last executing test programs:

15.644155268s ago: executing program 2 (id=3828):
r0 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x48)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x1ff)
read$FUSE(r3, &(0x7f0000002140)={0x2020, 0x0, <r4=>0x0, 0x0, <r5=>0x0}, 0x2020)
syz_fuse_handle_req(r3, &(0x7f0000004300)="afe28a28263ffd9dbc5af980196765a3c1f82c4a1fae7a322fdf0f6eec50303f6104db417704a701a8d6c5e7f5c99a5cf3eed4e0e1c82545122d6933469933ec605aaf61a5b8b1f8aacbafca498796976da62837e4a0d818ea71474d0412cfe162a7260456c425f2604cbd262e2aef92d09d6d2e105b7e7d377c95ccfe1d0f9af9f7e6a6d85d4a8ebee6fa703efd8c4a106793205a405938d47f97266eaa5fda88f11a03a8305399889ccc48f85c4b6a7747f489dc76c93b06be84635190224018e13954cd2fe714fec88f6aac3c57d5fec99307b8c8327e8854000e81d781e2f5bc37e96bbc3077555f696c6fadd199d9bfbf0997e76925fe17923ac5976e32f52ee407c43070cd8a709a2326ac96b94051cd0cc8f29b43edbc4ed850ae7a30b45db7e72114aeb46bd3a91775582c9206a638456a0e3da847a7be2e21620df89ea7e2da53f77f39cf0eb2d0b601d507d4dd57a534b5c77076052cdb03dd0c241f75f442fdb07624ad9d9fcbba92a4f20b20b424e3c9c92f2831e5efe0be454f3b4dbb9dbe6152bb152206ff0451edeffdbaba54deb39f00e74297c676effb60950dce7a847031ca85a1b3690f573bc31094d6e7d95f5821c0eae6a2685958619d94108eefcbc0dc5dda47ca509878dd8caa875d69af6c88997b5d67e5c67bf9daf89547a55061eb0cc55e2c696b71c7384ba16928fa81f7394a048329c467ef813df172236464f9d1418e5d5386b0eb6d5c4f765d0246ee91ab39c07310b61680788e3a57dab96d1eabe1a0efc2b6c882aed50d993d15f8561bc1f6bde7e79b711bb206685344aae196c1c4b97cd515911341cd60c6ad108e0013f87d063385ea5f057de4315284cb6f8545436981ce1c4bbf13f178e3a504bc0c8b1bead105f7e7622c288aca7206ee18dbb97b1b393d102d9c65e3a765e87f554d98383e4e49ad1c600d8fac4acb970ce04e0c866806bd44b21b5c891c3bccefb87bdf389d6a36992cacfe52b96e7e1014cc58ec29fe0ac221ea6d49f759f2a746e7603272d572515fbbb33d2b6f94eb9c6571118b606e18ef88ff88366aa3ecccd6c845f9b8534f49997c940a930693fcdf742fde3676c6cee9eda06ab856a4dfee75c7c9cda6b11da6441644b62116e6fdcae5b5e0148047028a5842c21fb9637771a5ac84ba9740c9c9b56b58c08730a48e81c05b312449edd27843c173d1875c28aeca43761a06fed193378129243aa514bf74d6b76ccd70807440401948d6f3bd9a352cd432e1289f2d4e78add381e4477dd8ac2f2ccd3b6533121ac51c393dc773b9e120ea8194e51d76749b4f0c4e6e40132ba1535015d5ff224ff77310be5a31a6defa004262918136b9db98a94a1fd244be1f5a7cf6762e7bea536df1d312a72776baa881833d295f1a60f2ac98d54f302d8fc72f135ab3256d065a618b60d2a6982ee89c60bac90dd81e0cfc24118c568e8e3a29a9f29e55f479a8fb5638d6cd724605b69aaacafd440020f4776652537454041acc13cdb0bf1489fbac78c4bfae755b259764756407204b22cfe838ddf82523c03b4bc1eeb55c43b1f50b7d03fd4da448ae51cc4a844fd0240e0d131c2693ed770844bf25e3bbea974a5c2a40ed65f1c3a729ed93ec22b93899aa861ce301e1cc1f3e98846a39a49169cbe3eef35e3595207f1014a8dc89d6b512dc05cd23ed4b4741f6ac778794cd1282f42a72301f37816859cb92d53db6793f294df19d0ef1bb453685f3c666b3941c25c92b204c8307c0e83469032f276cef4ce538a4570d652aa212de6fae8ae4d62399de49f0d4bfc0a47fbd79e7a86e12c9d863dde004f9e9d605dac7d688dc5daff78c27bbe727fbab0cd3058e75544261d5d83468ef23e3a224f0ec460855aad927c5c5b3bfce0a3e3c45abb0ee6dbd04242ec765e324209bdf07f4ed21eb15e2f030476fbc3cd05554f54858232625e9b37ac41b8e354ebc85a0282fbf9ad5d6e0c2d7b093bc1f887646faa1e7622f110b546dadf44eff6bafb2a58631a93e560bd67b42ab96d4a9f044f26a481feb8b3f2018a7236799c2d1877a63e5fe64dd207be729eb1cda7977d59bc139e1d2f6cae1defe90b8f6a99ae4dbac317413745521247f3691e894af33c7484afb11f4d2f858ee87e93ad202f9853c6ceee0a92e052225ebf283a017ae2e7cfcf924ea4e3b319a05a9bfe3f476308aa5039fb8a7d3642043957a2090e0727120a7aea16d16e7a4b15d5676966041f76188fb69d89080b6eb2d4d42bc84e298dedda4db06b78df5c7198230ab439f0c3b4f3f649d531664c59eee2d73fe14f01133776b717f6b7118afdb264ace9e44af5bfdf35bfa7f7ab538004c0085c11da725ed284a34c7f27da78acf488bd0f54e6026efbf81af934558c36473d0fdc85519e11b4f30fa3b7ef757c35f4c88a360549def898cc460557433e44621589e71f3118003b4695f3130dc005d32c0330b950c12e430d2a2a6b9a68995bc9e1345dcfa30585603f09e74296cffe8d758b216de00e8302eed0e06f94e7bdf835cf27fcbe57651f36d6d2de82f179f42fc8e7fed4f5c7f5b691c6e038a76cab3e604e42ceda945e155db89cc0013564726053ccd77cd8e626bac72468ae0998f686450d5e0a17ce88e1b15d05f212c336d7cb5013eb94fa861b588be01ed252b487b4d1918c87a341b5daf74f3083bd49ccc6ee26ff8993b5398145ae7f9505c1398f1bdd2cb90636f9e99da243cedccc97252fe15ee10e886c187e5c614f33bbf630c654b1d87e693b765f3a36b67bd1fb46afcd24c96a0b7784e4cabb8a8a5abca853d51694da85296a430b8856f51173946c9f143db65fd1b51b9534657d3a7953ba7186651ddc6f0a625563c3b43cfbc83330507d399ae87731e1ab1f15320779da21d2000d85155a8c9cbd6f642695a565dec615d7bdf8a47a76005b3607cde6176b8303b7eeb2212179d6f5176e45b1759810fcec418e6c41e7b33da9f92211631a070257cea55e644498466d5fc5744f903e6c4a2d3809eb6e70d50a82f66a1a05079ebe9ae0b756bb2781dafd14b1a06c0eb2c9b77b0d8d005d47aacf5447a104f85df3decb0ef8bf1483b47be9c945b95634c474f9cebdc97a91f85aba7172d05cd7b06afa043b8900ab400770fa270029e34ebab31a69367a18057ce532cd66e52b807b8665475977a56ec5407c778994ce9c85e8b96f1313e468cf83d266f14250acee2a4a52001de174d2208bc2a679916e4231fb30a99263a0398e99e9f8236010f17a5de367d673a95b374158d2baae4612ec6898d0fec2f95b45c6bd760a0cabcac1067470492c5e66c11ea745ae803dd24a5c89cac5a0d64bcc15648b1d812be638d10311d640b3251a8001619d09f138bf04e35c02807c2c87c222a6f54da320f0169cece864f4d37af54f0fdcfd455051c0effe17d2c04b3b67807af05cd8176017cd8e35c1ca1b13112f2dddde84be95ef67a6c8ad8a4ab0e7175fd124bda62656c4afec4dc8c0261a855e75575ddbb375e45a5b635fc7bc528ba387dd24f485ba69a9ba2761c243d359bce078d0ba0cdc13b6ee7d66a8546c49a4429af5866f866ba2e1e0a10ff4a3c3b5e240d918f6a896c35f51ad7b02e6d0747ee80a99c8812577600e359b703e571ec18d6b88866f28aef250de65f39b266f6795237f7d3f741127f3d47cefb255d1b3c06c7d8fec9bb8e5c666d7ca7b803dbabc6cacecbca1ed8e89ddc2140f45c4f8572c146d7ab2be20eb72baaee4b1d371aa9f06833ba1a0cb66b701c1fd90e8bcdcfb9bd57a8cad381e7cb2b99250d21384ebf771833ac6f32f4115fcb0ffa177dcae6673b1ff80cbefbaec2c863b263035ad2a0d0a340fed260d4fbf008745bc1b51e5b011b54584f6c0cf3a401f8cfd23f23e830a311bec365064895cbe8a664184aff212bac6f164f6b619e4d8521ae447abc8f59b284aa2e94061aa15afd9070fef452d4fd644da4b6b716784109d92abd31d3221a76eaf592e6529e70a67bd92cdb431c7af9f658b2ace3d954c4a5208f1edcdb8a04461262ed26b24bb3df41b1c28ec42880590b3685f56a3982250ae96c7e1fcb9aa6a9887639d2209cf190e9ea82d5634513eb36c5c0e0769250948967240e29921da36aa0c07c76c81c7bd8b7f1c1c9063b4b1fcd88f63aaf568a7cc9249fad5c996853dd160d80f5251673643fb5e0067c97b0d2b513c1d22a3c2e73786c3c5c17f14c57c2df7c830216e5c3ef066468069428501e1a78c935f4c520c5cfe9daa89ca4bb4895fec8a328453ff630848eeac719bcc09d7bee73e58f4b7cf90f098bb7019c73912b630af92ed9b309c53c5c4edaa3788f9e6d486bd363619cd2c140d9a7175f6c5f977eb6e6f58f18c8d0ace671570e0dd6ed78ca228782ddb71c6f137cf0e27fa85b52b1c15ddf184a72dab098a8b1c1f6746238a8a92848f2478b690b80c131c85e90b69953f5eb54c0b47d59b7e440190e1c9b2d72fdd94c64296ca33aab32cc8f69091df05aaefd4ea00303a3522672f01b5373abae33d34844831a1af2e51276b61e637a93e02e09c306e5fb9619e82bbcf0e43e2f5e8ec8a458b9f1c612634645eb82051fa34f4b13439c3ba2e016972df37f197d09121bd377b1472a2da64698efb11cc88fa36ac173c83ee155b73716639f5d73a29fb783fb27e5ccbab5f9b95a4dca6a7406cd053a7ac9ff25f42ebddd9afe7df308979c314acaacecea602267c6d57fb5f5222e4ccd4b18573b32d6a19f1798a1d78b36b32f0723f7b33b06c2ca43b22e4cce6cda741b3e68a056a0cd6d51b6929cf4a16fb7b2490cbe87e5612dfa7d26ad40ec412021f9033aa2884ee86c7610623fb64663ac5554e694e84877708e77d243bcdb198714fff672b0f927f9cbe5b2436002f02a559dda5232cc150170d7b32d547a080f852c6838809f8ae1995e7ad4b24c7d1ecdb6b5dabca5da671493a3a1b4da1e7ad13ca4b4dbcf53a71348366cef7ee45cb719a8321205aa70da47104e66f344393e64dcfcd015b9d6bc75ec3dd31551de4b614bdc4d89c8de1254a91c4f33cdddf98d8ddf36e8cdc537a7d11dbf51913ca87ca9f644a2a08905e15c0f2bc58168e425b52055e7878ba468909dbed30815e01720df5a1be196471d30c1525070efa59fe62720960e473dc237d7866d77e8ac69cbaa50cea6205b7ccef9437b132f41e87906f3b9c48e9750e7ed1993597f8e599ab8596f4378853ee10e26289e72b92c425f5f0ad0f94d4694415739ccfc06bc5a49237157071116578df4f8aaa1eb4c123c8ada753e4a631f3f9660fbc9404d8af9ef1af380ccee1f2e520c03615fe7c5d276e917d84061f8cc0e5814caac9ecb0ebdf8bfae551197d66ff22236832a0ac38586b059a4ae9054d1810d361f50da921b33904cb6ea7faf44b811e7f7348d07cd32c8f83da01d4d74092493ef5cd3d2cbb9eeed6986f3e4615b8d341cbe13d6eac3bc1e9217fc2f86dd0cab958a6b4e0f0604501b48d352118611e96a974e3642fa785538e7d5b3bc7a363ca95a98a0816e6179bb438f3c110036770da0978987ebcd241464136b2a8d45bf1c2b499b6dba8e44448c73163ae7df71d7c98b705af886dc195cc918c2552fc1696d6749222a4e83279a14001ccb540a64a713fa1691c30e99ae0bf8fdacaaf4aea9d4f89db7d4f364f7a30c80b782f5cd7af01347d78769902f2ed675b6b859b5467cad1bed59a64f13a4b5a827e029c9a3107b08e5f18b930855f7d85f1d78d45d7d3c909b87213158dbe5cfda90936388885a32a61529ab30bf31fcc1d6df9ead0f49ada899dc8be042d2289383f6d09411aea11e6002359ff2e36345b8454ec5f126db94349666a3666323ca164a0f72873b63c9dcc0c60785a66862655d4ab5749bc00bd98ba9e20325e78a572fc93739ce884f3398218c614f8ea33cdff4b797dc2c2874d20670733f30acf52ae4d14c9e83f54533acd42931ea42fcbf89f7a8e68c3c8ecefa4a1e1c693244d4604f9488df30718c455f719a6d93b30173305264c9bdb21e8a68a74e7310dbecdc27afc7b162466c444ce4bda0d937104e683349828a4f0ca8723d54fe13287286f7a6dbb8ece6a7ece355fbee7424e7e524ec33ed5fed03a1ea964af0830108c5e69a071606d9d28450977245cba4d0e1ed8177752526e218cb5e113dff2236c663808533c580da3d83ad502a3d5d30949ca2cea660ccb613cc7661d6857b3b70588976ac8ceed944f7f738e43101369bea05a26ff31692ab45b6c95f794a5c92d8bd42ce8803162cc730782e0c1e468c9d090488763d9d1f1471c2ab1cd8599e078d81a0e84707ea02a0f91c3d588bb54f1f5ba58845617b80263ab8fb2c6757d72eebe00591c7b6cffddb969f6fee2ef9f016f641aa2ccfd59c839ba40ac1a10bb9d94f96e1c6829dd4d2dcb9d0f71726c31d813fa78af8b7621fa47f4b0ed9d9d98e4209676969728a00a92dd592dfee41c806076f0e4100e371c7427f888ef91f03c5b16d87b2ade294f69b77afb199de38bfebfa3ec9285d1829c7c0714bd100c84efc8eb71146a1d4c7f659d77c42119b738d6bcfede23855780a6627d4a417aab498ec60bf69c44fc1f3fd4f99ed941a1234ad1f3120dcc71275c464be23453749841dc1c36a76b28b3659e809a1216aea67658ff76e99580cb202eedb9d4cab23e879723d11f8d4086362271f8f2e6816d47eaeaa5066c3c4338868fd3c8b832581490b6801278e9d1d59771dcc73eef6b9903ba9b9f5e565eece392568c878662ad9cbb931242a27d883fe7839e7e502c368e736f5dc057ed2e4b5c963c54712c772535e22e94c61a13ed50682c065cad0d861b3888ef332ed0236e2747720f97793b46eb39b51057b44f2b9e05de8c077cff7ef5afb56a5d28754d76161909a05573f8aaee5fdf260d80eda7e1b83539e09362a4f9aa0e8f069e0cf221eca87593457b342de27c99cf14c4bc0d8050aa19c8e4a56b3b5d2c3fcc23633f5ab20ec063270c9922292b645a5523f9bba5c6f66368c227bb4b2ad6c1f4c8927552f6b41a312a4bec49669e2968a7d6bf30cf09f8d3fb473ce5a839ed27fa906dbf504aec3a5a2884bf4c569235202dffa763b14f4501ecb8608e77aeb4fda0e4177fad0bc02da3224f183355ad62f6c50efa3c8f8e02bf3cf47ff31210606bb87ce4acb53ead7eff942d65d9905e9bf6acf5829eed4855da2488e0896ad346da16a5c988e31b0632592a2dc3030d28b6d62a3a4638a0a3736f5103ce5fe72baac7fa23d5295c42cd81075ca9f7a9a7fe3cf418f50f7eccd8a7c3e6fb1e8b30c5d8dbb0772a8b44f44cebd8249ce10eb24d1f668765796b4a56a482580456ac49db677284f3b2deaa9514973ad5c156bb4961b2ad05bcde1bcea522790765208eab6eb27777c2ef643ab0c85e9625d259ae29a3b2e864bf936cefd90b63ba2281f8bf8505ef6040335c258d338c014c31810a324dfe382699ac0b92a2747973a297e94fcd75ec7d156bd61cf848d7144f9a9dd89c72b9c323ed6f37110f722da90396816050ad800fb33a92651b0356fd15c4cf876a3509ab32cca3f5bd6906ce5ec186391effb13fac0a10525622023645bfb9742472695c81461db0298f84af1983b6e5e94ae355e0e790fb51fe558bd70e889744872c9ababf42b930340e192ab4295ee72e1392f2bbb137533a919d72e651cbafa37a88232d0f464bd4531e49c65abd629f3e8b920ae3bde61a3538514866f18a937848f7bd99e4a0fbea506b9ee5ab47e41cad31dc261020f91d65c88bf2251c617cfde3314ec540c8128adf417f1ee716473c3d3c049dc7714a832c128869bb4a9bad6f8be1b0a6bb5c0e40417d594a876a5fb50055e7c67e2519698e5ca89fada7c84032a811b0eb5c67364ea809c6be960c9a7b98afc8e6315e780d8f556b97ea65b7fd27ca6fab61164d60a109d182b9b8f7995ee915eb68be320000db4b0bb821ce13a8d55ff70629a5f2bb89a1c7a4b874b49bcb13105493a9560344f89877e7c5e409a15bcda6d27073c3b744b386b0b82098d307dc3aab1ead4306a73cf8382bd3451c0aaa14a8333c6f34e6b5e5d3b240e01243749b3938840c835e16129ddca5d9439511b4fd22752d904dcd60f9405467918e48fa17547493e51a14ccb47128c7449b51cef63178f32cb06155b9e9cb65dba65f8a6f9a45d8d49852609dd0cf8418f463cb15eaaea77c1c89f530c1f6c6c7820d66957ff2fe731628a328f4e7896d5cf6fcc0782c05c47b8f01d28908913e379334fa90ea01906e865202fc6386fc69fb683a1dfd037ec5bbdb368b3530a3cbbbecf2107faeaf32081c65b48a3bd352998df0a781dd86c7c8112407db1bf1ac6446a0c77e8f2e3374fb8217abd59b3d40c9582a3ab663f278a83b22685914b4b2bacc973ffb2dec5e6eb98d6c16463c1e9a896ca4e65206687ca4423c359b4e1ce06a57ecb083b750026719dff109a1d823b4ccff79e5ce416bf3756d913b31faad8c0bab1c62276a581ba8830da7c59c5224db7dd38b032db7cf7022502a8f3cef31dc8344a2d02af978d6f901b1b0097dc425f4f34b73c6ee02a8b48d7a23299c1c6e5190221f84c2ecfe5bdb67b36c5dc23455ae466722c5e4f52b07aa667a6cb55c6a411225e88cf513c7cdd2065a1e044c0008f8b6a5b28f3f00f14e7da47e944ca666cec951593ac26ce5e75f17ca2d438dd8f926ac57d1761a72024187a2f77ef42a7d246f906166afecdcdcf8db8cef6f8855ecd97185fda05bae717eaf3165b99021fbdcee50384a22c8c025c8f82d4839dcb0a6075642dc453c21a4dcdc997d70315dce9a3ac7eb0185924436965d1376624b5c08772ba59b142a066bcd0ad044628e463921d78f1efcf8e8cd1e0fcf525115ae2b104c31561574003770c21e847ab80b65d3a2b53e6ad4a3d5227e3bc82b58b5feabc9c70b55264b32b658227851518664baa871f8128bd826ce818be1edef708e033155ed69a0bd83b246d83ac85b33d7370dcc7f930c25609e2e5f86f1738ba266b079a3743180b9b84a24e4915b1743834ec319e5b238ba6942e4128348be821b21892477e4c5ad3a2031f0ef11d9d54cc90f87cf093e582b1384c8960c36421969f7ee247001f37c66f10ff6dc3edc7de984acb599e9b8bd3e792855ddc703698578edfe74bd27e967dbe77bd4cd0bcbe08ebfa7c5bf95745e670438097ee29215d3ecbde9e8e50e14ec41a9d746de20230140d854e36e95f7c13446db26715b9a30a3d3afa3a5645e0afd3eaf8457a87c528792241e99a415b8709ae334bfa81fd8508c77b50e3d1f2ecf8f7b6b1d187bbac0bd3d49f00fb5c21836a2bd79ea2839bd3a1d396422699dfe0958479c36964efdb2f602d25f202a534df612f347696de6fecffb673d2162f2572c6d04895fc22b638dbf54dfad4d6058683919ec47cc3d3d1f5e4528bae31632081b9b80770ce0e7d44287e18fde786801e7beda77c0b9ee3965f3a4956496fe8e892b65e137d9e47e8e164f7c6fe9c6ac9ece1b7eead32a5a188df5539537e1b736f1c5d67b604d064eda6b6730c51e182cae81e65290f12f68a7146888e438a799d04931f2a0b9b6c565d47d9d322e7358ccdbc08eafc2470414c44f97e33013b976b995bcf96409789bc2bc97d7add4b6eaaa84c18ea936f0eb332185f9de597d6f7793215df2c0be4b5b4085910adb83d248be16deeac399070ad00a24a67cebef51694726a612ea5763f1bbff03a77357d867ec5461c33d73a47db4a51b496be6960ca7c8cb92a51dd578f99e4b1d2b18ce406b2751aeb065ad0225aeb1eedce3b26e3feec915361cd6b4acc105a2962edcd6547691a557f4deb9ca96d39bd92ebc96e763b6139a0421f42c561a7a20ffebef94bc0b7538466064610134ede0221cde98d085531471c0e9761880904952234f0ae34502b3790aad682fe6e7fd7977816e21aa3f7793ca99312ee07ef9b34a31102710bbaa31dcd57d941e6d5fd6b6607d3449bbffb1434d67edc10727230c3283ab7e212152039e9403bc7ae082cb3934794468dc7549aa35cdf35d3c0f754b7fdf47dbb5bc5047923f6841b9a4054a0eef23de222f0ecc04410fccfe3779820d2ac659b84ea56eeefaae980f1bd43aef8e78705ce1995cee4f88400903f66e6d24307090e23d04387909a62a3394890118549baec01b6f2a5c416f68b71bfc2b7a0bf289587664a2b6194d4eccb51bd4177c9487b724f91d088ce68f20882a8dd633b17ad73584e68382877eba4fae1af839baca07f3adc4c9796e07dc69e90bd5efe3a84d3ca40fa8209c2bc9c9303ff2c7979a9508d925c021cea6c7f1483b5c5b00232c292f302fad79aa5fa4820b04a5aed1f9be4cbf4430bd2b6b559133979e5239f514e87559950808fd098792c0b1bd0b9cb94463b22be92962692dca35a8bd0fe0edc28e7e759d2d753177fc29860d419a29fd89c0a2c11e957483f9c13637e2f66e96bf3454b943b7dd368b71243ef58b0b3d469cdf5572a990a5c998c5796b80031f56bc98f5bf70a717cc5ff4febbfc32b29543548d8862f1ab57fbdbeda2a9901593c0d92d4eca205312c18ce649ed5a3263b66d8ca52734a16035daaa182c24e9ae2851e8dd153d2fe34978e8df50402f133190ada04cfaaac56ca6fa20771a195c76a84651ca4aa9c7c4eb16007ef1e965055ab6cb08a02db6c1a82f8c695ec370095c0afd535ed8abf17ff514451055854a99de69863f393e1679ddf5326e1f4de42220df3839ee71c8fab2c3faee9af0f5e9ee5a3c4c146ae7d36536064a11644a9a195290f3d75f64652050ca8a1ef17eed6f5077a651af1ce5304f2e6fa781a83df2a7c4f5e1c8337d35f93633d684803b7bec4fea60e1f9925580f9199f40f307bfd84de2d51f1df191eeb52a48ed4a19c4f524cc26f7043bbabb1c43c4f20d950e218dbcf09a8bda0e1ca1759466938dd764c85c3d8de92b3534ff5c492d024e6ca87952243fe8b6379ba189032926685afcd3839a4423ba19cb0c5488982ce7cad134c60bc329f855ba4be63475ade6110d6db66613c3c7647e76e3949f8e5299738014743523662fd6b1626bcc0cffdb3b757ddcbeefa2facc49da06d907d21888b9344a3167d143e5f8e022d8c75229fd491145c451ac92f000aeee43219215a8136c7c17327f6e0a3eef7fe1861930d143d92f33aa74984c89f9ba3e9ee887bef4f9b16654cbc739fd6b2eebb255596dfd6639896685b72b0e1ea92019884468f5c78d21a3a69df24a3d8d517cec2122417bad0ac7db0182cc87b8b752e7474a36acb8508d118d44d509cd8594dea3a3a611a6c1c0b3bcf48b4834d8bb5cd18f420ed7aea21810c0303ca2d5fc67b116491f1bbd055221c79ec0dfcfc22c17cba3eb4fea49127615fdcef9cbecba603dd2e01e07af17ab0f4a6179f54edb34db2dc0c937a0aa1151c8a9474afd1af7c0a83174aa1fdd8e4bfb9b10841df5ccf068a5612627c8724b1c68fd3879a57265836409a6d851f1baf0023ca", 0x2000, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x78, 0x0, 0xfffffffffffffffc, {0x84, 0x0, 0x0, {0x4, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xa, 0x0, 0x0, 0x0, 0x4000, 0x25daa903, 0xffffffffffffffff, r5, 0xffffffff, 0x9}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x21, 0xffffffff, 0x50339398, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6}}, 0x50)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
socket$nl_route(0x10, 0x3, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x100)

