last executing test programs:

18.390509645s ago: executing program 1 (id=10077):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$l2tp(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @multicast1, 0x4}, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50)
socket$igmp6(0xa, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, &(0x7f0000000080), &(0x7f0000000280)=r3}, 0x20)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r3, r5, 0x25, 0x2}, 0x14)
syz_emit_ethernet(0x7a, &(0x7f0000000580)=ANY=[], 0x0)
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0x98c00, 0x3, 0x5}, 0x18)
readlinkat(r6, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000800)=""/4096, 0x1000)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x1, 0x2, 0x7fff7ffc}]})
ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)

16.289103772s ago: executing program 1 (id=10084):
r0 = socket$inet(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r3}, 0x38)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="f0000000100013070000000000000000ac1e0101000000000000000000000000fe8000000000000000000000000000bb0000000000000000000000a006000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000080bb000004d332000000ffffffff00000000000000010000000000000000000000002000000000000000000000000000000000000000000000ffffffef000000000000000000000000001e0e0000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/168], 0xf0}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r4)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x20, r5, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
sched_setattr(0x0, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0xfffffffffffffcc3, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0x4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x20000050)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_logical_link_complete={{0x46, 0x4}, {0x0, 0xc8, 0xfd}}}, 0x7)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r8 = io_uring_setup(0x168f, &(0x7f0000000400)={0x0, 0x631d, 0x2, 0x2, 0x2d8})
io_uring_register$IORING_REGISTER_BUFFERS2(r8, 0xf, &(0x7f0000002700)={0x119f, 0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)=""/264, 0xf9}, {&(0x7f00000015c0)=""/4096, 0x400400}, {&(0x7f0000002a00)=""/88, 0x8}], 0x0}, 0x20)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x3, 0x3, 0x0, 0x1}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x28}, 0x80)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r7, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)

14.673352324s ago: executing program 1 (id=10088):
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x0, 0xfffffffffffffffd, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\t\x00\x00\x00\t\x00\x00\x00', @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000600ae8c6e95b6a8b040006000000000000000000001016f9f1db67b8"], 0x50)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0)
ioctl$SNDCTL_DSP_SETDUPLEX(r1, 0x5016, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='mounts\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
r5 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000240)={0x80000011})
umount2(&(0x7f0000000000)='./file0\x00', 0x9)
setpgid(r3, r3)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b35, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030036000b05d25a806c8c6f94f90224fc60100005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000980)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}}, {@verity_on}, {@redirect_dir_follow}, {@xino_on}]})
setxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000000180)={'L-', 0x6}, 0x16, 0x0)
r6 = semget$private(0x0, 0x6, 0x3b1)
semctl$SETVAL(r6, 0xff7f0000, 0x10, 0x0)
r7 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r7, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040))

11.118627845s ago: executing program 4 (id=10094):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
tgkill(0x0, r1, 0x27)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r5 = fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x201, 0x40000036, r4, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1c0)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000b80), 0x2, 0x0)
ioctl$RTC_IRQP_READ(r6, 0x40187013, &(0x7f0000000bc0))
pipe2$9p(0x0, 0x84880)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
move_mount(r4, &(0x7f0000000040)='./file1\x00', r4, &(0x7f0000000100)='./file1\x00', 0x100)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffff7a, 0xffffffff, 0x210, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x88, 0x88, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x0, {0x4}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
r8 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r8, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
syz_genetlink_get_family_id$smc(&(0x7f0000000100), r0)

10.74825051s ago: executing program 0 (id=10097):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
connect$ax25(r0, &(0x7f0000000440)={{0x3, @default, 0xfffffffe}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, 0x0, 0x8001)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, 0x0, 0xc094)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x38, &(0x7f0000000040)=0x5)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
getrlimit(0xd, &(0x7f00000002c0))
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)

10.488989925s ago: executing program 1 (id=10099):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)={0x20, 0x1412, 0x1, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x40084}, 0x810) (async)
syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYRES8=r0], &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0})

9.152557695s ago: executing program 0 (id=10102):
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x85)
read$FUSE(r2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = dup3(r1, r4, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, 0x0)
close(r6)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000040)={0x0, 'lo\x00', {0x3}, 0x5})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x20, 0x2e, 0x9, 0x70bd25, 0x25dfdbfd, {0x5}, [@typed={0xc, 0xa, 0x0, 0x0, @u64=0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000002}, 0x4000080)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r7, 0x410, &(0x7f0000000080)={0x0, 0x1, 0x6, 0x1fd})
lsetxattr$security_capability(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4)
recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x40000000)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)

9.033628227s ago: executing program 2 (id=10103):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000007980)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}, {&(0x7f00000005c0)}], 0x2}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000880)="7035778905c2358b3ff9b75d1a3f836c8eb517894eeff6c3ee08f90b36b40ab65fe12942de6e899ac1c72c2b26cab39a23e073567e8b4f311f6f0ee91f1c21aaa91ec103706d8b0bb468babe142dc2fe14205b8b103eddb7dc4859df7a5435fb0ab98a9d090fda41c52411b0bc760b6395b38f4bb42e636f0e3cc18ea09098c449d270e9273c7f9b1ab34a93dc00f86fd9db692070cd76d050a18ecd11675465b23ad28cd927e5d819de8da2c0f7a116988133e822db0f855107e0fbf1f2f03b7036b252c56290a4eb70a44487c19c117db925981fc925b7c45967cdf3", 0xdd}, {&(0x7f00000002c0)="7c1a2d6c68f2b19af5ad5b3fbc13c1398f392d4e4912a47fd97c06e88e711432b971d95d781d72632d1369d5bc4db51e6dedbc9dd35219282a22db679e0734d6f64f608f7db61ee9dcba4b43f11d902fb9ba9566c7f94f39dbcae20665c5e1172a2ea6060acb92714a17ee6714dc06068795e0892d041d8c2f3559", 0x7b}, {&(0x7f0000000540)="08368fefde39d21623e23a9dd67b0c95a48022b4f407396964e4d1d2bcf1a7c71f16681007b08c6061a5a2e2aa144f9f9f3834323ffac830e41ec7ebe29248a7850257cedaaa8a54b1d65005dbd8fe4e86fc625d981ed8c6cd18", 0x5a}, {&(0x7f0000000980)="daa783cd66e6cbbbe761ae363ca91d0f8a1045df4f9a9cd7a8add41c38c00df6cea93ba7396c327f6ae2bcb858d08a21269be6091e8e362d6512bc51b29efdbb313d21d11c4b0a6bb9acd9d29146205ecd9ebff1ea64713b1d959b2bf125b17cece0048ad53d337e6c35da2be8696ea6a8eaf61db2fb466ad55972df50c67b8963976381a454b9763bfe1fe54c638f5d86e693734e2ee396eca7782d29c9d912eb34a80d30164b03624bf7d276c30426acfdfee3bb5a6242f7dc67863bdb918115b0cbc93171494957f635b068543b988682aaf6c00ba59923b259eb", 0xdc}, {&(0x7f0000000780)="e4562c344990b6edfba22eb307933df7454c92ad4d6266de0c508ecec4d22f530e2327f8d8edf73c54257bfc7bb393243b5fcd5f56a49650811e03b2796eb019de5647a4ff4f117a3aae", 0x4a}, {&(0x7f0000000b40)="2aa89dcc6d20cf5a732764f89bf238658cba80614e317b8304dae54c36f6e447b2b6cc36779a2bc14605bdf8b1beccc5fde0f08e0363a89d728c719de27252ce4ddb980418e0a63877d1df377f63b485e06bcee092556dc841358902ec2c010d4a462bf625f1ebd1b56b45aaf5340b9298d866fae9ec13b1c4", 0x79}], 0x6, &(0x7f0000000a80)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x7ff}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0xa0}}], 0x78}}, {{0x0, 0x0, &(0x7f0000001040)=[{0x0}, {&(0x7f0000000d40)="6af118351b2776a2d3525c5f4d7d1103d5d9ab595e516eea9d608d34b09b177f7054e74349a3d6157be1b300dc6c58ab781ab4accbe2aa3169693042c761ea0c193666e4373d7b8ec4f2e36176da156c728696ccdb3dede7b6915fe44e21f74dbebc602610838e539c6a3a7c8cefe2f69cce79f76376f57de01c5517a88714ac6c", 0x81}, {&(0x7f0000000e00)}], 0x3, &(0x7f00000010c0)=[@txtime={{0x18, 0x1, 0x3d, 0xffffffffffffffff}}, @mark={{0x14, 0x1, 0x24, 0xfe3}}, @txtime={{0x18, 0x1, 0x3d, 0x1000000000000}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x60}}, {{&(0x7f0000001380)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, 0x80, 0x0}}], 0x4, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002dc0)=ANY=[], 0x570}}], 0x1, 0x810)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x14, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x800)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73", 0xf82}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

7.869654844s ago: executing program 4 (id=10104):
openat$audio(0xffffffffffffff9c, &(0x7f0000000340), 0x48200, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
acct(&(0x7f0000000080)='./cgroup\x00')
r2 = socket$inet6(0xa, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000940)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x50, 0x10, 0x437, 0xfffffffe, 0x25dfdbff, {0x0, 0x0, 0x0, r5, 0x5f501}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}, @IFLA_GENEVE_TOS={0x5, 0x4, 0x1}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x40814)
sendmmsg$inet(r2, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @loopback}}}], 0x20}}], 0x1, 0x80)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000054000100040000000000000807", @ANYRES32, @ANYBLOB="00000000e1"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x40080)

7.755515561s ago: executing program 2 (id=10105):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
getuid()
writev(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00')
pread64(r4, &(0x7f0000000100)=""/253, 0xfd, 0xadc)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="64670feea1096f00003e660f38054c880f323e26640fb9a9c94f660fc7b27f1a360f09366764f4660fdd40e69a3a00e300baa000b0e5ee", 0x37}], 0x1, 0x6, 0x0, 0x0)

7.700795068s ago: executing program 0 (id=10106):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r3}, 0x38)

7.002454024s ago: executing program 4 (id=10107):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f0000002ec0)=[{{&(0x7f0000000340)=@un=@abs, 0x80, &(0x7f0000000680)=[{&(0x7f0000000780)=""/4095, 0xfff}, {&(0x7f0000001780)=""/247, 0xf7}, {&(0x7f0000001880)=""/74, 0x4a}], 0x3, &(0x7f0000001900)=""/246, 0xf6}, 0x7}, {{&(0x7f0000001a00)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001c80)=[{&(0x7f0000001a80)=""/246, 0xf6}, {&(0x7f0000001b80)=""/55, 0x37}, {&(0x7f0000001bc0)=""/187, 0xbb}], 0x3, &(0x7f0000001cc0)=""/54, 0x36}, 0xc}, {{&(0x7f0000001d00)=@ethernet, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001d80)=""/205, 0xcd}], 0x1, &(0x7f0000001ec0)=""/4096, 0x1000}}], 0x3, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0), 0x3a}, 0x48014)
sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000700)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}, {&(0x7f0000000500)="b41a8b3c3e28fdda55ef57e58e26250eb65af195e048f1fb784ef4a65ef2a532588d058ca9017a63cc9b181cf162132b7389ca4ce95636506788f101be36be75b55312713efaf78a855126e584aeb2c756fc0f3408a3f38983ca93e7f2d8854f3c57ff845801a0b1a20107a1783ab2617a87d14e932ed263c07a200722104e6d08ebd2a211f47e5c5a25cedc9ce70cd8b60dccef920321adf68be0bb85b31fb56c77cd1db26280f484cdafee113e985c0d141dab30f88b9d6fdafb060f42b2b7a7987c82dbc3acdc0e90653cb2a5cf4fd9b33b519855dfac", 0xd8}, {&(0x7f0000000640)="c648df69319a537d5f1b4fd0274cb4eb008f52059dbdd78839fd889e70da68f56277aacfc8d48d751449d76a75e5a5fdf59cc44b003f861c3c7a920dabe8", 0x3e}], 0x3, 0x0, 0x0, 0x1f000801}, 0x4040844)
recvmmsg(r1, 0x0, 0x0, 0x2101, 0x0)
syz_open_dev$vim2m(&(0x7f0000000040), 0xa, 0x2)
r3 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r3, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r3, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
modify_ldt$write(0x1, &(0x7f0000000000)={0xfff, 0x100000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000005200010003000000000000001c00f4ff07000100"], 0x1c}}, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000300)={0x3b, @loopback, 0x4e23, 0x3, 'lblc\x00', 0x1, 0xb4, 0x1a}, 0x2c)
lseek(0xffffffffffffffff, 0x0, 0x4)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x6)
mlock2(&(0x7f00003c6000/0x4000)=nil, 0x4000, 0x0)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, 0x0, 0x118)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x88fd537e5c114b6a, 0x12, r6, 0x665cd000)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000002c0)={0x1c, 0xcf4e74310708dfc5, 0xc})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003940)=[{{0x0, 0x32, 0x0}}], 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="9110ba000000000055f8050006000000a73b3dc8a6db80"], &(0x7f00000000c0)='GPL\x00'}, 0x94)

6.860140479s ago: executing program 2 (id=10108):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x437, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x5}, @IFLA_BOND_UPDELAY={0x8, 0x4, 0xff}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000280)={0x0, 0x99, 0xb, 0x0, 0x1, 0x5392, 0xc, 0x9, {0x0, @in6={{0xa, 0x4e20, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10}}, 0x81, 0x3, 0xc, 0x4b, 0x9}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd"], 0xe4}, 0x1, 0x0, 0x0, 0x4}, 0x20058840)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f00000001c0)=0x200000, 0x4)
getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f00000002c0), 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000003c0), 0x101000, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast2, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x28c, 0x4}, {0x7, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d6, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000, 0x5}}, 0xe8)
r5 = accept$netrom(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @null}, [@netrom, @remote, @rose, @bcast, @default, @rose, @null, @bcast]}, &(0x7f0000000180)=0x48)
accept$netrom(r5, &(0x7f0000000200)={{0x3, @bcast}, [@bcast, @bcast, @rose, @default, @netrom, @rose, @remote, @default]}, &(0x7f0000000280)=0x48)

5.846576291s ago: executing program 0 (id=10109):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000009c0)={0x1c, &(0x7f0000000680)=ANY=[], 0x0, 0x0})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r3, 0x891c, &(0x7f0000000080)={'wg2\x00', {0x2, 0x0, @private=0xfffffffc}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x80008, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x21010844}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="48000000140000012bbd7000fcdbdf210a8000004aeae8f8d0fb4a60ed824dd1cb7ed5a2f55e4970b02455b94e7556df7c4d8ec5909bb92edf1871178c6c16cf9e0e7d53c395f5b82807c76a2c1587bd362e556d4143b304072bb73210b7fc800ed5bd7b004348d12cc74ef28f4252c6ef09e5707fc7490d3f598b3c15b8b74d1db4a08687f69b3ceef718572d8289702ddf05749dcd0185f9444261b24d0d7ef6b35c31ada26fdcde2524cc59c0b99db7f41f9154fbd243b8050d1e6d7a9c35b9c4321c610f750da352a6e0d7a5781b9915184819138bdc557325e83989e0", @ANYRES32=0x0, @ANYBLOB="14000200ff01000000000000000000000000000114000200ff0200000000000000000000000000010800080004020000"], 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000845)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = fsopen(&(0x7f0000001240)='nfsd\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
fsmount(r7, 0x0, 0xe)
syz_extract_tcp_res(&(0x7f00000000c0), 0xd7, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000040)=0x7)

5.679791532s ago: executing program 1 (id=10110):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a000002"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a310000000014000380080001"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
gettid()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000280)={0x0, 0xf75, 0x9, '\x00', &(0x7f0000000200)=0x5})
lseek(r2, 0x2000, 0x0)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, 0x0, 0x0)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000180)={'dt2815\x00', [0xb, 0x9, 0x1, 0x0, 0x0, 0x6, 0x0, 0x7, 0x417, 0xff, 0x2, 0x1, 0x6, 0x2, 0x6, 0x0, 0x5, 0x0, 0x43, 0x40000003, 0x89, 0xb, 0xf27, 0x6, 0x6, 0x8, 0x5, 0x4, 0x8, 0x10000, 0xfffffff4, 0x6]})
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0)
ioctl$UFFDIO_WAKE(r5, 0x8010aa02, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x6000000, 0x6e073, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

5.602729959s ago: executing program 4 (id=10111):
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x5, &(0x7f0000000040)=0x29)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x20080000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000480)={{0x3, @null}, [@null, @null, @default, @bcast, @remote, @remote, @remote, @bcast]}, &(0x7f0000000440)=0x48, 0x100800)
accept$netrom(r5, &(0x7f00000003c0)={{}, [@default, @null, @rose, @default, @netrom, @rose, @remote, @null]}, &(0x7f00000002c0)=0x48)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r7 = dup(r6)
r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280), 0x1a1502, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r8, 0x40096102, 0x0)
listen(r7, 0x0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c3662, 0x0)
r10 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=<r11=>0x0, &(0x7f0000000500)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r10, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000003c0)=0x1)
accept4$vsock_stream(r7, 0x0, 0x58, 0x0)
sendmsg$inet(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10, 0x0, 0x0, &(0x7f0000001c80)=ANY=[], 0x2f8}, 0x20000080)

5.586827087s ago: executing program 3 (id=10112):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000007980)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}, {&(0x7f00000005c0)}], 0x2}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000880)="7035778905c2358b3ff9b75d1a3f836c8eb517894eeff6c3ee08f90b36b40ab65fe12942de6e899ac1c72c2b26cab39a23e073567e8b4f311f6f0ee91f1c21aaa91ec103706d8b0bb468babe142dc2fe14205b8b103eddb7dc4859df7a5435fb0ab98a9d090fda41c52411b0bc760b6395b38f4bb42e636f0e3cc18ea09098c449d270e9273c7f9b1ab34a93dc00f86fd9db692070cd76d050a18ecd11675465b23ad28cd927e5d819de8da2c0f7a116988133e822db0f855107e0fbf1f2f03b7036b252c56290a4eb70a44487c19c117db925981fc925b7c45967cdf3", 0xdd}, {&(0x7f00000002c0)="7c1a2d6c68f2b19af5ad5b3fbc13c1398f392d4e4912a47fd97c06e88e711432b971d95d781d72632d1369d5bc4db51e6dedbc9dd35219282a22db679e0734d6f64f608f7db61ee9dcba4b43f11d902fb9ba9566c7f94f39dbcae20665c5e1172a2ea6060acb92714a17ee6714dc06068795e0892d041d8c", 0x78}, {&(0x7f0000000540)="08368fefde39d21623e23a9dd67b0c95a48022b4f407396964e4d1d2bcf1a7c71f16681007b08c6061a5a2e2aa144f9f9f3834323ffac830e41ec7ebe29248a7850257ce", 0x44}, {&(0x7f0000000980)="daa783cd66e6cbbbe761ae363ca91d0f8a1045df4f9a9cd7a8add41c38c00df6cea93ba7396c327f6ae2bcb858d08a21269be6091e8e362d6512bc51b29efdbb313d21d11c4b0a6bb9acd9d29146205ecd9ebff1ea64713b1d959b2bf125b17cece0048ad53d337e6c35da2be8696ea6a8eaf61db2fb466ad55972df50c67b8963976381a454b9763bfe1fe54c638f5d86e693734e2ee396eca7782d29c9d912eb34a80d30164b03624bf7d276c30426acfdfee3bb5a6242f7dc67863bdb918115b0cbc93171494957f635b068543b988682aaf6c00ba59923b259eb", 0xdc}, {&(0x7f0000000780)="e4562c344990b6edfba22eb307933df7454c92ad4d6266de0c508ecec4d22f530e2327f8d8edf73c54257bfc7bb393243b5fcd5f56a49650811e03b2796eb019de5647a4ff4f117a3aae441e9826d45c4cfb9edb82ca009ecadf936755db280697d8fc0fc9a664186582b44242e82bd682a992b95c8724de45f89bb6fee4b7346cb39028e0ed564a02041ea3bfa729481fc09e97", 0x94}, {&(0x7f0000000b40)="2aa89dcc6d20cf5a732764f89bf238658cba80614e317b8304dae54c36f6e447b2b6cc36779a2bc14605bdf8b1beccc5fde0f08e0363a89d728c719de27252ce4ddb980418e0a63877d1df377f63b485e06bcee092556dc841358902ec2c010d4a462bf625f1ebd1b56b45aaf5340b9298d866fae9ec13b1c4b5736e8e98b0f07466b5d9685ec2c7300d", 0x8a}], 0x6, &(0x7f0000000a80)=[@mark={{0x14, 0x1, 0x24, 0x6}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @txtime={{0x18, 0x1, 0x3d, 0x7ff}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @timestamping={{0x14, 0x1, 0x25, 0xa0}}], 0x78}}, {{0x0, 0x0, &(0x7f0000001040)=[{0x0}, {&(0x7f0000000d40)="6af118351b2776a2d3525c5f4d7d1103d5d9ab595e516eea9d608d34b09b177f7054e74349a3d6157be1b300dc6c58ab781ab4accbe2aa3169693042c761ea0c193666e4373d7b8ec4f2e36176da156c728696ccdb3dede7b6915fe44e21f74dbebc602610838e539c6a3a7c8cefe2f69cce79f76376f57de01c5517a88714ac6c", 0x81}, {0x0}, {0x0}, {&(0x7f0000000f80)}], 0x5, &(0x7f00000010c0)=[@mark={{0x14, 0x1, 0x24, 0xfe3}}, @txtime={{0x18, 0x1, 0x3d, 0x1000000000000}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x48}}, {{&(0x7f0000001380)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}, 0x80, 0x0}}], 0x4, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002dc0)=ANY=[], 0x570}}], 0x1, 0x810)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x14, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x40040}, 0x800)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040), 0x0, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.397463193s ago: executing program 4 (id=10113):
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xb635773f04ebbeec, 0x8031, 0xffffffffffffffff, 0x40eac000)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
madvise(&(0x7f000079a000/0x2000)=nil, 0x2000, 0xd)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001380), 0x0, 0x0)
r1 = socket$caif_seqpacket(0x25, 0x5, 0x1)
sendto(r1, 0x0, 0x0, 0x80, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
close(0xffffffffffffffff)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0x10)
mprotect(&(0x7f0000dcd000/0x2000)=nil, 0x2000, 0x1)
io_uring_enter(0xffffffffffffffff, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x26e5)
prlimit64(0x0, 0x6, &(0x7f0000000200)={0x8, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x400280)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="f1b0923c83f7041a3783fd6c82f4a49317a889b57e32f3da76bed85b79f38f29e9bee29c5540a2a0de325b667da402a52a36faecb3db608b95b1fdd87fa722c9fa5ea39be925e494eb1d5b89452d35f9d2416ab00840d80fdf4b94bbb80908d04ab3ed59048a8850c3bffe12f9867169ff33a2d7ce8550cb1b99ff03aa582d4a733769caa00b1ef932c38db3eb6428171dc703877ede13e1b95dc40787548962053eeb6a3ba37276e8e471d04dc9209f0888bfd188ff8d", @ANYRES16=r1])
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$TIOCSPGRP(r0, 0x5410, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[], 0x0, 0x33, 0x0, 0x8, 0x80000005}, 0x28)
socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(0xffffffffffffffff, 0xe503, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)

