
[  273.666313][    C1] RSP: 002b:00007fffb54b4e68 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
[  273.666332][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f10f73852d7
[  273.666344][    C1] RDX: 00007fffb54b4e90 RSI: 00007fffb54b4f20 RDI: 00007fffb54b4f20
[  273.666357][    C1] RBP: 00007fffb54b4f20 R08: 0000000000000000 R09: 0000000000000000
[  273.666368][    C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007fffb54b5fa0
[  273.666380][    C1] R13: 00007f10f74018f4 R14: 00007fffb54b5fe0 R15: 0000000000000034
[  273.666405][    C1]  </TASK>
[  273.666412][    C1] task:syz.1.329       state:R  running task     stack:26928 pid:7209  tgid:7205  ppid:5813   flags:0x00004002
[  273.666466][    C1] Call Trace:
[  273.666472][    C1]  <TASK>
[  273.666488][    C1]  __schedule+0xe58/0x5ad0
[  273.666508][    C1]  ? page_ext_put+0x3e/0xd0
[  273.666530][    C1]  ? reacquire_held_locks+0x401/0x4c0
[  273.666560][    C1]  ? __pfx___schedule+0x10/0x10
[  273.666580][    C1]  ? page_table_check_set+0x8ee/0x9c0
[  273.666611][    C1]  ? preempt_schedule_thunk+0x1a/0x30
[  273.666631][    C1]  preempt_schedule_common+0x44/0xc0
[  273.666655][    C1]  preempt_schedule_thunk+0x1a/0x30
[  273.666678][    C1]  _raw_spin_unlock+0x3e/0x50
[  273.666698][    C1]  finish_fault+0x9e7/0x1010
[  273.666720][    C1]  ? __do_fault+0x21c/0x490
[  273.666748][    C1]  do_pte_missing+0xee6/0x3e00
[  273.666778][    C1]  __handle_mm_fault+0x103c/0x2a40
[  273.666803][    C1]  ? find_held_lock+0x2d/0x110
[  273.666828][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  273.666850][    C1]  ? follow_page_pte+0x3c3/0x1b20
[  273.666870][    C1]  ? __pfx_lock_release+0x10/0x10
[  273.666899][    C1]  ? follow_page_pte+0x3f7/0x1b20
[  273.666925][    C1]  handle_mm_fault+0x3fa/0xaa0
[  273.666951][    C1]  __get_user_pages+0x8d9/0x3b50
[  273.666978][    C1]  ? __pfx_mt_find+0x10/0x10
[  273.667002][    C1]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  273.667022][    C1]  ? __pfx___get_user_pages+0x10/0x10
[  273.667045][    C1]  ? __mm_populate+0x21d/0x380
[  273.667071][    C1]  populate_vma_page_range+0x27f/0x3a0
[  273.667094][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[  273.667114][    C1]  ? __pfx_find_vma_intersection+0x10/0x10
[  273.667133][    C1]  ? vm_mmap_pgoff+0x25b/0x360
[  273.667158][    C1]  __mm_populate+0x1d6/0x380
[  273.667181][    C1]  ? __pfx___mm_populate+0x10/0x10
[  273.667203][    C1]  ? up_write+0x1b2/0x520
[  273.667228][    C1]  vm_mmap_pgoff+0x293/0x360
[  273.667250][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  273.667270][    C1]  ? do_user_addr_fault+0xe50/0x13f0
[  273.667297][    C1]  ksys_mmap_pgoff+0x7d/0x5c0
[  273.667320][    C1]  __x64_sys_mmap+0x125/0x190
[  273.667343][    C1]  do_syscall_64+0xcd/0x250
[  273.667368][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.667392][    C1] RIP: 0033:0x7f1464b85d29
[  273.667405][    C1] RSP: 002b:00007f1465a85038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  273.667422][    C1] RAX: ffffffffffffffda RBX: 00007f1464d76080 RCX: 00007f1464b85d29
[  273.667435][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[  273.667447][    C1] RBP: 00007f1464c01b08 R08: ffffffffffffffff R09: 0000000000000000
[  273.667459][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  273.667471][    C1] R13: 0000000000000001 R14: 00007f1464d76080 R15: 00007ffe8340cda8
[  273.667504][    C1]  </TASK>
[  273.667511][    C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g12229 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  273.667531][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  273.667540][    C1] rcu: RCU grace-period kthread stack dump:
[  273.667546][    C1] task:rcu_preempt     state:R  running task     stack:28472 pid:17    tgid:17    ppid:2      flags:0x00004000
[  273.667600][    C1] Call Trace:
[  273.667606][    C1]  <TASK>
[  273.667616][    C1]  __schedule+0xe58/0x5ad0
[  273.667637][    C1]  ? __pfx___lock_acquire+0x10/0x10