15.177137964s ago: executing program 2 (id=3831):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)={0x1cc, 0x3e, 0x4, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x1a8, 0x2, 0x0, 0x1, [@nested={0x1a4, 0x17, 0x0, 0x1, [@typed={0x8, 0xad, 0x0, 0x0, @u32=0x7ff}, @nested={0x195, 0x145, 0x0, 0x1, [@nested={0x14d, 0x11, 0x0, 0x1, [@typed={0x14, 0x10e, 0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @typed={0x7, 0xd4, 0x0, 0x0, @str='&+\x00'}, @nested={0x4, 0x26}, @nested={0xd8, 0x80, 0x0, 0x1, [@typed={0x8, 0x2e, 0x0, 0x0, @fd=r2}, @nested={0xca, 0x75, 0x0, 0x1, [@typed={0x8, 0xde, 0x0, 0x0, @fd=r4}, @generic="8d5fbdac48d5eafff9482287e48aa5e828c17198eff378e59d4921ddc66eb58e169e88d6cf9276e5c9e9bbb55068e6ab0efe2753a18f76a1304762ee27f955b6d6404d328db3f05828399411f125dd2eb3aafa11a8f38a1a8b7f04df7b53d48fb349268d3252b9cf4f9846354462b5980e67e3a61265fa2158c2e35a671f5f609270bc4d50a3c2b5c06f4f055794917e376b84c1439908a47d63d32e858be19d3687f9c3d62d59145348c4743892fad039b4f91f41c7e5cdc76a", @typed={0x4, 0x93}]}]}, @typed={0x8, 0x68, 0x0, 0x0, @ipv4=@local}, @typed={0x8, 0xb1, 0x0, 0x0, @u32=0x401}, @typed={0x8, 0x81, 0x0, 0x0, @pid=r3}, @nested={0x4, 0x148}, @nested={0x4, 0x123}, @generic="f46525198e5a1fda4b4e4bbdc14a931dde733c1746fb2da7fd05738e0006546d6c917166440797371529935376bb4ea7dd"]}, @generic="66eabc98f7ffe364c531ae9d0839ff6fbf9d9dea3b675d98e27fadbd3c0c6392225d67b069ed3cde9320265b10a78f0ab52a931d74a414e0fad9ee2d2c0b6055f1"]}]}]}, @nested={0x4, 0x142}]}, 0x1cc}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={<r8=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, r8, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r7, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0, r8}}, 0x18)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001500190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, &(0x7f0000000000)=0x100000001, 0x4)
shmat(0x0, &(0x7f0000ff9000/0x4000)=nil, 0x6800)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f00000003c0)=0x1)
ioctl$TIOCVHANGUP(r9, 0x5437, 0x2)
shmdt(0x0)

14.19403909s ago: executing program 2 (id=3832):
io_uring_setup(0x6c27, &(0x7f00000000c0)={0x0, 0x257f, 0x400, 0x0, 0x6})
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0)
r0 = add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
getrlimit(0xa, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, 0x0, 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x9)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_DELOBJ={0x14, 0x14, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x408c0)

12.834624447s ago: executing program 2 (id=3836):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x100)
socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r6, 0xb)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r7, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

9.534105216s ago: executing program 3 (id=3845):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x2}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000800)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6ae", 0x20)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)=""/153, 0x99}], 0x1}, 0x40010022)

9.352283632s ago: executing program 1 (id=3846):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$mixer(0xffffff9c, &(0x7f0000000000), 0x200, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000063110c0000000000850002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="6bdcbf3ff8f4423bcc594555c1e90b42db4ec5d03ead580b60f6b04a92595e5fd7825fa3ce520f99277ed10e51b3829a99bb41f0a5fa82057fc2472f9beb5c5437015c75517d1ab4032f0a5169415d9233fad03fc34c96fa79e3be95eb336b55c4c84648c9b027153ec15a1b089a28e4663e6d389f48d35c82c4000f0554e3fc34c995cdf9100420133b414a07d972faaaa633a7ed3e84947395500745f24f8389340929f596fef33e1e9c", @ANYRESDEC=0x0, @ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x44, '\x00', 0x0, @fallback=0x35}, 0x94)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r5, @ANYBLOB="08001b"], 0x34}}, 0x24044810)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000100001080000000004000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x34}}, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
r6 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'vcan0\x00'}}, 0x1e)

9.350978636s ago: executing program 3 (id=3847):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xe6, 0xe6, 0x3, [@volatile={0xc, 0x0, 0x0, 0x9, 0x4}, @const={0xb, 0x0, 0x0, 0xa, 0x1}, @fwd={0x1}, @datasec={0xe, 0x7, 0x0, 0xf, 0x2, [{0x2, 0xdd4e, 0x5}, {0x3, 0xdb68, 0x9}, {0x2, 0x3, 0x7}, {0x1, 0xfffffffa, 0x10001}, {0x5, 0x705a, 0x4}, {0x5, 0x10000, 0x9}, {0x2, 0x1ff, 0x2}], "408f"}, @type_tag={0x2, 0x0, 0x0, 0x12, 0x4}, @float={0x4, 0x0, 0x0, 0x10, 0x8}, @struct={0x5, 0x4, 0x0, 0x4, 0x1, 0x95, [{0x4, 0x0, 0x3337}, {0x0, 0x4, 0xfffffffc}, {0x2, 0x3, 0x3}, {0x0, 0x2, 0x984}]}, @const={0x8, 0x0, 0x0, 0xa, 0x5}]}, {0x0, [0x4e]}}, &(0x7f0000000240)=""/165, 0x103, 0xa5, 0x1, 0x3}, 0x28)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000400)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xa0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x6, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff7}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff8a7}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffa}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_skb=0x5, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x1, 0x6, 0x3409, 0x956c}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000480)=[r1, r2, 0xffffffffffffffff, r3], 0x0, 0x10, 0x5}, 0x94)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x60)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r7 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r10, 0x11c, 0x1, &(0x7f0000001040)=""/4096, &(0x7f0000001000)=0x1000)
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/219, 0xdb}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r7, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0)

9.318322316s ago: executing program 4 (id=3848):
io_uring_setup(0x194e, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0xb55, 0x5, 0x9606a0a, 0x5, 0xb37, 0x3, 0x1, 0x0, 0x0, 0x6, 0x2, 0x6}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x2e}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004080)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800"/14, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)={0x14, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc}, 0x14}, 0x1, 0x1000000, 0x0, 0x24004000}, 0x24040840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x2000c000)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
connect$netrom(r2, &(0x7f0000000080)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @bcast]}, 0x10)
io_uring_setup(0x479, &(0x7f0000000ac0)={0x0, 0x905e, 0x2, 0x2, 0x4000020})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
request_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0xfffffffffffffffb)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

9.268984162s ago: executing program 0 (id=3849):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$mixer(0xffffff9c, &(0x7f0000000000), 0x200, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000063110c0000000000850002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="6bdcbf3ff8f4423bcc594555c1e90b42db4ec5d03ead580b60f6b04a92595e5fd7825fa3ce520f99277ed10e51b3829a99bb41f0a5fa82057fc2472f9beb5c5437015c75517d1ab4032f0a5169415d9233fad03fc34c96fa79e3be95eb336b55c4c84648c9b027153ec15a1b089a28e4663e6d389f48d35c82c4000f0554e3fc34c995cdf9100420133b414a07d972faaaa633a7ed3e84947395500745f24f8389340929f596fef33e1e9c", @ANYRESDEC=0x0, @ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x44, '\x00', 0x0, @fallback=0x35}, 0x94)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r5, @ANYBLOB="08001b"], 0x34}}, 0x24044810)
munlockall()
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000100001080000000004000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x34}}, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
r6 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'vcan0\x00'}}, 0x1e)

8.358928536s ago: executing program 1 (id=3850):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0xfffffffe, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6)

8.057636303s ago: executing program 3 (id=3851):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
write(0xffffffffffffffff, &(0x7f0000000080)="14000000000000349231bfbd260eb99711f55fc77c00"/34, 0x22)
r1 = landlock_create_ruleset(&(0x7f0000000200)={0x41, 0x1}, 0x18, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r1, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x969c, 0x3}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r1, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x2, 0x3}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)

7.988628806s ago: executing program 4 (id=3852):
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key$user(&(0x7f0000000280), &(0x7f0000000340)={'syz', 0x2}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
keyctl$clear(0x7, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x20004080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000d0425bd7000fcdbff2500000022", @ANYRES32=0x0, @ANYBLOB="10000000000000001c0012800b00010062726964676500000c0002800800030019000000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0)
setgroups(0x0, 0x0)

7.971112869s ago: executing program 1 (id=3853):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_io_uring_setup(0x3964, &(0x7f0000000380)={0x0, 0x14fe, 0x20, 0x0, 0x161}, &(0x7f00000000c0), &(0x7f00000001c0))
ioctl$KDGKBDIACR(r4, 0x4b4a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r5, &(0x7f0000000000)="180c4552", 0x4)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001814010029bd7000fcdbdf250800030001000000080001"], 0x40}, 0x1, 0x0, 0x0, 0x400c4}, 0x20000000)

7.899471025s ago: executing program 0 (id=3854):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)='a', 0xdd02}], 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="30000000000000008400000001000000000000004fc2dec4d09436fb31ab0c00000000000000000000000000002c837ed605ee32dc00", @ANYRES32=0x0], 0x30}], 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = dup(r0)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x23c, &(0x7f0000000740)={0x0, 0x1c2c, 0x10100, 0x2, 0x315, 0x0, r3}, &(0x7f0000000500)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r8, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40080382}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x38, 0x0, 0x7, 0x5, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0xd2}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8000}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x20000040)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {0x609}, 0x1})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
read$FUSE(r7, &(0x7f00000007c0)={0x2020}, 0x2020)

7.203776002s ago: executing program 1 (id=3855):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

6.974583772s ago: executing program 4 (id=3856):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x208, 0x1ffe0000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
syslog(0x2, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f00000001c0), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x4, 0xfe, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5}, 0xe)
shutdown(r5, 0x1)
recvmmsg(r5, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)={0x1, 0x0, [{0x1, 0x4, 0x0, 0x0, @adapter={0x6, 0x100000001, 0x7de, 0x8, 0x101}}]})
r6 = eventfd(0x2)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r6, 0x1})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'bridge_slave_0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r7, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a"], 0xfdef)

6.932584565s ago: executing program 3 (id=3857):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x100)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r5 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
tkill(r5, 0xb)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.782865218s ago: executing program 1 (id=3858):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}], 0x1, 0x40800)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = epoll_create1(0x0)
fcntl$dupfd(r5, 0x2, 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYRESHEX], 0x3c}}, 0x0)

5.845341342s ago: executing program 2 (id=3859):
r0 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x100)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r6, 0xb)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r7, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

5.566007544s ago: executing program 4 (id=3860):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
syz_emit_ethernet(0x3a, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x2, 0x0, 0x0, 0x2, {[@generic={0x3, 0x2}]}}}}}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
dup(r4)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0xff})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x9, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x1c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x90}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000180060005004e230000060001000200000008000300ac1414aa0800060001"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)

4.401102181s ago: executing program 4 (id=3861):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$inet(0x2, 0x1, 0x100)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000010000008500000082000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="d2ff030060010000009e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
tkill(r6, 0xb)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

3.855470437s ago: executing program 0 (id=3862):
r0 = socket$inet6(0xa, 0x80002, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x8)
setsockopt(0xffffffffffffffff, 0xa, 0x14f, &(0x7f0000000500), 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$usbfs(0x0, 0x200800000800078, 0x80501)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x500000, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000200)={0x4065, r0}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = socket$rxrpc(0x21, 0x2, 0xa)
poll(&(0x7f0000000180)=[{r2, 0x2}], 0x1, 0x7f)
setsockopt$sock_int(r2, 0x1, 0x7, &(0x7f0000000240), 0x4)
sched_setattr(0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000080)=0x2)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f00000000c0)={0x9, 0x102, 0x0, {0x400e802, 0x81, 0xfffffff7, 0xfff}})

3.737625889s ago: executing program 3 (id=3863):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xe6, 0xe6, 0x3, [@volatile={0xc, 0x0, 0x0, 0x9, 0x4}, @const={0xb, 0x0, 0x0, 0xa, 0x1}, @fwd={0x1}, @datasec={0xe, 0x7, 0x0, 0xf, 0x2, [{0x2, 0xdd4e, 0x5}, {0x3, 0xdb68, 0x9}, {0x2, 0x3, 0x7}, {0x1, 0xfffffffa, 0x10001}, {0x5, 0x705a, 0x4}, {0x5, 0x10000, 0x9}, {0x2, 0x1ff, 0x2}], "408f"}, @type_tag={0x2, 0x0, 0x0, 0x12, 0x4}, @float={0x4, 0x0, 0x0, 0x10, 0x8}, @struct={0x5, 0x4, 0x0, 0x4, 0x1, 0x95, [{0x4, 0x0, 0x3337}, {0x0, 0x4, 0xfffffffc}, {0x2, 0x3, 0x3}, {0x0, 0x2, 0x984}]}, @const={0x8, 0x0, 0x0, 0xa, 0x5}]}, {0x0, [0x4e]}}, &(0x7f0000000240)=""/165, 0x103, 0xa5, 0x1, 0x3}, 0x28)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x4)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000400)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xa0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xe, 0x6, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff7}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff8a7}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffa}], &(0x7f00000000c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sk_skb=0x5, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x1, 0x6, 0x3409, 0x956c}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000480)=[r1, r2, 0xffffffffffffffff, r3], 0x0, 0x10, 0x5}, 0x94)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x60)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x79, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0, 0x81, 0x1080a422012f758f})
r7 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r10, 0x11c, 0x1, &(0x7f0000001040)=""/4096, &(0x7f0000001000)=0x1000)
io_uring_register$IORING_REGISTER_BUFFERS(r7, 0x0, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/219, 0xdb}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1})
io_uring_enter(r7, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0)

2.685943326s ago: executing program 0 (id=3864):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$mixer(0xffffff9c, &(0x7f0000000000), 0x200, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000063110c0000000000850002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xc, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="6bdcbf3ff8f4423bcc594555c1e90b42db4ec5d03ead580b60f6b04a92595e5fd7825fa3ce520f99277ed10e51b3829a99bb41f0a5fa82057fc2472f9beb5c5437015c75517d1ab4032f0a5169415d9233fad03fc34c96fa79e3be95eb336b55c4c84648c9b027153ec15a1b089a28e4663e6d389f48d35c82c4000f0554e3fc34c995cdf9100420133b414a07d972faaaa633a7ed3e84947395500745f24f8389340929f596fef33e1e9c", @ANYRESDEC=0x0, @ANYRESHEX], &(0x7f0000000280)='GPL\x00', 0x0, 0x100a, &(0x7f0000001400)=""/4106, 0x0, 0x44, '\x00', 0x0, @fallback=0x35}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r4, @ANYBLOB="08001b"], 0x34}}, 0x24044810)
munlockall()
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000100001080000000004000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x34}}, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'vcan0\x00'}}, 0x1e)

