last executing test programs:

34.389082654s ago: executing program 0 (id=2974):
socket$inet6_sctp(0xa, 0x1, 0x84)
munmap(&(0x7f0000901000/0x3000)=nil, 0x3000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @generic={0x66}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720aa3fe00000000850000000a000000b70000000000000095000000000000004e6258941c823b7505608556ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd42abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ef88bc333fbcec0ea4334f1ddb9d679ae95a90fd41d528f587e05000000435883df6c10ce86188c92292b2d0226082960be682836bdff8b0971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da000ef78df03000000d19913a5fb03c79dac2e489f68127892658115e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517000026637b4c34bf2d0aa304ed"], 0x0}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r1, 0x58, &(0x7f0000000500)}, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$FOU_CMD_ADD(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x14, r5, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x141040, 0x42)
r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
write$6lowpan_control(r6, 0x0, 0x100000)
r7 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc67}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r8, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}})
mmap$IORING_OFF_CQ_RING(&(0x7f0000557000/0x4000)=nil, 0x4000, 0x0, 0x10, r6, 0x8000000)

33.078405456s ago: executing program 0 (id=2977):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a64000000060a01000000000a0000010900010073797a310000010000000000000001800b0001006e756d67656e000024000280080003400000000008000140000000030800024001c0000008000440ffffef000900020073797a3200000000140000001100010000000000000000000700000a56374fb1d9778862e2f7b336fd9e721d4fc9e230f1edd62a5bc51c278ce926b0de"], 0x8c}, 0x1, 0x0, 0x0, 0x40}, 0x24000840)
r2 = fsopen(&(0x7f0000000200)='debugfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
bind$nfc_llcp(r0, &(0x7f00000001c0)={0x27, 0x0, 0x100, 0x7, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0xd}, 0x60)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
unshare(0x400)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r4, 0x5}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB='&'], 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="1a", 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='O', 0x1, 0x0, 0x0, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0xd)
sendmmsg$sock(r0, &(0x7f0000003980), 0x0, 0x4000884)

32.380409573s ago: executing program 0 (id=2980):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='children\x00')
socket$l2tp(0x2, 0x2, 0x73)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, 0x0)
fcntl$getownex(r0, 0x10, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xe539, 0x800, 0x400001, 0x40000333}, &(0x7f00000000c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x7, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x600, 0xe, 0x0, 0x0)

30.769766334s ago: executing program 0 (id=2983):
r0 = socket(0x11, 0xa, 0x5)
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x4e20, @loopback}})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendto$inet(r0, 0x0, 0x0, 0x8000800, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x670, 0x5, 0x4b0, 0x338, 0x338, 0xffffffff, 0x290, 0x0, 0x418, 0x418, 0xffffffff, 0x418, 0x418, 0x5, 0x0, {[{{@uncond, 0x0, 0x198, 0x1e0, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xf, 'kmp\x00', "4801d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@rateest={{0x68}, {'wlan1\x00', 'ip6tnl0\x00', 0x12, 0x2, 0x9, 0x2004, 0x5, 0x3, {0xc35}, {0x1ff}}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x12, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv6=@rand_addr=' \x01\x00', @port=0x4e21, @icmp_id=0x68}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0xa, 0x4, "ed481ca2c99b76ccda2879f6a12da5725ea2669d62d23b45710a851be124"}}}, {{@ip={@local, @remote, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @local, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@common=@icmp={{0x28}, {0xc, "1542", 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x2, @ipv4=@broadcast, @ipv4=@empty, @gre_key=0x3, @icmp_id=0x64}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x510)
syz_usb_connect(0x0, 0x24, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100008e88052086800095d8b601020301090212000100000000090401"], 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_RDWR(r2, 0x707, &(0x7f00000001c0)={&(0x7f0000000000)=[{0x1e, 0x8000, 0x0, 0x0}], 0x1})

12.24757513s ago: executing program 4 (id=3034):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$inet(r6, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000001180)=[{0x0}, {&(0x7f0000001e80)="d7a893db4fbf210fc82929f23f2a1b403134b46d70b96a74bf7ddf6f8f60e61db2616165509089b9a4abbfdf3a0b3fdcb9e36596f98b8525481fa9a09a5c5e628ec3c2acb3d88b6047668f294648b90c0813f00d775e0d387ebc6a7e86019df3e91b1969ba8f03d46c4fb48e4a46ab1dc3bebb165455f257c882cf53b8c2a336d3dab2f5f8fefacb58ba601e5ad9f3114b4fb7c4110020952e0be2bc045329a17a38809ff3c97e23483ef2ad993bab2d2435228d65f6857e19c6ac9ee705f1b4e078d062678b8875b93fe1e4d32c6411d0bec49abfb8fb70a27cc1c6dddab6fccca1d8fe32813974bcd6383503a2597e58ea2cf0332493024f1309abe727e00ab115d6783bec84fbb0db7a3c1b183cafcbec5029fb69b5b3cc1024125aefd288c5c04ba8ae9e9be522976acf9bd98cb543912926377c2a3a24170100575f534797b63878ea593c2f639db345c64545de66afb512c263264f94c5439c8afcf509e85d25958b4e3c56c807f5d9e13c47e0ae13c72f6d388d44586a1883c668bd699e", 0x181}], 0x2}}], 0x1, 0x20040)
listen(r5, 0x4000)
close(r5)
r7 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x0)
ioctl$SG_GET_VERSION_NUM(r7, 0x2284, &(0x7f0000000080))
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0x42f, 0x870bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {0x8, 0x7}, {}, {0xc, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x8, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x1}]}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

9.133779829s ago: executing program 1 (id=3041):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40000100)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x4000, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa845942824251d7d17b5191584bcd4fbe40a23424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"b3472eb9cd42d2030000002000", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200000000"], 0x0, 0x3}, 0x94)
r1 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7})
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1})
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000b40)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x30, r5, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS={0x8, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_TDLS_PEER={0x4}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x400c0}, 0x4)
io_setup(0x2ae1, &(0x7f0000000180)=<r6=>0x0)
r7 = eventfd2(0x10000, 0x0)
io_submit(r6, 0xf000, &(0x7f0000000600)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x40, r2, &(0x7f00000001c0)="20520fdd26bf4a7ce6cdcbc4af395590c42900eee3a1669387719013b2b2a3b4", 0x20, 0x0, 0x0, 0x3, r7}])
close_range(r1, 0xffffffffffffffff, 0x0)
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=<r9=>0x0)
lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0}, 0x0)
r12 = getegid()
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000003c0)=@broute={'broute\x00', 0x20, 0x3, 0x5ca, [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000006c0], 0x0, &(0x7f00000000c0), &(0x7f00000006c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x1, [{0x11, 0x68, 0x88a2, 'gre0\x00', 'vlan0\x00', 'vxcan1\x00', 'pim6reg0\x00', @broadcast, [0x0, 0x0, 0xff, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [], 0xe6, 0x246, 0x276, [@owner={{'owner\x00', 0x0, 0x18}, {{r9, r10, r11, r12, 0x6, 0x1}}}, @mac={{'mac\x00', 0x0, 0x10}, {{@random="717cfa555ecd"}}}], [@common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0xc7, 'system_u:object_r:devtty_t:s0\x00'}}}], @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x4000}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x2, [{0x11, 0x8, 0x88b5, 'vlan0\x00', 'pim6reg\x00', 'vlan1\x00', 'tunl0\x00', @empty, [0x0, 0x0, 0xff, 0xff, 0xff], @multicast, [0x0, 0x0, 0xff, 0x0, 0xff, 0xff], 0x6e, 0x6e, 0xbe, [], [], @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x7, 'syz0\x00', {0x100000000}}}}}, {0x9, 0x1, 0xf6, 'wlan1\x00', 'bond_slave_1\x00', 'vcan0\x00', 'wg2\x00', @empty, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @random="59b3bcc4eb97", [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], 0x10e, 0x15e, 0x1d6, [@vlan={{'vlan\x00', 0x0, 0x8}, {{0x4, 0x2, 0x892f, 0x4, 0x2}}}, @physdev={{'physdev\x00', 0x0, 0x48}, {{'nicvf0\x00', {}, 'veth0_to_batadv\x00', {0xff}, 0x2, 0x12}}}], [@common=@LED={'LED\x00', 0x28, {{'syz0\x00', 0x1, 0x10000, {0x10001}}}}], @common=@NFLOG={'NFLOG\x00', 0x50, {{0x2, 0x3ff, 0x10, 0x0, 0x0, "95511b34a40459734c2d0f71d23c9a5c51f57ee73babdd8e6a3b8f27e4c843172d460616225507f28388023f73374c1dbf1439b9949df64dce38fa09f37602b5"}}}}]}]}, 0x642)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r8, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

8.713967418s ago: executing program 3 (id=3042):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x10, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000800), &(0x7f0000000840)=0x14)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x2, 0x4, 0x3}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x8, 0xdd, 0x40}, 0x50)
close(0x3)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x6, &(0x7f0000000340)=@raw=[@alu={0x4, 0x0, 0x1, 0xb, 0x2, 0x1, 0x4}, @map_val={0x18, 0x0, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x7}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f0000000380)='syzkaller\x00', 0x8, 0x15, &(0x7f0000000480)=""/21, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000500)=[r2, r1, r1, r2, r1, r2, r1, r2, r2], &(0x7f0000000540)=[{0x5, 0x4, 0x9, 0xc}], 0x10, 0x9}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000300)='sched_process_exec\x00', r3, 0x0, 0x200}, 0x18)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000880)={'filter\x00', 0x2, [{}, {}]}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50)
r5 = bpf$TOKEN_CREATE(0x24, &(0x7f00000005c0)={0x0, r4}, 0x8)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x1441c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @value=r5}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=<r8=>0x0)
prlimit64(r8, 0x2, &(0x7f0000000140)={0xffff, 0x8}, &(0x7f0000000240))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10)
r9 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
fsmount(r9, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r9, 0x7, 0x0, 0x0, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x52, 0x8, 0x0, {0x0, 0x1}, {0x4b, 0x2}, @cond=[{0x0, 0x20c8, 0x20, 0x6, 0xaf}, {0x7ffe, 0x11, 0x1, 0x10, 0x5, 0xfaa}]})
r10 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r10, &(0x7f0000000040)="e2", 0x2250)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000780)={0x0, @qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, @generic={0x18, "80bfff8e6d993a197754657d53e4"}, @vsock={0x28, 0x0, 0xffffffff, @host}, 0x8, 0x0, 0x0, 0x0, 0x8000, &(0x7f0000000740)='veth1_to_team\x00', 0x0, 0xfffffffffffffffe, 0xc})
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

8.713377081s ago: executing program 4 (id=3043):
syz_io_uring_setup(0x4d09, &(0x7f0000000140)={0x0, 0x8c36, 0x80, 0xfffffffe, 0x14c}, &(0x7f00000001c0)=<r0=>0x0, &(0x7f00000000c0)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_SYMLINKAT={0x26, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x1})
accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev}, &(0x7f0000000040)=0x10)
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4e24, 0x78a2, @mcast2}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_procfs(0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0xfc, 0xa}, 'port0\x00', 0xef, 0xf1c0f, 0x5, 0x6, 0x6, 0x0, 0x5, 0x0, 0x1, 0x2})
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x6, @loopback, 0x2}}}, 0x30)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0), 0x8417f, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$int_in(r4, 0x5452, &(0x7f0000000100)=0x2)

8.505764453s ago: executing program 3 (id=3044):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="0f8666f2a665f0ff0f0fc73666ba21003e0f01c5c4c1ed665a0aa00f06ea009000002c00c4c1b81516", 0x29}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r4, 0x660c)

8.391723212s ago: executing program 4 (id=3045):
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) (async)
r0 = syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x3eac, 0x400, 0x0, 0x105}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000240)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x4c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40010000, 0x0, {0x0, r3}}) (async, rerun: 32)
io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) (rerun: 32)

7.993877672s ago: executing program 1 (id=3047):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100020008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xe0}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x2}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0x50}, {0x7, 0x1, 0xb, 0x2, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

6.997121403s ago: executing program 4 (id=3048):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
syz_usb_connect(0x0, 0xc08, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011003c65c2540d8048200aed0010203010902f60b0200000007090490070d02020102092107004a01221a0d07"], &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0})
connect$inet6(r0, 0x0, 0x0)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000300)={0x101, {{0xa, 0x4e26, 0x9, @mcast2, 0x1}}}, 0x88)
setsockopt(r0, 0x84, 0x80, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x71, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x2, 0x1, 0x4, 0xe8, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "be5743"}, {0x5, 0x24, 0x0, 0x2}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x10, 0x0, 0xb1}, {0x6, 0x24, 0x1a, 0xfffb, 0x8}}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x5, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x2, 0x8, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x4, 0x6, 0x6}}}}}}}]}}, &(0x7f00000007c0)={0xa, &(0x7f00000004c0)={0xa, 0x6, 0x250, 0x0, 0xfc, 0x25, 0x8, 0xe9}, 0x17, &(0x7f0000000800)=ANY=[@ANYBLOB="050f1700020b10010220000411a309060710020007feff6dc9e830fd3a3e80484a8ab5cd9fad82edb2adbe33a0d40b58ca94c5aad38ca0f22a468b3512e32bb6165ffed1f6293f64e658d0262efc90cc266593989e81542b6534945e721092889126220fda1ca1f438329d54e6af93520b0eec591534eec77ffbdca7a0c983d0d4753820b45e41270374c87a5de5ca5d3883eede7c5160e13ec5befb06708d5982822f11cf8ef6ce0a1256a6dbb23562a1e7dbbac23273bfff81aa488b1d47c6ab89d24f9e0c39c2e628a50cd80a0f78faae687e5e08346d39607d9f37b37f03f33ac0b7adf00a8e2400e7814e01d8239317599ad9fc2ed5c0072fe35740618113947eb8a6a0af71e0334784eab7c73b5024e22cc306b2c8b3b332045f63a6618d8554f82a18674a0d2b9a0de44d479989795c5f5936d989933526e1505333ff0348e3c16089a40f63eb6c7d9dbf508e899fe9e331854af5d177d4e0c1e4b988d2a775b5dd2125cf608595d20a4067a34647ae8319cb1995ac89b8a698d50d4a9234f96b3cb2aa28343de1dfe50e87aed49566dc7db87f156b6142570b"], 0x2, [{0x20, &(0x7f0000000680)=@string={0x20, 0x3, "b65a9972083a2f8bcef3baf221639d0151a6e4311793233f0fd73389f5c0"}}, {0xed, &(0x7f00000006c0)=@string={0xed, 0x3, "77b8d57d2438d36778d7e1620f35d1f70583013ca6dae3364dea2b2d58954116675f936fd666fa76533fd808ef04b88596e41e87026792b631d4a2e6083583827108b9bf64382272a3b4c4fd76971decadbc56b941633bc3be7fe9498608d84fa6e8cfe92974e8748ca9dc1c716eae9c83f45dbc2c30120abaec0e672a69ba696a7ec4373f0177151c69ce8cfc13ca5b57da1b930e12886a8f38de38a3e1f413478dad81a26796575fdfe264bb19a62248f978582e61a8ab6241bbab37654b42f36147e09dfba59a416365a7e86644de2c36238ea1428fb47c042b354267e31067b06ea9d60788c872033f"}}]})
socket$xdp(0x2c, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket(0x1e, 0x2, 0x0)
socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r4, 0x0, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000480)=[@mss={0x2, 0x3}, @mss={0x2, 0xaf0}, @timestamp, @mss={0x2, 0x8}, @window={0x3, 0x8000, 0x81}, @sack_perm, @timestamp], 0x7)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
mknodat$loop(r7, &(0x7f0000000000)='./file0\x00', 0x4, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

6.34222103s ago: executing program 1 (id=3049):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, 0x0, 0x4000040)

5.225176684s ago: executing program 1 (id=3050):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x139)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x3d, 0x0, "bb02a3c364ca41d6e5415445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d8b6d2ccd00"}, 0xd8)
sendto$inet6(r1, 0x0, 0x0, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000040)={0x3000, 0x114000})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, 0x0, 0x0)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000000c0)={0xc, 0xa}, 0x2)

5.21700731s ago: executing program 2 (id=3051):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008850}, 0x2404c004)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f00000003c0)={0x80, 0xa0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, {0x10, 0x8}, {0x8, 0x6}, {0x0, 0x8, 0xfffffffd}, {0x4, 0xb, 0xfffffffd}, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7, 0x9, 0x0, 0xfffffffc, 0x400009, 0x6, 0x0, 0x17, 0x1, 0x1, 0x8})
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
fsopen(0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x80000001}, 0x8)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
close(r3)

4.678840207s ago: executing program 3 (id=3052):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008850}, 0x2404c004)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f00000003c0)={0x80, 0xa0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, {0x10, 0x8}, {0x8, 0x6}, {0x0, 0x8, 0xfffffffd}, {0x4, 0xb, 0xfffffffd}, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7, 0x9, 0x0, 0xfffffffc, 0x400009, 0x6, 0x0, 0x17, 0x1, 0x1, 0x8})
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
fsopen(0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x80000001}, 0x8)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
close(r3)

3.907684278s ago: executing program 2 (id=3053):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7050000000000006110480000000000dc0500001000000095000000000000009abb1723bf24203831c9545b21c751ee4024f479cbe4b89f9808837203000000000000c2d182c7a3221481f5009edaf5f5ac058299e10e790a198f42a715b99fb3d2a73dd025848710155ad1efd7d991408000000000000085a0db0401fa29e075b7ab0408a0d8cfceeb23465bb027ee1151c02af21d8f9aa57e673a6724441d08087aff070eda8abef22b3a806c8226f5a2886c93bd29b37252ba4a6e9cc5f69e75680c431aa855e487ae513abd6c4ee973fce29a26018ed5e0780f8778a602a3533a3dac7da4fe491edf3abfa7bf871c58848ac46ada6776bd9b85df01e626026a59ddfa7a9c879acbfb0bf426785dec7d8611dc850df49ed8633bdb83dd505fb20649f53841a0e200c91f5bf1bb186ed87efc7b6f8859d029c8376ca19265e281fea0a6fd2222f8850c8445758503ede0ce1b3f73ecd8989e8c53c5e679b13802bddf80f3b1d07d6d68bfa12ab34697d40ac1150a842f8bb381344b994c19642a10eb30845a993daaa8bd4aebc595475feb3475d8e802498382e73edb98fcf2df96ab3c870490c4"], &(0x7f00000002c0)='syzkaller\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1, 0x0, 0x6}, 0x18)
linkat(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_usb_connect(0x5, 0x52, &(0x7f0000000780)={{0x12, 0x1, 0xf223dc2b392ca1b, 0x5d, 0x6e, 0x9f, 0x40, 0x499, 0x101b, 0x5629, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0xa, 0x3, 0xaee7019a03ac0f75, 0x8, [{{0x9, 0x4, 0x29, 0x20, 0x0, 0xe, 0x1, 0x0, 0x6, [@uac_as, @cdc_ecm={{0x8, 0x24, 0x6, 0x0, 0x0, "38b2f0"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x9, 0xdc90, 0x8}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0x82, 0x5, 0xfc}, @mbim_extended={0x8, 0x24, 0x1c, 0x401, 0x5, 0xfff1}]}]}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0})

3.860234181s ago: executing program 3 (id=3054):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r1, &(0x7f0000000580)=[{&(0x7f0000000040)="8588ba", 0x3}], 0x1) (fail_nth: 1)

3.654657142s ago: executing program 1 (id=3055):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r4, 0x0, 0x4000000a, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
ppoll(&(0x7f0000000140)=[{r5, 0x4080}], 0x1, 0x0, 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x101401, 0x0)
getdents64(r8, &(0x7f0000000580)=""/174, 0xae)
r9 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r9, &(0x7f0000000580)=[{&(0x7f0000000040)="8588ba", 0x3}], 0x1)

