last executing test programs:

16.562702787s ago: executing program 3 (id=2680):
syz_emit_ethernet(0x32, &(0x7f0000000000)={@random="e90c610faca2", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e23, 0x10, 0x0, @opaque="24dc6170e1e03185"}}}}}, 0x0)
syz_emit_ethernet(0x31, &(0x7f0000006340)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x23, 0x0, 0x2, 0x0, 0x11, 0x0, @empty=0x20, @empty}, {0x0, 0x4e20, 0xf, 0x0, @opaque="cc30e06ad1b756"}}}}}, 0x0)

16.488558823s ago: executing program 3 (id=2681):
r0 = fsopen(&(0x7f0000000280)='hugetlbfs\x00', 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920001000109021b1901000000d40904"], 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = epoll_create1(0x0)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0xff, 0x0, 0x3, 0xfffffffe, 0x3}})
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x100})
ioctl$FS_IOC_SETFLAGS(r1, 0x40088a01, &(0x7f0000002200)=0xc0100100)
r3 = fsmount(r0, 0x0, 0x0)
fchdir(r3)
getcwd(&(0x7f0000000040)=""/64, 0x40)

16.483157815s ago: executing program 0 (id=2682):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = fcntl$getown(r0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x0, r1, 0x2, 0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x9, 0x6, 0x7, 0x100000001, 0xb, 0x1000004, 0x629, 0xfff, 0x9})
r2 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r3 = dup(r2)
write$binfmt_elf32(r3, &(0x7f0000000700)=ANY=[@ANYBLOB="7f454c464a030103ff0700000000000002003e00040000003e03000038000000d900000098700000fe0320"], 0x823)
execveat(r3, &(0x7f0000000280)='\x00', 0x0, 0x0, 0x1000)
move_mount(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', r3, &(0x7f0000000240)='./file0\x00', 0x30)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000000)=0x4, 0x4)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x41, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r4, &(0x7f00000030c0)=""/102395, 0x1501d)
read$FUSE(r3, &(0x7f000001c0c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000180)={0x50, 0x0, r5, {0x7, 0x2b, 0x5ad, 0x0, 0x3, 0x9f5b, 0xe1, 0x8, 0x0, 0x0, 0x8, 0x80000000}}, 0x50)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000300)={"51c2f5f376c9086f4816f96b46bb5c8afce7fef494f270f8770194699e7299526da03b489fa0a5ffe829b4bd1a3fcaf9e4dd6f1bf733d6fa692741c489e86f57a2c1d9650eacc3851d32d5b4714d49a7851cf3889cddd4f14d648509b26c7144fcb241a4f66da7dc3db46ddeb8bf081bee35fe528d18bfd6d810fae8a7e9e10cb3a680ab1aca80e7fe9c6fa9a56400cecd4f90b0229096972d9de835bdf342ea51a1a0912f12f46a1c08e0dda347c7d01204d0806de612bf29fd195fb94798928aadec7a030f1d6cb86bd84206846ad0acfbf7ad423470ac2e66e7ef5759bc82eeef56f6bdd19afd47e182259b3be89bf4b20d73b808254c96fb40813ade3d40d55c75a17419bdb6c2494cb6673268351fdb6f6600436a258bd8155c4b87edb6981528295827da67f2fb378572ffa4f2d614f48667a42dbfa898b61b4edaeab37d175f4ccab9d3d1a295253fc26af242c17c4d7e2f3693978093083b6cdeb0cde1828f493f9168398c6befb24ac5d5624fa9923205fb3ab2ba8d50cb42cbcb6fe07b617f1b8d62cef3751710fc4490a9fe31d3d84978ed9a16cc138bbf97385aacdba82b096af26bae17a3ee06ac5e4c3a6e4c7eafcf9f1f36e26121e936dfd7cd4d2600409f8e3e77f338e38c244d35153c325b3cd5ddfda1e8587add4d50c5a72d37966ae1bb48e78093b5fc3f564fbd020706a62c842ffdfd9e0a8f257b75360baad4e9f310dfe1392d59a852ce51f9655aa855a3d11d3baa7475d1dc49de705a2d0715f4968805086518381208526c586c5e71a5040403f2e37c6b1cda5d74748746727f670e472b29d949a61d038bd3ccaa9e1ec1e89433622a794e7b4404b66fc44737a5dcae7aff4ff7c968adb4e076233caf89df3a20d48e25e31842038af132d3abfb22dc6e4a6a0a0cc4af4d4f9658b2f187cbf63439a0f96c9b336ad897e1850cfd0acceb8084d9083ebe76a0644509dd5c40d03320565b77f15afe7c1243ec56abdcd4a3c119e1f252ce0ccca0b4180076664f71dbe0cc6e3001dc95e84c25bdbddc991091fedfdd1c1e1437de5a270078e9e5d0b550a83f2aa8f05d9336199a96a037dedb415257f58d79068b17bbfcb239ddfa99e7a140e559fee5e05db8730f8a8813ed7af93cadf6da68076f3b85a0c4efedf7bd71f495f742c24f2a300ba24be686177fb753b7ce1082e8404e97ccfd0987ac64b786e7f360017441c35cd58431e1eaca5ce2849a1f741d6f07b25c30b5c3d64bd6e57f01c3dd09ce4b17167cdb72a6468ec9d6ee56f71159d7016aa3bb928a9845f4bf42c7ac9b611286c22a611b74fb0aebaf5dafb856c61719a47d9dd527ed638ad5204006e9a3d67117e8abc0e66b1b30da410491ae183e27096669246e03e5ac6232496e4cbb417acf6adc6682d8245d172f33b06e31c41258d3a8ac9c50951837c8"})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_TRANSLATE(r8, 0xc018ae85, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000080)='.\x00', 0x0, 0x1000080, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r3)
write$UHID_INPUT(r9, &(0x7f0000002080)={0x200f, {"20e30a30ed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c526db51b1b5b31070d0773090acd3b78130daa61d8e8040001000000b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19300305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f6709000000a141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a027d5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf050000008000000000f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b3f3f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7af1d0e54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c01008e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2f5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d21488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e1a63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e09d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a603336c00000077cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046ca5b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe6531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e6586df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59555e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0d8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb601203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000930dedf800", 0x1000}}, 0x1006)
ioctl$AUTOFS_DEV_IOCTL_READY(r9, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xa}}, './file0\x00'})
socket$kcm(0x10, 0x2, 0x0)

16.244180259s ago: executing program 0 (id=2685):
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1040022, &(0x7f00000003c0)={[{@mode={'mode', 0x3d, 0x4}}]})

14.903859956s ago: executing program 3 (id=2689):
memfd_secret(0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f00000029c0)='/dev/comedi4\x00', 0x600, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$COMEDI_BUFCONFIG(r6, 0x8020640d, &(0x7f0000000280)={0x1, 0x7, 0x10, 0x7})
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x73622a85, 0x1, 0x1}, @flat=@binder={0x73622a85, 0x190b, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x18}}, 0x40}], 0x0, 0x1000000000000, 0x0})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x6, 0x9, 0x8000000000000000, 0xf4a, 0x0, 0xbdb], 0xffff1001, 0x4000})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f, 0x2, 0x0, 0x0, 0x0, 0x1})
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r7)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r10=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="4d7e00000000fedbdf252a00000008002f000000000005003600000000000c0005000202aaaaaaaaaaaa050037000300000008000200", @ANYRES32=r10], 0x40}, 0x4, 0x700000000000000, 0x0, 0x2000c0c0}, 0x40)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

14.387325638s ago: executing program 0 (id=2690):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = socket(0x10, 0x80003, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, 0x0)

14.270265122s ago: executing program 3 (id=2693):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e27}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
socket$kcm(0x29, 0x5, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r5, 0x1, 0x19, &(0x7f0000000240)='wg1\x00', 0x4)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r6=>0x0})
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6}, 0x94)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001000010800000000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000000000f2000c002b8008000100", @ANYRES32=r7, @ANYBLOB="08001b0000000000"], 0x34}}, 0x0)
r9 = socket(0x2c, 0x3, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x17)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r10, &(0x7f0000000140), &(0x7f0000000080)=@udp6=r9}, 0x20)
close(r9)

14.240480342s ago: executing program 0 (id=2695):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x23)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='veno', 0x4)
sendmmsg$inet6(r0, &(0x7f0000003d40)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000140)="ce", 0x1}], 0x1, 0x0, 0x4002}}], 0x1, 0x20040001)

13.386859947s ago: executing program 3 (id=2696):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="180000003f000107100000000000000003"], 0x21c}, 0x1, 0x0, 0x0, 0x20000005}, 0x890)
getsockname(r0, &(0x7f0000000000), &(0x7f0000000080)=0x80)

13.277812219s ago: executing program 3 (id=2699):
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f0000000000)={0x8, 0x6}, &(0x7f0000000040))
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000280)={<r2=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x2000000000001005, 0x19dff, 0xffffffffffffffff}}}, 0x90)