3.298385754s ago: executing program 1 (id=10114):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x11, 0xffffffffffffffff, 0x23ae000)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd, 0xc000001, &(0x7f0000000a00)=[{&(0x7f0000000c80)=""/197, 0xc5}, {&(0x7f00000004c0)=""/192, 0xc0}, {&(0x7f0000000580)=""/152, 0x98}, {&(0x7f0000000b80)=""/220, 0xdc}, {0x0}, {&(0x7f0000000800)=""/203, 0xcb}, {&(0x7f0000000900)=""/182, 0xb6}, {&(0x7f0000000140)=""/125, 0x7d}, {0x0}], 0x9, 0x12})
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_int(r4, &(0x7f0000000140)=0x100000001, 0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYRESHEX=r5], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
stat(0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@mcast1, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, r6}, {0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x0, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x2}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c)
r7 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r7, 0x80047c05, &(0x7f00000006c0)=<r8=>0xffffffffffffffff)
ppoll(&(0x7f0000000240)=[{r8, 0x801a}], 0x1, 0x0, 0x0, 0x0)
ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, &(0x7f0000000000))
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)

3.218441783s ago: executing program 3 (id=10115):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0x6, 0x0, &(0x7f0000000280)="009e14f088a8", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x49478}, 0x50)

3.16550933s ago: executing program 2 (id=10116):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
r2 = dup(r0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e23, @multicast1}}, 0x7, 0x1, 0xf06, 0x228f, 0x94, 0x7f, 0x9}, 0x9c)
pipe2$9p(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000028c0)=@newtfilter={0x34, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0xfff3}, {}, {0x0, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
write$P9_RSETATTR(r4, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a)
splice(r3, 0x0, r0, 0x0, 0x20000000000002, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
r7 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r7, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r8, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r9, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
write$nbd(r1, &(0x7f0000000100)={0x67446698, 0x0, 0x3, 0x0, 0x1}, 0x10)

2.679479067s ago: executing program 0 (id=10117):
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x5, &(0x7f0000000040)=0x29)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x20080000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000480)={{0x3, @null}, [@null, @null, @default, @bcast, @remote, @remote, @remote, @bcast]}, &(0x7f0000000440)=0x48, 0x100800)
accept$netrom(r5, &(0x7f00000003c0)={{}, [@default, @null, @rose, @default, @netrom, @rose, @remote, @null]}, &(0x7f00000002c0)=0x48)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$IOCTL_START_ACCEL_DEV(0xffffffffffffffff, 0x40096102, 0x0)
listen(0xffffffffffffffff, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c3662, 0x0)
r7 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=<r8=>0x0, &(0x7f0000000500)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000003c0)=0x1)
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x58, 0x0)
sendmsg$inet(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10, 0x0, 0x0, &(0x7f0000001c80)=ANY=[], 0x2f8}, 0x20000080)

2.662281851s ago: executing program 3 (id=10118):
socket(0xa, 0x2, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
fcntl$dupfd(r0, 0x0, r0)
socket$netlink(0x10, 0x3, 0x4)
socket(0x10, 0x803, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
epoll_create1(0x80000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0xc2, 0x0, 0x7fff0005}]})
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x111, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x2, @empty, 0xa09c}, {0xa, 0x2, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x39}}, 0xffffffffffffffff, 0x40099d}}, 0x37)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300))
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0xff7ffffb}, 0x8)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)

1.45672666s ago: executing program 3 (id=10119):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xb, 0xc, 0x4, 0xc4f, 0x1, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r3}, 0x38)

1.395470219s ago: executing program 2 (id=10120):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="180000080000000000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600}}, 0x20)
r4 = socket$inet(0x2, 0x5, 0x0)
sendto$inet(r4, &(0x7f0000000140)='\a', 0x1, 0x40, &(0x7f00000002c0)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
getsockopt$sock_int(r5, 0x1, 0x13, 0x0, &(0x7f0000000000))
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x401, 0x3, 0xff, 0x0, 0x1}, 0x8)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x88201, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
dup(r6)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000dc0)={0x0, 0x4, 0x0, 0x0, 0x1b, "0062ba7d820700000000000000000000096304"})
r7 = syz_open_pts(r6, 0x80)
dup3(r7, r6, 0x80000)
read(r6, &(0x7f00000005c0)=""/228, 0xe4)

1.38709624s ago: executing program 0 (id=10121):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$KDSKBMETA(0xffffffffffffffff, 0x4b63, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0xf1ff, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001780)=@newtfilter={0x884, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {}, {0x2, 0xe}}, [@filter_kind_options=@f_flow={{0x9}, {0x84c, 0x2, [@TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x400, 0x7f, 0x2, 0x4, 0x1, 0x9, 0x0, 0x10000, 0x2, 0x9, 0x4, 0x0, 0x3, 0x3, 0x0, 0x7, 0x40, 0xfffe000, 0x3, 0xffffffff, 0x2, 0xec, 0x0, 0x445a, 0x735, 0x400, 0x1, 0xc, 0xfffffff9, 0x8, 0x1ff, 0x8, 0x4, 0x2bf5, 0xfbd7, 0x101, 0x101, 0x0, 0x1, 0x7fff, 0x6e39, 0x7, 0x80, 0xa48, 0x9, 0xff, 0x2, 0x8, 0x9, 0x4, 0x0, 0x10000000, 0x6, 0xffffffff, 0x3, 0x2, 0x8, 0x40, 0x0, 0x9ae, 0x9, 0x8, 0x7, 0x58, 0x0, 0x8, 0x5, 0x4, 0x2, 0x8913, 0x6, 0x7fff, 0x5, 0x6, 0x1, 0xc, 0x6, 0xe, 0x1, 0x10000, 0x4, 0xfffffffc, 0x4, 0x100, 0x5, 0x8, 0x75, 0x5, 0x6, 0xb, 0x46c, 0x4, 0x4, 0x1, 0x8, 0x5, 0x9, 0x7fffffff, 0xffc, 0x80000001, 0xd6, 0x7, 0x4, 0x3, 0xfff, 0xb, 0x2, 0x4, 0x8, 0x7f, 0x9, 0x14000000, 0x8, 0x4, 0x7, 0x400, 0xff, 0x6, 0x7, 0x8, 0x4, 0x3, 0x80000001, 0x274d, 0x4, 0x80000001, 0x6, 0xcf60, 0x4, 0x8, 0x1, 0x9, 0x7, 0x4, 0x6, 0x4, 0x81, 0x8, 0xb, 0xfa, 0x7, 0xd, 0x5, 0xffffffff, 0x7, 0x4, 0x6, 0x3, 0x6, 0x7f, 0x8, 0x81, 0xfffeffff, 0x7, 0x8, 0xffff2749, 0x0, 0x8001, 0x4, 0x5, 0x9, 0x81, 0x5c6a834b, 0x1, 0x7, 0x9, 0x4, 0x8, 0x9, 0x5, 0x1, 0x6, 0x5, 0x1, 0x10000000, 0x8, 0x9, 0x4, 0x9, 0x5, 0x0, 0xb168, 0xde7, 0x6, 0x2, 0x5, 0x9, 0x6, 0x7, 0x6643, 0x9, 0x5fd4, 0x2, 0xfffffffd, 0x9, 0x8, 0x1, 0x10000, 0x80, 0x2, 0x9, 0xe3, 0x3, 0x6, 0x2e5f, 0xc819, 0x8, 0x0, 0x8, 0x5, 0x9, 0x1, 0x7ff, 0x5, 0x400, 0x5, 0x0, 0x1ff, 0x1, 0x5, 0x8001, 0x1, 0x1, 0xfd, 0x8, 0x9, 0x2, 0x80000001, 0x0, 0x2, 0x1000, 0xae, 0x790, 0x3ff, 0x7, 0x3, 0x3, 0x4, 0xc4b, 0xe4a, 0xfffffc01, 0xff, 0x0, 0xff, 0x7ff, 0x7, 0x8, 0x8, 0x8, 0x1000, 0x3aaf, 0x23546785, 0x3, 0x7, 0x3]}, @TCA_POLICE_RATE={0x404, 0x2, [0x7f, 0x2, 0x9, 0xe5c, 0x8, 0x1, 0x0, 0x6, 0x3, 0x800, 0x6, 0x6, 0x79c, 0x5, 0x1, 0x4, 0x3, 0x101, 0x0, 0x4, 0xe0e, 0x4b, 0x7, 0x5a, 0x8, 0x0, 0x2, 0x800, 0x9, 0x7, 0x0, 0x2, 0x1000, 0xa, 0x9, 0x7, 0x1, 0x9, 0x1, 0xfffffff9, 0xfff, 0x7, 0x3, 0x4, 0x8, 0x3, 0xb01d, 0x0, 0x1000, 0x2a7a, 0x9, 0x3, 0x9, 0x0, 0x200, 0x0, 0x3, 0xb, 0x7, 0x0, 0xfffffffe, 0x9, 0x8, 0xfffffffb, 0x8, 0x10, 0x8001, 0x7, 0x7, 0x7fff, 0xa66, 0x8, 0x3, 0x8, 0x9, 0x9d, 0x15d3, 0x4, 0x9, 0x81, 0x0, 0x7, 0x1ff0, 0x7, 0x3ff, 0x430c8601, 0x3, 0x9, 0x200, 0xffff8000, 0x4, 0xfff, 0xa, 0x4, 0x240, 0x4d, 0x4, 0x9, 0x0, 0x4, 0x40, 0x4, 0x7, 0x2, 0x400002, 0x0, 0x10000, 0x7e4d, 0x8, 0x2, 0x8, 0x5, 0x3, 0x7, 0xff, 0x6, 0xdce, 0x6b, 0xffffff7f, 0x7a3b874e, 0x1, 0x3, 0x5, 0xba1b, 0x0, 0x801, 0xc32b, 0x7f, 0x80000000, 0x8, 0x1, 0x85, 0xfff, 0x8, 0x3, 0xfffffffc, 0x9, 0xfffffe00, 0xdb, 0x9, 0x1, 0x800, 0xcda2, 0x7, 0x7, 0x6, 0xba4, 0xb4, 0x4, 0x2, 0xf525, 0x7, 0x3, 0x200, 0x80000001, 0x5, 0x6, 0x1ff, 0xc00, 0xc43, 0x1, 0xffffffff, 0xabd2, 0xfffff69d, 0x2, 0x2bf24db6, 0x10, 0x10000, 0x8, 0x7, 0xfffffff8, 0x81, 0x1, 0xdc7b, 0x9d2b, 0x1, 0xf3da, 0xa, 0x5, 0xfffffff9, 0x8, 0x90000000, 0x6, 0x0, 0x5e9, 0xfffff001, 0x0, 0x10001, 0x1000, 0x3, 0x4, 0xfffffffd, 0xfffffffd, 0x5, 0x80000001, 0x0, 0x4, 0xfffffff7, 0x4bf9ab00, 0x0, 0x7, 0x1000, 0x5fb, 0x73, 0xa963, 0x800, 0x0, 0x401, 0xfffffffd, 0x7, 0xa, 0x6, 0x3660, 0x0, 0x3ff, 0xfffffffd, 0x8, 0x9e, 0x4, 0x7, 0x4, 0xfa, 0xffff, 0x8, 0xffff, 0x9, 0x3, 0xe5cf, 0x2, 0x5, 0x8, 0x0, 0x0, 0x200, 0x484, 0x7d2479be, 0x8, 0x1, 0x100, 0x3, 0x3, 0x80000000, 0xfffffff8, 0x5, 0x10, 0x1, 0xffffffff, 0x81, 0x1, 0x5, 0x9, 0x101, 0x9, 0x830b, 0xffff, 0xca]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x7, 0x20000000, 0x4, 0x2, 0xfffffffe, {0x2, 0x1, 0x49, 0x7, 0x5, 0x3}, {0x10, 0x0, 0x4, 0x7, 0xb0a, 0x900}, 0x2, 0x0, 0x5}}]}]}}, @TCA_RATE={0x6, 0x5, {0x7f, 0x9}}]}, 0x884}, 0x1, 0x0, 0x0, 0x40004}, 0x4000804)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @empty}, 0x1c)

336.838244ms ago: executing program 3 (id=10122):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x2c, r1, 0x5, 0x300, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x24000000)

103.398894ms ago: executing program 4 (id=10123):
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x5, &(0x7f0000000040)=0x29)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x20080000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000480)={{0x3, @null}, [@null, @null, @default, @bcast, @remote, @remote, @remote, @bcast]}, &(0x7f0000000440)=0x48, 0x100800)
accept$netrom(r4, &(0x7f00000003c0)={{}, [@default, @null, @rose, @default, @netrom, @rose, @remote, @null]}, &(0x7f00000002c0)=0x48)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r6 = dup(r5)
r7 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280), 0x1a1502, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r7, 0x40096102, 0x0)
listen(r6, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c3662, 0x0)
r9 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=<r10=>0x0, &(0x7f0000000500)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r9, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f00000003c0)=0x1)
accept4$vsock_stream(r6, 0x0, 0x58, 0x0)
sendmsg$inet(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10, 0x0, 0x0, &(0x7f0000001c80)=ANY=[], 0x2f8}, 0x20000080)

96.632079ms ago: executing program 2 (id=10124):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000600)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xb}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

0s ago: executing program 3 (id=10125):
r0 = socket$kcm(0x2b, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x5, &(0x7f0000000040)=0x29)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x20080000, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000480)={{0x3, @null}, [@null, @null, @default, @bcast, @remote, @remote, @remote, @bcast]}, &(0x7f0000000440)=0x48, 0x100800)
accept$netrom(r5, &(0x7f00000003c0)={{}, [@default, @null, @rose, @default, @netrom, @rose, @remote, @null]}, &(0x7f00000002c0)=0x48)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r7 = dup(r6)
r8 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280), 0x1a1502, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r8, 0x40096102, 0x0)
listen(r7, 0x0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c3662, 0x0)
r10 = syz_io_uring_setup(0xed0, &(0x7f0000000400)={0x0, 0x100002, 0x10300, 0x2}, &(0x7f0000000100)=<r11=>0x0, &(0x7f0000000500)=<r12=>0x0)
syz_io_uring_submit(r11, r12, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r10, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000003c0)=0x1)
accept4$vsock_stream(r7, 0x0, 0x58, 0x0)
sendmsg$inet(r0, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10, 0x0, 0x0, &(0x7f0000001c80)=ANY=[], 0x2f8}, 0x20000080)

kernel console output (not intermixed with test programs):