3.486137791s ago: executing program 0 (id=2994):
syz_open_dev$media(0x0, 0x8000009, 0x8800)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000100), 0x2, 0x862b01)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
r6 = socket$kcm(0x10, 0x2, 0x10)
r7 = accept$phonet_pipe(r1, &(0x7f0000000580), &(0x7f0000000680)=0x10)
sendto$phonet(r7, &(0x7f00000006c0)="7ecb937f5f6d0801fba67007134b411aac71d3242a6bff267c0f0c3a5bc131f816a4cb9094d6c0ef054fff189e43adc9bac8088af7ea746ecfaef09a12fa0e788f5c31fbbf12f9919d417eecd917851749bf296c76c6371b891cf1caded43b364619f55fabc59b027dd9ed7f74b1df1caafd6dc11e52aa0f237aa86398c9c59269d6cd99d1e98ae363bd0037c02e874dcd3d23eee18002bad1a3c14c2293564bb661b861", 0xa4, 0x4000040, &(0x7f0000000780)={0x23, 0x1, 0x7, 0x40}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
syz_open_procfs(0x0, 0x0)
read$FUSE(r1, 0x0, 0x9)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000003c0)={0x54, 0x0, 0x1, {0x1, 0x1}, {0x4b, 0x2}, @cond=[{0x8, 0x5388, 0x8, 0x800, 0x7, 0xa}, {0x0, 0x6, 0x7ff, 0x3, 0x6, 0x400}]})
capset(&(0x7f00000007c0)={0x20071026}, &(0x7f0000000140)={0x40002, 0x0, 0x1, 0x81, 0xfffffff7})
ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000200)={0x5})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002502000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe5d6405000000000075040000000d00000701000000000000b70400001000e5206a07f0ff00000000850000007d000000b70000000a00000095000000000000006458c2c62fc206000000f909a63796c113a80c19aab9d60700ffffffff483be3f0d3253730e78000000062c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766aeb39439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c013700e69274f8e9c31975e551558055dc2dc29edc33b375fa325dcf3e91e20f63d7030dbe7ff7f51fe89c3d17cf45a1616ad237682057034dfdc81f5a53cd640212c88e8b687a2446049577c75b76b775c1e301caf2465ed4b2ad56b848d046c52bfc3737127120ab17d82a294d174f240a3cdc725cfe6e839a1f80f59486578e45b008d39ab618f660e3c53ed4409aa92ae4fecd913060ca74ed8a303e22de12087a217d8d7be0ae1117cc791313b1318497dd5ebeef0d7e1795a6ff20f699870ebb137cffa79465da52ab2b3430ba0ba59152496a1ea5dd1e4dee46f6d3688603b5f25a588a31da4e481884074e211dd09a8b8039d0834507656ed7d552a990c1354d7638b2c2215dd9f606b01a92fabc6eb6fa033a86f8920e2168a80d7c86da5ad1d27c8d2a180e56046a49b989128ea736894d3eef8dca16ed63520be4654ddb14bfe4268c487c5a75c044e21021c089608c50adbc4e3f4c6a4ca86c7d2df5bc7c76e413d05e8f57b1e22d4af34f9d4d2e6e4d4f57f47aebdd5f98f67834c656b2fe09df4a1b15116fceaa404a6df278c7c629f584ba8d37c1137c2263ae02ad3718a03a886eb"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x139}, 0x48)
stat(&(0x7f0000000040)='.\x00', &(0x7f0000000080))
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)

2.665258371s ago: executing program 4 (id=3056):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000002c0)={<r5=>0xffffffffffffffff})
vmsplice(r5, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0xfd}], 0xf, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x845)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r6, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000085000000a000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003000000018000180140002007665746830"], 0x2c}}, 0x0)
prctl$PR_GET_TSC(0x43, 0x0)
dup3(r1, r0, 0x0)

2.502204651s ago: executing program 0 (id=3057):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000018105704da0700000000000109022400010000ba0009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000002040)="162dd3cad75f87b473622140aca9f6be4377caaba76f08daaad767f134c2ffc2ba9c92a5971b01b71a225dababc99832633ea975d465532309695b29d56eb9befec5159067bffa2d17b24093b372ebaf5589d18a8905982d01ee2870aa096647d6afabca77e0f36a01481b10ed8f0a585ceb41bf50f0515c259bbbbee74db0e045a9fde3614d35c6f2dfa1e71dace811a410bdfb395dd7c54fa733c6f8111f24df309ad928c6462d0a53a3824f9af07b11cb0c05724c33acfad1f5f16bffaf6c58ab2b8c4626bd9d4d1cc4ab67c9838b1fc53fb4ce46d304a12fffc2110043381d08160f056e8d3908497a402dcc156ff69bbf5cb5e5443c06bc4e3c6e4f231aab0eb6fdd2bb0740ae88095360d8b247daa6628fc10edbf048d800625134022e1d5d0bcb5c50e567f50c1990b1a434caa57d210b6084c9424d37c7a71479613b69b67670baab82f13b0923a73786655cfceb0c70d511b94f992391cad9ce57c5c76675cae6a2712cb9ce6dc07bdd0118001f062a22943ca72742a0fe97c48b9b895515fc71145fac9dfd27118a70b71dd564f27e31e1112292864a7be45459524ad8fb03c1f4388bdba3d9e3882a9be894133b0deea92885d0276f268bad0396635036192da1a9788e7525b08de07b0f351147e0f2aaa239e197924a5fc6961dbfcc96ad4cae4cf59f7a812d0c7f8506216dfb7658f8f8545477f4b6c1a606554ee19621d85438014d5e569b0c467e67cf0bb046284f4145ee9f9601b950b0217d183d0266da78f83ed2cf8a83f1374295853d52cdd561a756f247598126cddc98416c42c47a5ad4fda1c419b6ce04f4b57efd2cecf7bfe1589aab05c33e397c8acfb5e4d05cc62db2ba633e74d08c9a3c92111d39ef7d1c0321bfa1827b9fbbb592c49d46244b57c985ee4cc830f7eeda32cae961c4386916f927fc7f442eb6e2eaf45a3d2b0f28d4d319fdedd003aedc1c6384085921397a041384edee7172973fddb3eee2132acdec385cb596055f82a41087097ffece144a340cfe3ec0c0b833f4a92d28709419827eb0f747d73a2e7cc7d00a24749b9dd340793e2ca36536bc47233c9e2602a7f7f94450b22117215be6086d0c0132d24350c19abcb3d713fa97f76ce6ec8f61b24bfecb3ddcd0e7bccd0c4839de19283e95e08bc629554aac9543c15b0f69f1d03374269796c477579d212708b760914bde3269d9e9b0036c7cd0e8f3376d6a62ed0cde76861423ec5f76f2ab4d0f05b21db57277feaaf8475e6e6d1e5672281db17046b7464439d69e25210f67998e912d02c5296c60a450a38495e3b6737339a05f83e5a02aa1ee5bca6bf67ba84c659ef3cc4495cb1551e749277a86db07e7c48f61ee0672919d6a00472a893b6c6eead02140318fb497a1819b692b9bcb3b5cbe7cb55b9524abb1268b3f4a031a64fe6305519a2212298089c443b0503e77b7c8a3da14387872ca35cd6524f629161d85f253498568587513aa16848fa8f8f3dea115cbe8e85bdb8aa20f20ce26f3fcaac4615a9b9d7d6919ba952f7e93a96ba26010cc4bc24622ed3bb9b063e0e686f41b2cece5a50d787676600a04bfe7e6eb78e740b8bcb4b3a51f2a39250d0163a75d8f97032c60efc5516ba48ce2d53da0a7aab99330369a2c44cfc6ac65707733971493de86a519629f7be4643a52abe3d0ca1e22dfa27d8f7c54c50e0e1f3f639dbc622afa56d22b2732232d62b0a312c359dfd25e266f2138a49689fcc789470b01aabc05563ab025938153c15abbb300192e0bc27f810246d4d24295f337db02aa6b3e801905ee519a681fd73462eb330800763f75ae88e3e57c2a5552fba4b6154cab775625b817e18ff1e26273d21bf8b3cb2a79df7e92a8e498dadc04f11c62d6841bdd0408b212a43951a4a4f4f29c9b8918644e743e2f30cc52d422a9ce03750307096a5f8b61bb585ada2ad7a63d440e418c16e6827792dd470fa980a72cbe53b354ab208b0cb99ad858ff2ee4395f7fbff96c38fe2f84ccca78b6c867d1ff0440c5795b875339b87d98e59dca2dd80b3624c7406b56dc76b0198514bdb97b228e5b726683b3c12f71fb2b1dda24d085175acdc5d7744129df8065168ac103d819bc95dd408e17bfa7ae37d0ff5145e393a37b5cc08c2c10e5ef5d80dd6c79d35c650417e6fc47467c3552bbc1a3d50d2cdce471e5cd43b48475272e30c9d415c826bed60369c1841219e15d93bd87de49e2566de3a01dfc60cd3295134c876863cbfb7be8be44b0d4369b81a778f8fb2fcd039048fd16bf9d4f08a9458dbeadb298ee12b7ee7f6f43099dc684e33bee75d23f37c5b058e56f785f1c2af0c2ad66b69fc1fc06073bd53bed4a967314a6af8ede4d2facdae08ed503c4903fd5fdfd291327cd2ead1876361a16d9341cc24a63b2b51538b7199e048c00cab7127d19ae9a3ea0755b9b5d9604fefcfe7237d641019291bcd9ce30d5a388ad7127fde6061f1e307c0024ff1c200dc04354340eb4e8daac073b7c2f1fe1cee49330cc89ac061bd8a5f1676391d22d4afc8e5875daf4806bac0b5565bb99f07723cdd063ff070ba409fba6642888ea88109b333c3748f77b99f3bd4b9b61ec5e3d798d3584937c0165f4df571b8132ae425849e7e5ce414fbb00d9a30c129e2c13b6791435bb552bb01cedf3003b3bb24503fe226121d1f83419d5c23fad54dbd08fb3449b8a561954a23b47e34b7b14ddbcec2745353269e19fe218da2d0aad6df73083b3979160d4e52c8532c9f6602bc8ee624b9d5157fefbffec98e0e91a4f3824ccb4c33e17d19011f4c8db333d0fc5530930951cb63353a3aa0617ab2aba52268b81628d9f4a56b227300488c10df1e7f7533e1e4db449cb9cb6e588debf4795f98810702de5bfb81414bdacfcbd9e66f051ec7272b41ba281e8a68fe7c61e1cb4e74077342ddb7c5191d9731448a9e42a30c4df80e533db26ca3e12ab8ce8b5f0d114888692589b6c836c603ea4210c31b0e053092d75d9ceb49c5e9e2815b5aeebfcb53e97017d0ff6c7d3410120e355f9a6a1226e64a1621a2e6c04865acb25e137243ab9b82beea39c411163afd8969b086df73751020879785ec79c451fb822c11df1ae927318b35bd583a56827fd8744df8e7693837b8ddb0e831fd97b87505d5540d76d3e09895e64cc563dadf60bec88ee70b6008a53e50523ffbd2c0aa9f19123bd6f28de9851ae1f3f6101b46acf9139792be4872bf494c8970aee100a7a0c4dfbccbf01b6ccbebdfa8291f8ab3e25a9e4ff5dbda11488630e3bb8158b8f8de8cd4f793885e7a28e5afdf45eb57ad1330dfc0c51f51986e53c458feb4a4ef55b810a32f847d7ff5500c0f769d9abc090c10f87ba4e5250f36e70abb838ccb8f9fa95d96ba1e2e75a2d808a8fa26b686149ed6738a8e63ef70ed284e25d044aaa1e14c8caea04b77c9fba96036dd8b3be2e7704c65090fa7e8bf0e45c291709d3eb16a81e8aac27a120e52c05866310d8f288367f2b5187e83a1f7d5cb9dc6f8faa648683b7c88d54871dfcdca822568959ac2f7eb7dd3a345b0a8149806105dc90abfee3d5cefae3dfece4723fdc5a73c3a087020ca2fe1b166fe5b54cfb2f661fa5b017502155bf91856c3aae5cd20a48fbb958e1a0e70df51e4e46bbea56f639f6f32698d45297296244e8aaa845c13b70fa7f4f31115de0808975c143191c89c0233c557ddb93d6233ce22a699ca9a54ca6e8ddcfb5bf9d95b9807a49d9a64f7a239c77fa4e0d92d561fca5aa3e6c149c16c11131c9ad78493572cf1a9f953cc63ef8121cfa86a0f3fdb5a73c8530ddf93a9308fcaf436455aa6817f65e4616c9e38733b1cf9fa09822953d7d203748c5e45cbbe84a4fb7d59318013ba2a7da6f972c47ff9289091d7476035affddf44cc7a0b223cd14af5243dd14cd5d0f42849bd31af8ef9de434a01c52ee583c2d93b4785c34969629ffa406335ccd090637b83a5ee126a4833e6d6cf92b8aa6f9a2213df25fa575980c0cbd98039ca978860442b7466c3d4aa215593243d9c7ad3980470c9ef85154566ceed93ccb0330634f92d1fe5050bfe135f345527c93476e474f31ea45729ec534475d36b69876644e5db59c8cb0412f8d65be9ff2bea5ac37c5b1ff5d5d484aebed8b33920bbc8ed59ba9b3bf24ab6da8ebeda14dad9148183411980136cc2fde47049c98063b0ff1816a0852af035cbe8313d88620559e8331d983a43e0f4b515a61f5761bcd2130853ea24377d042643684699ceb9441a73f1285f6a15c8e00d17b4e051df2bd16b1a5699f6dce4556b0b6c88b8b86464beb6415777a8ec890c9335cc14452d6b23e2483d5b77b56042a694435bf913cb6e48ce6ca60c3009b274869bb350a8026d80680b32c9394e9b5dfee8df555a705bb1ff17ac848ccec95bb37206a72ab1d56160682d83e38c8acca34b08fa3b8665b35d01967c0a49681ef74b89b39f785977187a9d6f70affe2a32f41fe942fbd30fd9da981cf8f75485015962cb598d3d09a039787bf8d339695d0f5cd7cb60d25cdba119fa435e3692e06bdd76db5856eb2ed2cd85a081209b0a1453d52e1f8cf5120c7f044bddc38cded7ed59a793bfb2b289137137147f704a0628bb8e3e342b6084fbcc105b5345023fed9b2d339b95b0d0c97945943a70e007fe2172c501fae54ad04c279ae6da7150ea25469ce7e9c33b51713b05dcd4753930a0a37326d276fd28c8c0f6e06660beb102e2868fee31f70d37d38769e824846b081d120d8fcd394627fd672fe823cfdcf7af07b20b40e8e5efce8e93e8414744efd2723798aad9dabd8e23efc08983db6c65cf3c43d5b759ca52d118fad7a1bb23e5b3578f616fc42e304c797e640d8b985987274766adbf424e4e9a78c29dc436636e0df6e9255ebdd2c7c0cd261d42631cc49df231d0bd080da2928bcab9a0546b404b658f75fca9d8e506f3f6639bca2a13eae6bded0081fd2239bd8c0ab2382d23eecfb8985da82fe5ed32a96ac1e198d7f8cf5752cfb296af0a2d59ed19022cb084b525d44d8c773a14743a706baf209aebb270104b16181fdc2462d356341d89ba8024171c462640abfc3bd6f602c3bbd710f6ae6a2cef146f27002f78051d6687b83dac0cc627e0af1ed8765396d9783c6429b4063a8d58728c60ec88416c5dbdf362b891d278db21c9a4558c724b06547fc5f641801dd0da8403e57cff37d407fab07bb389c40555af869af263265333bf8aa4290d7cdb9a78573362d608a549165f13323c0107aa4dfac934fef838cf6e5f06b9324a5d8474183f077de97287eaf3c85cb74165b189d7547d3fccc4c763d02ce57d59c70f39e8065cdeb5fd13c4c14609f98941b73b16fed60bc55a2d8ef92104568b595f4a31f6428d527b34c470715d1300cd41ea992763f46a739ba387f359ee1d97c51e889e5599cebd800dbeef1496e3dbacaafc403d0dc7cd3c7d193788536aa5b0f5f25482744107d74795f27a8a8832596166fdcaa548b90c48890715526a52518f16d697d65beb6321befa003dc56432e3dd4b01cede5447813eb429dce845bf9702e5063fe571d8cb6cfecf12870e373b42c4f86f75b7b249f1bdb397113dfd7a23f1930f8533e300e8d0dc1674acb3ce38342b01edcaa09a0f4502f0ba94efeb853fa917612fc16a3829b437663a1e1", 0xfc1}], 0x1, 0x6)
sendmsg$nl_route(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@bridge_getvlan={0x20, 0x72, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00222200000049e9b3"], 0x0}, 0x0)

1.985325576s ago: executing program 2 (id=3058):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x4, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x17f, 0x9}, 0x9c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x806, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x98)

1.885237375s ago: executing program 2 (id=3059):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8060}, 0x4000040)

1.697057886s ago: executing program 2 (id=3060):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x399})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(r0, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)
mmap(&(0x7f0000ed2000/0x4000)=nil, 0x4000, 0x2000000, 0x10010, 0xffffffffffffffff, 0xfffff000)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r2, &(0x7f0000000040), 0x10)
setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f00000001c0)=0x2b00, 0x4)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x404, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000540)={0x1c, 0x8, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x20000010)
syz_init_net_socket$bt_rfcomm(0x1f, 0x2, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791028180000000069003e00000000009500740000000000", @ANYRESDEC], 0x0, 0x2, 0xa4, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport}, 0x94)

1.679993272s ago: executing program 4 (id=3061):
openat$selinux_relabel(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
syz_io_uring_setup(0x4d09, &(0x7f0000000140)={0x0, 0x8c36, 0x80, 0xfffffffe, 0x14c}, &(0x7f00000001c0)=<r0=>0x0, &(0x7f00000000c0)=<r1=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r0, r1, &(0x7f00000002c0)=@IORING_OP_SYMLINKAT={0x26, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x1})
openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000200), 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4e24, 0x78a2, @mcast2}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = syz_open_procfs(0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000003c0)={{0xfc, 0xa}, 'port0\x00', 0xef, 0xf1c0f, 0x5, 0x6, 0x6, 0x0, 0x5, 0x0, 0x1, 0x2})
write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x6, @loopback, 0x2}}}, 0x30)
io_uring_setup(0x76b, &(0x7f0000000040)={0x0, 0x8c898, 0xc000, 0xa, 0x22f, 0x0, r4})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0), 0x8417f, 0x0)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$int_in(r6, 0x5452, &(0x7f0000000100)=0x2)
connect$rxrpc(r6, &(0x7f00000002c0)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e23, @loopback}}, 0x24)
sendmsg$inet(r6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010100, @multicast2}}}], 0x20, 0x4c00}, 0x49)