10.736516948s ago: executing program 1 (id=2709):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x2002})
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000000)=0x4000004, 0x4)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000200000002000000004000000020000000000000c02000000000000000100000dedff0000040000000100000000005f005d654fa4b2b410c52978dc2c887428bc3c29c5dcab4bcfd20841c7"], 0x0, 0xfffffffffffffd84}, 0x28)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$rds(0x15, 0x5, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000580)={0x20000000})
write$vga_arbiter(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="756e6c6f636b20635a41c2"], 0xb)
socket$inet_udp(0x2, 0x2, 0x0)
bind$rds(r4, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000003a80)=[@rdma_args={0x48, 0x114, 0x1, {{0x0, 0x2}, {0x0}, &(0x7f0000000480)=[{&(0x7f00000016c0)=""/96, 0x60}], 0x1, 0x39, 0x2}}], 0x48, 0x4000000}, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='io_uring_file_get\x00', r7}, 0x10)
r8 = syz_io_uring_setup(0x917, &(0x7f0000000300)={0x0, 0x400, 0x400, 0x1000000}, &(0x7f0000000280)=<r9=>0x0, &(0x7f0000000200)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x80, &(0x7f0000000380)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000000c0)=@IORING_OP_WRITEV={0x2, 0x40, 0x4000, @fd=r8, 0x9, 0x0, 0x0, 0x5, 0x1})
io_uring_enter(r8, 0x47f6, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r3, &(0x7f0000000080)="8b", 0x1, 0x24008011, &(0x7f0000000000)={0xa, 0xfffc, 0x0, @private1, 0x882}, 0x1c)

10.258983133s ago: executing program 1 (id=2710):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x40)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r0, 0xc01864cd, &(0x7f0000000540)={0x0, 0x0}) (async)
r1 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x73, 0x9e, 0x61, 0x8, 0xfd9, 0x2c, 0x66b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0xd4, 0x40, 0x0, [{{0x9, 0x4, 0x65, 0x0, 0x1, 0xbe, 0x86, 0x6d, 0x1, [], [{{0x9, 0x5, 0x1, 0x2, 0x40, 0x1, 0x3, 0x9}}]}}]}}]}}, 0x0)
syz_usb_ep_read(r1, 0x1, 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
set_mempolicy(0x3, &(0x7f0000000240)=0x1020fff, 0x6) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00031c0000000203"], 0x0, 0x0}, 0x0) (async)
syz_usb_control_io$printer(r1, &(0x7f00000008c0)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
socket(0x1f, 0x2, 0x9)

9.802024195s ago: executing program 0 (id=2712):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYRESOCT=r1], 0x50)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0xa, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000004000000000000000104", @ANYRES32=r2, @ANYBLOB="9287ff904c0caaa1be85b36ec26967a5a1eb0351ab283e32b98747e3e34577e640525ad0711fecca83ce34861ad61f0e9a589ff01dbffe994e04796e7289a45aed8842f91a8727"], 0x0, 0x1b, 0xb, &(0x7f0000000580)=""/11, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x6, 0x1}, 0x8, 0x10, &(0x7f0000000680)={0x3, 0xc, 0x3, 0xf1}, 0x10, 0x0, r3, 0x0, &(0x7f00000006c0)=[r2, r2, r2, r2, r2, r2, r2, r2, r2], 0x0, 0x10, 0x4}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, 0x0, &(0x7f0000000300)='GPL\x00', 0x800, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000624000/0x4000)=nil, 0x4000, 0xb635773f05ebbeea, 0x810, r3, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
syz_clone(0x11946000, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000018000/0x2000)=nil, 0x2000, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000018c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x40, 0x7fff0000}]})
getpid()
r6 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x1, 0x0)
fchdir(r7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000080)='./file0\x00'}, 0x18)
syz_emit_ethernet(0x46, &(0x7f0000000340)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb0800450000380000000000019078ac1e0001ac1414aa030090781200183f2500000000000000bb890000ac141400e000000200186371ae9b1c03e8c5904e493802086e1ce33e789c7c743ed96ac2faa557ce1e329e3247240b21dbd9153d29b5901cf37d8d6a0bf546ca941baf9db85d5b9c6965f8b0630c310ef181058c8a29dce94f3d0d5c2e22154b14ad8fd9102ae79391ec0b037886bd1f4e5e9d90e1975d3dc30472846c91abdd09381252640f1a8c04177b3ff6421d5ef9879d6247626a8a72ae14cd491dd66cbbdfa9c1a840bf48f1693bd46da448b4ec1da75cb184dfbd590e"], 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r7, 0xc0189375, &(0x7f00000007c0)={{0x1, 0x1, 0x18}, './file1\x00'})

8.600483465s ago: executing program 0 (id=2715):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)) (async)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0xe0, 0x2e, 0x400, 0x70bd27, 0x800, {0x7}, [@typed={0x14, 0xb, 0x0, 0x0, @ipv6=@mcast2}, @generic="1c3efc19e852625c9dd0005f5d17dca72e2cd947d8adfa410b39391e491bba66646e3c099021e2a60ca7df7935387b018eab2a18becd53f807ab5db9b0a92c687da9edc77938f9174928eb910a63b41d1f08e0dec4d3c54e5c21fbf506aa35f0daa91e4b1efa07d437e262766c485c63574456047ade0f30ad1bbbf850d61c1451ab3f23218bb7b9eef63ddf43b5b71fd237dc62a81048e6cd0711c9b8b53d4c2c2bcb9fa4ee557ed5ac8226d764e53d9df046ae8dd1"]}, 0xe0}, 0x1, 0x0, 0x0, 0x42804}, 0x4000)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x2, 0x400000000000003, 0x20, 0x0, 0x13, 0x0, 0x0, 0x0, [@sadb_lifetime={0x4, 0x3, 0x0, 0x0, 0x100000000000000}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @rand_addr=0x64010100}}, @sadb_lifetime={0x4, 0x4, 0x0, 0xfffffffffffffffe}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @broadcast}}, @sadb_x_sec_ctx={0x1, 0x18, 0x5, 0x5f}]}, 0x98}}, 0x0) (async)
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r2, 0x40096102, 0x0)

7.040887847s ago: executing program 1 (id=2720):
bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x2, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3b}, [@call={0x85, 0x0, 0x0, 0xad}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket(0x848000000015, 0x805, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(r1, 0xd, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, 0x0, 0x20000000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000400)={'wlan0\x00', 0x0})
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r6, 0xffffffffffffffff, 0x0)

6.404676104s ago: executing program 1 (id=2722):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="065ed53de5000000a53c6f691f00ffffffecfffff3", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r5 = io_uring_setup(0x3c46, &(0x7f0000000880)={0x0, 0xcb41, 0x800, 0x2, 0x26c})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r5, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r5, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], &(0x7f0000000080)=[0x3fffffffffff], 0x1}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r5, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x0, 0x1}, 0x20)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000400)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f00000006c0)="3b000000010001", 0x7)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)={0x28, r8, 0x1, 0x0, 0x80000000, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'ipvlan0\x00'}}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x10800}, 0x4800)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0214f9f4070009040081000000000100000000000008001f0001000000", 0x24)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="200000007600010400000000000000000000000000000040080001"], 0x20}}, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r0}, 0xc)

5.26023819s ago: executing program 1 (id=2724):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, &(0x7f0000000580))
getpriority(0x0, r1)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r4, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x3}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r4, 0x1ad72f7)
r5 = accept4$netrom(r4, 0x0, 0x0, 0x80000)
writev(r5, &(0x7f00000006c0)=[{0x0}, {0x0}], 0x2)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
r7 = dup(r6)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0), 0x6df8}}, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@getsadinfo={0x2c, 0x23, 0x400, 0x70bd29, 0x25dfdbff, 0x0, [@policy_type={0xa, 0x10, {0x1}}, @mark={0xc, 0x15, {0x35075d, 0x9}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4801)
setsockopt$bt_l2cap_L2CAP_CONNINFO(r6, 0x6, 0x2, &(0x7f0000000100)={0xfff1, "8f1230"}, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.015809613s ago: executing program 1 (id=2728):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setgroups(0x24, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
socket$inet_mptcp(0x2, 0x1, 0x106)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
unshare(0x8000000)
r2 = getpid()
sched_setattr(r2, 0x0, 0x0)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[], 0x7c}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, 0x0, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00')
lseek(r5, 0x401, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)

3.788146462s ago: executing program 4 (id=2729):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x5, 0x0, &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8000, 0x0, 0xc, 0x0, 0x10001, 0xfa11, 0xfffffeeb}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
r3 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x2, @remote}}}, 0x108)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f00000100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000200000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd70000435"], 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="6f11ba816056a1827a33ae059cf3", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e0000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000070600000ee60000bf150000000000003d6500000000000065070000021c0000070700004c0000001f750000000000006154000000000000070400000400f9ffad4301000000000095000000000000000500000000000020950000000000000096669e8e4da2f09183bb"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r6 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
ppoll(&(0x7f0000000240)=[{r6}], 0xd8, &(0x7f0000000080)={0x0, 0x989680}, 0x0, 0x0)
r7 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
read$nci(r7, &(0x7f0000000100)=""/107, 0x6b)
write$nci(r7, &(0x7f0000000100)=ANY=[], 0x4)
writev(r7, &(0x7f0000000200)=[{&(0x7f0000000080)="9800ad72ad90430d5917fd343bba", 0xe}], 0x1)