[  273.667669][    C1]  ? __pfx___schedule+0x10/0x10
[  273.667691][    C1]  ? schedule+0x298/0x350
[  273.667711][    C1]  ? __pfx_lock_release+0x10/0x10
[  273.667735][    C1]  ? lock_acquire+0x2f/0xb0
[  273.667752][    C1]  ? schedule+0x1fd/0x350
[  273.667776][    C1]  schedule+0xe7/0x350
[  273.667798][    C1]  schedule_timeout+0x124/0x280
[  273.667817][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  273.667837][    C1]  ? __pfx_process_timeout+0x10/0x10
[  273.667867][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  273.667889][    C1]  ? prepare_to_swait_event+0xf3/0x470
[  273.667914][    C1]  rcu_gp_fqs_loop+0x1eb/0xb00
[  273.667938][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  273.667957][    C1]  ? rcu_gp_init+0xc82/0x1630
[  273.667980][    C1]  ? _raw_spin_unlock_irq+0x2e/0x50
[  273.668012][    C1]  rcu_gp_kthread+0x271/0x380
[  273.668033][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  273.668055][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  273.668079][    C1]  ? __kthread_parkme+0x148/0x220
[  273.668105][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  273.668126][    C1]  kthread+0x2c1/0x3a0
[  273.668148][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  273.668168][    C1]  ? __pfx_kthread+0x10/0x10
[  273.668192][    C1]  ret_from_fork+0x45/0x80
[  273.668209][    C1]  ? __pfx_kthread+0x10/0x10
[  273.668232][    C1]  ret_from_fork_asm+0x1a/0x30
[  273.668268][    C1]  </TASK>
[  273.668275][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  273.668283][    C1] CPU: 1 UID: 0 PID: 7216 Comm: syz.0.332 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  273.668303][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  273.668314][    C1] RIP: 0010:smp_call_function_many_cond+0x45d/0x1300
[  273.668339][    C1] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0b 0c 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31 ff 83 e0 01 41
[  273.668355][    C1] RSP: 0018:ffffc90004cbf5a8 EFLAGS: 00000246
[  273.668370][    C1] RAX: 0000000000000000 RBX: ffff8880b86469c0 RCX: ffffc900131b0000
[  273.668382][    C1] RDX: 0000000000080000 RSI: ffffffff818e18f6 RDI: 0000000000000005
[  273.668393][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  273.668405][    C1] R10: 0000000000000001 R11: 0000000000000005 R12: ffffed10170c8d39
[  273.668416][    C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40
[  273.668429][    C1] FS:  00007fec111b26c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  273.668448][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  273.668460][    C1] CR2: 000000002032e030 CR3: 000000002947c000 CR4: 00000000003526f0
[  273.668472][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  273.668488][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  273.668500][    C1] Call Trace:
[  273.668506][    C1]  <IRQ>
[  273.668513][    C1]  ? rcu_check_gp_kthread_starvation+0x31b/0x450
[  273.668538][    C1]  ? do_raw_spin_unlock+0x172/0x230
[  273.668563][    C1]  ? rcu_sched_clock_irq+0x247a/0x3310
[  273.668596][    C1]  ? timekeeping_advance+0x72e/0xa90
[  273.668614][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[  273.668641][    C1]  ? __asan_memcpy+0x3c/0x60
[  273.668660][    C1]  ? cgroup_rstat_updated+0x2a/0xb20
[  273.668692][    C1]  ? rcu_is_watching+0x12/0xc0
[  273.668719][    C1]  ? update_process_times+0x178/0x2d0
[  273.668742][    C1]  ? __pfx_update_process_times+0x10/0x10
[  273.668764][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  273.668788][    C1]  ? update_wall_time+0x1c/0x40
[  273.668809][    C1]  ? tick_nohz_handler+0x376/0x530
[  273.668836][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  273.668859][    C1]  ? __hrtimer_run_queues+0x5fb/0xae0
[  273.668891][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  273.668913][    C1]  ? read_tsc+0x9/0x20
[  273.668943][    C1]  ? hrtimer_interrupt+0x392/0x8e0
[  273.668978][    C1]  ? __sysvec_apic_timer_interrupt+0x10f/0x400