1.061140166s ago: executing program 3 (id=3062):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000007980)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}, {&(0x7f00000005c0)}], 0x2}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000600)="320e7bb18dff29d51137271b2c8231e9e40d2e7bb56322b03390fac78c2b1a354f35bc1328225e0a1ed6e3f411a48a53e9d34ceb7781a6fc9a2c31baefcb571a4434b48e4cfaaf1ebd3053828a0986777ca6c26a0336ffc41933594b775525df48ce100e67478ebcb59b3eeb15f372cd44a4739c1583c56907479f4cca62a7fb5d0303493f914b15ed3d7b209681a175576e0e2b3aac968188bd2e43384abcaff7f14d4c93", 0xa5}, {&(0x7f0000000880)="7035778905c2358b3ff9b75d1a3f836c8eb517894eeff6c3ee08f90b36b40ab65fe12942de6e899ac1c72c2b26cab39a23e073567e8b4f311f6f0ee91f1c21aaa91ec103706d8b0bb468babe142dc2fe14205b8b103eddb7dc4859df7a5435fb0ab98a9d090fda41c52411b0bc760b6395b38f4bb42e636f0e3cc18ea09098c449d270e9273c7f9b1ab34a93dc00f86fd9db692070cd76d050a18ecd11675465b23ad28cd927e5d819de8da2c0f7a116988133e822db0f855107e0fbf1f2f03b7036b252c56290a4eb70a44487c19c117db925981fc925", 0xd7}, {&(0x7f00000002c0)="7c1a2d6c68f2b19af5ad5b3fbc13c1398f392d4e4912a47fd97c06e88e711432b971d95d781d72632d1369d5bc4db51e6dedbc9dd35219282a22db679e0734d6f64f608f7db61ee9dcba4b43f11d902fb9ba9566c7f94f39dbcae20665c5e1172a2ea6060acb92714a17ee6714dc06068795e0892d041d8c2f3559", 0x7b}, {&(0x7f0000000540)="08368fefde39d21623e23a9dd67b0c95a48022b4f407396964e4d1d2bcf1a7c71f16681007b08c6061a5a2e2aa144f9f9f3834323ffac830e41ec7ebe29248a7850257cedaaa8a54b1d65005dbd8fe4e86fc625d981ed8c6cd18e694901ba2eaccb24ec09c606b54c4f3928082965f13", 0x70}, {&(0x7f0000000980)="daa783cd66e6cbbbe761ae363ca91d0f8a1045df4f9a9cd7a8add41c38c00df6cea93ba7396c327f6ae2bcb858d08a21269be6091e8e362d6512bc51b29efdbb313d21d11c4b0a6bb9acd9d29146205ecd9ebff1ea64713b1d959b2bf125b17cece0048ad53d337e6c35da2be8696ea6a8eaf61db2fb466ad55972df50c67b8963976381a454b9763bfe1fe54c638f5d86e693734e2ee396eca7782d29c9d912eb34a80d30164b03624bf7d276c30426acfdfee3bb5a6242f7dc67863bdb918115b0cbc93171494957f635b068543b988682aaf6c00ba59923b259ebe9680c", 0xdf}, {&(0x7f0000000780)="e4562c344990b6edfba22eb307933df7454c92ad4d6266de0c508ecec4d22f530e2327f8d8edf73c54257bfc7bb393243b5fcd5f56a49650811e03b2796eb019de5647a4ff4f117a3aae441e9826d45c4cfb9edb82ca009ecadf936755db280697d8fc0fc9a664186582b44242e82bd682a992b95c8724de45f89bb6fee4b7346cb39028e0ed564a02041ea3bfa729481fc09e9777c2b89a83243d8ce84822aed2848ec62dffdbafb6", 0xa9}, {&(0x7f0000000b40)="2aa89dcc6d20cf5a732764f89bf238658cba80614e317b8304dae54c36f6e447b2b6cc36779a2bc14605bdf8b1beccc5fde0f08e0363a89d728c719de27252ce4ddb980418e0a63877d1df377f63b485e06bcee092556dc841358902ec2c010d4a462bf625f1ebd1b56b45aaf5340b9298d866fae9ec13b1c4b5736e8e98b0f07466b5d9685ec2c7300d1f36371d565f1a439e", 0x93}], 0x7, &(0x7f0000000a80)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x7ff}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0xa0}}], 0x78}}, {{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000c40)="889b2b663bc52b998e5164ef592dd016e1a57453dcf4c7ad0ee309b7f112c5f4931298006989fa7e5be6bf9e896bd9c52dd43dca2d3958c359583f523996ecbf226f8178281c96c49f97d0c04dd75e3fb23a982399273b6ba5cae6abb65eef0747e5e47c3338cd58b073fc86bd355fafb3d0fe1dcbc744e366516154e083505f2ddd013015f5da1f357ad404550837d418b63c7c6bf810b844d564dda44776f4bc92dbf5ca734271891781a39acf0c10870355e79f7192f7a1c6486b778eacec8660cc5ce5747f42a97458e21e11ee5e564fa74dc7c67ba4737600b1099c34cdf4af97ed8c04f82a8a3b6bcec4eec48c2bd26688d2dfddffb541cb0e7149e6", 0xff}, {&(0x7f0000000d40)="6af118351b2776a2d3525c5f4d7d1103d5d9ab595e516eea9d608d34b09b177f7054e74349a3d6157be1b300dc6c58ab781ab4accbe2aa3169693042c761ea0c193666e4373d7b8ec4f2e36176da156c728696ccdb3dede7b6915fe44e21f74dbebc602610838e539c6a3a7c8cefe2f69cce79f76376f57de01c5517a88714ac6cf0553153ff63c8a093cf64882a457a13f814", 0x93}, {&(0x7f0000000e00)}, {&(0x7f0000000f00)="be5db51b6a872fdcd55b5177992aaef4ac57a21bd929bc23aa9ac7f23c14aa214728bc2d3f468e5501762a340223849c9abb8f7e8f27754900e84ad7a88615f071920614ed97aa82fbaeeddb4e7fe008b84f27d63921299ffec077b962ee3811f54042a5ee5104c4df10df7dafd46912a22a6f4b0433", 0x76}, {&(0x7f0000000f80)}, {&(0x7f0000000fc0)="09a2e1ee027661083e999e9ca6d50149a8f570299ce7e69670ddc2b032f442d775eae50f685af3e5b2c2e68757fed20964aeca6102540c836b277bc6b631bda10aaa806a296c6a50776091df6044e542d53a5aff842a3e68", 0x58}], 0x6, &(0x7f00000010c0)=[@txtime={{0x18, 0x1, 0x3d, 0xffffffffffffffff}}, @mark={{0x14, 0x1, 0x24, 0xfe3}}, @txtime={{0x18, 0x1, 0x3d, 0x1000000000000}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x60}}, {{&(0x7f0000001140)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0xd1, @empty, 0x6}}, 0x80, &(0x7f0000001300)=[{&(0x7f00000011c0)="87de7d61eb6f3b1c95fe3ba09739170d4d8908f0e70f2fdf4e8c2494af4d4e35e7952933072aee57fab90cb3652bf7841850a0", 0x33}, {&(0x7f0000001240)="a6c35211e07d8c6557bae5cd476df01e40836fb0ada526bb413a3567aaab7e09f43db2a1893f2b5842ae62be0d1e6c70b3f94826886507196fed408623df4a8e1034e20380638cc24e692107357b9daf238d7e0a4774053e302b14068fd9e324f7b7c228df3cb92ea034693b968820a7b5b7fa5e05f0f2c62ddc49c67c2acb", 0x7f}], 0x2, &(0x7f0000001340)=[@timestamping={{0x14, 0x1, 0x25, 0x401}}], 0x18}}, {{&(0x7f0000001380)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, 0x80, 0x0}}, {{&(0x7f0000001580)=@l2tp6={0xa, 0x0, 0x1, @ipv4={'\x00', '\xff\xff', @loopback}, 0xdbc2, 0x2}, 0x80, 0x0}}], 0x6, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002dc0)=ANY=[], 0x570}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

103.596361ms ago: executing program 1 (id=3064):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x139)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x3d, 0x0, "bb02a3c364ca41d6e5415445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d8b6d2ccd00"}, 0xd8)
sendto$inet6(r1, 0x0, 0x0, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000040)={0x3000, 0x114000})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, 0x0, 0x0)
setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000000c0)={0xc, 0xa}, 0x2)

35.998866ms ago: executing program 2 (id=3065):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x635c, 0x1f480, 0x0, 0x399})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0xfc, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000)
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f00000001c0)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x404, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
creat(&(0x7f0000000040)='./file0\x00', 0xc)
sendmsg$IPSET_CMD_SAVE(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000540)={0x1c, 0x8, 0x6, 0x3, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x20000010)
syz_init_net_socket$bt_rfcomm(0x1f, 0x2, 0x3)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESDEC], 0x0, 0x2, 0xa4, &(0x7f000000cf3d)=""/164, 0x0, 0x25, '\x00', 0x0, @sk_reuseport}, 0x94)

0s ago: executing program 3 (id=3066):
socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008850}, 0x2404c004)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f00000003c0)={0x80, 0xa0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, {0x10, 0x8}, {0x8, 0x6}, {0x0, 0x8, 0xfffffffd}, {0x4, 0xb, 0xfffffffd}, 0x0, 0x10, 0x0, 0x0, 0x0, 0x7, 0x9, 0x0, 0xfffffffc, 0x400009, 0x6, 0x0, 0x17, 0x1, 0x1, 0x8})
socket$nl_crypto(0x10, 0x3, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
fsopen(0x0, 0x0)
bpf$ITER_CREATE(0x21, 0x0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x80000001}, 0x8)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10)
close(r2)

kernel console output (not intermixed with test programs):