2.80762874s ago: executing program 2 (id=2730):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x7, 0xc, &(0x7f0000000300)=ANY=[@ANYRES32=r0], &(0x7f00000002c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x34, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
epoll_create1(0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$llc(r3, &(0x7f00000001c0)={0x1a, 0x306, 0x7, 0x2, 0x1, 0xf8, @remote}, 0x10)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000480)={{0xffffffff, 0x0, 0x0, 0x0, 'syz1\x00', 0x1}, 0x3, 0x20000000, 0xffff, 0x0, 0x0, 0x1ff, 'syz0\x00', 0x0})
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
tkill(r1, 0xb)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0)

2.739350134s ago: executing program 2 (id=2731):
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='task\x00')
fchdir(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000254c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820}}, {{&(0x7f0000001580)=@abs={0x1, 0x0, 0x4e20}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x200444c6}}], 0x2, 0x40)

2.572427017s ago: executing program 2 (id=2732):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r0 = socket$inet6(0xa, 0x3, 0xfffffff6)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@local, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x23, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x18)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000300)={0x52, 0x0, 0x88, {0x0, 0x1}, {0x74, 0x2}, @const={0x2, {0x2, 0x3400}}})
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x963b01)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x2250)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000200)="d8000000210081044e81f782db44b9040200000000806c01000015000a001800feffffff09000d2000000401a80018000a000e4006000000036010fab94dcf5c0468c1d67f6f94007134cf6ee062e1c547cbc7225e6756cfb39b0590b4800089e408e8d8ef52b49816277cf4090000001fb791643a5ee4ce1b14d6d930dfe1d9db22fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db701000000eafad95667e006dcdf969b3ef35ce3bb9ad809d561cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d939acd92637429397f632838", 0xd8}], 0x1}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x70}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0xb, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020006c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r5=>0x0]}, &(0x7f0000000040)=0x8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001000ffff28bd7000fadbdf2500000000", @ANYRES32=0x0, @ANYRES16=r5], 0x48}, 0x1, 0x0, 0x0, 0x40060880}, 0x240400c0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x4008000)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000100)=""/230, 0xe6}], 0x1, 0x5f0e, 0x0)
ioctl$EVIOCGKEY(r3, 0x80404518, 0x0)

2.385741843s ago: executing program 4 (id=2733):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
mount_setattr(0xffffffffffffff9c, 0x0, 0x8100, 0x0, 0x0)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = syz_clone(0x8200000, &(0x7f0000000000)="cef852076ecb31a5d08e152a5fd30ea4dfc0cac1d20d0f6c4fcc47888bdad5319ceecd6327e383bc6f4ab1453ad808b2e1e1da2c3924599f7a5e1d77775f1e9dfd5c52c7a539ef1e45c10e6d0697dc8a9c3fc5ccd80cefc22dd2cbbf22001123be112ecb6468fe6030b235318ddd1a15c73c5afbd172ebcf7cc361da1e54aefa16935b068e126e3a1ac484296dd15a406ddec69b3af0626f1a6f4649fdfa90ae8eb873201edd2cfde889", 0xaa, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000180)="98fb1939ce8154bc87b3168a0771fe2390960652ac7a")
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_setup(0x7ff, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])
ioctl$VFAT_IOCTL_READDIR_BOTH(r4, 0x82307201, &(0x7f0000000400)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NL80211_CMD_LEAVE_MESH(r7, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r8, 0x2, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x5}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x40044)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r6, &(0x7f00000041c0)={0x2020, 0x0, 0x0, <r9=>0x0}, 0x2020)
syz_fuse_handle_req(r6, &(0x7f0000006280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3d4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906932966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b1ec1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda451852e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cbbc44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af4180753388f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0xfffffffffffffffd, {0x4, 0x8000000000, 0x3, 0x8, 0x4, 0x80, {0x5, 0x80000000000, 0x1, 0xfffffffffffffffa, 0x16f, 0xdbf, 0x10, 0x0, 0x0, 0x6000, 0xfffffffe, r9}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
setsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000280)={r3, r9, r10}, 0xc)

1.853551245s ago: executing program 4 (id=2734):
socket$inet_smc(0x2b, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = io_uring_setup(0x78eb, &(0x7f00000000c0)={0x0, 0x8c639, 0x400, 0x3, 0xb6})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
io_uring_enter(r0, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vivid(&(0x7f0000002680), 0x2, 0x2)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x181802)
syz_io_uring_setup(0x230, &(0x7f0000000080)={0x0, 0x20, 0x10100}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86})
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRES64], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8005}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r6}, 0x18)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)

1.054290353s ago: executing program 2 (id=2735):
mkdirat(0xffffffffffffff9c, 0x0, 0xce)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r2 = mq_open(&(0x7f0000001600)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\aXg\xbb\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x8a=\x0f\n*\x8a\x99\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbbV\x1a\x8a\x03#T\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8', 0x40, 0xb, 0x0)
fcntl$setlease(r2, 0x400, 0x0)
mq_open(&(0x7f0000000780)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\a78z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x2, 0x1b6, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)

939.997376ms ago: executing program 4 (id=2736):
socket$netlink(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x10, &(0x7f0000000440)=ANY=[@ANYRES16=0x0, @ANYRES32=r0, @ANYBLOB="0000000000000000b70200000100007d850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
readv(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
close(0xffffffffffffffff)
r5 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r5, 0x80184132, &(0x7f0000000340))
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
bind$unix(r4, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
setsockopt$inet_mreq(r7, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r8)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000040)={0x38, r9, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

339.141334ms ago: executing program 4 (id=2737):
creat(&(0x7f0000000000)='./bus\x00', 0x0)
r0 = gettid()
timer_create(0x6, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000000))

190.383061ms ago: executing program 4 (id=2738):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
io_setup(0x13, &(0x7f00000003c0))
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000380)={0x0, 0x8b8e, 0x800, 0x803, 0x8}, &(0x7f0000000340), 0x0)
r3 = getpgrp(0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = syz_open_procfs(0x0, 0x0)
pread64(r7, 0x0, 0x0, 0xadc)
r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r11=>0x0})
sendto$packet(r10, &(0x7f0000000000)="05004305", 0x5e0, 0x0, &(0x7f0000000080)={0x11, 0x8100, r11}, 0x14)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="0f8666f2a665f0ff0f0fc73666ba21003e0f01c5c4c1ed665a0aa00f06ea009000002c00c4c1b81516", 0x29}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

155.534818ms ago: executing program 2 (id=2739):
r0 = gettid()
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r6 = dup3(r5, r4, 0x0)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000bc0)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)=<r8=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(r8, 0x1, &(0x7f0000000040), 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x403, 0x0, 0x25dfdc02, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xf5ff52ca946691ec}]}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x8800}, 0x4080)
futimesat(0xffffffffffffffff, 0x0, 0x0)

0s ago: executing program 2 (id=2740):
syz_usb_connect$uac1(0x2, 0x9a, &(0x7f00000008c0)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x88, 0x3, 0x1, 0x9, 0xc0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x9}, [@extension_unit={0xd, 0x24, 0x8, 0x4, 0x0, 0x8, "6e2600ea76fa"}, @processing_unit={0xa, 0x24, 0x7, 0x6, 0x6, 0x4, "94a239"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0xd, 0x40, 0x9, {0x7, 0x25, 0x1, 0x3, 0xbe}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x8, 0x1, 0x6, 0x5, "730600"}, @as_header={0x7, 0x24, 0x1, 0x8, 0xe, 0x5}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x3, 0x1, 0xff, {0x7, 0x25, 0x1, 0x0, 0x2a, 0x6}}}}}}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x3, [{0xe7, &(0x7f0000000980)=ANY=[@ANYBLOB="e703a9193c0d3562f37e49f228b21e5bba96ec5ff3040000000af02679a9b2da277f8bf17ba5b68cc39ea8f71b93713e20a2058659032ca3ccc135ff575d5b411c7ce92e83696a99d0da908dfc731cf7530a32bd5bf423211da1902c625e893bf2ec446f026e4befe63e50a8d63c63a88100c2ca89a10c043be30a41dbd7b837ea09ba1de9594ebe79a45a9fbcd1da58ef80adf938cafb0e6987e57078343d15b9f0c0c49ddfdb0b3df718688ffc9625bfb77e82690ed5ef76a29bc62eb12d9ccb55f04a29b0d1d98ab7997e0c3924f748012a217c4e73af3fc4042f115c8f5f0ae2b8c2a1"]}, {0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="010100008051df4dc29b400a7a0dc0d99c6200000000931da8112a2c36"]}, {0x54, &(0x7f0000000240)=ANY=[@ANYBLOB="5403c28573825b76fc8cabbcc59c5e819ea8188c67f3b53dde43f080616701ccb69b671c89b57133071c32541d30927e4536aa0101b5daaaac7e64900f4bfeeb6520de77920f532ce98bbc1c2ab9f258d8f8f383"]}]})
unshare(0x22010700) (async)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) (async, rerun: 32)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 32)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setfsgid(0xee00) (async, rerun: 32)
r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32)
get_robust_list(r3, 0x0, 0x0) (async)
listen(r0, 0xa)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2711, @hyper}, 0x10) (async)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f00000006c0)=0x8, 0x4) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socket$inet(0x2, 0x6, 0x9) (async)
r5 = epoll_create1(0x0) (async)
r6 = socket(0x1, 0x80802, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r7, &(0x7f0000000100)={0xa000000d}) (async)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000000c0)={0x10000001}) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1e, 0x0, 0x11, 0x6, 0x90, 0x1, 0xd3a, '\x00', 0x0, r2, 0x5, 0x5, 0x4}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) (async, rerun: 64)
r8 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+  \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) (rerun: 64)
write$binfmt_misc(r8, &(0x7f0000000080), 0x0) (async)
lseek(r8, 0x101, 0x4) (async)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r9, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) (async)
socket$nl_sock_diag(0x10, 0x3, 0x4)

kernel console output (not intermixed with test programs):