2.646046667s ago: executing program 3 (id=3865):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_skbmod={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0xffffffff, 0x10001, 0xffffffffffffffff, 0x3c, 0x3}, 0x400000000a}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$mixer(0xffffff9c, &(0x7f0000000000), 0x200, 0x0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000063110c0000000000850002000000850000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70)
socket$nl_route(0x10, 0x3, 0x0)
munlockall()
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="34000000100001080000000004000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x34}}, 0x0)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
socket$pppoe(0x18, 0x1, 0x0)

1.533114871s ago: executing program 0 (id=3866):
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
add_key$user(&(0x7f0000000280), &(0x7f0000000340)={'syz', 0x2}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
keyctl$clear(0x7, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000180))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x20004080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010000d0425bd7000fcdbff2500000022", @ANYRES32=0x0, @ANYBLOB="10000000000000001c0012800b00010062726964676500000c0002800800030019000000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0)
setgroups(0x0, 0x0)

1.123340101s ago: executing program 2 (id=3867):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x2a}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='tlb_flush\x00', r0}, 0x10)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x8)
syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmmsg$inet(r1, 0x0, 0x0, 0x18011)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000892)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000180)=[{{&(0x7f0000000240), 0x6e, &(0x7f0000000040)}}], 0x1, 0x2, &(0x7f0000000300))
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
keyctl$setperm(0x5, 0x0, 0x52b242d)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
dup(r4)

457.704793ms ago: executing program 1 (id=3868):
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
syz_emit_ethernet(0x9a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd603000bb00642b00fc02007fbcec7a4d6ba6df4d91bdcd0200000000000000000000000000fe80"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={0x0, 0xc4}}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000180)=ANY=[@ANYBLOB="faffffffff"], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='0.::/', 0x0)
r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002340)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)='O', 0x1}], 0x1}}], 0x1, 0x8044000)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 1)

197.659635ms ago: executing program 0 (id=3869):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/62, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f1068", 0x9, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005040000000000000000", @ANYBLOB="ebffffffffffffff280012800b"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)
syz_emit_ethernet(0x2c, &(0x7f0000000300)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1e, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xa, 0x0, @opaque="cbe6"}}}}}, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

0s ago: executing program 4 (id=3870):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x208, 0x1ffe0000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
syslog(0x2, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r5, &(0x7f00000001c0), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x4, 0xfe, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5}, 0xe)
shutdown(r5, 0x1)
recvmmsg(r5, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000100)={0x1, 0x0, [{0x1, 0x4, 0x0, 0x0, @adapter={0x6, 0x100000001, 0x7de, 0x8, 0x101}}]})
r6 = eventfd(0x2)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r6, 0x1})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'bridge_slave_0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r7, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a"], 0xfdef)

kernel console output (not intermixed with test programs):