02427][  T890] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -110
[  867.544597][  T890] usb 4-1: USB disconnect, device number 38
[  867.893197][T15557] cgroup: release_agent respecified
[  869.032296][T15562] usb usb1: check_ctrlrecip: process 15562 (syz.3.2503) requesting ep 01 but needs 81
[  869.052001][T15562] usb usb1: usbfs: process 15562 (syz.3.2503) did not claim interface 0 before use
[  869.542159][T15569] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2505'.
[  869.572710][T15570] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2505'.
[  869.656981][T15571] atomic_op ffff888022e96998 conn xmit_atomic 0000000000000000
[  869.828213][   T30] audit: type=1326 audit(1767685027.881:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15575 comm="syz.4.2508" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x0
[  870.790707][T15591] input: syz1 as /devices/virtual/input/input22
[  871.133589][T15589] 9pnet_virtio: no channels available for device syz
[  871.374952][T15444] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  871.698776][T15444] usb 5-1: Using ep0 maxpacket: 32
[  871.705810][T15444] usb 5-1: config 0 interface 0 has no altsetting 0
[  871.714918][T15444] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  871.724256][T15444] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.732336][T15444] usb 5-1: Product: syz
[  871.737247][T15444] usb 5-1: Manufacturer: syz
[  871.741850][T15444] usb 5-1: SerialNumber: syz
[  871.758356][T15444] usb 5-1: config 0 descriptor??
[  872.023765][ T5816] Bluetooth: hci1: adv larger than maximum supported
[  872.023791][ T5816] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[  872.031516][ T5816] Bluetooth: hci1: Malformed LE Event: 0x0d
[  873.132791][T15444] gs_usb 5-1:0.0: Couldn't get device config: (err=-110)
[  873.156316][T15596] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  873.438399][T15611] usb usb1: check_ctrlrecip: process 15611 (syz.2.2517) requesting ep 01 but needs 81
[  873.448417][T15611] usb usb1: usbfs: process 15611 (syz.2.2517) did not claim interface 0 before use
[  874.071438][T15444] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -110
[  874.519677][T15624] FAULT_INJECTION: forcing a failure.
[  874.519677][T15624] name failslab, interval 1, probability 0, space 0, times 0
[  874.532805][T15624] CPU: 1 UID: 0 PID: 15624 Comm: syz.0.2520 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  874.532824][T15624] Tainted: [L]=SOFTLOCKUP
[  874.532829][T15624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  874.532836][T15624] Call Trace:
[  874.532840][T15624]  <TASK>
[  874.532844][T15624]  dump_stack_lvl+0x16c/0x1f0
[  874.532864][T15624]  should_fail_ex+0x512/0x640
[  874.532881][T15624]  ? __kmalloc_noprof+0xca/0x910
[  874.532901][T15624]  should_failslab+0xc2/0x120
[  874.532917][T15624]  __kmalloc_noprof+0xeb/0x910
[  874.532935][T15624]  ? kernfs_fop_write_iter+0x237/0x570
[  874.532955][T15624]  ? kernfs_fop_write_iter+0x237/0x570
[  874.532972][T15624]  kernfs_fop_write_iter+0x237/0x570
[  874.532991][T15624]  vfs_write+0x7d3/0x11d0
[  874.533006][T15624]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  874.533025][T15624]  ? __pfx_vfs_write+0x10/0x10
[  874.533040][T15624]  ? __pfx_do_sys_openat2+0x10/0x10
[  874.533057][T15624]  ksys_write+0x12a/0x250
[  874.533071][T15624]  ? __pfx_ksys_write+0x10/0x10
[  874.533085][T15624]  ? __secure_computing+0x28e/0x3b0
[  874.533105][T15624]  do_syscall_64+0xcd/0xf80
[  874.533121][T15624]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.533132][T15624] RIP: 0033:0x7fd63618f749
[  874.533142][T15624] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  874.533153][T15624] RSP: 002b:00007fd637113038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  874.533165][T15624] RAX: ffffffffffffffda RBX: 00007fd6363e5fa0 RCX: 00007fd63618f749
[  874.533172][T15624] RDX: 0000000000000012 RSI: 0000200000000000 RDI: 000000000000000c
[  874.533179][T15624] RBP: 00007fd637113090 R08: 0000000000000000 R09: 0000000000000000
[  874.533185][T15624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.533192][T15624] R13: 00007fd6363e6038 R14: 00007fd6363e5fa0 R15: 00007ffd59dd64f8
[  874.533206][T15624]  </TASK>
[  875.178594][T15444] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  875.308757][T15632] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  875.315824][T15632] overlayfs: failed to set xattr on upper
[  875.321611][T15632] overlayfs: ...falling back to redirect_dir=nofollow.
[  875.328492][T15632] overlayfs: ...falling back to index=off.
[  875.334314][T15632] overlayfs: ...falling back to uuid=null.
[  875.340221][T15632] overlayfs: maximum fs stacking depth exceeded
[  875.394315][T15444] usb 3-1: Using ep0 maxpacket: 8
[  876.504424][T15444] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  876.516152][T15444] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.525100][T15444] usb 3-1: Product: syz
[  876.529776][T15444] usb 3-1: Manufacturer: syz
[  876.534469][T15444] usb 3-1: SerialNumber: syz
[  876.599755][T15444] usb 3-1: config 0 descriptor??
[  876.643232][ T7670] usb 5-1: USB disconnect, device number 51
[  876.824344][T15444] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  877.531288][ T5894] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  877.575738][ T7670] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  877.785031][ T7670] usb 5-1: Using ep0 maxpacket: 32
[  877.843467][ T7670] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  877.941321][ T7670] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.151055][ T7670] usb 5-1: Product: syz
[  878.155264][ T7670] usb 5-1: Manufacturer: syz
[  878.160498][ T7670] usb 5-1: SerialNumber: syz
[  878.301467][T15655] netlink: 'syz.0.2530': attribute type 21 has an invalid length.
[  878.755071][ T5894] usb 4-1: Using ep0 maxpacket: 32
[  878.767704][ T5894] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  878.880557][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.904369][ T5894] usb 4-1: Product: syz
[  878.908565][ T5894] usb 4-1: Manufacturer: syz
[  878.928044][ T5894] usb 4-1: SerialNumber: syz
[  878.948408][ T5894] usb 4-1: config 0 descriptor??
[  878.967829][ T5894] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  879.054492][T15444] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  879.069645][ T7670] usb 5-1: config 0 descriptor??
[  879.081424][ T7670] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  879.094614][T15444] usb 3-1: USB disconnect, device number 39
[  879.191054][T15663] cgroup: release_agent respecified
[  879.431694][T15670] pimreg: entered allmulticast mode
[  879.454754][T15673] atomic_op ffff888025600998 conn xmit_atomic 0000000000000000
[  879.497144][T15670] lo speed is unknown, defaulting to 1000
[  879.971334][T15640] fuse: Bad value for 'rootmode'
[  880.075670][ T5894] gspca_ov534_9: reg_w failed -110
[  880.140240][ T7670] gspca_ov534_9: reg_w failed -110
[  880.146073][T15666] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  880.158763][T15666] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  880.171162][T15666] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  880.177923][T15666] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  880.265860][T15695] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  880.273054][T15695] overlayfs: failed to set xattr on upper
[  880.278802][T15695] overlayfs: ...falling back to redirect_dir=nofollow.
[  880.285916][T15695] overlayfs: ...falling back to index=off.
[  880.291802][T15695] overlayfs: ...falling back to uuid=null.
[  880.297698][T15695] overlayfs: maximum fs stacking depth exceeded
[  880.364103][T15644] fuse: Bad value for 'rootmode'
[  880.499505][ T7670] gspca_ov534_9: Unknown sensor 0000
[  880.499796][ T7670] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22
[  881.162307][T15666] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  881.194909][T15666] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  881.239586][T15666] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  881.271477][T15666] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  881.319861][ T5894] gspca_ov534_9: Unknown sensor 0000
[  881.319940][ T5894] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  881.595604][  T850] usb 5-1: USB disconnect, device number 52
[  881.833944][ T7670] usb 4-1: USB disconnect, device number 39
[  881.966507][T15702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2539'.
[  883.086404][T15739] IPVS: set_ctl: invalid protocol: 0 10.1.1.0:19
[  883.165739][   T30] audit: type=1400 audit(1767685041.876:822): avc:  denied  { setattr } for  pid=15738 comm="syz.4.2546" name="/" dev="configfs" ino=176 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  883.518981][  T890] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  883.682186][  T890] usb 5-1: Using ep0 maxpacket: 32
[  883.692349][  T890] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  883.757660][  T890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.774764][  T890] usb 5-1: Product: syz
[  883.779687][  T890] usb 5-1: Manufacturer: syz
[  883.784275][  T890] usb 5-1: SerialNumber: syz
[  883.843199][  T890] usb 5-1: config 0 descriptor??
[  883.954277][  T890] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  884.422059][T15772] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  884.429150][T15772] overlayfs: failed to set xattr on upper
[  884.435015][T15772] overlayfs: ...falling back to redirect_dir=nofollow.
[  884.441901][T15772] overlayfs: ...falling back to index=off.
[  884.447789][T15772] overlayfs: ...falling back to uuid=null.
[  884.453700][T15772] overlayfs: maximum fs stacking depth exceeded
[  885.911916][T15749] fuse: Bad value for 'rootmode'
[  886.063308][T15786] FAULT_INJECTION: forcing a failure.
[  886.063308][T15786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  886.086345][T15786] CPU: 1 UID: 0 PID: 15786 Comm: syz.2.2556 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  886.086376][T15786] Tainted: [L]=SOFTLOCKUP
[  886.086383][T15786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  886.086393][T15786] Call Trace:
[  886.086400][T15786]  <TASK>
[  886.086407][T15786]  dump_stack_lvl+0x16c/0x1f0
[  886.086435][T15786]  should_fail_ex+0x512/0x640
[  886.086466][T15786]  _copy_from_iter+0x2a4/0x16c0
[  886.086499][T15786]  ? __pfx__copy_from_iter+0x10/0x10
[  886.086525][T15786]  ? __lock_acquire+0x436/0x2890
[  886.086545][T15786]  ? _parse_integer_limit+0x17f/0x1d0
[  886.086570][T15786]  ? _kstrtoull+0x145/0x200
[  886.086592][T15786]  tun_get_user+0x26d/0x3cc0
[  886.086624][T15786]  ? __lock_acquire+0x436/0x2890
[  886.086649][T15786]  ? __pfx_tun_get_user+0x10/0x10
[  886.086676][T15786]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  886.086701][T15786]  ? find_held_lock+0x2b/0x80
[  886.086729][T15786]  ? tun_get+0x191/0x370
[  886.086758][T15786]  tun_chr_write_iter+0xdc/0x210
[  886.086786][T15786]  vfs_write+0x7d3/0x11d0
[  886.086809][T15786]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  886.086838][T15786]  ? __pfx_vfs_write+0x10/0x10
[  886.086858][T15786]  ? find_held_lock+0x2b/0x80
[  886.086906][T15786]  ksys_write+0x12a/0x250
[  886.086928][T15786]  ? __pfx_ksys_write+0x10/0x10
[  886.086957][T15786]  do_syscall_64+0xcd/0xf80
[  886.086982][T15786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.087000][T15786] RIP: 0033:0x7f4b0298f749
[  886.087016][T15786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  886.087034][T15786] RSP: 002b:00007f4b03846038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  886.087054][T15786] RAX: ffffffffffffffda RBX: 00007f4b02be5fa0 RCX: 00007f4b0298f749
[  886.087066][T15786] RDX: 0000000000000036 RSI: 0000200000000040 RDI: 0000000000000003
[  886.087077][T15786] RBP: 00007f4b03846090 R08: 0000000000000000 R09: 0000000000000000
[  886.087089][T15786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  886.087100][T15786] R13: 00007f4b02be6038 R14: 00007f4b02be5fa0 R15: 00007ffc66d23538
[  886.087126][T15786]  </TASK>
[  886.331196][  T890] gspca_ov534_9: reg_w failed -71
[  886.437336][T15792] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  886.623822][  T890] gspca_ov534_9: Unknown sensor 0000
[  886.623906][  T890] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22
[  886.711608][  T890] usb 5-1: USB disconnect, device number 53
[  887.151373][T15809] netlink: 'syz.4.2562': attribute type 21 has an invalid length.
[  889.457790][T15821] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2564'.
[  890.130806][T15829] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  890.158613][T15829] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.394172][T15829] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  891.414801][T15829] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.906563][T15829] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  891.927847][T15829] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  892.085030][T15829] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  892.118649][T15829] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  892.231248][T15853] FAULT_INJECTION: forcing a failure.
[  892.231248][T15853] name failslab, interval 1, probability 0, space 0, times 0
[  892.244061][T15853] CPU: 1 UID: 0 PID: 15853 Comm: syz.3.2572 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  892.244085][T15853] Tainted: [L]=SOFTLOCKUP
[  892.244090][T15853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  892.244099][T15853] Call Trace:
[  892.244103][T15853]  <TASK>
[  892.244107][T15853]  dump_stack_lvl+0x16c/0x1f0
[  892.244126][T15853]  should_fail_ex+0x512/0x640
[  892.244144][T15853]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  892.244158][T15853]  should_failslab+0xc2/0x120
[  892.244173][T15853]  kmem_cache_alloc_node_noprof+0x86/0x800
[  892.244185][T15853]  ? copy_process+0x4b5/0x7430
[  892.244207][T15853]  ? copy_process+0x4b5/0x7430
[  892.244223][T15853]  copy_process+0x4b5/0x7430
[  892.244246][T15853]  ? __pfx_copy_process+0x10/0x10
[  892.244270][T15853]  kernel_clone+0xfc/0x910
[  892.244280][T15853]  ? __pfx_kernel_clone+0x10/0x10
[  892.244295][T15853]  ? __mutex_unlock_slowpath+0x161/0x790
[  892.244313][T15853]  __do_sys_clone+0xce/0x120
[  892.244322][T15853]  ? __pfx___do_sys_clone+0x10/0x10
[  892.244339][T15853]  ? ksys_write+0x1ac/0x250
[  892.244355][T15853]  ? __pfx_ksys_write+0x10/0x10
[  892.244372][T15853]  do_syscall_64+0xcd/0xf80
[  892.244388][T15853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  892.244400][T15853] RIP: 0033:0x7f36c218f749
[  892.244410][T15853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  892.244422][T15853] RSP: 002b:00007f36c2f41fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  892.244433][T15853] RAX: ffffffffffffffda RBX: 00007f36c23e5fa0 RCX: 00007f36c218f749
[  892.244441][T15853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  892.244447][T15853] RBP: 00007f36c2f42090 R08: 0000000000000000 R09: 0000000000000000
[  892.244453][T15853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  892.244460][T15853] R13: 00007f36c23e6038 R14: 00007f36c23e5fa0 R15: 00007fff9b162d98
[  892.244474][T15853]  </TASK>
[  892.292104][T12594] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  892.452954][ T7670] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  892.469391][T12594] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  892.535571][T12594] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  892.544340][T12594] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  892.554252][T12594] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  892.562714][T12594] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  892.571594][T12594] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  892.580338][T12594] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  892.666482][T15860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2575'.
[  892.729150][ T7670] usb 3-1: Using ep0 maxpacket: 32
[  892.736273][ T7670] usb 3-1: config 0 interface 0 has no altsetting 0
[  892.745817][ T7670] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  892.755728][ T7670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.764259][ T7670] usb 3-1: Product: syz
[  892.769642][ T7670] usb 3-1: Manufacturer: syz
[  892.774804][ T7670] usb 3-1: SerialNumber: syz
[  892.782202][ T7670] usb 3-1: config 0 descriptor??
[  893.235040][T15857] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  893.300063][ T7670] gs_usb 3-1:0.0: Configuring for 1 interfaces
[  893.454466][ T7670] gs_usb 3-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  893.466321][ T7670] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -22
[  893.482675][T15878] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  893.489655][T15878] overlayfs: failed to set xattr on upper
[  893.495489][T15878] overlayfs: ...falling back to redirect_dir=nofollow.
[  893.502418][T15878] overlayfs: ...falling back to index=off.
[  893.508212][T15878] overlayfs: ...falling back to uuid=null.
[  893.514128][T15878] overlayfs: maximum fs stacking depth exceeded
[  893.577521][ T9550] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  893.664401][   T10] usb 3-1: USB disconnect, device number 40
[  893.739232][ T9550] usb 5-1: Using ep0 maxpacket: 8
[  893.746904][ T9550] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  893.767209][ T9550] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  893.786418][ T9550] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  893.807133][ T9550] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  893.834176][ T9550] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  893.855832][ T9550] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.076669][ T9550] usb 5-1: GET_CAPABILITIES returned 0
[  894.091628][ T9550] usbtmc 5-1:16.0: can't read capabilities
[  894.542789][T15894] netlink: 'syz.2.2584': attribute type 21 has an invalid length.
[  894.869485][T15895] usbtmc 5-1:16.0: INDICATOR_PULSE returned f7
[  895.092360][ T9550] usb 5-1: USB disconnect, device number 54
[  896.724382][T15925] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2591'.
[  896.733539][T15925] netlink: 'syz.3.2591': attribute type 12 has an invalid length.
[  897.140675][T15927] input: syz1 as /devices/virtual/input/input23
[  897.353115][T15925] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2591'.
[  897.362163][T15925] netlink: 'syz.3.2591': attribute type 12 has an invalid length.
[  897.886992][T15942] netlink: 'syz.0.2596': attribute type 21 has an invalid length.
[  898.757457][T15956] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  898.764633][T15956] overlayfs: failed to set xattr on upper
[  898.770526][T15956] overlayfs: ...falling back to redirect_dir=nofollow.
[  898.777396][T15956] overlayfs: ...falling back to index=off.
[  898.783279][T15956] overlayfs: ...falling back to uuid=null.
[  898.789221][T15956] overlayfs: maximum fs stacking depth exceeded
[  900.552180][T15959] FAULT_INJECTION: forcing a failure.
[  900.552180][T15959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  900.577557][T15959] CPU: 0 UID: 0 PID: 15959 Comm: syz.3.2600 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  900.577587][T15959] Tainted: [L]=SOFTLOCKUP
[  900.577593][T15959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  900.577603][T15959] Call Trace:
[  900.577610][T15959]  <TASK>
[  900.577616][T15959]  dump_stack_lvl+0x16c/0x1f0
[  900.577643][T15959]  should_fail_ex+0x512/0x640
[  900.577673][T15959]  _copy_from_user+0x2e/0xd0
[  900.577700][T15959]  copy_msghdr_from_user+0x98/0x160
[  900.577719][T15959]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  900.577739][T15959]  ? __pfx__kstrtoull+0x10/0x10
[  900.577760][T15959]  ___sys_sendmsg+0xfe/0x1d0
[  900.577776][T15959]  ? __pfx____sys_sendmsg+0x10/0x10
[  900.577801][T15959]  ? find_held_lock+0x2b/0x80
[  900.577849][T15959]  __sys_sendmmsg+0x200/0x420
[  900.577867][T15959]  ? __pfx___sys_sendmmsg+0x10/0x10
[  900.577890][T15959]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  900.577920][T15959]  ? fput+0x70/0xf0
[  900.577933][T15959]  ? ksys_write+0x1ac/0x250
[  900.577952][T15959]  ? __pfx_ksys_write+0x10/0x10
[  900.577974][T15959]  __x64_sys_sendmmsg+0x9c/0x100
[  900.577989][T15959]  ? lockdep_hardirqs_on+0x7c/0x110
[  900.578009][T15959]  do_syscall_64+0xcd/0xf80
[  900.578030][T15959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  900.578046][T15959] RIP: 0033:0x7f36c218f749
[  900.578059][T15959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  900.578073][T15959] RSP: 002b:00007f36c2f42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  900.578089][T15959] RAX: ffffffffffffffda RBX: 00007f36c23e5fa0 RCX: 00007f36c218f749
[  900.578099][T15959] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 000000000000000c
[  900.578109][T15959] RBP: 00007f36c2f42090 R08: 0000000000000000 R09: 0000000000000000
[  900.578117][T15959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  900.578126][T15959] R13: 00007f36c23e6038 R14: 00007f36c23e5fa0 R15: 00007fff9b162d98
[  900.578147][T15959]  </TASK>
[  901.228758][T15970] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2603'.
[  901.682725][ T9550] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  902.074346][ T9550] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  902.092126][ T9550] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  902.101756][ T9550] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.142148][ T9550] usb 5-1: config 0 descriptor??
[  902.150559][ T9550] pwc: Askey VC010 type 2 USB webcam detected.
[  902.984271][ T9550] pwc: recv_control_msg error -32 req 02 val 2b00
[  902.991396][ T9550] pwc: recv_control_msg error -32 req 02 val 2700
[  902.998796][ T9550] pwc: recv_control_msg error -32 req 02 val 2c00
[  903.058052][ T9550] pwc: recv_control_msg error -32 req 04 val 1000
[  903.082543][ T9550] pwc: recv_control_msg error -32 req 04 val 1300
[  903.093416][ T9550] pwc: recv_control_msg error -32 req 04 val 1400
[  903.105983][ T9550] pwc: recv_control_msg error -32 req 02 val 2000
[  903.130443][ T9550] pwc: recv_control_msg error -32 req 02 val 2100
[  903.398533][ T9550] pwc: recv_control_msg error -32 req 02 val 2500
[  903.407126][ T9550] pwc: recv_control_msg error -32 req 02 val 2400
[  903.414657][ T9550] pwc: recv_control_msg error -32 req 02 val 2600
[  903.466570][T15992] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  903.613383][ T9550] pwc: recv_control_msg error -71 req 02 val 2800
[  903.622873][ T9550] pwc: recv_control_msg error -71 req 04 val 1100
[  903.635767][ T9550] pwc: recv_control_msg error -71 req 04 val 1200
[  903.665700][ T9550] pwc: Registered as video103.
[  903.672138][ T9550] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input24
[  903.760234][ T9550] usb 5-1: USB disconnect, device number 55
[  904.293508][T16019] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2613'.
[  904.302534][T16019] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2613'.
[  904.311518][T16019] netlink: 'syz.0.2613': attribute type 12 has an invalid length.
[  904.322361][T16019] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2613'.
[  904.331476][T16019] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2613'.
[  904.347004][T16019] netlink: 'syz.0.2613': attribute type 12 has an invalid length.
[  904.621590][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  906.174283][T16047] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  906.191700][T15444] IPVS: starting estimator thread 0...
[  906.320053][T16049] IPVS: using max 74 ests per chain, 177600 per kthread
[  906.520965][T15444] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  906.668598][T15444] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  906.683481][T15444] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  906.701137][T15444] usb 5-1: Product: syz
[  906.725557][T15444] usb 5-1: Manufacturer: syz
[  906.741625][T15444] usb 5-1: SerialNumber: syz
[  906.762936][T15444] usb 5-1: config 0 descriptor??
[  906.777627][T15444] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 056
[  907.496772][T15444] i2c i2c-1: failure reading functionality
[  907.539509][T15444] i2c i2c-1: connected i2c-tiny-usb device
[  907.998402][T16083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  908.007649][T16083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  908.153806][T16077] 9pnet_virtio: no channels available for device syz
