last executing test programs:

1m37.101431453s ago: executing program 3 (id=4567):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x4b4d, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b"], 0x30}, 0x1, 0x0, 0x0, 0x884}, 0x810)

1m36.117720813s ago: executing program 3 (id=4569):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000003140100000000000000000a0900020073797a3100000000080041007278650014003300766c616e30"], 0x38}}, 0x0)

1m35.680884123s ago: executing program 3 (id=4572):
gettid()
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e00000027f0000010000000003"], 0x1c)
setsockopt$inet_mreqsrc(r2, 0x0, 0x26, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc)
writev(r1, &(0x7f0000001440)=[{&(0x7f0000000cc0)="f15cc9613bc9dd53c1b99d4811de0c9d10e6993ea27fcd9303ba8b9d", 0x1c}, {&(0x7f0000001040)="95fcf2b7fcb6c29e1587e58743feaabbfc43244a9cc4b94fc758bd0cd492f55582c22358865ecb432e1c", 0x2a}, {0x0}], 0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x2, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
clock_nanosleep(0x9, 0x0, 0x0, 0x0)
semtimedop(0x0, &(0x7f0000000040)=[{0x0, 0x1}], 0x1, 0x0)
epoll_pwait2(r2, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x7, &(0x7f0000000080), &(0x7f00000001c0)={[0xfffffffffffffff1]}, 0x8)
semctl$IPC_RMID(0x0, 0x0, 0x10)

1m35.5661953s ago: executing program 3 (id=4573):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x2, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f00000002c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus/file0\x00', 0x0)
mount(&(0x7f0000000040)=@filename='./bus/file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x3000, 0x0)
rmdir(&(0x7f00000000c0)='./bus/file0\x00')
mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0xb101a, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0)

1m34.778816496s ago: executing program 3 (id=4575):
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = epoll_create1(0x0)
epoll_wait(r2, &(0x7f0000002a80)=[{}], 0x1, 0xfffeffff)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
epoll_pwait(r2, &(0x7f0000000040)=[{}], 0x1, 0xea5, 0x0, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x83, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xa00000000000000, 0x0, 0xfffffffffffffffc}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000080)={0x9d32f4b220c65367})
ioctl$int_in(r1, 0x5421, 0x0)
connect$inet(r1, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff041, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
epoll_create1(0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, 0x0}, 0x1f00)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)

1m33.390259258s ago: executing program 3 (id=4579):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x4b4d, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b"], 0x30}, 0x1, 0x0, 0x0, 0x884}, 0x810)

1m32.857216089s ago: executing program 32 (id=4579):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r3, 0x4b4d, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002dbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b"], 0x30}, 0x1, 0x0, 0x0, 0x884}, 0x810)

41.790377238s ago: executing program 0 (id=4772):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2e02, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000080000006a0a00ff000000002e00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000000000002505000000000000009500ecff00000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x480, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001240)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2f00000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57bdd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41d4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36ddff5b7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b256d1a793bc00bcf1ed92255798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e2b42bcae95239ef5ca2a730a00c87c493dbfa60e63fda97a29682881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de57f9c4af1e094fa4e3f05528c2a165996efaab5a430c08dd810bc97204b767dd969721a26aa74bc825c9cdb828bf1765aa3a6029c789d130bd8b4f9b0b9f2189dfa482518c5349fb222407b4524041407ac2f3ea2edd90f1c039a75ce262b29780f1cbe7229d5a85a6c102b2be047adc367a838ce43d8b92cc6acb70e077a13fbfc168885bf7e87bb50c0e08a59350d6e867805bd6c3b7843739f2b8f0e00000000000000000000033954fde8afc3c72df8ab41352dceb2d7c99768f76b49946b5ae6e2c4d064bd05958d9672e33319b307b027dc5152ec67bdedf86da265c612dc799dcfc21150a3b96cd779c1728f97131d41fc583ab289401916146842398716d838aa46e1c2c14ef49c54da1b0fa86aa090bea885c40d17c5d07d"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x14)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919580684010a40800", 0x0, 0x241, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23)
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000340)={0x28, 0x2, r1, 0x0, &(0x7f0000000040)='a', 0x1, 0x7})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r1, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000180)={0x28, 0x6, r1, r1, 0xa93, 0x0, 0x2000})
fsopen(&(0x7f0000000000)='f2fs\x00', 0x1)

40.162330333s ago: executing program 0 (id=4774):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
syz_open_dev$sndmidi(&(0x7f0000000080), 0x7, 0x149481)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
pselect6(0x40, &(0x7f0000000600)={0x0, 0x3}, 0x0, &(0x7f0000000240)={0x7ff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc59}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000025c0)="866b3d570029a5e6", 0x8)
sendmmsg$alg(r2, &(0x7f0000000580)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="c5", 0x1}], 0x1}], 0x1, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
timerfd_create(0x8, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0xfffffffffffffd87)

39.383519583s ago: executing program 0 (id=4781):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000d40000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000bc000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000009000038008000240000000007c00038014000100626f6e64300000000000000000000000140001006970766c616e31000000000000000000140001006970766c616e300000000000000000001400010073697430000000000000fbffffffffffffff0100776c616e300000000000000000000000140001006772653000000000000000000000040008000140000000005c000000180a01010000000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014000100626f6e6430"], 0x4b0}}, 0x0)
io_setup(0xe, &(0x7f0000000040)=<r1=>0x0)
io_pgetevents(r1, 0x8, 0x7, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000180)={0x77359400}, &(0x7f0000000200)={&(0x7f00000001c0)={[0x9]}, 0x8})

37.214122371s ago: executing program 0 (id=4788):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x68, 0x14, 0xf0b, 0x70bd2e, 0x0, {0x2, 0x0, 0x0, 0x0, {0x5, 0x7}, {0xfff2}, {0x0, 0x1}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0xa, 0x7}}, {0x4}}, {{0x1c, 0x1, {0x2, 0xb, 0x1c, 0xbbf, 0x0, 0x6, 0x6}}, {0x4}}]}]}, 0x68}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x12, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x80700a, 0x0)
umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='rpcgss_svc_accept_upcall\x00'}, 0x10)
r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_SIOCINQ(r5, 0x541b, &(0x7f0000000000))
connect$bt_sco(r5, &(0x7f0000000040), 0x8)
connect$bt_sco(0xffffffffffffffff, &(0x7f0000000080)={0x1f, @none}, 0x8)
shutdown(r5, 0x1)
connect$bt_sco(r5, &(0x7f0000000100), 0x8)
shutdown(r5, 0x1)

36.054254502s ago: executing program 0 (id=4792):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)

35.804083782s ago: executing program 0 (id=4795):
prlimit64(0x0, 0x9, &(0x7f0000000040)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
rseq(0x0, 0x0, 0x0, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x4d, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
ioctl$TCSETA(0xffffffffffffffff, 0x4b6a, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=ANY=[@ANYBLOB="30000000120001"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
close(r3)
r6 = io_uring_setup(0x17c7, &(0x7f00000002c0))
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = socket$inet6(0xa, 0x2, 0x0)
r9 = fcntl$dupfd(r8, 0x0, r8)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r7, &(0x7f0000000240), &(0x7f0000000280)=@udp6=r9}, 0x20)
recvfrom$inet_nvme(r9, &(0x7f0000000000)=""/6, 0x6, 0x0, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r11=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r10, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000180)={0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x1, 0x9, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3370f0000d0c19323a260"}})

35.608431445s ago: executing program 33 (id=4795):
prlimit64(0x0, 0x9, &(0x7f0000000040)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
rseq(0x0, 0x0, 0x0, 0x0)
msgctl$IPC_RMID(0x0, 0x0)
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x4d, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
ioctl$TCSETA(0xffffffffffffffff, 0x4b6a, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001040)=ANY=[@ANYBLOB="30000000120001"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
close(r3)
r6 = io_uring_setup(0x17c7, &(0x7f00000002c0))
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = socket$inet6(0xa, 0x2, 0x0)
r9 = fcntl$dupfd(r8, 0x0, r8)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r7, &(0x7f0000000240), &(0x7f0000000280)=@udp6=r9}, 0x20)
recvfrom$inet_nvme(r9, &(0x7f0000000000)=""/6, 0x6, 0x0, 0x0, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r11=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_WAIT_VBLANK(r10, 0xc018643a, &(0x7f0000000140)={0x1, 0x101})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000180)={0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x1, 0x9, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3370f0000d0c19323a260"}})

8.865873775s ago: executing program 4 (id=4898):
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001a00910c07a551559a257aac81", @ANYRESHEX], 0xfe33) (fail_nth: 8)

8.422052949s ago: executing program 5 (id=4901):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

8.317857137s ago: executing program 4 (id=4902):
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x1, 0x300)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
fsopen(&(0x7f0000000700)='rpc_pipefs\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000280)=0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(r1, &(0x7f0000000180)='cgroup.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000240), 0x3af4701e)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2f, 0x8, 0x40, 0x800, 0x8, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, 0x1, 0x10, 0x8, 0x800}})
syz_open_procfs(0x0, &(0x7f00000005c0)='net/raw6\x00')
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x40, 0x0, 0x0, 0x6, 0x0, 0x80}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r4, 0x8b32, &(0x7f0000000040))

8.19247614s ago: executing program 5 (id=4903):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
syz_open_dev$sndmidi(&(0x7f0000000080), 0x7, 0x149481)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
pselect6(0x40, &(0x7f0000000600)={0x0, 0x3}, 0x0, &(0x7f0000000240)={0x7ff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc59}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000025c0)="866b3d570029a5e6", 0x8)
sendmmsg$alg(r2, &(0x7f0000000580)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="c5", 0x1}], 0x1}], 0x1, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
timerfd_create(0x8, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0xfffffffffffffd87)

6.88695136s ago: executing program 4 (id=4908):
connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB="14fcffff41000d00000000c75600030000000000243366c6e3799154481530a9749ba2cad7c8ef4a12d4ec056c6a0bf55e82ba0885ffa994e5d1794231ad8fbe0edbac6472d9a356ccf8033838095bf2be83345a3a13acb56ee43cb6e3587f7204dfa227757a2eb94e343ef9f19b9a7817cb1847142119e13c71a388534efce46e983a42fd038fcaeddd9c7b6cad9dbe9d15cf31703dea798232b211d6dee3e34476fe1b00043dc02cf55dd5fd2eb74171e146be7f625161536b4295951dbabb8c11269bc7a407a47d1c84f6924232"], 0x14}}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r1 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r1, 0x0, 0x0)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r2, 0x104, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f00000000c0)={@dev={0xac, 0x14, 0x14, 0x1b}, @remote, 0x0, "984fec020f95409ab6786c65f277d17e1882603b60611d8fd006e0abf05c079f", 0x10, 0x9, 0x401, 0x80000000}, 0x3c)
listen(r1, 0x3)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
syz_usb_connect(0x5, 0x52, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x60, 0xa6, 0xe2, 0x40, 0x582, 0x113, 0xb4e1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb1, 0xf7, 0x2, 0xbf, 0x46, 0x7f, 0xfd, [@uac_control={{0xa, 0x24, 0x1, 0x3, 0x1}, [@mixer_unit={0x5, 0x24, 0x4, 0x1, 0x4}]}], [{{0x9, 0x5, 0x6, 0x0, 0x10, 0x0, 0x82, 0x1, [@generic={0xe, 0x30, "fc1fbaba48fac9122d8d445b"}]}}, {{0x9, 0x5, 0x6, 0x1, 0x3ff, 0x9, 0x80, 0x2}}]}}]}}]}}, 0x0)
listen(r5, 0x8)
syz_emit_vhci(0x0, 0x6)
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r6, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x30004001)
setsockopt$sock_attach_bpf(r6, 0x6, 0x3, &(0x7f00000000c0), 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0x10)
sigaltstack(0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect(0x3, 0x0, 0x0, 0x0)

3.757784226s ago: executing program 1 (id=4920):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES64, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)

3.636209351s ago: executing program 6 (id=4921):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001240)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b8, 0x1b0, 0xc8, 0x8, 0x0, 0x5803, 0x310, 0x2e8, 0x2e8, 0x310, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1b0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67442c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}, @common=@inet=@socket1={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @mcast2, [], [], 'macvtap0\x00', 'syzkaller1\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x180, 0x104)
fstatfs(0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fanotify_init(0x0, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x100000000000000}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='tlb_flush\x00', r7, 0x0, 0xfffffffffffffffd}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, &(0x7f0000000240), 0x200000, 0x4)
mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
listen(r2, 0x8)

3.619578507s ago: executing program 1 (id=4922):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x3, 0x3, 0x3, 0x1, 0x4, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)="77690addcfbe1fbb66ec", 0xa}], 0x1, 0x1)
close(r1)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.net/syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000240)='memory.numa_stat\x00', 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/notes', 0x8040, 0x13b)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c0005"], 0x3}}, 0x0)
splice(r0, 0x0, r1, 0x0, 0x10500, 0x0)

3.506198662s ago: executing program 4 (id=4924):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

3.213911455s ago: executing program 1 (id=4926):
mkdir(0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x11, 0x0, 0x20040001, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x5}})
r1 = socket$alg(0x26, 0x5, 0x0)
sendto$inet6(r0, &(0x7f0000001bc0)="88b1fb10424a025379f6e391348acab2685755cb399359f90e022edf8b6461bd2012077e77d38e51bb84f96e1ffcd9025d29dd82b864fac0a50e8f072c35f95a4efb6f876f65d17d1f4e62650418c4970017c1cfff297ad0e6837da1d715e2aaf488b3e60914be48c39580b127a64f6e031199ef87db6cc1307a5731b6b9937641", 0x81, 0x10, &(0x7f0000000240)={0xa, 0x4e21, 0x6e78, @dev={0xfe, 0x80, '\x00', 0x2e}}, 0x1c)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="8db4c6d3916872c4d26e8e39f30e9ce9ab2f204389cf53c6", 0x18)
r2 = accept$alg(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000009040), 0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=inte'])
chdir(&(0x7f0000000140)='./file0\x00')
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r4 = open(0x0, 0x14927e, 0x0)
fallocate(r4, 0x1, 0x6, 0x1001f0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

3.029798931s ago: executing program 6 (id=4927):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000340)=ANY=[@ANYBLOB="1400000014000100000000000000000011000000b7988d52602f87548c81ccd4084899ecc46718f2e6a438c9c4ae9d904c3008f086e7529487c5b90254d97415e1680d0945fc4c5b030b348ffdc41834780fbfdecf6b609f7aa7c11020523ad1b2a41b1dd46b38b16e1f837a169ac5f7728c669fad40e9216aa654ea65da0587652f7ffe3d2320e9326909ef75f690222480b0512060ff2d562472834b9b0f4880716e8fa9b057f80bb6292d276e7c89d14dcaa52b69ace64b148821256ce40a40b67b6f1d6ad4b77e1ff56b30f6da6d59b258a7f261839443455063a96dbf02cebf3c2a3d9bd8d93146d52c6049f64040f63ba34cb3a1af707e06c548a3d677be11b725f7a7fa1cd9c2016e"], 0x14}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x1, {0x2}}, 0x18)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000ffd, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0x5, 0x1, 0x3, 0x2, 0x1, 0x8000}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0e00000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000002f6519cb2f69afa2000000000000000000000000001270f45fe942574e74ef1e0000008f8936803474491098444581bc30397cd35bdd3cd05ab026d5014ebb8f0eb987a9757e4e3632f66e896ad975ea69b53dd31a5c7760dfafe1ed963b26317bd39947ecab182261bfbdf4d024c4dee339c49bc4da7986e8783b88478c0aa89c2a48396f813948bf39bb6723ef253712a5649fb51196240b0d5f8a29147a911e43048ade720a4cdf741fcdfc8f3cf640264ed717ad3d79c78d9b6572406d7c4ba9a176c8d9a7cf8a3b46d5dd25e775ffd031e07b8b7da0b8b10b8b502a0eab21944c3d9757bc94f96c85f9b07f67fbcd72"], 0x50)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x8)
socket$nl_generic(0x11, 0x3, 0x10)
r6 = syz_open_dev$sndctrl(&(0x7f0000002800), 0x1f, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$UI_DEV_DESTROY(r7, 0x5502)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r6, 0xc1105511, &(0x7f0000002880)={{0x7, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 'syz0\x00', 0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'})
r9 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r11 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCBRDELBR(r11, 0x89a2, &(0x7f0000000000)='bridge0\x00')
sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c000000013000100000000000000000007000000", @ANYRES64=0x0, @ANYRES64=r9], 0xc0}, 0x1, 0x0, 0x0, 0x800}, 0x4000084)

2.927483467s ago: executing program 2 (id=4928):
r0 = syz_open_dev$dri(&(0x7f0000000200), 0xfffffffffffffffd, 0x150041)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000000c0)={<r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000100)={<r2=>0x0, 0x1})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b04, &(0x7f0000000040)={'batadv0\x00', @local})
socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x2c}}, 0x5090)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f00000001c0), 0x12)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_freezer_state(r5, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r7, &(0x7f0000000080)='THAWED\x00', 0x7)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="4000000040c0fd55bd95e5da843d38690b516350d1f764ab3c213c58000000007bd0da27ff55960f18ee6f5fc1", @ANYRES16=r9, @ANYRESHEX=r0, @ANYRES32, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYBLOB="60967000a68f5db6e56b8facc3edc9f4e0abcb50dc585775b4db801b7af4197a70eac518ac20ac8f1a7688a2b71ca717bd0b38a99c9482f690fba48a1e62b33c131b5235296425dbe384df3424804861061ee0a47628855dd8c6daa382feef036c91e25681efe92b07d37f1fb4bfcba7d3701b698843334ed048e338e1e52f7aab2b87dd726fe4a75fb9e23ea40eb71bf6d32daa269e15a3d5b5c2"], 0x40}, 0x1, 0x0, 0x0, 0x45054}, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000900)=ANY=[@ANYBLOB="e765ac00", @ANYRES16=r8, @ANYRESOCT=r1, @ANYRESDEC=r6, @ANYBLOB="0c009900050000006800000008000500010000001c00e700c4527301e2f42754a406010000003cd3cc81c057455fe4641c00e700b30edf44e7d92ba9e6d4d2e83f7487821209848c3d4632e5e6ca34aef1423f389ff83b92d63114001780040001000400010004000300040005000400cc00180017800400050004000200a204968fec82136063dfc2648d0400030004000400040004001800178004000200040001000400040004000600040003000d5550"], 0xb0}, 0x1, 0x0, 0x0, 0x4001}, 0x4000050)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r0, 0xc03064ca, &(0x7f0000000280)={&(0x7f0000000180)=[0x0, r1, 0x0, r2], &(0x7f00000001c0)=[0x2, 0x5, 0x4, 0x401, 0x9, 0x7, 0x3], 0xfffffffffffffff8, 0x4, 0x7})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000340)={0x0, 0x2})
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r10, &(0x7f0000000240)={0xa, 0x4e1f, 0x0, @empty, 0x400000}, 0x1c)
listen(r10, 0x40000049)
r11 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r11, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
accept4$inet6(r10, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev}, 0x0, 0x0)

2.923677245s ago: executing program 4 (id=4929):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x2}, 0x20)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00')
preadv(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/51, 0x33}], 0x1, 0x0, 0x0)

2.857372381s ago: executing program 1 (id=4930):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000200", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000200)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
syz_emit_ethernet(0x15, &(0x7f0000000e00)={@broadcast, @local, @val={@void, {0x8100, 0x4, 0x1, 0x1}}, {@mpls_uc={0x8847, {[], @llc={@llc={0xdc, 0x80, "1d"}}}}}}, 0x0)

2.726023367s ago: executing program 4 (id=4931):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001a14e8d6dcd5f938ccd35761f0c108250dd4fbdc05f814446beda9a4500000000c635d589d7dfc135c80904aa0fca1af780308562"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$kcm(r1, &(0x7f0000000600)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x1, @multicast1}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000000c0)='~', 0x1}], 0x1}, 0x48000)
sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x40)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000a00)={0x34, &(0x7f00000006c0)=ANY=[@ANYBLOB="400a01000000dd"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES8=0x0, @ANYBLOB="0507000000000000000001000000040003000400018028000280"], 0x44}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f00000003c0)={0x7, {{0x2, 0x0, @empty}}}, 0x88)
setsockopt$inet_group_source_req(r4, 0x0, 0x2f, &(0x7f0000000240)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108)
r5 = socket(0x18, 0x2, 0x9)
r6 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0x8)
accept4(r6, 0x0, 0x0, 0x0)
sendto$inet(r5, 0x0, 0x6, 0x20008010, 0x0, 0xffffffffffffff0a)
r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
ioctl$VIDIOC_STREAMON(r7, 0x40045612, &(0x7f0000000040)=0x10000)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000380)={0x0, 0x1f, "85eec59b53623f0964fd2bcbba9e0421a600eae0e49ff20d7c3d63a07d58ce"}, &(0x7f0000000100)=0x27)