00000000000001
[ 2316.406876][ T7518] R13: 00007f826a9e6128 R14: 00007f826a9e6090 R15: 00007ffe7df33ba8
[ 2316.406892][ T7518]  </TASK>
[ 2318.449465][ T7536] netlink: 'syz.3.9156': attribute type 1 has an invalid length.
[ 2319.570566][   T30] audit: type=1400 audit(1768275186.850:1273): avc:  denied  { write } for  pid=7532 comm="syz.1.9158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 2319.635593][ T7544] FAULT_INJECTION: forcing a failure.
[ 2319.635593][ T7544] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2319.781184][ T7544] CPU: 1 UID: 0 PID: 7544 Comm: syz.0.9159 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2319.781206][ T7544] Tainted: [L]=SOFTLOCKUP
[ 2319.781210][ T7544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2319.781218][ T7544] Call Trace:
[ 2319.781223][ T7544]  <TASK>
[ 2319.781228][ T7544]  dump_stack_lvl+0x16c/0x1f0
[ 2319.781251][ T7544]  should_fail_ex+0x512/0x640
[ 2319.781272][ T7544]  _copy_to_user+0x32/0xd0
[ 2319.781291][ T7544]  simple_read_from_buffer+0xcb/0x170
[ 2319.781309][ T7544]  proc_fail_nth_read+0x197/0x240
[ 2319.781323][ T7544]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2319.781335][ T7544]  ? rw_verify_area+0xcf/0x6c0
[ 2319.781354][ T7544]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2319.781366][ T7544]  vfs_read+0x1e4/0xcf0
[ 2319.781381][ T7544]  ? __pfx___mutex_lock+0x10/0x10
[ 2319.781399][ T7544]  ? __pfx_vfs_read+0x10/0x10
[ 2319.781418][ T7544]  ? __fget_files+0x20e/0x3c0
[ 2319.781439][ T7544]  ksys_read+0x12a/0x250
[ 2319.781452][ T7544]  ? __pfx_ksys_read+0x10/0x10
[ 2319.781467][ T7544]  ? fput+0x70/0xf0
[ 2319.781479][ T7544]  do_syscall_64+0xcd/0xf80
[ 2319.781496][ T7544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2319.781508][ T7544] RIP: 0033:0x7f08a298e15c
[ 2319.781518][ T7544] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 2319.781530][ T7544] RSP: 002b:00007f08a38c9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2319.781541][ T7544] RAX: ffffffffffffffda RBX: 00007f08a2be5fa0 RCX: 00007f08a298e15c
[ 2319.781549][ T7544] RDX: 000000000000000f RSI: 00007f08a38c90a0 RDI: 0000000000000004
[ 2319.781557][ T7544] RBP: 00007f08a38c9090 R08: 0000000000000000 R09: 0000000000000000
[ 2319.781563][ T7544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2319.781570][ T7544] R13: 00007f08a2be6038 R14: 00007f08a2be5fa0 R15: 00007ffc66fb4378
[ 2319.781586][ T7544]  </TASK>
[ 2319.790861][ T7546] tipc: Started in network mode
[ 2319.991256][ T7546] tipc: Node identity ae55912a2c21, cluster identity 4711
[ 2320.000629][ T7546] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2320.048282][ T7550] syzkaller0: entered promiscuous mode
[ 2320.147631][ T7550] syzkaller0: entered allmulticast mode
[ 2320.351165][ T7537] tipc: Resetting bearer <eth:syzkaller0>
[ 2320.451417][ T7537] tipc: Disabling bearer <eth:syzkaller0>
[ 2320.821472][ T7563] comedi comedi3: comedi_config --init_data is deprecated
[ 2320.849158][ T7563] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9153'.
[ 2320.886932][ T7564] FAULT_INJECTION: forcing a failure.
[ 2320.886932][ T7564] name failslab, interval 1, probability 0, space 0, times 0
[ 2321.023840][ T7564] CPU: 1 UID: 0 PID: 7564 Comm: syz.0.9164 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2321.023874][ T7564] Tainted: [L]=SOFTLOCKUP
[ 2321.023881][ T7564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2321.023894][ T7564] Call Trace:
[ 2321.023901][ T7564]  <TASK>
[ 2321.023909][ T7564]  dump_stack_lvl+0x16c/0x1f0
[ 2321.023939][ T7564]  should_fail_ex+0x512/0x640
[ 2321.023967][ T7564]  ? fs_reclaim_acquire+0xae/0x150
[ 2321.023995][ T7564]  should_failslab+0xc2/0x120
[ 2321.024021][ T7564]  __kmalloc_noprof+0xeb/0x910
[ 2321.024051][ T7564]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2321.024084][ T7564]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2321.024110][ T7564]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 2321.024139][ T7564]  ? tomoyo_profile+0x47/0x60
[ 2321.024170][ T7564]  tomoyo_path_number_perm+0x245/0x580
[ 2321.024193][ T7564]  ? tomoyo_path_number_perm+0x237/0x580
[ 2321.024218][ T7564]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2321.024249][ T7564]  ? find_held_lock+0x2b/0x80
[ 2321.024282][ T7564]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2321.024307][ T7564]  ? irqentry_exit+0x1dd/0x8c0
[ 2321.024346][ T7564]  ? hook_file_ioctl_common+0x36/0x410
[ 2321.024375][ T7564]  ? hook_file_ioctl_common+0xc4/0x410
[ 2321.024405][ T7564]  ? hook_file_ioctl_common+0x144/0x410
[ 2321.024440][ T7564]  ? __fget_files+0x20e/0x3c0
[ 2321.024471][ T7564]  security_file_ioctl+0x9b/0x240
[ 2321.024503][ T7564]  __x64_sys_ioctl+0xb7/0x210
[ 2321.024528][ T7564]  do_syscall_64+0xcd/0xf80
[ 2321.024554][ T7564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2321.024574][ T7564] RIP: 0033:0x7f08a298f749
[ 2321.024590][ T7564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2321.024609][ T7564] RSP: 002b:00007f08a3887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2321.024629][ T7564] RAX: ffffffffffffffda RBX: 00007f08a2be6180 RCX: 00007f08a298f749
[ 2321.024642][ T7564] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 2321.024654][ T7564] RBP: 00007f08a3887090 R08: 0000000000000000 R09: 0000000000000000
[ 2321.024666][ T7564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2321.024678][ T7564] R13: 00007f08a2be6218 R14: 00007f08a2be6180 R15: 00007ffc66fb4378
[ 2321.024714][ T7564]  </TASK>
[ 2321.024772][ T7564] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2321.465536][   T30] audit: type=1400 audit(1768275188.920:1274): avc:  denied  { bind } for  pid=7565 comm="syz.2.9165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 2321.591124][   T30] audit: type=1400 audit(1768275189.000:1275): avc:  denied  { getopt } for  pid=7565 comm="syz.2.9165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 2323.521749][ T7592] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9171'.
[ 2323.890025][ T7595] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 2324.574100][ T7583] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[ 2324.591738][ T7583] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[ 2324.621266][ T7583] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 2325.544098][ T7605] netlink: 'syz.1.9173': attribute type 10 has an invalid length.
[ 2325.584571][ T7605] 8021q: adding VLAN 0 to HW filter on device team0
[ 2325.596253][ T7605] bond0: (slave team0): Enslaving as an active interface with an up link
[ 2326.177972][ T7601] delete_channel: no stack
[ 2326.301158][ T7442] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 2327.014267][ T7442] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 2327.023518][ T7442] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2327.041070][ T7442] usb 3-1: Product: syz
[ 2327.046732][ T7442] usb 3-1: Manufacturer: syz
[ 2327.058951][ T7442] usb 3-1: SerialNumber: syz
[ 2327.095979][ T7442] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 2327.125632][ T5936] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 2328.232066][ T5936] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[ 2328.232579][ T7619] input: syz0 as /devices/virtual/input/input192
[ 2328.239267][ T5936] ath9k_htc: Failed to initialize the device
[ 2328.468936][ T5936] usb 3-1: ath9k_htc: USB layer deinitialized
[ 2328.728586][   T30] audit: type=1400 audit(1768275196.310:1276): avc:  denied  { getopt } for  pid=7627 comm="syz.1.9180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 2328.783518][   T30] audit: type=1400 audit(1768275196.310:1277): avc:  denied  { ioctl } for  pid=7627 comm="syz.1.9180" path="socket:[303097]" dev="sockfs" ino=303097 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 2328.823065][ T7630] syzkaller0: entered promiscuous mode
[ 2328.828579][ T7630] syzkaller0: entered allmulticast mode
[ 2328.882348][ T7639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2328.944849][ T7639] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2329.361444][   T24] usb 3-1: USB disconnect, device number 109
[ 2331.228875][ T7655] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2331.372401][T27271] IPVS: starting estimator thread 0...
[ 2331.481807][ T7657] IPVS: using max 65 ests per chain, 156000 per kthread
[ 2331.634207][ T7660] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9187'.
[ 2333.756850][ T7675] input: syz0 as /devices/virtual/input/input193
[ 2334.348676][ T7678] netlink: 96 bytes leftover after parsing attributes in process `syz.4.9191'.
[ 2335.161537][ T7680] FAULT_INJECTION: forcing a failure.
[ 2335.161537][ T7680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2335.201133][ T7680] CPU: 0 UID: 0 PID: 7680 Comm: syz.3.9192 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2335.201169][ T7680] Tainted: [L]=SOFTLOCKUP
[ 2335.201177][ T7680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2335.201190][ T7680] Call Trace:
[ 2335.201198][ T7680]  <TASK>
[ 2335.201207][ T7680]  dump_stack_lvl+0x16c/0x1f0
[ 2335.201239][ T7680]  should_fail_ex+0x512/0x640
[ 2335.201273][ T7680]  _copy_from_user+0x2e/0xd0
[ 2335.201302][ T7680]  core_sys_select+0x35b/0xc20
[ 2335.201337][ T7680]  ? __pfx_core_sys_select+0x10/0x10
[ 2335.201397][ T7680]  ? set_user_sigmask+0x21b/0x2b0
[ 2335.201420][ T7680]  ? __pfx_set_user_sigmask+0x10/0x10
[ 2335.201445][ T7680]  do_pselect.constprop.0+0x19f/0x1e0
[ 2335.201469][ T7680]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 2335.201502][ T7680]  __x64_sys_pselect6+0x182/0x240
[ 2335.201525][ T7680]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 2335.201554][ T7680]  do_syscall_64+0xcd/0xf80
[ 2335.201579][ T7680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2335.201596][ T7680] RIP: 0033:0x7fe28ad8f749
[ 2335.201613][ T7680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2335.201629][ T7680] RSP: 002b:00007fe28bcd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 2335.201645][ T7680] RAX: ffffffffffffffda RBX: 00007fe28afe5fa0 RCX: 00007fe28ad8f749
[ 2335.201654][ T7680] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 2335.201661][ T7680] RBP: 00007fe28bcd5090 R08: 0000000000000000 R09: 0000000000000000
[ 2335.201668][ T7680] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 2335.201674][ T7680] R13: 00007fe28afe6038 R14: 00007fe28afe5fa0 R15: 00007ffdfa5b7bc8
[ 2335.201690][ T7680]  </TASK>
[ 2335.389235][   T30] audit: type=1400 audit(1768275202.970:1278): avc:  denied  { shutdown } for  pid=7679 comm="syz.3.9192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 2338.596099][ T7700] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9200'.
[ 2339.410592][ T7714] 9p: Bad value for 'port'
[ 2339.437698][ T7714] kAFS: unable to lookup cell '(,c¾ûL'
[ 2339.509834][ T7716] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2339.761716][ T7726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9205'.
[ 2341.017054][ T7734] netlink: 'syz.3.9207': attribute type 21 has an invalid length.
[ 2341.025276][ T7734] IPv6: NLM_F_CREATE should be specified when creating new route
[ 2341.034701][ T7734] netlink: 'syz.3.9207': attribute type 1 has an invalid length.
[ 2341.516730][ T7739] mkiss: ax0: crc mode is auto.
[ 2342.264549][ T7748] netlink: 48 bytes leftover after parsing attributes in process `syz.3.9213'.
[ 2344.414562][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2344.421134][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2345.991190][ T7786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9220'.
[ 2347.068330][ T7802] mkiss: ax0: crc mode is auto.
[ 2350.415381][ T7814] FAULT_INJECTION: forcing a failure.
[ 2350.415381][ T7814] name failslab, interval 1, probability 0, space 0, times 0
[ 2350.449645][ T7814] CPU: 0 UID: 0 PID: 7814 Comm: syz.4.9229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2350.449669][ T7814] Tainted: [L]=SOFTLOCKUP
[ 2350.449673][ T7814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2350.449681][ T7814] Call Trace:
[ 2350.449686][ T7814]  <TASK>
[ 2350.449691][ T7814]  dump_stack_lvl+0x16c/0x1f0
[ 2350.449712][ T7814]  should_fail_ex+0x512/0x640
[ 2350.449730][ T7814]  ? fs_reclaim_acquire+0xae/0x150
[ 2350.449748][ T7814]  should_failslab+0xc2/0x120
[ 2350.449764][ T7814]  __kmalloc_noprof+0xeb/0x910
[ 2350.449784][ T7814]  ? tomoyo_encode2+0x100/0x3e0
[ 2350.449804][ T7814]  ? tomoyo_encode2+0x100/0x3e0
[ 2350.449818][ T7814]  tomoyo_encode2+0x100/0x3e0
[ 2350.449835][ T7814]  tomoyo_encode+0x29/0x50
[ 2350.449850][ T7814]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 2350.449867][ T7814]  ? tomoyo_profile+0x47/0x60
[ 2350.449886][ T7814]  tomoyo_path_number_perm+0x245/0x580
[ 2350.449898][ T7814]  ? tomoyo_path_number_perm+0x237/0x580
[ 2350.449913][ T7814]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2350.449927][ T7814]  ? find_held_lock+0x2b/0x80
[ 2350.449958][ T7814]  ? find_held_lock+0x2b/0x80
[ 2350.449979][ T7814]  ? hook_file_ioctl_common+0x144/0x410
[ 2350.450000][ T7814]  ? __fget_files+0x20e/0x3c0
[ 2350.450019][ T7814]  security_file_ioctl+0x9b/0x240
[ 2350.450036][ T7814]  __x64_sys_ioctl+0xb7/0x210
[ 2350.450050][ T7814]  do_syscall_64+0xcd/0xf80
[ 2350.450067][ T7814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2350.450079][ T7814] RIP: 0033:0x7f826a78f749
[ 2350.450089][ T7814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2350.450100][ T7814] RSP: 002b:00007f826b620038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2350.450112][ T7814] RAX: ffffffffffffffda RBX: 00007f826a9e5fa0 RCX: 00007f826a78f749
[ 2350.450120][ T7814] RDX: 0000200000000240 RSI: 000000000000894b RDI: 0000000000000003
[ 2350.450127][ T7814] RBP: 00007f826b620090 R08: 0000000000000000 R09: 0000000000000000
[ 2350.450133][ T7814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2350.450139][ T7814] R13: 00007f826a9e6038 R14: 00007f826a9e5fa0 R15: 00007ffe7df33ba8
[ 2350.450155][ T7814]  </TASK>
[ 2350.450173][ T7814] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2351.116647][ T7820] __vm_enough_memory: pid: 7820, comm: syz.4.9231, bytes: 4503599627366400 not enough memory for the allocation
[ 2351.305848][ T7822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9231'.
[ 2352.627345][ T7844] mkiss: ax0: crc mode is auto.
[ 2355.161506][ T7891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9250'.
[ 2357.925207][ T7920] mkiss: ax0: crc mode is auto.
[ 2363.399693][ T7960] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9266'.
[ 2365.252475][ T7975] mkiss: ax0: crc mode is auto.
[ 2365.713262][ T7979] overlayfs: failed to resolve './file0': -2
[ 2366.290248][ T3665] Bluetooth: Error in BCSP hdr checksum
[ 2367.870752][ T7988] ip6gre1: entered promiscuous mode
[ 2367.922850][ T7988] ip6gre1: entered allmulticast mode
[ 2368.011274][ T5822] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 2370.138107][ T8027] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2370.980324][ T8035] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9283'.
[ 2372.100108][ T8027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9280'.
[ 2372.995179][ T8049] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2374.255809][ T8063] input: syz0 as /devices/virtual/input/input195
[ 2374.765790][ T8065] dlm: plock device version mismatch: kernel (1.2.0), user (1.33554432.0)
[ 2375.979223][   T30] audit: type=1400 audit(1768275243.550:1279): avc:  denied  { recv } for  pid=5800 comm="syz-executor" saddr=10.128.0.169 src=30006 daddr=10.128.0.73 dest=47248 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[ 2376.215347][ T6856] libceph: connect (1)[c::]:6789 error -101
[ 2376.215512][ T6856] libceph: mon0 (1)[c::]:6789 connect error
[ 2376.230277][ T8089] mkiss: ax0: crc mode is auto.
[ 2376.535031][ T8088] ceph: No mds server is up or the cluster is laggy
[ 2376.648704][ T8094] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2376.667921][   T24] libceph: connect (1)[c::]:6789 error -101
[ 2376.693217][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 2379.850295][ T8094] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9296'.
[ 2380.272071][   T30] audit: type=1400 audit(1768275247.850:1280): avc:  denied  { egress } for  pid=8112 comm="syz.1.9299" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[ 2380.539659][ T8117] ip6gre0: left promiscuous mode
[ 2380.554046][   T30] audit: type=1400 audit(1768275247.850:1281): avc:  denied  { sendto } for  pid=8112 comm="syz.1.9299" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[ 2380.607408][ T8117] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2381.473786][ T8129] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9302'.
[ 2382.024860][ T8140] FAULT_INJECTION: forcing a failure.
[ 2382.024860][ T8140] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2382.501345][ T8140] CPU: 1 UID: 0 PID: 8140 Comm: syz.1.9305 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2382.501377][ T8140] Tainted: [L]=SOFTLOCKUP
[ 2382.501385][ T8140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2382.501396][ T8140] Call Trace:
[ 2382.501403][ T8140]  <TASK>
[ 2382.501411][ T8140]  dump_stack_lvl+0x16c/0x1f0
[ 2382.501441][ T8140]  should_fail_ex+0x512/0x640
[ 2382.501473][ T8140]  _copy_from_user+0x2e/0xd0
[ 2382.501502][ T8140]  copy_msghdr_from_user+0x98/0x160
[ 2382.501524][ T8140]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2382.501559][ T8140]  ___sys_sendmsg+0xfe/0x1d0
[ 2382.501581][ T8140]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2382.501637][ T8140]  __sys_sendmsg+0x16d/0x220
[ 2382.501658][ T8140]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2382.501704][ T8140]  do_syscall_64+0xcd/0xf80
[ 2382.501731][ T8140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2382.501750][ T8140] RIP: 0033:0x7fbd2178f749
[ 2382.501766][ T8140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2382.501783][ T8140] RSP: 002b:00007fbd225eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2382.501802][ T8140] RAX: ffffffffffffffda RBX: 00007fbd219e5fa0 RCX: 00007fbd2178f749
[ 2382.501814][ T8140] RDX: 0000000004041810 RSI: 00002000000001c0 RDI: 0000000000000003
[ 2382.501827][ T8140] RBP: 00007fbd225eb090 R08: 0000000000000000 R09: 0000000000000000
[ 2382.501838][ T8140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2382.501850][ T8140] R13: 00007fbd219e6038 R14: 00007fbd219e5fa0 R15: 00007ffcf9705418
[ 2382.501878][ T8140]  </TASK>
[ 2382.955591][ T8147] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9304'.
[ 2382.979917][ T8148] mkiss: ax0: crc mode is auto.
[ 2384.669615][ T8155] mkiss: ax0: crc mode is auto.
[ 2387.329250][ T8188] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9311'.
[ 2388.293499][ T8195] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9318'.
[ 2389.661203][ T7442] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 2389.831340][ T7442] usb 2-1: Using ep0 maxpacket: 16
[ 2389.859276][ T7442] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[ 2389.894190][ T7442] usb 2-1: config 0 descriptor has 1 excess byte, ignoring
[ 2389.903202][ T7442] usb 2-1: config 0 has no interface number 0
[ 2389.925579][ T7442] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 2389.935933][ T7442] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2389.944621][ T7442] usb 2-1: Product: syz
[ 2389.948999][ T7442] usb 2-1: Manufacturer: syz
[ 2389.953852][ T7442] usb 2-1: SerialNumber: syz
[ 2389.961898][ T7442] usb 2-1: config 0 descriptor??
[ 2389.972635][ T7442] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[ 2389.980564][ T7442] uvcvideo 2-1:0.105: No valid video chain found.
[ 2392.710667][ T8176] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[ 2392.720393][ T8176] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[ 2392.730447][ T8176] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 2393.158153][ T8215] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9324'.
[ 2393.579352][ T6856] usb 2-1: USB disconnect, device number 74
[ 2394.143682][ T8224] FAULT_INJECTION: forcing a failure.
[ 2394.143682][ T8224] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2394.157180][ T8224] CPU: 0 UID: 0 PID: 8224 Comm: syz.3.9326 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2394.157211][ T8224] Tainted: [L]=SOFTLOCKUP
[ 2394.157216][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2394.157226][ T8224] Call Trace:
[ 2394.157232][ T8224]  <TASK>
[ 2394.157240][ T8224]  dump_stack_lvl+0x16c/0x1f0
[ 2394.157272][ T8224]  should_fail_ex+0x512/0x640
[ 2394.157303][ T8224]  _copy_from_user+0x2e/0xd0
[ 2394.157332][ T8224]  copy_msghdr_from_user+0x98/0x160
[ 2394.157354][ T8224]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2394.157386][ T8224]  ___sys_sendmsg+0xfe/0x1d0
[ 2394.157408][ T8224]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2394.157459][ T8224]  __sys_sendmsg+0x16d/0x220
[ 2394.157480][ T8224]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2394.157519][ T8224]  do_syscall_64+0xcd/0xf80
[ 2394.157546][ T8224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2394.157566][ T8224] RIP: 0033:0x7fe28ad8f749
[ 2394.157584][ T8224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2394.157603][ T8224] RSP: 002b:00007fe28bcb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2394.157622][ T8224] RAX: ffffffffffffffda RBX: 00007fe28afe6090 RCX: 00007fe28ad8f749
[ 2394.157635][ T8224] RDX: 0000000000008080 RSI: 0000200000000280 RDI: 0000000000000005
[ 2394.157647][ T8224] RBP: 00007fe28bcb4090 R08: 0000000000000000 R09: 0000000000000000
[ 2394.157659][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2394.157670][ T8224] R13: 00007fe28afe6128 R14: 00007fe28afe6090 R15: 00007ffdfa5b7bc8