[  908.418285][   T30] audit: type=1400 audit(1767685068.397:823): avc:  denied  { write } for  pid=16087 comm="syz.0.2630" path="socket:[52766]" dev="sockfs" ino=52766 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  908.515183][T16088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2630'.
[  909.557866][ T9550] usb 5-1: USB disconnect, device number 56
[  909.959684][T14271] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  910.102575][T14271] usb 3-1: device descriptor read/64, error -71
[  910.349842][T14271] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  911.683629][T14271] usb 3-1: device descriptor read/64, error -71
[  911.893368][T14271] usb usb3-port1: attempt power cycle
[  913.023362][   T30] audit: type=1400 audit(1767685073.216:824): avc:  denied  { ioctl } for  pid=16148 comm="syz.2.2646" path="socket:[53016]" dev="sockfs" ino=53016 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  913.089339][   T30] audit: type=1400 audit(1767685073.227:825): avc:  denied  { associate } for  pid=16148 comm="syz.2.2646" name="cpuacct.usage_all" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  914.731230][T14271] usb 5-1: new low-speed USB device number 57 using dummy_hcd
[  915.142578][T14271] usb 5-1: config 2 has 0 interfaces, different from the descriptor's value: 1
[  915.156209][T14271] usb 5-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=b3.76
[  915.255400][ T7670] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  915.366609][T14271] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  915.608541][ T7670] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  915.617893][ T7670] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.625910][ T7670] usb 3-1: Product: syz
[  915.630578][ T7670] usb 3-1: Manufacturer: syz
[  915.635637][ T7670] usb 3-1: SerialNumber: syz
[  915.679563][ T7670] usb 3-1: config 0 descriptor??
[  915.738906][T16177] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  915.850876][T16177] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2652'.
[  915.860045][T16177] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  915.880150][T16177] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2306 sclass=netlink_route_socket pid=16177 comm=syz.1.2652
[  916.121000][ T7670] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 044
[  916.228107][   T30] audit: type=1400 audit(1767685076.597:826): avc:  denied  { read } for  pid=16163 comm="syz.4.2649" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  916.383781][   T30] audit: type=1400 audit(1767685076.597:827): avc:  denied  { open } for  pid=16163 comm="syz.4.2649" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  916.454559][   T30] audit: type=1400 audit(1767685076.628:828): avc:  denied  { ioctl } for  pid=16163 comm="syz.4.2649" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  916.481385][ T7670]  (null): failure reading functionality
[  916.560210][T16179] sctp: [Deprecated]: syz.2.2651 (pid 16179) Use of int in max_burst socket option.
[  916.560210][T16179] Use struct sctp_assoc_value instead
[  916.879063][T16184] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  916.886187][T16184] overlayfs: failed to set xattr on upper
[  916.891970][T16184] overlayfs: ...falling back to redirect_dir=nofollow.
[  916.898896][T16184] overlayfs: ...falling back to index=off.
[  916.904808][T16184] overlayfs: ...falling back to uuid=null.
[  916.910716][T16184] overlayfs: maximum fs stacking depth exceeded
[  918.382423][ T7670] i2c i2c-1: failure reading functionality
[  918.934323][ T7670] i2c i2c-1: connected i2c-tiny-usb device
[  920.427631][T16205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2657'.
[  920.436644][T16205] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2657'.
[  920.445820][T16205] netlink: 'syz.1.2657': attribute type 12 has an invalid length.
[  921.420891][ T7670] usb 3-1: USB disconnect, device number 44
[  921.443895][T16205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2657'.
[  921.454267][T16205] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2657'.
[  921.465108][T16205] netlink: 'syz.1.2657': attribute type 12 has an invalid length.
[  921.688325][  T890] usb 5-1: USB disconnect, device number 57
[  921.885572][T16214] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2659'.
[  922.029638][T16219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2660'.
[  923.788603][T16243] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  923.795725][T16243] overlayfs: failed to set xattr on upper
[  923.801529][T16243] overlayfs: ...falling back to redirect_dir=nofollow.
[  923.808445][T16243] overlayfs: ...falling back to index=off.
[  923.814260][T16243] overlayfs: ...falling back to uuid=null.
[  923.820212][T16243] overlayfs: maximum fs stacking depth exceeded
[  926.711058][T16273] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2672'.
[  926.751686][   T30] audit: type=1400 audit(1767685087.558:829): avc:  denied  { accept } for  pid=16270 comm="syz.3.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  926.893380][T16273] tipc: Can't bind to reserved service type 1
[  926.946274][T16273] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2672'.
[  927.341921][T16282] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2673'.
[  928.130677][   T30] audit: type=1400 audit(1767685089.091:830): avc:  denied  { getopt } for  pid=16270 comm="syz.3.2672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  928.643265][T16283] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2674'.
[  929.448313][  T890] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  930.085011][  T890] usb 3-1: Using ep0 maxpacket: 32
[  930.091595][  T890] usb 3-1: config 2 has an invalid interface number: 88 but max is 0
[  930.102265][  T890] usb 3-1: config 2 has no interface number 0
[  930.132736][  T890] usb 3-1: config 2 interface 88 has no altsetting 0
[  930.142426][  T890] usb 3-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  930.155698][  T890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.164531][  T890] usb 3-1: Product: syz
[  930.168847][  T890] usb 3-1: Manufacturer: syz
[  930.173831][  T890] usb 3-1: SerialNumber: syz
[  930.187749][  T890] asix 3-1:2.88: probe with driver asix failed with error -22
[  930.397969][  T890] usb 3-1: USB disconnect, device number 45
[  931.094450][T16326] usb usb1: check_ctrlrecip: process 16326 (syz.4.2684) requesting ep 01 but needs 81
[  931.104319][T16326] usb usb1: usbfs: process 16326 (syz.4.2684) did not claim interface 0 before use
[  931.961286][T16337] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2685'.
[  933.457480][  T890] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  933.652354][T16359] lo speed is unknown, defaulting to 1000
[  933.699388][  T890] usb 4-1: Using ep0 maxpacket: 32
[  933.711398][  T890] usb 4-1: config 0 interface 0 has no altsetting 0
[  933.720323][  T890] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  933.729487][  T890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  933.737548][  T890] usb 4-1: Product: syz
[  933.744107][  T890] usb 4-1: Manufacturer: syz
[  933.749159][  T890] usb 4-1: SerialNumber: syz
[  933.763895][  T890] usb 4-1: config 0 descriptor??
[  934.364113][T16348] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  934.495115][  T890] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  934.573238][  T890] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO)
[  934.585173][  T890] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71
[  934.632027][  T890] usb 4-1: USB disconnect, device number 40
[  936.917684][T16400] usb usb1: check_ctrlrecip: process 16400 (syz.3.2705) requesting ep 01 but needs 81
[  936.927613][T16400] usb usb1: usbfs: process 16400 (syz.3.2705) did not claim interface 0 before use
[  937.107044][T16402] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  937.676299][  T890] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  938.445527][  T890] usb 4-1: Using ep0 maxpacket: 32
[  938.458286][  T890] usb 4-1: config 0 interface 0 has no altsetting 0
[  938.466724][  T890] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  938.475766][  T890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  938.485645][  T890] usb 4-1: Product: syz
[  938.489818][  T890] usb 4-1: Manufacturer: syz
[  938.494486][  T890] usb 4-1: SerialNumber: syz
[  938.502370][T16434] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2714'.
[  938.520750][  T890] usb 4-1: config 0 descriptor??
[  938.932217][T16411] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  938.965429][  T890] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  939.318177][  T890] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO)
[  939.338889][  T890] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71
[  939.922412][  T890] usb 4-1: USB disconnect, device number 41
[  940.711966][T16460] netlink: 'syz.3.2721': attribute type 21 has an invalid length.
[  940.847776][  T890] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  940.990621][  T890] usb 3-1: Using ep0 maxpacket: 32
[  941.026508][  T890] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  941.053150][  T890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  941.083395][  T890] usb 3-1: Product: syz
[  941.095828][  T890] usb 3-1: Manufacturer: syz
[  941.100528][  T890] usb 3-1: SerialNumber: syz
[  941.114035][  T890] usb 3-1: config 0 descriptor??
[  941.125974][  T890] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  942.446580][T16457] fuse: Bad value for 'rootmode'
[  942.634664][  T890] gspca_ov534_9: reg_w failed -110
[  943.467540][  T890] gspca_ov534_9: Unknown sensor 0000
[  943.467617][  T890] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  943.866117][T16507] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2734'.
[  943.876146][T16507] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2734'.
[  944.557724][T16512] netlink: 'syz.3.2725': attribute type 1 has an invalid length.
[  944.567514][T16512] netlink: 'syz.3.2725': attribute type 2 has an invalid length.
[  944.814171][  T850] usb 3-1: USB disconnect, device number 46
[  946.380853][T16531] lo speed is unknown, defaulting to 1000
[  947.882226][   T30] audit: type=1400 audit(1767685109.826:831): avc:  denied  { connect } for  pid=16542 comm="syz.0.2745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  948.454265][T16547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5136 sclass=netlink_route_socket pid=16547 comm=syz.0.2745
[  948.970324][T16537] lo speed is unknown, defaulting to 1000
[  949.574002][T16558] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2748'.
[  950.388807][ T5829] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  950.413480][ T5829] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  950.422821][ T5829] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  950.435679][ T5829] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  950.444154][ T5829] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  950.458467][ T5873] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  950.467545][ T5816] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  950.484587][ T5816] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  950.492347][ T5816] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  950.525725][ T5816] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  950.541297][ T5816] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  950.572605][T16565] lo speed is unknown, defaulting to 1000
[  950.610862][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  950.641657][ T5873] usb 4-1: unable to get BOS descriptor or descriptor too short
[  950.697648][ T5873] usb 4-1: config 8 has an invalid interface number: 170 but max is 0
[  950.705842][ T5873] usb 4-1: config 8 has no interface number 0
[  950.760872][ T5873] usb 4-1: config 8 interface 170 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  950.821916][ T5873] usb 4-1: config 8 interface 170 altsetting 2 endpoint 0xB has invalid maxpacket 22275, setting to 64
[  950.885601][ T5873] usb 4-1: config 8 interface 170 has no altsetting 0
[  950.927456][ T5873] usb 4-1: New USB device found, idVendor=1385, idProduct=4250, bcdDevice=63.ab
[  950.955334][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  950.980867][ T5873] usb 4-1: Product: syz
[  950.995163][ T5873] usb 4-1: Manufacturer: syz
[  951.006431][ T5873] usb 4-1: SerialNumber: syz
[  951.154934][ T8121] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  951.649796][ T8121] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  951.740368][   T30] audit: type=1326 audit(1767685113.879:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  951.801914][   T30] audit: type=1326 audit(1767685113.911:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  951.834315][   T30] audit: type=1326 audit(1767685113.911:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  951.836241][ T8121] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  951.868238][   T30] audit: type=1326 audit(1767685113.911:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  951.868291][   T30] audit: type=1326 audit(1767685113.911:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  951.868330][   T30] audit: type=1326 audit(1767685113.911:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  951.896875][ T8121] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  951.969971][   T30] audit: type=1326 audit(1767685113.911:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  952.150428][T16583] 9pnet_virtio: no channels available for device syz
[  952.235713][ T5873] usb 4-1: Could not find all expected endpoints
[  952.269063][   T30] audit: type=1326 audit(1767685113.911:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  952.299098][   T30] audit: type=1326 audit(1767685113.911:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16562 comm="syz.3.2750" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c218f749 code=0x7ffc0000
[  952.325546][ T8121] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  952.343988][ T5873] usb 4-1: USB disconnect, device number 42
[  952.352186][ T8121] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.441749][ T8121] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  952.452508][ T8121] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  952.497367][ T5829] Bluetooth: hci5: command tx timeout
[  952.531731][T16565] chnl_net:caif_netlink_parms(): no params data found
[  952.692791][ T8121] bridge_slave_1: left allmulticast mode
[  952.706314][ T8121] bridge_slave_1: left promiscuous mode
[  952.713755][ T8121] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.737225][ T8121] bridge_slave_0: left allmulticast mode
[  952.746297][ T8121] bridge_slave_0: left promiscuous mode
[  952.752087][ T8121] bridge0: port 1(bridge_slave_0) entered disabled state
[  953.391720][ T9550] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  953.557555][ T9550] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  953.577234][ T9550] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  953.587188][ T9550] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  953.604320][ T9550] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.618800][ T9550] usb 3-1: config 0 descriptor??
[  954.390651][ T9550] hid_parser_main: 24 callbacks suppressed
[  954.390674][ T9550] lenovo 0003:17EF:6047.0016: unknown main item tag 0x0
[  954.429941][ T9550] lenovo 0003:17EF:6047.0016: unknown main item tag 0x0
[  954.449784][ T9550] lenovo 0003:17EF:6047.0016: unknown main item tag 0x0
[  954.464112][ T9550] lenovo 0003:17EF:6047.0016: unknown main item tag 0x0
[  954.471323][ T9550] lenovo 0003:17EF:6047.0016: unknown main item tag 0x0
[  954.489457][ T5829] Bluetooth: hci5: command tx timeout
[  954.517466][ T9550] lenovo 0003:17EF:6047.0016: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  954.651629][ T8121] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  954.679162][ T8121] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  954.713900][ T8121] bond0 (unregistering): (slave bond1): Releasing backup interface
[  954.723561][ T8121] bond0 (unregistering): Released all slaves
[  954.824707][ T8121] bond1 (unregistering): Released all slaves
[  954.838161][T16565] bridge0: port 1(bridge_slave_0) entered blocking state
[  954.857383][T16565] bridge0: port 1(bridge_slave_0) entered disabled state
[  954.866399][T16565] bridge_slave_0: entered allmulticast mode
[  954.873914][T16565] bridge_slave_0: entered promiscuous mode
[  954.902243][ T8121] tipc: Left network mode
[  954.916320][T16565] bridge0: port 2(bridge_slave_1) entered blocking state
[  954.936492][T16565] bridge0: port 2(bridge_slave_1) entered disabled state
[  954.945118][T16565] bridge_slave_1: entered allmulticast mode
[  954.967781][T16565] bridge_slave_1: entered promiscuous mode
[  955.126239][ T9550] lenovo 0003:17EF:6047.0016: Sensitivity setting failed: -71
[  955.148349][ T9550] usb 3-1: USB disconnect, device number 47
[  955.334611][T16565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  955.415194][T16565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  955.499085][T16630] netlink: 'syz.3.2762': attribute type 2 has an invalid length.
[  956.115303][T16565] team0: Port device team_slave_0 added
[  956.206572][T16565] team0: Port device team_slave_1 added
[  956.279683][T16629] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2763'.
[  956.487883][ T5829] Bluetooth: hci5: command tx timeout
[  956.686267][T16565] batman_adv: batadv0: Adding interface: batadv_slave_0
[  956.714305][T16565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  956.986264][T16565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  957.011886][ T8121] hsr_slave_0: left promiscuous mode
[  957.031208][ T8121] hsr_slave_1: left promiscuous mode
[  957.047008][ T8121] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  957.066012][ T8121] batman_adv: batadv0: Removing interface: batadv_slave_0
[  957.084710][ T8121] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  957.101289][ T8121] batman_adv: batadv0: Removing interface: batadv_slave_1
[  957.173714][ T8121] veth1_macvtap: left promiscuous mode
[  957.180109][ T8121] veth0_macvtap: left promiscuous mode
[  957.186202][ T8121] veth1_vlan: left promiscuous mode
[  957.216728][ T8121] veth0_vlan: left promiscuous mode
[  957.345486][T16656] input: syz1 as /devices/virtual/input/input26
[  957.424192][T16657] 9pnet_virtio: no channels available for device syz
[  957.761433][ T8121] pim6reg (unregistering): left allmulticast mode
[  958.441818][ T5829] Bluetooth: hci5: command tx timeout
[  959.442980][ T8121] team0 (unregistering): Port device team_slave_1 removed
[  959.529548][ T8121] team0 (unregistering): Port device team_slave_0 removed
[  959.939041][T16688] netlink: 'syz.2.2774': attribute type 2 has an invalid length.
[  960.345790][   T12] smc: removing ib device syz0
[  960.460340][T16565] batman_adv: batadv0: Adding interface: batadv_slave_1
[  960.574202][T16565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  960.755295][T16565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  960.806297][ T5873] lo speed is unknown, defaulting to 1000
[  960.822280][ T5873] syz0: Port: 1 Link DOWN
[  960.863449][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  960.863465][   T30] audit: type=1400 audit(1767685123.444:848): avc:  denied  { setattr } for  pid=16698 comm="syz.2.2775" name="dmmidi2" dev="devtmpfs" ino=1305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  960.940067][T16676] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  961.154324][ T5873] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  961.237416][   T30] audit: type=1400 audit(1767685123.843:849): avc:  denied  { allowed } for  pid=16705 comm="syz.4.2778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  961.372682][ T5873] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  961.539225][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  961.586561][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  961.597468][ T5873] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  961.613700][ T5873] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  961.631277][ T5873] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  961.675392][ T5873] usb 3-1: Manufacturer: syz
[  961.883349][ T5873] usb 3-1: config 0 descriptor??
[  961.930768][T16565] hsr_slave_0: entered promiscuous mode
[  961.974355][T16565] hsr_slave_1: entered promiscuous mode
[  962.010992][T16565] debugfs: 'hsr0' already exists in 'hsr'
[  962.036510][T16565] Cannot create hsr debugfs directory
[  962.434887][ T5873] appleir 0003:05AC:8243.0017: unknown main item tag 0x0
[  962.541895][T16721] netlink: 'syz.4.2781': attribute type 3 has an invalid length.
[  962.787241][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  962.808021][ T5873] appleir 0003:05AC:8243.0017: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  963.165172][T16735] FAULT_INJECTION: forcing a failure.
[  963.165172][T16735] name failslab, interval 1, probability 0, space 0, times 0
[  963.227312][T16735] CPU: 1 UID: 0 PID: 16735 Comm: syz.0.2782 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  963.227343][T16735] Tainted: [L]=SOFTLOCKUP
[  963.227348][T16735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  963.227359][T16735] Call Trace:
[  963.227365][T16735]  <TASK>
[  963.227372][T16735]  dump_stack_lvl+0x16c/0x1f0
[  963.227401][T16735]  should_fail_ex+0x512/0x640
[  963.227429][T16735]  ? fs_reclaim_acquire+0xae/0x150
[  963.227457][T16735]  should_failslab+0xc2/0x120
[  963.227480][T16735]  __kmalloc_noprof+0xeb/0x910
[  963.227509][T16735]  ? tomoyo_encode2+0x100/0x3e0
[  963.227537][T16735]  ? tomoyo_encode2+0x100/0x3e0
[  963.227560][T16735]  tomoyo_encode2+0x100/0x3e0
[  963.227589][T16735]  tomoyo_encode+0x29/0x50
[  963.227612][T16735]  tomoyo_realpath_from_path+0x18f/0x6e0
[  963.227639][T16735]  ? tomoyo_profile+0x47/0x60
[  963.227668][T16735]  tomoyo_path_number_perm+0x245/0x580
[  963.227689][T16735]  ? tomoyo_path_number_perm+0x237/0x580
[  963.227714][T16735]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  963.227737][T16735]  ? find_held_lock+0x2b/0x80
[  963.227789][T16735]  ? find_held_lock+0x2b/0x80
[  963.227815][T16735]  ? hook_file_ioctl_common+0x144/0x410
[  963.227849][T16735]  ? __fget_files+0x20e/0x3c0
[  963.227879][T16735]  security_file_ioctl+0x9b/0x240
[  963.227905][T16735]  __x64_sys_ioctl+0xb7/0x210
[  963.227935][T16735]  do_syscall_64+0xcd/0xf80
[  963.227961][T16735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.227980][T16735] RIP: 0033:0x7fd63618f749
[  963.227996][T16735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  963.228014][T16735] RSP: 002b:00007fd6370f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  963.228032][T16735] RAX: ffffffffffffffda RBX: 00007fd6363e6090 RCX: 00007fd63618f749
[  963.228045][T16735] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  963.228056][T16735] RBP: 00007fd6370f2090 R08: 0000000000000000 R09: 0000000000000000
[  963.228067][T16735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  963.228078][T16735] R13: 00007fd6363e6128 R14: 00007fd6363e6090 R15: 00007ffd59dd64f8
[  963.228104][T16735]  </TASK>
[  963.228124][T16735] ERROR: Out of memory at tomoyo_realpath_from_path.
[  963.642149][T16743] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  963.649134][T16743] overlayfs: failed to set xattr on upper
[  963.655012][T16743] overlayfs: ...falling back to redirect_dir=nofollow.
[  963.661986][T16743] overlayfs: ...falling back to index=off.
[  963.667783][T16743] overlayfs: ...falling back to uuid=null.
[  963.673643][T16743] overlayfs: maximum fs stacking depth exceeded
[  965.569368][ T5873] usb 3-1: reset high-speed USB device number 48 using dummy_hcd
[  965.843148][T16751] netlink: 'syz.4.2784': attribute type 2 has an invalid length.
[  966.517282][ T7670] usb 3-1: USB disconnect, device number 48
[  966.708144][   T30] audit: type=1400 audit(1767685129.586:850): avc:  denied  { read } for  pid=16759 comm="syz.4.2787" dev="nsfs" ino=4026532965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  966.750870][   T30] audit: type=1400 audit(1767685129.586:851): avc:  denied  { open } for  pid=16759 comm="syz.4.2787" path="net:[4026532965]" dev="nsfs" ino=4026532965 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  966.841147][   T30] audit: type=1400 audit(1767685129.712:852): avc:  denied  { read } for  pid=16759 comm="syz.4.2787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  966.990521][T16769] tipc: Started in network mode