2.566074269s ago: executing program 1 (id=4932):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES64, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)

2.471291463s ago: executing program 5 (id=4933):
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x560f, &(0x7f0000000000)={0x1, 0x1, 0x1e, 0x1e, 0x2, 0x0})
ioctl$TCFLSH(r2, 0x40384708, 0x20000000)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000000)=ANY=[@ANYBLOB="f8000000160001040000000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000000e00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff0200000000000000000000000000010000000033000000ac1414bb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000ffff0104"], 0xf8}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
connect$pppl2tp(r4, 0x0, 0x0)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r6, {0xffe0}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r7 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x82440)
ioctl$NBD_SET_BLKSIZE(r7, 0xab01, 0x1)

1.893624879s ago: executing program 1 (id=4934):
syz_clone3(&(0x7f0000000040)={0x200126000, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = accept$unix(r1, &(0x7f0000000300)=@abs, &(0x7f0000000380)=0x6e)
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
fcntl$getflags(r4, 0x408)
clock_settime(0x0, &(0x7f0000003c80)={0x77359400})
ustat(0xfffffffeffffffff, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003700)=ANY=[@ANYBLOB="4400000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000024001280090001007866726d0000000014000280040003"], 0x44}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYRES64=r6], 0x7c}}, 0x4840)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ustat(0xffc, &(0x7f0000000580))
r8 = fsmount(r4, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$VHOST_SET_VRING_CALL(r8, 0x4008af21, &(0x7f0000000400)={0x0, r8})
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @time={0x5, 0x6}, {}, {0xfc}, @note={0x1, 0x6, 0x9, 0x4, 0x3}}], 0x1c)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r7, 0x4040534e, &(0x7f0000000140)={0x16f, @time={0xd511}})

1.769984847s ago: executing program 5 (id=4935):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='cpuset.mem_exclusive\x00', 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7136, 0x8001, 0x7ff, 0x8146, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3, 0x0, @value, @void, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000280), 0x84, r4}, 0x38)
sendmsg$key(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="021209020a0000002bbd7000fddbdf250800120004000400000000000000008006003200040400000300000000000000200100"/80], 0x50}}, 0x2000c800)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f34", @ANYBLOB, @ANYBLOB], 0x30}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)
r5 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0x3fc}})
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xa1825800}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x4c, 0x0, 0x4, 0x70bd2c, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0xe23}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000080}, 0x4040800)

1.769482172s ago: executing program 6 (id=4936):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x11, &(0x7f00000010c0)=ANY=[@ANYBLOB="180000000500865ee3d37f39860084227b5de0f9", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000009100000095420c00ffffffffbf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000000200000008000300", @ANYBLOB], 0x48}}, 0x0)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000001040)={0x8, 0x8f}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r3 = getpid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r5)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
pipe2$watch_queue(&(0x7f00000002c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80)
r9 = add_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r8, 0x5760, 0x19)
keyctl$KEYCTL_WATCH_KEY(0x20, r9, r8, 0x0)
prlimit64(r3, 0x0, &(0x7f0000000240)={0x8, 0x2d}, &(0x7f0000000280))
keyctl$KEYCTL_WATCH_KEY(0x15, r9, r7, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x12)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000200)={'geneve1\x00', <r11=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x34, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x2}, 0x0)

1.191040416s ago: executing program 2 (id=4937):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001240)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b8, 0x1b0, 0xc8, 0x8, 0x0, 0x5803, 0x310, 0x2e8, 0x2e8, 0x310, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1b0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67442c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2}}, @common=@inet=@socket1={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@remote, @mcast2, [], [], 'macvtap0\x00', 'syzkaller1\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x180, 0x104)
fstatfs(0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
fanotify_init(0x0, 0x0)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r6, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x100000000000000}], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESHEX, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='tlb_flush\x00', r7, 0x0, 0xfffffffffffffffd}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x80, &(0x7f0000000240), 0x200000, 0x4)
mremap(&(0x7f0000000000/0x9000)=nil, 0x200003, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
listen(r2, 0x8)

1.08289976s ago: executing program 5 (id=4938):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x1)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='cpuset.mem_exclusive\x00', 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7136, 0x8001, 0x7ff, 0x8146, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x3, 0x0, @value, @void, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000280), 0x84, r3}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="021209020a0000002bbd7000fddbdf250800120004000400000000000000008006003200040400000300000000000000200100"/80], 0x50}}, 0x2000c800)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r4, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000dc0)=[@authinfo={0x18, 0x84, 0x6, {0x8}}], 0x18, 0x200000c1}], 0x1, 0x4048880)
syz_emit_vhci(0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)

938.693317ms ago: executing program 2 (id=4939):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)

885.42254ms ago: executing program 6 (id=4940):
mkdir(0x0, 0x0)
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x11, 0x0, 0x20040001, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x5}})
r1 = socket$alg(0x26, 0x5, 0x0)
sendto$inet6(r0, &(0x7f0000001bc0)="88b1fb10424a025379f6e391348acab2685755cb399359f90e022edf8b6461bd2012077e77d38e51bb84f96e1ffcd9025d29dd82b864fac0a50e8f072c35f95a4efb6f876f65d17d1f4e62650418c4970017c1cfff297ad0e6837da1d715e2aaf488b3e60914be48c39580b127a64f6e031199ef87db6cc1307a5731b6b9937641", 0x81, 0x10, &(0x7f0000000240)={0xa, 0x4e21, 0x6e78, @dev={0xfe, 0x80, '\x00', 0x2e}}, 0x1c)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000040)="8db4c6d3916872c4d26e8e39f30e9ce9ab2f204389cf53c6", 0x18)
r2 = accept$alg(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000009040), 0x0, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=inte'])
chdir(&(0x7f0000000140)='./file0\x00')
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r4 = open(0x0, 0x14927e, 0x0)
fallocate(r4, 0x1, 0x6, 0x1001f0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

689.50866ms ago: executing program 2 (id=4941):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00')
preadv(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/51, 0x33}], 0x1, 0x0, 0x0)

315.182139ms ago: executing program 2 (id=4942):
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200000200", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000200)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c)
syz_emit_ethernet(0x15, &(0x7f0000000e00)={@broadcast, @local, @val={@void, {0x8100, 0x4, 0x1, 0x1}}, {@mpls_uc={0x8847, {[], @llc={@llc={0xdc, 0x80, "1d"}}}}}}, 0x0)

307.553368ms ago: executing program 5 (id=4943):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
syz_open_dev$sndmidi(&(0x7f0000000080), 0x7, 0x149481)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
pselect6(0x40, &(0x7f0000000600)={0x0, 0x3}, 0x0, &(0x7f0000000240)={0x7ff, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdc59}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58)
r2 = accept$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000025c0)="866b3d570029a5e6", 0x8)
sendmmsg$alg(r2, &(0x7f0000000580)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000140)="c5", 0x1}], 0x1}], 0x1, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
timerfd_create(0x8, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0xfffffffffffffd87)

209.631866ms ago: executing program 6 (id=4944):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES64, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0)

74.203192ms ago: executing program 6 (id=4945):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet(0x2, 0x80001, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240))
socket$inet_smc(0x2b, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e0000", @ANYRES32, @ANYBLOB="080004"], 0x4c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4affeeaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r3, @ANYRES32=r3], 0x44}}, 0x0)

0s ago: executing program 2 (id=4946):
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x208000, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
r1 = syz_clone(0x20000000, &(0x7f0000000040)="6b5e2934c0600964154fccd1920f403dce5a43fd8e44a13ea61638ffce34dc0fa86b532b917b0e4186f3ee31ab78f8b286c9c914b286f469c8d4e97aae46d054ade93ed2af9ffe85ec7eb1162b63d1a6939f68c39feb0ca1adfd9cc5ccdb8dcc72f4c72ef538dc13797f115c99f325f97374118c1ce3410f0d2337ec58197f5a1ae838db47fa", 0x86, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)="3756cd7cab32e7fc038f6ed259b0de")
fcntl$lock(r0, 0x21, &(0x7f00000001c0)={0x0, 0x2, 0x0, 0xff, r1})
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc216, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x2, 0x0, 0x89, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x1, 0x1, 0xff, {0x9, 0x21, 0x5, 0xb5, 0x1, {0x22, 0x49}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0xf3, 0xe}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x47, 0x9, 0x4}}]}}}]}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x110, 0xff, 0x80, 0x49, 0xdf, 0x7}, 0xe0, &(0x7f0000000280)={0x5, 0xf, 0xe0, 0x5, [@wireless={0xb, 0x10, 0x1, 0x2, 0x84, 0x1, 0xa, 0x8000, 0xa0}, @generic={0xa1, 0x10, 0xb, "9592d91203688ffc4b7d76301edeaa8bb450ad8d04d2ff54b4a9738b9eeecec56879f7015a4892c1893800c584e6d13b428fb022d65928f763c108e01e693b823e9293108dd4718ffacc11b9c97acc0f6d3b0e42d895426a5ec09d789bdca622e5eaf8c60c727634c255939262eb0efe50b659f7783ba09064da2761c6852933f395ee98d0b3acef72205f85f92e09dd9f9a3ffbfc7208d31a117c2b4046"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0xe, 0x9, 0xfffb}, @ssp_cap={0x14, 0x10, 0xa, 0x10, 0x2, 0xd, 0x0, 0x7, [0xffcf, 0x30]}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "487dc63fba4f582e7aa1b77de7947298"}]}, 0x4, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0xc07}}, {0xb2, &(0x7f00000003c0)=@string={0xb2, 0x3, "9a943014dc5247715143d8a967b151cecffb1d74b50b5c5ba1e0b47f339871681853957f2d4cec6a8b355585cdcc3c59ef7e70ddd8fe65e297dc83d51c4ace3a8480a44aef2b8c736e96ab136aa8bdaa6a41c7fec901d1998b196ef63edb24b13cb7707b2a568d6793864adb2c1c8f15577729bc1f4c6f08859a47172695cebe1eb8b591b417b84f80e2d031b13804bcfb178cf6c0542f42a0458304d18fd696b45097711b47be9c4bd9cc95fbc8ed03"}}, {0x64, &(0x7f0000000480)=@string={0x64, 0x3, "1c8cff21a3d54919032ce72624104f17cde7d44df13a78883ff961ab62cb52aeddd462d568c0186e2a6da06768d325a84ec3ff7f56e9be11da61023e41903246dab18c45c416d80b74894cdb5dd8cc94410d66538df30ab8d30be1007f04b04d54db"}}, {0x30, &(0x7f0000000500)=@string={0x30, 0x3, "de0c97ddbf1cc2bf1c92662eeda69572e4f9f90b00332a99daecb172125df0fe7edb951b5929c575b08212e9e03e"}}]})
syz_usb_control_io$hid(r2, &(0x7f0000000740)={0x24, &(0x7f00000005c0)={0x40, 0x22, 0x97, {0x97, 0x9, "a8ae7bfaa50828e172e6dd738d86ea39a673c93e30d85bb0420f6af91cf6e08b88a423bedd184e583cada3f187b29835bd1e714e8d327f2699d3faf099f6e113f35e0622c8fe890dd156708c649d7eaf875c9913f9345651c8334ec26aa38643a0d90771fdb059226a12d12b8b4fd8fdcdc255a4bc4b014c72159df61bc7e2dfd3483bebe8d3cbc2514cdde7b2026fa7bc15e13341"}}, &(0x7f0000000680)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x6446}}, &(0x7f00000006c0)={0x0, 0x22, 0x10, {[@local=@item_012={0x2, 0x2, 0x5, "79d8"}, @global=@item_012={0x1, 0x1, 0x4, "11"}, @global=@item_012={0x2, 0x1, 0x5, "6dea"}, @global=@item_4={0x3, 0x1, 0x4, "02a716b8"}, @local=@item_012={0x2, 0x2, 0x5, "0dcd"}]}}, &(0x7f0000000700)={0x0, 0x21, 0x9, {0x9, 0x21, 0x157e, 0x4, 0x1, {0x22, 0x31d}}}}, &(0x7f0000000980)={0x2c, &(0x7f0000000780)={0x40, 0x1a, 0x54, "f10f5fccc97403465528f139ce2e669eb8da0c3aa6492cf1306f5b5663a72b361056716018cd97be3515ac09d31f8e1b0bd968408911b2247189fe8763078c8d265e06c3cd3340510b9b574226f0b7eda6c637be"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000840)={0x0, 0x8, 0x1, 0xe}, &(0x7f0000000880)={0x20, 0x1, 0xa8, "87542882df8a5e413311ea1f15f3582462da04b7dd272d55459caab31184813fa8e4eb58b811a10d2a5347f3ab8da4b7c9f60b10571aadad0949c073c4f17b7b6102dc3462aa16ea9926fd8bc3d8938e124d89276e29d1b50c3e4f440e50c39dabb8e5a84daa43d0bfbd1611f9d56d4d4ae6d5cdbe07671c26c98941ef5e870f0c68f4b6789451743eb4ef75b6c26156eb1ae972414c30818f77e6cca26c1903cfbd6ef5630dab6d"}, &(0x7f0000000940)={0x20, 0x3, 0x1, 0x3}})
r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000009c0), 0x400600, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000a40), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000cc0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000a80)={0x1dc, r4, 0x314, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xf734}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x8c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xaa5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xf800}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0x48, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffff80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf0000000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7f}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xd24f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xfffffffb}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER={0x64, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf93}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa8}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x1dc}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000800)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r3, 0xf502, 0x0)
lsm_get_self_attr(0x64, &(0x7f0000000d00)={0x0, 0x0, 0xa1, 0x81, ""/129}, &(0x7f0000000dc0)=0xa1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x5, &(0x7f0000000e00))
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_GET(r5, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e80)={0x44, r4, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x80)
preadv(r5, &(0x7f00000012c0)=[{&(0x7f0000000f80)=""/203, 0xcb}, {&(0x7f0000001080)}, {&(0x7f00000010c0)=""/141, 0x8d}, {&(0x7f0000001180)=""/232, 0xe8}, {&(0x7f0000001280)=""/33, 0x21}], 0x5, 0x7, 0x3)
syz_usb_control_io$hid(r2, &(0x7f0000001440)={0x24, &(0x7f0000001340)={0x40, 0x21, 0x23, {0x23, 0x22, "779d73e723ac88633860ed7a1eca900e678f14568c899aae40f1c81b59e8e9dd3d"}}, &(0x7f0000001380)={0x0, 0x3, 0x18, @string={0x18, 0x3, "a214656e4166ba0cfff0a517756d5d5d6d68acc06f3c"}}, &(0x7f00000013c0)={0x0, 0x22, 0x13, {[@global=@item_012={0x0, 0x1, 0xb}, @local=@item_012={0x1, 0x2, 0x9, '+'}, @local=@item_012={0x1, 0x2, 0x8, "92"}, @main=@item_4={0x3, 0x0, 0xc, "30f832ad"}, @local=@item_4={0x3, 0x2, 0x5, "82edc01d"}, @main=@item_012={0x0, 0x0, 0xb}, @global=@item_012={0x2, 0x1, 0x6, '\tD'}]}}, &(0x7f0000001400)={0x0, 0x21, 0x9, {0x9, 0x21, 0xdf, 0xa, 0x1, {0x22, 0xe90}}}}, &(0x7f0000001740)={0x2c, &(0x7f0000001480)={0x0, 0x13, 0xc3, "92ecbc4e507686cd839cc89fa4deafb7ff83420fc2cc23c2d34598807184c9ac9145faf57efb5a683d54db02ade54cd30e2670e852d0ecbeb679162508b0f00caeaba758230076f9eaa69ee97a934bf6a37eaa09af38de68974a5fd683580b33e78d0a350c54f50a05004f42b97168e63ed9974bfb0aa65feeb8e0a015412ae3c771a60799130025469a529a7c2dc9bed35b0c68a5c7e5c4e77209a132375b2de1dd3a058e46aceeefd344b132de1b138d8f0db45de0a19fa04fb3fa6166efecdc2058"}, &(0x7f0000001580)={0x0, 0xa, 0x1, 0xe}, &(0x7f00000015c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000001600)={0x20, 0x1, 0xd0, "37b329a19417a99a486d5f01e2675a2984493e263867bb213ce90d85b4dbca9518dbdbc0342789c825921ba7b8ffa77ab170c0db99e72886adb0e7ead399d01975563e08304c2141cd68b89c1d903387188fcb2d64765267d86ffe81b006f00e17ebf5f0f75a9a4f605aa2e6ad5447d70ae6fe7e2f3283ac563d5ae2a9797717248c09bb1724f43ab6c4f783dc445f50fe8fa57e1a64dd346bf4ee9833767e8b0dbd72fdf2e8660c846913f67afe24d5cff3cb3910efeb1b183bb1fae6d60141b3d3c8f9b8f07c850d471fc6ac6438bd"}, &(0x7f0000001700)={0x20, 0x3, 0x1, 0x9}})
r6 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000001780)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x4da, 0x104d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x50, 0x0, 0x5, [{{0x9, 0x4, 0x0, 0xd1, 0x1, 0x3, 0x1, 0x1, 0x5, {0x9, 0x21, 0x1, 0x9, 0x1, {0x22, 0xab6}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0xc, 0x7f, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x9, 0x1, 0x81}}]}}}]}}]}}, &(0x7f0000001b80)={0xa, &(0x7f00000017c0)={0xa, 0x6, 0x200, 0x2, 0x5, 0x1, 0x40}, 0x30, &(0x7f0000001800)={0x5, 0xf, 0x30, 0x3, [@ssp_cap={0x10, 0x10, 0xa, 0x5, 0x1, 0xfff, 0xf07, 0xffff, [0xff00cf]}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "676250f5c28ea9444f36f79c0c25ea5d"}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x8, 0x4, 0x9}]}, 0x5, [{0xdc, &(0x7f0000001840)=@string={0xdc, 0x3, "bc5c1f3a96175ed1ac9ab85057462780ac09016514b109fdc1229b9a4dde0282f9382dcbb50e6f2bc5bc5346de2d932e7ee23a874fea0ac7df956f3c13debe3e4c507384d042cf4d11fa6a28aaf9e0bec30081beeba55849e3149a39c5fd2e87579b07a5413cf70b4c531fc194736cf4d1e47cda3fb7e5551b6d4271e9babc76e1293621a5650bacb6aca98e81be1f7ea2233cd148192eae1cc07a1490241f450ad5f7e2623d762a40363efa12147ca7dda2e06f113f44dcf940f1a6f7963ba20ae00bfa731fbb3feec7616902aed1fd99363b82370d64dc67f3"}}, {0xa7, &(0x7f0000001940)=@string={0xa7, 0x3, "a6fc3e258eaf395adbc10dd977d3e24dd9660794d619561f8fc168d5928cdc20d4c987c7e2d00612004110818290969c187074efd39dc6a4d5d0ce9f821e5cdcb03a772707263be4a5d436d11187b5661ab37ce00f2f0d68e137247dacd0cbeb75b3f42b46724479b8dd1b6a433bb2bdb38e5252da36ed96e969b720993fe844671029de1929208a77c205dd4c37116530f50d1ab7021447bb190cf8b5208c051ef222f08d"}}, {0x4, &(0x7f0000001a00)=@lang_id={0x4, 0x3, 0x441}}, {0xe1, &(0x7f0000001a40)=@string={0xe1, 0x3, "d5f9262eae5f6a3244058732d22d23c4532cf48ff2abb10188f25cf2945b2410532b9f9af3557622f8d497744929011e554723146dfb8b60a13cb91d07c28f64f50d758270d05dedbce1b02f81c227e39e73ca3f5d9fe93cd50a69f02ff2bb21fe6d59c4f4790d1ab5a3bf7819de65dd9fa241a8aea68ca107f4109f67ed8b5b5fc68e97444db2e9fb7bd3632c261c58f195b39ea50718c917ad1ad097a694186bb6352874de89571bfe724e1986080923c18b04101e1e0a31c5159fa6bc1f17df9def605166e15be3e00b1ffbcdcb745f339a70eb728c704d4b6796036f70"}}, {0x4, &(0x7f0000001b40)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_control_io$hid(r6, &(0x7f0000001e40)={0x24, &(0x7f0000001c00)={0x0, 0xc, 0xfb, {0xfb, 0x10, "e66c11837280d6603f934e20339cd45c77dd890a098e9d2bf263c89437737f22e43a751353992c3c56cebd33ebb89074699da6e03b40072e95ea0e82b2f635fafbb85ff0e0e4c768ea9592c13bf5f8e9d6cb178692d58b4a33781fb18357aba6f20253c78d67db2b50a8a1bef16d629a71315504b885b0a9074b451db3639aeb5b6f582bce00af57d978f21c491e4b8f169de14bd00ae0599382f19a68987850482509b7bac22b8d901f06c2924dd5e08a50d67b8982c4b918d90f12b2734d038dc3b2f7bf8028905aeb57fc289299e7387429c0877e743948fc37b46676273336e76ee4211ba07e5d621077a30f5fbe105314221b3535868e"}}, &(0x7f0000001d40)={0x0, 0x3, 0x65, @string={0x65, 0x3, "3a21517f1180ffbe0af6282dff30c7640a3e6af3d5f2bb96fe83300b7fc4d328c71bcebc5642e724f8e066a4217c228ac55958d1d15e7c0ab9c67c3e1224441597a99d8a271ea2411d5365a7503e77c011edfd0fff1a0aecdd7d89779bb0b45de58688"}}, &(0x7f0000001dc0)={0x0, 0x22, 0xe, {[@main=@item_012={0x1, 0x0, 0xc, "e0"}, @main=@item_4={0x3, 0x0, 0x8, "95ffefa4"}, @global=@item_012={0x1, 0x1, 0x0, "b2"}, @main=@item_012={0x2, 0x0, 0xb, "a6b8"}, @global=@item_012={0x0, 0x1, 0x7}, @main=@item_012={0x0, 0x0, 0xb}]}}, &(0x7f0000001e00)={0x0, 0x21, 0x9, {0x9, 0x21, 0xb, 0x9, 0x1, {0x22, 0xe4a}}}}, &(0x7f0000002100)={0x2c, &(0x7f0000001e80)={0x40, 0x16, 0xe8, "be1c605a3f6bb8747fda174768d6a6ed5b1e42667170d85f8d6ef98d98a5d63925893f683960ef6b0095a7c2c64baac4da1c326342484d42bdd64ff7c4164916788827002ef3b3dcca9ff983025ebf1ac4796c7d84cf184512004cee8a35d88328489cb9eb9261531e9a10a86e24248ea877b29c6161e3f2c454c6d8bbec0dfd52c9a61d39f580792ab6024ed7385e3fdbd678b4ae5787e295ed7bbb3768a6fbf75a0e93719be04d1c10d897cf4d88b95d6312e016552b787e3ffc9caab85f549b504e4a5b74269cebcdacd8c04fdd5882b142d960f2fe7b76c0c8dd29dbeda1b4c96d4423d36780"}, &(0x7f0000001f80)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000001fc0)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000002000)={0x20, 0x1, 0x7e, "00e8dc3a14bec87f5bd890cc9421c267d5fa13ed843e658a5ef0726412c41c627bcb2035facb709248ca766d35711f3038056016d6b6f1654fc36a8b39444048ff8286422a5ec4fb0c0026e91d0473dbd2dcdd118a12eb29a0c85ea389b0b76df5a3ae0b3676acc3a7872b643d04f7a89ffd5749171dcec0bb9d715d4069"}, &(0x7f00000020c0)={0x20, 0x3, 0x1}})
io_uring_register$IORING_REGISTER_CLOCK(r3, 0x1d, &(0x7f0000002140)={0x5}, 0x0)
bind$vsock_stream(r3, &(0x7f0000002180)={0x28, 0x0, 0x2710}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000002380)={'team0\x00', <r7=>0x0})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, &(0x7f0000002440)={{0x1, 0x1, 0x18, <r8=>r5, {0x5}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x15, 0xf, &(0x7f00000021c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xc99a8ca483cf77b7}}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @ldst={0x0, 0x1, 0x3, 0x11, 0x0, 0x10, 0x8}]}, &(0x7f0000002240)='syzkaller\x00', 0x2, 0xcd, &(0x7f0000002280)=""/205, 0x41100, 0x0, '\x00', r7, @fallback=0x2d, 0xffffffffffffffff, 0x8, &(0x7f00000023c0)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000002400)={0x0, 0x9, 0x6, 0x5}, 0x10, 0xffffffffffffffff, r8, 0x8, &(0x7f0000002480)=[r3, r3, 0xffffffffffffffff], &(0x7f00000024c0)=[{0x0, 0x2, 0xf, 0x7}, {0x2, 0x3, 0xc, 0x2}, {0x0, 0x4, 0x1, 0x6}, {0x2, 0x3, 0x0, 0xa}, {0x4, 0x1, 0x5, 0x8}, {0x4, 0x3, 0xb, 0x8}, {0x2, 0x1, 0x0, 0x5}, {0x2, 0x4, 0x1, 0x8}], 0x10, 0x9, @void, @value}, 0x94)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_usb_connect$cdc_ecm(0x3, 0x5e, &(0x7f0000002600)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4c, 0x1, 0x1, 0x3, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x7, 0x3, 0x2, 0x6, 0x0, 0x4, {{0x8, 0x24, 0x6, 0x0, 0x0, "08f7d5"}, {0x5, 0x24, 0x0, 0xae}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x1, 0x7f, 0x4}, [@obex={0x5, 0x24, 0x15, 0x5}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0x1, 0x9, 0xcb}}], {{0x9, 0x5, 0x82, 0x2, 0x10, 0xfb, 0x5, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x4, 0x4, 0xc}}}}}]}}]}}, &(0x7f0000002980)={0xa, &(0x7f0000002680)={0xa, 0x6, 0x110, 0x0, 0x9c, 0x2, 0x10, 0xc}, 0x170, &(0x7f00000026c0)={0x5, 0xf, 0x170, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0xf8, 0xad, 0xdba}, @generic={0x6c, 0x10, 0x1, "14953140eb5ad63af769fc17712357851a2a10c470bb8919f203dd6d2305dcb65234a391b85418d8910a2a5c45f22bb6aeddbf93081ec277456d308667d50f49dfbe6670a9c3ed034eecf8ef77a8aaac56b87b4f00ae7d5c9da5e50bbf6fedc82e7bb36bb61934940b"}, @ss_container_id={0x14, 0x10, 0x4, 0x98, "e2aba24d846bef8f614dffc0aec1372b"}, @generic={0xc9, 0x10, 0x0, "8fb7eca565d63e491d1459a47c3baf69659a8e335b45422ab0805878451c59ef373dc775ec751b6bd8af18c2f4e8ccaeec6df8b4f5a5f5b02e42a78f00e719a3eab8057f0c4e727f44589e74936cc7843e1d2ed8eed41fea46192c8464b7998b32316b27b49c08aef6ea81657cc54627dfeb7ca1fd23a98a82b29acde917120b5e0439afeb8f544fb9619eb950b85da86f2a29bf38922be04e08f7ebcbdcbff6dd5709353483928e148f225ae41d2b2103441c1f1d95e822f5196d24d0a82ab14e0cc8a0201c"}, @generic={0x15, 0x10, 0x2, "5a0e6d6a1e371207f1602d668211475e1fc4"}, @ptm_cap={0x3}]}, 0x2, [{0xea, &(0x7f0000002840)=@string={0xea, 0x3, "a6ca7c452d14da9484feb33e289982efe7e3b2131783ae0b90694e42fe0d1f5718d1cf2a716ecd019a606e6f0c925d195d7d391b8d2d2f33c0b7603a4f455af62753570368eb145bcd022b762d49029f4e4b294c09595b4af47eab328ace7419080b20edb7f803d788e2389bd4e1b8abae5703e0a4964664c0a7694b047b26efa69484ff27a9bf2a9a1172e3caaa9d14b8cb7ac33868b6a41a5af25ce723be428a1f7f9d352a3615206ef041e4857d503ffb9276f57bafd636eb508afcc427072399e0bf0c09883ba9242f348a51b386d7352f2168cc2753f29b88e3e4d306205f97381dc4295d93"}}, {0x4, &(0x7f0000002940)=@lang_id={0x4, 0x3, 0x184c}}]})
syz_usb_control_io$cdc_ecm(r10, &(0x7f0000002ac0)={0x14, &(0x7f00000029c0)={0x20, 0x8, 0xb1, {0xb1, 0xd, "0c2b3962fc3276126b9933eb495c359a46ec6b9eaf5af930545030cda777ba31d9fbf478c1efb5180d56fe157f4278ee5e711cee9250e517b63fb3d1d8cd3aca0a89ccd8a5c320a93c0d8871dabf0d1d9c801f219226665f63ccb0ef35bd0cf8aca7dfb5e40d0c7f8a8f22da3f36f33042e3019d189a24403ab7f6f4cb6c5c8420d1f6ce2542f77e60c068195715dd786cc51819d24f3a59b720b880917b92862d50825207c7ea11dcc9b4f2b86126"}}, &(0x7f0000002a80)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000002c80)={0x1c, &(0x7f0000002b00)={0x40, 0x15, 0xc9, "5431ea88e7775a74087f63ea9946f269b30d4370c022c7db569a5c3feebc35ce20b087e5926e7bd1860585e2f7b0abe249d2ebae40709ff43740caae3af1846bbdf09d86ccf07975824f9ec608e70d7f0a1c89ede8ea303f543bab46ee2cc1ffd97e8f7f63188da2f377184ee93853c2c0e5df028225a5c7cdb855392a820e0d5b80d1c8fbcc2b5bfd6e1c2abd3013fe3e4f4b1169a9912bb252038af3b353ee20ec21f830041ed4d04f00e252b394a249d490a7b7374804270c1a9ee1a7f4aa6aa762fe437d610b87"}, &(0x7f0000002c00)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000002c40)={0x0, 0x8, 0x1, 0x66}})
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002d00), r3)
sendmsg$NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000002dc0)={&(0x7f0000002cc0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000002d80)={&(0x7f0000002d40)={0x14, r11, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
r12 = socket$inet6(0xa, 0xa, 0x2)
ioctl$FICLONE(r9, 0x40049409, r12)