[ 2394.157699][ T8224]  </TASK>
[ 2394.866654][ T8233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9328'.
[ 2395.614114][ T8223] gre1: entered promiscuous mode
[ 2395.893897][   T30] audit: type=1400 audit(1768275263.480:1282): avc:  denied  { ioctl } for  pid=8238 comm="syz.4.9332" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 ioctlcmd=0x9405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[ 2398.771140][ T8280] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9343'.
[ 2402.888553][   T30] audit: type=1400 audit(1768275270.470:1283): avc:  denied  { block_suspend } for  pid=8310 comm="syz.3.9353" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 2403.636614][ T8325] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9356'.
[ 2403.838419][ T8326] xt_hashlimit: max too large, truncated to 1048576
[ 2403.973560][ T8329] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9357'.
[ 2404.223545][ T8335] __vm_enough_memory: pid: 8335, comm: syz.2.9360, bytes: 4503599627366400 not enough memory for the allocation
[ 2404.384050][ T8339] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9360'.
[ 2405.139866][ T8348] __vm_enough_memory: pid: 8348, comm: syz.2.9362, bytes: 4503599627366400 not enough memory for the allocation
[ 2405.875755][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2405.876581][ T8351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9362'.
[ 2405.882303][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2406.104415][ T8353] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9363'.
[ 2406.149380][   T30] audit: type=1400 audit(1768275273.730:1284): avc:  denied  { allowed } for  pid=8352 comm="syz.0.9363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 2406.425430][ T8359] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9365'.
[ 2407.880404][ T8373] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9369'.
[ 2408.674052][ T8379] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9372'.
[ 2409.678782][ T8392] input: syz0 as /devices/virtual/input/input196
[ 2410.330148][ T8404] FAULT_INJECTION: forcing a failure.
[ 2410.330148][ T8404] name failslab, interval 1, probability 0, space 0, times 0
[ 2410.351947][ T8404] CPU: 0 UID: 0 PID: 8404 Comm: syz.3.9370 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2410.351980][ T8404] Tainted: [L]=SOFTLOCKUP
[ 2410.351988][ T8404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2410.351999][ T8404] Call Trace:
[ 2410.352006][ T8404]  <TASK>
[ 2410.352014][ T8404]  dump_stack_lvl+0x16c/0x1f0
[ 2410.352044][ T8404]  should_fail_ex+0x512/0x640
[ 2410.352071][ T8404]  ? fs_reclaim_acquire+0xae/0x150
[ 2410.352099][ T8404]  should_failslab+0xc2/0x120
[ 2410.352124][ T8404]  __kmalloc_noprof+0xeb/0x910
[ 2410.352152][ T8404]  ? tomoyo_encode2+0x100/0x3e0
[ 2410.352183][ T8404]  ? tomoyo_encode2+0x100/0x3e0
[ 2410.352207][ T8404]  tomoyo_encode2+0x100/0x3e0
[ 2410.352235][ T8404]  tomoyo_encode+0x29/0x50
[ 2410.352258][ T8404]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 2410.352288][ T8404]  tomoyo_path_number_perm+0x245/0x580
[ 2410.352307][ T8404]  ? tomoyo_path_number_perm+0x237/0x580
[ 2410.352328][ T8404]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2410.352351][ T8404]  ? find_held_lock+0x2b/0x80
[ 2410.352402][ T8404]  ? find_held_lock+0x2b/0x80
[ 2410.352425][ T8404]  ? hook_file_ioctl_common+0x144/0x410
[ 2410.352456][ T8404]  ? __fget_files+0x20e/0x3c0
[ 2410.352483][ T8404]  security_file_ioctl+0x9b/0x240
[ 2410.352507][ T8404]  __x64_sys_ioctl+0xb7/0x210
[ 2410.352530][ T8404]  do_syscall_64+0xcd/0xf80
[ 2410.352555][ T8404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2410.352574][ T8404] RIP: 0033:0x7fe28ad8f749
[ 2410.352588][ T8404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2410.352606][ T8404] RSP: 002b:00007fe28bcd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2410.352623][ T8404] RAX: ffffffffffffffda RBX: 00007fe28afe5fa0 RCX: 00007fe28ad8f749
[ 2410.352634][ T8404] RDX: 0000200000000040 RSI: 000000008020640d RDI: 0000000000000003
[ 2410.352644][ T8404] RBP: 00007fe28bcd5090 R08: 0000000000000000 R09: 0000000000000000
[ 2410.352656][ T8404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2410.352667][ T8404] R13: 00007fe28afe6038 R14: 00007fe28afe5fa0 R15: 00007ffdfa5b7bc8
[ 2410.352694][ T8404]  </TASK>
[ 2410.352712][ T8404] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2411.164299][ T8415] mkiss: ax0: crc mode is auto.
[ 2413.045933][ T8424] bridge0: port 3(gretap0) entered blocking state
[ 2413.052942][ T8424] bridge0: port 3(gretap0) entered disabled state
[ 2413.060285][ T8424] gretap0: entered allmulticast mode
[ 2413.070720][ T8424] gretap0: entered promiscuous mode
[ 2413.077205][ T8424] bridge0: port 3(gretap0) entered blocking state
[ 2413.083766][ T8424] bridge0: port 3(gretap0) entered forwarding state
[ 2415.918677][ T8441] input: syz0 as /devices/virtual/input/input197
[ 2416.828410][ T8448] FAULT_INJECTION: forcing a failure.
[ 2416.828410][ T8448] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2416.841553][ T8448] CPU: 0 UID: 0 PID: 8448 Comm: syz.4.9388 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2416.841582][ T8448] Tainted: [L]=SOFTLOCKUP
[ 2416.841589][ T8448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2416.841601][ T8448] Call Trace:
[ 2416.841609][ T8448]  <TASK>
[ 2416.841617][ T8448]  dump_stack_lvl+0x16c/0x1f0
[ 2416.841647][ T8448]  should_fail_ex+0x512/0x640
[ 2416.841680][ T8448]  _copy_from_user+0x2e/0xd0
[ 2416.841708][ T8448]  kstrtouint_from_user+0xd6/0x1d0
[ 2416.841731][ T8448]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 2416.841752][ T8448]  ? __lock_acquire+0x436/0x2890
[ 2416.841779][ T8448]  ? lock_acquire+0x179/0x330
[ 2416.841808][ T8448]  proc_fail_nth_write+0x83/0x220
[ 2416.841829][ T8448]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2416.841858][ T8448]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 2416.841877][ T8448]  vfs_write+0x2a0/0x11d0
[ 2416.841902][ T8448]  ? __pfx___mutex_lock+0x10/0x10
[ 2416.841932][ T8448]  ? __pfx_vfs_write+0x10/0x10
[ 2416.841963][ T8448]  ? __fget_files+0x20e/0x3c0
[ 2416.841998][ T8448]  ksys_write+0x12a/0x250
[ 2416.842022][ T8448]  ? __pfx_ksys_write+0x10/0x10
[ 2416.842054][ T8448]  do_syscall_64+0xcd/0xf80
[ 2416.842081][ T8448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2416.842101][ T8448] RIP: 0033:0x7f826a78e1ff
[ 2416.842117][ T8448] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 2416.842135][ T8448] RSP: 002b:00007f826b5de030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 2416.842154][ T8448] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f826a78e1ff
[ 2416.842167][ T8448] RDX: 0000000000000001 RSI: 00007f826b5de0a0 RDI: 0000000000000009
[ 2416.842179][ T8448] RBP: 00007f826b5de090 R08: 0000000000000000 R09: 0000000000000000
[ 2416.842191][ T8448] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 2416.842202][ T8448] R13: 00007f826a9e6218 R14: 00007f826a9e6180 R15: 00007ffe7df33ba8
[ 2416.842232][ T8448]  </TASK>
[ 2417.279240][ T8451] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9387'.
[ 2418.196950][ T8465] mkiss: ax0: crc mode is auto.
[ 2418.744959][ T8475] input: syz0 as /devices/virtual/input/input198
[ 2420.150290][ T8487] __vm_enough_memory: pid: 8487, comm: syz.3.9398, bytes: 4503599627366400 not enough memory for the allocation
[ 2420.413853][ T8488] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9398'.
[ 2421.035697][ T8491] QAT: failed to copy from user cfg_data.
[ 2421.549916][   T30] audit: type=1400 audit(1768275288.640:1285): avc:  denied  { listen } for  pid=8486 comm="syz.4.9397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 2421.941377][   T30] audit: type=1400 audit(1768275289.520:1286): avc:  denied  { sqpoll } for  pid=8499 comm="syz.0.9403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 2422.044817][   T30] audit: type=1400 audit(1768275289.630:1287): avc:  denied  { map } for  pid=8499 comm="syz.0.9403" path="/proc/1692/mountinfo" dev="proc" ino=306993 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[ 2422.237798][   T30] audit: type=1400 audit(1768275289.720:1288): avc:  denied  { create } for  pid=8495 comm="syz.3.9400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 2422.664410][ T8513] syz.2.9405 (8513): drop_caches: 2
[ 2422.982117][ T8519] __vm_enough_memory: pid: 8519, comm: syz.1.9408, bytes: 4503599627366400 not enough memory for the allocation
[ 2423.145292][ T8520] option changes via remount are deprecated (pid=8515 comm=syz.0.9407)
[ 2423.491754][ T8521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9408'.
[ 2423.932171][   T30] audit: type=1400 audit(1768275290.730:1289): avc:  denied  { remount } for  pid=8515 comm="syz.0.9407" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 2424.521723][ T8529] tap0: tun_chr_ioctl cmd 1074025678
[ 2424.568084][ T8529] tap0: group set to 0
[ 2425.246452][ T8545] QAT: failed to copy from user cfg_data.
[ 2426.426833][ T8551] binder: 8549:8551 ioctl 400c620e 0 returned -14
[ 2427.195924][ T8561] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9421'.
[ 2427.645653][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.654755][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.663799][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.672871][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.681945][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.691007][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.700134][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.709197][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.718269][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2427.727325][ T8568] ip6_tunnel: non-ECT from db5b:6861:58bb:cfe8:875a:6596:9ff5:7b00 with DS=0x31
[ 2429.164598][ T8579] syz.4.9424 (8579): drop_caches: 2
[ 2429.238747][   T30] audit: type=1400 audit(1768275296.820:1290): avc:  denied  { lock } for  pid=8574 comm="syz.0.9423" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 2430.616862][ T8585] input: syz1 as /devices/virtual/input/input199
[ 2432.313487][ T8591] QAT: failed to copy from user cfg_data.
[ 2433.211030][    C0] net_ratelimit: 1334 callbacks suppressed
[ 2433.211043][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2433.444837][ T8595] QAT: failed to copy from user cfg_data.
[ 2433.937600][ T5875] IPVS: starting estimator thread 0...
[ 2434.110958][ T8597] IPVS: using max 39 ests per chain, 93600 per kthread
[ 2434.251074][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2435.291175][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2436.101205][   T30] audit: type=1400 audit(1768275303.650:1291): avc:  denied  { lock } for  pid=8608 comm="syz.4.9430" path="socket:[308325]" dev="sockfs" ino=308325 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 2436.331079][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2436.403948][ T8627] input: syz1 as /devices/virtual/input/input200
[ 2437.371091][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2437.973855][ T8634] QAT: failed to copy from user cfg_data.
[ 2438.411051][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2439.451088][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2440.193360][ T8651] input: syz0 as /devices/virtual/input/input201
[ 2440.491133][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2441.121189][ T6660] usb 3-1: new low-speed USB device number 110 using dummy_hcd
[ 2441.303351][ T6660] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2441.334656][ T6660] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 2441.375152][ T6660] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[ 2441.400177][ T6660] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 2441.420563][ T6660] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2441.531115][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2441.548141][ T8668] input: syz1 as /devices/virtual/input/input202
[ 2441.636157][ T8654] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 2441.681707][ T8011] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 2441.789751][ T6660] hub 3-1:1.0: bad descriptor, ignoring hub
[ 2441.866306][ T6660] hub 3-1:1.0: probe with driver hub failed with error -5
[ 2441.943054][ T8011] usb 2-1: Using ep0 maxpacket: 8
[ 2442.024081][ T6660] cdc_wdm 3-1:1.0: skipping garbage
[ 2442.148839][ T8011] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 2442.166088][ T6660] cdc_wdm 3-1:1.0: skipping garbage
[ 2442.216882][ T8654] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9447'.
[ 2442.323155][ T8011] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2442.372621][ T6660] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 2442.378688][ T6660] cdc_wdm 3-1:1.0: Unknown control protocol
[ 2442.411567][ T8011] usb 2-1: config 1 has no interface number 1
[ 2442.420016][ T8011] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2442.462083][ T6660] usb 3-1: USB disconnect, device number 110
[ 2442.478487][ T8011] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2442.518568][ T8011] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2442.531215][ T8011] usb 2-1: Product: syz
[ 2442.535413][ T8011] usb 2-1: Manufacturer: syz
[ 2442.540033][ T8011] usb 2-1: SerialNumber: syz
[ 2442.571133][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2442.573225][ T8671] __vm_enough_memory: pid: 8671, comm: syz.3.9452, bytes: 4503599627366400 not enough memory for the allocation
[ 2442.711137][ T8672] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9452'.
[ 2442.945860][ T8011] usb 2-1: 2:1 : no UAC_FORMAT_TYPE desc
[ 2443.047723][ T8011] usb 2-1: USB disconnect, device number 75
[ 2443.123420][ T8313] udevd[8313]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2443.303934][ T8685] block nbd3: shutting down sockets
[ 2443.323740][ T8679] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9455'.
[ 2443.611119][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2444.319771][ T8698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9460'.
[ 2444.651067][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2445.154355][ T8708] input: syz1 as /devices/virtual/input/input203
[ 2445.691175][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2446.264161][ T8720] __vm_enough_memory: pid: 8720, comm: syz.1.9466, bytes: 4503599627366400 not enough memory for the allocation
[ 2446.373084][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9466'.
[ 2446.635220][ T8723] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9469'.
[ 2446.718691][ T8726] comedi comedi3: comedi_config --init_data is deprecated
[ 2446.729697][ T8726] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.9468'.
[ 2446.731128][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2447.771137][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2448.204481][ T8744] QAT: failed to copy from user cfg_data.
[ 2448.811165][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2449.256013][ T8747] QAT: failed to copy from user cfg_data.
[ 2449.851083][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2450.770176][ T8754] input: syz1 as /devices/virtual/input/input204
[ 2450.891106][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2451.931061][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2452.031822][ T8761] syz.3.9480 (8761): drop_caches: 2
[ 2452.971147][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2454.011105][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2454.233807][ T8772] QAT: failed to copy from user cfg_data.
[ 2454.869763][ T8774] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9475'.
[ 2455.061151][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2455.184693][ T8776] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9482'.
[ 2455.551077][ T8012] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[ 2455.964507][ T8012] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2455.985851][ T8012] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2456.080687][ T8797] input: syz1 as /devices/virtual/input/input205
[ 2456.091099][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2456.891437][ T8012] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00
[ 2456.900513][ T8012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2456.911423][ T8012] usb 2-1: config 0 descriptor??
[ 2457.141228][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2457.757820][ T8012] hid-led 0003:1294:1320.0010: unexpected long global item
[ 2457.774127][ T8012] hid-led 0003:1294:1320.0010: probe with driver hid-led failed with error -22
[ 2458.181116][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2458.571170][ T8816] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2458.591157][ T6660] usb 2-1: USB disconnect, device number 76
[ 2459.211272][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2460.251159][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2460.466189][ T8816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9494'.
[ 2460.481582][   T30] audit: type=1400 audit(1768275328.070:1292): avc:  denied  { append } for  pid=8835 comm="syz.2.9500" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[ 2461.291170][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2462.331174][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2463.381076][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2463.696816][ T8869] QAT: failed to copy from user cfg_data.
[ 2464.242130][   T30] audit: type=1400 audit(1768275331.820:1293): avc:  denied  { recv } for  pid=0 comm="swapper/0" saddr=10.128.0.169 src=33834 daddr=10.128.0.73 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[ 2464.411156][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2464.813827][ T8874] QAT: failed to copy from user cfg_data.
[ 2465.451565][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2465.970963][ T8882] No source specified
[ 2466.110289][ T8883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9511'.
[ 2466.491120][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2466.848506][ T8871] team0 (unregistering): Port device team_slave_0 removed
[ 2466.886345][ T8871] team0 (unregistering): Port device team_slave_1 removed
[ 2467.531126][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2467.702524][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2467.708880][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2468.571127][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2468.943429][ T8907] QAT: failed to copy from user cfg_data.
[ 2469.611091][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2470.651073][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2471.324867][ T8936] QAT: failed to copy from user cfg_data.
[ 2471.691055][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2471.836799][ T8933] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2472.153927][ T8947] 8021q: adding VLAN 0 to HW filter on device bond4
[ 2472.731469][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2472.991128][ T8958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9523'.
[ 2473.281532][ T8947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9520'.
[ 2473.771055][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2474.445405][ T8979] QAT: failed to copy from user cfg_data.
[ 2474.811136][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2475.851135][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2476.901059][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2477.265386][ T8996] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8996 comm=syz.1.9536
[ 2477.484648][   T30] audit: type=1400 audit(1768275345.070:1294): avc:  denied  { connect } for  pid=9003 comm="syz.4.9531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 2477.538370][ T9005] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9531'.
[ 2477.547548][ T9005] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[ 2477.744173][ T9015] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9542'.
[ 2477.931118][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2478.353339][ T9024] mkiss: ax0: crc mode is auto.
[ 2478.810479][ T9027] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9545'.
[ 2478.971067][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2479.738529][ T9039] xt_bpf: check failed: parse error
[ 2480.011054][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2481.051176][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2481.447121][ T9067] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9558'.
[ 2481.458960][ T8015] usb 2-1: new low-speed USB device number 77 using dummy_hcd
[ 2481.632424][ T9070] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2481.642445][ T9070] 8021q: adding VLAN 0 to HW filter on device team0
[ 2481.722872][ T8015] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 2481.731450][ T8015] usb 2-1: config 0 has no interface number 0
[ 2481.737588][ T8015] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 2481.756958][ T9070] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2481.806970][ T8015] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 79, setting to 8
[ 2481.820662][ T8015] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 2481.831626][ T8015] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2481.862358][ T8015] usb 2-1: config 0 descriptor??
[ 2481.905934][ T9057] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 2482.091066][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2482.507419][ T8015] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 2483.131096][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2484.171126][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2484.448552][ T6660] usb 2-1: USB disconnect, device number 77