[  273.669001][    C1]  ? sysvec_apic_timer_interrupt+0x9f/0xc0
[  273.669023][    C1]  </IRQ>
[  273.669029][    C1]  <TASK>
[  273.669037][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  273.669069][    C1]  ? smp_call_function_many_cond+0x456/0x1300
[  273.669093][    C1]  ? smp_call_function_many_cond+0x45d/0x1300
[  273.669118][    C1]  ? smp_call_function_many_cond+0x456/0x1300
[  273.669143][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  273.669170][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  273.669192][    C1]  on_each_cpu_cond_mask+0x40/0x90
[  273.669217][    C1]  text_poke_bp_batch+0x22b/0x760
[  273.669240][    C1]  ? __pfx_text_poke_loc_init+0x10/0x10
[  273.669265][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  273.669296][    C1]  ? rcu_is_watching+0x12/0xc0
[  273.669320][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  273.669343][    C1]  text_poke_bp+0xa3/0xd0
[  273.669360][    C1]  ? __pfx_text_poke_bp+0x10/0x10
[  273.669381][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  273.669404][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  273.669426][    C1]  __static_call_transform+0x34d/0x770
[  273.669447][    C1]  ? __pfx___static_call_transform+0x10/0x10
[  273.669466][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  273.669494][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  273.669514][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  273.669533][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  273.669552][    C1]  arch_static_call_transform+0x5d/0xb0
[  273.669569][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  273.669591][    C1]  __static_call_update+0xee/0x660
[  273.669614][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  273.669634][    C1]  ? __pfx___static_call_update+0x10/0x10
[  273.669659][    C1]  ? rcu_is_watching+0x12/0xc0
[  273.669683][    C1]  ? __kmalloc_noprof+0x23b/0x510
[  273.669706][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  273.669728][    C1]  tracepoint_add_func+0xbcb/0xeb0
[  273.669756][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  273.669778][    C1]  tracepoint_probe_register_prio_may_exist+0xbd/0x110
[  273.669802][    C1]  ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10
[  273.669825][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  273.669849][    C1]  ? __local_bh_enable_ip+0xa4/0x120
[  273.669875][    C1]  bpf_probe_register+0x189/0x200
[  273.669898][    C1]  bpf_raw_tp_link_attach+0x2cd/0x5f0
[  273.669922][    C1]  ? __pfx_lock_release+0x10/0x10
[  273.669941][    C1]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  273.669968][    C1]  ? lock_acquire+0x2f/0xb0
[  273.669985][    C1]  ? __fget_files+0x40/0x3a0
[  273.670012][    C1]  ? fput+0x67/0x440
[  273.670034][    C1]  ? __bpf_prog_get+0xa0/0x290
[  273.670056][    C1]  __sys_bpf+0x3a4/0x49c0
[  273.670082][    C1]  ? __pfx___sys_bpf+0x10/0x10
[  273.670108][    C1]  ? do_user_addr_fault+0xdc7/0x13f0
[  273.670125][    C1]  ? reacquire_held_locks+0x20b/0x4c0
[  273.670147][    C1]  ? do_futex+0x123/0x350
[  273.670166][    C1]  ? __pfx_do_futex+0x10/0x10
[  273.670194][    C1]  ? xfd_validate_state+0x5d/0x180
[  273.670213][    C1]  ? rcu_is_watching+0x12/0xc0
[  273.670240][    C1]  __x64_sys_bpf+0x78/0xc0
[  273.670262][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  273.670284][    C1]  do_syscall_64+0xcd/0x250
[  273.670309][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.670332][    C1] RIP: 0033:0x7fec13785d29
[  273.670346][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  273.670362][    C1] RSP: 002b:00007fec111b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  273.670380][    C1] RAX: ffffffffffffffda RBX: 00007fec13976240 RCX: 00007fec13785d29
[  273.670392][    C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011
[  273.670404][    C1] RBP: 00007fec13801b08 R08: 0000000000000000 R09: 0000000000000000
[  273.670415][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  273.670427][    C1] R13: 0000000000000000 R14: 00007fec13976240 R15: 00007ffdfd21f298