kernel console output (not intermixed with test programs):

 overrun
[ 1476.530070][   T29] audit: type=1326 audit(1733995456.189:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21579 comm="syz.1.4347" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x0
[ 1476.552983][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1476.939884][T21593] syz.0.4352 (21593): drop_caches: 2
[ 1476.947772][T21595] /dev/nbd4: Can't open blockdev
[ 1477.108619][T21601] syz.0.4354: attempt to access beyond end of device
[ 1477.108619][T21601] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1477.156694][T16640] Bluetooth: hci5: unexpected event for opcode 0x2039
[ 1477.367658][   T29] audit: type=1400 audit(1733995457.079:1893): avc:  denied  { create } for  pid=21596 comm="syz.3.4356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1477.684400][   T29] audit: type=1400 audit(1733995457.309:1894): avc:  denied  { setopt } for  pid=21609 comm="syz.2.4360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1477.810547][T21617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4360'.
[ 1477.832906][T21617] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4360'.
[ 1478.055465][   T29] audit: type=1400 audit(1733995457.769:1895): avc:  denied  { connect } for  pid=21609 comm="syz.2.4360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1478.689262][ T5920] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1478.905548][T21622] binder: BINDER_SET_CONTEXT_MGR already set
[ 1478.911550][T21622] binder: 21620:21622 ioctl 4018620d 20004a80 returned -16
[ 1479.136924][ T5920] usb 2-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[ 1479.149150][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1479.985979][ T5920] usb 2-1: config 0 descriptor??
[ 1480.060627][T21633] syz.4.4364: attempt to access beyond end of device
[ 1480.060627][T21633] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1480.570269][ T5920] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1480.584480][ T5920] asix 2-1:0.0: probe with driver asix failed with error -71
[ 1480.597694][ T5920] usb 2-1: USB disconnect, device number 120
[ 1480.791361][T21639] syz.0.4365 (21639): drop_caches: 2
[ 1481.195444][T16640] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 1481.204755][T16640] Bluetooth: hci5: Injecting HCI hardware error event
[ 1481.217275][T16640] Bluetooth: hci5: hardware error 0x00
[ 1481.939283][T21661] netlink: 'syz.1.4371': attribute type 1 has an invalid length.
[ 1482.014502][   T29] audit: type=1400 audit(1733995461.629:1896): avc:  denied  { execute } for  pid=21655 comm="syz.1.4371" dev="tmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1482.437513][T21661] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1482.523181][   T29] audit: type=1400 audit(1733995461.629:1897): avc:  denied  { execute_no_trans } for  pid=21655 comm="syz.1.4371" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1482.786764][   T29] audit: type=1400 audit(1733995462.459:1898): avc:  denied  { read } for  pid=21646 comm="syz.0.4368" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1482.929990][   T29] audit: type=1400 audit(1733995462.459:1899): avc:  denied  { open } for  pid=21646 comm="syz.0.4368" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1483.056183][T21670] /dev/nbd4: Can't open blockdev
[ 1483.803453][T16640] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 1483.871646][T21649] No control pipe specified
[ 1484.258811][T21681] syz.2.4378 (21681): drop_caches: 2
[ 1484.629857][T21688] syz.0.4377: attempt to access beyond end of device
[ 1484.629857][T21688] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0
[ 1484.643120][T21688] syz.0.4377: attempt to access beyond end of device
[ 1484.643120][T21688] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1484.656479][T21688] syz.0.4377: attempt to access beyond end of device
[ 1484.656479][T21688] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1484.672892][T21688] syz.0.4377: attempt to access beyond end of device
[ 1484.672892][T21688] nbd0: rw=0, sector=18, nr_sectors = 2 limit=0
[ 1484.687185][T21688] syz.0.4377: attempt to access beyond end of device
[ 1484.687185][T21688] nbd0: rw=0, sector=30, nr_sectors = 2 limit=0
[ 1484.701230][T21688] syz.0.4377: attempt to access beyond end of device
[ 1484.701230][T21688] nbd0: rw=0, sector=36, nr_sectors = 2 limit=0
[ 1484.714342][T21688] VFS: unable to find oldfs superblock on device nbd0
[ 1485.575248][   T29] audit: type=1400 audit(1733995465.289:1900): avc:  denied  { create } for  pid=21690 comm="syz.0.4381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1485.644111][   T29] audit: type=1400 audit(1733995465.309:1901): avc:  denied  { setopt } for  pid=21690 comm="syz.0.4381" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1485.833365][ T5867] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 1485.893662][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[ 1486.056773][   T29] audit: type=1400 audit(1733995465.769:1902): avc:  denied  { getopt } for  pid=21702 comm="syz.4.4384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1486.078421][ T5867] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[ 1486.087277][ T5867] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1486.097480][ T5867] usb 1-1: config 0 has no interface number 0
[ 1486.103668][ T5867] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[ 1486.114094][ T5867] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1486.132626][ T5867] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[ 1486.142348][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1486.151568][ T5867] usb 1-1: Product: syz
[ 1486.156288][ T5867] usb 1-1: Manufacturer: syz
[ 1486.160980][ T5867] usb 1-1: SerialNumber: syz
[ 1486.191572][ T5867] usb 1-1: config 0 descriptor??
[ 1486.499237][T21712] syz.2.4385: attempt to access beyond end of device
[ 1486.499237][T21712] nbd2: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1487.365656][T21719] overlayfs: overlapping lowerdir path
[ 1487.501604][T21720] bridge0: port 3(syz_tun) entered blocking state
[ 1487.511759][T21720] bridge0: port 3(syz_tun) entered disabled state
[ 1487.527822][T21720] syz_tun: entered allmulticast mode
[ 1487.559703][T21720] syz_tun: entered promiscuous mode
[ 1487.572099][T21720] bridge0: port 3(syz_tun) entered blocking state
[ 1487.578939][T21720] bridge0: port 3(syz_tun) entered forwarding state
[ 1487.802562][T21716] binder: BINDER_SET_CONTEXT_MGR already set
[ 1487.809620][T21716] binder: 21715:21716 ioctl 4018620d 20004a80 returned -16
[ 1487.980057][    T8] usb 1-1: USB disconnect, device number 116
[ 1488.326692][T21731] syz.2.4391 (21731): drop_caches: 2
[ 1489.237411][   T29] audit: type=1400 audit(1733995468.939:1903): avc:  denied  { watch watch_reads } for  pid=21741 comm="syz.1.4396" path="/231/file0" dev="tmpfs" ino=1263 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1489.367563][T21745] overlayfs: overlapping lowerdir path
[ 1489.383103][   T29] audit: type=1400 audit(1733995468.939:1904): avc:  denied  { create } for  pid=21741 comm="syz.1.4396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1489.444653][   T29] audit: type=1400 audit(1733995468.939:1905): avc:  denied  { setopt } for  pid=21741 comm="syz.1.4396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1489.802279][   T29] audit: type=1400 audit(1733995469.489:1906): avc:  denied  { map } for  pid=21756 comm="syz.1.4399" path="socket:[72445]" dev="sockfs" ino=72445 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1490.130705][T21762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4400'.
[ 1490.140631][T21762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4400'.
[ 1490.298904][T21759] syz.0.4400: attempt to access beyond end of device
[ 1490.298904][T21759] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0
[ 1490.312033][T21759] syz.0.4400: attempt to access beyond end of device
[ 1490.312033][T21759] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1490.325181][T21759] syz.0.4400: attempt to access beyond end of device
[ 1490.325181][T21759] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1490.338096][T21759] syz.0.4400: attempt to access beyond end of device
[ 1490.338096][T21759] nbd0: rw=0, sector=18, nr_sectors = 2 limit=0
[ 1490.351078][T21759] syz.0.4400: attempt to access beyond end of device
[ 1490.351078][T21759] nbd0: rw=0, sector=30, nr_sectors = 2 limit=0
[ 1490.364359][T21759] syz.0.4400: attempt to access beyond end of device
[ 1490.364359][T21759] nbd0: rw=0, sector=36, nr_sectors = 2 limit=0
[ 1490.378988][T21759] VFS: unable to find oldfs superblock on device nbd0
[ 1490.530238][   T29] audit: type=1400 audit(1733995470.239:1907): avc:  denied  { getopt } for  pid=21767 comm="syz.2.4403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1490.643318][   T29] audit: type=1400 audit(1733995470.339:1908): avc:  denied  { write } for  pid=21767 comm="syz.2.4403" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1491.035900][ T5913] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1491.188983][T21775] syz.0.4404 (21775): drop_caches: 2
[ 1491.323558][ T5913] usb 3-1: Using ep0 maxpacket: 32
[ 1491.374356][ T5913] usb 3-1: config 1 interface 0 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16
[ 1491.416540][ T5913] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1491.450766][ T5913] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1491.468650][T21777] binder_alloc: 21776: binder_alloc_buf size 72057594037927936 failed, no address space
[ 1491.479044][T21777] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[ 1491.533169][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1491.562583][ T5913] usb 3-1: Manufacturer: О
[ 1491.595486][ T5913] usb 3-1: SerialNumber: 熕൳⬸낗뼆鸯럩旑䵏ﬞ䝥Ѳ쵫胉쓍싇隰ᐢᗅ᥹㜁⽿⎓颁헄ᵑ됹ೆⰶ雚臭ࣙ䤁㿿曰훮穉쀢॔娭뽲ꔛ鋂콢薂襴胸ꫛ潊睘킺ង텒Ⓠ꯰涧䰶ʗꗾড়朇ꤛ襘䎪ಱϘ㑤і꓄뽶持䵨䃐漓꒨먡馃ᦞ겞忹蛝蚤識ꔯ睸㬘渴鋗෻⢺崲䡹顱㩈쬒嗮
[ 1491.754352][T21768] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1492.757159][ T5913] usb 3-1: USB disconnect, device number 68
[ 1492.884314][T21798] FAULT_INJECTION: forcing a failure.
[ 1492.884314][T21798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1492.913193][T21798] CPU: 1 UID: 0 PID: 21798 Comm: syz.0.4412 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1492.924019][T21798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1492.934095][T21798] Call Trace:
[ 1492.937399][T21798]  <TASK>
[ 1492.940325][T21798]  dump_stack_lvl+0x16c/0x1f0
[ 1492.945001][T21798]  should_fail_ex+0x497/0x5b0
[ 1492.949686][T21798]  _copy_from_user+0x2e/0xd0
[ 1492.954276][T21798]  video_usercopy+0xedb/0x1620
[ 1492.959198][T21798]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1492.964562][T21798]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1492.971412][T21798]  ? __pfx_video_usercopy+0x10/0x10
[ 1492.976622][T21798]  v4l2_ioctl+0x1ba/0x250
[ 1492.980987][T21798]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1492.985831][T21798]  __x64_sys_ioctl+0x190/0x200
[ 1492.990610][T21798]  do_syscall_64+0xcd/0x250
[ 1492.995145][T21798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1493.001040][T21798] RIP: 0033:0x7f977b17ff19
[ 1493.005456][T21798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1493.025069][T21798] RSP: 002b:00007f977bf5c058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1493.033489][T21798] RAX: ffffffffffffffda RBX: 00007f977b345fa0 RCX: 00007f977b17ff19
[ 1493.041462][T21798] RDX: 0000000020000200 RSI: 00000000c0d05640 RDI: 0000000000000003
[ 1493.049425][T21798] RBP: 00007f977bf5c0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1493.057398][T21798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1493.065370][T21798] R13: 0000000000000000 R14: 00007f977b345fa0 R15: 00007fffb6e06338
[ 1493.073357][T21798]  </TASK>
[ 1493.103258][   T29] audit: type=1400 audit(1733995472.799:1909): avc:  denied  { write } for  pid=5171 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1493.125025][   T29] audit: type=1400 audit(1733995472.799:1910): avc:  denied  { remove_name } for  pid=5171 comm="syslogd" name="messages" dev="tmpfs" ino=13 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1493.134186][    T8] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1493.180322][   T29] audit: type=1400 audit(1733995472.799:1911): avc:  denied  { rename } for  pid=5171 comm="syslogd" name="messages" dev="tmpfs" ino=13 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1493.269023][   T29] audit: type=1400 audit(1733995472.799:1912): avc:  denied  { add_name } for  pid=5171 comm="syslogd" name="messages.0" dev="tmpfs" ino=12 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1493.335683][    T8] usb 4-1: Using ep0 maxpacket: 8
[ 1493.356884][    T8] usb 4-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[ 1493.384067][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1493.412201][    T8] usb 4-1: Product: syz
[ 1493.428032][    T8] usb 4-1: Manufacturer: syz
[ 1493.432685][    T8] usb 4-1: SerialNumber: syz
[ 1493.938759][    T8] usb 4-1: config 0 descriptor??
[ 1493.965067][T21806] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4415'.
[ 1494.519130][T21811] overlayfs: overlapping lowerdir path
[ 1494.666971][   T29] kauditd_printk_skb: 3 callbacks suppressed
[ 1494.666988][   T29] audit: type=1400 audit(1733995474.379:1916): avc:  denied  { connect } for  pid=21799 comm="syz.0.4413" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1494.760148][T21814] syz.2.4417 (21814): drop_caches: 2
[ 1494.823565][   T29] audit: type=1400 audit(1733995474.419:1917): avc:  denied  { write } for  pid=21799 comm="syz.0.4413" laddr=fe80::a8aa:aaff:feaa:aa16 lport=58 faddr=ff02::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1494.906493][   T29] audit: type=1400 audit(1733995474.599:1918): avc:  denied  { read } for  pid=21817 comm="syz.2.4419" name="vhost-net" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1494.935376][   T29] audit: type=1400 audit(1733995474.599:1919): avc:  denied  { open } for  pid=21817 comm="syz.2.4419" path="/dev/vhost-net" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1495.059253][   T29] audit: type=1400 audit(1733995474.619:1920): avc:  denied  { read } for  pid=21817 comm="syz.2.4419" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1495.193311][   T29] audit: type=1400 audit(1733995474.619:1921): avc:  denied  { open } for  pid=21817 comm="syz.2.4419" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1495.300549][   T29] audit: type=1400 audit(1733995474.619:1922): avc:  denied  { write } for  pid=21817 comm="syz.2.4419" name="sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1495.663345][   T29] audit: type=1400 audit(1733995475.049:1923): avc:  denied  { wake_alarm } for  pid=21817 comm="syz.2.4419" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1495.870661][T21825] openvswitch: netlink: ERSPAN option length err (len 4096, max 255).
[ 1495.891659][    T8] gspca_main: sunplus-2.14.0 probing 04a5:3003
[ 1495.924655][    T8] gspca_sunplus: reg_w_riv err -71
[ 1495.941643][    T8] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[ 1496.067663][    T8] usb 4-1: USB disconnect, device number 106
[ 1496.431333][   T29] audit: type=1400 audit(1733995475.899:1924): avc:  denied  { create } for  pid=21826 comm="syz.2.4421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1496.521417][   T29] audit: type=1400 audit(1733995475.899:1925): avc:  denied  { write } for  pid=21826 comm="syz.2.4421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1496.837778][T21828] pim6reg1: entered promiscuous mode
[ 1496.854000][T21828] pim6reg1: entered allmulticast mode
[ 1500.548482][T21866] syz.0.4429 (21866): drop_caches: 2
[ 1500.904509][   T29] kauditd_printk_skb: 3 callbacks suppressed
[ 1500.904549][   T29] audit: type=1400 audit(1733995480.319:1929): avc:  denied  { create } for  pid=21868 comm="syz.3.4432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[ 1502.030532][   T29] audit: type=1400 audit(1733995481.729:1930): avc:  denied  { write } for  pid=21868 comm="syz.3.4432" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1503.647757][T21876] overlayfs: overlapping lowerdir path
[ 1504.153213][T18533] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 1505.921534][   T29] audit: type=1400 audit(1733995485.629:1931): avc:  denied  { write } for  pid=21900 comm="syz.4.4439" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1505.998918][T21901] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4439'.
[ 1506.013272][T18533] usb 4-1: Using ep0 maxpacket: 32
[ 1506.015523][   T29] audit: type=1400 audit(1733995485.709:1932): avc:  denied  { write } for  pid=21900 comm="syz.4.4439" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1506.032167][T18533] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1506.051721][T18533] usb 4-1: config 0 has no interfaces?
[ 1506.058199][   T29] audit: type=1400 audit(1733995485.719:1933): avc:  denied  { ioctl } for  pid=21900 comm="syz.4.4439" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1506.086532][T18533] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1506.098181][T18533] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1506.106534][T18533] usb 4-1: SerialNumber: syz
[ 1506.121743][T18533] usb 4-1: config 0 descriptor??
[ 1506.149171][T21902] binder: 21900:21902 ioctl c0306201 20000080 returned -14
[ 1506.350958][T21904] support for the xor transformation has been removed.
[ 1507.072241][T21914] overlayfs: overlapping lowerdir path
[ 1507.586045][T21919] macvlan0: entered allmulticast mode
[ 1507.591672][T21919] veth1_vlan: entered allmulticast mode
[ 1507.616645][T21919] veth1_vlan: left allmulticast mode
[ 1507.633532][   T29] audit: type=1400 audit(1733995487.289:1934): avc:  denied  { write } for  pid=21910 comm="syz.4.4443" path="socket:[73221]" dev="sockfs" ino=73221 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1507.681984][   T29] audit: type=1400 audit(1733995487.289:1935): avc:  denied  { bind } for  pid=21910 comm="syz.4.4443" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1507.742790][T21919] macvlan0 (unregistering): left allmulticast mode
[ 1507.909870][T18533] usb 4-1: USB disconnect, device number 107
[ 1508.166331][   T29] audit: type=1400 audit(1733995487.879:1936): avc:  denied  { ioctl } for  pid=21925 comm="syz.2.4447" path="socket:[73953]" dev="sockfs" ino=73953 ioctlcmd=0x48ca scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1508.302029][   T29] audit: type=1400 audit(1733995487.899:1937): avc:  denied  { setopt } for  pid=21925 comm="syz.2.4447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1508.462062][T21934] syz.1.4446 (21934): drop_caches: 2
[ 1509.248345][   T29] audit: type=1400 audit(1733995488.919:1938): avc:  denied  { ioctl } for  pid=21937 comm="syz.0.4449" path="socket:[73239]" dev="sockfs" ino=73239 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1509.279340][   T29] audit: type=1400 audit(1733995488.919:1939): avc:  denied  { bind } for  pid=21937 comm="syz.0.4449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1509.458275][   T29] audit: type=1400 audit(1733995489.169:1940): avc:  denied  { setattr } for  pid=21940 comm="syz.1.4450" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1510.379262][T21951] hugetlbfs: syz.0.4453 (21951): Using mlock ulimits for SHM_HUGETLB is obsolete
[ 1510.721127][T21959] program syz.1.4454 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1510.811641][T21959] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1511.029393][   T29] audit: type=1326 audit(1733995490.739:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.034033][   T29] audit: type=1326 audit(1733995490.769:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.057836][   T29] audit: type=1326 audit(1733995490.799:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.307529][   T29] audit: type=1326 audit(1733995490.829:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.337553][   T29] audit: type=1326 audit(1733995490.829:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.411685][   T29] audit: type=1326 audit(1733995490.829:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.613350][   T29] audit: type=1326 audit(1733995490.839:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.637684][   T29] audit: type=1326 audit(1733995490.839:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.661863][   T29] audit: type=1326 audit(1733995491.749:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.685646][   T29] audit: type=1326 audit(1733995491.749:1950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21965 comm="syz.4.4458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f122957ff19 code=0x7ffc0000