[ 2485.211098][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2485.300007][ T9113] FAULT_INJECTION: forcing a failure.
[ 2485.300007][ T9113] name failslab, interval 1, probability 0, space 0, times 0
[ 2485.313393][ T9113] CPU: 0 UID: 0 PID: 9113 Comm: syz.1.9566 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2485.313425][ T9113] Tainted: [L]=SOFTLOCKUP
[ 2485.313432][ T9113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2485.313446][ T9113] Call Trace:
[ 2485.313453][ T9113]  <TASK>
[ 2485.313463][ T9113]  dump_stack_lvl+0x16c/0x1f0
[ 2485.313502][ T9113]  should_fail_ex+0x512/0x640
[ 2485.313531][ T9113]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[ 2485.313556][ T9113]  should_failslab+0xc2/0x120
[ 2485.313582][ T9113]  kmem_cache_alloc_node_noprof+0x86/0x800
[ 2485.313603][ T9113]  ? __alloc_skb+0x156/0x410
[ 2485.313625][ T9113]  ? __alloc_skb+0x156/0x410
[ 2485.313639][ T9113]  __alloc_skb+0x156/0x410
[ 2485.313656][ T9113]  ? __pfx___alloc_skb+0x10/0x10
[ 2485.313674][ T9113]  ? find_held_lock+0x2b/0x80
[ 2485.313704][ T9113]  tcp_stream_alloc_skb+0x34/0x670
[ 2485.313724][ T9113]  tcp_sendmsg_locked+0x12de/0x42a0
[ 2485.313748][ T9113]  ? __lock_acquire+0x436/0x2890
[ 2485.313769][ T9113]  ? sock_has_perm+0x15f/0x2f0
[ 2485.313791][ T9113]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 2485.313810][ T9113]  ? do_raw_spin_lock+0x12c/0x2b0
[ 2485.313832][ T9113]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 2485.313859][ T9113]  ? __local_bh_enable_ip+0xa4/0x120
[ 2485.313886][ T9113]  tcp_sendmsg+0x2e/0x50
[ 2485.313900][ T9113]  ? __pfx_tcp_sendmsg+0x10/0x10
[ 2485.313915][ T9113]  inet_sendmsg+0xb9/0x140
[ 2485.313933][ T9113]  __sys_sendto+0x43c/0x520
[ 2485.313951][ T9113]  ? __pfx___sys_sendto+0x10/0x10
[ 2485.313988][ T9113]  ? ksys_write+0x1ac/0x250
[ 2485.314008][ T9113]  ? __pfx_ksys_write+0x10/0x10
[ 2485.314031][ T9113]  __x64_sys_sendto+0xe0/0x1c0
[ 2485.314047][ T9113]  ? do_syscall_64+0x91/0xf80
[ 2485.314067][ T9113]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2485.314089][ T9113]  do_syscall_64+0xcd/0xf80
[ 2485.314111][ T9113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2485.314129][ T9113] RIP: 0033:0x7fbd2178f749
[ 2485.314144][ T9113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2485.314159][ T9113] RSP: 002b:00007fbd225a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 2485.314176][ T9113] RAX: ffffffffffffffda RBX: 00007fbd219e6180 RCX: 00007fbd2178f749
[ 2485.314187][ T9113] RDX: fffffffffffffe88 RSI: 00002000000002c0 RDI: 0000000000000007
[ 2485.314198][ T9113] RBP: 00007fbd225a9090 R08: 0000000000000000 R09: 0000000000000000
[ 2485.314209][ T9113] R10: 0000000000000052 R11: 0000000000000246 R12: 0000000000000001
[ 2485.314219][ T9113] R13: 00007fbd219e6218 R14: 00007fbd219e6180 R15: 00007ffcf9705418
[ 2485.314244][ T9113]  </TASK>
[ 2485.660388][ T9108] hub 9-0:1.0: USB hub found
[ 2485.682905][ T9108] hub 9-0:1.0: 1 port detected
[ 2485.893841][ T9120] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9569'.
[ 2486.251126][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2487.291098][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2487.526455][ T9134] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2487.866745][ T9138] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9573'.
[ 2488.331211][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2489.371097][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2490.403030][T12061] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2490.412047][    C0] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 2490.439521][T12061] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2490.453011][T12061] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2490.534190][T12061] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2490.541958][T12061] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2490.577547][ T5822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2490.586626][ T5822] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2490.594239][ T5822] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2490.602066][ T5822] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2490.609566][ T5822] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2490.694645][ T9169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9581'.
[ 2491.276337][ T4152] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2491.722430][ T4152] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2491.867008][ T4152] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2491.901160][ T4152] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2492.170729][ T9196] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9586'.
[ 2492.576316][ T9160] chnl_net:caif_netlink_parms(): no params data found
[ 2492.677538][ T9203] 9p: Bad value for 'wfdno'
[ 2493.013352][T12061] Bluetooth: hci0: command tx timeout
[ 2494.648178][ T4152] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2494.685480][ T4152] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2495.008249][   T30] audit: type=1800 audit(1768275362.560:1295): pid=9225 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.9593" name="bus" dev="overlay" ino=2968 res=0 errno=0
[ 2495.051150][T12061] Bluetooth: hci0: command tx timeout
[ 2495.687666][ T4152] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 2495.838976][ T4152] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2495.944376][ T9234] __vm_enough_memory: pid: 9234, comm: syz.1.9596, bytes: 4503599627366400 not enough memory for the allocation
[ 2496.152235][ T9160] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2496.177246][ T9160] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2496.195588][ T9160] bridge_slave_0: entered allmulticast mode
[ 2496.242018][ T9160] bridge_slave_0: entered promiscuous mode
[ 2496.650505][ T9234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9596'.
[ 2496.739105][ T9160] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2496.760765][ T9160] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2496.768797][ T9160] bridge_slave_1: entered allmulticast mode
[ 2496.779099][ T9160] bridge_slave_1: entered promiscuous mode
[ 2497.050565][ T9247] 8021q: adding VLAN 0 to HW filter on device bond5
[ 2497.141244][T12061] Bluetooth: hci0: command tx timeout
[ 2497.147564][ T4152] bridge_slave_1: left allmulticast mode
[ 2497.267289][ T4152] bridge_slave_1: left promiscuous mode
[ 2497.319271][ T9258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9601'.
[ 2497.691851][ T4152] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2497.708010][ T4152] bridge_slave_0: left allmulticast mode
[ 2497.816419][ T4152] bridge_slave_0: left promiscuous mode
[ 2497.823413][ T4152] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2497.936321][ T4152] tipc: Resetting bearer <eth:ip6_vti0>
[ 2499.237509][T12061] Bluetooth: hci0: command tx timeout
[ 2500.126804][ T4152] tipc: Disabling bearer <eth:ip6_vti0>
[ 2503.010693][ T4152] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2503.071800][ T4152] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2503.097510][ T4152] .` (unregistering): Released all slaves
[ 2503.251151][ T8012] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 2503.411389][ T8012] usb 2-1: Using ep0 maxpacket: 8
[ 2503.431951][ T8012] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2503.479101][ T8012] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2503.500514][ T8012] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2503.528340][ T8012] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2503.541984][ T8012] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2503.551345][ T8012] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2503.628039][ T4152] bond1 (unregistering): Released all slaves
[ 2503.790240][ T8012] usb 2-1: usb_control_msg returned -32
[ 2503.796861][ T8012] usbtmc 2-1:16.0: can't read capabilities
[ 2503.967662][ T4152] bond0 (unregistering): Released all slaves
[ 2504.259021][ T4152] bond2 (unregistering): Released all slaves
[ 2504.272832][ T9160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2504.314016][ T9261] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[ 2504.326663][ T9160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2504.339068][ T9261] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[ 2504.381465][ T9261] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 2504.451938][ T4152] tipc: Disabling bearer <udp:syz2>
[ 2504.468641][ T9160] team0: Port device team_slave_0 added
[ 2504.475427][ T4152] tipc: Left network mode
[ 2504.838030][ T9160] team0: Port device team_slave_1 added
[ 2505.178938][ T9160] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2505.230948][ T9160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2505.311284][ T9160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2505.328922][ T9160] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2505.337563][ T9160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2505.517219][ T9160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2505.608960][ T9320] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2505.750000][ T9323] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2505.866989][ T4152] hsr_slave_0: left promiscuous mode
[ 2505.878512][ T4152] hsr_slave_1: left promiscuous mode
[ 2505.889089][ T4152] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2505.954387][ T4152] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2506.014333][ T4152] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2506.257341][ T4152] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2506.277582][ T6095] usb 2-1: USB disconnect, device number 78
[ 2506.479596][ T4152] veth1_macvtap: left promiscuous mode
[ 2506.539573][ T4152] veth0_macvtap: left promiscuous mode
[ 2506.549860][ T4152] veth1_vlan: left promiscuous mode
[ 2506.737947][ T4152] veth0_vlan: left promiscuous mode
[ 2507.111447][ T9338] FAULT_INJECTION: forcing a failure.
[ 2507.111447][ T9338] name failslab, interval 1, probability 0, space 0, times 0
[ 2507.697088][ T9349] QAT: failed to copy from user cfg_data.
[ 2508.247349][ T9338] CPU: 1 UID: 0 PID: 9338 Comm: syz.0.9620 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2508.247373][ T9338] Tainted: [L]=SOFTLOCKUP
[ 2508.247378][ T9338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2508.247385][ T9338] Call Trace:
[ 2508.247391][ T9338]  <TASK>
[ 2508.247396][ T9338]  dump_stack_lvl+0x16c/0x1f0
[ 2508.247423][ T9338]  should_fail_ex+0x512/0x640
[ 2508.247442][ T9338]  ? fs_reclaim_acquire+0xae/0x150
[ 2508.247461][ T9338]  should_failslab+0xc2/0x120
[ 2508.247479][ T9338]  __kmalloc_noprof+0xeb/0x910
[ 2508.247499][ T9338]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2508.247519][ T9338]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2508.247534][ T9338]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 2508.247551][ T9338]  ? tomoyo_profile+0x47/0x60
[ 2508.247571][ T9338]  tomoyo_path_number_perm+0x245/0x580
[ 2508.247584][ T9338]  ? tomoyo_path_number_perm+0x237/0x580
[ 2508.247598][ T9338]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2508.247612][ T9338]  ? find_held_lock+0x2b/0x80
[ 2508.247643][ T9338]  ? find_held_lock+0x2b/0x80
[ 2508.247659][ T9338]  ? hook_file_ioctl_common+0x144/0x410
[ 2508.247680][ T9338]  ? __fget_files+0x20e/0x3c0
[ 2508.247698][ T9338]  security_file_ioctl+0x9b/0x240
[ 2508.247713][ T9338]  __x64_sys_ioctl+0xb7/0x210
[ 2508.247728][ T9338]  do_syscall_64+0xcd/0xf80
[ 2508.247745][ T9338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2508.247759][ T9338] RIP: 0033:0x7f08a298f749
[ 2508.247769][ T9338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2508.247781][ T9338] RSP: 002b:00007f08a38c9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2508.247793][ T9338] RAX: ffffffffffffffda RBX: 00007f08a2be5fa0 RCX: 00007f08a298f749
[ 2508.247800][ T9338] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 2508.247807][ T9338] RBP: 00007f08a38c9090 R08: 0000000000000000 R09: 0000000000000000
[ 2508.247813][ T9338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2508.247820][ T9338] R13: 00007f08a2be6038 R14: 00007f08a2be5fa0 R15: 00007ffc66fb4378
[ 2508.247835][ T9338]  </TASK>
[ 2508.247841][ T9338] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2508.565566][   T30] audit: type=1400 audit(1768275376.130:1296): avc:  denied  { read write } for  pid=9353 comm="syz.1.9623" name="file0" dev="tmpfs" ino=853 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 2508.648974][   T30] audit: type=1400 audit(1768275376.140:1297): avc:  denied  { open } for  pid=9353 comm="syz.1.9623" path="/158/file0" dev="tmpfs" ino=853 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 2510.666214][ T9384] netlink: 'syz.2.9633': attribute type 9 has an invalid length.
[ 2510.779479][ T4152] team0 (unregistering): Port device team_slave_1 removed
[ 2510.916808][ T4152] team0 (unregistering): Port device team_slave_0 removed
[ 2511.577104][ T9382] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[ 2511.788964][ T9160] hsr_slave_0: entered promiscuous mode
[ 2511.797603][ T9160] hsr_slave_1: entered promiscuous mode
[ 2511.807118][ T9160] debugfs: 'hsr0' already exists in 'hsr'
[ 2511.813794][ T9160] Cannot create hsr debugfs directory
[ 2518.291346][ T9405] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR
[ 2518.464934][ T9428] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[ 2518.512185][ T9428] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[ 2518.561640][ T9428] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 2519.052717][ T9437] FAULT_INJECTION: forcing a failure.
[ 2519.052717][ T9437] name failslab, interval 1, probability 0, space 0, times 0
[ 2519.066655][ T9437] CPU: 0 UID: 0 PID: 9437 Comm: syz.2.9645 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2519.066683][ T9437] Tainted: [L]=SOFTLOCKUP
[ 2519.066687][ T9437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2519.066695][ T9437] Call Trace:
[ 2519.066703][ T9437]  <TASK>
[ 2519.066710][ T9437]  dump_stack_lvl+0x16c/0x1f0
[ 2519.066737][ T9437]  should_fail_ex+0x512/0x640
[ 2519.066756][ T9437]  ? kmem_cache_alloc_noprof+0x62/0x770
[ 2519.066771][ T9437]  should_failslab+0xc2/0x120
[ 2519.066787][ T9437]  kmem_cache_alloc_noprof+0x83/0x770
[ 2519.066799][ T9437]  ? alloc_empty_file+0x55/0x1e0
[ 2519.066825][ T9437]  ? alloc_empty_file+0x55/0x1e0
[ 2519.066835][ T9437]  alloc_empty_file+0x55/0x1e0
[ 2519.066846][ T9437]  alloc_file_pseudo+0x13a/0x230
[ 2519.066858][ T9437]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 2519.066870][ T9437]  ? _raw_spin_unlock+0x28/0x50
[ 2519.066885][ T9437]  ? alloc_fd+0x471/0x7d0
[ 2519.066904][ T9437]  __anon_inode_getfile+0xe8/0x280
[ 2519.066921][ T9437]  __anon_inode_getfd+0x5c/0x160
[ 2519.066934][ T9437]  __sys_bpf+0x1c9e/0x4980
[ 2519.066953][ T9437]  ? kvm_sched_clock_read+0x11/0x20
[ 2519.066969][ T9437]  ? sched_clock+0x38/0x60
[ 2519.066983][ T9437]  ? __pfx___sys_bpf+0x10/0x10
[ 2519.067000][ T9437]  ? __resched_curr+0xfd/0x3b0
[ 2519.067020][ T9437]  ? find_held_lock+0x2b/0x80
[ 2519.067041][ T9437]  ? __schedule+0x3bbb/0x6150
[ 2519.067057][ T9437]  ? rcu_is_watching+0x12/0xc0
[ 2519.067072][ T9437]  ? trace_sched_exit_tp+0xd1/0x110
[ 2519.067085][ T9437]  ? __schedule+0x114c/0x6150
[ 2519.067106][ T9437]  ? __pfx_native_tss_update_io_bitmap+0x10/0x10
[ 2519.067127][ T9437]  __x64_sys_bpf+0x78/0xc0
[ 2519.067144][ T9437]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2519.067158][ T9437]  do_syscall_64+0xcd/0xf80
[ 2519.067176][ T9437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2519.067189][ T9437] RIP: 0033:0x7fe84098f749
[ 2519.067201][ T9437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2519.067213][ T9437] RSP: 002b:00007fe84173f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2519.067226][ T9437] RAX: ffffffffffffffda RBX: 00007fe840be6090 RCX: 00007fe84098f749
[ 2519.067233][ T9437] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000020
[ 2519.067240][ T9437] RBP: 00007fe84173f090 R08: 0000000000000000 R09: 0000000000000000
[ 2519.067247][ T9437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2519.067253][ T9437] R13: 00007fe840be6128 R14: 00007fe840be6090 R15: 00007ffd0fb870b8
[ 2519.067269][ T9437]  </TASK>
[ 2520.020199][ T4152] IPVS: stop unused estimator thread 0...
[ 2520.045556][ T8015] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 2520.211568][ T8015] usb 3-1: Using ep0 maxpacket: 16
[ 2520.227849][ T8015] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2520.265801][ T8015] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 2520.291945][ T8015] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2520.324241][ T8015] usb 3-1: config 0 descriptor??
[ 2520.362302][ T9450] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9648'.
[ 2520.714169][ T8015] usbhid 3-1:0.0: can't add hid device: -71
[ 2520.758734][ T8015] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2521.071463][ T8015] usb 3-1: USB disconnect, device number 111
[ 2521.166537][ T9456] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9644'.
[ 2522.138055][ T9476] 8021q: adding VLAN 0 to HW filter on device bond6
[ 2522.894268][ T9160] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2523.389169][ T9160] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2523.436975][ T9160] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2523.483114][ T9160] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2524.386859][ T9160] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2524.475790][ T9160] 8021q: adding VLAN 0 to HW filter on device team0
[ 2524.529202][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2524.536469][ T5848] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2524.729814][T30893] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2524.737066][T30893] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2527.657282][ T9160] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2527.915000][ T9160] veth0_vlan: entered promiscuous mode
[ 2528.076758][ T9547] 8021q: VLANs not supported on lo
[ 2528.126403][ T9160] veth1_vlan: entered promiscuous mode
[ 2528.252525][ T9549] netlink: 'syz.2.9663': attribute type 10 has an invalid length.
[ 2528.477734][ T9160] veth0_macvtap: entered promiscuous mode
[ 2528.582743][   T30] audit: type=1400 audit(1768275396.140:1298): avc:  denied  { read } for  pid=9542 comm="syz.2.9663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 2528.742043][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2528.855597][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2529.093381][ T9160] veth1_macvtap: entered promiscuous mode
[ 2530.590720][ T9559] bond2: option arp_interval: invalid value (18446744073709551615)
[ 2530.650116][ T9559] bond2: option arp_interval: allowed values 0 - 2147483647
[ 2530.677981][ T9559] bond2 (unregistering): Released all slaves
[ 2530.771141][ T9160] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2530.791578][ T9160] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2530.892085][ T1300] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2530.933000][ T1300] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2530.944384][ T8015] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[ 2530.983633][ T1300] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2531.037264][ T1300] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2531.980911][ T8015] usb 2-1: Using ep0 maxpacket: 32
[ 2532.242750][ T8015] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[ 2532.261045][ T8015] usb 2-1: config 0 has no interface number 0
[ 2532.267164][ T8015] usb 2-1: config 0 interface 48 has no altsetting 0
[ 2532.356260][ T9586] 8021q: adding VLAN 0 to HW filter on device bond3
[ 2532.364477][ T8015] usb 2-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=74.d5
[ 2532.374357][ T8015] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2532.382439][ T8015] usb 2-1: Product: syz
[ 2532.386769][ T8015] usb 2-1: Manufacturer: syz
[ 2532.391513][ T8015] usb 2-1: SerialNumber: syz
[ 2532.399754][ T8015] usb 2-1: config 0 descriptor??
[ 2532.413267][ T8015] HFC-S_USB 2-1:0.48: probe with driver HFC-S_USB failed with error -5
[ 2532.511230][ T5848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2532.519067][ T5848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2532.997182][ T4152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2533.000619][ T9573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2533.017003][ T4152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2533.032163][ T9573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2533.075780][   T30] audit: type=1400 audit(1768275400.660:1299): avc:  denied  { mounton } for  pid=9160 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 2533.778303][ T5875] usb 2-1: USB disconnect, device number 79
[ 2537.038471][ T9633] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2537.580980][ T8013] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 2537.764046][ T8013] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 2537.776079][ T8013] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[ 2537.814192][ T8013] usb 4-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=81.28
[ 2537.845392][ T8013] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2537.882951][ T8013] usb 4-1: Product: syz
[ 2537.902621][ T8013] usb 4-1: Manufacturer: syz
[ 2537.907263][ T8013] usb 4-1: SerialNumber: syz
[ 2537.933528][ T8013] usb 4-1: config 0 descriptor??