[  273.670450][    C1]  </TASK>
[  419.967929][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [syz.0.332:7216]
[  419.967953][    C1] Modules linked in:
[  419.967964][    C1] irq event stamp: 19207518
[  419.967971][    C1] hardirqs last  enabled at (19207517): [<ffffffff8b2a139b>] irqentry_exit+0x3b/0x90
[  419.968004][    C1] hardirqs last disabled at (19207518): [<ffffffff8b29fb1e>] sysvec_apic_timer_interrupt+0xe/0xc0
[  419.968028][    C1] softirqs last  enabled at (19207516): [<ffffffff815c627b>] handle_softirqs+0x5bb/0x8f0
[  419.968052][    C1] softirqs last disabled at (19207507): [<ffffffff815c6749>] __irq_exit_rcu+0x109/0x170
[  419.968077][    C1] CPU: 1 UID: 0 PID: 7216 Comm: syz.0.332 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  419.968097][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  419.968107][    C1] RIP: 0010:smp_call_function_many_cond+0x458/0x1300
[  419.968133][    C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0b 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31
[  419.968150][    C1] RSP: 0018:ffffc90004cbf5a8 EFLAGS: 00000246
[  419.968166][    C1] RAX: 0000000000080000 RBX: ffff8880b86469c0 RCX: ffffc900131b0000
[  419.968178][    C1] RDX: 0000000000080000 RSI: ffffffff818e18f6 RDI: 0000000000000005
[  419.968190][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  419.968201][    C1] R10: 0000000000000001 R11: 0000000000000005 R12: ffffed10170c8d39
[  419.968212][    C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40
[  419.968224][    C1] FS:  00007fec111b26c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  419.968243][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  419.968256][    C1] CR2: 000000002032e030 CR3: 000000002947c000 CR4: 00000000003526f0
[  419.968267][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  419.968278][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  419.968290][    C1] Call Trace:
[  419.968296][    C1]  <IRQ>
[  419.968305][    C1]  ? watchdog_timer_fn+0x570/0x7d0
[  419.968330][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  419.968351][    C1]  ? __hrtimer_run_queues+0x5fb/0xae0
[  419.968382][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  419.968404][    C1]  ? read_tsc+0x9/0x20
[  419.968434][    C1]  ? hrtimer_interrupt+0x392/0x8e0
[  419.968468][    C1]  ? __sysvec_apic_timer_interrupt+0x10f/0x400
[  419.968491][    C1]  ? sysvec_apic_timer_interrupt+0x9f/0xc0
[  419.968513][    C1]  </IRQ>
[  419.968519][    C1]  <TASK>
[  419.968526][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  419.968559][    C1]  ? smp_call_function_many_cond+0x456/0x1300
[  419.968583][    C1]  ? smp_call_function_many_cond+0x458/0x1300
[  419.968608][    C1]  ? smp_call_function_many_cond+0x456/0x1300
[  419.968631][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  419.968663][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  419.968685][    C1]  on_each_cpu_cond_mask+0x40/0x90
[  419.968711][    C1]  text_poke_bp_batch+0x22b/0x760
[  419.968734][    C1]  ? __pfx_text_poke_loc_init+0x10/0x10
[  419.968758][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  419.968787][    C1]  ? rcu_is_watching+0x12/0xc0
[  419.968813][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.968835][    C1]  text_poke_bp+0xa3/0xd0
[  419.968852][    C1]  ? __pfx_text_poke_bp+0x10/0x10
[  419.968873][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  419.968895][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.968916][    C1]  __static_call_transform+0x34d/0x770
[  419.968936][    C1]  ? __pfx___static_call_transform+0x10/0x10
[  419.968955][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.968978][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  419.968997][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.969017][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  419.969036][    C1]  arch_static_call_transform+0x5d/0xb0