[ 1512.932328][T21977] syz.3.4460 (21977): drop_caches: 2
[ 1512.964344][T21979] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1514.730661][T22007] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4469'.
[ 1514.933588][T22011] loop5: detected capacity change from 0 to 7
[ 1514.941166][T22011] buffer_io_error: 122 callbacks suppressed
[ 1514.941200][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1514.955915][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1514.963954][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1514.972375][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1514.981097][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1514.990511][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1514.998871][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1515.007150][T22011] ldm_validate_partition_table(): Disk read failed.
[ 1515.013958][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1515.022353][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1515.030644][T22011] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1515.039079][T22011] Dev loop5: unable to read RDB block 0
[ 1515.045396][T22011]  loop5: unable to read partition table
[ 1515.051853][T22011] loop5: partition table beyond EOD, truncated
[ 1515.058203][T22011] loop_reread_partitions: partition scan of loop5 (�被x������ڬ��dƤ����ݡ�����
[ 1515.058203][T22011] 
) failed (rc=-5)
[ 1515.655915][T22003] IPVS: length: 24 != 3096
[ 1515.724192][    T8] usb 1-1: new high-speed USB device number 117 using dummy_hcd
[ 1516.741078][T22025] overlayfs: overlapping lowerdir path
[ 1517.037729][T22028] syz.4.4474 (22028): drop_caches: 2
[ 1517.129372][    T8] usb 1-1: device descriptor read/all, error -71
[ 1517.458217][T22040] syz.4.4477: attempt to access beyond end of device
[ 1517.458217][T22040] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1517.539606][T22047] binder_alloc: 22043: binder_alloc_buf size 72057594037927936 failed, no address space
[ 1517.549885][T22047] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[ 1518.595972][T22054] overlayfs: overlapping lowerdir path
[ 1518.820477][T22059] loop5: detected capacity change from 0 to 7
[ 1518.830008][T22059] ldm_validate_partition_table(): Disk read failed.
[ 1518.837945][T22059] Dev loop5: unable to read RDB block 0
[ 1518.843946][T22059]  loop5: unable to read partition table
[ 1518.850298][T22059] loop5: partition table beyond EOD, truncated
[ 1518.856605][T22059] loop_reread_partitions: partition scan of loop5 (�被x������ڬ��dƤ����ݡ�����
[ 1518.856605][T22059] 
) failed (rc=-5)
[ 1519.796307][T22062] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4483'.
[ 1519.910823][T22067] syz.2.4486 (22067): drop_caches: 2
[ 1520.994243][   T29] kauditd_printk_skb: 18 callbacks suppressed
[ 1520.994280][   T29] audit: type=1400 audit(1733995499.809:1969): avc:  denied  { write } for  pid=22072 comm="syz.0.4487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1521.084659][    T8] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1521.304283][    T8] usb 3-1: Using ep0 maxpacket: 32
[ 1521.317105][    T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1521.354159][    T8] usb 3-1: config 0 has no interface number 0
[ 1521.374889][    T8] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1521.468214][    T8] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1521.497382][    T8] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1521.511105][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1521.525460][    T8] usb 3-1: config 0 descriptor??
[ 1521.733204][   T29] audit: type=1400 audit(1733995501.439:1970): avc:  denied  { egress } for  pid=24 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[ 1521.977765][    T8] usbhid 3-1:0.1: can't add hid device: -71
[ 1521.987760][   T29] audit: type=1400 audit(1733995501.439:1971): avc:  denied  { sendto } for  pid=24 comm="ksoftirqd/1" saddr=fe80::1b daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[ 1521.999396][    T8] usbhid 3-1:0.1: probe with driver usbhid failed with error -71
[ 1522.106307][    T8] usb 3-1: USB disconnect, device number 69
[ 1522.150045][T22101] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[ 1522.858565][T22111] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4498'.
[ 1523.304403][    T8] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[ 1523.981656][    T8] usb 1-1: Using ep0 maxpacket: 8
[ 1524.206528][T22125] binder: 22117:22125 ioctl c0306201 0 returned -14
[ 1524.976038][    T8] usb 1-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 4.c9
[ 1524.999888][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1525.240626][    T8] usb 1-1: Product: syz
[ 1525.245990][    T8] usb 1-1: Manufacturer: syz
[ 1525.250591][    T8] usb 1-1: SerialNumber: syz
[ 1525.260409][    T8] usb 1-1: config 0 descriptor??
[ 1525.277063][    T8] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[ 1525.294431][    T8] ftdi_sio ttyUSB0: unknown device type: 0x4c9
[ 1525.499390][ T5867] usb 1-1: USB disconnect, device number 119
[ 1525.506548][ T5867] ftdi_sio 1-1:0.0: device disconnected
[ 1525.826602][T22142] syz.3.4506: attempt to access beyond end of device
[ 1525.826602][T22142] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1525.875699][   T29] audit: type=1400 audit(1733995505.589:1972): avc:  denied  { bind } for  pid=22141 comm="syz.1.4507" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1526.176392][T22148] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4510'.
[ 1526.471982][   T29] audit: type=1400 audit(1733995506.179:1973): avc:  denied  { unmount } for  pid=22153 comm="syz.1.4512" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 1526.570265][   T29] audit: type=1400 audit(1733995506.229:1974): avc:  denied  { mounton } for  pid=22153 comm="syz.1.4512" path="/" dev="ramfs" ino=74422 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[ 1527.938024][T22167] netlink: 'syz.1.4514': attribute type 16 has an invalid length.
[ 1527.952117][T22167] netlink: 'syz.1.4514': attribute type 3 has an invalid length.
[ 1527.979509][T22167] netlink: 'syz.1.4514': attribute type 1 has an invalid length.
[ 1527.995052][T22167] netlink: 'syz.1.4514': attribute type 2 has an invalid length.
[ 1528.002845][T22167] netlink: 64022 bytes leftover after parsing attributes in process `syz.1.4514'.
[ 1528.033247][   T29] audit: type=1400 audit(1733995507.709:1975): avc:  denied  { getopt } for  pid=22149 comm="syz.2.4509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1528.889911][ T5920] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1529.056596][ T5920] usb 2-1: Using ep0 maxpacket: 8
[ 1529.077038][ T5920] usb 2-1: config 0 has an invalid interface number: 7 but max is 0
[ 1529.135145][   T29] audit: type=1400 audit(1733995508.849:1976): avc:  denied  { read } for  pid=22183 comm="syz.3.4520" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1529.145376][ T5920] usb 2-1: config 0 has no interface number 0
[ 1529.185752][   T29] audit: type=1400 audit(1733995508.849:1977): avc:  denied  { open } for  pid=22183 comm="syz.3.4520" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1529.211992][   T29] audit: type=1400 audit(1733995508.879:1978): avc:  denied  { watch } for  pid=22183 comm="syz.3.4520" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[ 1529.222230][ T5920] usb 2-1: New USB device found, idVendor=0f3d, idProduct=68a3, bcdDevice=14.f8
[ 1529.245914][   T29] audit: type=1400 audit(1733995508.879:1979): avc:  denied  { watch_sb } for  pid=22183 comm="syz.3.4520" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1529.272236][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1529.281672][ T5920] usb 2-1: Product: syz
[ 1529.289978][ T5920] usb 2-1: Manufacturer: syz
[ 1529.297064][ T5920] usb 2-1: SerialNumber: syz
[ 1529.305655][ T5920] usb 2-1: config 0 descriptor??
[ 1529.321460][ T5920] usb 2-1: Expected 3 endpoints, found: 0
[ 1529.425468][T14905] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 1529.847488][   T29] audit: type=1400 audit(1733995509.559:1980): avc:  denied  { getopt } for  pid=22174 comm="syz.1.4516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1530.486939][T14905] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1530.507192][T14905] usb 4-1: config 0 has no interfaces?
[ 1530.520384][T14905] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1530.541723][T14905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1530.670915][T22201] tmpfs: Unknown parameter 'usrquota]���!PX`�08�l��%����[S��~}�<�1�w
[ 1530.670915][T22201] �BHf4�!'
[ 1531.506287][T14905] usb 4-1: config 0 descriptor??
[ 1531.622272][   T46] usb 2-1: USB disconnect, device number 121
[ 1531.788761][T14905] usb 4-1: string descriptor 0 read error: -71
[ 1531.831849][T14905] usb 4-1: USB disconnect, device number 108
[ 1532.740326][T22217] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4529'.
[ 1533.364842][T22227] binder: 22222:22227 ioctl c0306201 0 returned -14
[ 1535.087970][T22237] overlayfs: overlapping lowerdir path
[ 1535.956113][   T29] audit: type=1400 audit(1733995515.659:1981): avc:  denied  { append } for  pid=22249 comm="syz.1.4536" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[ 1536.004039][   T29] audit: type=1400 audit(1733995515.669:1982): avc:  denied  { ioctl } for  pid=22249 comm="syz.1.4536" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1536.133980][   T46] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[ 1536.208015][T22260] FAULT_INJECTION: forcing a failure.
[ 1536.208015][T22260] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1536.324355][T22260] CPU: 0 UID: 0 PID: 22260 Comm: syz.1.4540 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1536.335168][T22260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1536.345221][T22260] Call Trace:
[ 1536.348504][T22260]  <TASK>
[ 1536.351442][T22260]  dump_stack_lvl+0x16c/0x1f0
[ 1536.356143][T22260]  should_fail_ex+0x497/0x5b0
[ 1536.360840][T22260]  _copy_to_user+0x32/0xd0
[ 1536.365276][T22260]  simple_read_from_buffer+0xd0/0x160
[ 1536.370671][T22260]  proc_fail_nth_read+0x198/0x270
[ 1536.375717][T22260]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1536.381282][T22260]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1536.386849][T22260]  vfs_read+0x1df/0xbe0
[ 1536.391029][T22260]  ? __fget_files+0x1fc/0x3a0
[ 1536.395730][T22260]  ? __pfx___mutex_lock+0x10/0x10
[ 1536.400771][T22260]  ? __pfx_vfs_read+0x10/0x10
[ 1536.405468][T22260]  ? __fget_files+0x206/0x3a0
[ 1536.410162][T22260]  ksys_read+0x12b/0x250
[ 1536.414417][T22260]  ? __pfx_ksys_read+0x10/0x10
[ 1536.419199][T22260]  do_syscall_64+0xcd/0x250
[ 1536.423719][T22260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.429626][T22260] RIP: 0033:0x7f7298d7e92c
[ 1536.433710][   T46] usb 1-1: Using ep0 maxpacket: 16
[ 1536.434034][T22260] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1536.458751][T22260] RSP: 002b:00007f7299acb050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1536.467172][T22260] RAX: ffffffffffffffda RBX: 00007f7298f45fa0 RCX: 00007f7298d7e92c
[ 1536.475150][T22260] RDX: 000000000000000f RSI: 00007f7299acb0b0 RDI: 0000000000000004
[ 1536.483116][T22260] RBP: 00007f7299acb0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1536.491091][T22260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1536.499064][T22260] R13: 0000000000000000 R14: 00007f7298f45fa0 R15: 00007ffc97fa1118
[ 1536.507060][T22260]  </TASK>
[ 1536.537781][   T46] usb 1-1: New USB device found, idVendor=0582, idProduct=00e6, bcdDevice=4e.06
[ 1536.553130][   T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1536.599790][   T46] usb 1-1: Product: syz
[ 1536.609690][   T46] usb 1-1: Manufacturer: syz
[ 1536.621736][   T46] usb 1-1: SerialNumber: syz
[ 1536.648399][   T46] usb 1-1: config 0 descriptor??
[ 1536.752183][T19548] udevd[19548]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1536.839124][   T29] audit: type=1326 audit(1733995516.549:1983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1536.870686][T22265] syz.1.4541[22265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1536.870795][T22265] syz.1.4541[22265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1536.876048][   T29] audit: type=1326 audit(1733995516.549:1984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1536.895434][T22252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1536.920355][T22265] syz.1.4541[22265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1536.930486][T22252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1536.972017][T22267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4541'.
[ 1537.213475][   T29] audit: type=1326 audit(1733995516.579:1985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1537.251961][   T29] audit: type=1326 audit(1733995516.579:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1537.275940][   T29] audit: type=1326 audit(1733995516.579:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1537.302589][   T29] audit: type=1326 audit(1733995516.579:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1537.326601][   T29] audit: type=1326 audit(1733995516.709:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1537.350398][   T29] audit: type=1326 audit(1733995516.709:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22263 comm="syz.1.4541" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7298d7ff19 code=0x7ffc0000
[ 1538.062878][T22286] overlayfs: overlapping lowerdir path
[ 1538.968425][T22294] o2cb: This node has not been configured.
[ 1539.004472][T22294] o2cb: Cluster check failed. Fix errors before retrying.
[ 1539.011670][T22294] (syz.4.4549,22294,0):user_dlm_register:674 ERROR: status = -22
[ 1539.040850][ T5920] usb 1-1: USB disconnect, device number 120
[ 1539.113143][T22294] (syz.4.4549,22294,1):dlmfs_mkdir:436 ERROR: Error -22 could not register domain "bus"
[ 1539.444186][T14905] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1539.613207][T14905] usb 2-1: Using ep0 maxpacket: 16
[ 1539.620002][T14905] usb 2-1: config 128 has an invalid interface number: 61 but max is 0
[ 1539.630076][T14905] usb 2-1: config 128 has no interface number 0
[ 1539.650881][T14905] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=25.84
[ 1539.661570][T14905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1539.671836][T14905] usb 2-1: Product: syz
[ 1539.677366][T14905] usb 2-1: Manufacturer: syz
[ 1539.682127][T14905] usb 2-1: SerialNumber: syz
[ 1539.703407][   T46] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1539.899219][T22297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1539.914711][T22297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1539.951062][T14905] cx82310_eth 2-1:128.61: probe with driver cx82310_eth failed with error -22
[ 1540.036927][T14905] cxacru 2-1:128.61: usbatm_usb_probe: bind failed: -19!
[ 1540.055054][   T46] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1540.066101][   T46] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1540.087147][   T46] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1540.087608][T14905] usb 2-1: USB disconnect, device number 122
[ 1540.136620][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1540.156031][T22302] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1540.169549][   T46] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1541.626895][T14905] usb 5-1: USB disconnect, device number 108
[ 1543.530691][   T29] kauditd_printk_skb: 8 callbacks suppressed
[ 1543.530704][   T29] audit: type=1400 audit(1733995523.239:1999): avc:  denied  { read } for  pid=22353 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1543.621532][   T29] audit: type=1400 audit(1733995523.279:2000): avc:  denied  { open } for  pid=22353 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1543.646761][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1543.761083][   T29] audit: type=1400 audit(1733995523.279:2001): avc:  denied  { getattr } for  pid=22353 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1706 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1543.786538][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1544.380254][   T29] audit: type=1400 audit(1733995524.069:2002): avc:  denied  { write } for  pid=22351 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1705 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1544.492256][   T29] audit: type=1400 audit(1733995524.069:2003): avc:  denied  { add_name } for  pid=22351 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1544.988170][   T29] audit: type=1400 audit(1733995524.069:2004): avc:  denied  { create } for  pid=22351 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1545.409268][   T29] audit: type=1400 audit(1733995524.069:2005): avc:  denied  { write } for  pid=22351 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.sl0.link" dev="tmpfs" ino=16051 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1545.583283][   T29] audit: type=1400 audit(1733995524.069:2006): avc:  denied  { append } for  pid=22351 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" dev="tmpfs" ino=16051 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1545.779339][   T29] audit: type=1400 audit(1733995524.699:2007): avc:  denied  { remove_name } for  pid=22370 comm="rm" name="resolv.conf.sl0.link" dev="tmpfs" ino=16051 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1545.914193][   T29] audit: type=1400 audit(1733995524.699:2008): avc:  denied  { unlink } for  pid=22370 comm="rm" name="resolv.conf.sl0.link" dev="tmpfs" ino=16051 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1546.615495][T22388] FAULT_INJECTION: forcing a failure.
[ 1546.615495][T22388] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1546.629668][T22388] CPU: 0 UID: 0 PID: 22388 Comm: syz.4.4568 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1546.640421][T22388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1546.650460][T22388] Call Trace:
[ 1546.653721][T22388]  <TASK>
[ 1546.656633][T22388]  dump_stack_lvl+0x16c/0x1f0
[ 1546.661299][T22388]  should_fail_ex+0x497/0x5b0
[ 1546.665983][T22388]  _copy_to_user+0x32/0xd0
[ 1546.670441][T22388]  simple_read_from_buffer+0xd0/0x160
[ 1546.675810][T22388]  proc_fail_nth_read+0x198/0x270
[ 1546.680836][T22388]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1546.686383][T22388]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1546.691925][T22388]  vfs_read+0x1df/0xbe0
[ 1546.696089][T22388]  ? __fget_files+0x1fc/0x3a0
[ 1546.700755][T22388]  ? __pfx___mutex_lock+0x10/0x10
[ 1546.705769][T22388]  ? __pfx_vfs_read+0x10/0x10
[ 1546.710434][T22388]  ? __fget_files+0x206/0x3a0
[ 1546.715112][T22388]  ksys_read+0x12b/0x250
[ 1546.719349][T22388]  ? __pfx_ksys_read+0x10/0x10
[ 1546.724097][T22388]  do_syscall_64+0xcd/0x250
[ 1546.728606][T22388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1546.734495][T22388] RIP: 0033:0x7f122957e92c
[ 1546.738896][T22388] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1546.759028][T22388] RSP: 002b:00007f122a3f3050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1546.767428][T22388] RAX: ffffffffffffffda RBX: 00007f1229745fa0 RCX: 00007f122957e92c
[ 1546.775383][T22388] RDX: 000000000000000f RSI: 00007f122a3f30b0 RDI: 0000000000000005
[ 1546.783343][T22388] RBP: 00007f122a3f30a0 R08: 0000000000000000 R09: 0000000000000000
[ 1546.791300][T22388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1546.799258][T22388] R13: 0000000000000000 R14: 00007f1229745fa0 R15: 00007ffcf2d11f08
[ 1546.807223][T22388]  </TASK>
[ 1547.334668][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[ 1548.031174][T16892] bridge0: port 3(syz_tun) entered disabled state
[ 1548.150787][T16892] syz_tun (unregistering): left allmulticast mode
[ 1548.166362][T16892] syz_tun (unregistering): left promiscuous mode
[ 1548.172805][T16892] bridge0: port 3(syz_tun) entered disabled state