: 00007f0d25fe6090 RCX: 00007f0d25d8f749
[  392.232487][T10516] RDX: 0000000000000000 RSI: 000020000000b680 RDI: 0000000000000006
[  392.232493][T10516] RBP: 00007f0d26be5090 R08: 0000000000000000 R09: 0000000000000000
[  392.232499][T10516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.232505][T10516] R13: 00007f0d25fe6128 R14: 00007f0d25fe6090 R15: 00007ffdb0adcde8
[  392.232520][T10516]  </TASK>
[  393.495157][T10519] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1284'.
[  394.711023][   T30] audit: type=1400 audit(1767529738.264:608): avc:  denied  { create } for  pid=10531 comm="syz.1.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  394.741736][   T30] audit: type=1400 audit(1767529738.274:609): avc:  denied  { getopt } for  pid=10531 comm="syz.1.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  394.819946][T10539] 9p: Bad value for 'rfdno'
[  394.923713][T10542] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1290'.
[  394.945516][T10542] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  394.986298][T10542] batman_adv: batadv0: Removing interface: batadv_slave_0
[  395.057456][T10545] erspan0: entered promiscuous mode
[  395.238558][T10545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1290'.
[  396.435401][  T891] libceph: mon0 (1)[c::]:6789 connect error
[  396.477695][T10564] ceph: No mds server is up or the cluster is laggy
[  399.299604][ T5801] usb 3-1: new full-speed USB device number 58 using dummy_hcd
[  399.520995][ T5801] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  399.532005][ T5801] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  399.551536][ T5801] usb 3-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00
[  399.566947][ T5801] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.628939][ T5801] usb 3-1: config 0 descriptor??
[  399.691205][T10588] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  399.696221][   T30] audit: type=1400 audit(1767529743.264:610): avc:  denied  { map } for  pid=10601 comm="syz.1.1307" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  399.733742][T10602] FAULT_INJECTION: forcing a failure.
[  399.733742][T10602] name failslab, interval 1, probability 0, space 0, times 0
[  399.748515][T10602] CPU: 1 UID: 0 PID: 10602 Comm: syz.1.1307 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  399.748546][T10602] Tainted: [L]=SOFTLOCKUP
[  399.748552][T10602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  399.748563][T10602] Call Trace:
[  399.748569][T10602]  <TASK>
[  399.748576][T10602]  dump_stack_lvl+0x16c/0x1f0
[  399.748603][T10602]  should_fail_ex+0x512/0x640
[  399.748629][T10602]  ? kmem_cache_alloc_noprof+0x62/0x770
[  399.748651][T10602]  should_failslab+0xc2/0x120
[  399.748676][T10602]  kmem_cache_alloc_noprof+0x83/0x770
[  399.748694][T10602]  ? vm_area_dup+0x27/0x8d0
[  399.748726][T10602]  ? vm_area_dup+0x27/0x8d0
[  399.748750][T10602]  vm_area_dup+0x27/0x8d0
[  399.748778][T10602]  __split_vma+0x18e/0x1050
[  399.748799][T10602]  ? __pfx___split_vma+0x10/0x10
[  399.748830][T10602]  vms_gather_munmap_vmas+0x3aa/0x1340
[  399.748853][T10602]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  399.748869][T10602]  ? lock_acquire+0x179/0x330
[  399.748890][T10602]  ? find_held_lock+0x2b/0x80
[  399.748920][T10602]  ? mark_held_locks+0x49/0x80
[  399.748939][T10602]  ? finish_task_switch.isra.0+0x207/0xbd0
[  399.748968][T10602]  ? lockdep_hardirqs_on+0x7c/0x110
[  399.748995][T10602]  do_vmi_align_munmap+0x286/0x7e0
[  399.749017][T10602]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  399.749073][T10602]  do_vmi_munmap+0x204/0x3e0
[  399.749094][T10602]  __vm_munmap+0x196/0x380
[  399.749119][T10602]  ? __pfx___vm_munmap+0x10/0x10
[  399.749137][T10602]  ? lockdep_hardirqs_on+0x10/0x110
[  399.749168][T10602]  ? __pfx_ksys_write+0x10/0x10
[  399.749197][T10602]  __x64_sys_munmap+0x59/0x80
[  399.749221][T10602]  do_syscall_64+0xcd/0xf80
[  399.749246][T10602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.749263][T10602] RIP: 0033:0x7fb35118f749
[  399.749278][T10602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.749294][T10602] RSP: 002b:00007fb34f3ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000000b
[  399.749310][T10602] RAX: ffffffffffffffda RBX: 00007fb3513e5fa0 RCX: 00007fb35118f749
[  399.749322][T10602] RDX: 0000000000000000 RSI: 0000000000004000 RDI: 000020000053c000
[  399.749333][T10602] RBP: 00007fb34f3ee090 R08: 0000000000000000 R09: 0000000000000000
[  399.749343][T10602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.749353][T10602] R13: 00007fb3513e6038 R14: 00007fb3513e5fa0 R15: 00007ffdb7950308
[  399.749378][T10602]  </TASK>
[  400.229937][ T5801] hid-retrode 0003:0403:97C1.0009: hidraw0: USB HID v1.01 Device [HID 0403:97c1] on usb-dummy_hcd.2-1/input0
[  400.764891][   T30] audit: type=1400 audit(1767529744.334:611): avc:  denied  { create } for  pid=10615 comm="syz.0.1311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  400.791505][   T30] audit: type=1400 audit(1767529744.364:612): avc:  denied  { write } for  pid=10615 comm="syz.0.1311" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  401.024774][   T30] audit: type=1400 audit(1767529744.564:613): avc:  denied  { mount } for  pid=10616 comm="syz.4.1313" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  401.328533][T10629] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1317'.
[  401.338240][T10629] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1317'.
[  401.347266][T10629] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1317'.
[  401.356301][T10629] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1317'.
[  401.904393][ T5801] usb 3-1: USB disconnect, device number 58
[  402.088748][T10618] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1312'.
[  402.344040][T10644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1322'.
[  402.353437][T10644] openvswitch: netlink: Flow actions attr not present in new flow.
[  403.476792][  T891] libceph: mon0 (1)[c::]:6789 connect error
[  403.504865][T10652] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1323'.
[  403.512814][T10664] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1327'.
[  403.523599][T10664] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1327'.
[  403.537342][T10664] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1327'.
[  403.662391][T10659] ceph: No mds server is up or the cluster is laggy
[  403.786490][ T5920] libceph: mon0 (1)[c::]:6789 connect error
[  403.795891][T10667] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  403.873208][T10669] PKCS7: Unknown OID: [4] (bad)
[  403.882585][T10669] PKCS7: Only support pkcs7_signedData type
[  404.306215][T10685] Failed to initialize the IGMP autojoin socket (err -2)
[  405.711155][T10704] overlayfs: missing 'lowerdir'
[  405.757321][T10704] nfs: Unknown parameter 'ÿÿÿÿÿÿ´ZÛÞ'
[  405.866423][ T5801] libceph: mon0 (1)[c::]:6789 connect error
[  405.873878][ T5801] libceph: mon0 (1)[c::]:6789 connect error
[  405.917254][T10707] ceph: No mds server is up or the cluster is laggy
[  406.569623][T10729] netlink: 'syz.2.1346': attribute type 10 has an invalid length.
[  407.051027][T10742] 9p: Bad value for 'wfdno'
[  407.468884][T10750] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  407.794591][   T30] audit: type=1400 audit(1767529751.364:614): avc:  denied  { accept } for  pid=10753 comm="syz.2.1356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  409.246106][T10783] nfs: Unknown parameter '&[#'
[  409.277344][  T891] kernel write not supported for file [eventfd] (pid: 891 comm: kworker/0:2)
[  409.317765][   T30] audit: type=1400 audit(1767529752.834:615): avc:  denied  { write } for  pid=10778 comm="syz.1.1361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  409.363664][   T30] audit: type=1400 audit(1767529752.834:616): avc:  denied  { read } for  pid=10778 comm="syz.1.1361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  409.874064][T10797] tipc: Started in network mode
[  409.878930][T10797] tipc: Node identity 4, cluster identity 4711
[  409.885471][T10797] tipc: Node number set to 4
[  410.241574][T10796] netlink: 'syz.2.1367': attribute type 1 has an invalid length.
[  410.249384][T10796] __nla_validate_parse: 2 callbacks suppressed
[  410.249415][T10796] netlink: 480 bytes leftover after parsing attributes in process `syz.2.1367'.
[  410.336825][T10795] loop5: detected capacity change from 0 to 7
[  410.345256][T10795] Dev loop5: unable to read RDB block 7
[  410.350883][T10795]  loop5: unable to read partition table
[  410.356567][T10795] loop5: partition table beyond EOD, truncated
[  410.362705][T10795] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  411.147903][T10818] netlink: 'syz.1.1376': attribute type 1 has an invalid length.
[  411.157380][T10818] netlink: 480 bytes leftover after parsing attributes in process `syz.1.1376'.
[  411.193128][T10818] loop5: detected capacity change from 0 to 7
[  411.207701][T10818] Dev loop5: unable to read RDB block 7
[  411.213796][T10818]  loop5: unable to read partition table
[  411.219832][T10818] loop5: partition table beyond EOD, truncated
[  411.226050][T10818] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  411.799979][  T891] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  411.975810][T10843] fuse: Bad value for 'fd'
[  412.061502][  T891] usb 3-1: config 0 descriptor has 1 excess byte, ignoring