[  419.969053][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.969074][    C1]  __static_call_update+0xee/0x660
[  419.969097][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  419.969117][    C1]  ? __pfx___static_call_update+0x10/0x10
[  419.969137][    C1]  ? rcu_is_watching+0x12/0xc0
[  419.969161][    C1]  ? __kmalloc_noprof+0x23b/0x510
[  419.969185][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  419.969207][    C1]  tracepoint_add_func+0xbcb/0xeb0
[  419.969236][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  419.969257][    C1]  tracepoint_probe_register_prio_may_exist+0xbd/0x110
[  419.969281][    C1]  ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10
[  419.969304][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  419.969328][    C1]  ? __local_bh_enable_ip+0xa4/0x120
[  419.969352][    C1]  bpf_probe_register+0x189/0x200
[  419.969376][    C1]  bpf_raw_tp_link_attach+0x2cd/0x5f0
[  419.969400][    C1]  ? __pfx_lock_release+0x10/0x10
[  419.969419][    C1]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  419.969445][    C1]  ? lock_acquire+0x2f/0xb0
[  419.969462][    C1]  ? __fget_files+0x40/0x3a0
[  419.969490][    C1]  ? fput+0x67/0x440
[  419.969512][    C1]  ? __bpf_prog_get+0xa0/0x290
[  419.969534][    C1]  __sys_bpf+0x3a4/0x49c0
[  419.969560][    C1]  ? __pfx___sys_bpf+0x10/0x10
[  419.969586][    C1]  ? do_user_addr_fault+0xdc7/0x13f0
[  419.969604][    C1]  ? reacquire_held_locks+0x20b/0x4c0
[  419.969626][    C1]  ? do_futex+0x123/0x350
[  419.969649][    C1]  ? __pfx_do_futex+0x10/0x10
[  419.969680][    C1]  ? xfd_validate_state+0x5d/0x180
[  419.969702][    C1]  ? rcu_is_watching+0x12/0xc0
[  419.969731][    C1]  __x64_sys_bpf+0x78/0xc0
[  419.969754][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  419.969775][    C1]  do_syscall_64+0xcd/0x250
[  419.969801][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.969823][    C1] RIP: 0033:0x7fec13785d29
[  419.969840][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.969855][    C1] RSP: 002b:00007fec111b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  419.969873][    C1] RAX: ffffffffffffffda RBX: 00007fec13976240 RCX: 00007fec13785d29
[  419.969885][    C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011
[  419.969896][    C1] RBP: 00007fec13801b08 R08: 0000000000000000 R09: 0000000000000000
[  419.969907][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  419.969918][    C1] R13: 0000000000000000 R14: 00007fec13976240 R15: 00007ffdfd21f298
[  419.969941][    C1]  </TASK>
[  419.969949][    C1] Sending NMI from CPU 1 to CPUs 0:
[  419.969971][    C0] NMI backtrace for cpu 0
[  419.969979][    C0] CPU: 0 UID: 0 PID: 7210 Comm: syz.2.330 Not tainted 6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  419.969994][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  419.970001][    C0] RIP: 0010:mark_lock+0x127/0xc60
[  419.970015][    C0] Code: 00 00 00 00 48 c7 40 10 00 00 00 00 48 8b 84 24 08 01 00 00 65 48 2b 04 25 28 00 00 00 0f 85 56 09 00 00 48 8d 65 d8 89 d0 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 8d 7e 22 48 89 f8 48
[  419.970027][    C0] RSP: 0018:ffffc90000007a80 EFLAGS: 00000046
[  419.970037][    C0] RAX: 0000000000000001 RBX: ffff888050e60b52 RCX: 1ffffffff2dca828
[  419.970046][    C0] RDX: 0000000000000001 RSI: 0000000000000100 RDI: ffffffff96e54140
[  419.970054][    C0] RBP: ffffc90000007aa0 R08: 0000000000000000 R09: fffffbfff2dca798
[  419.970063][    C0] R10: ffffffff96e53cc7 R11: 0000000000000001 R12: ffff888050e60000
[  419.970071][    C0] R13: 0000000000000100 R14: 0000000000000008 R15: 1ffff92000000f32
[  419.970080][    C0] FS:  00007fef6d8596c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  419.970095][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  419.970104][    C0] CR2: 0000001b2f403ff8 CR3: 0000000021392000 CR4: 00000000003526f0
[  419.970113][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  419.970121][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  419.970129][    C0] Call Trace:
[  419.970133][    C0]  <NMI>
[  419.970137][    C0]  ? nmi_cpu_backtrace+0x1d8/0x390
[  419.970152][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  419.970165][    C0]  ? nmi_handle+0x1ac/0x5d0
[  419.970179][    C0]  ? mark_lock+0x127/0xc60
[  419.970192][    C0]  ? default_do_nmi+0x6a/0x160
[  419.970206][    C0]  ? exc_nmi+0x170/0x1e0
[  419.970219][    C0]  ? end_repeat_nmi+0xf/0x53
[  419.970239][    C0]  ? mark_lock+0x127/0xc60
[  419.970252][    C0]  ? mark_lock+0x127/0xc60
[  419.970266][    C0]  ? mark_lock+0x127/0xc60
[  419.970279][    C0]  </NMI>
[  419.970283][    C0]  <IRQ>
[  419.970287][    C0]  __lock_acquire+0x9f1/0x3c40
[  419.970304][    C0]  ? hlock_class+0x4e/0x130
[  419.970322][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  419.970338][    C0]  lock_acquire.part.0+0x11b/0x380
[  419.970353][    C0]  ? debug_object_activate+0x149/0x4a0
[  419.970369][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  419.970383][    C0]  ? rcu_is_watching+0x12/0xc0
[  419.970400][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  419.970418][    C0]  ? debug_object_activate+0x149/0x4a0
[  419.970433][    C0]  ? lock_acquire+0x2f/0xb0
[  419.970446][    C0]  ? debug_object_activate+0x149/0x4a0
[  419.970461][    C0]  _raw_spin_lock_irqsave+0x3a/0x60
[  419.970475][    C0]  ? debug_object_activate+0x149/0x4a0
[  419.970490][    C0]  debug_object_activate+0x149/0x4a0
[  419.970504][    C0]  ? lock_acquire.part.0+0x11b/0x380
[  419.970518][    C0]  ? __pfx_debug_object_activate+0x10/0x10
[  419.970534][    C0]  ? do_raw_spin_lock+0x12d/0x2c0
[  419.970551][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  419.970567][    C0]  ? __pfx_advance_sched+0x10/0x10
[  419.970582][    C0]  enqueue_hrtimer+0x25/0x3c0
[  419.970599][    C0]  __hrtimer_run_queues+0x903/0xae0
[  419.970619][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  419.970635][    C0]  ? read_tsc+0x9/0x20
[  419.970654][    C0]  hrtimer_interrupt+0x392/0x8e0
[  419.970672][    C0]  ? irq_work_single+0x13a/0x260
[  419.970689][    C0]  __sysvec_apic_timer_interrupt+0x10f/0x400
[  419.970704][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  419.970719][    C0]  </IRQ>
[  419.970724][    C0]  <TASK>
[  419.970728][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  419.970746][    C0] RIP: 0010:lock_acquire.part.0+0x155/0x380
[  419.970761][    C0] Code: b8 ff ff ff ff 65 0f c1 05 40 b0 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
[  419.970773][    C0] RSP: 0018:ffffc90004fbf5e8 EFLAGS: 00000206
[  419.970782][    C0] RAX: 0000000000000046 RBX: 1ffff920009f7ebe RCX: ffffffff8175e32e
[  419.970791][    C0] RDX: 0000000000000001 RSI: ffffffff8b6cdce0 RDI: ffffffff8bd1ef20
[  419.970800][    C0] RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dca7af
[  419.970808][    C0] R10: ffffffff96e53d7f R11: 0000000000000000 R12: 0000000000000000
[  419.970817][    C0] R13: ffff88807c466090 R14: 0000000000000000 R15: 0000000000000000
[  419.970828][    C0]  ? hlock_class+0x4e/0x130
[  419.970847][    C0]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  419.970861][    C0]  ? rcu_is_watching+0x12/0xc0
[  419.970878][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[  419.970901][    C0]  ? __unix_dgram_recvmsg+0x267/0xe50
[  419.970919][    C0]  ? lock_acquire+0x2f/0xb0
[  419.970932][    C0]  ? __unix_dgram_recvmsg+0x267/0xe50
[  419.970950][    C0]  __mutex_lock+0x19b/0xa60
[  419.970966][    C0]  ? __unix_dgram_recvmsg+0x267/0xe50
[  419.970984][    C0]  ? __pfx_mark_lock+0x10/0x10
[  419.970997][    C0]  ? __unix_dgram_recvmsg+0x267/0xe50
[  419.971015][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  419.971031][    C0]  ? __scm_recv_common.constprop.0+0x19f/0x650
[  419.971048][    C0]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  419.971070][    C0]  ? __unix_dgram_recvmsg+0x267/0xe50
[  419.971087][    C0]  __unix_dgram_recvmsg+0x267/0xe50