00.571234][T20066]  ? __pfx_fuse_fsync+0x10/0x10
[ 1300.571254][T20066]  vfs_fsync_range+0x139/0x220
[ 1300.571282][T20066]  do_fsync+0x4b/0xa0
[ 1300.571307][T20066]  __x64_sys_fsync+0x32/0x50
[ 1300.571331][T20066]  do_syscall_64+0xcd/0x4c0
[ 1300.571359][T20066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1300.571378][T20066] RIP: 0033:0x7f0fe6b8e929
[ 1300.571393][T20066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1300.571410][T20066] RSP: 002b:00007f0fe7a07038 EFLAGS: 00000246 ORIG_RAX: 000000000000004a
[ 1300.571428][T20066] RAX: ffffffffffffffda RBX: 00007f0fe6db6080 RCX: 00007f0fe6b8e929
[ 1300.571439][T20066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[ 1300.571450][T20066] RBP: 00007f0fe7a07090 R08: 0000000000000000 R09: 0000000000000000
[ 1300.571460][T20066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1300.571470][T20066] R13: 0000000000000000 R14: 00007f0fe6db6080 R15: 00007ffe2d0a5b18
[ 1300.571494][T20066]  </TASK>
[ 1300.635750][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1301.033556][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1301.365589][T20081] netlink: 'syz.0.3275': attribute type 4 has an invalid length.
[ 1301.373509][T20081] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.3275'.
[ 1301.853308][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1301.863687][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1302.696574][T20060] ceph: No mds server is up or the cluster is laggy
[ 1302.841193][T20091] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3277'.
[ 1306.640460][T20127] fuse: Bad value for 'fd'
[ 1307.085299][T19084] Bluetooth: hci0: command 0x0406 tx timeout
[ 1307.168727][T20126] ceph: No mds server is up or the cluster is laggy
[ 1307.177996][ T5915] libceph: connect (1)[c::]:6789 error -101
[ 1307.412242][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[ 1308.959110][T20147] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20147 comm=syz.3.3292
[ 1309.034832][T20143] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3286'.
[ 1309.047517][T20146] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3292'.
[ 1309.213822][T20146] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3292'.
[ 1309.286850][T20146] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3292'.
[ 1309.517083][T20156] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[ 1309.517083][T20156]    program syz.2.3295 not setting count and/or reply_len properly
[ 1310.141535][T20159] bridge_slave_0: left allmulticast mode
[ 1310.147649][T20159] bridge_slave_0: left promiscuous mode
[ 1310.242841][T20159] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1310.300636][T20166] netlink: 'syz.3.3296': attribute type 10 has an invalid length.
[ 1310.571452][T20159] bridge_slave_1: left allmulticast mode
[ 1310.863801][T20159] bridge_slave_1: left promiscuous mode
[ 1310.996144][T20159] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1311.278734][T20159] bond0: (slave bond_slave_0): Releasing backup interface
[ 1311.442680][T20159] bond0: (slave bond_slave_1): Releasing backup interface
[ 1311.516569][T20178] fuse: Bad value for 'fd'
[ 1312.319438][T20159] team0: Port device team_slave_0 removed
[ 1312.354024][T20159] team0: Port device team_slave_1 removed
[ 1312.381281][T20159] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1312.457308][T20159] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1312.487391][T20159] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1312.510055][T20159] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1312.655522][   T30] audit: type=1400 audit(1750839218.646:450): avc:  denied  { create } for  pid=20182 comm="syz.1.3302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1313.341509][T20161] team0: Mode changed to "loadbalance"
[ 1313.560859][T20166] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1313.588031][T20166] team0: Port device bond0 added
[ 1313.958737][T20204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3305'.
[ 1314.554476][T20215] netlink: 'syz.0.3309': attribute type 4 has an invalid length.
[ 1314.573674][T20215] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.3309'.
[ 1314.857758][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1314.891186][T20222] ceph: No mds server is up or the cluster is laggy
[ 1315.206396][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1315.488167][T20229] fuse: Bad value for 'fd'
[ 1316.599813][T20239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3315'.
[ 1318.741973][T20253] team0: Port device bond0 removed
[ 1318.790634][T20255] veth0: entered promiscuous mode
[ 1318.807063][T20247] team0: Unable to change to the same mode the team is in
[ 1318.820752][T20255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3321'.
[ 1318.845446][   T30] audit: type=1400 audit(1750839224.846:451): avc:  denied  { accept } for  pid=20258 comm="syz.1.3319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1318.894822][T20247] netlink: 'syz.3.3317': attribute type 10 has an invalid length.
[ 1318.903728][T20247] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1318.912350][T20247] team0: Port device bond0 added
[ 1319.096717][   T30] audit: type=1400 audit(1750839225.106:452): avc:  denied  { write } for  pid=20254 comm="syz.0.3321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1319.163579][ T5865] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[ 1320.099839][ T5865] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[ 1320.119927][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1320.128042][ T5865] usb 3-1: Product: syz
[ 1320.132285][ T5865] usb 3-1: Manufacturer: syz
[ 1320.140879][ T5865] usb 3-1: SerialNumber: syz
[ 1320.147833][ T5865] usb 3-1: config 0 descriptor??
[ 1320.164835][ T5865] hso 3-1:0.0: Not our interface
[ 1320.170317][ T5865] usb-storage 3-1:0.0: USB Mass Storage device detected
[ 1320.805367][T19084] Bluetooth: hci2: command 0x0405 tx timeout
[ 1320.983464][   T43] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[ 1321.839982][   T43] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1321.858677][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1321.883759][   T43] usb 1-1: Product: syz
[ 1321.940006][ T5865] usb 3-1: USB disconnect, device number 47
[ 1321.973175][   T43] usb 1-1: Manufacturer: syz
[ 1321.978281][   T43] usb 1-1: SerialNumber: syz
[ 1321.994855][   T43] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1322.028414][   T24] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1322.132145][T20301] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1324.024573][   T24] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 1324.031814][   T24] ath9k_htc: Failed to initialize the device
[ 1324.046755][T17269] usb 1-1: USB disconnect, device number 47
[ 1324.093903][T17269] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1325.053888][T20324] FAULT_INJECTION: forcing a failure.
[ 1325.053888][T20324] name failslab, interval 1, probability 0, space 0, times 0
[ 1325.195433][T20324] CPU: 1 UID: 0 PID: 20324 Comm: syz.3.3335 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1325.195461][T20324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1325.195472][T20324] Call Trace:
[ 1325.195478][T20324]  <TASK>
[ 1325.195485][T20324]  dump_stack_lvl+0x16c/0x1f0
[ 1325.195515][T20324]  should_fail_ex+0x512/0x640
[ 1325.195536][T20324]  ? fs_reclaim_acquire+0xae/0x150
[ 1325.195556][T20324]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1325.195581][T20324]  should_failslab+0xc2/0x120
[ 1325.195611][T20324]  __kmalloc_noprof+0xd2/0x510
[ 1325.195640][T20324]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1325.195668][T20324]  ? tomoyo_profile+0x47/0x60
[ 1325.195697][T20324]  tomoyo_path_number_perm+0x245/0x580
[ 1325.195717][T20324]  ? tomoyo_path_number_perm+0x237/0x580
[ 1325.195739][T20324]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1325.195761][T20324]  ? find_held_lock+0x2b/0x80
[ 1325.195806][T20324]  ? find_held_lock+0x2b/0x80
[ 1325.195826][T20324]  ? hook_file_ioctl_common+0x145/0x410
[ 1325.195859][T20324]  ? __fget_files+0x20e/0x3c0
[ 1325.195888][T20324]  security_file_ioctl+0x9b/0x240
[ 1325.195914][T20324]  __x64_sys_ioctl+0xb7/0x210
[ 1325.195937][T20324]  do_syscall_64+0xcd/0x4c0
[ 1325.195964][T20324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1325.195982][T20324] RIP: 0033:0x7f0fe6b8e929
[ 1325.195997][T20324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1325.196013][T20324] RSP: 002b:00007f0fe7a28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1325.196030][T20324] RAX: ffffffffffffffda RBX: 00007f0fe6db5fa0 RCX: 00007f0fe6b8e929
[ 1325.196041][T20324] RDX: 0000000000000000 RSI: 000000000000af02 RDI: 0000000000000003
[ 1325.196051][T20324] RBP: 00007f0fe7a28090 R08: 0000000000000000 R09: 0000000000000000
[ 1325.196062][T20324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1325.196071][T20324] R13: 0000000000000000 R14: 00007f0fe6db5fa0 R15: 00007ffe2d0a5b18
[ 1325.196096][T20324]  </TASK>
[ 1325.196105][T20324] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1325.925289][T20339] FAULT_INJECTION: forcing a failure.
[ 1325.925289][T20339] name failslab, interval 1, probability 0, space 0, times 0
[ 1325.944185][T20339] CPU: 0 UID: 0 PID: 20339 Comm: syz.0.3340 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1325.944209][T20339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1325.944218][T20339] Call Trace:
[ 1325.944223][T20339]  <TASK>
[ 1325.944229][T20339]  dump_stack_lvl+0x16c/0x1f0
[ 1325.944253][T20339]  should_fail_ex+0x512/0x640
[ 1325.944270][T20339]  ? fs_reclaim_acquire+0xae/0x150
[ 1325.944286][T20339]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1325.944305][T20339]  should_failslab+0xc2/0x120
[ 1325.944325][T20339]  __kmalloc_noprof+0xd2/0x510
[ 1325.944347][T20339]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1325.944368][T20339]  ? tomoyo_profile+0x47/0x60
[ 1325.944390][T20339]  tomoyo_path_number_perm+0x245/0x580
[ 1325.944405][T20339]  ? tomoyo_path_number_perm+0x237/0x580
[ 1325.944422][T20339]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1325.944439][T20339]  ? find_held_lock+0x2b/0x80
[ 1325.944474][T20339]  ? find_held_lock+0x2b/0x80
[ 1325.944489][T20339]  ? hook_file_ioctl_common+0x145/0x410
[ 1325.944514][T20339]  ? __fget_files+0x20e/0x3c0
[ 1325.944536][T20339]  security_file_ioctl+0x9b/0x240
[ 1325.944555][T20339]  __x64_sys_ioctl+0xb7/0x210
[ 1325.944572][T20339]  do_syscall_64+0xcd/0x4c0
[ 1325.944598][T20339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1325.944612][T20339] RIP: 0033:0x7fb31638e929
[ 1325.944624][T20339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1325.944638][T20339] RSP: 002b:00007fb3141f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1325.944652][T20339] RAX: ffffffffffffffda RBX: 00007fb3165b5fa0 RCX: 00007fb31638e929
[ 1325.944661][T20339] RDX: 00002000000000c0 RSI: 0000000000002284 RDI: 0000000000000003
[ 1325.944669][T20339] RBP: 00007fb3141f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1325.944677][T20339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1325.944685][T20339] R13: 0000000000000000 R14: 00007fb3165b5fa0 R15: 00007ffc8cdfe108
[ 1325.944704][T20339]  </TASK>
[ 1325.944714][T20339] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1327.503365][T19084] Bluetooth: hci4: command 0x0405 tx timeout
[ 1327.815667][T20363] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20363 comm=syz.3.3345
[ 1327.832056][T20363] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3345'.
[ 1328.805530][T20369] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3345'.
[ 1329.012724][   T30] audit: type=1400 audit(1750839234.956:453): avc:  denied  { ioctl } for  pid=20370 comm="syz.1.3348" path="socket:[61155]" dev="sockfs" ino=61155 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1329.089821][   T30] audit: type=1400 audit(1750839234.956:454): avc:  denied  { write } for  pid=20370 comm="syz.1.3348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1329.337061][   T30] audit: type=1400 audit(1750839235.346:455): avc:  denied  { create } for  pid=20374 comm="syz.2.3349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1329.655463][T20383] ceph: No mds server is up or the cluster is laggy
[ 1329.860388][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1329.869343][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1331.148688][   T30] audit: type=1400 audit(1750839237.156:456): avc:  denied  { read } for  pid=20401 comm="syz.4.3356" path="socket:[61212]" dev="sockfs" ino=61212 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1331.210935][T20404] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3357'.
[ 1331.473237][   T24] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[ 1332.283385][   T24] usb 3-1: Using ep0 maxpacket: 8
[ 1332.294810][   T24] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[ 1332.311465][   T24] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1332.345431][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1332.374246][   T24] usb 3-1: Product: ࠬ
[ 1332.398277][   T24] usb 3-1: Manufacturer: ᰉ
[ 1332.429930][   T24] usb 3-1: SerialNumber: 酲㶞씊ꆵ棂宣⮞䚓Ⲳ탼葜✝ꏶ픖⎌黮毀灱㑅菿팣䍓긎櫝暕ꈗ잽㞜䃿솼驵昇⧗폣떓斫ﶒ¢쭢ꚢ휜웒
[ 1332.513315][T17269] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[ 1333.130852][T20419] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3361'.
[ 1333.362889][   T24] cdc_ncm 3-1:1.0: bind() failure
[ 1333.373902][   T24] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[ 1333.381067][   T24] cdc_ncm 3-1:1.1: bind() failure
[ 1333.423558][   T30] audit: type=1400 audit(1750839239.336:457): avc:  denied  { listen } for  pid=20403 comm="syz.2.3357" path=2F38372FE91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1333.446773][   T30] audit: type=1400 audit(1750839239.346:458): avc:  denied  { unlink } for  pid=20403 comm="syz.2.3357" name="#1" dev="tmpfs" ino=466 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1333.470278][   T30] audit: type=1400 audit(1750839239.356:459): avc:  denied  { mount } for  pid=20403 comm="syz.2.3357" name="/" dev="overlay" ino=460 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1333.492539][T17269] usb 2-1: device descriptor read/64, error -71
[ 1333.508674][   T24] usb 3-1: USB disconnect, device number 48
[ 1333.628883][T20423] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20423 comm=syz.3.3363
[ 1333.658350][T20423] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3363'.
[ 1333.714899][T20423] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3363'.
[ 1333.729010][T20423] vlan3: entered allmulticast mode
[ 1333.734376][T20423] bond2: entered allmulticast mode
[ 1333.773210][T17269] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1334.523906][T17269] usb 2-1: device descriptor read/64, error -71
[ 1334.708613][T20432] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3364'.
[ 1335.004486][T17269] usb usb2-port1: attempt power cycle
[ 1335.373188][T17269] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1335.600918][T17269] usb 2-1: device not accepting address 48, error -71
[ 1336.413840][T20457] ceph: No mds server is up or the cluster is laggy
[ 1336.421441][T20459] ceph: No mds server is up or the cluster is laggy
[ 1336.428724][   T24] libceph: connect (1)[c::]:6789 error -101
[ 1336.467189][   T24] libceph: mon0 (1)[c::]:6789 connect error
[ 1336.473613][   T43] libceph: connect (1)[c::]:6789 error -101
[ 1336.487085][   T43] libceph: mon0 (1)[c::]:6789 connect error
[ 1337.043596][T17269] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1337.098370][T17269] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1337.107786][T17269] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1337.119165][T17269] usb 2-1: Product: syz
[ 1337.123433][T17269] usb 2-1: Manufacturer: syz
[ 1337.128049][T17269] usb 2-1: SerialNumber: syz
[ 1337.139315][T17269] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1337.156800][T10495] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1337.368993][   T43] usb 2-1: USB disconnect, device number 49
[ 1337.765450][T20478] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1337.957869][T20480] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20480 comm=syz.3.3377
[ 1338.001756][T20480] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3377'.
[ 1338.059445][T20480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3377'.
[ 1338.075264][T20480] vlan4: entered allmulticast mode
[ 1338.080688][T20480] bond3: entered allmulticast mode
[ 1338.223967][T10495] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 1338.443144][T10495] ath9k_htc: Failed to initialize the device
[ 1338.888452][   T43] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1338.992937][T20488] mkiss: ax0: crc mode is auto.
[ 1339.243422][T17269] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[ 1339.269805][   T24] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[ 1339.473230][   T24] usb 1-1: device descriptor read/64, error -71
[ 1339.627963][T20497] netlink: zone id is out of range
[ 1339.646438][T20497] netlink: zone id is out of range
[ 1339.651589][T20497] netlink: zone id is out of range
[ 1339.686125][T20497] netlink: zone id is out of range
[ 1339.696099][T20497] netlink: zone id is out of range
[ 1339.701728][T20497] netlink: zone id is out of range
[ 1339.707592][T20497] netlink: zone id is out of range
[ 1339.715026][T20497] netlink: zone id is out of range
[ 1339.720234][T20497] netlink: zone id is out of range
[ 1339.725506][   T24] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 1339.737285][T20497] netlink: zone id is out of range
[ 1339.867446][   T24] usb 1-1: device descriptor read/64, error -71
[ 1340.017773][   T24] usb usb1-port1: attempt power cycle
[ 1340.170519][T17269] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1340.193293][T17269] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1340.624689][T17269] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1340.645070][T17269] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1340.688041][   T24] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 1340.696552][T17269] usb 3-1: Product: syz
[ 1340.710110][T17269] usb 3-1: Manufacturer: syz
[ 1340.721168][T17269] usb 3-1: SerialNumber: syz
[ 1340.734328][   T24] usb 1-1: device descriptor read/8, error -71
[ 1340.745789][T17269] usb 3-1: config 0 descriptor??
[ 1341.115273][   T24] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 1341.154942][   T24] usb 1-1: device descriptor read/8, error -71
[ 1341.171189][ T5915] usb 3-1: USB disconnect, device number 49
[ 1341.263579][   T43] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1341.271374][   T24] usb usb1-port1: unable to enumerate USB device
[ 1341.335739][T20528] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20528 comm=syz.1.3394
[ 1341.352063][T20528] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3394'.
[ 1341.373486][T20528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'.
[ 1341.387454][T20528] vlan4: entered allmulticast mode
[ 1341.392655][T20528] bond2: entered allmulticast mode
[ 1341.498013][   T43] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1342.269573][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1342.281618][   T43] usb 5-1: Product: syz
[ 1342.289001][   T43] usb 5-1: Manufacturer: syz
[ 1342.293703][   T43] usb 5-1: SerialNumber: syz
[ 1342.302711][   T43] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1342.325441][ T5915] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1343.297000][   T43] usb 5-1: USB disconnect, device number 49
[ 1343.367216][   T30] audit: type=1400 audit(1750839248.846:460): avc:  denied  { read } for  pid=20533 comm="syz.2.3396" path="socket:[62036]" dev="sockfs" ino=62036 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1343.413020][ T5915] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1343.445133][ T5915] ath9k_htc: Failed to initialize the device
[ 1343.453793][   T43] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1344.923328][   T43] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1345.173933][T20571] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3408'.
[ 1345.532585][T17269] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1345.550750][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1345.586603][   T43] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1345.606786][   T43] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1345.621194][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1345.632827][   T43] usb 2-1: Product: syz
[ 1345.639689][   T43] usb 2-1: Manufacturer: syz
[ 1345.647080][   T43] usb 2-1: SerialNumber: syz
[ 1345.660780][   T43] usb 2-1: config 0 descriptor??
[ 1345.683584][T17269] usb 5-1: device descriptor read/64, error -71
[ 1345.883194][ T5865] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[ 1345.961226][ T5915] usb 2-1: USB disconnect, device number 50
[ 1346.092226][T20579] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3410'.
[ 1346.437401][T17269] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1346.564199][ T5865] usb 3-1: config 0 has no interfaces?
[ 1346.722640][T17269] usb 5-1: device descriptor read/64, error -71
[ 1347.362220][ T5865] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1347.371575][ T5865] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1347.379617][ T5865] usb 3-1: Product: syz
[ 1347.383814][ T5865] usb 3-1: Manufacturer: syz
[ 1347.391853][ T5865] usb 3-1: config 0 descriptor??
[ 1347.474126][T17269] usb usb5-port1: attempt power cycle
[ 1347.717408][   T43] usb 3-1: USB disconnect, device number 50
[ 1348.274689][T17269] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1348.503276][T17269] usb 5-1: device not accepting address 52, error -71
[ 1348.971674][T20600] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3420'.
[ 1350.384321][ T5824] Bluetooth: hci2: command 0x0405 tx timeout
[ 1350.718929][T20632] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20632 comm=syz.1.3429
[ 1350.762921][T20632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3429'.
[ 1350.866685][T20632] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3429'.
[ 1350.894376][T20632] vlan5: entered allmulticast mode
[ 1350.899756][T20632] bond3: entered allmulticast mode
[ 1351.029010][T20634] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3430'.
[ 1351.143200][ T5915] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1351.540038][ T5915] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1351.573450][   T24] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[ 1352.265660][ T5915] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1352.308447][ T5915] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1352.320954][ T5915] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1352.343159][ T5915] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1352.403766][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1352.412455][ T5915] usb 4-1: Product: syz
[ 1352.416972][ T5915] usb 4-1: Manufacturer: syz
[ 1352.430860][ T5915] cdc_wdm 4-1:1.0: skipping garbage
[ 1352.438662][ T5915] cdc_wdm 4-1:1.0: skipping garbage
[ 1352.445588][ T5915] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1352.485124][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1352.500590][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1352.512269][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1352.529992][   T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1352.539110][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1352.554422][   T24] usb 1-1: config 0 descriptor??
[ 1353.056038][T20662] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3438'.
[ 1353.087247][ T5872] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1353.514546][   T24] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[ 1353.525773][T20646] FAULT_INJECTION: forcing a failure.
[ 1353.525773][T20646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1353.578260][T20646] CPU: 1 UID: 0 PID: 20646 Comm: syz.0.3433 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1353.578289][T20646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1353.578302][T20646] Call Trace:
[ 1353.578309][T20646]  <TASK>
[ 1353.578317][T20646]  dump_stack_lvl+0x16c/0x1f0
[ 1353.578348][T20646]  should_fail_ex+0x512/0x640
[ 1353.578384][T20646]  _copy_to_user+0x32/0xd0
[ 1353.578411][T20646]  simple_read_from_buffer+0xcb/0x170
[ 1353.578436][T20646]  proc_fail_nth_read+0x197/0x270
[ 1353.578460][T20646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1353.578484][T20646]  ? rw_verify_area+0xcf/0x680
[ 1353.578503][T20646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1353.578525][T20646]  vfs_read+0x1e1/0xc60
[ 1353.578551][T20646]  ? __pfx___mutex_lock+0x10/0x10
[ 1353.578576][T20646]  ? __pfx_vfs_read+0x10/0x10
[ 1353.578605][T20646]  ? __fget_files+0x20e/0x3c0
[ 1353.578635][T20646]  ksys_read+0x12a/0x250
[ 1353.578655][T20646]  ? __pfx_ksys_read+0x10/0x10
[ 1353.578678][T20646]  ? fdget+0x187/0x210
[ 1353.578705][T20646]  do_syscall_64+0xcd/0x4c0
[ 1353.578732][T20646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1353.578750][T20646] RIP: 0033:0x7fb31638d33c
[ 1353.578765][T20646] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1353.578782][T20646] RSP: 002b:00007fb3141f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1353.578800][T20646] RAX: ffffffffffffffda RBX: 00007fb3165b5fa0 RCX: 00007fb31638d33c