[  412.070846][  T891] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  412.093625][  T891] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  412.110943][  T891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.124584][  T891] usb 3-1: config 0 descriptor??
[  412.467171][T10857] netlink: 'syz.4.1391': attribute type 1 has an invalid length.
[  412.475092][T10857] netlink: 480 bytes leftover after parsing attributes in process `syz.4.1391'.
[  412.544835][T10857] loop5: detected capacity change from 0 to 7
[  412.581429][T10857] Dev loop5: unable to read RDB block 7
[  412.590314][T10857]  loop5: unable to read partition table
[  412.650449][T10857] loop5: partition table beyond EOD, truncated
[  412.656953][T10857] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  413.661825][  T891] usb 3-1: USB disconnect, device number 59
[  414.082840][T10883] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  414.103766][T10884] IPv6: sit1: Disabled Multicast RS
[  414.193288][ T5938] libceph: mon0 (1)[c::]:6789 connect error
[  414.333425][T10888] ceph: No mds server is up or the cluster is laggy
[  414.333699][T10892] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  416.478890][T10913] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1407'.
[  417.579759][  T891] usb 3-1: new full-speed USB device number 60 using dummy_hcd
[  417.753893][  T891] usb 3-1: config 7 has an invalid interface number: 101 but max is 0
[  417.775455][  T891] usb 3-1: config 7 has no interface number 0
[  417.900320][  T891] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b
[  417.917915][  T891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.405667][  T891] usb 3-1: Product: syz
[  418.431083][  T891] usb 3-1: Manufacturer: syz
[  418.436985][  T891] usb 3-1: SerialNumber: syz
[  418.482207][T10946] fuse: Bad value for 'fd'
[  418.789286][   T30] audit: type=1400 audit(1767529762.354:617): avc:  denied  { ioctl } for  pid=10953 comm="syz.4.1424" path="socket:[30728]" dev="sockfs" ino=30728 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  418.841043][T10960] kernel read not supported for file /cpuacct.usage_percpu (pid: 10960 comm: syz.1.1426)
[  418.853733][   T30] audit: type=1800 audit(1767529762.424:618): pid=10960 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1426" name="cpuacct.usage_percpu" dev="mqueue" ino=30738 res=0 errno=0
[  419.000137][T10966] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1428'.
[  419.227479][  T891] as10x_usb: device has been detected
[  419.233594][  T891] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe)
[  419.251657][  T891] usb 3-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)...
[  419.287910][  T891] as10x_usb: error during firmware upload part1
[  419.294913][  T891] Registered device Elgato EyeTV DTT Deluxe
[  419.500914][ T5824] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  419.516564][ T5824] CPU: 0 UID: 0 PID: 5824 Comm: kworker/u9:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  419.516593][ T5824] Tainted: [L]=SOFTLOCKUP
[  419.516600][ T5824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  419.516613][ T5824] Workqueue: hci3 hci_rx_work
[  419.516638][ T5824] Call Trace:
[  419.516645][ T5824]  <TASK>
[  419.516652][ T5824]  dump_stack_lvl+0x16c/0x1f0
[  419.516680][ T5824]  sysfs_warn_dup+0x7f/0xa0
[  419.516703][ T5824]  sysfs_create_dir_ns+0x24b/0x2b0
[  419.516725][ T5824]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  419.516746][ T5824]  ? find_held_lock+0x2b/0x80
[  419.516781][ T5824]  ? do_raw_spin_unlock+0x172/0x230
[  419.516809][ T5824]  kobject_add_internal+0x2c4/0x9d0
[  419.516846][ T5824]  kobject_add+0x16e/0x240
[  419.516873][ T5824]  ? __pfx_kobject_add+0x10/0x10
[  419.516903][ T5824]  ? kobject_put+0xaf/0x6f0
[  419.516926][ T5824]  ? _raw_spin_unlock+0x28/0x50
[  419.516955][ T5824]  device_add+0x288/0x1980
[  419.516977][ T5824]  ? __pfx_dev_set_name+0x10/0x10
[  419.517000][ T5824]  ? __pfx_device_add+0x10/0x10
[  419.517023][ T5824]  ? mgmt_send_event_skb+0x2fb/0x460
[  419.517052][ T5824]  hci_conn_add_sysfs+0x1a8/0x260
[  419.517077][ T5824]  le_conn_complete_evt+0x11ed/0x1fa0
[  419.517105][ T5824]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  419.517133][ T5824]  hci_le_conn_complete_evt+0x23c/0x3a0
[  419.517161][ T5824]  hci_le_meta_evt+0x357/0x610
[  419.517183][ T5824]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  419.517208][ T5824]  hci_event_packet+0x685/0x1210
[  419.517228][ T5824]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  419.517251][ T5824]  ? __pfx_hci_event_packet+0x10/0x10
[  419.517275][ T5824]  ? kcov_remote_start+0x399/0x680
[  419.517295][ T5824]  ? lockdep_hardirqs_on+0x7c/0x110
[  419.517326][ T5824]  hci_rx_work+0x2c9/0x1020
[  419.517350][ T5824]  process_one_work+0x9ba/0x1b20
[  419.517385][ T5824]  ? __pfx_process_one_work+0x10/0x10
[  419.517418][ T5824]  ? assign_work+0x1a0/0x250
[  419.517443][ T5824]  worker_thread+0x6c8/0xf10
[  419.517479][ T5824]  ? __pfx_worker_thread+0x10/0x10
[  419.517503][ T5824]  kthread+0x3c5/0x780
[  419.517525][ T5824]  ? __pfx_kthread+0x10/0x10
[  419.517549][ T5824]  ? rcu_is_watching+0x12/0xc0
[  419.517567][ T5824]  ? __pfx_kthread+0x10/0x10
[  419.517593][ T5824]  ret_from_fork+0x983/0xb10
[  419.517615][ T5824]  ? __pfx_ret_from_fork+0x10/0x10
[  419.517638][ T5824]  ? __switch_to+0x7af/0x10d0
[  419.517663][ T5824]  ? __pfx_kthread+0x10/0x10
[  419.517685][ T5824]  ret_from_fork_asm+0x1a/0x30
[  419.517728][ T5824]  </TASK>
[  419.517804][ T5824] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  419.775953][ T5824] Bluetooth: hci3: failed to register connection device
[  419.941161][T10983] fuse: Bad value for 'fd'
[  420.069634][   T30] audit: type=1400 audit(1767529763.634:619): avc:  denied  { map } for  pid=10984 comm="syz.1.1433" path="/dev/net/tun" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1
[  420.160378][   T30] audit: type=1400 audit(1767529763.634:620): avc:  denied  { execute } for  pid=10984 comm="syz.1.1433" path="/dev/net/tun" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1
[  420.207983][   T30] audit: type=1400 audit(1767529763.674:621): avc:  denied  { create } for  pid=10988 comm="syz.4.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  420.240619][   T30] audit: type=1400 audit(1767529763.674:622): avc:  denied  { write } for  pid=10988 comm="syz.4.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  420.309576][T10998] FAULT_INJECTION: forcing a failure.
[  420.309576][T10998] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.322990][T10998] CPU: 0 UID: 0 PID: 10998 Comm: syz.4.1437 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  420.323016][T10998] Tainted: [L]=SOFTLOCKUP
[  420.323023][T10998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  420.323033][T10998] Call Trace:
[  420.323040][T10998]  <TASK>
[  420.323047][T10998]  dump_stack_lvl+0x16c/0x1f0
[  420.323075][T10998]  should_fail_ex+0x512/0x640
[  420.323106][T10998]  _copy_from_user+0x2e/0xd0
[  420.323135][T10998]  kstrtouint_from_user+0xd6/0x1d0
[  420.323156][T10998]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  420.323175][T10998]  ? __lock_acquire+0x436/0x2890
[  420.323202][T10998]  ? lock_acquire+0x179/0x330
[  420.323228][T10998]  proc_fail_nth_write+0x83/0x220
[  420.323248][T10998]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  420.323274][T10998]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  420.323291][T10998]  vfs_write+0x2a0/0x11d0
[  420.323315][T10998]  ? __pfx___mutex_lock+0x10/0x10
[  420.323343][T10998]  ? __pfx_vfs_write+0x10/0x10
[  420.323374][T10998]  ? __fget_files+0x20e/0x3c0
[  420.323407][T10998]  ksys_write+0x12a/0x250
[  420.323430][T10998]  ? __pfx_ksys_write+0x10/0x10
[  420.323453][T10998]  ? fdget+0x187/0x210
[  420.323482][T10998]  do_syscall_64+0xcd/0xf80
[  420.323508][T10998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.323526][T10998] RIP: 0033:0x7f8a2618e1ff
[  420.323540][T10998] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  420.323557][T10998] RSP: 002b:00007f8a27014030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  420.323574][T10998] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8a2618e1ff
[  420.323585][T10998] RDX: 0000000000000001 RSI: 00007f8a270140a0 RDI: 0000000000000003
[  420.323595][T10998] RBP: 00007f8a27014090 R08: 0000000000000000 R09: 0000000000000000
[  420.323606][T10998] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  420.323616][T10998] R13: 00007f8a263e6038 R14: 00007f8a263e5fa0 R15: 00007fff28a925e8
[  420.323642][T10998]  </TASK>
[  420.624107][ T5938] libceph: mon0 (1)[c::]:6789 connect error
[  420.747221][T11005] ceph: No mds server is up or the cluster is laggy
[  420.748087][T11014] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  420.890825][ T5938] libceph: mon0 (1)[c::]:6789 connect error
[  420.925066][ T5938] usb 3-1: USB disconnect, device number 60
[  420.987010][T11018] input: syz0 as /devices/virtual/input/input22
[  421.444568][ T5938] Unregistered device Elgato EyeTV DTT Deluxe
[  421.448808][ T5938] as10x_usb: device has been disconnected
[  421.677348][T11025] netlink: 'syz.2.1443': attribute type 10 has an invalid length.