[  419.971106][    C0]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[  419.971123][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  419.971141][    C0]  ? find_held_lock+0x2d/0x110
[  419.971159][    C0]  ? __might_fault+0x13b/0x190
[  419.971177][    C0]  unix_dgram_recvmsg+0xd0/0x110
[  419.971195][    C0]  ____sys_recvmsg+0x5f8/0x6b0
[  419.971213][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[  419.971233][    C0]  ? irqentry_exit+0x3b/0x90
[  419.971248][    C0]  ? __pfx___lock_acquire+0x10/0x10
[  419.971264][    C0]  ___sys_recvmsg+0x115/0x1a0
[  419.971277][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[  419.971289][    C0]  ? find_held_lock+0x2d/0x110
[  419.971311][    C0]  ? __pfx___might_resched+0x10/0x10
[  419.971326][    C0]  ? __might_fault+0xe3/0x190
[  419.971344][    C0]  do_recvmmsg+0x2f8/0x740
[  419.971358][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  419.971371][    C0]  ? __pfx_lock_release+0x10/0x10
[  419.971386][    C0]  ? do_futex+0x123/0x350
[  419.971402][    C0]  ? __x64_sys_futex+0x1e1/0x4c0
[  419.971416][    C0]  __x64_sys_recvmmsg+0x239/0x290
[  419.971430][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  419.971446][    C0]  do_syscall_64+0xcd/0x250
[  419.971464][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.971480][    C0] RIP: 0033:0x7fef6c985d29
[  419.971490][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.971502][    C0] RSP: 002b:00007fef6d859038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  419.971514][    C0] RAX: ffffffffffffffda RBX: 00007fef6cb76080 RCX: 00007fef6c985d29
[  419.971523][    C0] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000005
[  419.971532][    C0] RBP: 00007fef6ca01b08 R08: 0000000000000000 R09: 0000000000000000
[  419.971540][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  419.971548][    C0] R13: 0000000000000000 R14: 00007fef6cb76080 R15: 00007ffd028f0318
[  419.971561][    C0]  </TASK>
[  419.971968][    C1] Kernel panic - not syncing: softlockup: hung tasks
[  419.971979][    C1] CPU: 1 UID: 0 PID: 7216 Comm: syz.0.332 Tainted: G             L     6.13.0-rc7-syzkaller-00039-gc3812b15000c #0
[  419.972002][    C1] Tainted: [L]=SOFTLOCKUP
[  419.972008][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  419.972018][    C1] Call Trace:
[  419.972024][    C1]  <IRQ>
[  419.972030][    C1]  dump_stack_lvl+0x3d/0x1f0
[  419.972054][    C1]  panic+0x71d/0x800
[  419.972071][    C1]  ? __pfx_panic+0x10/0x10
[  419.972093][    C1]  ? __pfx__printk+0x10/0x10
[  419.972116][    C1]  ? __irq_work_queue_local+0xdd/0x460
[  419.972137][    C1]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  419.972154][    C1]  ? irq_work_queue+0x2a/0x80
[  419.972174][    C1]  ? watchdog_timer_fn+0x5f2/0x7d0
[  419.972195][    C1]  ? watchdog_timer_fn+0x5e5/0x7d0
[  419.972219][    C1]  watchdog_timer_fn+0x603/0x7d0
[  419.972242][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[  419.972263][    C1]  __hrtimer_run_queues+0x5fb/0xae0
[  419.972292][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  419.972314][    C1]  ? read_tsc+0x9/0x20
[  419.972342][    C1]  hrtimer_interrupt+0x392/0x8e0
[  419.972375][    C1]  __sysvec_apic_timer_interrupt+0x10f/0x400
[  419.972397][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  419.972418][    C1]  </IRQ>
[  419.972423][    C1]  <TASK>
[  419.972431][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  419.972454][    C1] RIP: 0010:smp_call_function_many_cond+0x458/0x1300
[  419.972477][    C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 aa 0b 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 a7 0c 00 00 8b 43 08 31
[  419.972492][    C1] RSP: 0018:ffffc90004cbf5a8 EFLAGS: 00000246
[  419.972506][    C1] RAX: 0000000000080000 RBX: ffff8880b86469c0 RCX: ffffc900131b0000
[  419.972518][    C1] RDX: 0000000000080000 RSI: ffffffff818e18f6 RDI: 0000000000000005
[  419.972528][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[  419.972539][    C1] R10: 0000000000000001 R11: 0000000000000005 R12: ffffed10170c8d39