[ 1548.931274][   T29] kauditd_printk_skb: 1 callbacks suppressed
[ 1548.938083][   T29] audit: type=1400 audit(1733995528.609:2010): avc:  denied  { getopt } for  pid=22420 comm="syz.4.4578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1549.815409][   T29] audit: type=1400 audit(1733995529.529:2011): avc:  denied  { bind } for  pid=22422 comm="syz.1.4577" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1549.898601][   T29] audit: type=1400 audit(1733995529.559:2012): avc:  denied  { name_bind } for  pid=22422 comm="syz.1.4577" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1549.919611][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1550.009962][   T29] audit: type=1400 audit(1733995529.559:2013): avc:  denied  { node_bind } for  pid=22422 comm="syz.1.4577" saddr=127.0.0.1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[ 1550.401021][   T29] audit: type=1400 audit(1733995530.109:2014): avc:  denied  { setattr } for  pid=22435 comm="syz.4.4583" name="RFCOMM" dev="sockfs" ino=76130 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1550.424322][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1550.482746][   T29] audit: type=1400 audit(1733995530.159:2015): avc:  denied  { getopt } for  pid=22435 comm="syz.4.4583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1550.604598][   T29] audit: type=1400 audit(1733995530.159:2016): avc:  denied  { ioctl } for  pid=22435 comm="syz.4.4583" path="socket:[76132]" dev="sockfs" ino=76132 ioctlcmd=0x943e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1550.842534][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1550.882241][   T29] audit: type=1400 audit(1733995530.179:2017): avc:  denied  { bind } for  pid=22422 comm="syz.1.4577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1550.882241][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1550.882286][   T29] audit: type=1400 audit(1733995530.189:2018): avc:  denied  { connect } for  pid=22422 comm="syz.1.4577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1550.938002][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1551.004870][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1551.027598][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1551.036913][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1551.077070][T22453] netlink: 'syz.0.4585': attribute type 1 has an invalid length.
[ 1551.134343][   T29] audit: type=1400 audit(1733995530.189:2019): avc:  denied  { create } for  pid=22422 comm="syz.1.4577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1551.204228][T22447] lo speed is unknown, defaulting to 1000
[ 1551.224586][T22453] bond1: entered promiscuous mode
[ 1551.244328][T22453] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1551.474530][T22447] chnl_net:caif_netlink_parms(): no params data found
[ 1551.733266][ T5867] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[ 1551.906108][T22447] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1551.929834][ T5867] usb 1-1: config 0 has an invalid interface number: 249 but max is 1
[ 1551.943633][ T5867] usb 1-1: config 0 has an invalid interface number: 5 but max is 1
[ 1551.944149][T22447] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1551.962405][T22447] bridge_slave_0: entered allmulticast mode
[ 1552.248356][T22447] bridge_slave_0: entered promiscuous mode
[ 1552.427237][ T5867] usb 1-1: config 0 has an invalid descriptor of length 77, skipping remainder of the config
[ 1552.439064][T22447] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1552.441953][ T5867] usb 1-1: config 0 has no interface number 0
[ 1552.460480][ T5867] usb 1-1: config 0 has no interface number 1
[ 1552.467027][ T5867] usb 1-1: config 0 interface 249 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 6
[ 1552.480488][ T5867] usb 1-1: too many endpoints for config 0 interface 5 altsetting 6: 171, using maximum allowed: 30
[ 1552.491474][ T5867] usb 1-1: config 0 interface 5 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 171
[ 1552.504700][ T5867] usb 1-1: config 0 interface 5 has no altsetting 0
[ 1552.511352][ T5867] usb 1-1: New USB device found, idVendor=04ca, idProduct=8602, bcdDevice=18.6f
[ 1552.520540][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1552.530342][T22447] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1552.537778][T22447] bridge_slave_1: entered allmulticast mode
[ 1552.544924][T22447] bridge_slave_1: entered promiscuous mode
[ 1552.559713][ T5867] usb 1-1: config 0 descriptor??
[ 1552.779180][T22447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1552.789815][ T5867] usb 1-1: string descriptor 0 read error: -71
[ 1552.803319][ T5867] usb 1-1: USB disconnect, device number 121
[ 1553.035286][T22447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1553.164007][ T5826] Bluetooth: hci0: command tx timeout
[ 1553.207797][T22447] team0: Port device team_slave_0 added
[ 1553.264120][T22447] team0: Port device team_slave_1 added
[ 1553.327400][T22447] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1553.354352][T22447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1553.394046][T22447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1553.417426][T22447] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1553.425783][T22447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1553.474148][T22447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1553.577240][T22447] hsr_slave_0: entered promiscuous mode
[ 1553.583505][ T5867] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1553.619426][T22447] hsr_slave_1: entered promiscuous mode
[ 1553.718382][T22447] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1553.726178][T22447] Cannot create hsr debugfs directory
[ 1553.763117][T18533] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1553.770998][ T5867] usb 3-1: device descriptor read/64, error -71
[ 1553.950658][T18533] usb 2-1: Using ep0 maxpacket: 32
[ 1553.965189][T18533] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1553.995038][T18533] usb 2-1: New USB device found, idVendor=0e8d, idProduct=0003, bcdDevice=b2.0b
[ 1554.024256][T18533] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1554.044632][T18533] usb 2-1: Product: syz
[ 1554.049797][T18533] usb 2-1: Manufacturer: syz
[ 1554.057377][T18533] usb 2-1: SerialNumber: syz
[ 1554.065255][ T5867] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1554.076906][T18533] usb 2-1: config 0 descriptor??
[ 1554.178900][T22497] FAULT_INJECTION: forcing a failure.
[ 1554.178900][T22497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1554.194282][T22497] CPU: 0 UID: 0 PID: 22497 Comm: syz.0.4595 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1554.205063][T22497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1554.215120][T22497] Call Trace:
[ 1554.218394][T22497]  <TASK>
[ 1554.221320][T22497]  dump_stack_lvl+0x16c/0x1f0
[ 1554.226056][T22497]  should_fail_ex+0x497/0x5b0
[ 1554.230738][T22497]  _copy_to_user+0x32/0xd0
[ 1554.235163][T22497]  simple_read_from_buffer+0xd0/0x160
[ 1554.240546][T22497]  proc_fail_nth_read+0x198/0x270
[ 1554.245598][T22497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1554.251155][T22497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1554.256701][T22497]  vfs_read+0x1df/0xbe0
[ 1554.260854][T22497]  ? __fget_files+0x1fc/0x3a0
[ 1554.265527][T22497]  ? __pfx___mutex_lock+0x10/0x10
[ 1554.270552][T22497]  ? __pfx_vfs_read+0x10/0x10
[ 1554.275232][T22497]  ? __fget_files+0x206/0x3a0
[ 1554.279909][T22497]  ksys_read+0x12b/0x250
[ 1554.284143][T22497]  ? __pfx_ksys_read+0x10/0x10
[ 1554.288905][T22497]  do_syscall_64+0xcd/0x250
[ 1554.293408][T22497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1554.299298][T22497] RIP: 0033:0x7f977b17e92c
[ 1554.303706][T22497] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1554.323317][T22497] RSP: 002b:00007f977bf1a050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1554.331729][T22497] RAX: ffffffffffffffda RBX: 00007f977b346160 RCX: 00007f977b17e92c
[ 1554.339695][T22497] RDX: 000000000000000f RSI: 00007f977bf1a0b0 RDI: 0000000000000008
[ 1554.347657][T22497] RBP: 00007f977bf1a0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1554.355638][T22497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1554.363622][T22497] R13: 0000000000000000 R14: 00007f977b346160 R15: 00007fffb6e06338
[ 1554.371608][T22497]  </TASK>
[ 1554.472904][T22489] binder: BC_ATTEMPT_ACQUIRE not supported
[ 1554.480844][T22489] binder: 22488:22489 ioctl c0306201 20000540 returned -22
[ 1554.500162][T22447] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1554.557151][T22447] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1554.570044][T22489] binder: 22488:22489 ioctl 8933 20004080 returned -22
[ 1554.578795][T22447] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1554.617147][T14905] usb 2-1: USB disconnect, device number 123
[ 1554.659244][T22447] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1554.753925][ T5867] usb 3-1: device descriptor read/64, error -71
[ 1554.777856][T22447] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1554.823927][T18533] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 1554.877729][ T5867] usb usb3-port1: attempt power cycle
[ 1554.917113][T22447] 8021q: adding VLAN 0 to HW filter on device team0
[ 1554.993243][T18533] usb 5-1: Using ep0 maxpacket: 32
[ 1555.010667][T18533] usb 5-1: config 1 interface 0 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16
[ 1555.050235][T18533] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1555.108402][T18533] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1555.133261][ T6498] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1555.140460][ T6498] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1555.150710][T18533] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1555.154704][ T6498] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1555.160063][T18533] usb 5-1: Manufacturer: О
[ 1555.165967][ T6498] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1555.170422][T18533] usb 5-1: SerialNumber: 熕൳⬸낗뼆鸯럩旑䵏ﬞ䝥Ѳ쵫胉쓍싇隰ᐢᗅ᥹㜁⽿⎓颁헄ᵑ됹ೆⰶ雚臭ࣙ䤁㿿曰훮穉쀢॔娭뽲ꔛ鋂콢薂襴胸ꫛ潊睘킺ង텒Ⓠ꯰涧䰶ʗꗾড়朇ꤛ襘䎪ಱϘ㑤і꓄뽶持䵨䃐漓꒨먡馃ᦞ겞忹蛝蚤識ꔯ睸㬘渴鋗෻⢺崲䡹顱㩈쬒嗮
[ 1555.283358][ T5867] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[ 1555.284279][ T5826] Bluetooth: hci0: command tx timeout
[ 1555.326667][ T5867] usb 3-1: device descriptor read/8, error -71
[ 1555.413546][T22493] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1555.604235][ T5867] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[ 1555.649197][ T5867] usb 3-1: device descriptor read/8, error -71
[ 1556.374973][ T5867] usb usb3-port1: unable to enumerate USB device
[ 1556.442181][   T29] kauditd_printk_skb: 2 callbacks suppressed
[ 1556.442192][   T29] audit: type=1400 audit(1733995536.149:2022): avc:  denied  { setopt } for  pid=22514 comm="syz.0.4599" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1556.542183][ T6498] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1556.549215][T18533] usb 5-1: USB disconnect, device number 109
[ 1556.567216][   T29] audit: type=1400 audit(1733995536.279:2023): avc:  denied  { setattr } for  pid=22514 comm="syz.0.4599" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1556.631643][T22447] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1557.436485][T16640] Bluetooth: hci0: command tx timeout
[ 1557.633337][   T29] audit: type=1400 audit(1733995537.339:2024): avc:  denied  { read write } for  pid=22519 comm="syz.2.4601" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1557.722042][   T29] audit: type=1400 audit(1733995537.339:2025): avc:  denied  { open } for  pid=22519 comm="syz.2.4601" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1557.727053][T22532] FAULT_INJECTION: forcing a failure.
[ 1557.727053][T22532] name failslab, interval 1, probability 0, space 0, times 0
[ 1557.763484][T22532] CPU: 1 UID: 0 PID: 22532 Comm: syz.1.4602 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1557.774291][T22532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1557.784361][T22532] Call Trace:
[ 1557.787643][T22532]  <TASK>
[ 1557.790580][T22532]  dump_stack_lvl+0x16c/0x1f0
[ 1557.795286][T22532]  should_fail_ex+0x497/0x5b0
[ 1557.799988][T22532]  ? fs_reclaim_acquire+0xae/0x150
[ 1557.805126][T22532]  should_failslab+0xc2/0x120
[ 1557.809822][T22532]  __kmalloc_noprof+0xcb/0x510
[ 1557.814612][T22532]  snd_pcm_plugin_build+0x434/0x650
[ 1557.819869][T22532]  snd_pcm_plugin_build_mulaw+0x281/0x7a0
[ 1557.825603][T22532]  ? __pfx_mulaw_encode+0x10/0x10
[ 1557.830617][T22532]  ? __pfx_snd_pcm_plugin_build_mulaw+0x10/0x10
[ 1557.836899][T22532]  ? snd_pcm_hw_params+0xce/0x1b20
[ 1557.842048][T22532]  snd_pcm_plug_format_plugins+0xbeb/0x1440
[ 1557.847941][T22532]  ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10
[ 1557.854263][T22532]  ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10
[ 1557.861100][T22532]  snd_pcm_oss_change_params_locked+0x2e95/0x3a60
[ 1557.867511][T22532]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1557.874263][T22532]  ? snd_pcm_oss_read+0x374/0x750
[ 1557.879306][T22532]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[ 1557.885188][T22532]  snd_pcm_oss_read+0x396/0x750
[ 1557.890038][T22532]  ? bpf_lsm_file_permission+0x9/0x10
[ 1557.895429][T22532]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[ 1557.900791][T22532]  vfs_read+0x1df/0xbe0
[ 1557.904930][T22532]  ? __fget_files+0x1fc/0x3a0
[ 1557.909589][T22532]  ? __pfx_lock_release+0x10/0x10
[ 1557.914599][T22532]  ? __pfx_vfs_read+0x10/0x10
[ 1557.919264][T22532]  ? lock_acquire+0x2f/0xb0
[ 1557.923764][T22532]  ? __fget_files+0x40/0x3a0
[ 1557.928356][T22532]  ? __fget_files+0x206/0x3a0
[ 1557.933027][T22532]  ksys_read+0x12b/0x250
[ 1557.937264][T22532]  ? __pfx_ksys_read+0x10/0x10
[ 1557.942009][T22532]  do_syscall_64+0xcd/0x250
[ 1557.946498][T22532]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1557.952374][T22532] RIP: 0033:0x7f7298d7ff19
[ 1557.956771][T22532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1557.976363][T22532] RSP: 002b:00007f7299acb058 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1557.984766][T22532] RAX: ffffffffffffffda RBX: 00007f7298f45fa0 RCX: 00007f7298d7ff19
[ 1557.992718][T22532] RDX: 0000000000002020 RSI: 00000000200023c0 RDI: 0000000000000007
[ 1558.000683][T22532] RBP: 00007f7299acb0a0 R08: 0000000000000000 R09: 0000000000000000
[ 1558.008643][T22532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1558.016598][T22532] R13: 0000000000000000 R14: 00007f7298f45fa0 R15: 00007ffc97fa1118
[ 1558.024573][T22532]  </TASK>
[ 1558.044394][   T29] audit: type=1400 audit(1733995537.339:2026): avc:  denied  { ioctl } for  pid=22519 comm="syz.2.4601" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1558.154944][T22447] veth0_vlan: entered promiscuous mode
[ 1558.189724][T22447] veth1_vlan: entered promiscuous mode
[ 1558.268601][T22447] veth0_macvtap: entered promiscuous mode
[ 1558.292975][T22447] veth1_macvtap: entered promiscuous mode
[ 1558.357404][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1558.371392][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1558.382125][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1558.423206][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1558.443752][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1558.479242][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1558.503193][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1558.523420][ T5826] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1558.524174][T16640] Bluetooth: hci4: command 0x1003 tx timeout
[ 1558.533623][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1558.666756][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1558.764590][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1558.796463][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1558.864167][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1558.891712][   T29] audit: type=1400 audit(1733995538.599:2027): avc:  denied  { map } for  pid=22535 comm="syz.4.4603" path="socket:[76551]" dev="sockfs" ino=76551 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1558.918002][T22447] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1558.961697][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1559.002579][   T29] audit: type=1400 audit(1733995538.599:2028): avc:  denied  { read } for  pid=22535 comm="syz.4.4603" path="socket:[76551]" dev="sockfs" ino=76551 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1559.012120][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1559.085645][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1559.100975][   T29] audit: type=1400 audit(1733995538.669:2029): avc:  denied  { create } for  pid=22535 comm="syz.4.4603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[ 1559.121377][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1559.121449][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1559.121466][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1559.121487][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1559.121501][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1559.121522][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1559.121536][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1559.121558][T22447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1559.121572][T22447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1559.140304][T22447] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1559.265141][T22540] netlink: 'syz.0.4604': attribute type 21 has an invalid length.
[ 1559.289745][T22540] netlink: 132 bytes leftover after parsing attributes in process `syz.0.4604'.
[ 1559.335621][T22447] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.360936][T22447] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.410841][T22447] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.459577][T22447] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1559.496920][ T5826] Bluetooth: hci0: command tx timeout
[ 1559.852505][  T238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1559.861289][  T238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1559.880154][   T29] audit: type=1400 audit(1733995539.579:2030): avc:  denied  { bind } for  pid=22559 comm="syz.2.4611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1559.880716][ T6498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1559.901123][   T29] audit: type=1400 audit(1733995539.579:2031): avc:  denied  { listen } for  pid=22559 comm="syz.2.4611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1560.007952][ T6498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1560.344456][T22569] usb usb8: usbfs: process 22569 (syz.4.4609) did not claim interface 0 before use
[ 1560.861937][T22584] binder: 22577:22584 ioctl c0306201 0 returned -14
[ 1561.564935][T22583] overlayfs: overlapping lowerdir path
[ 1561.732541][   T29] kauditd_printk_skb: 9 callbacks suppressed
[ 1561.732557][   T29] audit: type=1400 audit(1733995541.439:2041): avc:  denied  { bind } for  pid=22591 comm="syz.0.4617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1561.761715][T22598] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4619'.
[ 1561.776406][T22592] tmpfs: Bad value for 'mpol'
[ 1562.073412][T18533] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1562.161674][T22606] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1562.754800][T18533] usb 2-1: Using ep0 maxpacket: 32
[ 1562.761821][T18533] usb 2-1: config 1 interface 0 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16
[ 1562.772107][T18533] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1562.794317][T18533] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1562.803658][T18533] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1562.812506][T18533] usb 2-1: Manufacturer: О
[ 1562.825386][T18533] usb 2-1: SerialNumber: 熕൳⬸낗뼆鸯럩旑䵏ﬞ䝥Ѳ쵫胉쓍싇隰ᐢᗅ᥹㜁⽿⎓颁헄ᵑ됹ೆⰶ雚臭ࣙ䤁㿿曰훮穉쀢॔娭뽲ꔛ鋂콢薂襴胸ꫛ潊睘킺ង텒Ⓠ꯰涧䰶ʗꗾড়朇ꤛ襘䎪ಱϘ㑤і꓄뽶持䵨䃐漓꒨먡馃ᦞ겞忹蛝蚤識ꔯ睸㬘渴鋗෻⢺崲䡹顱㩈쬒嗮
[ 1563.314904][T22588] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1564.265210][T18533] usb 2-1: USB disconnect, device number 124
[ 1564.555735][T22624] binder: 22616:22624 ioctl c0306201 0 returned -14
[ 1564.877215][T22628] netlink: 56 bytes leftover after parsing attributes in process `syz.5.4627'.
[ 1565.229422][T22632] syz.4.4629 (22632): drop_caches: 2