[ 1353.578811][T20646] RDX: 000000000000000f RSI: 00007fb3141f60a0 RDI: 0000000000000004
[ 1353.578822][T20646] RBP: 00007fb3141f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1353.578833][T20646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1353.578843][T20646] R13: 0000000000000000 R14: 00007fb3165b5fa0 R15: 00007ffc8cdfe108
[ 1353.578868][T20646]  </TASK>
[ 1353.776973][   T24] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[ 1353.866198][ T5865] usb 1-1: USB disconnect, device number 52
[ 1353.890173][   T43] usb 4-1: USB disconnect, device number 59
[ 1353.909630][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1354.018597][ T5872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1354.171100][ T5872] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1354.228896][ T5872] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1354.257048][T20676] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=20676 comm=syz.3.3441
[ 1354.311762][T20674] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3443'.
[ 1354.423220][ T5915] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 1354.542525][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1354.798571][ T5872] usb 5-1: config 0 descriptor??
[ 1355.482875][ T5872] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[ 1355.518035][ T5872] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1355.637503][ T5915] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1355.663155][ T5915] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1355.678020][ T5915] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1355.703397][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1355.721526][ T5915] usb 1-1: config 0 descriptor??
[ 1355.796919][ T5915] usb 5-1: USB disconnect, device number 54
[ 1355.867127][ T5865] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[ 1356.023193][ T5865] usb 3-1: Using ep0 maxpacket: 8
[ 1356.033664][ T5865] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1356.163882][ T5865] usb 3-1: config 179 has no interface number 0
[ 1356.270260][ T5865] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1356.341161][ T5865] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1356.378080][ T5865] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1356.402457][ T5865] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1356.427274][ T5865] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1356.440148][T20703] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20703 comm=syz.3.3449
[ 1356.440711][ T5865] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1356.458360][T20703] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3449'.
[ 1356.473041][ T5865] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1356.487157][T20680] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1356.499206][T20705] netlink: 'syz.4.3450': attribute type 4 has an invalid length.
[ 1356.507687][T20705] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.3450'.
[ 1356.544222][T20703] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3449'.
[ 1356.579484][T20703] vlan5: entered allmulticast mode
[ 1356.589112][T20703] bond4: entered allmulticast mode
[ 1357.986585][T20714] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1358.700369][   T24] usb 3-1: USB disconnect, device number 51
[ 1358.700431][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1358.729540][    C0] dummy_hcd dummy_hcd.2: timer fired with no URBs pending?
[ 1358.943348][T20722] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3454'.
[ 1358.973363][T10495] usb 1-1: USB disconnect, device number 53
[ 1359.507987][T20724] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3452'.
[ 1360.354853][T20717] bridge_slave_0: left allmulticast mode
[ 1360.354879][T20717] bridge_slave_0: left promiscuous mode
[ 1360.355029][T20717] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1360.421068][T20717] bridge_slave_1: left allmulticast mode
[ 1360.427096][T20717] bridge_slave_1: left promiscuous mode
[ 1360.438015][T20717] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1360.482433][T20717] bond0: (slave bond_slave_0): Releasing backup interface
[ 1360.498541][T20717] bond0: (slave bond_slave_1): Releasing backup interface
[ 1360.535935][T20717] team0: Port device team_slave_0 removed
[ 1360.551740][T20717] team0: Port device team_slave_1 removed
[ 1360.568674][T20717] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1360.576486][T20717] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1360.599757][T20717] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1360.722527][T20717] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1360.762635][T20717] bond1: (slave vlan3): Releasing active interface
[ 1361.266435][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.697257][   T30] audit: type=1400 audit(1750839267.706:461): avc:  denied  { name_bind } for  pid=20750 comm="syz.2.3461" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1363.376482][   T30] audit: type=1400 audit(1750839269.356:462): avc:  denied  { create } for  pid=20764 comm="syz.4.3467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1363.530606][T20775] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=20775 comm=syz.0.3465
[ 1363.901331][   T30] audit: type=1400 audit(1750839269.906:463): avc:  denied  { accept } for  pid=20764 comm="syz.4.3467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[ 1363.958085][   T30] audit: type=1400 audit(1750839269.966:464): avc:  denied  { ioctl } for  pid=20764 comm="syz.4.3467" path="socket:[63505]" dev="sockfs" ino=63505 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1363.992621][T20780] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1364.016082][T20773] netlink: 'syz.4.3467': attribute type 1 has an invalid length.
[ 1364.024187][T20770] netlink: 'syz.4.3467': attribute type 1 has an invalid length.
[ 1364.519358][T20793] pim6reg1: entered promiscuous mode
[ 1364.543574][T20793] pim6reg1: entered allmulticast mode
[ 1364.623361][ T5872] usb 4-1: new full-speed USB device number 60 using dummy_hcd
[ 1364.908860][ T5872] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1365.131552][ T5872] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1365.142786][ T5872] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1365.187216][T20794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=20794 comm=syz.4.3474
[ 1365.210907][ T5872] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1365.220549][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1365.228724][ T5872] usb 4-1: SerialNumber: syz
[ 1365.237693][ T5872] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[ 1365.246670][ T5872] usb-storage 4-1:1.0: USB Mass Storage device detected
[ 1365.260953][ T5872] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1365.572990][ T5872] usb 4-1: USB disconnect, device number 60
[ 1365.966820][   T30] audit: type=1400 audit(1750839271.976:465): avc:  denied  { read } for  pid=20790 comm="syz.0.3473" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1366.085231][   T30] audit: type=1400 audit(1750839271.976:466): avc:  denied  { open } for  pid=20790 comm="syz.0.3473" path="/dev/rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1366.108953][   T30] audit: type=1400 audit(1750839271.976:467): avc:  denied  { ioctl } for  pid=20790 comm="syz.0.3473" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x7005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1366.462415][T20813] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3477'.
[ 1366.631489][T20819] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1366.920339][T20827] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20827 comm=syz.2.3481
[ 1366.937405][T20827] FAULT_INJECTION: forcing a failure.
[ 1366.937405][T20827] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1366.950852][T20827] CPU: 1 UID: 0 PID: 20827 Comm: syz.2.3481 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1366.950878][T20827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1366.950889][T20827] Call Trace:
[ 1366.950895][T20827]  <TASK>
[ 1366.950903][T20827]  dump_stack_lvl+0x16c/0x1f0
[ 1366.950933][T20827]  should_fail_ex+0x512/0x640
[ 1366.950960][T20827]  _copy_to_user+0x32/0xd0
[ 1366.950988][T20827]  simple_read_from_buffer+0xcb/0x170
[ 1366.951014][T20827]  proc_fail_nth_read+0x197/0x270
[ 1366.951037][T20827]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1366.951061][T20827]  ? rw_verify_area+0xcf/0x680
[ 1366.951081][T20827]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1366.951103][T20827]  vfs_read+0x1e1/0xc60
[ 1366.951129][T20827]  ? __pfx___mutex_lock+0x10/0x10
[ 1366.951155][T20827]  ? __pfx_vfs_read+0x10/0x10
[ 1366.951183][T20827]  ? __fget_files+0x20e/0x3c0
[ 1366.951214][T20827]  ksys_read+0x12a/0x250
[ 1366.951234][T20827]  ? __pfx_ksys_read+0x10/0x10
[ 1366.951267][T20827]  do_syscall_64+0xcd/0x4c0
[ 1366.951294][T20827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1366.951312][T20827] RIP: 0033:0x7ff8ee38d33c
[ 1366.951327][T20827] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1366.951344][T20827] RSP: 002b:00007ff8ef254030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1366.951361][T20827] RAX: ffffffffffffffda RBX: 00007ff8ee5b6160 RCX: 00007ff8ee38d33c
[ 1366.951372][T20827] RDX: 000000000000000f RSI: 00007ff8ef2540a0 RDI: 000000000000000b
[ 1366.951383][T20827] RBP: 00007ff8ef254090 R08: 0000000000000000 R09: 0000000000000000
[ 1366.951393][T20827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1366.951404][T20827] R13: 0000000000000000 R14: 00007ff8ee5b6160 R15: 00007ffc722f3bd8
[ 1366.951428][T20827]  </TASK>
[ 1368.326113][T20836] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20836 comm=syz.0.3485
[ 1368.384235][T20836] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3485'.
[ 1368.437803][T20840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3485'.
[ 1368.517001][T20840] vlan3: entered allmulticast mode
[ 1368.522283][T20840] bond2: entered allmulticast mode
[ 1372.266039][T20853] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3490'.
[ 1372.397214][T20861] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1372.603193][ T5915] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1373.450201][   T30] audit: type=1400 audit(1750839279.456:468): avc:  denied  { read } for  pid=20867 comm="syz.3.3496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1373.548866][T20869] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=20869 comm=syz.0.3495
[ 1373.883793][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1373.894984][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1374.008932][ T5915] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1374.133927][ T5915] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1374.143072][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1374.210382][ T5915] usb 3-1: config 0 descriptor??
[ 1374.708560][T20886] 9pnet_fd: Insufficient options for proto=fd
[ 1374.718759][T20886] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20886 comm=syz.3.3500
[ 1375.539931][T20892] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3503'.
[ 1375.555382][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.594586][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.606730][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.648029][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.669321][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.682538][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.727514][ T5915] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[ 1375.750397][ T5915] plantronics 0003:047F:FFFF.0007: report_id 0 is invalid
[ 1375.785991][T20897] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1375.802884][ T5915] plantronics 0003:047F:FFFF.0007: item 0 0 1 8 parsing failed
[ 1375.883794][ T5915] plantronics 0003:047F:FFFF.0007: parse failed
[ 1375.890241][ T5915] plantronics 0003:047F:FFFF.0007: probe with driver plantronics failed with error -22
[ 1375.901131][T20899] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.3507'.
[ 1375.913362][T20894] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3505'.
[ 1375.954235][ T5915] usb 3-1: USB disconnect, device number 52
[ 1375.971442][T20903] FAULT_INJECTION: forcing a failure.
[ 1375.971442][T20903] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1375.988856][T20903] CPU: 1 UID: 0 PID: 20903 Comm: syz.0.3509 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1375.988882][T20903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1375.988892][T20903] Call Trace:
[ 1375.988898][T20903]  <TASK>
[ 1375.988905][T20903]  dump_stack_lvl+0x16c/0x1f0
[ 1375.988934][T20903]  should_fail_ex+0x512/0x640
[ 1375.988960][T20903]  _copy_from_user+0x2e/0xd0
[ 1375.988985][T20903]  copy_msghdr_from_user+0x98/0x160
[ 1375.989010][T20903]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1375.989046][T20903]  ___sys_sendmsg+0xfe/0x1d0
[ 1375.989071][T20903]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1375.989093][T20903]  ? __lock_acquire+0x622/0x1c90
[ 1375.989151][T20903]  __sys_sendmsg+0x16d/0x220
[ 1375.989175][T20903]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1375.989213][T20903]  do_syscall_64+0xcd/0x4c0
[ 1375.989241][T20903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1375.989258][T20903] RIP: 0033:0x7fb31638e929
[ 1375.989278][T20903] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1375.989295][T20903] RSP: 002b:00007fb3141f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1375.989312][T20903] RAX: ffffffffffffffda RBX: 00007fb3165b5fa0 RCX: 00007fb31638e929
[ 1375.989324][T20903] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[ 1375.989334][T20903] RBP: 00007fb3141f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1375.989344][T20903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1375.989355][T20903] R13: 0000000000000000 R14: 00007fb3165b5fa0 R15: 00007ffc8cdfe108
[ 1375.989378][T20903]  </TASK>
[ 1376.463389][   T24] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 1377.028707][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1377.121118][   T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1377.135297][   T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1377.144422][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1377.219099][   T24] usb 1-1: config 0 descriptor??
[ 1377.406937][T20922] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3516'.
[ 1378.268238][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1378.274560][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1378.305194][T20927] ceph: No mds server is up or the cluster is laggy
[ 1378.571278][T20945] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3517'.
[ 1378.721535][ T5824] Bluetooth: hci2: command 0x0405 tx timeout
[ 1379.505901][ T5872] usb 1-1: USB disconnect, device number 54
[ 1381.673210][T20968] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3529'.
[ 1381.785769][T20970] FAULT_INJECTION: forcing a failure.
[ 1381.785769][T20970] name failslab, interval 1, probability 0, space 0, times 0
[ 1381.806093][T20970] CPU: 1 UID: 0 PID: 20970 Comm: syz.3.3530 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1381.806120][T20970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1381.806129][T20970] Call Trace:
[ 1381.806135][T20970]  <TASK>
[ 1381.806142][T20970]  dump_stack_lvl+0x16c/0x1f0
[ 1381.806171][T20970]  should_fail_ex+0x512/0x640
[ 1381.806193][T20970]  ? fs_reclaim_acquire+0xae/0x150
[ 1381.806213][T20970]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1381.806236][T20970]  should_failslab+0xc2/0x120
[ 1381.806258][T20970]  __kmalloc_noprof+0xd2/0x510
[ 1381.806282][T20970]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1381.806304][T20970]  ? tomoyo_profile+0x47/0x60
[ 1381.806329][T20970]  tomoyo_path_number_perm+0x245/0x580
[ 1381.806346][T20970]  ? tomoyo_path_number_perm+0x237/0x580
[ 1381.806366][T20970]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1381.806386][T20970]  ? find_held_lock+0x2b/0x80
[ 1381.806425][T20970]  ? find_held_lock+0x2b/0x80
[ 1381.806444][T20970]  ? hook_file_ioctl_common+0x145/0x410
[ 1381.806475][T20970]  ? __fget_files+0x20e/0x3c0
[ 1381.806508][T20970]  security_file_ioctl+0x9b/0x240
[ 1381.806533][T20970]  __x64_sys_ioctl+0xb7/0x210
[ 1381.806554][T20970]  do_syscall_64+0xcd/0x4c0
[ 1381.806578][T20970]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1381.806593][T20970] RIP: 0033:0x7f0fe6b8e929
[ 1381.806608][T20970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1381.806625][T20970] RSP: 002b:00007f0fe7a28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1381.806643][T20970] RAX: ffffffffffffffda RBX: 00007f0fe6db5fa0 RCX: 00007f0fe6b8e929
[ 1381.806654][T20970] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003
[ 1381.806664][T20970] RBP: 00007f0fe7a28090 R08: 0000000000000000 R09: 0000000000000000
[ 1381.806674][T20970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1381.806684][T20970] R13: 0000000000000000 R14: 00007f0fe6db5fa0 R15: 00007ffe2d0a5b18
[ 1381.806707][T20970]  </TASK>
[ 1381.806714][T20970] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1382.746835][T20980] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20980 comm=syz.0.3533
[ 1382.782621][T20974] bridge_slave_0: left allmulticast mode
[ 1382.959203][T20974] bridge_slave_0: left promiscuous mode
[ 1382.999380][T20980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3533'.
[ 1383.009321][T20974] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1383.040232][T20990] FAULT_INJECTION: forcing a failure.
[ 1383.040232][T20990] name failslab, interval 1, probability 0, space 0, times 0
[ 1383.052987][T20990] CPU: 0 UID: 0 PID: 20990 Comm: syz.2.3536 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1383.053013][T20990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1383.053024][T20990] Call Trace:
[ 1383.053030][T20990]  <TASK>
[ 1383.053038][T20990]  dump_stack_lvl+0x16c/0x1f0
[ 1383.053068][T20990]  should_fail_ex+0x512/0x640
[ 1383.053093][T20990]  ? fs_reclaim_acquire+0xae/0x150
[ 1383.053111][T20990]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1383.053134][T20990]  should_failslab+0xc2/0x120
[ 1383.053158][T20990]  __kmalloc_noprof+0xd2/0x510
[ 1383.053185][T20990]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1383.053212][T20990]  ? tomoyo_profile+0x47/0x60
[ 1383.053241][T20990]  tomoyo_path_number_perm+0x245/0x580
[ 1383.053260][T20990]  ? tomoyo_path_number_perm+0x237/0x580
[ 1383.053281][T20990]  ? finish_task_switch.isra.0+0x174/0xc10
[ 1383.053304][T20990]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1383.053320][T20990]  ? rcu_is_watching+0x12/0xc0
[ 1383.053343][T20990]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1383.053391][T20990]  ? find_held_lock+0x2b/0x80
[ 1383.053411][T20990]  ? hook_file_ioctl_common+0x145/0x410
[ 1383.053446][T20990]  ? __fget_files+0x20e/0x3c0
[ 1383.053474][T20990]  security_file_ioctl+0x9b/0x240
[ 1383.053500][T20990]  __x64_sys_ioctl+0xb7/0x210
[ 1383.053521][T20990]  do_syscall_64+0xcd/0x4c0
[ 1383.053548][T20990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1383.053572][T20990] RIP: 0033:0x7ff8ee38e929
[ 1383.053587][T20990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1383.053604][T20990] RSP: 002b:00007ff8ef254038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1383.053621][T20990] RAX: ffffffffffffffda RBX: 00007ff8ee5b6160 RCX: 00007ff8ee38e929
[ 1383.053633][T20990] RDX: 0000200000000100 RSI: 000000000000541c RDI: 0000000000000007
[ 1383.053643][T20990] RBP: 00007ff8ef254090 R08: 0000000000000000 R09: 0000000000000000
[ 1383.053654][T20990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1383.053664][T20990] R13: 0000000000000000 R14: 00007ff8ee5b6160 R15: 00007ffc722f3bd8
[ 1383.053688][T20990]  </TASK>
[ 1383.264343][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1383.271225][T20990] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1383.342887][   T30] audit: type=1400 audit(1750839289.316:469): avc:  denied  { create } for  pid=20981 comm="syz.3.3535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1383.365522][T20977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3532'.
[ 1383.370057][T20992] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3533'.
[ 1383.388115][T20974] bridge_slave_1: left allmulticast mode
[ 1383.396922][T20974] bridge_slave_1: left promiscuous mode
[ 1383.402630][T20974] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1383.414381][T20974] bond0: (slave bond_slave_0): Releasing backup interface
[ 1383.428282][T20974] bond0: (slave bond_slave_1): Releasing backup interface
[ 1383.449654][T20974] team0: Port device team_slave_0 removed
[ 1383.459846][T20974] team0: Port device team_slave_1 removed
[ 1383.466281][T20974] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1383.473805][T20974] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1383.481825][T20974] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1383.489526][T20974] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1384.620050][T20992] vlan4: entered allmulticast mode
[ 1384.625355][T20992] bond3: entered allmulticast mode
[ 1385.013762][T19084] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[ 1385.024663][   T30] audit: type=1400 audit(1750839290.756:470): avc:  denied  { setopt } for  pid=20981 comm="syz.3.3535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1385.976488][T21007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3540'.
[ 1387.232334][T21020] FAULT_INJECTION: forcing a failure.
[ 1387.232334][T21020] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1387.245426][T21020] CPU: 0 UID: 0 PID: 21020 Comm: syz.0.3545 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1387.245443][T21020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1387.245449][T21020] Call Trace:
[ 1387.245454][T21020]  <TASK>
[ 1387.245459][T21020]  dump_stack_lvl+0x16c/0x1f0
[ 1387.245479][T21020]  should_fail_ex+0x512/0x640
[ 1387.245496][T21020]  _copy_from_user+0x2e/0xd0
[ 1387.245512][T21020]  __sys_bpf+0x21d/0x4d80
[ 1387.245529][T21020]  ? __pfx___sys_bpf+0x10/0x10
[ 1387.245544][T21020]  ? ksys_write+0x190/0x250
[ 1387.245565][T21020]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1387.245589][T21020]  ? fput+0x70/0xf0
[ 1387.245604][T21020]  ? ksys_write+0x1ac/0x250
[ 1387.245617][T21020]  ? __pfx_ksys_write+0x10/0x10
[ 1387.245632][T21020]  __x64_sys_bpf+0x78/0xc0
[ 1387.245647][T21020]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1387.245661][T21020]  do_syscall_64+0xcd/0x4c0
[ 1387.245678][T21020]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1387.245689][T21020] RIP: 0033:0x7fb31638e929
[ 1387.245698][T21020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1387.245709][T21020] RSP: 002b:00007fb3141f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1387.245719][T21020] RAX: ffffffffffffffda RBX: 00007fb3165b5fa0 RCX: 00007fb31638e929
[ 1387.245726][T21020] RDX: 0000000000000020 RSI: 0000200000000340 RDI: 0000000000000009
[ 1387.245732][T21020] RBP: 00007fb3141f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1387.245738][T21020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1387.245744][T21020] R13: 0000000000000000 R14: 00007fb3165b5fa0 R15: 00007ffc8cdfe108
[ 1387.245758][T21020]  </TASK>
[ 1388.187750][T21040] netlink: 'syz.3.3546': attribute type 4 has an invalid length.
[ 1388.195803][T21040] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3546'.
[ 1388.303298][   T43] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1388.365411][T21045] bridge0: port 1(netdevsim0) entered blocking state
[ 1388.372522][T21045] bridge0: port 1(netdevsim0) entered disabled state
[ 1388.380040][T21045] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[ 1388.395039][T21045] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[ 1388.406989][T21045] bridge0: port 1(netdevsim0) entered blocking state
[ 1388.413803][T21045] bridge0: port 1(netdevsim0) entered forwarding state
[ 1388.439673][T21032] [U] �
[ 1388.619503][   T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1388.680153][T21044] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3548'.
[ 1388.718095][   T43] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1388.730599][   T43] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1388.740393][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1388.764630][   T43] usb 3-1: config 0 descriptor??
[ 1388.998485][T21048] team0: Mode changed to "loadbalance"
[ 1389.034137][T21048] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3552'.
[ 1389.103228][   T30] audit: type=1400 audit(1750839295.096:471): avc:  denied  { listen } for  pid=21057 comm="syz.0.3556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1389.174748][T21061] FAULT_INJECTION: forcing a failure.
[ 1389.174748][T21061] name failslab, interval 1, probability 0, space 0, times 0
[ 1389.295854][T21061] CPU: 0 UID: 0 PID: 21061 Comm: syz.3.3554 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1389.295884][T21061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1389.295896][T21061] Call Trace:
[ 1389.295902][T21061]  <TASK>
[ 1389.295909][T21061]  dump_stack_lvl+0x16c/0x1f0
[ 1389.295939][T21061]  should_fail_ex+0x512/0x640
[ 1389.295962][T21061]  ? fs_reclaim_acquire+0xae/0x150