[  421.889350][T11025] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  422.599396][   T30] audit: type=1400 audit(1767529766.164:623): avc:  denied  { append } for  pid=11036 comm="syz.2.1447" name="pfkey" dev="proc" ino=4026533169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  422.647414][T11037] Failed to initialize the IGMP autojoin socket (err -2)
[  422.777937][   T30] audit: type=1326 audit(1767529766.344:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11010 comm="syz.3.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  422.801918][   T30] audit: type=1326 audit(1767529766.374:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11010 comm="syz.3.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  422.833749][   T30] audit: type=1326 audit(1767529766.404:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11010 comm="syz.3.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  422.859202][  T891] libceph: mon0 (1)[c::]:6789 connect error
[  422.880494][T11040] ceph: No mds server is up or the cluster is laggy
[  422.893375][T11030] Failed to initialize the IGMP autojoin socket (err -2)
[  423.284975][T11053] 9p: Bad value for 'rfdno'
[  423.290907][T11053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1449'.
[  423.406993][T11049] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1445'.
[  423.416921][T11053] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1449'.
[  423.511348][T11042] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1445'.
[  424.906832][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1457'.
[  425.951192][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  426.945045][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  426.945061][   T30] audit: type=1400 audit(1767529770.514:648): avc:  denied  { open } for  pid=11141 comm="syz.1.1468" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=30993 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  427.727769][T11160] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1473'.
[  429.318373][ T6983] udevd[6983]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  429.328008][   T30] audit: type=1400 audit(1767529772.884:649): avc:  denied  { create } for  pid=11182 comm="syz.3.1479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  429.368264][   T30] audit: type=1804 audit(1767529772.924:650): pid=11180 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.1477" name="/newroot/276/file1" dev="fuse" ino=1 res=1 errno=0
[  429.391238][   T30] audit: type=1800 audit(1767529772.924:651): pid=11180 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1477" name="/" dev="fuse" ino=1 res=0 errno=0
[  429.432171][   T30] audit: type=1800 audit(1767529773.004:652): pid=11180 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1477" name="/" dev="fuse" ino=1 res=0 errno=0
[  430.313020][   T30] audit: type=1400 audit(1767529773.884:653): avc:  denied  { watch } for  pid=11206 comm="syz.3.1487" path="/319/file0" dev="tmpfs" ino=1781 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  430.357003][T11207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  430.373883][T11207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  430.706931][T11221] FAULT_INJECTION: forcing a failure.
[  430.706931][T11221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.721794][T11221] CPU: 0 UID: 0 PID: 11221 Comm: syz.4.1493 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  430.721823][T11221] Tainted: [L]=SOFTLOCKUP
[  430.721830][T11221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  430.721840][T11221] Call Trace:
[  430.721846][T11221]  <TASK>
[  430.721854][T11221]  dump_stack_lvl+0x16c/0x1f0
[  430.721881][T11221]  should_fail_ex+0x512/0x640
[  430.721913][T11221]  _copy_from_user+0x2e/0xd0
[  430.721941][T11221]  copy_msghdr_from_user+0x98/0x160
[  430.721961][T11221]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  430.721993][T11221]  ___sys_sendmsg+0xfe/0x1d0
[  430.722012][T11221]  ? __pfx____sys_sendmsg+0x10/0x10
[  430.722061][T11221]  __sys_sendmsg+0x16d/0x220
[  430.722081][T11221]  ? __pfx___sys_sendmsg+0x10/0x10
[  430.722116][T11221]  do_syscall_64+0xcd/0xf80
[  430.722141][T11221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.722159][T11221] RIP: 0033:0x7f8a2618f749
[  430.722174][T11221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.722190][T11221] RSP: 002b:00007f8a27014038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  430.722208][T11221] RAX: ffffffffffffffda RBX: 00007f8a263e5fa0 RCX: 00007f8a2618f749
[  430.722220][T11221] RDX: 0000000000000000 RSI: 0000200000006280 RDI: 0000000000000003
[  430.722230][T11221] RBP: 00007f8a27014090 R08: 0000000000000000 R09: 0000000000000000
[  430.722241][T11221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.722251][T11221] R13: 00007f8a263e6038 R14: 00007f8a263e5fa0 R15: 00007fff28a925e8
[  430.722276][T11221]  </TASK>
[  431.082152][   T30] audit: type=1400 audit(1767529774.654:654): avc:  denied  { add_name } for  pid=11230 comm="syz.3.1497" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  431.082633][T11231] o2cb: This node has not been configured.
[  431.111399][T11231] o2cb: Cluster check failed. Fix errors before retrying.
[  431.118526][T11231] (syz.3.1497,11231,0):user_dlm_register:674 ERROR: status = -22
[  431.127381][   T30] audit: type=1400 audit(1767529774.654:655): avc:  denied  { create } for  pid=11230 comm="syz.3.1497" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  431.153072][T11232] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  431.161748][T11231] (syz.3.1497,11231,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0"
[  431.192304][   T30] audit: type=1400 audit(1767529774.654:656): avc:  denied  { associate } for  pid=11230 comm="syz.3.1497" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  433.269003][T11264] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1508'.
[  434.839817][T11288] overlayfs: failed to clone upperpath
[  435.362437][   T30] audit: type=1400 audit(1767529778.614:657): avc:  denied  { read } for  pid=11287 comm="syz.0.1517" path="socket:[31230]" dev="sockfs" ino=31230 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  435.589124][   T30] audit: type=1400 audit(1767529779.154:658): avc:  denied  { write } for  pid=11294 comm="syz.3.1519" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  435.727682][ T5938] delete_channel: no stack
[  436.267619][T11306] o2cb: This node has not been configured.
[  436.274751][T11306] o2cb: Cluster check failed. Fix errors before retrying.
[  436.283334][T11306] (syz.3.1522,11306,1):user_dlm_register:674 ERROR: status = -22
[  436.291163][T11306] (syz.3.1522,11306,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0"
[  436.450414][T11312] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1525'.
[  436.796903][T11327] netlink: 71 bytes leftover after parsing attributes in process `syz.0.1529'.
[  436.874281][T11331] 9p: Bad value for 'wfdno'
[  437.727333][T11345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1536'.
[  438.026972][   T30] audit: type=1800 audit(1767529781.574:659): pid=11359 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1540" name="nullb0" dev="tmpfs" ino=1886 res=0 errno=0
[  438.028997][T11360] SELinux: failed to load policy
[  438.058468][T11361] netlink: 'syz.0.1538': attribute type 10 has an invalid length.
[  438.421661][   T30] audit: type=1400 audit(1767529781.594:660): avc:  denied  { load_policy } for  pid=11342 comm="syz.4.1535" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  438.461898][ T5938] libceph: mon0 (1)[c::]:6789 connect error
[  438.501622][T11366] ceph: No mds server is up or the cluster is laggy
[  438.718482][   T30] audit: type=1400 audit(1767529782.284:661): avc:  denied  { bind } for  pid=11377 comm="syz.1.1546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  438.737909][T11378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1546'.
[  438.995359][T11381] process '/newroot/341/file0' started with executable stack
[  439.317111][T11391] netlink: 'syz.4.1550': attribute type 2 has an invalid length.
[  439.326216][T11391] netlink: 'syz.4.1550': attribute type 1 has an invalid length.
[  439.335912][T11391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1550'.
[  439.469247][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  440.864697][T11403] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1554'.
[  440.886857][T11403] team1: entered promiscuous mode
[  440.891940][T11403] team1: entered allmulticast mode
[  440.941585][T11405] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1555'.
[  441.973497][T11432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1566'.
[  442.507359][T11450] fuse: Bad value for 'fd'
[  442.678798][T11463] overlayfs: failed to clone upperpath
[  443.188064][T11454] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  443.242775][T11454] cramfs: wrong magic
[  443.517460][T11484] netlink: 'syz.0.1579': attribute type 4 has an invalid length.
[  444.833748][   T30] audit: type=1400 audit(1767529788.404:662): avc:  denied  { create } for  pid=11494 comm="syz.3.1585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  447.042685][T11528] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.352025][T11539] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1595'.
[  447.387637][T11528] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.674592][T11543] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  447.919272][T11528] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.161723][T11550] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  448.168913][T11550] IPv6: NLM_F_CREATE should be set when creating new route