[ 2537.951746][ T9637] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2537.969370][ T9637] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 2537.989924][ T8013] option 4-1:0.0: GSM modem (1-port) converter detected
[ 2538.025280][ T8013] usb 4-1: GSM modem (1-port) converter now attached to ttyUSB0
[ 2538.597743][ T9654] QAT: failed to copy from user cfg_data.
[ 2539.391419][ T9658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2539.401698][ T9658] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2539.524887][   T30] audit: type=1400 audit(1768275406.950:1300): avc:  denied  { mounton } for  pid=9636 comm="syz.3.9678" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 2540.490300][ T9672] IPVS: dh: FWM 3 0x00000003 - no destination available
[ 2540.508174][ T9672] program syz.4.9685 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2541.254464][ T5875] usb 4-1: USB disconnect, device number 116
[ 2541.311206][ T8369] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 2541.325445][ T5875] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[ 2541.375662][ T5875] option 4-1:0.0: device disconnected
[ 2541.677797][   T30] audit: type=1400 audit(1768275409.190:1301): avc:  denied  { read } for  pid=9679 comm="syz.2.9686" dev="nsfs" ino=4026532856 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 2542.013893][ T8369] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.17
[ 2542.031010][   T30] audit: type=1400 audit(1768275409.200:1302): avc:  denied  { open } for  pid=9679 comm="syz.2.9686" path="net:[4026532856]" dev="nsfs" ino=4026532856 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 2542.054356][ T8369] usb 5-1: New USB device strings: Mfr=129, Product=2, SerialNumber=3
[ 2542.054385][ T8369] usb 5-1: Product: syz
[ 2542.054401][ T8369] usb 5-1: Manufacturer: syz
[ 2542.054416][ T8369] usb 5-1: SerialNumber: syz
[ 2542.056881][ T8369] usb 5-1: config 0 descriptor??
[ 2542.210391][ T8369] ch341 5-1:0.0: ch341-uart converter detected
[ 2543.325343][ T9696] 8021q: adding VLAN 0 to HW filter on device bond7
[ 2543.371825][ T8369] usb 5-1: failed to receive control message: -110
[ 2543.381011][ T8369] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[ 2544.149344][ T8369] usb 5-1: USB disconnect, device number 86
[ 2544.184004][ T8369] ch341 5-1:0.0: device disconnected
[ 2544.271949][ T9706] binder: 9704:9706 ioctl c0306201 200000000080 returned -14
[ 2550.181852][   T30] audit: type=1400 audit(1768275417.760:1303): avc:  denied  { setopt } for  pid=9761 comm="syz.4.9700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 2551.017025][   T30] audit: type=1400 audit(1768275418.400:1304): avc:  denied  { append } for  pid=9769 comm="syz.1.9703" name="video5" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 2551.392948][ T9777] __vm_enough_memory: pid: 9777, comm: syz.2.9705, bytes: 4503599627366400 not enough memory for the allocation
[ 2551.623808][ T9780] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9705'.
[ 2552.121171][ T9786] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2554.565302][ T9805] netlink: 52 bytes leftover after parsing attributes in process `syz.2.9710'.
[ 2554.647515][ T9806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9710'.
[ 2556.201558][ T9841] __vm_enough_memory: pid: 9841, comm: syz.2.9720, bytes: 4503599627366400 not enough memory for the allocation
[ 2556.278483][ T9842] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9720'.
[ 2556.370918][ T8369] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 2556.737742][ T9852] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9722'.
[ 2556.919131][ T8369] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2556.946548][ T8369] usb 5-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00
[ 2556.968045][ T8369] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2556.992111][ T8369] usb 5-1: config 0 descriptor??
[ 2557.401796][ T9854] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2557.509415][ T9863] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2557.682464][ T8369] nintendo 0003:057E:2019.0011: item fetching failed at offset 1/5
[ 2557.710071][ T8369] nintendo 0003:057E:2019.0011: HID parse failed
[ 2557.744801][ T8369] nintendo 0003:057E:2019.0011: probe - fail = -22
[ 2557.781045][ T8369] nintendo 0003:057E:2019.0011: probe with driver nintendo failed with error -22
[ 2557.968140][ T9837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2558.004833][ T9837] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2558.029736][ T8369] usb 5-1: USB disconnect, device number 87
[ 2558.680960][ T5875] usb 3-1: new high-speed USB device number 112 using dummy_hcd
[ 2558.840907][ T5875] usb 3-1: Using ep0 maxpacket: 32
[ 2558.992017][ T5875] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[ 2559.010289][ T5875] usb 3-1: config 0 has no interface number 0
[ 2559.449614][ T5875] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 2559.471497][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2559.561619][ T5875] usb 3-1: Product: syz
[ 2559.583343][ T5875] usb 3-1: Manufacturer: syz
[ 2559.599954][ T5875] usb 3-1: SerialNumber: syz
[ 2559.623465][ T5875] usb 3-1: config 0 descriptor??
[ 2559.642080][ T5875] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 2559.867480][ T5875] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 2560.257531][ T5875] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 2560.629514][ T9892] __vm_enough_memory: pid: 9892, comm: syz.4.9731, bytes: 4503599627366400 not enough memory for the allocation
[ 2561.047686][ T9892] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9731'.
[ 2561.603917][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 2561.606231][ T8013] usb 3-1: USB disconnect, device number 112
[ 2561.637126][ T8013] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 2561.743891][ T8013] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 2561.782558][ T8013] quatech2 3-1:0.51: device disconnected
[ 2564.473390][ T9930] __vm_enough_memory: pid: 9930, comm: syz.2.9743, bytes: 4503599627366400 not enough memory for the allocation
[ 2564.592807][ T9933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9743'.
[ 2565.206903][ T9939] 8021q: adding VLAN 0 to HW filter on device bond3
[ 2565.875721][ T9954] tipc: Started in network mode
[ 2565.880807][ T9954] tipc: Node identity , cluster identity 4711
[ 2565.887375][ T9954] tipc: Failed to obtain node identity
[ 2565.892932][ T9954] tipc: Enabling of bearer <eth:gre0> rejected, failed to enable media
[ 2565.959017][ T9956] FAULT_INJECTION: forcing a failure.
[ 2565.959017][ T9956] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2566.001563][ T9956] CPU: 0 UID: 0 PID: 9956 Comm: syz.2.9748 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2566.001591][ T9956] Tainted: [L]=SOFTLOCKUP
[ 2566.001597][ T9956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2566.001608][ T9956] Call Trace:
[ 2566.001614][ T9956]  <TASK>
[ 2566.001622][ T9956]  dump_stack_lvl+0x16c/0x1f0
[ 2566.001653][ T9956]  should_fail_ex+0x512/0x640
[ 2566.001680][ T9956]  ? __pfx_hub_ioctl+0x10/0x10
[ 2566.001701][ T9956]  _copy_to_user+0x32/0xd0
[ 2566.001725][ T9956]  ? __pfx_hub_ioctl+0x10/0x10
[ 2566.001744][ T9956]  proc_ioctl+0x516/0x6f0
[ 2566.001766][ T9956]  usbdev_ioctl+0x1772/0x4070
[ 2566.001790][ T9956]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 2566.001818][ T9956]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 2566.001840][ T9956]  ? do_vfs_ioctl+0x128/0x14f0
[ 2566.001862][ T9956]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 2566.001883][ T9956]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 2566.001918][ T9956]  ? hook_file_ioctl_common+0x144/0x410
[ 2566.001954][ T9956]  ? selinux_file_ioctl+0x180/0x270
[ 2566.001976][ T9956]  ? selinux_file_ioctl+0xb4/0x270
[ 2566.002002][ T9956]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 2566.002027][ T9956]  __x64_sys_ioctl+0x18e/0x210
[ 2566.002050][ T9956]  do_syscall_64+0xcd/0xf80
[ 2566.002076][ T9956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2566.002095][ T9956] RIP: 0033:0x7fe84098f749
[ 2566.002111][ T9956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2566.002129][ T9956] RSP: 002b:00007fe841760038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2566.002147][ T9956] RAX: ffffffffffffffda RBX: 00007fe840be5fa0 RCX: 00007fe84098f749
[ 2566.002160][ T9956] RDX: 0000200000000040 RSI: 00000000c0105512 RDI: 0000000000000003
[ 2566.002172][ T9956] RBP: 00007fe841760090 R08: 0000000000000000 R09: 0000000000000000
[ 2566.002183][ T9956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2566.002196][ T9956] R13: 00007fe840be6038 R14: 00007fe840be5fa0 R15: 00007ffd0fb870b8
[ 2566.002224][ T9956]  </TASK>
[ 2567.379069][ T9974] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9754'.
[ 2567.735693][ T9986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9758'.
[ 2567.757263][ T9989] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2568.855411][ T5822] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2568.866337][ T5822] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2568.875597][ T5822] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2568.918063][ T5822] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2568.927739][T10007] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9762'.
[ 2568.942614][ T5822] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2569.453858][T10003] chnl_net:caif_netlink_parms(): no params data found
[ 2569.845679][T10019] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9764'.
[ 2570.016657][T10003] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2570.060921][T10003] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2570.130420][T10003] bridge_slave_0: entered allmulticast mode
[ 2570.743835][T10003] bridge_slave_0: entered promiscuous mode
[ 2570.788202][T10003] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2570.924162][T10003] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2571.052734][T12061] Bluetooth: hci1: command tx timeout
[ 2571.461459][T10003] bridge_slave_1: entered allmulticast mode
[ 2571.468308][T10003] bridge_slave_1: entered promiscuous mode
[ 2572.339611][T10003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2572.584393][T10003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2572.945504][T10041] netlink: 'syz.3.9768': attribute type 10 has an invalid length.
[ 2572.998944][T10043] 8021q: VLANs not supported on lo
[ 2573.131614][T12061] Bluetooth: hci1: command tx timeout
[ 2573.237217][T10003] team0: Port device team_slave_0 added
[ 2573.276749][T10003] team0: Port device team_slave_1 added
[ 2574.095492][ T8015] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 2574.147449][T10003] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2574.165249][T10003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2574.247005][T10003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2574.271270][ T8015] usb 4-1: Using ep0 maxpacket: 16
[ 2574.303051][ T8015] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2574.325245][ T8015] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2574.404885][ T8015] usb 4-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[ 2574.423272][T10003] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2574.447193][ T8015] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2574.460936][T10003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 2574.529800][ T8015] usb 4-1: config 0 descriptor??
[ 2574.556756][T10003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2574.688460][   T13] tipc: Resetting bearer <eth:ip6_vti0>
[ 2575.066336][ T8015] input: HID 041e:3100 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:041E:3100.0012/input/input206
[ 2575.186590][ T8015] creative-sb0540 0003:041E:3100.0012: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.3-1/input0
[ 2575.211067][T12061] Bluetooth: hci1: command tx timeout
[ 2575.439217][ T6660] usb 4-1: USB disconnect, device number 117
[ 2576.122827][   T13] tipc: Disabling bearer <eth:ip6_vti0>
[ 2577.291081][T12061] Bluetooth: hci1: command tx timeout
[ 2577.391466][   T13] dvmrp6 (unregistering): left allmulticast mode
[ 2577.552479][T10082] netlink: 'syz.3.9775': attribute type 10 has an invalid length.
[ 2577.704869][T10084] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9776'.
[ 2578.146042][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2578.156125][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2578.165795][   T13] bond0 (unregistering): Released all slaves
[ 2578.345757][   T13] bond1 (unregistering): Released all slaves
[ 2578.535474][   T13] bond2 (unregistering): Released all slaves
[ 2578.711405][   T13] bond3 (unregistering): Released all slaves
[ 2578.878874][   T13] bond4 (unregistering): Released all slaves
[ 2579.038763][   T13] bond5 (unregistering): Released all slaves
[ 2579.187232][   T13] bond6 (unregistering): Released all slaves
[ 2579.324829][   T13] bond7 (unregistering): Released all slaves
[ 2579.342556][T10062] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 2579.400797][T10081] 8021q: VLANs not supported on lo
[ 2579.780870][   T13] tipc: Left network mode
[ 2580.307086][T10003] hsr_slave_0: entered promiscuous mode
[ 2580.459319][T10003] hsr_slave_1: entered promiscuous mode
[ 2580.491809][T10003] debugfs: 'hsr0' already exists in 'hsr'
[ 2580.517263][T10107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9779'.
[ 2580.645317][T10003] Cannot create hsr debugfs directory
[ 2580.682687][T10111] Invalid ELF header type: 3 != 1
[ 2580.743383][   T30] audit: type=1400 audit(1768275448.260:1305): avc:  denied  { module_load } for  pid=10088 comm="syz.2.9779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 2581.151372][T10107] hsr_slave_0: left promiscuous mode
[ 2581.591678][T10107] hsr_slave_1: left promiscuous mode
[ 2583.554150][   T13] hsr_slave_0: left promiscuous mode
[ 2583.577644][   T13] hsr_slave_1: left promiscuous mode
[ 2583.584182][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2583.592565][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2585.119091][T10165] input: syz0 as /devices/virtual/input/input207
[ 2587.219364][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 2587.299361][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 2587.307574][   T30] audit: type=1400 audit(1768275454.890:1306): avc:  denied  { append } for  pid=10179 comm="syz.2.9793" name="usbmon8" dev="devtmpfs" ino=740 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 2587.923543][T10142] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2587.962336][T10149] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 2588.222869][T10188] futex_wake_op: syz.3.9795 tries to shift op by -1; fix this program
[ 2588.489617][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9795'.
[ 2589.419053][T10192] team1: entered promiscuous mode
[ 2589.438370][T10192] team1: entered allmulticast mode
[ 2589.492032][T10191] mkiss: ax0: crc mode is auto.
[ 2589.545186][T10204] pim6reg: entered allmulticast mode
[ 2589.646989][T10199] pim6reg: left allmulticast mode
[ 2590.072048][T10218] input: syz0 as /devices/virtual/input/input208
[ 2590.177089][T12061] Bluetooth: hci0: command 0x0c1a tx timeout
[ 2590.183379][ T6660] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 2590.191654][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2590.199002][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2590.495683][ T6660] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[ 2590.847160][T10221] netlink: 'syz.2.9800': attribute type 10 has an invalid length.
[ 2590.936189][T10220] 8021q: VLANs not supported on lo
[ 2593.155792][T10234] 8021q: adding VLAN 0 to HW filter on device bond3
[ 2593.777303][T12061] Bluetooth: hci1: command 0x0c1a tx timeout
[ 2593.777497][ T6660] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 2593.799681][ T6660] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 2594.715819][T10252] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2594.874154][T10003] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2594.945165][T10003] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2595.004582][T10003] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2595.171303][T10003] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2595.813408][T10275] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9804'.
[ 2596.277348][T10003] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2596.524370][T10287] input: syz0 as /devices/virtual/input/input209
[ 2597.748190][T10003] 8021q: adding VLAN 0 to HW filter on device team0
[ 2597.828889][ T9857] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2597.836108][ T9857] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2598.745170][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2598.752380][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2598.770191][T10302] __vm_enough_memory: pid: 10302, comm: syz.4.9811, bytes: 4503599627366400 not enough memory for the allocation
[ 2599.844530][T10327] mkiss: ax0: crc mode is auto.
[ 2600.335164][T10003] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2601.156546][T10003] veth0_vlan: entered promiscuous mode
[ 2601.219618][T10003] veth1_vlan: entered promiscuous mode
[ 2601.825306][T10346] FAULT_INJECTION: forcing a failure.
[ 2601.825306][T10346] name failslab, interval 1, probability 0, space 0, times 0
[ 2601.862625][T10346] CPU: 1 UID: 0 PID: 10346 Comm: syz.3.9819 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2601.862656][T10346] Tainted: [L]=SOFTLOCKUP
[ 2601.862663][T10346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2601.862675][T10346] Call Trace:
[ 2601.862681][T10346]  <TASK>
[ 2601.862689][T10346]  dump_stack_lvl+0x16c/0x1f0
[ 2601.862719][T10346]  should_fail_ex+0x512/0x640
[ 2601.862746][T10346]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 2601.862768][T10346]  should_failslab+0xc2/0x120
[ 2601.862792][T10346]  __kmalloc_cache_noprof+0x80/0x800
[ 2601.862809][T10346]  ? find_held_lock+0x2b/0x80
[ 2601.862836][T10346]  ? __scm_send+0xf0e/0x1660
[ 2601.862859][T10346]  ? __scm_send+0xf0e/0x1660
[ 2601.862875][T10346]  __scm_send+0xf0e/0x1660
[ 2601.862904][T10346]  ? __pfx___scm_send+0x10/0x10
[ 2601.862936][T10346]  unix_stream_sendmsg+0x94c/0x1320
[ 2601.862962][T10346]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[ 2601.862992][T10346]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[ 2601.863024][T10346]  ____sys_sendmsg+0xa5d/0xc30
[ 2601.863052][T10346]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2601.863082][T10346]  ? __pfx__kstrtoull+0x10/0x10
[ 2601.863109][T10346]  ___sys_sendmsg+0x134/0x1d0
[ 2601.863131][T10346]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2601.863169][T10346]  ? find_held_lock+0x2b/0x80
[ 2601.863213][T10346]  __sys_sendmmsg+0x200/0x420
[ 2601.863240][T10346]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2601.863269][T10346]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2601.863306][T10346]  ? fput+0x70/0xf0
[ 2601.863322][T10346]  ? ksys_write+0x1ac/0x250
[ 2601.863343][T10346]  ? __pfx_ksys_write+0x10/0x10
[ 2601.863369][T10346]  __x64_sys_sendmmsg+0x9c/0x100
[ 2601.863387][T10346]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2601.863410][T10346]  do_syscall_64+0xcd/0xf80
[ 2601.863436][T10346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2601.863454][T10346] RIP: 0033:0x7f17c138f749
[ 2601.863468][T10346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2601.863485][T10346] RSP: 002b:00007f17c2171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2601.863504][T10346] RAX: ffffffffffffffda RBX: 00007f17c15e5fa0 RCX: 00007f17c138f749
[ 2601.863517][T10346] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000004
[ 2601.863528][T10346] RBP: 00007f17c2171090 R08: 0000000000000000 R09: 0000000000000000
[ 2601.863539][T10346] R10: 0000000004040091 R11: 0000000000000246 R12: 0000000000000001
[ 2601.863551][T10346] R13: 00007f17c15e6038 R14: 00007f17c15e5fa0 R15: 00007ffc9468d058
[ 2601.863576][T10346]  </TASK>
[ 2602.144424][T10003] veth0_macvtap: entered promiscuous mode
[ 2602.154143][T10003] veth1_macvtap: entered promiscuous mode
[ 2602.173941][T10003] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2602.185277][T10003] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2602.218844][   T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2602.227913][   T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2602.236700][   T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2602.246000][   T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2602.387054][ T5923] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 2603.104280][T10362] QAT: failed to copy from user cfg_data.
[ 2603.662850][ T5923] usb 3-1: config 0 has an invalid interface number: 252 but max is 0
[ 2603.673260][ T5923] usb 3-1: config 0 has no interface number 0
[ 2603.683557][ T1300] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2603.710519][ T5923] usb 3-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08
[ 2603.754552][ T1300] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2603.758760][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2603.831132][   T30] audit: type=1400 audit(1768275471.350:1307): avc:  denied  { create } for  pid=10352 comm="syz.3.9820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 2603.911271][ T5923] usb 3-1: Product: syz
[ 2603.919472][ T5923] usb 3-1: Manufacturer: syz
[ 2603.936128][ T5923] usb 3-1: SerialNumber: syz
[ 2603.954975][T30893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2603.964375][ T5923] usb 3-1: config 0 descriptor??