[ 1389.295981][T21061]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1389.296005][T21061]  should_failslab+0xc2/0x120
[ 1389.296030][T21061]  __kmalloc_noprof+0xd2/0x510
[ 1389.296058][T21061]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1389.296103][T21061]  ? tomoyo_profile+0x47/0x60
[ 1389.296130][T21061]  tomoyo_path_number_perm+0x245/0x580
[ 1389.296149][T21061]  ? tomoyo_path_number_perm+0x237/0x580
[ 1389.296169][T21061]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1389.296189][T21061]  ? find_held_lock+0x2b/0x80
[ 1389.296231][T21061]  ? find_held_lock+0x2b/0x80
[ 1389.296250][T21061]  ? hook_file_ioctl_common+0x145/0x410
[ 1389.296279][T21061]  ? __fget_files+0x20e/0x3c0
[ 1389.296307][T21061]  security_file_ioctl+0x9b/0x240
[ 1389.296331][T21061]  __x64_sys_ioctl+0xb7/0x210
[ 1389.296350][T21061]  do_syscall_64+0xcd/0x4c0
[ 1389.296376][T21061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1389.296392][T21061] RIP: 0033:0x7f0fe6b8e929
[ 1389.296407][T21061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1389.296423][T21061] RSP: 002b:00007f0fe7a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1389.296443][T21061] RAX: ffffffffffffffda RBX: 00007f0fe6db6080 RCX: 00007f0fe6b8e929
[ 1389.296454][T21061] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[ 1389.296464][T21061] RBP: 00007f0fe7a07090 R08: 0000000000000000 R09: 0000000000000000
[ 1389.296474][T21061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1389.296484][T21061] R13: 0000000000000001 R14: 00007f0fe6db6080 R15: 00007ffe2d0a5b18
[ 1389.296507][T21061]  </TASK>
[ 1389.306339][T21061] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1390.173879][T21069] ceph: No mds server is up or the cluster is laggy
[ 1390.183477][   T43] libceph: connect (1)[c::]:6789 error -101
[ 1390.213653][   T43] libceph: mon0 (1)[c::]:6789 connect error
[ 1390.337728][T21078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3558'.
[ 1390.383298][T21080] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3560'.
[ 1391.336968][ T5865] usb 3-1: USB disconnect, device number 53
[ 1391.355713][T21091] team0: Port device bond0 removed
[ 1391.384381][T21086] [U] �
[ 1391.400238][T21092] netlink: 'syz.0.3563': attribute type 10 has an invalid length.
[ 1391.428078][T21091] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[ 1391.658430][T21091] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[ 1391.757522][T21091] bridge0: port 1(netdevsim0) entered disabled state
[ 1391.926722][T21092] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1391.962344][T21092] team0: Port device bond0 added
[ 1391.963201][T17302] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1392.186061][T21114] FAULT_INJECTION: forcing a failure.
[ 1392.186061][T21114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1392.208129][T21114] CPU: 1 UID: 0 PID: 21114 Comm: syz.1.3569 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1392.208157][T21114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1392.208167][T21114] Call Trace:
[ 1392.208173][T21114]  <TASK>
[ 1392.208180][T21114]  dump_stack_lvl+0x16c/0x1f0
[ 1392.208210][T21114]  should_fail_ex+0x512/0x640
[ 1392.208236][T21114]  _copy_from_user+0x2e/0xd0
[ 1392.208262][T21114]  copy_msghdr_from_user+0x98/0x160
[ 1392.208287][T21114]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1392.208323][T21114]  ___sys_sendmsg+0xfe/0x1d0
[ 1392.208349][T21114]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1392.208371][T21114]  ? __lock_acquire+0x622/0x1c90
[ 1392.208430][T21114]  __sys_sendmsg+0x16d/0x220
[ 1392.208455][T21114]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1392.208504][T21114]  do_syscall_64+0xcd/0x4c0
[ 1392.208532][T21114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1392.208550][T21114] RIP: 0033:0x7fee4eb8e929
[ 1392.208565][T21114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1392.208582][T21114] RSP: 002b:00007fee4f91a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1392.208599][T21114] RAX: ffffffffffffffda RBX: 00007fee4edb5fa0 RCX: 00007fee4eb8e929
[ 1392.208610][T21114] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[ 1392.208621][T21114] RBP: 00007fee4f91a090 R08: 0000000000000000 R09: 0000000000000000
[ 1392.208631][T21114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1392.208640][T21114] R13: 0000000000000000 R14: 00007fee4edb5fa0 R15: 00007ffcbd136ee8
[ 1392.208664][T21114]  </TASK>
[ 1392.379200][T17302] usb 5-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1392.773007][T17302] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1392.779782][T17302] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[ 1392.789383][T17302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1392.814146][T17302] usb 5-1: config 0 descriptor??
[ 1392.932216][T21120] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3571'.
[ 1393.039964][T21122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3572'.
[ 1393.115758][T21128] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[ 1393.174652][T21129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1393.237448][T21129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1393.669794][T21135] team0: No ports can be present during mode change
[ 1393.743945][T21135] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3575'.
[ 1393.843713][T17302] acrux 0003:1A34:0802.0008: ignoring exceeding usage max
[ 1393.854586][T17302] acrux 0003:1A34:0802.0008: hidraw0: USB HID v10.00 Device [HID 1a34:0802] on usb-dummy_hcd.4-1/input0
[ 1393.866131][T17302] acrux 0003:1A34:0802.0008: no inputs found
[ 1393.872158][T17302] acrux 0003:1A34:0802.0008: Failed to enable force feedback support, error: -19
[ 1394.025909][T21135] team0 (unregistering): Port device bond0 removed
[ 1394.303451][ T5915] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1394.481534][T21136] [U] �
[ 1394.494491][ T5915] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1394.515426][ T5915] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1394.540796][ T5915] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1394.561028][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1394.575495][ T5915] usb 3-1: config 0 descriptor??
[ 1394.604179][T21155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1394.623485][T21155] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1394.633671][   T30] audit: type=1400 audit(1750839300.636:472): avc:  denied  { sqpoll } for  pid=21153 comm="syz.1.3581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1394.653012][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1394.666110][T21155] syz.1.3581 (21155): /proc/21153/oom_adj is deprecated, please use /proc/21153/oom_score_adj instead.
[ 1395.277077][T21165] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3583'.
[ 1395.293511][ T5865] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1395.992155][T21172] ceph: No mds server is up or the cluster is laggy
[ 1396.005515][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1396.024778][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1396.041673][ T5865] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1396.234750][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[ 1396.337657][T21167] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1396.355662][ T5865] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1396.383416][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1396.398172][ T5865] usb 2-1: config 0 descriptor??
[ 1396.497878][T10495] usb 5-1: USB disconnect, device number 55
[ 1396.506576][ T5865] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1397.325141][T10495] usb 3-1: USB disconnect, device number 54
[ 1397.551559][   T30] audit: type=1400 audit(1750839303.556:473): avc:  denied  { connect } for  pid=21200 comm="syz.0.3593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1397.571120][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1397.604098][   T30] audit: type=1400 audit(1750839303.616:474): avc:  denied  { write } for  pid=21200 comm="syz.0.3593" path="socket:[64982]" dev="sockfs" ino=64982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1397.618536][T15771] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 1397.639257][   T30] audit: type=1400 audit(1750839303.616:475): avc:  denied  { read } for  pid=21200 comm="syz.0.3593" path="socket:[64982]" dev="sockfs" ino=64982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1398.027373][T15771] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1398.037198][T15771] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1398.045552][T15771] usb 4-1: Product: syz
[ 1398.050078][T15771] usb 4-1: Manufacturer: syz
[ 1398.054941][T15771] usb 4-1: SerialNumber: syz
[ 1398.174079][   T43] libceph: connect (1)[c::]:6789 error -101
[ 1398.203695][T21207] ceph: No mds server is up or the cluster is laggy
[ 1398.249662][T15771] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1398.286454][T21196] [U] �
[ 1398.431497][   T43] libceph: mon0 (1)[c::]:6789 connect error
[ 1398.545593][ T9045] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1398.630578][T21215] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21215 comm=syz.4.3595
[ 1398.669540][T21215] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3595'.
[ 1398.733807][T21215] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3595'.
[ 1398.768379][T21215] vlan2: entered allmulticast mode
[ 1398.778784][T21215] bond1: entered allmulticast mode
[ 1399.083829][T15771] usb 4-1: USB disconnect, device number 61
[ 1399.249056][T10495] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1399.418386][T10495] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1399.429283][T10495] usb 3-1: config 0 has no interface number 0
[ 1399.441120][T10495] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1399.451586][T10495] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1399.465171][T10495] usb 3-1: Product: syz
[ 1399.469381][T10495] usb 3-1: Manufacturer: syz
[ 1399.477882][T10495] usb 3-1: SerialNumber: syz
[ 1399.486847][T10495] usb 3-1: config 0 descriptor??
[ 1399.590807][ T9045] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[ 1399.605591][ T9045] ath9k_htc: Failed to initialize the device
[ 1399.729111][T10495] dvb_usb_ec168 3-1:0.1: probe with driver dvb_usb_ec168 failed with error -32
[ 1399.750713][T15771] usb 4-1: ath9k_htc: USB layer deinitialized
[ 1399.777705][T21226] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3598'.
[ 1399.791482][T10495] usb 2-1: USB disconnect, device number 51
[ 1400.163460][ T5865] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1400.617764][ T5865] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1400.630178][ T5865] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[ 1400.645447][T10495] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1400.655129][ T5865] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1400.664412][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1400.677072][ T5865] usb 1-1: config 0 descriptor??
[ 1400.685204][ T5865] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1400.793448][T10495] usb 2-1: device descriptor read/64, error -71
[ 1400.850657][T21240] [U] �
[ 1400.971244][T21255] netlink: 'syz.4.3607': attribute type 10 has an invalid length.
[ 1401.047436][T10495] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1401.173357][ T5865] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 1401.183633][T10495] usb 2-1: device descriptor read/64, error -71
[ 1401.296356][T10495] usb usb2-port1: attempt power cycle
[ 1401.335953][ T5865] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1401.354374][ T5865] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[ 1401.369206][ T5865] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1401.380152][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1401.391268][ T5865] usb 4-1: config 0 descriptor??
[ 1401.398404][ T5865] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1401.616041][T21258] ceph: No mds server is up or the cluster is laggy
[ 1401.633187][ T9045] libceph: connect (1)[c::]:6789 error -101
[ 1401.682507][ T9045] libceph: mon0 (1)[c::]:6789 connect error
[ 1401.885775][ T5865] usb 3-1: USB disconnect, device number 55
[ 1401.903481][T10495] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1401.935934][T10495] usb 2-1: device descriptor read/8, error -71
[ 1402.049823][   T30] audit: type=1400 audit(1750839308.046:476): avc:  denied  { create } for  pid=21266 comm="syz.2.3611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[ 1402.203415][T10495] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1402.315455][T10495] usb 2-1: device descriptor read/8, error -71
[ 1402.852978][T21278] ceph: No mds server is up or the cluster is laggy
[ 1402.910313][T10495] usb usb2-port1: unable to enumerate USB device
[ 1403.178134][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1403.475040][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1403.481706][   T43] usb 1-1: USB disconnect, device number 55
[ 1403.818090][T21293] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3616'.
[ 1403.995255][T21295] netlink: 'syz.0.3614': attribute type 10 has an invalid length.
[ 1404.203256][ T5865] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1404.364447][ T5865] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1404.375716][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1404.390596][ T5865] usb 2-1: config 0 descriptor??
[ 1404.397220][ T5865] cp210x 2-1:0.0: cp210x converter detected
[ 1404.727344][T21300] trusted_key: syz.0.3619 sent an empty control message without MSG_MORE.
[ 1404.758779][T15771] usb 4-1: USB disconnect, device number 62
[ 1405.542615][T21298] [U] �
[ 1405.724913][T17269] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 1405.904940][T17269] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1405.913379][T17269] usb 1-1: config 0 has no interface number 0
[ 1405.923854][T17269] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1405.939049][T17269] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1405.947481][T17269] usb 1-1: Product: syz
[ 1405.951751][T17269] usb 1-1: Manufacturer: syz
[ 1405.956441][T17269] usb 1-1: SerialNumber: syz
[ 1405.970460][T17269] usb 1-1: config 0 descriptor??
[ 1406.043287][T15771] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[ 1406.063400][ T9045] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1406.191424][T17269] dvb_usb_ec168 1-1:0.1: probe with driver dvb_usb_ec168 failed with error -32
[ 1406.203545][ T9045] usb 3-1: device descriptor read/64, error -71
[ 1406.212078][T15771] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1406.222426][T15771] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[ 1406.235615][T15771] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1406.246362][T15771] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1406.257539][T15771] usb 4-1: config 0 descriptor??
[ 1406.266239][T15771] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1406.453167][ T9045] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1406.583183][ T9045] usb 3-1: device descriptor read/64, error -71
[ 1406.693555][ T9045] usb usb3-port1: attempt power cycle
[ 1407.270236][ T9045] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1407.387855][ T9045] usb 3-1: device descriptor read/8, error -71
[ 1407.570288][T21328] ceph: No mds server is up or the cluster is laggy
[ 1407.579753][ T5915] libceph: connect (1)[c::]:6789 error -101
[ 1407.609354][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[ 1407.678702][ T9045] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1407.853742][ T9045] usb 3-1: device descriptor read/8, error -71
[ 1408.018586][ T5865] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1408.063711][ T9045] usb usb3-port1: unable to enumerate USB device
[ 1408.079905][ T5865] cp210x 2-1:0.0: querying part number failed
[ 1408.088655][ T5865] usb 2-1: cp210x converter now attached to ttyUSB0
[ 1408.097349][ T5865] usb 2-1: USB disconnect, device number 56
[ 1408.106149][ T5865] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1408.115820][ T5865] cp210x 2-1:0.0: device disconnected
[ 1408.479755][ T5865] usb 1-1: USB disconnect, device number 56
[ 1408.488427][T21340] netlink: 'syz.1.3629': attribute type 10 has an invalid length.
[ 1408.870491][   T30] audit: type=1400 audit(1750839314.566:477): avc:  denied  { write } for  pid=21344 comm="syz.4.3630" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1408.978007][ T9045] usb 4-1: USB disconnect, device number 63
[ 1410.292617][T21371] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3639'.
[ 1410.361200][T21377] fuse: Bad value for 'fd'
[ 1411.623191][T17302] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1411.786616][T17302] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1412.077912][ T9045] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1412.098223][T17302] usb 3-1: config 0 has no interface number 0
[ 1412.127182][T17302] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1412.147775][T17302] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1412.189033][T17302] usb 3-1: Product: syz
[ 1412.202988][T17302] usb 3-1: Manufacturer: syz
[ 1412.213287][ T9045] usb 4-1: device descriptor read/64, error -71
[ 1412.222583][T17302] usb 3-1: SerialNumber: syz
[ 1412.236476][T17302] usb 3-1: config 0 descriptor??
[ 1412.468871][T17302] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state
[ 1412.500835][T17302] usb 3-1: Direct firmware load for dvb-usb-ec168.fw failed with error -2
[ 1412.523541][T17302] usb 3-1: Falling back to sysfs fallback for: dvb-usb-ec168.fw
[ 1412.523728][   T30] audit: type=1400 audit(1750839318.526:478): avc:  denied  { firmware_load } for  pid=17302 comm="kworker/0:4" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1412.551862][ T9045] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1412.698994][ T9045] usb 4-1: device descriptor read/64, error -71
[ 1412.707202][T21400] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21400 comm=syz.1.3645
[ 1412.730298][T21400] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3645'.
[ 1412.841774][T21404] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3645'.
[ 1413.134545][ T9045] usb usb4-port1: attempt power cycle
[ 1413.983391][   T30] audit: type=1800 audit(1750839318.916:479): pid=21405 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.3646" name="bus" dev="overlay" ino=786 res=0 errno=0
[ 1414.506351][ T5915] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1414.680996][ T9045] usb usb4-port1: Cannot enable. Maybe the USB cable is bad?
[ 1415.027329][T21419] ceph: No mds server is up or the cluster is laggy
[ 1415.056268][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1415.068545][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1415.075465][ T9045] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1415.110099][ T9045] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1415.121292][ T9045] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1415.170569][ T9045] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1415.347058][ T9045] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.365932][ T9045] usb 4-1: config 0 descriptor??
[ 1415.374016][ T5915] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1415.385129][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[ 1415.400946][ T5915] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1415.410552][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1415.422851][ T5915] usb 5-1: config 0 descriptor??
[ 1415.431487][ T5915] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1415.829166][ T9045] cp2112 0003:10C4:EA90.0009: unknown main item tag 0x0
[ 1415.864804][T10495] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1415.866024][ T9045] cp2112 0003:10C4:EA90.0009: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[ 1416.122206][ T9045] cp2112 0003:10C4:EA90.0009: Part Number: 0x82 Device Version: 0xFE
[ 1416.136649][T10495] usb 2-1: Using ep0 maxpacket: 32
[ 1416.165333][T10495] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[ 1416.599790][ T9045] cp2112 0003:10C4:EA90.0009: error requesting SMBus config
[ 1416.620387][T10495] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1416.626164][T21435] ceph: No mds server is up or the cluster is laggy
[ 1416.643172][ T5915] libceph: connect (1)[c::]:6789 error -101
[ 1416.652738][T10495] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[ 1416.657233][ T9045] cp2112 0003:10C4:EA90.0009: probe with driver cp2112 failed with error -5
[ 1416.667464][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[ 1416.740782][T10495] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[ 1416.755901][T10495] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1416.773268][T10495] usb 2-1: Product: syz
[ 1416.777578][T10495] usb 2-1: Manufacturer: syz
[ 1416.782217][T10495] usb 2-1: SerialNumber: syz
[ 1416.793593][T10495] usb 2-1: config 0 descriptor??
[ 1418.061823][ T9045] usb 5-1: USB disconnect, device number 56
[ 1418.176066][ T5872] usb 4-1: USB disconnect, device number 67
[ 1418.279345][T21452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3657'.
[ 1418.425664][T21460] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21460 comm=syz.0.3659
[ 1418.455335][T21460] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3659'.
[ 1418.487297][T10495] usb 2-1: USB disconnect, device number 57
[ 1418.518424][T21460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3659'.
[ 1418.565638][T21460] vlan5: entered allmulticast mode
[ 1418.571076][T21460] bond4: entered allmulticast mode
[ 1418.649471][ T5872] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1419.969382][ T5872] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1419.977705][ T5872] usb 4-1: config 0 has no interface number 0
[ 1419.997179][ T5872] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1420.008997][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1420.017286][ T5872] usb 4-1: Product: syz
[ 1420.022331][ T5872] usb 4-1: Manufacturer: syz
[ 1420.027134][ T5872] usb 4-1: SerialNumber: syz
[ 1420.035115][ T5872] usb 4-1: config 0 descriptor??
[ 1420.113337][ T5813] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 1420.126478][T21473] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3661'.
[ 1420.237219][   T30] audit: type=1400 audit(1750839326.236:480): avc:  denied  { load_policy } for  pid=21469 comm="syz.2.3663" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 1420.245278][T21475] SELinux: failed to load policy
[ 1420.268122][ T5872] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in cold state
[ 1420.287066][ T5813] usb 1-1: Using ep0 maxpacket: 32
[ 1420.298434][ T5813] usb 1-1: config 0 has an invalid interface number: 16 but max is 0
[ 1420.316730][ T5813] usb 1-1: config 0 has no interface number 0
[ 1420.333401][ T5813] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1420.364824][ T5813] usb 1-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[ 1420.381639][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1420.393538][ T5813] usb 1-1: Product: syz
[ 1420.399080][ T5813] usb 1-1: Manufacturer: syz
[ 1420.404677][ T5813] usb 1-1: SerialNumber: syz
[ 1420.415206][ T5813] usb 1-1: config 0 descriptor??
[ 1420.433981][T21468] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1420.455335][ T5813] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1420.503518][ T5813] snd-usb-audio 1-1:0.16: probe with driver snd-usb-audio failed with error -2
[ 1420.752850][ T5813] usb 1-1: USB disconnect, device number 57
[ 1421.387236][ T9045] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1421.933212][ T9045] usb 2-1: Using ep0 maxpacket: 8
[ 1421.961709][ T9045] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1421.987232][ T9045] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1422.000000][ T9045] usb 2-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1422.015747][ T9045] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1422.022413][ T9045] usb 2-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[ 1422.039083][ T9045] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1422.079193][ T9045] usb 2-1: config 0 descriptor??
[ 1422.242953][T21503] input: syz0 as /devices/virtual/input/input14
[ 1422.559729][T21506] ceph: No mds server is up or the cluster is laggy
[ 1422.567075][ T5915] libceph: connect (1)[c::]:6789 error -101
[ 1422.573220][ T5915] libceph: mon0 (1)[c::]:6789 connect error
[ 1422.665874][ T9045] waltop 0003:172F:0500.000A: unknown main item tag 0x0
[ 1422.709959][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.741144][ T9045] waltop 0003:172F:0500.000A: unknown main item tag 0x0
[ 1422.891089][ T9045] waltop 0003:172F:0500.000A: unknown main item tag 0x0
[ 1423.162675][T21517] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21517 comm=syz.3.3674
[ 1423.302266][ T9045] waltop 0003:172F:0500.000A: unknown main item tag 0x0
[ 1423.317905][ T9045] waltop 0003:172F:0500.000A: unknown main item tag 0x0
[ 1423.327429][ T9045] waltop 0003:172F:0500.000A: hidraw0: USB HID v7.10 Device [HID 172f:0500] on usb-dummy_hcd.1-1/input0
[ 1423.400501][T21519] SELinux:  Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped).