[  448.176100][T11550] IPv6: NLM_F_CREATE should be set when creating new route
[  448.191561][ T5938] libceph: mon0 (1)[c::]:6789 connect error
[  448.212240][T11545] ceph: No mds server is up or the cluster is laggy
[  448.271798][T11528] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.416361][T11084] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  448.453464][ T4818] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  448.481315][ T4818] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  448.597563][T11084] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  448.807052][T11560] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1603'.
[  450.131085][T11585] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1610'.
[  450.996861][T11600] fuse: Bad value for 'group_id'
[  451.019727][T11600] fuse: Bad value for 'group_id'
[  451.432536][T11617] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1617'.
[  452.047856][   T30] audit: type=1400 audit(1767529795.594:663): avc:  denied  { ioctl } for  pid=11623 comm="syz.2.1621" path="socket:[32188]" dev="sockfs" ino=32188 ioctlcmd=0x8b22 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  452.455308][T11640] fuse: Bad value for 'fd'
[  452.495147][T11642] fuse: Bad value for 'group_id'
[  452.525074][T11642] fuse: Bad value for 'group_id'
[  452.676704][T11651] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1631'.
[  453.062634][   T30] audit: type=1400 audit(1767529796.564:664): avc:  denied  { override_creds } for  pid=11633 comm="syz.1.1624" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  453.136262][   T30] audit: type=1400 audit(1767529796.634:665): avc:  denied  { bind } for  pid=11655 comm="syz.3.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  453.871637][   T30] audit: type=1400 audit(1767529796.634:666): avc:  denied  { setopt } for  pid=11655 comm="syz.3.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  453.919135][   T30] audit: type=1400 audit(1767529796.634:667): avc:  denied  { write } for  pid=11655 comm="syz.3.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  453.957665][   T30] audit: type=1400 audit(1767529796.944:668): avc:  denied  { watch_sb } for  pid=11667 comm="syz.0.1637" path="/355" dev="tmpfs" ino=1965 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  455.481226][T11681] veth2: entered promiscuous mode
[  455.486375][T11681] veth2: entered allmulticast mode
[  457.777686][   T30] audit: type=1400 audit(1767529801.344:669): avc:  denied  { bind } for  pid=11737 comm="syz.1.1658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  457.837028][   T30] audit: type=1400 audit(1767529801.404:670): avc:  denied  { getopt } for  pid=11737 comm="syz.1.1658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  461.042765][T11789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1674'.
[  461.053365][T11789] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1674'.
[  462.773490][T11813] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1681'.
[  462.908945][T11817] netlink: 'syz.1.1682': attribute type 10 has an invalid length.
[  462.918193][T11817] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.925316][T11817] bridge0: port 2(bridge_slave_1) entered forwarding state
[  462.932689][T11817] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.939745][T11817] bridge0: port 1(bridge_slave_0) entered forwarding state
[  462.952435][T11817] bridge0: port 2(bridge_slave_1) entered disabled state
[  462.959608][T11817] bridge0: port 1(bridge_slave_0) entered disabled state
[  463.207725][T11822] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1684'.
[  463.526667][T11828] netlink: 'syz.2.1685': attribute type 10 has an invalid length.
[  463.570730][   T30] audit: type=1400 audit(1767529807.134:671): avc:  denied  { setopt } for  pid=11825 comm="syz.3.1687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  463.864390][T11836] 9pnet_virtio: no channels available for device syz
[  463.959913][T11840] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1690'.
[  464.415967][T11849] overlayfs: failed lookup in lower (newroot/329, name='file0', err=-40): overlapping layers
[  464.665978][T11840] team0 (unregistering): Port device team_slave_0 removed
[  464.685008][T11840] team0 (unregistering): Port device team_slave_1 removed
[  464.775985][T11854] 9p: Bad value for 'rfdno'
[  464.834210][ T5824] Bluetooth: hci2: unexpected event for opcode 0x0402
[  464.914703][   T30] audit: type=1400 audit(1767529808.484:672): avc:  denied  { read } for  pid=11855 comm="syz.4.1695" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  464.961079][   T30] audit: type=1400 audit(1767529808.514:673): avc:  denied  { open } for  pid=11855 comm="syz.4.1695" path="/303/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  465.043386][T11868] netlink: 'syz.2.1698': attribute type 4 has an invalid length.
[  465.051145][T11868] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1698'.
[  465.102368][   T30] audit: type=1400 audit(1767529808.624:674): avc:  denied  { ioctl } for  pid=11855 comm="syz.4.1695" path="/303/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  465.199035][T11873] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1700'.
[  465.832507][T11898] bond3: option lacp_rate: mode dependency failed, not supported in mode active-backup(1)
[  465.844688][T11898] bond3 (unregistering): Released all slaves
[  466.709575][T11919] 9p: Bad value for 'wfdno'
[  467.095491][   T30] audit: type=1400 audit(1767529810.664:675): avc:  denied  { read } for  pid=11928 comm="syz.3.1718" path="socket:[32651]" dev="sockfs" ino=32651 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  467.622606][T11933] gretap0: left promiscuous mode
[  467.627627][T11933] erspan0: left promiscuous mode
[  467.634355][T11933] dummy0: left promiscuous mode
[  467.649516][T11933] bridge1: left promiscuous mode
[  467.655549][T11933] team1: left promiscuous mode
[  467.725754][T11937] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1722'.
[  468.049810][T11956] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1729'.
[  468.134307][T11961] 9p: Bad value for 'rfdno'
[  468.206328][ T5824] Bluetooth: hci0: unexpected event for opcode 0x2040
[  468.328994][T11967] fuse: Unknown parameter 'grou00000000000000000000'
[  468.894824][   T30] audit: type=1400 audit(1767529812.434:676): avc:  denied  { write } for  pid=11974 comm="syz.4.1734" name="mouse0" dev="devtmpfs" ino=1010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  469.507052][T11985] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  469.557728][T11986] overlayfs: missing 'lowerdir'
[  470.635917][T12007] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1746'.
[  471.078994][T12020] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  471.917010][T12042] netlink: 'syz.2.1756': attribute type 8 has an invalid length.
[  472.493056][T12049] netlink: 444 bytes leftover after parsing attributes in process `syz.0.1758'.
[  472.551646][T12049] netlink: 444 bytes leftover after parsing attributes in process `syz.0.1758'.
[  472.691415][T12063] Process accounting resumed
[  472.709111][   T30] audit: type=1400 audit(1767529816.274:677): avc:  denied  { bind } for  pid=12064 comm="syz.1.1765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  472.741597][T12066] dummy0: entered allmulticast mode
[  472.771307][T12060] overlayfs: failed to clone upperpath
[  472.787970][T12066] dummy0: left allmulticast mode
[  473.314909][T12088] netlink: 'syz.1.1770': attribute type 1 has an invalid length.
[  473.322707][T12088] nbd: error processing sock list
[  473.838312][T12093] tmpfs: Bad value for 'mpol'
[  473.974690][T12099] tipc: Started in network mode
[  473.979613][T12099] tipc: Node identity 7f000001, cluster identity 4711
[  473.991221][T12099] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  476.260785][T12129] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1785'.
[  476.296909][T12129] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12129 comm=syz.1.1785
[  476.553868][T12147] 9p: Bad value for 'rfdno'
[  477.616155][T12175] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1800'.
[  477.625096][T12175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1800'.
[  477.634081][T12175] netlink: 'syz.0.1800': attribute type 13 has an invalid length.
[  477.641925][T12175] netlink: 'syz.0.1800': attribute type 12 has an invalid length.
[  478.292046][T12182] sit0: entered promiscuous mode
[  478.308985][T12182] netlink: 'syz.0.1803': attribute type 1 has an invalid length.
[  478.317260][T12182] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1803'.
[  478.871244][T12196] fuse: Bad value for 'fd'
[  479.522126][T12214] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1813'.
[  479.535858][T12214] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  479.544005][T12214] batadv_slave_0: entered promiscuous mode
[  479.574411][T12212] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1814'.
[  479.604943][T12212] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12212 comm=syz.3.1814
[  480.715986][T12224] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1818'.