[ 2603.977368][T30893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2603.987593][ T5923] usb-storage 3-1:0.252: USB Mass Storage device detected
[ 2604.022851][ T5923] usb-storage 3-1:0.252: device ignored
[ 2604.091034][T10371] __vm_enough_memory: pid: 10371, comm: syz.1.9823, bytes: 4503599627366400 not enough memory for the allocation
[ 2604.242903][T10373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9823'.
[ 2604.457224][T10351] batadv_slave_0: entered promiscuous mode
[ 2604.464315][T10351] macvtap0: entered promiscuous mode
[ 2604.469815][T10351] macvtap0: entered allmulticast mode
[ 2604.942555][T10376] QAT: failed to copy from user cfg_data.
[ 2605.440724][T10351] batadv_slave_0: entered allmulticast mode
[ 2606.106467][ T5923] usb 3-1: USB disconnect, device number 113
[ 2606.221295][T10389] netlink: 24 bytes leftover after parsing attributes in process `syz.1.9827'.
[ 2606.862607][T10393] netlink: 'syz.2.9828': attribute type 12 has an invalid length.
[ 2608.854581][T10412] mkiss: ax0: crc mode is auto.
[ 2609.166938][T10416] __vm_enough_memory: pid: 10416, comm: syz.4.9835, bytes: 4503599627366400 not enough memory for the allocation
[ 2609.277082][T10420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9835'.
[ 2611.309335][T10430] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9839'.
[ 2612.317821][T10455] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9845'.
[ 2612.911103][T10457] libceph: resolve '½@½Ée2²âOAq§¨­cz' (ret=-3): failed
[ 2612.978197][T10461] hub 9-0:1.0: USB hub found
[ 2612.985179][T10461] hub 9-0:1.0: 1 port detected
[ 2613.658259][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9846'.
[ 2614.368165][T10481] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9851'.
[ 2615.400316][T10493] 8021q: adding VLAN 0 to HW filter on device bond4
[ 2616.991385][T10497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9853'.
[ 2617.000353][T10497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9853'.
[ 2617.030313][T10501] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9854'.
[ 2617.964992][T10518] __vm_enough_memory: pid: 10518, comm: syz.0.9858, bytes: 4503599627366400 not enough memory for the allocation
[ 2618.112346][T10521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9858'.
[ 2621.222598][T10553] syz.4.9867 (10553): drop_caches: 2
[ 2622.137242][T10584] __vm_enough_memory: pid: 10584, comm: syz.1.9872, bytes: 4503599627366400 not enough memory for the allocation
[ 2625.089114][T10598] 8021q: adding VLAN 0 to HW filter on device bond5
[ 2625.477247][T10598] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9876'.
[ 2625.486371][T10598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9876'.
[ 2625.579643][T10611] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2625.623302][T10608] netlink: 52 bytes leftover after parsing attributes in process `syz.3.9877'.
[ 2625.730730][T10616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9880'.
[ 2626.137168][T10618] netlink: 'syz.4.9881': attribute type 10 has an invalid length.
[ 2626.178840][T10608] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2626.186622][T10608] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2626.357425][T10620] 8021q: VLANs not supported on lo
[ 2626.488745][T10627] comedi comedi3: comedi_config --init_data is deprecated
[ 2626.500734][T10627] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.9883'.
[ 2627.444430][T10630] __vm_enough_memory: pid: 10630, comm: syz.4.9884, bytes: 4503599627366400 not enough memory for the allocation
[ 2627.547986][T10631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9884'.
[ 2629.479392][T10647] netlink: 'syz.1.9888': attribute type 1 has an invalid length.
[ 2629.712645][   T30] audit: type=1400 audit(1768275497.200:1308): avc:  denied  { write } for  pid=10646 comm="syz.1.9888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 2629.713557][   T30] audit: type=1400 audit(1768275497.200:1309): avc:  denied  { write } for  pid=10646 comm="syz.1.9888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 2629.813092][T10657] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9892'.
[ 2631.666199][T10667] QAT: failed to copy from user cfg_data.
[ 2633.779001][T10684] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2634.171574][T10696] fuse: Bad value for 'fd'
[ 2634.978611][T10701] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9904'.
[ 2635.987529][T10687] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9899'.
[ 2635.997151][T10687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9899'.
[ 2636.245537][T10719] __vm_enough_memory: pid: 10719, comm: syz.2.9907, bytes: 4503599627366400 not enough memory for the allocation
[ 2638.016267][T10740] comedi comedi3: comedi_config --init_data is deprecated
[ 2638.057444][T10740] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.9912'.
[ 2638.069369][T10739] FAULT_INJECTION: forcing a failure.
[ 2638.069369][T10739] name failslab, interval 1, probability 0, space 0, times 0
[ 2638.425846][T10739] CPU: 1 UID: 0 PID: 10739 Comm: syz.3.9913 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2638.425884][T10739] Tainted: [L]=SOFTLOCKUP
[ 2638.425891][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2638.425903][T10739] Call Trace:
[ 2638.425911][T10739]  <TASK>
[ 2638.425920][T10739]  dump_stack_lvl+0x16c/0x1f0
[ 2638.425967][T10739]  should_fail_ex+0x512/0x640
[ 2638.425997][T10739]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 2638.426019][T10739]  should_failslab+0xc2/0x120
[ 2638.426046][T10739]  kmem_cache_alloc_noprof+0x83/0x770
[ 2638.426068][T10739]  ? skb_clone+0x190/0x3f0
[ 2638.426096][T10739]  ? skb_clone+0x190/0x3f0
[ 2638.426115][T10739]  skb_clone+0x190/0x3f0
[ 2638.426137][T10739]  netlink_deliver_tap+0xabd/0xd30
[ 2638.426169][T10739]  netlink_unicast+0x64c/0x870
[ 2638.426199][T10739]  ? __pfx_netlink_unicast+0x10/0x10
[ 2638.426234][T10739]  netlink_sendmsg+0x8c8/0xdd0
[ 2638.426263][T10739]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2638.426299][T10739]  ____sys_sendmsg+0xa5d/0xc30
[ 2638.426326][T10739]  ? copy_msghdr_from_user+0x10a/0x160
[ 2638.426347][T10739]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2638.426377][T10739]  ? rcu_is_watching+0x12/0xc0
[ 2638.426405][T10739]  ___sys_sendmsg+0x134/0x1d0
[ 2638.426428][T10739]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2638.426474][T10739]  ? __schedule+0x1090/0x6150
[ 2638.426513][T10739]  __sys_sendmsg+0x16d/0x220
[ 2638.426536][T10739]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2638.426576][T10739]  do_syscall_64+0xcd/0xf80
[ 2638.426604][T10739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2638.426625][T10739] RIP: 0033:0x7f17c138f749
[ 2638.426642][T10739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2638.426660][T10739] RSP: 002b:00007f17c2171038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2638.426680][T10739] RAX: ffffffffffffffda RBX: 00007f17c15e5fa0 RCX: 00007f17c138f749
[ 2638.426693][T10739] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[ 2638.426705][T10739] RBP: 00007f17c2171090 R08: 0000000000000000 R09: 0000000000000000
[ 2638.426716][T10739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2638.426727][T10739] R13: 00007f17c15e6038 R14: 00007f17c15e5fa0 R15: 00007ffc9468d058
[ 2638.426757][T10739]  </TASK>
[ 2638.427321][T10739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9913'.
[ 2639.347866][T10745] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9915'.
[ 2639.993070][T10762] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9921'.
[ 2640.501032][ T5875] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[ 2640.738276][ T5875] usb 2-1: Using ep0 maxpacket: 16
[ 2640.749893][ T5875] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[ 2640.761225][ T5875] usb 2-1: config 0 has no interface number 0
[ 2640.772043][ T5875] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 2640.795609][ T5875] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 2640.931595][T10776] comedi comedi3: comedi_config --init_data is deprecated
[ 2640.978828][T10776] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9925'.
[ 2641.668568][ T5875] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 2641.678530][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 2641.686867][ T5875] usb 2-1: Product: syz
[ 2641.691119][ T5875] usb 2-1: SerialNumber: syz
[ 2641.699167][ T5875] usb 2-1: config 0 descriptor??
[ 2641.708259][ T5875] cm109 2-1:0.8: invalid payload size 0, expected 4
[ 2641.719078][ T5875] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input210
[ 2641.987993][   T30] audit: type=1400 audit(1768275509.570:1310): avc:  denied  { append } for  pid=10766 comm="syz.1.9922" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 2642.034395][T10786] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9929'.
[ 2643.156798][T10804] fuse: Bad value for 'fd'
[ 2644.222021][    C1] cm109_urb_ctl_callback: 17 callbacks suppressed
[ 2644.222053][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.236128][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.243413][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.250609][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.258114][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.265393][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.273041][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.280270][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.287624][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.295036][    C1] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 2644.303539][ T8012] usb 2-1: USB disconnect, device number 80
[ 2644.305784][    C1] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 2644.350523][ T8012] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 2644.387006][T10828] netlink: 44 bytes leftover after parsing attributes in process `syz.0.9933'.
[ 2646.244277][T10847] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.9938'.
[ 2647.164670][T10853] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9940'.
[ 2648.756449][T10870] fuse: Bad value for 'fd'
[ 2649.021049][ T8369] usb 3-1: new high-speed USB device number 114 using dummy_hcd
[ 2649.281662][T10874] netlink: 44 bytes leftover after parsing attributes in process `syz.4.9947'.
[ 2649.321741][ T8369] usb 3-1: Using ep0 maxpacket: 32
[ 2649.337936][ T8369] usb 3-1: config 0 has an invalid interface number: 151 but max is 0
[ 2649.395044][ T8369] usb 3-1: config 0 has no interface number 0
[ 2649.412242][ T8369] usb 3-1: New USB device found, idVendor=2770, idProduct=9051, bcdDevice=d9.3e
[ 2649.424708][ T8369] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2649.443681][ T8369] usb 3-1: Product: syz
[ 2649.503698][ T8369] usb 3-1: Manufacturer: syz
[ 2649.520246][ T8369] usb 3-1: SerialNumber: syz
[ 2649.537310][ T8369] usb 3-1: config 0 descriptor??
[ 2649.551764][ T8369] gspca_main: sq905c-2.14.0 probing 2770:9051
[ 2650.474447][ T8369] gspca_sq905c: sq905c_command: usb_control_msg failed (-110)
[ 2650.503854][ T8369] sq905c 3-1:0.151: probe with driver sq905c failed with error -110
[ 2650.554694][ T8369] usb 3-1: USB disconnect, device number 114
[ 2650.884569][T10887] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9951'.
[ 2651.617541][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2651.630984][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2653.010304][T10901] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9954'.
[ 2653.523689][T10904] QAT: failed to copy from user cfg_data.
[ 2654.081669][T10907] __vm_enough_memory: pid: 10907, comm: syz.1.9957, bytes: 4503599627366400 not enough memory for the allocation
[ 2654.232593][T10909] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9957'.
[ 2655.009034][   T30] audit: type=1400 audit(1768275522.320:1311): avc:  denied  { bind } for  pid=10908 comm="syz.0.9958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 2656.775175][T10937] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.9964'.
[ 2657.843256][T10946] netlink: 44 bytes leftover after parsing attributes in process `syz.3.9959'.
[ 2659.721020][ T6660] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[ 2659.892971][T10974] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.9978'.
[ 2659.931401][ T6660] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2659.964880][T10976] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9977'.
[ 2660.045818][ T6660] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2660.142664][ T6660] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[ 2660.270141][ T6660] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2660.494234][ T6660] usb 4-1: config 0 descriptor??
[ 2661.052743][T10982] Cannot find add_set index 0 as target
[ 2661.432698][ T6660] pyra 0003:1E7D:2CF6.0013: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0
[ 2661.637525][ T6660] pyra 0003:1E7D:2CF6.0013: couldn't init struct pyra_device
[ 2661.666581][ T6660] pyra 0003:1E7D:2CF6.0013: couldn't install mouse
[ 2661.692935][ T6660] pyra 0003:1E7D:2CF6.0013: probe with driver pyra failed with error -71
[ 2661.789507][ T6660] usb 4-1: USB disconnect, device number 118
[ 2662.968449][T11001] FAULT_INJECTION: forcing a failure.
[ 2662.968449][T11001] name failslab, interval 1, probability 0, space 0, times 0
[ 2662.997604][T11001] CPU: 1 UID: 0 PID: 11001 Comm: syz.4.9983 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2662.997641][T11001] Tainted: [L]=SOFTLOCKUP
[ 2662.997648][T11001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2662.997660][T11001] Call Trace:
[ 2662.997668][T11001]  <TASK>
[ 2662.997676][T11001]  dump_stack_lvl+0x16c/0x1f0
[ 2662.997711][T11001]  should_fail_ex+0x512/0x640
[ 2662.997741][T11001]  ? fs_reclaim_acquire+0xae/0x150
[ 2662.997769][T11001]  should_failslab+0xc2/0x120
[ 2662.997795][T11001]  __kmalloc_noprof+0xeb/0x910
[ 2662.997824][T11001]  ? tomoyo_encode2+0x100/0x3e0
[ 2662.997855][T11001]  ? tomoyo_encode2+0x100/0x3e0
[ 2662.997878][T11001]  tomoyo_encode2+0x100/0x3e0
[ 2662.997908][T11001]  tomoyo_encode+0x29/0x50
[ 2662.997932][T11001]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 2662.997965][T11001]  tomoyo_path_number_perm+0x245/0x580
[ 2662.997987][T11001]  ? tomoyo_path_number_perm+0x237/0x580
[ 2662.998012][T11001]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2662.998036][T11001]  ? find_held_lock+0x2b/0x80
[ 2662.998089][T11001]  ? find_held_lock+0x2b/0x80
[ 2662.998115][T11001]  ? hook_file_ioctl_common+0x144/0x410
[ 2662.998150][T11001]  ? __fget_files+0x20e/0x3c0
[ 2662.998181][T11001]  security_file_ioctl+0x9b/0x240
[ 2662.998208][T11001]  __x64_sys_ioctl+0xb7/0x210
[ 2662.998234][T11001]  do_syscall_64+0xcd/0xf80
[ 2662.998262][T11001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2662.998283][T11001] RIP: 0033:0x7f826a78f749
[ 2662.998299][T11001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2662.998317][T11001] RSP: 002b:00007f826b620038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2662.998336][T11001] RAX: ffffffffffffffda RBX: 00007f826a9e5fa0 RCX: 00007f826a78f749
[ 2662.998349][T11001] RDX: 0000200000000080 RSI: 00000000400454ca RDI: 0000000000000004
[ 2662.998362][T11001] RBP: 00007f826b620090 R08: 0000000000000000 R09: 0000000000000000
[ 2662.998373][T11001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2662.998385][T11001] R13: 00007f826a9e6038 R14: 00007f826a9e5fa0 R15: 00007ffe7df33ba8
[ 2662.998414][T11001]  </TASK>
[ 2662.998456][T11001] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2663.152651][T11012] fuse: Bad value for 'fd'
[ 2663.837278][T11009] QAT: failed to copy from user cfg_data.
[ 2664.435462][   T30] audit: type=1400 audit(1768275532.020:1312): avc:  denied  { checkpoint_restore } for  pid=11020 comm="syz.4.9989" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 2667.939144][T11050] netlink: 44 bytes leftover after parsing attributes in process `syz.4.9998'.
[ 2668.361936][T11055] Cannot find del_set index 4 as target
[ 2669.178327][T11064] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.10001'.
[ 2669.545258][   T30] audit: type=1400 audit(1768275537.080:1313): avc:  denied  { remount } for  pid=11057 comm="syz.4.10000" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 2673.819198][T11091] Cannot find del_set index 4 as target
[ 2674.597200][T11094] QAT: failed to copy from user cfg_data.
[ 2676.402172][T11115] vim2m vim2m.0: vidioc_s_fmt queue busy
[ 2679.055290][T11149] QAT: failed to copy from user cfg_data.
[ 2679.705378][T11153] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2680.027203][T11159] fuse: Bad value for 'fd'
[ 2680.058970][T11159] fuse: Bad value for 'fd'
[ 2681.656242][T11177] sp0: Synchronizing with TNC
[ 2681.663509][T11177] FAULT_INJECTION: forcing a failure.
[ 2681.663509][T11177] name failslab, interval 1, probability 0, space 0, times 0
[ 2681.676528][T11177] CPU: 1 UID: 0 PID: 11177 Comm: syz.4.10026 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2681.676560][T11177] Tainted: [L]=SOFTLOCKUP
[ 2681.676567][T11177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2681.676579][T11177] Call Trace:
[ 2681.676586][T11177]  <TASK>
[ 2681.676594][T11177]  dump_stack_lvl+0x16c/0x1f0
[ 2681.676625][T11177]  should_fail_ex+0x512/0x640
[ 2681.676653][T11177]  ? fs_reclaim_acquire+0xae/0x150
[ 2681.676681][T11177]  should_failslab+0xc2/0x120
[ 2681.676707][T11177]  __kmalloc_noprof+0xeb/0x910
[ 2681.676737][T11177]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2681.676770][T11177]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2681.676795][T11177]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 2681.676824][T11177]  ? tomoyo_profile+0x47/0x60
[ 2681.676855][T11177]  tomoyo_path_number_perm+0x245/0x580
[ 2681.676877][T11177]  ? tomoyo_path_number_perm+0x237/0x580
[ 2681.676902][T11177]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2681.676926][T11177]  ? __schedule+0x10b9/0x6150
[ 2681.676975][T11177]  ? find_held_lock+0x2b/0x80
[ 2681.677004][T11177]  ? hook_file_ioctl_common+0x144/0x410
[ 2681.677039][T11177]  ? __fget_files+0x20e/0x3c0
[ 2681.677071][T11177]  security_file_ioctl+0x9b/0x240
[ 2681.677098][T11177]  __x64_sys_ioctl+0xb7/0x210
[ 2681.677122][T11177]  do_syscall_64+0xcd/0xf80
[ 2681.677150][T11177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2681.677169][T11177] RIP: 0033:0x7f826a78f749
[ 2681.677186][T11177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2681.677203][T11177] RSP: 002b:00007f826b5ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2681.677222][T11177] RAX: ffffffffffffffda RBX: 00007f826a9e6090 RCX: 00007f826a78f749
[ 2681.677235][T11177] RDX: 00002000000000c0 RSI: 0000000000005412 RDI: 000000000000000b
[ 2681.677247][T11177] RBP: 00007f826b5ff090 R08: 0000000000000000 R09: 0000000000000000
[ 2681.677258][T11177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2681.677270][T11177] R13: 00007f826a9e6128 R14: 00007f826a9e6090 R15: 00007ffe7df33ba8
[ 2681.677299][T11177]  </TASK>
[ 2681.677313][T11177] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2681.964040][T11177] random: crng reseeded on system resumption
[ 2682.380866][T11175] [U] è`
[ 2683.458152][T11182] sp0: Synchronizing with TNC
[ 2683.538075][T11183] random: crng reseeded on system resumption
[ 2684.100161][T11180] [U] è`
[ 2685.787185][T11198] QAT: failed to copy from user cfg_data.
[ 2687.897321][T11213] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10036'.
[ 2689.488004][T11229] 8021q: VLANs not supported on lo
[ 2689.605138][T11234] Cannot find add_set index 0 as target
[ 2690.229500][T11226] netlink: 'syz.1.10039': attribute type 10 has an invalid length.
[ 2694.748601][T11275] overlayfs: empty lowerdir
[ 2695.686601][T11281] __vm_enough_memory: pid: 11281, comm: syz.4.10051, bytes: 4503599627366400 not enough memory for the allocation
[ 2695.753896][T11281] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10051'.
[ 2696.271008][ T8369] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 2696.420462][T11297] IPVS: Unknown mcast interface: dvmrp0
[ 2696.441654][ T8369] usb 5-1: Using ep0 maxpacket: 16
[ 2696.740982][ T8369] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2696.767482][ T8369] usb 5-1: New USB device found, idVendor=0738, idProduct=1705, bcdDevice= 0.00
[ 2696.776700][ T8369] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2696.787616][ T8369] usb 5-1: config 0 descriptor??
[ 2696.915812][T11303] 9p: Bad value for 'rfdno'
[ 2696.923999][T11303] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10056'.
[ 2697.342283][ T8369] saitek 0003:0738:1705.0014: unknown main item tag 0x0
[ 2697.349289][ T8369] saitek 0003:0738:1705.0014: unknown main item tag 0x0
[ 2697.381158][ T8369] saitek 0003:0738:1705.0014: unknown main item tag 0x0
[ 2697.530711][ T8369] saitek 0003:0738:1705.0014: unknown main item tag 0x0
[ 2697.556712][ T8369] saitek 0003:0738:1705.0014: unknown main item tag 0x0
[ 2697.763692][ T8369] saitek 0003:0738:1705.0014: hidraw0: USB HID v0.05 Device [HID 0738:1705] on usb-dummy_hcd.4-1/input0
[ 2699.532150][ T8369] usb 5-1: USB disconnect, device number 88
[ 2700.464274][T11338] fuse: Bad value for 'fd'
[ 2700.751655][ T8369] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 2701.105924][ T8369] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 2701.125684][ T8369] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 2701.262355][ T8369] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 2701.587640][ T8369] usb 4-1: config 220 has no interface number 2
[ 2701.606010][ T8369] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 2702.152942][ T8369] usb 4-1: config 220 interface 0 has no altsetting 0