[  419.972550][    C1] R13: 0000000000000001 R14: ffff8880b86469c8 R15: ffff8880b873fe40
[  419.972569][    C1]  ? smp_call_function_many_cond+0x456/0x1300
[  419.972596][    C1]  ? smp_call_function_many_cond+0x456/0x1300
[  419.972619][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  419.972659][    C1]  ? __pfx_do_sync_core+0x10/0x10
[  419.972681][    C1]  on_each_cpu_cond_mask+0x40/0x90
[  419.972705][    C1]  text_poke_bp_batch+0x22b/0x760
[  419.972728][    C1]  ? __pfx_text_poke_loc_init+0x10/0x10
[  419.972752][    C1]  ? __pfx_text_poke_bp_batch+0x10/0x10
[  419.972781][    C1]  ? rcu_is_watching+0x12/0xc0
[  419.972805][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.972826][    C1]  text_poke_bp+0xa3/0xd0
[  419.972843][    C1]  ? __pfx_text_poke_bp+0x10/0x10
[  419.972862][    C1]  ? __pfx___mutex_lock+0x10/0x10
[  419.972885][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.972904][    C1]  __static_call_transform+0x34d/0x770
[  419.972925][    C1]  ? __pfx___static_call_transform+0x10/0x10
[  419.972944][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.972966][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  419.972984][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.973003][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  419.973022][    C1]  arch_static_call_transform+0x5d/0xb0
[  419.973039][    C1]  ? __SCT__tp_func_sched_wakeup_new+0x8/0x8
[  419.973060][    C1]  __static_call_update+0xee/0x660
[  419.973081][    C1]  ? __pfx___traceiter_sched_switch+0x10/0x10
[  419.973102][    C1]  ? __pfx___static_call_update+0x10/0x10
[  419.973122][    C1]  ? rcu_is_watching+0x12/0xc0
[  419.973145][    C1]  ? __kmalloc_noprof+0x23b/0x510
[  419.973168][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  419.973189][    C1]  tracepoint_add_func+0xbcb/0xeb0
[  419.973216][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  419.973237][    C1]  tracepoint_probe_register_prio_may_exist+0xbd/0x110
[  419.973260][    C1]  ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10
[  419.973283][    C1]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  419.973306][    C1]  ? __local_bh_enable_ip+0xa4/0x120
[  419.973331][    C1]  bpf_probe_register+0x189/0x200
[  419.973354][    C1]  bpf_raw_tp_link_attach+0x2cd/0x5f0
[  419.973377][    C1]  ? __pfx_lock_release+0x10/0x10
[  419.973395][    C1]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  419.973421][    C1]  ? lock_acquire+0x2f/0xb0
[  419.973437][    C1]  ? __fget_files+0x40/0x3a0
[  419.973464][    C1]  ? fput+0x67/0x440
[  419.973485][    C1]  ? __bpf_prog_get+0xa0/0x290
[  419.973507][    C1]  __sys_bpf+0x3a4/0x49c0
[  419.973532][    C1]  ? __pfx___sys_bpf+0x10/0x10
[  419.973557][    C1]  ? do_user_addr_fault+0xdc7/0x13f0
[  419.973574][    C1]  ? reacquire_held_locks+0x20b/0x4c0
[  419.973596][    C1]  ? do_futex+0x123/0x350
[  419.973613][    C1]  ? __pfx_do_futex+0x10/0x10
[  419.973648][    C1]  ? xfd_validate_state+0x5d/0x180
[  419.973667][    C1]  ? rcu_is_watching+0x12/0xc0
[  419.973695][    C1]  __x64_sys_bpf+0x78/0xc0
[  419.973717][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  419.973739][    C1]  do_syscall_64+0xcd/0x250
[  419.973764][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.973786][    C1] RIP: 0033:0x7fec13785d29
[  419.973799][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.973814][    C1] RSP: 002b:00007fec111b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  419.973830][    C1] RAX: ffffffffffffffda RBX: 00007fec13976240 RCX: 00007fec13785d29
[  419.973842][    C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011
[  419.973854][    C1] RBP: 00007fec13801b08 R08: 0000000000000000 R09: 0000000000000000
[  419.973865][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  419.973876][    C1] R13: 0000000000000000 R14: 00007fec13976240 R15: 00007ffdfd21f298
[  419.973897][    C1]  </TASK>
[  421.053078][    C1] Shutting down cpus with NMI
[  421.053278][    C1] Kernel Offset: disabled