[  966.995557][T16769] tipc: Node identity 1e08eb5a51df, cluster identity 4711
[  967.003055][T16769] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  967.166281][T16764] tipc: Disabling bearer <eth:syzkaller0>
[  967.676258][ T8121] IPVS: stop unused estimator thread 0...
[  967.708673][T16565] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  967.846526][T16565] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  967.995014][T16565] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  968.067543][T16565] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  968.140485][   T30] audit: type=1400 audit(1767685131.097:853): avc:  denied  { connect } for  pid=16797 comm="syz.2.2796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  969.250437][T16565] 8021q: adding VLAN 0 to HW filter on device bond0
[  969.399013][T16565] 8021q: adding VLAN 0 to HW filter on device team0
[  969.429395][ T8127] bridge0: port 1(bridge_slave_0) entered blocking state
[  969.436536][ T8127] bridge0: port 1(bridge_slave_0) entered forwarding state
[  969.493399][ T8121] bridge0: port 2(bridge_slave_1) entered blocking state
[  969.500559][ T8121] bridge0: port 2(bridge_slave_1) entered forwarding state
[  969.722152][  T890] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  969.806281][T16826] 9pnet_virtio: no channels available for device syz
[  969.890219][  T890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  969.924771][  T890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  969.950972][  T890] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  970.079616][  T890] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  970.099721][  T890] usb 5-1: Manufacturer: syz
[  970.114668][  T890] usb 5-1: config 0 descriptor??
[  970.425360][T16565] 8021q: adding VLAN 0 to HW filter on device batadv0
[  970.799881][T16565] veth0_vlan: entered promiscuous mode
[  970.841871][T16565] veth1_vlan: entered promiscuous mode
[  970.930384][T16565] veth0_macvtap: entered promiscuous mode
[  970.959048][T16565] veth1_macvtap: entered promiscuous mode
[  971.009257][T16565] batman_adv: batadv0: Interface activated: batadv_slave_0
[  971.036920][T16565] batman_adv: batadv0: Interface activated: batadv_slave_1
[  971.064102][ T8127] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  971.103226][ T8127] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  971.131088][ T8127] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  971.186347][ T8127] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  971.399281][  T890] uclogic 0003:256C:006D.0018: interface is invalid, ignoring
[  971.507887][  T890] usb 5-1: USB disconnect, device number 58
[  971.533092][ T8121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  971.567539][ T8121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  971.603045][ T8127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  971.631334][ T8127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  971.653410][   T30] audit: type=1400 audit(1767685134.783:854): avc:  denied  { mounton } for  pid=16565 comm="syz-executor" path="/root/syzkaller.ZDqqyv/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  971.709857][   T30] audit: type=1400 audit(1767685134.783:855): avc:  denied  { mounton } for  pid=16565 comm="syz-executor" path="/root/syzkaller.ZDqqyv/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  971.821255][   T30] audit: type=1400 audit(1767685134.783:856): avc:  denied  { mounton } for  pid=16565 comm="syz-executor" path="/root/syzkaller.ZDqqyv/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=55770 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  972.105346][   T30] audit: type=1400 audit(1767685134.846:857): avc:  denied  { mounton } for  pid=16565 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  972.266294][   T30] audit: type=1400 audit(1767685134.993:858): avc:  denied  { mounton } for  pid=16565 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  975.759799][T16908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2815'.
[  976.026186][T16917] program syz.0.2817 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  976.036363][T16917] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  976.106414][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.129615][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.174543][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.182164][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.243923][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.251754][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.259576][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.272418][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.280725][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.288146][  T850] hid-generic 0000:0000:0000.0019: unknown main item tag 0x0
[  976.339059][  T850] hid-generic 0000:0000:0000.0019: hidraw0: <UNKNOWN> HID v0.43 Device [syz1] on syz1
[  976.508390][T16859] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  976.634084][T16932] netlink: 'syz.1.2819': attribute type 21 has an invalid length.
[  976.974278][T16923] fido_id[16923]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  977.447137][T16859] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  977.465202][T16859] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  977.509037][ T5873] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  977.528569][T16859] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  978.524497][T16859] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  978.670939][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  978.717799][T16859] usb 5-1: SerialNumber: syz
[  978.724393][T16859] usb 5-1: can't set config #1, error -71
[  978.745137][T16859] usb 5-1: USB disconnect, device number 59
[  978.756548][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  978.935926][ T5873] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  978.949186][ T5873] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  978.966719][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  979.411891][ T5873] usb 3-1: config 0 descriptor??
[  979.459770][ T5873] usb 3-1: can't set config #0, error -71
[  979.489952][ T5873] usb 3-1: USB disconnect, device number 49
[  981.571857][T16980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2829'.
[  982.296191][T16995] netlink: 'syz.3.2831': attribute type 21 has an invalid length.
[  982.958447][T17008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  983.036646][  T850] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  983.083189][T17016] FAULT_INJECTION: forcing a failure.
[  983.083189][T17016] name failslab, interval 1, probability 0, space 0, times 0
[  983.095933][T17016] CPU: 1 UID: 0 PID: 17016 Comm: syz.0.2833 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  983.095960][T17016] Tainted: [L]=SOFTLOCKUP
[  983.095967][T17016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  983.095978][T17016] Call Trace:
[  983.095984][T17016]  <TASK>
[  983.095992][T17016]  dump_stack_lvl+0x16c/0x1f0
[  983.096021][T17016]  should_fail_ex+0x512/0x640
[  983.096047][T17016]  ? kmem_cache_alloc_noprof+0x62/0x770
[  983.096069][T17016]  should_failslab+0xc2/0x120
[  983.096093][T17016]  kmem_cache_alloc_noprof+0x83/0x770
[  983.096111][T17016]  ? sched_clock+0x38/0x60
[  983.096127][T17016]  ? skb_clone+0x190/0x3f0
[  983.096151][T17016]  ? skb_clone+0x190/0x3f0
[  983.096167][T17016]  skb_clone+0x190/0x3f0
[  983.096187][T17016]  nfnetlink_rcv_batch+0x1cf/0x2350
[  983.096221][T17016]  ? lockdep_hardirqs_on+0x7c/0x110
[  983.096251][T17016]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  983.096294][T17016]  ? avc_has_perm_noaudit+0x149/0x3b0
[  983.096326][T17016]  ? __asan_memset+0x23/0x50
[  983.096344][T17016]  ? __nla_validate_parse+0x600/0x2880
[  983.096370][T17016]  ? __pfx___nla_validate_parse+0x10/0x10
[  983.096400][T17016]  ? __nla_parse+0x40/0x60
[  983.096423][T17016]  nfnetlink_rcv+0x3c1/0x430
[  983.096450][T17016]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  983.096477][T17016]  ? netlink_skb_set_owner_r+0x3e/0x1b0
[  983.096500][T17016]  ? netlink_skb_set_owner_r+0x100/0x1b0
[  983.096528][T17016]  netlink_unicast+0x5aa/0x870
[  983.096554][T17016]  ? __pfx_netlink_unicast+0x10/0x10
[  983.096585][T17016]  netlink_sendmsg+0x8c8/0xdd0
[  983.096611][T17016]  ? __pfx_netlink_sendmsg+0x10/0x10
[  983.096642][T17016]  ____sys_sendmsg+0xa5d/0xc30
[  983.096667][T17016]  ? copy_msghdr_from_user+0x10a/0x160
[  983.096686][T17016]  ? __pfx_____sys_sendmsg+0x10/0x10
[  983.096716][T17016]  ? __pfx___schedule+0x10/0x10
[  983.096749][T17016]  ___sys_sendmsg+0x134/0x1d0
[  983.096769][T17016]  ? __pfx____sys_sendmsg+0x10/0x10
[  983.096788][T17016]  ? rcu_is_watching+0x12/0xc0
[  983.096834][T17016]  __sys_sendmsg+0x16d/0x220
[  983.096853][T17016]  ? __pfx___sys_sendmsg+0x10/0x10
[  983.096887][T17016]  do_syscall_64+0xcd/0xf80
[  983.096912][T17016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  983.096930][T17016] RIP: 0033:0x7fd63618f749
[  983.096946][T17016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  983.096963][T17016] RSP: 002b:00007fd6370d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  983.096982][T17016] RAX: ffffffffffffffda RBX: 00007fd6363e6180 RCX: 00007fd63618f749
[  983.096994][T17016] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000005
[  983.097006][T17016] RBP: 00007fd6370d1090 R08: 0000000000000000 R09: 0000000000000000
[  983.097016][T17016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  983.097027][T17016] R13: 00007fd6363e6218 R14: 00007fd6363e6180 R15: 00007ffd59dd64f8
[  983.097051][T17016]  </TASK>
[  983.491198][T17008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  983.564847][T17008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  983.870823][  T850] usb 5-1: Using ep0 maxpacket: 32
[  983.953683][  T850] usb 5-1: config 0 interface 0 has no altsetting 0
[  984.053106][  T850] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  984.159735][  T850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  984.186437][  T850] usb 5-1: Product: syz
[  984.202896][  T850] usb 5-1: Manufacturer: syz
[  984.218973][  T850] usb 5-1: SerialNumber: syz
[  984.238823][  T850] usb 5-1: config 0 descriptor??
[  984.742862][T17001] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  984.764847][  T850] gs_usb 5-1:0.0: Configuring for 1 interfaces
[  984.958588][  T850] gs_usb 5-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  984.968337][  T850] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -22
[  985.178120][  T890] usb 5-1: USB disconnect, device number 60
[  985.685088][T17045] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  985.721059][T17045] evm: overlay not supported
[  986.212276][T17056] netlink: 'syz.1.2845': attribute type 21 has an invalid length.
[  986.822242][   T30] audit: type=1400 audit(1767685150.710:859): avc:  denied  { bind } for  pid=17070 comm="syz.1.2849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  986.978325][T17072] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  986.985447][T17072] overlayfs: failed to set xattr on upper
[  986.993241][T17072] overlayfs: ...falling back to redirect_dir=nofollow.
[  987.001659][T17072] overlayfs: ...falling back to index=off.
[  987.059878][T17072] overlayfs: ...falling back to uuid=null.
[  987.128207][T17072] overlayfs: maximum fs stacking depth exceeded
[  987.366973][T17085] usb usb1: check_ctrlrecip: process 17085 (syz.1.2851) requesting ep 01 but needs 81
[  987.377032][T17085] usb usb1: usbfs: process 17085 (syz.1.2851) did not claim interface 0 before use
[  987.928654][ T5894] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  988.088357][ T5894] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  988.210536][ T5894] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  988.319130][ T5894] usb 5-1: config 0 interface 0 has no altsetting 0
[  988.330740][T17097] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2856'.
[  988.348747][ T5894] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  988.357991][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  988.366169][ T5894] usb 5-1: Product: syz
[  988.370886][ T5894] usb 5-1: Manufacturer: syz
[  988.379622][ T5894] usb 5-1: SerialNumber: syz
[  988.388322][ T5894] usb 5-1: config 0 descriptor??
[  988.405160][ T5894] hub 5-1:0.0: bad descriptor, ignoring hub
[  988.411089][ T5894] hub 5-1:0.0: probe with driver hub failed with error -5
[  988.443761][ T5894] usb 5-1: selecting invalid altsetting 0
[  989.725692][T17089] usb 5-1: reset high-speed USB device number 61 using dummy_hcd
[  990.520531][ T5894] usb 5-1: USB disconnect, device number 61
[  991.747745][T14271] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  991.951721][T14271] usb 5-1: Using ep0 maxpacket: 32
[  991.961689][T14271] usb 5-1: unable to get BOS descriptor or descriptor too short
[  991.993956][T14271] usb 5-1: config 8 has an invalid interface number: 170 but max is 0
[  992.041357][T14271] usb 5-1: config 8 has no interface number 0
[  992.123517][T14271] usb 5-1: config 8 interface 170 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  992.247407][T14271] usb 5-1: config 8 interface 170 altsetting 2 endpoint 0xB has invalid maxpacket 22275, setting to 64
[  992.415161][T14271] usb 5-1: config 8 interface 170 has no altsetting 0
[  992.424254][T14271] usb 5-1: New USB device found, idVendor=1385, idProduct=4250, bcdDevice=63.ab
[  992.433311][T14271] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  992.471113][T14271] usb 5-1: Product: syz
[  992.509969][T14271] usb 5-1: Manufacturer: syz
[  992.514569][T14271] usb 5-1: SerialNumber: syz
[  992.786967][   T30] audit: type=1326 audit(1767685156.978:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  992.832347][T14271] usb 5-1: Could not find all expected endpoints
[  992.852890][   T30] audit: type=1326 audit(1767685157.009:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  992.868703][T14271] usb 5-1: USB disconnect, device number 62
[  993.196655][   T30] audit: type=1326 audit(1767685157.009:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.244520][   T30] audit: type=1326 audit(1767685157.009:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.295807][   T30] audit: type=1326 audit(1767685157.009:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.348666][   T30] audit: type=1326 audit(1767685157.009:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.397641][   T30] audit: type=1326 audit(1767685157.009:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.445608][   T30] audit: type=1326 audit(1767685157.009:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.502172][   T30] audit: type=1326 audit(1767685157.009:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.660080][   T30] audit: type=1326 audit(1767685157.009:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17128 comm="syz.4.2863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40378f749 code=0x7ffc0000
[  993.747254][T17151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2869'.
[  994.890776][ T5894] usb 5-1: new full-speed USB device number 63 using dummy_hcd
[  995.085590][T17157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2873'.
[  995.454821][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  995.466854][ T5894] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  995.622667][T17176] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2874'.
[  995.632424][T17176] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2874'.
[  995.920169][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  996.342817][ T5894] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  996.371663][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  996.469509][ T5894] usb 5-1: Product: syz
[  996.474038][ T5894] usb 5-1: Manufacturer: syz
[  996.480085][ T5894] usb 5-1: SerialNumber: syz
[  996.494441][ T5894] usb 5-1: config 0 descriptor??
[  996.633950][T17189] netlink: 'syz.1.2878': attribute type 21 has an invalid length.
[  997.009328][ T5894] usb 5-1: can't set config #0, error -71
[  997.039722][ T5894] usb 5-1: USB disconnect, device number 63
[  999.908821][T17223] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2886'.
[ 1000.317461][T17221] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2888'.
[ 1000.572123][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1000.572145][   T30] audit: type=1400 audit(1767685165.146:871): avc:  denied  { execute } for  pid=17226 comm="syz.3.2890" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=58423 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[ 1001.477133][   T30] audit: type=1400 audit(1767685165.954:872): avc:  denied  { name_bind } for  pid=17235 comm="syz.2.2892" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[ 1002.034415][ T5894] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1002.259779][T17247] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2894'.
[ 1002.269823][T17247] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2894'.
[ 1002.586171][ T5894] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1002.612977][ T5894] usb 4-1: config 0 has an invalid interface number: 144 but max is 1
[ 1002.627005][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1002.637506][ T5894] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1002.647191][ T5894] usb 4-1: config 0 has no interface number 0
[ 1002.653557][ T5894] usb 4-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1002.678166][ T5894] usb 4-1: config 0 interface 144 has no altsetting 0
[ 1002.697940][ T5894] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[ 1002.716589][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1002.734275][ T5894] usb 4-1: Product: syz
[ 1002.775762][ T5894] usb 4-1: Manufacturer: syz
[ 1002.791369][ T5894] usb 4-1: SerialNumber: syz
[ 1003.227111][ T5894] usb 4-1: config 0 descriptor??
[ 1003.644066][   T30] audit: type=1400 audit(1767685168.348:873): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1003.738311][T17240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1003.847142][T17240] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1004.870135][   T30] audit: type=1400 audit(1767685169.356:874): avc:  denied  { remount } for  pid=17256 comm="syz.0.2897" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1005.607212][   T30] audit: type=1326 audit(1767685170.437:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17265 comm="syz.2.2901" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b0298f749 code=0x0
[ 1005.648187][ T5894] ims_pcu 4-1:0.144: Missing CDC union descriptor
[ 1005.675009][ T5894] ims_pcu 4-1:0.144: probe with driver ims_pcu failed with error -22
[ 1005.705202][ T5894] usb 4-1: USB disconnect, device number 43
[ 1005.773793][T17283] cgroup: release_agent respecified
[ 1006.092653][T17292] atomic_op ffff88807cd87198 conn xmit_atomic 0000000000000000
[ 1006.216037][T17294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2908'.
[ 1006.225081][T17294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2908'.
[ 1006.234452][T17294] netlink: 'syz.3.2908': attribute type 12 has an invalid length.
[ 1006.245277][T17294] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2908'.
[ 1006.254246][T17294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2908'.
[ 1006.270046][T17294] netlink: 'syz.3.2908': attribute type 12 has an invalid length.
[ 1006.349022][  T890] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1006.548917][  T890] usb 2-1: Using ep0 maxpacket: 32
[ 1006.559258][  T890] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1006.574360][  T890] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1006.589089][  T890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1006.602428][  T890] usb 2-1: Product: syz
[ 1006.610966][  T890] usb 2-1: Manufacturer: syz
[ 1006.618742][  T890] usb 2-1: SerialNumber: syz
[ 1006.635799][  T890] usb 2-1: config 0 descriptor??
[ 1007.076853][T17287] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1007.089983][T17287] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1007.097590][T17287] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1007.126567][  T890] gs_usb 2-1:0.0: Configuring for 1 interfaces
[ 1007.325548][  T890] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[ 1007.338387][  T890] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22
[ 1007.406429][ T7670] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1007.521516][  T850] usb 2-1: USB disconnect, device number 32
[ 1007.564994][ T7670] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1007.583116][ T7670] usb 5-1: config 0 has an invalid interface number: 144 but max is 1
[ 1007.591917][ T7670] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1007.602367][ T7670] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1007.612059][ T7670] usb 5-1: config 0 has no interface number 0
[ 1007.618741][ T7670] usb 5-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1007.632160][ T7670] usb 5-1: config 0 interface 144 has no altsetting 0
[ 1007.640931][ T7670] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[ 1007.658158][ T7670] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1007.666809][ T7670] usb 5-1: Product: syz
[ 1007.670974][ T7670] usb 5-1: Manufacturer: syz
[ 1007.675904][ T7670] usb 5-1: SerialNumber: syz
[ 1007.686738][ T7670] usb 5-1: config 0 descriptor??
[ 1007.895105][T17308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1007.902976][T17323] FAULT_INJECTION: forcing a failure.
[ 1007.902976][T17323] name failslab, interval 1, probability 0, space 0, times 0
[ 1007.916921][T17323] CPU: 0 UID: 0 PID: 17323 Comm: syz.2.2920 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1007.916950][T17323] Tainted: [L]=SOFTLOCKUP
[ 1007.916957][T17323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1007.916967][T17323] Call Trace:
[ 1007.916973][T17323]  <TASK>
[ 1007.916980][T17323]  dump_stack_lvl+0x16c/0x1f0
[ 1007.917008][T17323]  should_fail_ex+0x512/0x640
[ 1007.917034][T17323]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1007.917054][T17323]  should_failslab+0xc2/0x120
[ 1007.917080][T17323]  kmem_cache_alloc_noprof+0x83/0x770
[ 1007.917099][T17323]  ? skb_clone+0x190/0x3f0
[ 1007.917122][T17323]  ? skb_clone+0x190/0x3f0
[ 1007.917139][T17323]  skb_clone+0x190/0x3f0
[ 1007.917157][T17323]  netlink_deliver_tap+0xabd/0xd30
[ 1007.917184][T17323]  netlink_unicast+0x64c/0x870
[ 1007.917210][T17323]  ? __pfx_netlink_unicast+0x10/0x10
[ 1007.917247][T17323]  netlink_sendmsg+0x8c8/0xdd0
[ 1007.917273][T17323]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1007.917305][T17323]  ____sys_sendmsg+0xa5d/0xc30
[ 1007.917329][T17323]  ? copy_msghdr_from_user+0x10a/0x160
[ 1007.917347][T17323]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1007.917380][T17323]  ___sys_sendmsg+0x134/0x1d0
[ 1007.917400][T17323]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1007.917449][T17323]  __sys_sendmsg+0x16d/0x220
[ 1007.917468][T17323]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1007.917504][T17323]  do_syscall_64+0xcd/0xf80
[ 1007.917529][T17323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.917548][T17323] RIP: 0033:0x7f4b0298f749
[ 1007.917563][T17323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1007.917581][T17323] RSP: 002b:00007f4b03846038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1007.917599][T17323] RAX: ffffffffffffffda RBX: 00007f4b02be5fa0 RCX: 00007f4b0298f749
[ 1007.917611][T17323] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[ 1007.917623][T17323] RBP: 00007f4b03846090 R08: 0000000000000000 R09: 0000000000000000
[ 1007.917633][T17323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1007.917645][T17323] R13: 00007f4b02be6038 R14: 00007f4b02be5fa0 R15: 00007ffc66d23538
[ 1007.917670][T17323]  </TASK>
[ 1007.920717][T17308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1009.484242][T17341] FAULT_INJECTION: forcing a failure.
[ 1009.484242][T17341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1009.553701][T17341] CPU: 1 UID: 0 PID: 17341 Comm: syz.1.2926 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1009.553734][T17341] Tainted: [L]=SOFTLOCKUP
[ 1009.553741][T17341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1009.553753][T17341] Call Trace:
[ 1009.553760][T17341]  <TASK>
[ 1009.553768][T17341]  dump_stack_lvl+0x16c/0x1f0
[ 1009.553797][T17341]  should_fail_ex+0x512/0x640
[ 1009.553829][T17341]  strncpy_from_user+0x3b/0x2e0
[ 1009.553858][T17341]  getname_flags.part.0+0x8f/0x550
[ 1009.553880][T17341]  getname_flags+0x93/0xf0