[ 1565.415667][    T8] IPVS: starting estimator thread 0...
[ 1565.516278][T22643] IPVS: using max 25 ests per chain, 60000 per kthread
[ 1566.088172][T22653] netlink: 'syz.0.4634': attribute type 4 has an invalid length.
[ 1566.337759][   T29] audit: type=1400 audit(1733995546.049:2042): avc:  denied  { bind } for  pid=22658 comm="syz.1.4639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1566.417069][   T29] audit: type=1400 audit(1733995546.069:2043): avc:  denied  { write } for  pid=22658 comm="syz.1.4639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1567.682802][T22660] overlayfs: overlapping lowerdir path
[ 1568.141591][T22672] binder: 22671:22672 ioctl c0306201 0 returned -14
[ 1568.663869][T22680] FAULT_INJECTION: forcing a failure.
[ 1568.663869][T22680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1568.677117][T22680] CPU: 1 UID: 0 PID: 22680 Comm: syz.1.4642 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1568.687899][T22680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1568.697964][T22680] Call Trace:
[ 1568.701252][T22680]  <TASK>
[ 1568.704197][T22680]  dump_stack_lvl+0x16c/0x1f0
[ 1568.708891][T22680]  should_fail_ex+0x497/0x5b0
[ 1568.713607][T22680]  _copy_from_user+0x2e/0xd0
[ 1568.718211][T22680]  copy_msghdr_from_user+0x99/0x160
[ 1568.723425][T22680]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1568.729258][T22680]  ___sys_sendmsg+0xff/0x1e0
[ 1568.733867][T22680]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1568.739091][T22680]  ? __pfx_lock_release+0x10/0x10
[ 1568.744126][T22680]  ? trace_lock_acquire+0x14e/0x1f0
[ 1568.749356][T22680]  ? __fget_files+0x206/0x3a0
[ 1568.754055][T22680]  __sys_sendmsg+0x16e/0x220
[ 1568.758702][T22680]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1568.763853][T22680]  do_syscall_64+0xcd/0x250
[ 1568.768375][T22680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1568.774279][T22680] RIP: 0033:0x7f7298d7ff19
[ 1568.778702][T22680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1568.798325][T22680] RSP: 002b:00007f7296bf6058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1568.806763][T22680] RAX: ffffffffffffffda RBX: 00007f7298f46160 RCX: 00007f7298d7ff19
[ 1568.814747][T22680] RDX: 0000000004000840 RSI: 0000000020000000 RDI: 0000000000000005
[ 1568.822721][T22680] RBP: 00007f7296bf60a0 R08: 0000000000000000 R09: 0000000000000000
[ 1568.830699][T22680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1568.838675][T22680] R13: 0000000000000000 R14: 00007f7298f46160 R15: 00007ffc97fa1118
[ 1568.846669][T22680]  </TASK>
[ 1568.849759][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1569.087781][T22682] netlink: 'syz.0.4643': attribute type 8 has an invalid length.
[ 1569.095681][T22682] netlink: 163260 bytes leftover after parsing attributes in process `syz.0.4643'.
[ 1570.100421][T22694] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4647'.
[ 1570.165543][T22694] nbd: couldn't find a device at index 2037539696
[ 1570.169093][   T29] audit: type=1326 audit(1733995549.879:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22691 comm="syz.5.4647" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f4c57ff19 code=0x0
[ 1570.194904][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1570.556196][T22709] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4652'.
[ 1570.669758][T22707] binder: 22706:22707 ioctl c0306201 0 returned -14
[ 1570.746658][   T29] audit: type=1400 audit(1733995550.439:2045): avc:  denied  { setattr } for  pid=22708 comm="syz.2.4652" name="numa_maps" dev="proc" ino=78021 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[ 1571.057516][T22711] overlayfs: overlapping lowerdir path
[ 1571.360622][T22715] Cannot find add_set index 3 as target
[ 1571.824754][T18533] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1571.834096][T14905] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[ 1571.994131][T14905] usb 3-1: Using ep0 maxpacket: 16
[ 1572.004345][T14905] usb 3-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1572.023953][T18533] usb 2-1: Using ep0 maxpacket: 32
[ 1572.028767][T14905] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1572.031856][T18533] usb 2-1: config 1 interface 0 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 16
[ 1572.038838][T14905] usb 3-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00
[ 1572.059740][T18533] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1572.211512][    T8] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 1572.214035][T18533] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1572.220699][T14905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1572.242978][T22742] binder: 22740:22742 ioctl c0306201 0 returned -14
[ 1572.245157][T14905] usb 3-1: config 0 descriptor??
[ 1572.262008][T18533] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1572.276681][T18533] usb 2-1: Manufacturer: О
[ 1572.281546][T18533] usb 2-1: SerialNumber: 熕൳⬸낗뼆鸯럩旑䵏ﬞ䝥Ѳ쵫胉쓍싇隰ᐢᗅ᥹㜁⽿⎓颁헄ᵑ됹ೆⰶ雚臭ࣙ䤁㿿曰훮穉쀢॔娭뽲ꔛ鋂콢薂襴胸ꫛ潊睘킺ង텒Ⓠ꯰涧䰶ʗꗾড়朇ꤛ襘䎪ಱϘ㑤і꓄뽶持䵨䃐漓꒨먡馃ᦞ겞忹蛝蚤識ꔯ睸㬘渴鋗෻⢺崲䡹顱㩈쬒嗮
[ 1572.311714][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1572.385744][T22725] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1572.418235][    T8] usb 5-1: Using ep0 maxpacket: 32
[ 1572.589135][    T8] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1572.870696][   T29] audit: type=1400 audit(1733995552.579:2046): avc:  denied  { watch watch_reads } for  pid=22719 comm="syz.2.4656" path="/158" dev="tmpfs" ino=871 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1573.092155][T14905] lenovo 0003:17EF:6067.0039: unknown main item tag 0x0
[ 1573.100453][T14905] lenovo 0003:17EF:6067.0039: unknown main item tag 0x0
[ 1573.108466][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1573.117605][T14905] lenovo 0003:17EF:6067.0039: unknown main item tag 0x0
[ 1573.126534][    T8] usb 5-1: SerialNumber: syz
[ 1573.132331][T14905] lenovo 0003:17EF:6067.0039: unknown main item tag 0x0
[ 1573.141461][T14905] lenovo 0003:17EF:6067.0039: unknown main item tag 0x0
[ 1573.174867][    T8] usb 5-1: config 0 descriptor??
[ 1573.180721][T14905] lenovo 0003:17EF:6067.0039: hidraw0: USB HID v0.04 Device [HID 17ef:6067] on usb-dummy_hcd.2-1/input0
[ 1573.238094][T22720] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1573.247031][T22720] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1573.271004][T22720] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1573.331410][ T5913] usb 3-1: USB disconnect, device number 74
[ 1573.410981][    T8] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1573.421773][    T8] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[ 1573.430930][    T8] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[ 1573.599422][T18533] usb 2-1: USB disconnect, device number 125
[ 1574.353685][ T5913] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1574.552899][ T5913] usb 6-1: config 0 has an invalid interface number: 117 but max is 0
[ 1574.561417][ T5913] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1574.575061][ T5913] usb 6-1: config 0 has no interface number 0
[ 1574.584028][ T5913] usb 6-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[ 1574.602754][ T5913] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[ 1574.622806][ T5913] usb 6-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[ 1574.704720][T22766] Cannot find add_set index 3 as target
[ 1574.707901][ T5913] usb 6-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[ 1574.744414][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1574.827608][ T5913] usb 6-1: Product: syz
[ 1574.910680][ T5913] usb 6-1: Manufacturer: syz
[ 1575.005992][ T5913] usb 6-1: SerialNumber: syz
[ 1575.125035][ T5913] usb 6-1: config 0 descriptor??
[ 1575.158630][ T5913] HFC-S_USB 6-1:0.117: probe with driver HFC-S_USB failed with error -5
[ 1575.326437][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1575.452794][   T29] audit: type=1400 audit(1733995555.099:2047): avc:  denied  { sqpoll } for  pid=22758 comm="syz.5.4669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1575.608851][T22778] fuse: Unknown parameter '000000000000000000050x0000000000000006'
[ 1576.000250][   T29] audit: type=1400 audit(1733995555.709:2048): avc:  denied  { shutdown } for  pid=22758 comm="syz.5.4669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1576.137185][T22759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1576.168174][T22759] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1576.229289][T14905] usb 6-1: USB disconnect, device number 2
[ 1577.248143][T22794] syz.5.4680 (22794): drop_caches: 2
[ 1577.404300][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1577.914440][T22804] Cannot find add_set index 3 as target
[ 1578.634945][T22814] syz.4.4687: attempt to access beyond end of device
[ 1578.634945][T22814] nbd4: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1578.710086][ T5867] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1578.984301][ T5867] usb 6-1: Using ep0 maxpacket: 32
[ 1579.247953][ T5867] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1579.257228][ T5867] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1579.265522][ T5867] usb 6-1: SerialNumber: syz
[ 1579.312416][ T5867] usb 6-1: config 0 descriptor??
[ 1579.486766][ T5826] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1579.735620][ T5867] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1580.440277][   T29] audit: type=1400 audit(1733995560.149:2049): avc:  denied  { name_connect } for  pid=22838 comm="syz.1.4696" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[ 1581.105892][T22847] Cannot find add_set index 3 as target
[ 1584.352227][   T29] audit: type=1400 audit(1733995563.219:2050): avc:  denied  { watch } for  pid=22884 comm="syz.5.4710" path="/23" dev="tmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1584.516258][   T29] audit: type=1400 audit(1733995563.219:2051): avc:  denied  { watch_sb } for  pid=22884 comm="syz.5.4710" path="/23" dev="tmpfs" ino=136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1584.630805][T22894] overlayfs: overlapping lowerdir path
[ 1584.887523][T22896] overlayfs: overlapping lowerdir path
[ 1585.029328][T22895] bridge0: port 3(syz_tun) entered blocking state
[ 1585.040592][T22895] bridge0: port 3(syz_tun) entered disabled state
[ 1585.062152][T22895] syz_tun: entered allmulticast mode
[ 1585.614390][T22895] syz_tun: entered promiscuous mode
[ 1585.624821][T22895] bridge0: port 3(syz_tun) entered blocking state
[ 1585.631406][T22895] bridge0: port 3(syz_tun) entered forwarding state
[ 1585.750873][T22900] Cannot find add_set index 3 as target
[ 1588.253292][ T5913] usb 2-1: new full-speed USB device number 126 using dummy_hcd
[ 1588.491461][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1588.492243][T22940] Cannot find add_set index 3 as target
[ 1588.623150][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[ 1588.634837][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 13155, setting to 64
[ 1588.646012][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1589.651166][ T5913] usb 2-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[ 1589.660940][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1589.669283][ T5913] usb 2-1: Product: syz
[ 1589.677747][ T5913] usb 2-1: Manufacturer: syz
[ 1589.791194][T22960] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4731'.
[ 1589.908735][ T5913] usb 2-1: SerialNumber: syz
[ 1589.929213][ T5913] usb 2-1: config 0 descriptor??
[ 1589.939996][T22937] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1590.031148][T22963] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4732'.
[ 1590.076195][ T5913] rc_core: IR keymap rc-imon-rsc not found
[ 1590.082097][ T5913] Registered IR keymap rc-empty
[ 1590.114238][ T5913] rc rc0: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1590.147566][ T5913] input: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input72
[ 1590.180028][   T29] audit: type=1400 audit(1733995569.889:2052): avc:  denied  { map } for  pid=22936 comm="syz.1.4723" path="socket:[78869]" dev="sockfs" ino=78869 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1590.345947][T22969] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4734'.
[ 1590.655846][ T5920] usb 2-1: USB disconnect, device number 126
[ 1590.847955][   T29] audit: type=1400 audit(1733995570.489:2053): avc:  denied  { write } for  pid=22966 comm="syz.4.4734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1591.689920][T22975] No control pipe specified
[ 1592.928922][T22992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4741'.
[ 1593.305430][T22999] Cannot find add_set index 3 as target
[ 1594.070730][T23012] FAULT_INJECTION: forcing a failure.
[ 1594.070730][T23012] name failslab, interval 1, probability 0, space 0, times 0
[ 1594.120438][T23012] CPU: 1 UID: 0 PID: 23012 Comm: syz.2.4747 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1594.131275][T23012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1594.141351][T23012] Call Trace:
[ 1594.144643][T23012]  <TASK>
[ 1594.147584][T23012]  dump_stack_lvl+0x16c/0x1f0
[ 1594.152282][T23012]  should_fail_ex+0x497/0x5b0
[ 1594.156989][T23012]  ? fs_reclaim_acquire+0xae/0x150
[ 1594.162134][T23012]  should_failslab+0xc2/0x120
[ 1594.166838][T23012]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[ 1594.172660][T23012]  ? __alloc_skb+0x2b1/0x380
[ 1594.177258][T23012]  __alloc_skb+0x2b1/0x380
[ 1594.181665][T23012]  ? __pfx___alloc_skb+0x10/0x10
[ 1594.186592][T23012]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1594.192585][T23012]  netlink_alloc_large_skb+0x69/0x130
[ 1594.197962][T23012]  netlink_sendmsg+0x689/0xd70
[ 1594.202748][T23012]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1594.208037][T23012]  ____sys_sendmsg+0xaaf/0xc90
[ 1594.212789][T23012]  ? copy_msghdr_from_user+0x10b/0x160
[ 1594.218246][T23012]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1594.223541][T23012]  ___sys_sendmsg+0x135/0x1e0
[ 1594.228256][T23012]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1594.233471][T23012]  ? __pfx_lock_release+0x10/0x10
[ 1594.238497][T23012]  ? trace_lock_acquire+0x14e/0x1f0
[ 1594.243708][T23012]  ? __fget_files+0x206/0x3a0
[ 1594.248404][T23012]  __sys_sendmsg+0x16e/0x220
[ 1594.253015][T23012]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1594.258164][T23012]  do_syscall_64+0xcd/0x250
[ 1594.262754][T23012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1594.268690][T23012] RIP: 0033:0x7f056857ff19
[ 1594.273102][T23012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1594.292720][T23012] RSP: 002b:00007f05693c4058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1594.301136][T23012] RAX: ffffffffffffffda RBX: 00007f0568745fa0 RCX: 00007f056857ff19
[ 1594.309095][T23012] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[ 1594.317053][T23012] RBP: 00007f05693c40a0 R08: 0000000000000000 R09: 0000000000000000
[ 1594.325025][T23012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1594.333000][T23012] R13: 0000000000000000 R14: 00007f0568745fa0 R15: 00007ffe595f53b8
[ 1594.340978][T23012]  </TASK>
[ 1595.319999][T23016] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1596.274453][T23038] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4753'.
[ 1596.308341][T23040] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1597.436870][T23054] overlayfs: overlapping lowerdir path
[ 1598.164406][   T29] audit: type=1400 audit(1733995577.859:2054): avc:  denied  { setopt } for  pid=23059 comm="syz.1.4760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1598.633285][   T29] audit: type=1400 audit(1733995577.859:2055): avc:  denied  { bind } for  pid=23059 comm="syz.1.4760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1599.006901][   T29] audit: type=1400 audit(1733995578.689:2056): avc:  denied  { mount } for  pid=23044 comm="syz.0.4756" name="/" dev="autofs" ino=79199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1599.535295][   T29] audit: type=1400 audit(1733995579.249:2057): avc:  denied  { unmount } for  pid=16638 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1599.618444][T23086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4766'.
[ 1599.778937][T23090] sch_tbf: burst 4398 is lower than device lo mtu (11337746) !
[ 1599.954334][   T29] audit: type=1400 audit(1733995579.669:2058): avc:  denied  { read } for  pid=23092 comm="syz.1.4770" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1599.977901][   T29] audit: type=1400 audit(1733995579.669:2059): avc:  denied  { open } for  pid=23092 comm="syz.1.4770" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1600.002797][ T5913] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1600.013911][   T29] audit: type=1400 audit(1733995579.669:2060): avc:  denied  { ioctl } for  pid=23092 comm="syz.1.4770" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4605 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1600.054115][T23094] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=23094 comm=syz.0.4768
[ 1600.070332][T23094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4768'.
[ 1600.164645][T23094] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1600.223217][ T5913] usb 3-1: Using ep0 maxpacket: 32
[ 1600.507585][ T5913] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1600.520979][ T5913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1600.538435][T23094] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1600.545861][T23094] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[ 1600.557652][T23094] bond2: (slave vcan1): Error -95 calling set_mac_address
[ 1600.593310][ T5913] usb 3-1: SerialNumber: syz
[ 1600.717202][ T5913] usb 3-1: config 0 descriptor??
[ 1601.518226][ T5913] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1601.686551][   T29] audit: type=1400 audit(1733995581.369:2061): avc:  denied  { mount } for  pid=23103 comm="syz.1.4773" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1601.742580][   T29] audit: type=1400 audit(1733995581.449:2062): avc:  denied  { open } for  pid=23103 comm="syz.1.4773" path="/dev/ttyq7" dev="devtmpfs" ino=382 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[ 1602.721229][   T29] audit: type=1400 audit(1733995582.429:2063): avc:  denied  { unmount } for  pid=17426 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1603.172391][T23124] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4778'.
[ 1603.310468][T23127] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1603.406917][   T29] audit: type=1326 audit(1733995583.109:2064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1603.463920][   T29] audit: type=1326 audit(1733995583.119:2065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1603.581823][   T29] audit: type=1326 audit(1733995583.149:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1603.922657][T23144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1604.644810][   T29] audit: type=1326 audit(1733995584.359:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1604.720847][   T29] audit: type=1326 audit(1733995584.379:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1604.773301][   T29] audit: type=1326 audit(1733995584.409:2069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1605.019838][   T29] audit: type=1326 audit(1733995584.649:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1605.048576][   T29] audit: type=1326 audit(1733995584.649:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=23131 comm="syz.0.4781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977b17ff19 code=0x7ffc0000
[ 1605.313311][   T29] audit: type=1400 audit(1733995584.999:2072): avc:  denied  { getopt } for  pid=23150 comm="syz.2.4786" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1605.488392][T23159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4789'.
[ 1605.806067][   T29] audit: type=1400 audit(1733995585.519:2073): avc:  denied  { connect } for  pid=23156 comm="syz.0.4788" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1606.658800][T16638] bridge0: port 1(syz_tun) entered disabled state
[ 1606.702282][T16638] syz_tun (unregistering): left allmulticast mode
[ 1606.710203][T16638] syz_tun (unregistering): left promiscuous mode
[ 1606.721714][T16638] bridge0: port 1(syz_tun) entered disabled state
[ 1606.841477][T23180] loop6: detected capacity change from 0 to 7