[ 2702.159743][ T8369] usb 4-1: config 220 interface 76 has no altsetting 0
[ 2702.195844][ T8369] usb 4-1: config 220 interface 1 has no altsetting 0
[ 2702.389288][ T8369] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 2702.468200][ T8369] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2702.544314][ T8369] usb 4-1: Product: syz
[ 2702.568572][ T8369] usb 4-1: Manufacturer: syz
[ 2702.594743][ T8369] usb 4-1: SerialNumber: syz
[ 2704.007395][ T8369] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 2704.131390][ T8369] uvcvideo 4-1:220.0: No valid video chain found.
[ 2704.137848][ T8369] usb 4-1: selecting invalid altsetting 0
[ 2704.166053][ T8369] usb 4-1: selecting invalid altsetting 0
[ 2705.143457][ T8369] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[ 2705.190998][ T8369] usb 4-1: USB disconnect, device number 119
[ 2705.951045][T11411] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 2705.957581][T11411] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 2706.049613][T11411] vhci_hcd vhci_hcd.0: Device attached
[ 2706.200201][T11418] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2706.220935][ T7442] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 2706.280945][ T7442] usb 33-1: new low-speed USB device number 4 using vhci_hcd
[ 2707.230730][T11430] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(14)
[ 2707.237351][T11430] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 2707.315752][T11430] vhci_hcd vhci_hcd.0: Device attached
[ 2707.376066][T11435] FAULT_INJECTION: forcing a failure.
[ 2707.376066][T11435] name failslab, interval 1, probability 0, space 0, times 0
[ 2707.441942][T11435] CPU: 0 UID: 0 PID: 11435 Comm: syz.3.10087 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2707.441973][T11435] Tainted: [L]=SOFTLOCKUP
[ 2707.441979][T11435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2707.441991][T11435] Call Trace:
[ 2707.441998][T11435]  <TASK>
[ 2707.442006][T11435]  dump_stack_lvl+0x16c/0x1f0
[ 2707.442034][T11435]  should_fail_ex+0x512/0x640
[ 2707.442061][T11435]  ? fs_reclaim_acquire+0xae/0x150
[ 2707.442087][T11435]  should_failslab+0xc2/0x120
[ 2707.442112][T11435]  __kmalloc_noprof+0xeb/0x910
[ 2707.442142][T11435]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2707.442173][T11435]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 2707.442200][T11435]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 2707.442228][T11435]  ? tomoyo_profile+0x47/0x60
[ 2707.442258][T11435]  tomoyo_path_number_perm+0x245/0x580
[ 2707.442278][T11435]  ? tomoyo_path_number_perm+0x237/0x580
[ 2707.442302][T11435]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2707.442326][T11435]  ? find_held_lock+0x2b/0x80
[ 2707.442378][T11435]  ? find_held_lock+0x2b/0x80
[ 2707.442410][T11435]  ? hook_file_ioctl_common+0x144/0x410
[ 2707.442443][T11435]  ? __fget_files+0x20e/0x3c0
[ 2707.442473][T11435]  security_file_ioctl+0x9b/0x240
[ 2707.442498][T11435]  __x64_sys_ioctl+0xb7/0x210
[ 2707.442522][T11435]  do_syscall_64+0xcd/0xf80
[ 2707.442548][T11435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2707.442566][T11435] RIP: 0033:0x7f17c138f749
[ 2707.442580][T11435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2707.442597][T11435] RSP: 002b:00007f17c2171038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2707.442615][T11435] RAX: ffffffffffffffda RBX: 00007f17c15e5fa0 RCX: 00007f17c138f749
[ 2707.442628][T11435] RDX: 00002000000001c0 RSI: 0000000080044941 RDI: 0000000000000003
[ 2707.442639][T11435] RBP: 00007f17c2171090 R08: 0000000000000000 R09: 0000000000000000
[ 2707.442651][T11435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2707.442663][T11435] R13: 00007f17c15e6038 R14: 00007f17c15e5fa0 R15: 00007ffc9468d058
[ 2707.442692][T11435]  </TASK>
[ 2707.652717][T11435] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2707.704547][T11431] vhci_hcd: connection closed
[ 2707.753658][ T6059] vhci_hcd vhci_hcd.0: stop threads
[ 2707.763979][ T6059] vhci_hcd vhci_hcd.0: release socket
[ 2707.769426][ T6059] vhci_hcd vhci_hcd.0: disconnect device
[ 2707.836752][T11412] vhci_hcd: connection reset by peer
[ 2707.848356][ T9947] vhci_hcd vhci_hcd.0: stop threads
[ 2707.864224][ T9947] vhci_hcd vhci_hcd.0: release socket
[ 2707.870287][ T9947] vhci_hcd vhci_hcd.0: disconnect device
[ 2709.910564][T11461] Cannot find add_set index 0 as target
[ 2711.108786][T11445] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.10088'.
[ 2711.183351][T11445] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 2711.233056][T11445] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 2711.523116][ T7442] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 2712.124252][T11478] QAT: failed to copy from user cfg_data.
[ 2713.057392][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 2713.064288][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 2713.502158][T11493] Cannot find del_set index 4 as target
[ 2713.966492][T29495] usb 2-1: new full-speed USB device number 81 using dummy_hcd
[ 2714.099735][T11492] netlink: 'syz.0.10102': attribute type 10 has an invalid length.
[ 2714.210939][T29495] usb 2-1: device descriptor read/64, error -71
[ 2714.299045][T11498] geneve2: entered promiscuous mode
[ 2714.333669][T11498] netlink: 32 bytes leftover after parsing attributes in process `syz.4.10104'.
[ 2714.951559][T29495] usb 2-1: new full-speed USB device number 82 using dummy_hcd
[ 2715.131450][T29495] usb 2-1: device descriptor read/64, error -71
[ 2715.236574][T11509] netlink: 'syz.4.10107': attribute type 10 has an invalid length.
[ 2715.254342][T29495] usb usb2-port1: attempt power cycle
[ 2715.264697][T11509] netlink: 40 bytes leftover after parsing attributes in process `syz.4.10107'.
[ 2715.337078][T11512] 8021q: adding VLAN 0 to HW filter on device bond4
[ 2715.596769][T11509] IPVS: set_ctl: invalid protocol: 59 127.0.0.1:20003
[ 2715.611215][T29495] usb 2-1: new full-speed USB device number 83 using dummy_hcd
[ 2716.357725][T29495] usb 2-1: device descriptor read/8, error -71
[ 2716.659777][T11526] comedi comedi3: comedi_config --init_data is deprecated
[ 2716.694603][T11526] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.10110'.
[ 2717.416621][T11531] QAT: failed to copy from user cfg_data.
[ 2718.006166][T11512] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10108'.
[ 2718.015365][T11512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10108'.
[ 2719.456879][   T30] audit: type=1400 audit(1768275587.040:1314): avc:  denied  { write } for  pid=11549 comm="syz.4.10113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 2723.276174][T11573] QAT: failed to copy from user cfg_data.
[ 2723.867446][T11568] QAT: failed to copy from user cfg_data.
[ 2828.880739][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 2828.887714][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11571/1:b..l P11454/2:b..l P11092/1:b..l
[ 2828.898760][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=257853, q=970 ncpus=2)
[ 2828.906550][    C1] task:kworker/0:2     state:R  running task     stack:27400 pid:11092 tgid:11092 ppid:2      task_flags:0x4208060 flags:0x00080000
[ 2828.921171][    C1] Workqueue: events_power_efficient gc_worker
[ 2828.927261][    C1] Call Trace:
[ 2828.930533][    C1]  <TASK>
[ 2828.933457][    C1]  ? __schedule+0x10b9/0x6150
[ 2828.938136][    C1]  __schedule+0x1139/0x6150
[ 2828.942638][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2828.947858][    C1]  ? __pfx___schedule+0x10/0x10
[ 2828.952707][    C1]  ? irqentry_exit+0x1dd/0x8c0
[ 2828.957477][    C1]  ? preempt_schedule_notrace_thunk+0x16/0x30
[ 2828.963543][    C1]  preempt_schedule_notrace+0x62/0xe0
[ 2828.968914][    C1]  preempt_schedule_notrace_thunk+0x16/0x30
[ 2828.974811][    C1]  rcu_is_watching+0x8e/0xc0
[ 2828.979403][    C1]  lock_acquire+0x2cd/0x330
[ 2828.983905][    C1]  ? __pfx___might_resched+0x10/0x10
[ 2828.989180][    C1]  ? gc_worker+0x999/0x16e0
[ 2828.993689][    C1]  gc_worker+0x241/0x16e0
[ 2828.998032][    C1]  ? gc_worker+0x230/0x16e0
[ 2829.002548][    C1]  ? debug_object_deactivate+0x1ec/0x3a0
[ 2829.008196][    C1]  ? __pfx_gc_worker+0x10/0x10
[ 2829.012967][    C1]  ? rcu_is_watching+0x12/0xc0
[ 2829.017726][    C1]  process_one_work+0x9ba/0x1b20
[ 2829.022670][    C1]  ? __pfx_br_fdb_cleanup+0x10/0x10
[ 2829.027862][    C1]  ? __pfx_process_one_work+0x10/0x10
[ 2829.033239][    C1]  ? assign_work+0x1a0/0x250
[ 2829.037829][    C1]  worker_thread+0x6c8/0xf10
[ 2829.042427][    C1]  ? __kthread_parkme+0x19e/0x250
[ 2829.047448][    C1]  ? __pfx_worker_thread+0x10/0x10
[ 2829.052565][    C1]  kthread+0x3c5/0x780
[ 2829.056646][    C1]  ? __pfx_kthread+0x10/0x10
[ 2829.061243][    C1]  ? rcu_is_watching+0x12/0xc0
[ 2829.066008][    C1]  ? __pfx_kthread+0x10/0x10
[ 2829.070604][    C1]  ret_from_fork+0x983/0xb10
[ 2829.075192][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 2829.080298][    C1]  ? __switch_to+0x7af/0x10d0
[ 2829.084970][    C1]  ? __pfx_kthread+0x10/0x10
[ 2829.089556][    C1]  ret_from_fork_asm+0x1a/0x30
[ 2829.094338][    C1]  </TASK>
[ 2829.097346][    C1] task:syz.1.10088     state:R  running task     stack:24040 pid:11454 tgid:11454 ppid:6304   task_flags:0x40064c flags:0x00080001
[ 2829.110843][    C1] Call Trace:
[ 2829.114111][    C1]  <TASK>
[ 2829.117035][    C1]  ? __schedule+0x10b9/0x6150
[ 2829.121709][    C1]  __schedule+0x1139/0x6150
[ 2829.126211][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[ 2829.131253][    C1]  ? __pfx___schedule+0x10/0x10
[ 2829.136108][    C1]  preempt_schedule_irq+0x51/0x90
[ 2829.141131][    C1]  irqentry_exit+0x1d8/0x8c0
[ 2829.145725][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2829.151701][    C1] RIP: 0010:page_ref_add_unless.constprop.0+0x9c/0x390
[ 2829.158562][    C1] Code: 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 14 02 48 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 c5 02 00 00 8b 5b 34 <e8> ef 29 c7 ff 31 ff 89 de 41 89 dd e8 83 24 c7 ff 85 db 0f 84 9f
[ 2829.178169][    C1] RSP: 0018:ffffc900041ff280 EFLAGS: 00000246
[ 2829.184228][    C1] RAX: 0000000000000007 RBX: 0000000000000001 RCX: ffffffff81f7c11f
[ 2829.192188][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea0001317f74
[ 2829.200149][    C1] RBP: ffffea0001317f74 R08: 0000000000000001 R09: fffff94000262fee
[ 2829.208109][    C1] R10: ffffea0001317f77 R11: ffff888091b20b30 R12: 1ffff9200083fe5e
[ 2829.216068][    C1] R13: ffffc900041ff310 R14: fffffffffffffffe R15: 0000000000000004
[ 2829.224035][    C1]  ? page_ref_add_unless.constprop.0+0x6f/0x390
[ 2829.230286][    C1]  find_lock_entries+0x1c1/0xbf0
[ 2829.235221][    C1]  ? __pfx_find_lock_entries+0x10/0x10
[ 2829.240676][    C1]  ? __pfx___might_resched+0x10/0x10
[ 2829.245952][    C1]  ? folio_batch_remove_exceptionals+0x115/0x1a0
[ 2829.252282][    C1]  shmem_undo_range+0x216/0x1140
[ 2829.257221][    C1]  ? __pfx_shmem_undo_range+0x10/0x10
[ 2829.262613][    C1]  ? find_held_lock+0x2b/0x80
[ 2829.267324][    C1]  shmem_evict_inode+0x39e/0xbe0
[ 2829.272251][    C1]  ? inode_wait_for_writeback+0x170/0x390
[ 2829.277967][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 2829.283416][    C1]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[ 2829.289487][    C1]  ? find_held_lock+0x2b/0x80
[ 2829.294167][    C1]  ? evict+0x37e/0xad0
[ 2829.298231][    C1]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 2829.303682][    C1]  evict+0x3c2/0xad0
[ 2829.307567][    C1]  ? find_held_lock+0x2b/0x80
[ 2829.312265][    C1]  ? __pfx_evict+0x10/0x10
[ 2829.316677][    C1]  ? iput.part.0+0x619/0x1190
[ 2829.321353][    C1]  iput.part.0+0x621/0x1190
[ 2829.325854][    C1]  iput+0x35/0x40
[ 2829.329484][    C1]  dentry_unlink_inode+0x29c/0x480
[ 2829.334598][    C1]  __dentry_kill+0x1d0/0x600
[ 2829.339188][    C1]  finish_dput+0x76/0x480
[ 2829.343513][    C1]  dput.part.0+0x451/0x570
[ 2829.347923][    C1]  dput+0x1f/0x30
[ 2829.351551][    C1]  __fput+0x51c/0xb70
[ 2829.355535][    C1]  task_work_run+0x150/0x240
[ 2829.360127][    C1]  ? __pfx_task_work_run+0x10/0x10
[ 2829.365240][    C1]  ? do_raw_spin_unlock+0x172/0x230
[ 2829.370444][    C1]  do_exit+0x87f/0x2bd0
[ 2829.374599][    C1]  ? proc_coredump_connector+0x2d1/0x4f0
[ 2829.380228][    C1]  ? __pfx_do_exit+0x10/0x10
[ 2829.384815][    C1]  do_group_exit+0xd3/0x2a0
[ 2829.389316][    C1]  get_signal+0x2671/0x26d0
[ 2829.393828][    C1]  ? __pfx_get_signal+0x10/0x10
[ 2829.398688][    C1]  arch_do_signal_or_restart+0x8f/0x7e0
[ 2829.404236][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 2829.410397][    C1]  ? __bad_area_nosemaphore+0x350/0x690
[ 2829.415944][    C1]  irqentry_exit+0x38a/0x8c0
[ 2829.420536][    C1]  asm_exc_page_fault+0x26/0x30
[ 2829.425383][    C1] RIP: 0033:0x7fbd2178f751
[ 2829.429787][    C1] RSP: 002b:fffffffffffffe70 EFLAGS: 00010217
[ 2829.435847][    C1] RAX: 0000000000000000 RBX: 00007fbd219e6270 RCX: 00007fbd2178f749
[ 2829.443809][    C1] RDX: 0000000000000000 RSI: fffffffffffffe70 RDI: 0000000000008000
[ 2829.451768][    C1] RBP: 00007fbd21813f91 R08: 0000000000000000 R09: 0000000000000000
[ 2829.459727][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2829.467699][    C1] R13: 00007fbd219e6308 R14: 00007fbd219e6270 R15: 00007ffcf9705418
[ 2829.475678][    C1]  </TASK>
[ 2829.478682][    C1] task:syz-executor    state:R  running task     stack:28520 pid:11571 tgid:11571 ppid:6825   task_flags:0x400040 flags:0x00080000
[ 2829.492181][    C1] Call Trace:
[ 2829.495448][    C1]  <TASK>
[ 2829.498369][    C1]  ? __schedule+0x10b9/0x6150
[ 2829.503041][    C1]  __schedule+0x1139/0x6150
[ 2829.507550][    C1]  ? __lock_acquire+0x436/0x2890
[ 2829.512493][    C1]  ? __pfx___schedule+0x10/0x10
[ 2829.517343][    C1]  ? mark_held_locks+0x49/0x80
[ 2829.522104][    C1]  preempt_schedule_irq+0x51/0x90
[ 2829.527124][    C1]  irqentry_exit+0x1d8/0x8c0
[ 2829.531709][    C1]  ? rcu_is_watching+0x12/0xc0
[ 2829.536475][    C1]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 2829.541926][    C1] RIP: 0010:mls_compute_sid+0x48/0x10a0
[ 2829.547465][    C1] Code: 89 fd 53 4c 89 cb 48 83 c4 80 4c 8d 74 24 20 8b 84 24 b8 00 00 00 48 89 54 24 08 49 c1 ee 03 89 0c 24 4b 8d 14 3e 89 44 24 14 <88> 44 24 13 66 89 4c 24 10 48 c7 44 24 20 b3 8a b5 41 48 c7 44 24
[ 2829.567066][    C1] RSP: 0018:ffffc90004997798 EFLAGS: 00000a02
[ 2829.573123][    C1] RAX: 0000000000000000 RBX: ffffc90004997a20 RCX: 0000000000000009
[ 2829.581080][    C1] RDX: fffff52000932ef7 RSI: ffff88802b2d4140 RDI: ffff888036bdc808
[ 2829.589039][    C1] RBP: ffff888036bdc808 R08: 0000000000000010 R09: ffffc90004997a20
[ 2829.596998][    C1] R10: 0000000000000000 R11: ffff8880266c2ff0 R12: 0000000000000010
[ 2829.604957][    C1] R13: ffff88802b2d4140 R14: 1ffff92000932ef7 R15: dffffc0000000000
[ 2829.612939][    C1]  ? sidtab_do_lookup+0x1bd/0x9d0
[ 2829.617967][    C1]  ? ebitmap_get_bit.part.0.isra.0+0xa3/0x150
[ 2829.624031][    C1]  ? policydb_roletr_search+0x2a4/0x350
[ 2829.629574][    C1]  security_compute_sid+0x81a/0x2140
[ 2829.634870][    C1]  ? stack_depot_save_flags+0x29/0x9b0
[ 2829.640328][    C1]  ? __pfx_security_compute_sid+0x10/0x10
[ 2829.646042][    C1]  ? alloc_inode+0x86/0x240
[ 2829.650541][    C1]  ? kasan_save_stack+0x42/0x60
[ 2829.655386][    C1]  ? kasan_save_stack+0x33/0x60
[ 2829.660229][    C1]  ? kasan_save_track+0x14/0x30
[ 2829.665079][    C1]  ? __kasan_kmalloc+0xaa/0xb0
[ 2829.669837][    C1]  ? __kmalloc_noprof+0x33d/0x910
[ 2829.674863][    C1]  ? security_inode_init_security+0x113/0x370
[ 2829.680921][    C1]  ? shmem_symlink+0x138/0x960
[ 2829.685672][    C1]  ? vfs_symlink+0x4b5/0x800
[ 2829.690253][    C1]  ? do_symlinkat+0x353/0x4b0
[ 2829.694929][    C1]  ? __x64_sys_symlinkat+0x93/0xc0
[ 2829.700042][    C1]  ? do_syscall_64+0xcd/0xf80
[ 2829.704718][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2829.710800][    C1]  security_transition_sid+0x68/0x80
[ 2829.716090][    C1]  selinux_determine_inode_label+0x2af/0x400
[ 2829.722073][    C1]  selinux_inode_init_security+0x281/0x660
[ 2829.727883][    C1]  ? __pfx_selinux_inode_init_security+0x10/0x10
[ 2829.734209][    C1]  ? trace_kmalloc+0x2b/0xb0
[ 2829.738794][    C1]  ? security_inode_init_security+0x113/0x370
[ 2829.744858][    C1]  security_inode_init_security+0x1bc/0x370
[ 2829.750749][    C1]  ? __pfx_shmem_initxattrs+0x10/0x10
[ 2829.756118][    C1]  ? __pfx_security_inode_init_security+0x10/0x10
[ 2829.762521][    C1]  ? shmem_get_inode+0x73b/0xfb0
[ 2829.767470][    C1]  shmem_symlink+0x138/0x960
[ 2829.772059][    C1]  ? __pfx_shmem_symlink+0x10/0x10
[ 2829.777162][    C1]  ? bpf_lsm_inode_permission+0x9/0x10
[ 2829.782623][    C1]  ? security_inode_permission+0xbf/0x260
[ 2829.788348][    C1]  vfs_symlink+0x4b5/0x800
[ 2829.792762][    C1]  do_symlinkat+0x353/0x4b0
[ 2829.797271][    C1]  ? __pfx_do_symlinkat+0x10/0x10
[ 2829.802303][    C1]  ? getname_flags.part.0+0x1c5/0x550
[ 2829.807672][    C1]  __x64_sys_symlinkat+0x93/0xc0
[ 2829.812611][    C1]  do_syscall_64+0xcd/0xf80
[ 2829.817113][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2829.822995][    C1] RIP: 0033:0x7fe84098ecc7
[ 2829.827398][    C1] RSP: 002b:00007ffd0fb87438 EFLAGS: 00000202 ORIG_RAX: 000000000000010a
[ 2829.835801][    C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe84098ecc7
[ 2829.843765][    C1] RDX: 00007fe840a158d7 RSI: 00000000ffffff9c RDI: 00007ffd0fb874d0
[ 2829.851727][    C1] RBP: 00007ffd0fb8747c R08: 0000000000000013 R09: 00007ffd0fb87187
[ 2829.859688][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000000d5
[ 2829.867647][    C1] R13: 00000000000927c0 R14: 0000000000298536 R15: 00007ffd0fb874d0
[ 2829.875624][    C1]  </TASK>
[ 2829.878629][    C1] rcu: rcu_preempt kthread starved for 10598 jiffies! g257853 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 2829.889895][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 2829.899853][    C1] rcu: RCU grace-period kthread stack dump:
[ 2829.905724][    C1] task:rcu_preempt     state:R  running task     stack:27800 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 2829.919217][    C1] Call Trace:
[ 2829.922480][    C1]  <TASK>
[ 2829.925398][    C1]  ? __schedule+0x10b9/0x6150
[ 2829.930072][    C1]  __schedule+0x1139/0x6150
[ 2829.934588][    C1]  ? __pfx___schedule+0x10/0x10
[ 2829.939435][    C1]  ? find_held_lock+0x2b/0x80
[ 2829.944116][    C1]  ? schedule+0x2d7/0x3a0
[ 2829.948445][    C1]  schedule+0xe7/0x3a0
[ 2829.952510][    C1]  schedule_timeout+0x123/0x290
[ 2829.957356][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 2829.962720][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 2829.968003][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 2829.973806][    C1]  ? prepare_to_swait_event+0xf5/0x480
[ 2829.979264][    C1]  rcu_gp_fqs_loop+0x1ea/0xaf0
[ 2829.984026][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 2829.989311][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2829.994509][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[ 2829.999451][    C1]  ? rcu_gp_cleanup+0x7c1/0xe90
[ 2830.004302][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 2830.010126][    C1]  rcu_gp_kthread+0x26d/0x380
[ 2830.014803][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 2830.019999][    C1]  ? rcu_is_watching+0x12/0xc0
[ 2830.024759][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2830.029954][    C1]  ? __kthread_parkme+0x19e/0x250
[ 2830.034969][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 2830.040164][    C1]  kthread+0x3c5/0x780
[ 2830.044227][    C1]  ? __pfx_kthread+0x10/0x10
[ 2830.048814][    C1]  ? rcu_is_watching+0x12/0xc0
[ 2830.053570][    C1]  ? __pfx_kthread+0x10/0x10
[ 2830.058153][    C1]  ret_from_fork+0x983/0xb10
[ 2830.062737][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 2830.067842][    C1]  ? __switch_to+0x7af/0x10d0
[ 2830.072544][    C1]  ? __pfx_kthread+0x10/0x10
[ 2830.077135][    C1]  ret_from_fork_asm+0x1a/0x30
[ 2830.081913][    C1]  </TASK>
[ 2830.084920][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 2830.091233][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 2830.101725][    C1] Tainted: [L]=SOFTLOCKUP
[ 2830.106033][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 2830.116071][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[ 2830.121700][    C1] Code: 96 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 09 12 00 fb f4 <e9> cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[ 2830.141298][    C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
[ 2830.147359][    C1] RAX: 000000000b8f0f9f RBX: 0000000000000001 RCX: ffffffff8b7856d9
[ 2830.155315][    C1] RDX: 0000000000000000 RSI: ffffffff8daceab2 RDI: ffffffff8bf2b400
[ 2830.163273][    C1] RBP: ffffed1003b56498 R08: 0000000000000001 R09: ffffed10170a673d
[ 2830.171231][    C1] R10: ffff8880b85339eb R11: ffff88801dab2ff0 R12: 0000000000000001
[ 2830.179188][    C1] R13: ffff88801dab24c0 R14: ffffffff9088bdd0 R15: 0000000000000000
[ 2830.187149][    C1] FS:  0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
[ 2830.196067][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2830.202638][    C1] CR2: 00007f8bdad377cf CR3: 00000000362b5000 CR4: 00000000003526f0
[ 2830.210598][    C1] Call Trace:
[ 2830.213862][    C1]  <TASK>
[ 2830.216777][    C1]  default_idle+0x13/0x20
[ 2830.221109][    C1]  default_idle_call+0x6c/0xb0
[ 2830.225873][    C1]  do_idle+0x38d/0x510
[ 2830.229942][    C1]  ? __pfx_do_idle+0x10/0x10
[ 2830.234538][    C1]  cpu_startup_entry+0x4f/0x60
[ 2830.239301][    C1]  start_secondary+0x21d/0x2d0
[ 2830.244055][    C1]  ? __pfx_start_secondary+0x10/0x10
[ 2830.249339][    C1]  common_startup_64+0x13e/0x148
[ 2830.254291][    C1]  </TASK>