[ 1009.553903][T17341]  __io_openat_prep+0x16d/0x410
[ 1009.553929][T17341]  io_submit_sqes+0xa14/0x28e0
[ 1009.553960][T17341]  __do_sys_io_uring_enter+0xd6b/0x1630
[ 1009.553985][T17341]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1009.554002][T17341]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1009.554020][T17341]  ? __might_fault+0xe3/0x190
[ 1009.554033][T17341]  ? __might_fault+0x13b/0x190
[ 1009.554047][T17341]  ? find_held_lock+0x2b/0x80
[ 1009.554070][T17341]  ? syscall_trace_enter+0x1cb/0x220
[ 1009.554094][T17341]  ? rcu_is_watching+0x12/0xc0
[ 1009.554111][T17341]  do_syscall_64+0xcd/0xf80
[ 1009.554132][T17341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1009.554147][T17341] RIP: 0033:0x7fea2318f749
[ 1009.554158][T17341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1009.554173][T17341] RSP: 002b:00007fea2405d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1009.554188][T17341] RAX: ffffffffffffffda RBX: 00007fea233e5fa0 RCX: 00007fea2318f749
[ 1009.554198][T17341] RDX: 0000000000000000 RSI: 0000000000003516 RDI: 0000000000000005
[ 1009.554206][T17341] RBP: 00007fea2405d090 R08: 0000000000000000 R09: 00000000fffffdcf
[ 1009.554216][T17341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1009.554225][T17341] R13: 00007fea233e6038 R14: 00007fea233e5fa0 R15: 00007ffcb9736558
[ 1009.554246][T17341]  </TASK>
[ 1010.128408][ T7670] ims_pcu 5-1:0.144: Missing CDC union descriptor
[ 1010.142173][ T7670] ims_pcu 5-1:0.144: probe with driver ims_pcu failed with error -22
[ 1010.180144][ T7670] usb 5-1: USB disconnect, device number 64
[ 1011.559384][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1011.578528][ T5816] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1011.602140][ T5816] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1011.632848][ T5816] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1011.640341][ T5816] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1012.340348][  T890] usb 5-1: new full-speed USB device number 65 using dummy_hcd
[ 1012.451836][T17359] chnl_net:caif_netlink_parms(): no params data found
[ 1012.516337][  T890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1012.707382][  T890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1012.779485][  T890] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1012.809911][  T890] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1012.922402][T17359] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1012.929664][T17359] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1012.978078][  T890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.997665][T17359] bridge_slave_0: entered allmulticast mode
[ 1013.062872][  T890] usb 5-1: config 0 descriptor??
[ 1013.063516][T17359] bridge_slave_0: entered promiscuous mode
[ 1013.133665][T17359] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1013.160399][T17359] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1013.171603][T17359] bridge_slave_1: entered allmulticast mode
[ 1013.186944][T17359] bridge_slave_1: entered promiscuous mode
[ 1013.798357][  T890] hid_parser_main: 73 callbacks suppressed
[ 1013.798375][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.817876][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.825880][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.833641][ T5829] Bluetooth: hci1: command tx timeout
[ 1013.843293][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.852704][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.862497][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.872741][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.880680][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.889325][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.897909][  T890] hid-multitouch 0003:0457:07DA.001A: unknown main item tag 0x0
[ 1013.911535][  T890] hid-multitouch 0003:0457:07DA.001A: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.4-1/input0
[ 1014.057020][T17359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1014.096823][T17359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1014.296321][ T5873] usb 5-1: USB disconnect, device number 65
[ 1014.395221][T17359] team0: Port device team_slave_0 added
[ 1014.417322][T17359] team0: Port device team_slave_1 added
[ 1014.605353][ T2979] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1014.622268][ T2979] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1014.647730][T17359] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1014.654979][T17359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1014.681598][T17359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1014.710136][T17359] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1014.738588][T17359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1014.771323][T17359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1014.929182][ T2979] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1014.986114][ T2979] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.432359][T17409] netlink: 'syz.4.2940': attribute type 2 has an invalid length.
[ 1015.595272][T17413] netlink: 'syz.2.2941': attribute type 21 has an invalid length.
[ 1015.812511][ T5829] Bluetooth: hci1: command tx timeout
[ 1015.991074][ T2979] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1016.029745][ T2979] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.987678][ T2979] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1017.027623][ T2979] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1017.433949][T17359] hsr_slave_0: entered promiscuous mode
[ 1017.442752][T17359] hsr_slave_1: entered promiscuous mode
[ 1017.461174][T17359] debugfs: 'hsr0' already exists in 'hsr'
[ 1017.472179][T17359] Cannot create hsr debugfs directory
[ 1017.490416][T17437] netlink: 'syz.0.2948': attribute type 2 has an invalid length.
[ 1017.788444][ T5829] Bluetooth: hci1: command tx timeout
[ 1018.796093][ T2979] bridge0: port 3(batadv0) entered disabled state
[ 1018.839656][T17453] netlink: 'syz.4.2951': attribute type 2 has an invalid length.
[ 1019.484814][ T2979] bridge_slave_1: left allmulticast mode
[ 1019.499162][ T2979] bridge_slave_1: left promiscuous mode
[ 1019.513273][ T2979] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1019.793057][ T5829] Bluetooth: hci1: command tx timeout
[ 1019.923166][ T2979] bridge_slave_0: left allmulticast mode
[ 1019.928818][ T2979] bridge_slave_0: left promiscuous mode
[ 1019.960576][ T2979] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1020.125165][T17467] cgroup: release_agent respecified
[ 1020.293560][ T2979] bond1 (unregistering): (slave ip6erspan0): Releasing active interface
[ 1020.322096][  T890] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1020.382711][T17471] atomic_op ffff888058171998 conn xmit_atomic 0000000000000000
[ 1020.481189][  T890] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1020.522448][  T890] usb 3-1: config 0 has an invalid interface number: 144 but max is 1
[ 1020.746730][  T890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1020.763580][  T890] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1020.772857][  T890] usb 3-1: config 0 has no interface number 0
[ 1020.779492][  T890] usb 3-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1020.793077][  T890] usb 3-1: config 0 interface 144 has no altsetting 0
[ 1020.806066][  T890] usb 3-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[ 1020.815539][  T890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.824414][  T890] usb 3-1: Product: syz
[ 1020.828882][  T890] usb 3-1: Manufacturer: syz
[ 1020.833539][  T890] usb 3-1: SerialNumber: syz
[ 1020.846211][  T890] usb 3-1: config 0 descriptor??
[ 1021.004889][ T2979] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1021.015591][ T2979] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1021.025410][ T2979] bond0 (unregistering): Released all slaves
[ 1021.026447][T16859] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 1021.048588][T17465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1021.057883][T17465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1021.134272][ T2979] bond1 (unregistering): Released all slaves
[ 1021.217010][T16859] usb 2-1: Using ep0 maxpacket: 32
[ 1021.230024][T16859] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1021.241753][T16859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1021.249903][T16859] usb 2-1: Product: syz
[ 1021.257595][T16859] usb 2-1: Manufacturer: syz
[ 1021.269137][T16859] usb 2-1: SerialNumber: syz
[ 1021.269747][ T2979] tipc: Left network mode
[ 1021.538425][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1021.570167][T16859] usb 2-1: config 0 descriptor??
[ 1021.602438][T16859] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1021.984204][T17486] comedi comedi0: Minor 47 could not be opened
[ 1022.898909][ T2979] hsr_slave_0: left promiscuous mode
[ 1023.131558][ T2979] hsr_slave_1: left promiscuous mode
[ 1023.140611][ T2979] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1023.171298][ T2979] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1023.178726][ T2979] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1023.509960][T16859] gspca_ov534_9: reg_w failed -110
[ 1023.623564][T17487] fuse: Bad value for 'rootmode'
[ 1023.706842][ T2979] veth1_macvtap: left promiscuous mode
[ 1023.739476][ T2979] veth0_macvtap: left promiscuous mode
[ 1023.745612][ T2979] veth1_vlan: left promiscuous mode
[ 1023.785687][ T2979] veth0_vlan: left promiscuous mode
[ 1023.898306][  T890] ims_pcu 3-1:0.144: Missing CDC union descriptor
[ 1023.916269][  T890] ims_pcu 3-1:0.144: probe with driver ims_pcu failed with error -22
[ 1023.964439][  T890] usb 3-1: USB disconnect, device number 50
[ 1023.980289][T16859] gspca_ov534_9: Unknown sensor 0000
[ 1023.980342][T16859] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[ 1025.504488][ T2979] team0 (unregistering): Port device team_slave_1 removed
[ 1025.573726][ T2979] team0 (unregistering): Port device team_slave_0 removed
[ 1026.108754][T16859] usb 2-1: USB disconnect, device number 33
[ 1026.627423][   T30] audit: type=1400 audit(1767685192.485:876): avc:  denied  { map } for  pid=17537 comm="syz.1.2967" path="/dev/sg0" dev="devtmpfs" ino=773 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1027.156352][T17559] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2970'.
[ 1028.785887][T17573] cgroup: release_agent respecified
[ 1028.793647][ T2979] IPVS: stop unused estimator thread 0...
[ 1030.233234][T17359] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1030.297559][T17359] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1030.328039][T17595] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2977'.
[ 1030.345671][T17359] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1030.412016][   T30] audit: type=1400 audit(1767685196.475:877): avc:  denied  { bind } for  pid=17594 comm="syz.0.2977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1030.608837][T17359] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1030.676731][T17610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2979'.
[ 1030.685740][T17610] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2979'.
[ 1030.694822][T17610] netlink: 'syz.1.2979': attribute type 12 has an invalid length.
[ 1031.094762][T17610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2979'.
[ 1031.103872][T17610] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2979'.
[ 1031.112811][T17610] netlink: 'syz.1.2979': attribute type 12 has an invalid length.
[ 1031.174181][   T36] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1031.227034][   T36] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1031.436753][ T8128] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1031.452308][ T8128] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1031.592597][T17359] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1031.632850][T17359] 8021q: adding VLAN 0 to HW filter on device team0
[ 1031.697053][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1031.704174][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1031.744823][ T8121] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1031.751960][ T8121] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1032.245013][   T30] audit: type=1400 audit(1767685198.396:878): avc:  denied  { mounton } for  pid=17640 comm="syz.2.2982" path="/555/file0" dev="tmpfs" ino=3022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[ 1032.469552][T17359] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1032.528937][   T30] audit: type=1400 audit(1767685198.701:879): avc:  denied  { setattr } for  pid=17656 comm="syz.2.2985" name="ptmx" dev="devtmpfs" ino=615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1
[ 1032.557485][T17657] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode
[ 1032.595624][   T30] audit: type=1400 audit(1767685198.701:880): avc:  denied  { accept } for  pid=17651 comm="syz.4.2984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1032.620319][T17359] veth0_vlan: entered promiscuous mode
[ 1032.632617][T17359] veth1_vlan: entered promiscuous mode
[ 1032.664384][T17359] veth0_macvtap: entered promiscuous mode
[ 1032.674743][T17359] veth1_macvtap: entered promiscuous mode
[ 1032.696987][T17359] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1032.711869][T17359] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1032.727293][ T4107] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.737400][ T4107] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.755800][ T4107] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.798731][ T4107] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1032.837847][ T4107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1032.848069][ T4107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1032.891988][  T179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1032.900763][  T179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1034.415859][T17694] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2989'.
[ 1034.551871][ T5829] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1034.552174][ T5816] Bluetooth: hci4: command 0x1003 tx timeout
[ 1036.029891][T17713] Can't find ip_set type hash:n
[ 1036.201690][T17721] netlink: 'syz.4.2995': attribute type 2 has an invalid length.
[ 1037.506684][ T5816] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1037.515332][ T5816] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1037.523837][ T5816] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1037.531863][ T5816] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1037.541299][ T5816] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1037.847264][  T850] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1037.965612][T17742] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3001'.
[ 1038.089374][  T850] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1038.148144][  T850] usb 4-1: config 0 has an invalid interface number: 144 but max is 1
[ 1038.253789][  T850] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1038.352998][  T850] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1038.431757][  T850] usb 4-1: config 0 has no interface number 0
[ 1038.496448][  T850] usb 4-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1038.636730][  T850] usb 4-1: config 0 interface 144 has no altsetting 0
[ 1038.789323][  T850] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[ 1038.826707][  T850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1038.853380][  T850] usb 4-1: Product: syz
[ 1038.867001][  T850] usb 4-1: Manufacturer: syz
[ 1038.882006][  T850] usb 4-1: SerialNumber: syz
[ 1038.902745][  T850] usb 4-1: config 0 descriptor??
[ 1039.294086][T17733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1039.373900][T17733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1039.516339][ T5816] Bluetooth: hci4: command tx timeout
[ 1039.843843][T17729] chnl_net:caif_netlink_parms(): no params data found
[ 1039.977333][T17769] usb usb1: check_ctrlrecip: process 17769 (syz.4.3005) requesting ep 01 but needs 81
[ 1040.462574][T17769] usb usb1: usbfs: process 17769 (syz.4.3005) did not claim interface 0 before use
[ 1041.080913][T17729] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1041.117705][T17729] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1041.130470][T17729] bridge_slave_0: entered allmulticast mode
[ 1041.166659][T17729] bridge_slave_0: entered promiscuous mode
[ 1041.180522][  T850] ims_pcu 4-1:0.144: Missing CDC union descriptor
[ 1041.187916][  T850] ims_pcu 4-1:0.144: probe with driver ims_pcu failed with error -22
[ 1041.216170][T17729] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1041.232909][T17729] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1041.249648][T17729] bridge_slave_1: entered allmulticast mode
[ 1041.268565][T17729] bridge_slave_1: entered promiscuous mode
[ 1041.304842][  T850] usb 4-1: USB disconnect, device number 44
[ 1041.349393][T17729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1041.428088][T17729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1041.495611][ T5816] Bluetooth: hci4: command tx timeout
[ 1041.674104][T17729] team0: Port device team_slave_0 added
[ 1041.775193][T17796] netlink: 'syz.1.3010': attribute type 2 has an invalid length.
[ 1041.900711][T17729] team0: Port device team_slave_1 added
[ 1041.983518][ T4107] bridge_slave_1: left allmulticast mode
[ 1042.223477][ T4107] bridge_slave_1: left promiscuous mode
[ 1042.495554][ T4107] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1042.519397][ T4107] bridge_slave_0: left allmulticast mode
[ 1042.619655][ T4107] bridge_slave_0: left promiscuous mode
[ 1042.627565][ T4107] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1042.643869][T17802] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3012'.
[ 1043.099216][   T30] audit: type=1400 audit(1767685209.389:881): avc:  denied  { connect } for  pid=17798 comm="syz.2.3011" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1043.388440][T17811] netlink: 7 bytes leftover after parsing attributes in process `syz.2.3014'.
[ 1043.407882][T17811] FAULT_INJECTION: forcing a failure.
[ 1043.407882][T17811] name failslab, interval 1, probability 0, space 0, times 0
[ 1043.470654][T17811] CPU: 1 UID: 0 PID: 17811 Comm: syz.2.3014 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1043.470685][T17811] Tainted: [L]=SOFTLOCKUP
[ 1043.470691][T17811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1043.470703][T17811] Call Trace:
[ 1043.470710][T17811]  <TASK>
[ 1043.470718][T17811]  dump_stack_lvl+0x16c/0x1f0
[ 1043.470746][T17811]  should_fail_ex+0x512/0x640
[ 1043.470772][T17811]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[ 1043.470793][T17811]  should_failslab+0xc2/0x120
[ 1043.470816][T17811]  kmem_cache_alloc_node_noprof+0x86/0x800
[ 1043.470833][T17811]  ? __alloc_skb+0x156/0x410
[ 1043.470858][T17811]  ? __alloc_skb+0x156/0x410
[ 1043.470874][T17811]  __alloc_skb+0x156/0x410
[ 1043.470889][T17811]  ? __alloc_skb+0x35d/0x410
[ 1043.470905][T17811]  ? __pfx___alloc_skb+0x10/0x10
[ 1043.470921][T17811]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[ 1043.470943][T17811]  netlink_ack+0x15d/0xb80
[ 1043.470961][T17811]  netlink_rcv_skb+0x332/0x420
[ 1043.470975][T17811]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1043.470990][T17811]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1043.471008][T17811]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1043.471024][T17811]  netlink_unicast+0x5aa/0x870
[ 1043.471039][T17811]  ? __pfx_netlink_unicast+0x10/0x10
[ 1043.471052][T17811]  ? __asan_memset+0x23/0x50
[ 1043.471063][T17811]  ? __build_skb_around+0x278/0x390
[ 1043.471082][T17811]  netlink_sendmsg+0x8c8/0xdd0
[ 1043.471098][T17811]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1043.471131][T17811]  __sys_sendto+0x4a3/0x520
[ 1043.471149][T17811]  ? __pfx___sys_sendto+0x10/0x10
[ 1043.471177][T17811]  ? ksys_write+0x1ac/0x250
[ 1043.471191][T17811]  ? __pfx_ksys_write+0x10/0x10
[ 1043.471207][T17811]  __x64_sys_sendto+0xe0/0x1c0
[ 1043.471224][T17811]  ? do_syscall_64+0x91/0xf80
[ 1043.471238][T17811]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1043.471252][T17811]  do_syscall_64+0xcd/0xf80
[ 1043.471272][T17811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1043.471284][T17811] RIP: 0033:0x7f4b0298f749
[ 1043.471294][T17811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1043.471305][T17811] RSP: 002b:00007f4b03846038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1043.471316][T17811] RAX: ffffffffffffffda RBX: 00007f4b02be5fa0 RCX: 00007f4b0298f749
[ 1043.471324][T17811] RDX: 0000000000010a73 RSI: 0000200000000000 RDI: 0000000000000003
[ 1043.471330][T17811] RBP: 00007f4b03846090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b
[ 1043.471337][T17811] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[ 1043.471344][T17811] R13: 00007f4b02be6038 R14: 00007f4b02be5fa0 R15: 00007ffc66d23538
[ 1043.471358][T17811]  </TASK>
[ 1043.767133][ T7670] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1043.777384][ T5816] Bluetooth: hci4: command tx timeout
[ 1044.026308][ T7670] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1044.037325][ T7670] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1044.057581][ T7670] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1044.073326][ T7670] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1044.126338][T17819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3015'.
[ 1044.170866][ T7670] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1044.240764][ T7670] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1044.351262][ T7670] usb 2-1: Manufacturer: syz
[ 1044.483287][ T7670] usb 2-1: config 0 descriptor??
[ 1044.705833][T17808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1044.741548][T17808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1044.753236][ T4107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1044.772040][ T4107] bond0 (unregistering): (slave 
c
@0Ù): Releasing backup interface
[ 1044.786291][ T4107] bond0 (unregistering): Released all slaves
[ 1044.845674][T17819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3015'.
[ 1044.894244][T17729] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1044.910359][T17729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1045.000875][T17729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1045.013758][T17729] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1045.020785][T17729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1045.061659][ T7670] hid_parser_main: 24 callbacks suppressed
[ 1045.061680][ T7670] appleir 0003:05AC:8243.001B: unknown main item tag 0x0
[ 1045.101984][T17729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1045.116925][ T7670] appleir 0003:05AC:8243.001B: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 1045.421092][   T30] audit: type=1400 audit(1767685212.234:882): avc:  denied  { append } for  pid=17807 comm="syz.1.3013" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1045.645365][T17729] hsr_slave_0: entered promiscuous mode
[ 1046.114497][ T5816] Bluetooth: hci4: command tx timeout
[ 1046.182321][T17729] hsr_slave_1: entered promiscuous mode
[ 1046.194672][T17729] debugfs: 'hsr0' already exists in 'hsr'
[ 1046.213621][T17729] Cannot create hsr debugfs directory
[ 1046.552980][T15444] usb 2-1: reset high-speed USB device number 34 using dummy_hcd
[ 1046.714550][T15444] usb 2-1: device descriptor read/64, error -32
[ 1046.765062][ T4107] hsr_slave_0: left promiscuous mode
[ 1046.775904][ T4107] hsr_slave_1: left promiscuous mode
[ 1046.784630][ T4107] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1046.810908][ T4107] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1046.971857][T15444] usb 2-1: reset high-speed USB device number 34 using dummy_hcd
[ 1047.028101][T17861] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3022'.
[ 1047.143096][T15444] usb 2-1: device descriptor read/64, error -32
[ 1047.255362][T17868] FAULT_INJECTION: forcing a failure.
[ 1047.255362][T17868] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.268438][T17868] CPU: 1 UID: 0 PID: 17868 Comm: syz.3.3024 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1047.268467][T17868] Tainted: [L]=SOFTLOCKUP
[ 1047.268473][T17868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1047.268484][T17868] Call Trace:
[ 1047.268491][T17868]  <TASK>
[ 1047.268498][T17868]  dump_stack_lvl+0x16c/0x1f0
[ 1047.268527][T17868]  should_fail_ex+0x512/0x640
[ 1047.268555][T17868]  ? fs_reclaim_acquire+0xae/0x150
[ 1047.268584][T17868]  should_failslab+0xc2/0x120