[ 1606.849187][T23180] buffer_io_error: 18 callbacks suppressed
[ 1606.849206][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.868391][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.877349][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.885981][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.895361][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.904785][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.912829][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.922467][T23180] ldm_validate_partition_table(): Disk read failed.
[ 1606.930577][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.939992][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.950371][T23180] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1606.959811][T23180] Dev loop6: unable to read RDB block 0
[ 1606.967032][T23180]  loop6: unable to read partition table
[ 1606.974397][T23180] loop6: partition table beyond EOD, truncated
[ 1606.980726][T23180] loop_reread_partitions: partition scan of loop6 (�被x������ڬ��dƤ����ݡ�����
[ 1606.980726][T23180] 
) failed (rc=-5)
[ 1607.348150][T16640] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1607.363773][T16640] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1607.376154][T16640] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1607.389127][T16640] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1607.397097][T16640] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1607.411609][T16640] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1607.459338][T23188] lo speed is unknown, defaulting to 1000
[ 1608.500022][T20811] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1608.842792][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[ 1608.868735][T23188] chnl_net:caif_netlink_parms(): no params data found
[ 1609.544306][   T29] kauditd_printk_skb: 4 callbacks suppressed
[ 1609.544464][   T29] audit: type=1400 audit(1733995588.699:2078): avc:  denied  { mount } for  pid=23210 comm="syz.2.4803" name="/" dev="configfs" ino=1170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1609.581327][   T29] audit: type=1400 audit(1733995588.779:2079): avc:  denied  { ioctl } for  pid=23210 comm="syz.2.4803" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[ 1609.611270][ T5826] Bluetooth: hci1: command tx timeout
[ 1609.714253][   T29] audit: type=1400 audit(1733995589.429:2080): avc:  denied  { unmount } for  pid=19374 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1609.824595][T23222] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4805'.
[ 1609.965607][T23188] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1609.978573][T23188] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1609.995068][T23188] bridge_slave_0: entered allmulticast mode
[ 1610.046273][T23188] bridge_slave_0: entered promiscuous mode
[ 1610.086116][T23188] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1610.115496][T23188] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1610.157430][T23188] bridge_slave_1: entered allmulticast mode
[ 1610.194542][T23188] bridge_slave_1: entered promiscuous mode
[ 1610.250964][T23188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1610.282182][T23188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1610.425367][T23188] team0: Port device team_slave_0 added
[ 1610.456060][T23188] team0: Port device team_slave_1 added
[ 1610.558939][T23188] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1610.573245][T23188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1610.623472][T23188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1610.673265][T23188] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1610.688535][T23188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1610.726392][T23188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1611.155411][T23245] fuse: Unknown parameter 'rootm'
[ 1611.532346][T23188] hsr_slave_0: entered promiscuous mode
[ 1611.575721][T23188] hsr_slave_1: entered promiscuous mode
[ 1611.593668][T23188] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1611.612476][T23188] Cannot create hsr debugfs directory
[ 1611.723311][T20811] Bluetooth: hci1: command tx timeout
[ 1612.640185][T23188] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1612.710348][T23258] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1612.814871][T23263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4816'.
[ 1612.936872][T23188] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1612.966614][T23188] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1613.177695][T23188] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1613.203828][   T29] audit: type=1400 audit(1733995592.919:2081): avc:  denied  { setcheckreqprot } for  pid=23268 comm="syz.1.4818" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 1613.675712][   T29] audit: type=1400 audit(1733995593.119:2082): avc:  denied  { accept } for  pid=23268 comm="syz.1.4818" path="socket:[79661]" dev="sockfs" ino=79661 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1613.777820][T23274] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1613.803250][T20811] Bluetooth: hci1: command tx timeout
[ 1613.907082][   T29] audit: type=1400 audit(1733995593.579:2083): avc:  denied  { bind } for  pid=23278 comm="syz.2.4822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1613.935767][   T29] audit: type=1400 audit(1733995593.579:2084): avc:  denied  { listen } for  pid=23278 comm="syz.2.4822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1613.956555][   T29] audit: type=1400 audit(1733995593.579:2085): avc:  denied  { connect } for  pid=23278 comm="syz.2.4822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1613.977411][   T29] audit: type=1400 audit(1733995593.579:2086): avc:  denied  { accept } for  pid=23278 comm="syz.2.4822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1613.998140][   T29] audit: type=1400 audit(1733995593.609:2087): avc:  denied  { read write } for  pid=23278 comm="syz.2.4822" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1614.060167][T23188] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1614.151839][T23188] 8021q: adding VLAN 0 to HW filter on device team0
[ 1614.634977][T17718] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1614.640254][ T5826] Bluetooth: hci4: sending frame failed (-49)
[ 1614.642133][T17718] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1614.652971][T20811] Bluetooth: hci4: Opcode 0x1003 failed: -49
[ 1614.732530][T17718] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1614.739779][T17718] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1614.772317][T23297] netlink: 1256 bytes leftover after parsing attributes in process `syz.5.4826'.
[ 1614.823650][T23297] openvswitch: netlink: Encap mask attribute is set for non-VLAN frame.
[ 1614.897489][T23302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4827'.
[ 1614.985285][T23295] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4824'.
[ 1615.329403][T23188] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1615.884865][T20811] Bluetooth: hci1: command tx timeout
[ 1616.144339][   T29] kauditd_printk_skb: 1 callbacks suppressed
[ 1616.144356][   T29] audit: type=1400 audit(1733995595.859:2089): avc:  denied  { create } for  pid=23325 comm="syz.5.4834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[ 1616.769753][T23188] veth0_vlan: entered promiscuous mode
[ 1616.787874][T23188] veth1_vlan: entered promiscuous mode
[ 1616.844394][T23188] veth0_macvtap: entered promiscuous mode
[ 1616.861297][T23188] veth1_macvtap: entered promiscuous mode
[ 1616.881883][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1616.894694][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1616.913483][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1616.926268][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1616.937776][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1616.963049][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1616.972977][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1617.000816][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.012073][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1617.023544][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.025630][T23344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4838'.
[ 1617.033622][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1617.033643][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.033675][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1617.076791][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.092448][T23188] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1617.112409][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.125201][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.136182][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.148197][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.159521][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.171907][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.184184][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.223233][   T29] audit: type=1400 audit(1733995596.929:2090): avc:  denied  { ioctl } for  pid=23345 comm="syz.1.4839" path="socket:[80903]" dev="sockfs" ino=80903 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1617.230622][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.266295][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.277957][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.291335][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.291583][   T29] audit: type=1400 audit(1733995596.929:2091): avc:  denied  { map } for  pid=23345 comm="syz.1.4839" path="/dev/full" dev="devtmpfs" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:null_device_t tclass=chr_file permissive=1
[ 1617.301847][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.301875][T23188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1617.301891][T23188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1617.304242][T23188] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1617.377722][T23188] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1617.389142][T23188] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1617.440617][T23188] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1617.459413][T23188] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1618.181838][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1618.182569][T17718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1618.189813][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1618.238745][T17718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1620.083130][   T29] audit: type=1400 audit(1733995599.759:2092): avc:  denied  { ioctl } for  pid=23325 comm="syz.5.4834" path="socket:[80647]" dev="sockfs" ino=80647 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[ 1620.180811][   T29] audit: type=1400 audit(1733995599.849:2093): avc:  denied  { map } for  pid=23325 comm="syz.5.4834" path="socket:[81116]" dev="sockfs" ino=81116 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1620.204271][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1620.212845][   T29] audit: type=1400 audit(1733995599.849:2094): avc:  denied  { read } for  pid=23325 comm="syz.5.4834" path="socket:[81116]" dev="sockfs" ino=81116 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1620.270479][T23376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4848'.
[ 1620.311295][   T29] audit: type=1400 audit(1733995600.019:2095): avc:  denied  { accept } for  pid=23378 comm="syz.1.4846" path="socket:[81141]" dev="sockfs" ino=81141 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1620.401906][T23382] syz.1.4846: attempt to access beyond end of device
[ 1620.401906][T23382] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1620.438739][T23382] (syz.1.4846,23382,1):ocfs2_get_sector:1769 ERROR: status = -5
[ 1620.470647][   T29] audit: type=1400 audit(1733995600.179:2096): avc:  denied  { execute } for  pid=23386 comm="syz.2.4852" dev="hugetlbfs" ino=80879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1620.474936][T23382] (syz.1.4846,23382,1):ocfs2_sb_probe:749 ERROR: status = -5
[ 1620.505451][   T29] audit: type=1400 audit(1733995600.209:2097): avc:  denied  { execute_no_trans } for  pid=23386 comm="syz.2.4852" path=2F6D656D66643A202864656C6574656429 dev="hugetlbfs" ino=80879 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1620.532797][T23382] (syz.1.4846,23382,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[ 1620.555736][T23382] (syz.1.4846,23382,0):ocfs2_fill_super:1178 ERROR: status = -5
[ 1621.585088][T23411] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4855'.
[ 1621.741057][T23414] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4855'.
[ 1623.192881][T23429] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4862'.
[ 1623.217418][   T29] audit: type=1400 audit(1733995602.899:2098): avc:  denied  { connect } for  pid=23424 comm="syz.1.4860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1623.279413][   T29] audit: type=1400 audit(1733995602.899:2099): avc:  denied  { name_connect } for  pid=23424 comm="syz.1.4860" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[ 1624.524341][   T29] audit: type=1400 audit(1733995603.719:2100): avc:  denied  { read write } for  pid=23436 comm="syz.1.4865" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1624.745181][   T29] audit: type=1400 audit(1733995603.719:2101): avc:  denied  { open } for  pid=23436 comm="syz.1.4865" path="/347/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[ 1626.544736][T23471] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1627.370779][T23477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4877'.
[ 1627.922293][T23487] kvm: kvm [23482]: vcpu0, guest rIP: 0x1b Unhandled WRMSR(0xc1) = 0xd
[ 1629.053323][T23487] kvm: kvm [23482]: vcpu0, guest rIP: 0x1d Unhandled WRMSR(0xc1) = 0xd
[ 1629.573794][T18533] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1630.064520][T18533] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1630.083189][T18533] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1630.113661][T18533] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1630.135285][T18533] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1630.160863][T18533] usb 2-1: SerialNumber: syz
[ 1630.409072][   T29] audit: type=1400 audit(1733995610.119:2102): avc:  denied  { search } for  pid=5483 comm="dhcpcd" name="netdev:wlan2" dev="debugfs" ino=81326 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1631.500645][T18533] usb 2-1: 0:2 : does not exist
[ 1631.517930][T18533] usb 2-1: USB disconnect, device number 127
[ 1631.887445][T23553] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4891'.
[ 1632.476621][T23203] udevd[23203]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1632.491316][T23561] syz.5.4890[23561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1632.492691][T23561] syz.5.4890[23561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1632.585326][T23554] binder: 23551:23554 ioctl c0306201 0 returned -14
[ 1632.622720][T23561] syz.5.4890[23561] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1632.981968][   T29] audit: type=1400 audit(1733995612.529:2103): avc:  denied  { create } for  pid=23572 comm="syz.6.4896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1633.404679][   T29] audit: type=1400 audit(1733995612.529:2104): avc:  denied  { write } for  pid=23572 comm="syz.6.4896" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1633.946451][T23585] FAULT_INJECTION: forcing a failure.
[ 1633.946451][T23585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1633.960800][T23585] CPU: 0 UID: 0 PID: 23585 Comm: syz.4.4898 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1633.971597][T23585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1633.981694][T23585] Call Trace:
[ 1633.984986][T23585]  <TASK>
[ 1633.987929][T23585]  dump_stack_lvl+0x16c/0x1f0
[ 1633.992633][T23585]  should_fail_ex+0x497/0x5b0
[ 1633.997342][T23585]  _copy_to_user+0x32/0xd0
[ 1634.001791][T23585]  simple_read_from_buffer+0xd0/0x160
[ 1634.007200][T23585]  proc_fail_nth_read+0x198/0x270
[ 1634.012249][T23585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1634.017829][T23585]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1634.023403][T23585]  vfs_read+0x1df/0xbe0
[ 1634.027561][T23585]  ? __fget_files+0x1fc/0x3a0
[ 1634.032235][T23585]  ? __pfx___mutex_lock+0x10/0x10
[ 1634.037266][T23585]  ? __pfx_vfs_read+0x10/0x10
[ 1634.041960][T23585]  ? __fget_files+0x206/0x3a0
[ 1634.046638][T23585]  ksys_read+0x12b/0x250
[ 1634.050874][T23585]  ? __pfx_ksys_read+0x10/0x10
[ 1634.055636][T23585]  do_syscall_64+0xcd/0x250
[ 1634.060141][T23585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1634.066036][T23585] RIP: 0033:0x7f122957e92c
[ 1634.070445][T23585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1634.090068][T23585] RSP: 002b:00007f122a3f3050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1634.098490][T23585] RAX: ffffffffffffffda RBX: 00007f1229745fa0 RCX: 00007f122957e92c
[ 1634.106456][T23585] RDX: 000000000000000f RSI: 00007f122a3f30b0 RDI: 0000000000000004
[ 1634.114435][T23585] RBP: 00007f122a3f30a0 R08: 0000000000000000 R09: 0000000000000000
[ 1634.122411][T23585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1634.130381][T23585] R13: 0000000000000000 R14: 00007f1229745fa0 R15: 00007ffcf2d11f08
[ 1634.138363][T23585]  </TASK>
[ 1634.152501][   T29] audit: type=1400 audit(1733995613.859:2105): avc:  denied  { read write } for  pid=23586 comm="syz.1.4899" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1634.207475][T23598] openvswitch: netlink: nsh attribute has 8 unknown bytes.
[ 1634.215417][   T29] audit: type=1400 audit(1733995613.859:2106): avc:  denied  { open } for  pid=23586 comm="syz.1.4899" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1634.276282][T23598] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1634.349612][   T29] audit: type=1400 audit(1733995613.859:2107): avc:  denied  { ioctl } for  pid=23586 comm="syz.1.4899" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1634.413988][ T5913] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1634.429346][    T8] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1634.429438][ T5867] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1634.459928][    T8] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[ 1634.491602][ T5913] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -2
[ 1634.519390][   T29] audit: type=1400 audit(1733995613.969:2108): avc:  denied  { sys_chroot } for  pid=23593 comm="dhcpcd" capability=18  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[ 1634.546894][    T8] usb 5-1: USB disconnect, device number 110
[ 1634.584842][ T5913] usb 3-1: USB disconnect, device number 75
[ 1634.590823][   T29] audit: type=1400 audit(1733995613.969:2109): avc:  denied  { setgid } for  pid=23593 comm="dhcpcd" capability=6  scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=capability permissive=1
[ 1634.590869][   T29] audit: type=1400 audit(1733995613.969:2110): avc:  denied  { setrlimit } for  pid=23593 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=process permissive=1
[ 1634.663718][ T5867] dvb_usb_az6027 6-1:0.0: probe with driver dvb_usb_az6027 failed with error -2
[ 1634.698169][ T5867] usb 6-1: USB disconnect, device number 3
[ 1635.683365][T23622] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4905'.
[ 1636.237004][   T29] audit: type=1400 audit(1733995615.939:2111): avc:  denied  { bind } for  pid=23635 comm="syz.4.4908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1636.258655][   T29] audit: type=1400 audit(1733995615.939:2112): avc:  denied  { getopt } for  pid=23635 comm="syz.4.4908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1636.286526][   T29] audit: type=1400 audit(1733995615.939:2113): avc:  denied  { listen } for  pid=23635 comm="syz.4.4908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[ 1636.649878][T23640] binder: BINDER_SET_CONTEXT_MGR already set
[ 1636.658258][T23640] binder: 23637:23640 ioctl 4018620d 20004a80 returned -16
[ 1636.677078][T23633] Cannot find add_set index 3 as target
[ 1636.726345][T23638] binder: 23637:23638 ioctl c0306201 0 returned -14