[ 1423.556164][   T30] audit: type=1400 audit(1750839329.396:481): avc:  denied  { create } for  pid=21489 comm="syz.1.3668" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1424.327517][   T30] audit: type=1400 audit(1750839329.416:482): avc:  denied  { relabelto } for  pid=21489 comm="syz.1.3668" name="file0" dev="tmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:semanage_exec_t:s0"
[ 1424.432696][   T30] audit: type=1400 audit(1750839329.416:483): avc:  denied  { associate } for  pid=21489 comm="syz.1.3668" name="file0" dev="tmpfs" ino=731 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:semanage_exec_t:s0"
[ 1425.094615][T21529] ceph: No mds server is up or the cluster is laggy
[ 1425.101742][ T9045] libceph: connect (1)[c::]:6789 error -101
[ 1425.115153][ T9045] libceph: mon0 (1)[c::]:6789 connect error
[ 1425.505610][T21539] FAULT_INJECTION: forcing a failure.
[ 1425.505610][T21539] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1425.519011][T21539] CPU: 1 UID: 0 PID: 21539 Comm: syz.0.3677 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1425.519043][T21539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1425.519054][T21539] Call Trace:
[ 1425.519061][T21539]  <TASK>
[ 1425.519068][T21539]  dump_stack_lvl+0x16c/0x1f0
[ 1425.519098][T21539]  should_fail_ex+0x512/0x640
[ 1425.519126][T21539]  _copy_from_user+0x2e/0xd0
[ 1425.519151][T21539]  copy_msghdr_from_user+0x98/0x160
[ 1425.519187][T21539]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1425.519215][T21539]  ? __lock_acquire+0xb8a/0x1c90
[ 1425.519244][T21539]  ? find_lowest_rq+0x17c/0x710
[ 1425.519273][T21539]  ___sys_sendmsg+0xfe/0x1d0
[ 1425.519298][T21539]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1425.519321][T21539]  ? __lock_acquire+0x622/0x1c90
[ 1425.519378][T21539]  __sys_sendmsg+0x16d/0x220
[ 1425.519403][T21539]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1425.519444][T21539]  do_syscall_64+0xcd/0x4c0
[ 1425.519472][T21539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1425.519490][T21539] RIP: 0033:0x7fb31638e929
[ 1425.519506][T21539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1425.519523][T21539] RSP: 002b:00007fb3141b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1425.519541][T21539] RAX: ffffffffffffffda RBX: 00007fb3165b6160 RCX: 00007fb31638e929
[ 1425.519552][T21539] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006
[ 1425.519563][T21539] RBP: 00007fb3141b4090 R08: 0000000000000000 R09: 0000000000000000
[ 1425.519574][T21539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1425.519584][T21539] R13: 0000000000000000 R14: 00007fb3165b6160 R15: 00007ffc8cdfe108
[ 1425.519608][T21539]  </TASK>
[ 1425.706976][ T5915] usb 2-1: USB disconnect, device number 58
[ 1427.040314][   T30] audit: type=1400 audit(1750839332.866:484): avc:  denied  { create } for  pid=21544 comm="syz.0.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1427.220154][   T30] audit: type=1400 audit(1750839332.876:485): avc:  denied  { write } for  pid=21544 comm="syz.0.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1427.817539][T21556] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3680'.
[ 1429.526681][T21575] FAULT_INJECTION: forcing a failure.
[ 1429.526681][T21575] name failslab, interval 1, probability 0, space 0, times 0
[ 1429.539465][T21575] CPU: 0 UID: 0 PID: 21575 Comm: syz.1.3686 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1429.539481][T21575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1429.539488][T21575] Call Trace:
[ 1429.539492][T21575]  <TASK>
[ 1429.539496][T21575]  dump_stack_lvl+0x16c/0x1f0
[ 1429.539515][T21575]  should_fail_ex+0x512/0x640
[ 1429.539529][T21575]  ? fs_reclaim_acquire+0xae/0x150
[ 1429.539541][T21575]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1429.539557][T21575]  should_failslab+0xc2/0x120
[ 1429.539572][T21575]  __kmalloc_noprof+0xd2/0x510
[ 1429.539589][T21575]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1429.539605][T21575]  ? tomoyo_profile+0x47/0x60
[ 1429.539622][T21575]  tomoyo_path_number_perm+0x245/0x580
[ 1429.539634][T21575]  ? tomoyo_path_number_perm+0x237/0x580
[ 1429.539648][T21575]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1429.539661][T21575]  ? find_held_lock+0x2b/0x80
[ 1429.539686][T21575]  ? find_held_lock+0x2b/0x80
[ 1429.539698][T21575]  ? hook_file_ioctl_common+0x145/0x410
[ 1429.539718][T21575]  ? __fget_files+0x20e/0x3c0
[ 1429.539735][T21575]  security_file_ioctl+0x9b/0x240
[ 1429.539752][T21575]  __x64_sys_ioctl+0xb7/0x210
[ 1429.539765][T21575]  do_syscall_64+0xcd/0x4c0
[ 1429.539781][T21575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1429.539792][T21575] RIP: 0033:0x7fee4eb8e929
[ 1429.539801][T21575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1429.539812][T21575] RSP: 002b:00007fee4c9d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1429.539822][T21575] RAX: ffffffffffffffda RBX: 00007fee4edb6160 RCX: 00007fee4eb8e929
[ 1429.539829][T21575] RDX: 0000000000000001 RSI: 0000000000004c81 RDI: 0000000000000009
[ 1429.539835][T21575] RBP: 00007fee4c9d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1429.539841][T21575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1429.539847][T21575] R13: 0000000000000000 R14: 00007fee4edb6160 R15: 00007ffcbd136ee8
[ 1429.539860][T21575]  </TASK>
[ 1429.539865][T21575] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1429.827145][   T30] audit: type=1400 audit(1750839335.836:486): avc:  denied  { mount } for  pid=21576 comm="syz.4.3688" name="/" dev="autofs" ino=67693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1430.016037][T21582] netlink: 'syz.0.3689': attribute type 4 has an invalid length.
[ 1430.089697][T21585] FAULT_INJECTION: forcing a failure.
[ 1430.089697][T21585] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1430.102933][T21585] CPU: 0 UID: 0 PID: 21585 Comm: syz.3.3690 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1430.102959][T21585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1430.102970][T21585] Call Trace:
[ 1430.102976][T21585]  <TASK>
[ 1430.102983][T21585]  dump_stack_lvl+0x16c/0x1f0
[ 1430.103013][T21585]  should_fail_ex+0x512/0x640
[ 1430.103040][T21585]  _copy_from_user+0x2e/0xd0
[ 1430.103068][T21585]  copy_msghdr_from_user+0x98/0x160
[ 1430.103091][T21585]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1430.103125][T21585]  ___sys_sendmsg+0xfe/0x1d0
[ 1430.103150][T21585]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1430.103170][T21585]  ? find_held_lock+0x2b/0x80
[ 1430.103229][T21585]  __sys_sendmmsg+0x200/0x420
[ 1430.103257][T21585]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1430.103288][T21585]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1430.103326][T21585]  ? fput+0x70/0xf0
[ 1430.103352][T21585]  ? ksys_write+0x1ac/0x250
[ 1430.103379][T21585]  ? __pfx_ksys_write+0x10/0x10
[ 1430.103405][T21585]  __x64_sys_sendmmsg+0x9c/0x100
[ 1430.103429][T21585]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1430.103453][T21585]  do_syscall_64+0xcd/0x4c0
[ 1430.103480][T21585]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1430.103499][T21585] RIP: 0033:0x7f0fe6b8e929
[ 1430.103520][T21585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1430.103537][T21585] RSP: 002b:00007f0fe79e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1430.103554][T21585] RAX: ffffffffffffffda RBX: 00007f0fe6db6160 RCX: 00007f0fe6b8e929
[ 1430.103566][T21585] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000003
[ 1430.103577][T21585] RBP: 00007f0fe79e6090 R08: 0000000000000000 R09: 0000000000000000
[ 1430.103588][T21585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1430.103598][T21585] R13: 0000000000000000 R14: 00007f0fe6db6160 R15: 00007ffe2d0a5b18
[ 1430.103622][T21585]  </TASK>
[ 1430.343234][T21582] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.3689'.
[ 1432.254523][   T30] audit: type=1400 audit(1750839338.256:487): avc:  denied  { unmount } for  pid=19011 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[ 1433.962067][T21639] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21639 comm=syz.2.3704
[ 1434.037463][T21639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3704'.
[ 1434.104127][T21642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3704'.
[ 1435.054126][T21652] netlink: 'syz.0.3703': attribute type 10 has an invalid length.
[ 1435.065867][T21642] vlan4: entered allmulticast mode
[ 1435.071005][T21642] bond2: entered allmulticast mode
[ 1438.092959][   T30] audit: type=1400 audit(1750839344.056:488): avc:  denied  { listen } for  pid=21665 comm="syz.4.3711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1438.220417][   T30] audit: type=1400 audit(1750839344.226:489): avc:  denied  { accept } for  pid=21665 comm="syz.4.3711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1439.625485][T21691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3716'.
[ 1440.423157][T15771] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1440.535697][T21704] netlink: 'syz.2.3720': attribute type 10 has an invalid length.
[ 1440.646433][T15771] usb 2-1: Using ep0 maxpacket: 8
[ 1440.655621][T15771] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16
[ 1440.681920][T15771] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1440.694713][T15771] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1440.765748][T15771] usb 2-1: Product: ࠬ
[ 1440.777542][T15771] usb 2-1: Manufacturer: ᰉ
[ 1440.797657][T15771] usb 2-1: SerialNumber: 酲㶞씊ꆵ棂宣⮞䚓Ⲳ탼葜✝ꏶ픖⎌黮毀灱㑅菿팣䍓긎櫝暕ꈗ잽㞜䃿솼驵昇⧗폣떓斫ﶒ¢쭢ꚢ휜웒
[ 1441.114996][T15771] cdc_ncm 2-1:1.0: bind() failure
[ 1441.126485][T15771] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[ 1441.138635][T15771] cdc_ncm 2-1:1.1: bind() failure
[ 1441.175442][T15771] usb 2-1: USB disconnect, device number 59
[ 1441.183392][T21715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3721'.
[ 1443.402331][T21736] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21736 comm=syz.1.3728
[ 1444.502150][T21750] syzkaller1: entered promiscuous mode
[ 1444.507736][T21750] syzkaller1: entered allmulticast mode
[ 1444.660248][T21750] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21750 comm=syz.1.3732
[ 1444.733669][T10495] usb 5-1: new full-speed USB device number 57 using dummy_hcd
[ 1444.984197][T10495] usb 5-1: config 0 has an invalid interface number: 46 but max is 0
[ 1445.095112][T10495] usb 5-1: config 0 has no interface number 0
[ 1445.116916][T10495] usb 5-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[ 1445.147245][T10495] usb 5-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[ 1445.266417][T10495] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1445.274618][T10495] usb 5-1: Product: syz
[ 1445.278780][T10495] usb 5-1: Manufacturer: syz
[ 1445.285038][T10495] usb 5-1: SerialNumber: syz
[ 1445.293452][T10495] usb 5-1: config 0 descriptor??
[ 1445.300517][T21747] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1445.312340][T10495] ums-karma 5-1:0.46: USB Mass Storage device detected
[ 1445.320563][T21763] FAULT_INJECTION: forcing a failure.
[ 1445.320563][T21763] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1445.333690][T21763] CPU: 0 UID: 0 PID: 21763 Comm: syz.0.3734 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1445.333714][T21763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1445.333723][T21763] Call Trace:
[ 1445.333730][T21763]  <TASK>
[ 1445.333737][T21763]  dump_stack_lvl+0x16c/0x1f0
[ 1445.333764][T21763]  should_fail_ex+0x512/0x640
[ 1445.333790][T21763]  _copy_from_user+0x2e/0xd0
[ 1445.333811][T21763]  copy_msghdr_from_user+0x98/0x160
[ 1445.333835][T21763]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1445.333867][T21763]  ___sys_sendmsg+0xfe/0x1d0
[ 1445.333891][T21763]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1445.333909][T21763]  ? __lock_acquire+0x622/0x1c90
[ 1445.333958][T21763]  __sys_sendmsg+0x16d/0x220
[ 1445.333974][T21763]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1445.333997][T21763]  do_syscall_64+0xcd/0x4c0
[ 1445.334014][T21763]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1445.334026][T21763] RIP: 0033:0x7fb31638e929
[ 1445.334035][T21763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1445.334045][T21763] RSP: 002b:00007fb3141d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1445.334056][T21763] RAX: ffffffffffffffda RBX: 00007fb3165b6080 RCX: 00007fb31638e929
[ 1445.334063][T21763] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[ 1445.334069][T21763] RBP: 00007fb3141d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1445.334075][T21763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1445.334081][T21763] R13: 0000000000000000 R14: 00007fb3165b6080 R15: 00007ffc8cdfe108
[ 1445.334094][T21763]  </TASK>
[ 1445.647888][T10495] ums-karma 5-1:0.46: probe with driver ums-karma failed with error -5
[ 1445.658992][T10495] usb 5-1: USB disconnect, device number 57
[ 1447.436962][T21780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3739'.
[ 1447.766284][T21798] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21798 comm=syz.1.3743
[ 1448.148765][T21797] netlink: 'syz.0.3742': attribute type 10 has an invalid length.
[ 1448.385698][T21807] netlink: 'syz.3.3745': attribute type 4 has an invalid length.
[ 1448.396667][T21807] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.3745'.
[ 1448.909529][T21726] libceph: connect (1)[c::]:6789 error -101
[ 1448.915709][T21813] ceph: No mds server is up or the cluster is laggy
[ 1448.938333][T21726] libceph: mon0 (1)[c::]:6789 connect error
[ 1449.709974][T21828] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1451.296936][   T30] audit: type=1400 audit(1750839357.286:490): avc:  denied  { module_load } for  pid=21842 comm="syz.1.3754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1451.796959][T21841] team0: Port device bond0 removed
[ 1451.879925][T21855] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21855 comm=syz.2.3756
[ 1452.271249][T21858] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3753'.
[ 1452.300320][T21844] team0: Unable to change to the same mode the team is in
[ 1453.742826][   T30] audit: type=1400 audit(1750839359.746:491): avc:  denied  { write } for  pid=21867 comm="syz.2.3761" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1453.823211][ T5824] Bluetooth: hci2: command 0x0405 tx timeout
[ 1453.966978][T21879] netlink: 'syz.0.3760': attribute type 10 has an invalid length.
[ 1454.051289][   T30] audit: type=1400 audit(1750839360.056:492): avc:  denied  { unmount } for  pid=19011 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1454.205099][T21889] netlink: 'syz.1.3764': attribute type 4 has an invalid length.
[ 1454.224813][T21889] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.3764'.
[ 1455.402966][T21904] FAULT_INJECTION: forcing a failure.
[ 1455.402966][T21904] name failslab, interval 1, probability 0, space 0, times 0
[ 1455.415908][T21904] CPU: 1 UID: 0 PID: 21904 Comm: syz.1.3771 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1455.415936][T21904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1455.415947][T21904] Call Trace:
[ 1455.415953][T21904]  <TASK>
[ 1455.415960][T21904]  dump_stack_lvl+0x16c/0x1f0
[ 1455.416011][T21904]  should_fail_ex+0x512/0x640
[ 1455.416034][T21904]  ? fs_reclaim_acquire+0xae/0x150
[ 1455.416054][T21904]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1455.416079][T21904]  should_failslab+0xc2/0x120
[ 1455.416105][T21904]  __kmalloc_noprof+0xd2/0x510
[ 1455.416134][T21904]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1455.416161][T21904]  ? tomoyo_profile+0x47/0x60
[ 1455.416190][T21904]  tomoyo_path_number_perm+0x245/0x580
[ 1455.416210][T21904]  ? tomoyo_path_number_perm+0x237/0x580
[ 1455.416234][T21904]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1455.416256][T21904]  ? find_held_lock+0x2b/0x80
[ 1455.416302][T21904]  ? find_held_lock+0x2b/0x80
[ 1455.416323][T21904]  ? hook_file_ioctl_common+0x145/0x410
[ 1455.416356][T21904]  ? __fget_files+0x20e/0x3c0
[ 1455.416386][T21904]  security_file_ioctl+0x9b/0x240
[ 1455.416418][T21904]  __x64_sys_ioctl+0xb7/0x210
[ 1455.416441][T21904]  do_syscall_64+0xcd/0x4c0
[ 1455.416470][T21904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1455.416488][T21904] RIP: 0033:0x7fee4eb8e929
[ 1455.416503][T21904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1455.416520][T21904] RSP: 002b:00007fee4f91a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1455.416538][T21904] RAX: ffffffffffffffda RBX: 00007fee4edb5fa0 RCX: 00007fee4eb8e929
[ 1455.416549][T21904] RDX: 0000200000019180 RSI: 000000004048ae9b RDI: 0000000000000005
[ 1455.416560][T21904] RBP: 00007fee4f91a090 R08: 0000000000000000 R09: 0000000000000000
[ 1455.416570][T21904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1455.416585][T21904] R13: 0000000000000000 R14: 00007fee4edb5fa0 R15: 00007ffcbd136ee8
[ 1455.416609][T21904]  </TASK>
[ 1455.416634][T21904] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1455.739742][T21910] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=21910 comm=syz.4.3772
[ 1457.756833][T21929] FAULT_INJECTION: forcing a failure.
[ 1457.756833][T21929] name failslab, interval 1, probability 0, space 0, times 0
[ 1457.797825][T21929] CPU: 0 UID: 0 PID: 21929 Comm: syz.2.3777 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1457.797857][T21929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1457.797868][T21929] Call Trace:
[ 1457.797876][T21929]  <TASK>
[ 1457.797885][T21929]  dump_stack_lvl+0x16c/0x1f0
[ 1457.797918][T21929]  should_fail_ex+0x512/0x640
[ 1457.797941][T21929]  ? fs_reclaim_acquire+0xae/0x150
[ 1457.797963][T21929]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1457.797989][T21929]  should_failslab+0xc2/0x120
[ 1457.798015][T21929]  __kmalloc_noprof+0xd2/0x510
[ 1457.798044][T21929]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1457.798074][T21929]  ? tomoyo_profile+0x47/0x60
[ 1457.798104][T21929]  tomoyo_path_number_perm+0x245/0x580
[ 1457.798131][T21929]  ? tomoyo_path_number_perm+0x237/0x580
[ 1457.798153][T21929]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1457.798177][T21929]  ? find_held_lock+0x2b/0x80
[ 1457.798225][T21929]  ? find_held_lock+0x2b/0x80
[ 1457.798246][T21929]  ? hook_file_ioctl_common+0x145/0x410
[ 1457.798282][T21929]  ? __fget_files+0x20e/0x3c0
[ 1457.798313][T21929]  security_file_ioctl+0x9b/0x240
[ 1457.798340][T21929]  __x64_sys_ioctl+0xb7/0x210
[ 1457.798362][T21929]  do_syscall_64+0xcd/0x4c0
[ 1457.798389][T21929]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1457.798408][T21929] RIP: 0033:0x7ff8ee38e929
[ 1457.798423][T21929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1457.798441][T21929] RSP: 002b:00007ff8ef296038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1457.798459][T21929] RAX: ffffffffffffffda RBX: 00007ff8ee5b5fa0 RCX: 00007ff8ee38e929
[ 1457.798470][T21929] RDX: 0000000000000000 RSI: 000000000000550c RDI: 0000000000000003
[ 1457.798480][T21929] RBP: 00007ff8ef296090 R08: 0000000000000000 R09: 0000000000000000
[ 1457.798491][T21929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1457.798501][T21929] R13: 0000000000000000 R14: 00007ff8ee5b5fa0 R15: 00007ffc722f3bd8
[ 1457.798526][T21929]  </TASK>
[ 1457.798534][T21929] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1458.290483][T21938] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3778'.
[ 1458.586819][   T30] audit: type=1400 audit(1750839364.576:493): avc:  denied  { setopt } for  pid=21947 comm="syz.4.3783" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1458.700747][T21951] tmpfs: Bad value for 'mpol'
[ 1458.897526][T21959] FAULT_INJECTION: forcing a failure.
[ 1458.897526][T21959] name failslab, interval 1, probability 0, space 0, times 0
[ 1458.927884][   T30] audit: type=1326 audit(1750839364.936:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21953 comm="syz.2.3784" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8ee38e929 code=0x0
[ 1458.962400][T21959] CPU: 0 UID: 0 PID: 21959 Comm: syz.3.3786 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1458.962429][T21959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1458.962440][T21959] Call Trace:
[ 1458.962447][T21959]  <TASK>
[ 1458.962454][T21959]  dump_stack_lvl+0x16c/0x1f0
[ 1458.962484][T21959]  should_fail_ex+0x512/0x640
[ 1458.962507][T21959]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1458.962535][T21959]  should_failslab+0xc2/0x120
[ 1458.962561][T21959]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1458.962585][T21959]  ? __alloc_skb+0x2b2/0x380
[ 1458.962612][T21959]  __alloc_skb+0x2b2/0x380
[ 1458.962635][T21959]  ? __pfx___alloc_skb+0x10/0x10
[ 1458.962661][T21959]  ? find_held_lock+0x2b/0x80
[ 1458.962690][T21959]  tcp_stream_alloc_skb+0x34/0x570
[ 1458.962716][T21959]  tcp_sendmsg_locked+0x130f/0x4300
[ 1458.962747][T21959]  ? __lock_acquire+0xb8a/0x1c90
[ 1458.962782][T21959]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1458.962806][T21959]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1458.962825][T21959]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1458.962851][T21959]  ? __local_bh_enable_ip+0xa4/0x120
[ 1458.962876][T21959]  tcp_sendmsg+0x2e/0x50
[ 1458.962896][T21959]  ? __pfx_tcp_sendmsg+0x10/0x10
[ 1458.962918][T21959]  inet_sendmsg+0xb9/0x140
[ 1458.962943][T21959]  __sys_sendto+0x43c/0x520
[ 1458.962966][T21959]  ? __pfx___sys_sendto+0x10/0x10
[ 1458.963018][T21959]  __x64_sys_sendto+0xe0/0x1c0
[ 1458.963039][T21959]  ? do_syscall_64+0x91/0x4c0
[ 1458.963061][T21959]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1458.963081][T21959]  do_syscall_64+0xcd/0x4c0
[ 1458.963108][T21959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1458.963125][T21959] RIP: 0033:0x7f0fe6b8e929
[ 1458.963140][T21959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1458.963157][T21959] RSP: 002b:00007f0fe7a28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1458.963175][T21959] RAX: ffffffffffffffda RBX: 00007f0fe6db5fa0 RCX: 00007f0fe6b8e929
[ 1458.963187][T21959] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[ 1458.963197][T21959] RBP: 00007f0fe7a28090 R08: 0000000000000000 R09: 0000000000000000
[ 1458.963207][T21959] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000001
[ 1458.963218][T21959] R13: 0000000000000000 R14: 00007f0fe6db5fa0 R15: 00007ffe2d0a5b18
[ 1458.963242][T21959]  </TASK>
[ 1459.736340][ T5865] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1459.923197][ T5865] usb 5-1: Using ep0 maxpacket: 16
[ 1459.940821][ T5865] usb 5-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 1023
[ 1459.961362][ T5865] usb 5-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1459.987310][ T5865] usb 5-1: config 1 interface 0 has no altsetting 0
[ 1460.001944][ T5865] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1460.019722][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1460.031620][ T5865] usb 5-1: Product: 믋殁啓鱗根ࡑใ얪툏⊛Å녟鏷涟㝰铣ℾ婂忂俛鶴☇砀玭綺戲輁ݮ惡쀷ꇺ鹏볖令ᎌ鮓Ĥ弡寽
[ 1460.051544][ T5865] usb 5-1: SerialNumber: ъ
[ 1460.061531][T21951] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1460.070763][T21967] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[ 1460.085426][T21967] SELinux: failed to load policy
[ 1460.264746][T21973] netlink: 'syz.3.3789': attribute type 4 has an invalid length.
[ 1460.359220][T21973] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.3789'.
[ 1461.072160][ T5865] usb 5-1: USB disconnect, device number 58
[ 1461.501518][T21985] FAULT_INJECTION: forcing a failure.
[ 1461.501518][T21985] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1461.548538][T21985] CPU: 0 UID: 0 PID: 21985 Comm: syz.3.3792 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1461.548567][T21985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1461.548577][T21985] Call Trace:
[ 1461.548584][T21985]  <TASK>
[ 1461.548591][T21985]  dump_stack_lvl+0x16c/0x1f0
[ 1461.548620][T21985]  should_fail_ex+0x512/0x640
[ 1461.548644][T21985]  _copy_from_user+0x2e/0xd0
[ 1461.548667][T21985]  copy_msghdr_from_user+0x98/0x160
[ 1461.548686][T21985]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1461.548707][T21985]  ___sys_sendmsg+0xfe/0x1d0
[ 1461.548722][T21985]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1461.548735][T21985]  ? __lock_acquire+0x622/0x1c90
[ 1461.548768][T21985]  __sys_sendmsg+0x16d/0x220
[ 1461.548782][T21985]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1461.548805][T21985]  do_syscall_64+0xcd/0x4c0
[ 1461.548821][T21985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1461.548833][T21985] RIP: 0033:0x7f0fe6b8e929
[ 1461.548843][T21985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1461.548853][T21985] RSP: 002b:00007f0fe7a28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1461.548863][T21985] RAX: ffffffffffffffda RBX: 00007f0fe6db5fa0 RCX: 00007f0fe6b8e929
[ 1461.548870][T21985] RDX: 0000000020048054 RSI: 0000200000000000 RDI: 0000000000000004
[ 1461.548876][T21985] RBP: 00007f0fe7a28090 R08: 0000000000000000 R09: 0000000000000000
[ 1461.548882][T21985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1461.548888][T21985] R13: 0000000000000000 R14: 00007f0fe6db5fa0 R15: 00007ffe2d0a5b18
[ 1461.548901][T21985]  </TASK>
[ 1461.912559][T21992] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3795'.