[ 1047.268610][T17868]  __kmalloc_noprof+0xeb/0x910
[ 1047.268639][T17868]  ? tomoyo_encode2+0x100/0x3e0
[ 1047.268669][T17868]  ? tomoyo_encode2+0x100/0x3e0
[ 1047.268693][T17868]  tomoyo_encode2+0x100/0x3e0
[ 1047.268721][T17868]  tomoyo_encode+0x29/0x50
[ 1047.268746][T17868]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1047.268779][T17868]  tomoyo_path_number_perm+0x245/0x580
[ 1047.268800][T17868]  ? tomoyo_path_number_perm+0x237/0x580
[ 1047.268824][T17868]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1047.268854][T17868]  ? find_held_lock+0x2b/0x80
[ 1047.268906][T17868]  ? find_held_lock+0x2b/0x80
[ 1047.268933][T17868]  ? hook_file_ioctl_common+0x144/0x410
[ 1047.268968][T17868]  ? __fget_files+0x20e/0x3c0
[ 1047.268999][T17868]  security_file_ioctl+0x9b/0x240
[ 1047.269026][T17868]  __x64_sys_ioctl+0xb7/0x210
[ 1047.269050][T17868]  do_syscall_64+0xcd/0xf80
[ 1047.269077][T17868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.269095][T17868] RIP: 0033:0x7f8824b8f749
[ 1047.269111][T17868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1047.269129][T17868] RSP: 002b:00007f882596c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1047.269148][T17868] RAX: ffffffffffffffda RBX: 00007f8824de6090 RCX: 00007f8824b8f749
[ 1047.269160][T17868] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000009
[ 1047.269172][T17868] RBP: 00007f882596c090 R08: 0000000000000000 R09: 0000000000000000
[ 1047.269188][T17868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1047.269199][T17868] R13: 00007f8824de6128 R14: 00007f8824de6090 R15: 00007ffe3df00c28
[ 1047.269226][T17868]  </TASK>
[ 1047.269313][T17868] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1048.202291][T17884] futex_wake_op: syz.4.3027 tries to shift op by -1; fix this program
[ 1048.377495][ T7670] usb 2-1: USB disconnect, device number 34
[ 1048.596676][ T4107] team0 (unregistering): Port device team_slave_1 removed
[ 1050.000864][ T7670] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1050.209269][ T7670] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1050.231291][ T7670] usb 2-1: config 0 has an invalid interface number: 144 but max is 1
[ 1050.257338][ T7670] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1050.277187][ T7670] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1050.286382][ T7670] usb 2-1: config 0 has no interface number 0
[ 1050.292991][ T7670] usb 2-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1050.315846][ T7670] usb 2-1: config 0 interface 144 has no altsetting 0
[ 1050.329801][ T7670] usb 2-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[ 1050.339016][ T7670] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1050.347179][ T7670] usb 2-1: Product: syz
[ 1050.351352][ T7670] usb 2-1: Manufacturer: syz
[ 1050.363237][ T7670] usb 2-1: SerialNumber: syz
[ 1050.381109][ T7670] usb 2-1: config 0 descriptor??
[ 1050.597964][T17908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1050.620085][T17910] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3032'.
[ 1050.630046][T17908] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1051.994471][ T4107] IPVS: stop unused estimator thread 0...
[ 1053.104911][T17729] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1053.219794][T17729] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1053.271389][T17729] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1053.307357][ T7670] ims_pcu 2-1:0.144: Missing CDC union descriptor
[ 1053.309047][T17729] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1053.353259][ T7670] ims_pcu 2-1:0.144: probe with driver ims_pcu failed with error -22
[ 1053.393495][ T7670] usb 2-1: USB disconnect, device number 35
[ 1053.756157][T17956] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3039'.
[ 1054.434171][T17729] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1054.488939][   T30] audit: type=1400 audit(1767685221.715:883): avc:  denied  { mount } for  pid=17971 comm="syz.3.3042" name="/" dev="rpc_pipefs" ino=61804 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1054.600259][T17729] 8021q: adding VLAN 0 to HW filter on device team0
[ 1054.645390][T12594] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1054.652561][T12594] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1054.740911][ T2979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1054.748017][ T2979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1054.768558][   T30] audit: type=1400 audit(1767685221.988:884): avc:  denied  { override_creds } for  pid=17981 comm="syz.4.3045" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1057.430168][ T7670] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1057.740050][ T7670] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1057.769141][ T7670] usb 5-1: config 0 has an invalid interface number: 144 but max is 1
[ 1057.786905][ T7670] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1057.836873][ T7670] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1057.846346][ T7670] usb 5-1: config 0 has no interface number 0
[ 1057.855090][ T7670] usb 5-1: config 0 interface 144 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 13
[ 1057.897058][T17729] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1057.920939][ T7670] usb 5-1: config 0 interface 144 has no altsetting 0
[ 1058.208347][ T7670] usb 5-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=d0.ae
[ 1058.235491][ T7670] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1058.261014][ T7670] usb 5-1: Product: syz
[ 1058.265189][ T7670] usb 5-1: Manufacturer: syz
[ 1058.283503][T17729] veth0_vlan: entered promiscuous mode
[ 1058.289127][ T7670] usb 5-1: SerialNumber: syz
[ 1058.315309][ T7670] usb 5-1: config 0 descriptor??
[ 1058.334147][T17729] veth1_vlan: entered promiscuous mode
[ 1058.622990][T17729] veth0_macvtap: entered promiscuous mode
[ 1058.628961][T18005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1058.651738][T18005] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1058.659892][T17729] veth1_macvtap: entered promiscuous mode
[ 1059.054653][T17729] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1059.102982][T17729] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1059.137244][ T8131] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1059.176689][ T8131] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1059.209413][ T8131] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1059.241433][ T8131] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1059.346905][ T4107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1059.380072][ T4107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1059.387729][T16859] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[ 1059.434181][ T8131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1059.447958][ T8131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1059.456026][ T5894] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1059.660236][T16859] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1059.669539][T16859] usb 3-1: config 10 has an invalid interface number: 41 but max is 0
[ 1059.677845][T16859] usb 3-1: config 10 has no interface number 0
[ 1059.685634][T16859] usb 3-1: config 10 interface 41 has no altsetting 0
[ 1059.696149][T16859] usb 3-1: New USB device found, idVendor=0499, idProduct=101b, bcdDevice=56.29
[ 1059.706449][ T9550] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1059.717166][T16859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1059.726519][ T5894] usb 4-1: Using ep0 maxpacket: 32
[ 1059.733468][T16859] usb 3-1: Product: syz
[ 1059.739911][T16859] usb 3-1: Manufacturer: syz
[ 1059.749979][T18050] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2994'.
[ 1059.781801][ T5894] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 1060.125016][ T5894] usb 4-1: config 0 has no interface number 0
[ 1060.133205][T16859] usb 3-1: SerialNumber: syz
[ 1060.139855][ T5894] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1060.163264][ T5894] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1060.177486][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1060.191552][ T5894] usb 4-1: Product: syz
[ 1060.196224][ T9550] usb 2-1: Using ep0 maxpacket: 32
[ 1060.208093][ T9550] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 1060.219677][ T5894] usb 4-1: Manufacturer: syz
[ 1060.238023][ T5894] usb 4-1: SerialNumber: syz
[ 1060.246767][ T9550] usb 2-1: config 0 has no interface number 0
[ 1060.264571][ T5894] usb 4-1: config 0 descriptor??
[ 1060.273051][ T9550] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1060.290684][ T5894] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1060.300920][ T5894] em28xx 4-1:0.132: Video interface 132 found:
[ 1060.318978][ T7670] ims_pcu 5-1:0.144: Missing CDC union descriptor
[ 1060.355682][ T7670] ims_pcu 5-1:0.144: probe with driver ims_pcu failed with error -22
[ 1060.415756][ T9550] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1060.424877][ T7670] usb 5-1: USB disconnect, device number 66
[ 1060.454661][T16859] uvcvideo 3-1:10.41: Found Unit with invalid ID 0
[ 1060.465652][ T9550] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1060.477536][ T9550] usb 2-1: Product: syz
[ 1060.484798][T16859] uvcvideo 3-1:10.41: probe with driver uvcvideo failed with error -22
[ 1060.494531][ T9550] usb 2-1: Manufacturer: syz
[ 1060.500683][T16859] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1060.508349][ T9550] usb 2-1: SerialNumber: syz
[ 1060.526922][ T9550] usb 2-1: config 0 descriptor??
[ 1060.551370][ T9550] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1060.574349][ T9550] em28xx 2-1:0.132: Video interface 132 found:
[ 1060.593471][T16859] snd-usb-audio 3-1:10.41: probe with driver snd-usb-audio failed with error -2
[ 1060.626411][T16859] usb 3-1: USB disconnect, device number 51
[ 1060.656811][T17446] udevd[17446]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:10.41/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1060.675570][ T5894] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 1060.877538][ T5894] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1060.894999][ T5894] em28xx 4-1:0.132: board has no eeprom
[ 1060.920690][ T9550] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[ 1060.964505][ T5894] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1060.972472][ T5894] em28xx 4-1:0.132: analog set to bulk mode.
[ 1060.978952][T16859] em28xx 4-1:0.132: Registering V4L2 extension
[ 1060.992650][ T5894] usb 4-1: USB disconnect, device number 45
[ 1061.009438][ T5894] em28xx 4-1:0.132: Disconnecting em28xx
[ 1061.132340][T16859] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 1061.263043][T16859] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 1061.277802][T16859] em28xx 4-1:0.132: No AC97 audio processor
[ 1061.317086][T16859] usb 4-1: Decoder not found
[ 1061.321722][T16859] em28xx 4-1:0.132: failed to create media graph
[ 1061.332996][T16859] em28xx 4-1:0.132: V4L2 device video103 deregistered
[ 1061.361763][T16859] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 1061.387242][ T5894] em28xx 4-1:0.132: Closing input extension
[ 1061.516441][T18086] overlayfs: overlapping lowerdir path
[ 1061.569625][T18087] overlayfs: overlapping lowerdir path
[ 1061.861891][   T30] audit: type=1400 audit(1767685229.484:885): avc:  denied  { mount } for  pid=18039 comm="syz.1.3055" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1062.002819][ T9550] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1062.055987][ T9550] em28xx 2-1:0.132: board has no eeprom
[ 1062.182747][ T9550] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1062.201002][ T9550] em28xx 2-1:0.132: analog set to bulk mode.
[ 1062.215816][   T10] em28xx 2-1:0.132: Registering V4L2 extension
[ 1062.582672][   T10] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 1062.609439][   T10] em28xx 2-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[ 1062.641530][   T10] em28xx 2-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[ 1062.665020][   T10] em28xx 2-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[ 1062.712468][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1062.722648][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1062.731884][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1062.739557][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1062.755849][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1062.760768][   T10] em28xx 2-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[ 1062.806027][   T10] em28xx 2-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[ 1062.872644][ T9550] usb 2-1: USB disconnect, device number 36
[ 1062.881259][   T30] audit: type=1400 audit(1767685230.565:886): avc:  denied  { unmount } for  pid=16565 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[ 1062.887668][ T5894] em28xx 4-1:0.132: Freeing device
[ 1062.908864][ T9550] em28xx 2-1:0.132: Disconnecting em28xx
[ 1062.962162][   T10] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 1063.010859][   T10] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 1063.029684][   T10] em28xx 2-1:0.132: No AC97 audio processor
[ 1063.064032][   T10] usb 2-1: Decoder not found
[ 1063.085062][   T10] em28xx 2-1:0.132: failed to create media graph
[ 1063.188641][   T10] em28xx 2-1:0.132: V4L2 device video103 deregistered
[ 1064.091495][   T10] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 1064.095083][T18106] ==================================================================
[ 1064.108158][T18106] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[ 1064.115611][T18106] Read of size 8 at addr ffff88802707c740 by task v4l_id/18106
[ 1064.123131][T18106] 
[ 1064.125444][T18106] CPU: 1 UID: 0 PID: 18106 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1064.125465][T18106] Tainted: [L]=SOFTLOCKUP
[ 1064.125471][T18106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1064.125481][T18106] Call Trace:
[ 1064.125487][T18106]  <TASK>
[ 1064.125493][T18106]  dump_stack_lvl+0x116/0x1f0
[ 1064.125515][T18106]  print_report+0xcd/0x630
[ 1064.125534][T18106]  ? __virt_addr_valid+0x81/0x610
[ 1064.125549][T18106]  ? __phys_addr+0xe8/0x180
[ 1064.125562][T18106]  ? v4l2_fh_init+0x27d/0x2c0
[ 1064.125579][T18106]  kasan_report+0xe0/0x110
[ 1064.125598][T18106]  ? v4l2_fh_init+0x27d/0x2c0
[ 1064.125617][T18106]  v4l2_fh_init+0x27d/0x2c0
[ 1064.125635][T18106]  v4l2_fh_open+0x64/0xa0
[ 1064.125652][T18106]  em28xx_v4l2_open+0x24e/0x7e0
[ 1064.125676][T18106]  v4l2_open+0x1d2/0x5e0
[ 1064.125694][T18106]  ? __pfx_v4l2_open+0x10/0x10
[ 1064.125711][T18106]  chrdev_open+0x234/0x6a0
[ 1064.125735][T18106]  ? __pfx_chrdev_open+0x10/0x10
[ 1064.125759][T18106]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1064.125787][T18106]  do_dentry_open+0x748/0x1590
[ 1064.125808][T18106]  ? __pfx_chrdev_open+0x10/0x10
[ 1064.125835][T18106]  vfs_open+0x82/0x3f0
[ 1064.125852][T18106]  path_openat+0x2078/0x3140
[ 1064.125881][T18106]  ? __pfx_path_openat+0x10/0x10
[ 1064.125909][T18106]  do_filp_open+0x20b/0x470
[ 1064.125934][T18106]  ? __pfx_do_filp_open+0x10/0x10
[ 1064.125966][T18106]  ? alloc_fd+0x471/0x7d0
[ 1064.125989][T18106]  do_sys_openat2+0x121/0x290
[ 1064.126003][T18106]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1064.126017][T18106]  ? count_memcg_events+0x122/0x290
[ 1064.126037][T18106]  __x64_sys_openat+0x174/0x210
[ 1064.126051][T18106]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1064.126066][T18106]  ? do_user_addr_fault+0x843/0x1370
[ 1064.126087][T18106]  do_syscall_64+0xcd/0xf80
[ 1064.126107][T18106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1064.126122][T18106] RIP: 0033:0x7fbaaeca7407
[ 1064.126134][T18106] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1064.126150][T18106] RSP: 002b:00007fffb458c7a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1064.126166][T18106] RAX: ffffffffffffffda RBX: 00007fbaaf346880 RCX: 00007fbaaeca7407
[ 1064.126176][T18106] RDX: 0000000000000000 RSI: 00007fffb458cf1a RDI: ffffffffffffff9c
[ 1064.126186][T18106] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1064.126195][T18106] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1064.126204][T18106] R13: 00007fffb458c9f0 R14: 00007fbaaf44b000 R15: 000055c50e7c44d8
[ 1064.126218][T18106]  </TASK>
[ 1064.126224][T18106] 
[ 1064.382595][T18106] Allocated by task 10:
[ 1064.386726][T18106]  kasan_save_stack+0x33/0x60
[ 1064.391390][T18106]  kasan_save_track+0x14/0x30
[ 1064.396054][T18106]  __kasan_kmalloc+0xaa/0xb0
[ 1064.400623][T18106]  em28xx_v4l2_init+0x114/0x4080
[ 1064.405542][T18106]  em28xx_init_extension+0x13a/0x200
[ 1064.410812][T18106]  request_module_async+0x61/0x70
[ 1064.415812][T18106]  process_one_work+0x9ba/0x1b20
[ 1064.420731][T18106]  worker_thread+0x6c8/0xf10
[ 1064.425300][T18106]  kthread+0x3c5/0x780
[ 1064.429349][T18106]  ret_from_fork+0x983/0xb10
[ 1064.433918][T18106]  ret_from_fork_asm+0x1a/0x30
[ 1064.438667][T18106] 
[ 1064.440969][T18106] Freed by task 10:
[ 1064.444756][T18106]  kasan_save_stack+0x33/0x60
[ 1064.449412][T18106]  kasan_save_track+0x14/0x30
[ 1064.454102][T18106]  kasan_save_free_info+0x3b/0x60
[ 1064.459110][T18106]  __kasan_slab_free+0x5f/0x80
[ 1064.463864][T18106]  kfree+0x2f8/0x6e0
[ 1064.467738][T18106]  em28xx_v4l2_init+0x22b5/0x4080
[ 1064.472750][T18106]  em28xx_init_extension+0x13a/0x200
[ 1064.478026][T18106]  request_module_async+0x61/0x70
[ 1064.483027][T18106]  process_one_work+0x9ba/0x1b20
[ 1064.487954][T18106]  worker_thread+0x6c8/0xf10
[ 1064.492528][T18106]  kthread+0x3c5/0x780
[ 1064.496575][T18106]  ret_from_fork+0x983/0xb10
[ 1064.501144][T18106]  ret_from_fork_asm+0x1a/0x30
[ 1064.505893][T18106] 
[ 1064.508195][T18106] The buggy address belongs to the object at ffff88802707c000
[ 1064.508195][T18106]  which belongs to the cache kmalloc-8k of size 8192
[ 1064.522228][T18106] The buggy address is located 1856 bytes inside of
[ 1064.522228][T18106]  freed 8192-byte region [ffff88802707c000, ffff88802707e000)
[ 1064.536174][T18106] 
[ 1064.538478][T18106] The buggy address belongs to the physical page:
[ 1064.544866][T18106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27078
[ 1064.553603][T18106] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1064.562076][T18106] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1064.570036][T18106] page_type: f5(slab)
[ 1064.573999][T18106] raw: 00fff00000000040 ffff88813ff27280 0000000000000000 dead000000000001
[ 1064.582559][T18106] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1064.591121][T18106] head: 00fff00000000040 ffff88813ff27280 0000000000000000 dead000000000001
[ 1064.599767][T18106] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1064.608419][T18106] head: 00fff00000000003 ffffea00009c1e01 00000000ffffffff 00000000ffffffff
[ 1064.617078][T18106] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1064.625729][T18106] page dumped because: kasan: bad access detected
[ 1064.632124][T18106] page_owner tracks the page as allocated
[ 1064.637821][T18106] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 17487, tgid 17472 (syz.1.2957), ts 1023715688550, free_ts 1023682396108
[ 1064.657862][T18106]  post_alloc_hook+0x1af/0x220
[ 1064.662622][T18106]  get_page_from_freelist+0xd0b/0x31a0
[ 1064.668064][T18106]  __alloc_frozen_pages_noprof+0x25f/0x2430
[ 1064.673934][T18106]  alloc_pages_mpol+0x1fb/0x550
[ 1064.678767][T18106]  new_slab+0x2c3/0x430
[ 1064.682908][T18106]  ___slab_alloc+0xe18/0x1c90
[ 1064.687572][T18106]  __slab_alloc.constprop.0+0x63/0x110
[ 1064.693015][T18106]  __kvmalloc_node_noprof+0x592/0xa40
[ 1064.698374][T18106]  netlink_alloc_large_skb+0x9b/0x140
[ 1064.703732][T18106]  netlink_sendmsg+0x698/0xdd0
[ 1064.708489][T18106]  sock_sendmsg+0x3cc/0x470
[ 1064.712976][T18106]  splice_to_socket+0xaf4/0x1110
[ 1064.717903][T18106]  direct_splice_actor+0x192/0x6c0
[ 1064.723000][T18106]  splice_direct_to_actor+0x345/0xa30
[ 1064.728356][T18106]  do_splice_direct+0x174/0x240
[ 1064.733200][T18106]  do_sendfile+0xb06/0xe50
[ 1064.737609][T18106] page last free pid 17487 tgid 17472 stack trace:
[ 1064.744087][T18106]  __free_frozen_pages+0x7df/0x1170
[ 1064.749287][T18106]  __put_partials+0x130/0x170
[ 1064.753954][T18106]  qlist_free_all+0x4c/0xf0
[ 1064.758443][T18106]  kasan_quarantine_reduce+0x195/0x1e0
[ 1064.763885][T18106]  __kasan_slab_alloc+0x69/0x90
[ 1064.768724][T18106]  __kmalloc_noprof+0x2f6/0x910
[ 1064.773570][T18106]  copy_splice_read+0x1a8/0xc20
[ 1064.778410][T18106]  do_splice_read+0x2bd/0x370
[ 1064.783076][T18106]  splice_direct_to_actor+0x2a1/0xa30
[ 1064.788455][T18106]  do_splice_direct+0x174/0x240
[ 1064.793292][T18106]  do_sendfile+0xb06/0xe50
[ 1064.797689][T18106]  __x64_sys_sendfile64+0x1d8/0x220
[ 1064.802871][T18106]  do_syscall_64+0xcd/0xf80
[ 1064.807357][T18106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1064.813229][T18106] 
[ 1064.815530][T18106] Memory state around the buggy address:
[ 1064.821134][T18106]  ffff88802707c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1064.829171][T18106]  ffff88802707c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1064.837211][T18106] >ffff88802707c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1064.845259][T18106]                                            ^
[ 1064.851389][T18106]  ffff88802707c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1064.859437][T18106]  ffff88802707c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1064.867474][T18106] ==================================================================
[ 1064.877479][ T9550] em28xx 2-1:0.132: Closing input extension
[ 1064.908037][ T5816] Bluetooth: hci2: command tx timeout
[ 1064.916750][T18106] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1064.923951][T18106] CPU: 1 UID: 0 PID: 18106 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1064.934515][T18106] Tainted: [L]=SOFTLOCKUP
[ 1064.938811][T18106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1064.948844][T18106] Call Trace:
[ 1064.952100][T18106]  <TASK>
[ 1064.955007][T18106]  dump_stack_lvl+0x3d/0x1f0
[ 1064.959589][T18106]  vpanic+0x640/0x6f0
[ 1064.963548][T18106]  panic+0xca/0xd0
[ 1064.967244][T18106]  ? __pfx_panic+0x10/0x10
[ 1064.971634][T18106]  ? v4l2_fh_init+0x27d/0x2c0
[ 1064.976296][T18106]  ? preempt_schedule_common+0x44/0xc0
[ 1064.981730][T18106]  ? preempt_schedule_thunk+0x16/0x30
[ 1064.987075][T18106]  ? check_panic_on_warn+0x1f/0xb0
[ 1064.992164][T18106]  check_panic_on_warn+0xab/0xb0
[ 1064.997075][T18106]  end_report+0x107/0x160
[ 1065.001381][T18106]  kasan_report+0xee/0x110
[ 1065.005778][T18106]  ? v4l2_fh_init+0x27d/0x2c0
[ 1065.010435][T18106]  v4l2_fh_init+0x27d/0x2c0
[ 1065.014913][T18106]  v4l2_fh_open+0x64/0xa0
[ 1065.019222][T18106]  em28xx_v4l2_open+0x24e/0x7e0
[ 1065.024069][T18106]  v4l2_open+0x1d2/0x5e0
[ 1065.028289][T18106]  ? __pfx_v4l2_open+0x10/0x10
[ 1065.033118][T18106]  chrdev_open+0x234/0x6a0
[ 1065.037520][T18106]  ? __pfx_chrdev_open+0x10/0x10
[ 1065.042443][T18106]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[ 1065.048788][T18106]  do_dentry_open+0x748/0x1590
[ 1065.053532][T18106]  ? __pfx_chrdev_open+0x10/0x10
[ 1065.058461][T18106]  vfs_open+0x82/0x3f0
[ 1065.062522][T18106]  path_openat+0x2078/0x3140
[ 1065.067096][T18106]  ? __pfx_path_openat+0x10/0x10
[ 1065.072011][T18106]  do_filp_open+0x20b/0x470
[ 1065.076493][T18106]  ? __pfx_do_filp_open+0x10/0x10
[ 1065.081510][T18106]  ? alloc_fd+0x471/0x7d0
[ 1065.085818][T18106]  do_sys_openat2+0x121/0x290
[ 1065.090474][T18106]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1065.095646][T18106]  ? count_memcg_events+0x122/0x290
[ 1065.100831][T18106]  __x64_sys_openat+0x174/0x210
[ 1065.105654][T18106]  ? __pfx___x64_sys_openat+0x10/0x10
[ 1065.110998][T18106]  ? do_user_addr_fault+0x843/0x1370
[ 1065.116269][T18106]  do_syscall_64+0xcd/0xf80
[ 1065.120749][T18106]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.126614][T18106] RIP: 0033:0x7fbaaeca7407
[ 1065.130997][T18106] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1065.150594][T18106] RSP: 002b:00007fffb458c7a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1065.158980][T18106] RAX: ffffffffffffffda RBX: 00007fbaaf346880 RCX: 00007fbaaeca7407
[ 1065.166941][T18106] RDX: 0000000000000000 RSI: 00007fffb458cf1a RDI: ffffffffffffff9c
[ 1065.174884][T18106] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1065.182824][T18106] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1065.190767][T18106] R13: 00007fffb458c9f0 R14: 00007fbaaf44b000 R15: 000055c50e7c44d8
[ 1065.198717][T18106]  </TASK>
[ 1065.201990][T18106] Kernel Offset: disabled
[ 1065.206288][T18106] Rebooting in 86400 seconds..