[ 1636.974138][    T8] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 1637.137964][    T8] usb 5-1: config 0 has an invalid interface number: 177 but max is 0
[ 1637.147266][    T8] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1637.243523][T15964] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1637.463722][T15964] usb 3-1: device descriptor read/64, error -71
[ 1637.703412][T15964] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1637.728171][    T8] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[ 1637.738244][    T8] usb 5-1: config 0 has no interface number 0
[ 1637.746331][    T8] usb 5-1: config 0 interface 177 altsetting 247 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1637.761145][    T8] usb 5-1: config 0 interface 1 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 1637.823469][    T8] usb 5-1: config 0 interface 177 has no altsetting 0
[ 1637.830388][    T8] usb 5-1: config 0 interface 1 has no altsetting 0
[ 1637.844438][T15964] usb 3-1: device descriptor read/64, error -71
[ 1637.943574][    T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0113, bcdDevice=b4.e1
[ 1637.952667][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1637.961491][    T8] usb 5-1: Product: syz
[ 1637.963614][T15964] usb usb3-port1: attempt power cycle
[ 1637.966870][    T8] usb 5-1: Manufacturer: syz
[ 1637.977233][    T8] usb 5-1: SerialNumber: syz
[ 1637.985278][    T8] usb 5-1: config 0 descriptor??
[ 1638.012324][T23659] syz.6.4915 (23659): drop_caches: 2
[ 1638.353219][T15964] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1638.528237][    T8] usb 5-1: selecting invalid altsetting 0
[ 1638.585738][    T8] usb 5-1: USB disconnect, device number 111
[ 1638.604466][T23670] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4918'.
[ 1638.713833][T15964] usb 3-1: device descriptor read/8, error -71
[ 1638.821306][T19548] udevd[19548]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.177/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1638.935382][T23678] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4920'.
[ 1638.953235][T15964] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1639.061676][T15964] usb 3-1: device descriptor read/8, error -71
[ 1639.174279][T15964] usb usb3-port1: unable to enumerate USB device
[ 1639.349479][T23687] binder: 23686:23687 ioctl c0306201 0 returned -14
[ 1639.662434][T23698] syz.1.4926 (23698): drop_caches: 2
[ 1639.919501][T23706] sit0: entered promiscuous mode
[ 1640.004820][T23706] netlink: 'syz.6.4927': attribute type 1 has an invalid length.
[ 1640.024452][T23706] netlink: 1 bytes leftover after parsing attributes in process `syz.6.4927'.
[ 1640.300920][T23713] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4932'.
[ 1640.344478][ T5865] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[ 1640.510851][   T29] audit: type=1400 audit(1733995620.209:2114): avc:  denied  { setopt } for  pid=23716 comm="syz.5.4933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1640.564826][ T5865] usb 5-1: Using ep0 maxpacket: 8
[ 1640.678313][ T5865] usb 5-1: config 161 has an invalid descriptor of length 205, skipping remainder of the config
[ 1640.787494][ T5865] usb 5-1: config 161 has 0 interfaces, different from the descriptor's value: 1
[ 1640.823090][ T5865] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1640.878351][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1641.395496][   T29] audit: type=1400 audit(1733995620.959:2115): avc:  denied  { write } for  pid=23724 comm="syz.6.4936" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1641.522390][   T29] audit: type=1400 audit(1733995621.229:2116): avc:  denied  { read } for  pid=23709 comm="syz.4.4931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[ 1641.554453][ T5865] usb 5-1: string descriptor 0 read error: -32
[ 1642.275060][   T29] audit: type=1400 audit(1733995621.989:2117): avc:  denied  { accept } for  pid=23709 comm="syz.4.4931" lport=49201 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1642.364893][T23742] syz.6.4940 (23742): drop_caches: 2
[ 1642.507029][T23746] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[ 1642.522758][T23750] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4944'.
[ 1642.732187][T23754] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4945'.
[ 1642.759989][T23754] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4945'.
[ 1747.893015][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1747.900124][    C0] rcu: 	1-...!: (1 GPs behind) idle=5074/1/0x4000000000000000 softirq=110685/110687 fqs=0
[ 1747.912548][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P23756/1:b..l
[ 1747.920634][    C0] rcu: 	(detected by 0, t=10505 jiffies, g=108133, q=809 ncpus=2)
[ 1747.928454][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1747.928554][    C1] NMI backtrace for cpu 1
[ 1747.928573][    C1] CPU: 1 UID: 0 PID: 23748 Comm: syz.5.4943 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1747.928600][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1747.928612][    C1] RIP: 0010:__rcu_read_unlock+0x70/0x580
[ 1747.928672][    C1] Code: 4c 8b 25 43 74 83 7e 49 8d bc 24 44 04 00 00 8b 9d 44 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 eb 01 83 c0 03 38 d0 7c 08 84 d2 0f 85 eb 01
[ 1747.928690][    C1] RSP: 0000:ffffc90000a18d50 EFLAGS: 00000807
[ 1747.928707][    C1] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffc90000a18d08
[ 1747.928720][    C1] RDX: 0000000000000000 RSI: ffffffff8b6cdb60 RDI: ffff8880264f8444
[ 1747.928735][    C1] RBP: ffff8880264f8000 R08: 0000000000000000 R09: fffffbfff20be2ba
[ 1747.928748][    C1] R10: ffffffff905f15d7 R11: 0000000000000000 R12: ffff8880264f8000
[ 1747.928761][    C1] R13: ffff888029517000 R14: ffff888021a8b340 R15: ffff888029f67400
[ 1747.928775][    C1] FS:  00007f1f4d2ed6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 1747.928796][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1747.928810][    C1] CR2: 000000110c3ca512 CR3: 0000000053d7c000 CR4: 00000000003526f0
[ 1747.928823][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1747.928836][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1747.928848][    C1] Call Trace:
[ 1747.928856][    C1]  <NMI>
[ 1747.928867][    C1]  ? nmi_cpu_backtrace+0x1d8/0x390
[ 1747.928923][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1747.928973][    C1]  ? nmi_handle+0x1ac/0x5d0
[ 1747.929008][    C1]  ? __rcu_read_unlock+0x70/0x580
[ 1747.929029][    C1]  ? default_do_nmi+0x6a/0x160
[ 1747.929057][    C1]  ? exc_nmi+0x170/0x1e0
[ 1747.929084][    C1]  ? end_repeat_nmi+0xf/0x53
[ 1747.929114][    C1]  ? __rcu_read_unlock+0x70/0x580
[ 1747.929135][    C1]  ? __rcu_read_unlock+0x70/0x580
[ 1747.929157][    C1]  ? __rcu_read_unlock+0x70/0x580
[ 1747.929178][    C1]  </NMI>
[ 1747.929184][    C1]  <IRQ>
[ 1747.929192][    C1]  advance_sched+0x6dc/0xc60
[ 1747.929219][    C1]  ? __pfx_advance_sched+0x10/0x10
[ 1747.929237][    C1]  __hrtimer_run_queues+0x20a/0xae0
[ 1747.929267][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1747.929292][    C1]  ? read_tsc+0x9/0x20
[ 1747.929333][    C1]  hrtimer_interrupt+0x392/0x8e0
[ 1747.929365][    C1]  __sysvec_apic_timer_interrupt+0x10f/0x400
[ 1747.929401][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1747.929423][    C1]  </IRQ>
[ 1747.929429][    C1]  <TASK>
[ 1747.929436][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1747.929461][    C1] RIP: 0010:finish_task_switch.isra.0+0x220/0xcc0
[ 1747.929506][    C1] Code: a9 0a 00 00 44 8b 0d 03 7b f6 0e 45 85 c9 0f 85 c0 01 00 00 48 89 df e8 ae f8 ff ff e8 19 e7 38 00 fb 65 48 8b 1d f0 0a 9b 7e <48> 8d bb f8 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
[ 1747.929524][    C1] RSP: 0000:ffffc900049ff710 EFLAGS: 00000206
[ 1747.929539][    C1] RAX: 0000000000003287 RBX: ffff8880264f8000 RCX: 1ffffffff20bda71
[ 1747.929561][    C1] RDX: 0000000000000000 RSI: ffffffff8b6cd860 RDI: ffffffff8bd1d340
[ 1747.929574][    C1] RBP: ffffc900049ff758 R08: 0000000000000001 R09: 0000000000000001
[ 1747.929587][    C1] R10: ffffffff905f15d7 R11: 0000000000000000 R12: ffff8880b873f9e0
[ 1747.929600][    C1] R13: ffff888035158000 R14: 0000000000000000 R15: ffff8880b863ebc0
[ 1747.929620][    C1]  ? __switch_to+0x749/0x1190
[ 1747.929647][    C1]  __schedule+0xe60/0x5ad0
[ 1747.929667][    C1]  ? __pfx___lock_acquire+0x10/0x10
[ 1747.929694][    C1]  ? __pfx___schedule+0x10/0x10
[ 1747.929713][    C1]  ? schedule+0x298/0x350
[ 1747.929731][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1747.929753][    C1]  ? lock_acquire+0x2f/0xb0
[ 1747.929773][    C1]  ? schedule+0x1fd/0x350
[ 1747.929793][    C1]  schedule+0xe7/0x350
[ 1747.929811][    C1]  schedule_timeout+0x244/0x280
[ 1747.929839][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1747.929872][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1747.929892][    C1]  __wait_for_common+0x3e1/0x600
[ 1747.929913][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1747.929942][    C1]  ? __pfx___wait_for_common+0x10/0x10
[ 1747.929964][    C1]  ? lockdep_init_map_type+0x16d/0x7d0
[ 1747.929987][    C1]  ? generic_exec_single+0xbb/0x390
[ 1747.930016][    C1]  rdmsr_safe_on_cpu+0x1de/0x210
[ 1747.930069][    C1]  ? __pfx_rdmsr_safe_on_cpu+0x10/0x10
[ 1747.930091][    C1]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[ 1747.930113][    C1]  ? __might_fault+0x13b/0x190
[ 1747.930140][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1747.930167][    C1]  ? _copy_to_user+0x48/0xd0
[ 1747.930196][    C1]  msr_read+0x19e/0x250
[ 1747.930234][    C1]  ? __pfx_msr_read+0x10/0x10
[ 1747.930259][    C1]  ? bpf_lsm_file_permission+0x9/0x10
[ 1747.930300][    C1]  ? security_file_permission+0x71/0x210
[ 1747.930350][    C1]  ? __pfx_msr_read+0x10/0x10
[ 1747.930375][    C1]  vfs_read+0x1df/0xbe0
[ 1747.930394][    C1]  ? __fget_files+0x1fc/0x3a0
[ 1747.930414][    C1]  ? __pfx_lock_release+0x10/0x10
[ 1747.930435][    C1]  ? __pfx_vfs_read+0x10/0x10
[ 1747.930453][    C1]  ? lock_acquire+0x2f/0xb0
[ 1747.930472][    C1]  ? __fget_files+0x40/0x3a0
[ 1747.930492][    C1]  ? __fget_files+0x206/0x3a0
[ 1747.930515][    C1]  ksys_read+0x12b/0x250
[ 1747.930532][    C1]  ? __pfx_ksys_read+0x10/0x10
[ 1747.930555][    C1]  ? __secure_computing+0x273/0x3f0
[ 1747.930590][    C1]  do_syscall_64+0xcd/0x250
[ 1747.930614][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1747.930638][    C1] RIP: 0033:0x7f1f4c57ff19
[ 1747.930659][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1747.930678][    C1] RSP: 002b:00007f1f4d2ed058 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1747.930695][    C1] RAX: ffffffffffffffda RBX: 00007f1f4c745fa0 RCX: 00007f1f4c57ff19
[ 1747.930709][    C1] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000008
[ 1747.930722][    C1] RBP: 00007f1f4c5f3cc8 R08: 0000000000000000 R09: 0000000000000000
[ 1747.930734][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1747.930746][    C1] R13: 0000000000000000 R14: 00007f1f4c745fa0 R15: 00007fff119efb68
[ 1747.930765][    C1]  </TASK>
[ 1747.931480][    C0] task:syz.2.4946      state:R  running task     stack:26432 pid:23756 tgid:23755 ppid:19374  flags:0x00004000
[ 1748.538674][    C0] Call Trace:
[ 1748.541956][    C0]  <TASK>
[ 1748.544896][    C0]  __schedule+0xe58/0x5ad0
[ 1748.549326][    C0]  ? trace_event_raw_event_afs_send_data+0x53/0x370
[ 1748.555995][    C0]  ? mark_lock+0x70/0xc60
[ 1748.560339][    C0]  ? __pfx___lock_acquire+0x10/0x10
[ 1748.565553][    C0]  ? __pfx___schedule+0x10/0x10
[ 1748.570411][    C0]  ? find_held_lock+0x2d/0x110
[ 1748.575200][    C0]  ? preempt_schedule_thunk+0x1a/0x30
[ 1748.580682][    C0]  preempt_schedule_common+0x44/0xc0
[ 1748.586017][    C0]  preempt_schedule_thunk+0x1a/0x30
[ 1748.591242][    C0]  _raw_spin_unlock+0x3e/0x50
[ 1748.595935][    C0]  copy_page_range+0x1e15/0x57d0
[ 1748.601010][    C0]  ? __pfx_copy_page_range+0x10/0x10
[ 1748.606309][    C0]  ? find_held_lock+0x2d/0x110
[ 1748.611097][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1748.616132][    C0]  ? lock_acquire+0x2f/0xb0
[ 1748.620658][    C0]  ? copy_process+0x7dc5/0x8df0
[ 1748.625625][    C0]  ? down_write+0x14e/0x200
[ 1748.630165][    C0]  ? up_write+0x1b2/0x520
[ 1748.634542][    C0]  copy_process+0x7e77/0x8df0
[ 1748.639356][    C0]  ? __pfx_copy_process+0x10/0x10
[ 1748.644405][    C0]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1748.649730][    C0]  ? futex_wait+0x121/0x380
[ 1748.654257][    C0]  kernel_clone+0xfd/0x960
[ 1748.658785][    C0]  ? __pfx_kernel_clone+0x10/0x10
[ 1748.663834][    C0]  ? do_futex+0x123/0x350
[ 1748.668170][    C0]  ? __pfx_do_futex+0x10/0x10
[ 1748.672861][    C0]  __do_sys_clone+0xba/0x100
[ 1748.677465][    C0]  ? __pfx___do_sys_clone+0x10/0x10
[ 1748.682704][    C0]  do_syscall_64+0xcd/0x250
[ 1748.687231][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1748.693137][    C0] RIP: 0033:0x7f056857ff19
[ 1748.697554][    C0] RSP: 002b:00007f05693c4008 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 1748.705975][    C0] RAX: ffffffffffffffda RBX: 00007f0568745fa0 RCX: 00007f056857ff19
[ 1748.713949][    C0] RDX: 0000000020000100 RSI: 00000000200000c0 RDI: 0000000020000000
[ 1748.721927][    C0] RBP: 00007f05685f3cc8 R08: 0000000020000180 R09: 0000000020000180
[ 1748.729930][    C0] R10: 0000000020000140 R11: 0000000000000206 R12: 0000000000000000
[ 1748.737928][    C0] R13: 0000000000000000 R14: 00007f0568745fa0 R15: 00007ffe595f53b8
[ 1748.745929][    C0]  </TASK>
[ 1748.748954][    C0] rcu: rcu_preempt kthread starved for 10505 jiffies! g108133 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1748.760242][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1748.770218][    C0] rcu: RCU grace-period kthread stack dump:
[ 1748.776107][    C0] task:rcu_preempt     state:R  running task     stack:27488 pid:17    tgid:17    ppid:2      flags:0x00004000
[ 1748.787885][    C0] Call Trace:
[ 1748.791163][    C0]  <TASK>
[ 1748.794101][    C0]  __schedule+0xe58/0x5ad0
[ 1748.798536][    C0]  ? __pfx___lock_acquire+0x10/0x10
[ 1748.803759][    C0]  ? __pfx___schedule+0x10/0x10
[ 1748.808621][    C0]  ? schedule+0x298/0x350
[ 1748.812957][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1748.817993][    C0]  ? lock_acquire+0x2f/0xb0
[ 1748.822504][    C0]  ? schedule+0x1fd/0x350
[ 1748.826842][    C0]  schedule+0xe7/0x350
[ 1748.830928][    C0]  schedule_timeout+0x124/0x280
[ 1748.835799][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[ 1748.841188][    C0]  ? __pfx_process_timeout+0x10/0x10
[ 1748.846497][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1748.852311][    C0]  ? prepare_to_swait_event+0xf3/0x470
[ 1748.857875][    C0]  rcu_gp_fqs_loop+0x1eb/0xb00
[ 1748.862657][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1748.867950][    C0]  ? rcu_gp_init+0xc82/0x1630
[ 1748.872641][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[ 1748.877853][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1748.883671][    C0]  rcu_gp_kthread+0x271/0x380
[ 1748.888362][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1748.893572][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1748.898778][    C0]  ? __kthread_parkme+0x148/0x220
[ 1748.903880][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1748.909088][    C0]  kthread+0x2c1/0x3a0
[ 1748.913170][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1748.918375][    C0]  ? __pfx_kthread+0x10/0x10
[ 1748.922986][    C0]  ret_from_fork+0x45/0x80
[ 1748.927498][    C0]  ? __pfx_kthread+0x10/0x10
[ 1748.932105][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1748.936955][    C0]  </TASK>
[ 1748.939974][    C0] rcu: Stack dump where RCU GP kthread last ran:
[ 1748.946296][    C0] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0
[ 1748.956973][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 1748.967030][    C0] Workqueue: events_unbound toggle_allocation_gate
[ 1748.973553][    C0] RIP: 0010:write_comp_data+0x0/0x90
[ 1748.978849][    C0] Code: 48 83 c0 01 48 39 d0 73 07 48 89 01 48 89 34 c1 c3 cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <49> 89 d2 49 89 f8 49 89 f1 65 48 8b 15 ef d4 69 7e 65 8b 05 f0 d4
[ 1748.998467][    C0] RSP: 0018:ffffc90000107990 EFLAGS: 00000202
[ 1749.004544][    C0] RAX: 0000000000000001 RBX: ffff8880b8744a40 RCX: ffffffff818df5fc
[ 1749.012519][    C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000005
[ 1749.020492][    C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 1749.028473][    C0] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed10170e8949
[ 1749.036447][    C0] R13: 0000000000000001 R14: ffff8880b8744a48 R15: ffff8880b863fe40
[ 1749.044427][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[ 1749.053368][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1749.059959][    C0] CR2: 0000555581dcc4a8 CR3: 000000000df7e000 CR4: 00000000003526f0
[ 1749.067935][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1749.075911][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1749.083885][    C0] Call Trace:
[ 1749.087164][    C0]  <IRQ>
[ 1749.090053][    C0]  ? rcu_check_gp_kthread_starvation+0x31b/0x450
[ 1749.096402][    C0]  ? do_raw_spin_unlock+0x172/0x230
[ 1749.101620][    C0]  ? rcu_sched_clock_irq+0x247a/0x3310
[ 1749.107101][    C0]  ? timekeeping_advance+0x72e/0xa90
[ 1749.112394][    C0]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[ 1749.118047][    C0]  ? __asan_memcpy+0x3c/0x60
[ 1749.122656][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1749.127440][    C0]  ? update_process_times+0x178/0x2d0
[ 1749.132832][    C0]  ? __pfx_update_process_times+0x10/0x10
[ 1749.138583][    C0]  ? update_wall_time+0x1c/0x40
[ 1749.143470][    C0]  ? tick_nohz_handler+0x376/0x530
[ 1749.148703][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 1749.154181][    C0]  ? __hrtimer_run_queues+0x5fb/0xae0
[ 1749.159578][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1749.165312][    C0]  ? read_tsc+0x9/0x20
[ 1749.169406][    C0]  ? hrtimer_interrupt+0x392/0x8e0
[ 1749.174548][    C0]  ? __sysvec_apic_timer_interrupt+0x10f/0x400
[ 1749.180713][    C0]  ? sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1749.186529][    C0]  </IRQ>
[ 1749.189464][    C0]  <TASK>
[ 1749.192395][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1749.198572][    C0]  ? smp_call_function_many_cond+0x47c/0x1300
[ 1749.204659][    C0]  ? __pfx_write_comp_data+0x10/0x10
[ 1749.209955][    C0]  smp_call_function_many_cond+0x47c/0x1300
[ 1749.215862][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 1749.220905][    C0]  ? __pfx_do_sync_core+0x10/0x10
[ 1749.225938][    C0]  on_each_cpu_cond_mask+0x40/0x90
[ 1749.231067][    C0]  text_poke_bp_batch+0x22b/0x760
[ 1749.236113][    C0]  ? __pfx_text_poke_bp_batch+0x10/0x10
[ 1749.241674][    C0]  ? __jump_label_patch+0x1db/0x400
[ 1749.246907][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[ 1749.253175][    C0]  text_poke_finish+0x30/0x40
[ 1749.257865][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[ 1749.263860][    C0]  jump_label_update+0x1d7/0x400
[ 1749.268905][    C0]  static_key_enable_cpuslocked+0x1b7/0x270
[ 1749.274815][    C0]  static_key_enable+0x1a/0x20
[ 1749.279591][    C0]  toggle_allocation_gate+0xfc/0x260
[ 1749.284887][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1749.290788][    C0]  ? trace_lock_acquire+0x14e/0x1f0
[ 1749.296000][    C0]  ? process_one_work+0x921/0x1ba0
[ 1749.301157][    C0]  ? lock_acquire+0x2f/0xb0
[ 1749.305686][    C0]  ? process_one_work+0x921/0x1ba0
[ 1749.310808][    C0]  process_one_work+0x9c5/0x1ba0
[ 1749.315763][    C0]  ? __pfx_bond_mii_monitor+0x10/0x10
[ 1749.321222][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1749.326599][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1749.331405][    C0]  ? assign_work+0x1a0/0x250
[ 1749.336008][    C0]  worker_thread+0x6c8/0xf00
[ 1749.340619][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1749.345738][    C0]  kthread+0x2c1/0x3a0
[ 1749.349820][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1749.355029][    C0]  ? __pfx_kthread+0x10/0x10
[ 1749.359635][    C0]  ret_from_fork+0x45/0x80
[ 1749.364060][    C0]  ? __pfx_kthread+0x10/0x10
[ 1749.368661][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1749.373455][    C0]  </TASK>