[ 1461.928675][   T30] audit: type=1400 audit(1750839367.936:495): avc:  denied  { ioctl } for  pid=21993 comm="syz.3.3797" path="socket:[69842]" dev="sockfs" ino=69842 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1461.983831][ T5865] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1462.003302][   T30] audit: type=1400 audit(1750839368.006:496): avc:  denied  { write } for  pid=21993 comm="syz.3.3797" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1462.047144][   T30] audit: type=1400 audit(1750839368.036:497): avc:  denied  { read } for  pid=21993 comm="syz.3.3797" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1462.145763][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1462.156971][ T5865] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1462.202902][T21996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3798'.
[ 1462.234893][ T5865] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1462.275261][ T5865] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1462.288807][ T5865] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1462.299445][ T5865] usb 2-1: config 0 descriptor??
[ 1463.275217][T22011] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1464.100284][T22019] FAULT_INJECTION: forcing a failure.
[ 1464.100284][T22019] name failslab, interval 1, probability 0, space 0, times 0
[ 1464.332860][T22019] CPU: 1 UID: 0 PID: 22019 Comm: syz.3.3803 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1464.332887][T22019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1464.332898][T22019] Call Trace:
[ 1464.332904][T22019]  <TASK>
[ 1464.332912][T22019]  dump_stack_lvl+0x16c/0x1f0
[ 1464.332943][T22019]  should_fail_ex+0x512/0x640
[ 1464.332966][T22019]  ? fs_reclaim_acquire+0xae/0x150
[ 1464.332986][T22019]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1464.333009][T22019]  should_failslab+0xc2/0x120
[ 1464.333035][T22019]  __kmalloc_noprof+0xd2/0x510
[ 1464.333064][T22019]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1464.333088][T22019]  ? tomoyo_profile+0x47/0x60
[ 1464.333115][T22019]  tomoyo_path_number_perm+0x245/0x580
[ 1464.333140][T22019]  ? tomoyo_path_number_perm+0x237/0x580
[ 1464.333164][T22019]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1464.333185][T22019]  ? find_held_lock+0x2b/0x80
[ 1464.333228][T22019]  ? find_held_lock+0x2b/0x80
[ 1464.333247][T22019]  ? hook_file_ioctl_common+0x145/0x410
[ 1464.333279][T22019]  ? __fget_files+0x20e/0x3c0
[ 1464.333307][T22019]  security_file_ioctl+0x9b/0x240
[ 1464.333333][T22019]  __x64_sys_ioctl+0xb7/0x210
[ 1464.333354][T22019]  do_syscall_64+0xcd/0x4c0
[ 1464.333382][T22019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1464.333399][T22019] RIP: 0033:0x7f0fe6b8e929
[ 1464.333413][T22019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1464.333428][T22019] RSP: 002b:00007f0fe7a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1464.333445][T22019] RAX: ffffffffffffffda RBX: 00007f0fe6db6080 RCX: 00007f0fe6b8e929
[ 1464.333456][T22019] RDX: 0000200000000040 RSI: 00000000c008561c RDI: 0000000000000003
[ 1464.333467][T22019] RBP: 00007f0fe7a07090 R08: 0000000000000000 R09: 0000000000000000
[ 1464.333476][T22019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1464.333485][T22019] R13: 0000000000000000 R14: 00007f0fe6db6080 R15: 00007ffe2d0a5b18
[ 1464.333509][T22019]  </TASK>
[ 1464.536057][T21990] ceph: No mds server is up or the cluster is laggy
[ 1464.587713][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1464.595833][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1464.602257][T22019] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1465.868057][T22037] net_ratelimit: 48 callbacks suppressed
[ 1465.868083][T22037] openvswitch: netlink: Message has 191 unknown bytes.
[ 1466.002470][T22037] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1466.146749][T22040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1466.251317][T22040] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1466.324224][ T5865] usbhid 2-1:0.0: can't add hid device: -71
[ 1466.330358][ T5865] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1466.350015][T22042] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3810'.
[ 1466.353324][ T5865] usb 2-1: USB disconnect, device number 60
[ 1466.383223][T21434] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1466.524092][T21434] usb 5-1: device descriptor read/64, error -71
[ 1466.622920][T22051] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3808'.
[ 1466.948969][T21434] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1467.119268][T21434] usb 5-1: device descriptor read/64, error -71
[ 1467.812256][T21434] usb usb5-port1: attempt power cycle
[ 1468.276914][T21434] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1468.421930][T21434] usb 5-1: device descriptor read/8, error -71
[ 1468.651469][T15771] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 1468.663449][T21434] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1468.698814][T21434] usb 5-1: device descriptor read/8, error -71
[ 1468.787506][T22073] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1468.840834][T22073] hub 8-0:1.0: USB hub found
[ 1468.847432][T22073] hub 8-0:1.0: 1 port detected
[ 1468.877372][   T30] audit: type=1400 audit(1750839374.786:498): avc:  denied  { read } for  pid=22070 comm="syz.3.3820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1468.903215][T15771] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1469.128765][T21434] usb usb5-port1: unable to enumerate USB device
[ 1469.154830][T15771] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1469.203486][T15771] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1469.220251][T15771] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1469.257386][T15771] usb 1-1: config 0 descriptor??
[ 1469.258290][T22075] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3821'.
[ 1469.276376][T22075] netlink: 'syz.4.3821': attribute type 7 has an invalid length.
[ 1469.277002][T15771] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1469.296548][T22075] netlink: 'syz.4.3821': attribute type 8 has an invalid length.
[ 1469.305686][T22075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3821'.
[ 1469.322582][T22075] gretap0: entered promiscuous mode
[ 1469.330532][T22075] batadv_slave_1: entered promiscuous mode
[ 1469.344511][T22075] gretap0: left promiscuous mode
[ 1469.358710][T22075] batadv_slave_1: left promiscuous mode
[ 1469.888307][   T30] audit: type=1400 audit(1750839375.896:499): avc:  denied  { unmount } for  pid=22078 comm="syz.4.3823" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[ 1471.924615][T22087] ceph: No mds server is up or the cluster is laggy
[ 1471.935568][T15771] libceph: connect (1)[c::]:6789 error -101
[ 1471.950056][T15771] libceph: mon0 (1)[c::]:6789 connect error
[ 1472.865662][T22102] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3827'.
[ 1473.171320][T21726] usb 1-1: USB disconnect, device number 58
[ 1473.216021][   T30] audit: type=1400 audit(1750839379.226:500): avc:  denied  { setopt } for  pid=22104 comm="syz.4.3829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1473.409022][T22111] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=22111 comm=syz.2.3831
[ 1473.913265][ T5872] usb 4-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-ec168.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1474.052629][T17302] usb 3-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-ec168.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[ 1474.089583][ T5872] dvb_usb_ec168 4-1:0.1: probe with driver dvb_usb_ec168 failed with error -2
[ 1474.103949][T17302] dvb_usb_ec168 3-1:0.1: probe with driver dvb_usb_ec168 failed with error -110
[ 1474.155937][ T5872] usb 4-1: USB disconnect, device number 68
[ 1474.176266][T17302] usb 3-1: USB disconnect, device number 60
[ 1474.493519][T22126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3826'.
[ 1475.260399][T21726] libceph: connect (1)[c::]:6789 error -101
[ 1475.307568][T22128] ceph: No mds server is up or the cluster is laggy
[ 1475.336941][T21726] libceph: mon0 (1)[c::]:6789 connect error
[ 1475.603666][T21726] libceph: connect (1)[c::]:6789 error -101
[ 1475.613286][T21726] libceph: mon0 (1)[c::]:6789 connect error
[ 1476.049198][T22143] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3837'.
[ 1476.444044][T17269] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1476.469725][T22146] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1476.634957][T17269] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1476.669192][T17269] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1476.714353][   T30] audit: type=1400 audit(1750839382.716:501): avc:  denied  { ioctl } for  pid=22147 comm="syz.1.3839" path="socket:[69078]" dev="sockfs" ino=69078 ioctlcmd=0x8924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1476.755246][T17269] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1476.886285][T17269] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1476.896548][T17269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1477.408523][T17269] usb 3-1: config 0 descriptor??
[ 1477.794644][T22157] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3841'.
[ 1477.967811][T22159] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3843'.
[ 1477.976660][   T30] audit: type=1400 audit(1750839383.966:502): avc:  denied  { getopt } for  pid=22158 comm="syz.1.3843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[ 1478.764787][T22158] delete_channel: no stack
[ 1479.021238][ T5872] libceph: connect (1)[c::]:6789 error -101
[ 1479.030152][ T5872] libceph: mon0 (1)[c::]:6789 connect error
[ 1479.229533][T22179] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3849'.
[ 1479.273733][T22173] ceph: No mds server is up or the cluster is laggy
[ 1479.286478][T22186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3846'.
[ 1479.310089][ T5872] libceph: connect (1)[c::]:6789 error -101
[ 1479.585309][   T30] audit: type=1400 audit(1750839385.586:503): avc:  denied  { connect } for  pid=22183 comm="syz.4.3848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1479.746236][ T5872] libceph: mon0 (1)[c::]:6789 connect error
[ 1480.224671][T17269] usbhid 3-1:0.0: can't add hid device: -71
[ 1480.230641][T17269] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1480.382764][T17269] usb 3-1: USB disconnect, device number 61
[ 1480.988148][T22202] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3853'.
[ 1482.496936][T22218] ceph: No mds server is up or the cluster is laggy
[ 1482.504490][T21726] libceph: connect (1)[c::]:6789 error -101
[ 1482.513532][T21726] libceph: mon0 (1)[c::]:6789 connect error
[ 1483.757512][T21726] libceph: connect (1)[c::]:6789 error -101
[ 1483.800097][T21726] libceph: mon0 (1)[c::]:6789 connect error
[ 1483.810925][T22236] ceph: No mds server is up or the cluster is laggy
[ 1484.148413][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.419606][T21726] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1485.509353][T21726] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1485.566010][T21726] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1485.580338][T21726] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1485.769409][T21726] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1485.778789][T21726] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1485.817629][T21726] usb 5-1: config 0 descriptor??
[ 1487.066673][T22258] ceph: No mds server is up or the cluster is laggy
[ 1487.081591][ T9045] libceph: connect (1)[c::]:6789 error -101
[ 1487.091989][ T9045] libceph: mon0 (1)[c::]:6789 connect error
[ 1487.309869][T22266] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3865'.
[ 1488.243128][T21726] usbhid 5-1:0.0: can't add hid device: -71
[ 1488.250721][T21726] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1488.278650][T21726] usb 5-1: USB disconnect, device number 63
[ 1488.352651][T22276] FAULT_INJECTION: forcing a failure.
[ 1488.352651][T22276] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1488.353749][T22276] 
[ 1488.353755][T22276] ======================================================
[ 1488.353760][T22276] WARNING: possible circular locking dependency detected
[ 1488.353764][T22276] 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 Not tainted
[ 1488.353770][T22276] ------------------------------------------------------
[ 1488.353774][T22276] syz.1.3868/22276 is trying to acquire lock:
[ 1488.353779][T22276] ffffffff8e4d1ee0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[ 1488.353808][T22276] 
[ 1488.353808][T22276] but task is already holding lock:
[ 1488.353811][T22276] ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1488.353834][T22276] 
[ 1488.353834][T22276] which lock already depends on the new lock.
[ 1488.353834][T22276] 
[ 1488.353837][T22276] 
[ 1488.353837][T22276] the existing dependency chain (in reverse order) is:
[ 1488.353841][T22276] 
[ 1488.353841][T22276] -> #4 (&rq->__lock){-.-.}-{2:2}:
[ 1488.353853][T22276]        _raw_spin_lock_nested+0x31/0x40
[ 1488.353866][T22276]        raw_spin_rq_lock_nested+0x29/0x130
[ 1488.353877][T22276]        task_rq_lock+0xcf/0x490
[ 1488.353888][T22276]        cgroup_move_task+0x81/0x2a0
[ 1488.353901][T22276]        css_set_move_task+0x288/0x5f0
[ 1488.353910][T22276]        cgroup_post_fork+0x201/0x9e0
[ 1488.353922][T22276]        copy_process+0x5cfc/0x76a0
[ 1488.353935][T22276]        kernel_clone+0xfc/0x960
[ 1488.353947][T22276]        user_mode_thread+0xc7/0x110
[ 1488.353960][T22276]        rest_init+0x23/0x2b0
[ 1488.353968][T22276]        start_kernel+0x3ee/0x4d0
[ 1488.353981][T22276]        x86_64_start_reservations+0x18/0x30
[ 1488.353993][T22276]        x86_64_start_kernel+0x130/0x190
[ 1488.354005][T22276]        common_startup_64+0x13e/0x148
[ 1488.354015][T22276] 
[ 1488.354015][T22276] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[ 1488.354026][T22276]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1488.354038][T22276]        try_to_wake_up+0xb2/0x1680
[ 1488.354050][T22276]        __wake_up_common+0x135/0x1f0
[ 1488.354065][T22276]        __wake_up+0x31/0x60
[ 1488.354077][T22276]        tty_port_default_wakeup+0x2a/0x40
[ 1488.354092][T22276]        serial8250_tx_chars+0x68e/0x860
[ 1488.354108][T22276]        serial8250_handle_irq+0x761/0xcb0
[ 1488.354123][T22276]        serial8250_default_handle_irq+0x9a/0x210
[ 1488.354132][T22276]        serial8250_interrupt+0x103/0x210
[ 1488.354142][T22276]        __handle_irq_event_percpu+0x229/0x7d0
[ 1488.354153][T22276]        handle_irq_event+0xab/0x1e0
[ 1488.354164][T22276]        handle_edge_irq+0x28e/0xab0
[ 1488.354174][T22276]        __common_interrupt+0xdf/0x250
[ 1488.354185][T22276]        common_interrupt+0xba/0xe0
[ 1488.354195][T22276]        asm_common_interrupt+0x26/0x40
[ 1488.354205][T22276]        pv_native_safe_halt+0xf/0x20
[ 1488.354217][T22276]        default_idle+0x13/0x20
[ 1488.354225][T22276]        default_idle_call+0x6d/0xb0
[ 1488.354233][T22276]        do_idle+0x391/0x510
[ 1488.354243][T22276]        cpu_startup_entry+0x4f/0x60
[ 1488.354255][T22276]        start_secondary+0x21d/0x2b0
[ 1488.354267][T22276]        common_startup_64+0x13e/0x148
[ 1488.354275][T22276] 
[ 1488.354275][T22276] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[ 1488.354288][T22276]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1488.354299][T22276]        __wake_up+0x1c/0x60
[ 1488.354311][T22276]        tty_port_default_wakeup+0x2a/0x40
[ 1488.354325][T22276]        serial8250_tx_chars+0x68e/0x860
[ 1488.354340][T22276]        serial8250_handle_irq+0x761/0xcb0
[ 1488.354363][T22276]        serial8250_default_handle_irq+0x9a/0x210
[ 1488.354372][T22276]        serial8250_interrupt+0x103/0x210
[ 1488.354381][T22276]        __handle_irq_event_percpu+0x229/0x7d0
[ 1488.354392][T22276]        handle_irq_event+0xab/0x1e0
[ 1488.354403][T22276]        handle_edge_irq+0x28e/0xab0
[ 1488.354413][T22276]        __common_interrupt+0xdf/0x250
[ 1488.354424][T22276]        common_interrupt+0xba/0xe0
[ 1488.354433][T22276]        asm_common_interrupt+0x26/0x40
[ 1488.354442][T22276]        pv_native_safe_halt+0xf/0x20
[ 1488.354454][T22276]        default_idle+0x13/0x20
[ 1488.354462][T22276]        default_idle_call+0x6d/0xb0
[ 1488.354470][T22276]        do_idle+0x391/0x510
[ 1488.354480][T22276]        cpu_startup_entry+0x4f/0x60
[ 1488.354492][T22276]        start_secondary+0x21d/0x2b0
[ 1488.354503][T22276]        common_startup_64+0x13e/0x148
[ 1488.354511][T22276] 
[ 1488.354511][T22276] -> #1 (&port_lock_key){-.-.}-{3:3}:
[ 1488.354524][T22276]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1488.354535][T22276]        serial8250_console_write+0x181/0x1890
[ 1488.354545][T22276]        console_flush_all+0x801/0xc60
[ 1488.354555][T22276]        console_unlock+0xd8/0x210
[ 1488.354565][T22276]        vprintk_emit+0x418/0x6d0
[ 1488.354577][T22276]        _printk+0xc7/0x100
[ 1488.354584][T22276]        register_console+0xc2d/0x11b0
[ 1488.354595][T22276]        univ8250_console_init+0x5f/0x90
[ 1488.354608][T22276]        console_init+0x14f/0x680
[ 1488.354620][T22276]        start_kernel+0x29f/0x4d0
[ 1488.354631][T22276]        x86_64_start_reservations+0x18/0x30
[ 1488.354643][T22276]        x86_64_start_kernel+0x130/0x190
[ 1488.354655][T22276]        common_startup_64+0x13e/0x148
[ 1488.354663][T22276] 
[ 1488.354663][T22276] -> #0 (console_owner){-.-.}-{0:0}:
[ 1488.354675][T22276]        __lock_acquire+0x126f/0x1c90
[ 1488.354689][T22276]        lock_acquire+0x179/0x350
[ 1488.354703][T22276]        console_lock_spinning_enable+0xb0/0xd0
[ 1488.354714][T22276]        console_flush_all+0x7aa/0xc60
[ 1488.354724][T22276]        console_unlock+0xd8/0x210
[ 1488.354735][T22276]        vprintk_emit+0x418/0x6d0
[ 1488.354746][T22276]        _printk+0xc7/0x100
[ 1488.354753][T22276]        should_fail_ex+0x4e7/0x640
[ 1488.354765][T22276]        strncpy_from_user+0x3b/0x2e0
[ 1488.354776][T22276]        strncpy_from_user_nofault+0x7f/0x180
[ 1488.354791][T22276]        bpf_probe_read_compat_str+0xe8/0x180
[ 1488.354801][T22276]        bpf_prog_83101f93da67a838+0x46/0x4c
[ 1488.354809][T22276]        bpf_trace_run2+0x34d/0x590
[ 1488.354818][T22276]        __bpf_trace_tlb_flush+0xd1/0x110
[ 1488.354827][T22276]        trace_tlb_flush+0xe4/0x160
[ 1488.354839][T22276]        switch_mm_irqs_off+0x2b1/0x7f0
[ 1488.354850][T22276]        __schedule+0xf4a/0x5de0
[ 1488.354861][T22276]        schedule+0xe7/0x3a0
[ 1488.354872][T22276]        exit_to_user_mode_loop+0x67/0x110
[ 1488.354883][T22276]        do_syscall_64+0x3f6/0x4c0
[ 1488.354896][T22276]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1488.354906][T22276] 
[ 1488.354906][T22276] other info that might help us debug this:
[ 1488.354906][T22276] 
[ 1488.354909][T22276] Chain exists of:
[ 1488.354909][T22276]   console_owner --> &p->pi_lock --> &rq->__lock
[ 1488.354909][T22276] 
[ 1488.354922][T22276]  Possible unsafe locking scenario:
[ 1488.354922][T22276] 
[ 1488.354925][T22276]        CPU0                    CPU1
[ 1488.354928][T22276]        ----                    ----
[ 1488.354931][T22276]   lock(&rq->__lock);
[ 1488.354937][T22276]                                lock(&p->pi_lock);
[ 1488.354945][T22276]                                lock(&rq->__lock);
[ 1488.354951][T22276]   lock(console_owner);
[ 1488.354957][T22276] 
[ 1488.354957][T22276]  *** DEADLOCK ***
[ 1488.354957][T22276] 
[ 1488.354960][T22276] 4 locks held by syz.1.3868/22276:
[ 1488.354966][T22276]  #0: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1488.354989][T22276]  #1: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1b6/0x590
[ 1488.355011][T22276]  #2: ffffffff8e5b2320 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[ 1488.355030][T22276]  #3: ffffffff8e5b2390 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[ 1488.355053][T22276] 
[ 1488.355053][T22276] stack backtrace:
[ 1488.355058][T22276] CPU: 1 UID: 0 PID: 22276 Comm: syz.1.3868 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1488.355071][T22276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1488.355077][T22276] Call Trace:
[ 1488.355080][T22276]  <TASK>
[ 1488.355084][T22276]  dump_stack_lvl+0x116/0x1f0
[ 1488.355099][T22276]  print_circular_bug+0x275/0x350
[ 1488.355115][T22276]  check_noncircular+0x14c/0x170
[ 1488.355131][T22276]  __lock_acquire+0x126f/0x1c90
[ 1488.355148][T22276]  lock_acquire+0x179/0x350
[ 1488.355163][T22276]  ? console_lock_spinning_enable+0x9f/0xd0
[ 1488.355175][T22276]  ? console_lock_spinning_enable+0x88/0xd0
[ 1488.355188][T22276]  console_lock_spinning_enable+0xb0/0xd0
[ 1488.355199][T22276]  ? console_lock_spinning_enable+0x9f/0xd0
[ 1488.355211][T22276]  console_flush_all+0x7aa/0xc60
[ 1488.355223][T22276]  ? __pfx_console_flush_all+0x10/0x10
[ 1488.355237][T22276]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1488.355251][T22276]  console_unlock+0xd8/0x210
[ 1488.355263][T22276]  ? __pfx_console_unlock+0x10/0x10
[ 1488.355274][T22276]  ? do_raw_spin_unlock+0x120/0x230
[ 1488.355285][T22276]  ? _printk+0xc7/0x100
[ 1488.355293][T22276]  ? __down_trylock_console_sem+0xb0/0x140
[ 1488.355303][T22276]  vprintk_emit+0x418/0x6d0
[ 1488.355315][T22276]  ? __pfx_vprintk_emit+0x10/0x10
[ 1488.355327][T22276]  ? lock_acquire+0x179/0x350
[ 1488.355346][T22276]  ? find_held_lock+0x2b/0x80
[ 1488.355359][T22276]  _printk+0xc7/0x100
[ 1488.355367][T22276]  ? __pfx__printk+0x10/0x10
[ 1488.355376][T22276]  ? __pfx____ratelimit+0x10/0x10
[ 1488.355391][T22276]  should_fail_ex+0x4e7/0x640
[ 1488.355404][T22276]  strncpy_from_user+0x3b/0x2e0
[ 1488.355416][T22276]  strncpy_from_user_nofault+0x7f/0x180
[ 1488.355431][T22276]  bpf_probe_read_compat_str+0xe8/0x180
[ 1488.355442][T22276]  bpf_prog_83101f93da67a838+0x46/0x4c
[ 1488.355450][T22276]  bpf_trace_run2+0x34d/0x590
[ 1488.355460][T22276]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1488.355470][T22276]  ? kvm_sched_clock_read+0x11/0x20
[ 1488.355483][T22276]  ? sched_clock_cpu+0x6c/0x530
[ 1488.355497][T22276]  ? lock_acquire+0x179/0x350
[ 1488.355513][T22276]  __bpf_trace_tlb_flush+0xd1/0x110
[ 1488.355522][T22276]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[ 1488.355535][T22276]  trace_tlb_flush+0xe4/0x160
[ 1488.355546][T22276]  switch_mm_irqs_off+0x2b1/0x7f0
[ 1488.355559][T22276]  __schedule+0xf4a/0x5de0
[ 1488.355572][T22276]  ? ksys_write+0x190/0x250
[ 1488.355587][T22276]  ? __pfx___schedule+0x10/0x10
[ 1488.355601][T22276]  ? fput+0x70/0xf0
[ 1488.355616][T22276]  ? ksys_write+0x1ac/0x250
[ 1488.355629][T22276]  schedule+0xe7/0x3a0
[ 1488.355641][T22276]  exit_to_user_mode_loop+0x67/0x110
[ 1488.355652][T22276]  do_syscall_64+0x3f6/0x4c0
[ 1488.355667][T22276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1488.355677][T22276] RIP: 0033:0x7fee4eb8d3df
[ 1488.355684][T22276] Code: Unable to access opcode bytes at 0x7fee4eb8d3b5.
[ 1488.355689][T22276] RSP: 002b:00007fee4c9f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1488.355698][T22276] RAX: 0000000000000001 RBX: 0000000000000007 RCX: 00007fee4eb8d3df
[ 1488.355704][T22276] RDX: 0000000000000001 RSI: 00007fee4c9f6090 RDI: 0000000000000007
[ 1488.355710][T22276] RBP: 00007fee4c9f6090 R08: 0000000000000000 R09: 00007fee4c9f5df7
[ 1488.355717][T22276] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1488.355722][T22276] R13: 0000000000000001 R14: 00007fee4edb6080 R15: 00007ffcbd136ee8
[ 1488.355731][T22276]  </TASK>
[ 1489.414994][T22276] CPU: 1 UID: 0 PID: 22276 Comm: syz.1.3868 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[ 1489.415010][T22276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1489.415018][T22276] Call Trace:
[ 1489.415025][T22276]  <TASK>
[ 1489.415030][T22276]  dump_stack_lvl+0x116/0x1f0
[ 1489.415049][T22276]  should_fail_ex+0x512/0x640
[ 1489.415065][T22276]  strncpy_from_user+0x3b/0x2e0
[ 1489.415078][T22276]  strncpy_from_user_nofault+0x7f/0x180
[ 1489.415095][T22276]  bpf_probe_read_compat_str+0xe8/0x180
[ 1489.415107][T22276]  bpf_prog_83101f93da67a838+0x46/0x4c
[ 1489.415115][T22276]  bpf_trace_run2+0x34d/0x590
[ 1489.415126][T22276]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1489.415136][T22276]  ? kvm_sched_clock_read+0x11/0x20
[ 1489.415154][T22276]  ? sched_clock_cpu+0x6c/0x530
[ 1489.415169][T22276]  ? lock_acquire+0x179/0x350
[ 1489.415186][T22276]  __bpf_trace_tlb_flush+0xd1/0x110
[ 1489.415196][T22276]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[ 1489.415208][T22276]  trace_tlb_flush+0xe4/0x160
[ 1489.415221][T22276]  switch_mm_irqs_off+0x2b1/0x7f0
[ 1489.415234][T22276]  __schedule+0xf4a/0x5de0
[ 1489.415247][T22276]  ? ksys_write+0x190/0x250
[ 1489.415262][T22276]  ? __pfx___schedule+0x10/0x10
[ 1489.415276][T22276]  ? fput+0x70/0xf0
[ 1489.415291][T22276]  ? ksys_write+0x1ac/0x250
[ 1489.415304][T22276]  schedule+0xe7/0x3a0
[ 1489.415316][T22276]  exit_to_user_mode_loop+0x67/0x110
[ 1489.415329][T22276]  do_syscall_64+0x3f6/0x4c0
[ 1489.415344][T22276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1489.415355][T22276] RIP: 0033:0x7fee4eb8d3df
[ 1489.415363][T22276] Code: Unable to access opcode bytes at 0x7fee4eb8d3b5.
[ 1489.415368][T22276] RSP: 002b:00007fee4c9f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1489.415378][T22276] RAX: 0000000000000001 RBX: 0000000000000007 RCX: 00007fee4eb8d3df
[ 1489.415385][T22276] RDX: 0000000000000001 RSI: 00007fee4c9f6090 RDI: 0000000000000007
[ 1489.415391][T22276] RBP: 00007fee4c9f6090 R08: 0000000000000000 R09: 00007fee4c9f5df7
[ 1489.415397][T22276] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1489.415403][T22276] R13: 0000000000000001 R14: 00007fee4edb6080 R15: 00007ffcbd136ee8
[ 1489.415412][T22276]  </TASK>