[  480.987210][   T30] audit: type=1400 audit(1767529824.554:678): avc:  denied  { read } for  pid=12235 comm="syz.4.1822" path="socket:[34864]" dev="sockfs" ino=34864 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  481.643690][   T30] audit: type=1326 audit(1767529824.734:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.684429][T12223] Process accounting resumed
[  481.689821][   T30] audit: type=1326 audit(1767529824.734:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.716953][   T30] audit: type=1326 audit(1767529824.744:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.742304][   T30] audit: type=1326 audit(1767529824.744:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.783874][   T30] audit: type=1326 audit(1767529824.744:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.815547][   T30] audit: type=1326 audit(1767529824.744:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.860734][   T30] audit: type=1326 audit(1767529824.744:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  481.903411][T12251] fuse: Unknown parameter '0x00000000000000030x0000000000000003'
[  481.949756][   T30] audit: type=1326 audit(1767529824.744:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  482.029745][   T30] audit: type=1326 audit(1767529824.744:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12235 comm="syz.4.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  483.109995][T12300] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  484.101309][T12324] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  484.393561][T12338] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  485.636743][T12366] 9pnet_fd: Insufficient options for proto=fd
[  486.525756][T12381] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12381 comm=syz.3.1865
[  486.530230][T12378] ptrace attach of ""[12379] was attempted by "./syz-executor exec"[12378]
[  486.624890][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  486.624903][   T30] audit: type=1400 audit(1767529830.194:697): avc:  denied  { associate } for  pid=12384 comm="syz.3.1867" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  487.062275][T12393] loop5: detected capacity change from 0 to 7
[  487.075827][T12393] Dev loop5: unable to read RDB block 7
[  487.081886][T12393]  loop5: unable to read partition table
[  487.089426][T12393] loop5: partition table beyond EOD, truncated
[  487.095835][T12393] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  487.244104][T12398] ip6tnl2: entered promiscuous mode
[  488.626241][ T5938] kernel write not supported for file /vcsa (pid: 5938 comm: kworker/1:8)
[  491.299212][   T30] audit: type=1400 audit(1767529834.864:698): avc:  denied  { ioctl } for  pid=12481 comm="syz.3.1898" path="socket:[34672]" dev="sockfs" ino=34672 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  491.427024][   T30] audit: type=1400 audit(1767529834.904:699): avc:  denied  { bind } for  pid=12481 comm="syz.3.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  492.018470][T12497] netlink: 'syz.3.1901': attribute type 10 has an invalid length.
[  492.026656][T12497] bridge0: port 2(bridge_slave_1) entered disabled state
[  492.034030][T12497] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.494791][T12507] overlayfs: failed to clone upperpath
[  492.572813][T12508] wireguard: wg1: Could not create IPv4 socket
[  492.872235][   T30] audit: type=1400 audit(1767529836.154:700): avc:  denied  { link } for  pid=12504 comm="syz.0.1905" name="file1" dev="tmpfs" ino=2325 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  494.327511][T12525] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1909'.
[  494.805828][T12536] fuse: Unknown parameter 'group_id00000000000000000000'
[  495.377201][T12543] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1915'.
[  495.449848][T12543] netlink: 'syz.4.1915': attribute type 39 has an invalid length.
[  495.781588][T12559] netlink: get zone limit has 8 unknown bytes
[  495.846318][T12559] nvme_fabrics: missing parameter 'transport=%s'
[  495.855886][T12559] nvme_fabrics: missing parameter 'nqn=%s'
[  496.514621][T12568] fuse: Unknown parameter 'group_id00000000000000000000'
[  496.641890][T12573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1926'.
[  496.709731][T12575] SELinux:  Context : is not valid (left unmapped).
[  496.719706][   T30] audit: type=1400 audit(1767529840.284:701): avc:  denied  { relabelto } for  pid=12569 comm="syz.0.1926" name="rdma.current" dev="tmpfs" ino=2363 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":"
[  496.785807][   T30] audit: type=1400 audit(1767529840.284:702): avc:  denied  { associate } for  pid=12569 comm="syz.0.1926" name="rdma.current" dev="tmpfs" ino=2363 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=":"
[  496.862743][T12574] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  496.878309][   T30] audit: type=1400 audit(1767529840.444:703): avc:  denied  { unlink } for  pid=5810 comm="syz-executor" name="rdma.current" dev="tmpfs" ino=2363 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":"
[  496.880158][T12574] can0: slcan on ttyS3.
[  497.100118][T12577] can0 (unregistered): slcan off ttyS3.
[  497.959178][T12604] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1933'.
[  498.487830][T12619] fuse: Unknown parameter 'group_id00000000000000000000'
[  498.627041][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1939'.
[  499.256733][   T30] audit: type=1400 audit(1767529842.824:704): avc:  denied  { write } for  pid=12627 comm="syz.1.1940" name="snmp6" dev="proc" ino=4026533014 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  500.217261][T12659] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  500.602066][   T30] audit: type=1400 audit(1767529843.844:705): avc:  denied  { getopt } for  pid=12634 comm="syz.2.1941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  500.623390][T12662] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  500.912333][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  501.101778][   T30] audit: type=1400 audit(1767529844.674:706): avc:  denied  { read } for  pid=12673 comm="syz.1.1949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  501.412041][T12688] fuse: blksize only supported for fuseblk
[  501.453364][T12686] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size.
[  501.640713][T12695] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  501.667620][T12695] CIFS mount error: No usable UNC path provided in device string!
[  501.667620][T12695] 
[  501.678444][T12695] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  501.955648][   T30] audit: type=1400 audit(1767529845.524:707): avc:  denied  { listen } for  pid=12703 comm="syz.2.1959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  503.797133][T12736] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048)
[  504.818904][T12755] netlink: 'syz.0.1973': attribute type 29 has an invalid length.
[  504.829256][T12753] netlink: 'syz.0.1973': attribute type 29 has an invalid length.
[  505.534789][T12774] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1981'.
[  505.641830][T12776] netdevsim netdevsim3: Direct firmware load for lookup_extent_enter failed with error -2
[  505.654869][T12776] netdevsim netdevsim3: Falling back to sysfs fallback for: lookup_extent_enter
[  505.984504][   T30] audit: type=1400 audit(1767529849.174:708): avc:  denied  { read } for  pid=12763 comm="syz.3.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  506.010179][   T30] audit: type=1400 audit(1767529849.224:709): avc:  denied  { firmware_load } for  pid=12763 comm="syz.3.1977" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  506.042976][   T30] audit: type=1400 audit(1767529849.274:710): avc:  denied  { setopt } for  pid=12763 comm="syz.3.1977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  507.914976][T12815] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1989'.
[  507.965503][T12813] netlink: 35 bytes leftover after parsing attributes in process `syz.1.1985'.
[  508.037008][T12812] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  508.631206][T12835] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1994'.
[  508.791775][T12842] overlayfs: failed to clone upperpath
[  509.139051][T12846] netlink: 'syz.2.1996': attribute type 4 has an invalid length.
[  509.150512][T12846] netlink: 'syz.2.1996': attribute type 4 has an invalid length.
[  509.160461][T12846] netlink: 'syz.2.1996': attribute type 4 has an invalid length.
[  509.248992][T12847] Invalid source name
[  509.256850][T12847] UBIFS error (pid: 12847): cannot open "ubifs", error -22
[  510.414140][T12864] QAT: failed to copy from user.
[  511.024123][   T30] audit: type=1326 audit(1767529854.594:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.141241][   T30] audit: type=1326 audit(1767529854.614:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.186793][   T30] audit: type=1326 audit(1767529854.614:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.220991][   T30] audit: type=1326 audit(1767529854.664:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.255981][   T30] audit: type=1326 audit(1767529854.664:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.317146][   T30] audit: type=1326 audit(1767529854.884:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.345041][   T30] audit: type=1326 audit(1767529854.884:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.382680][   T30] audit: type=1326 audit(1767529854.884:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.528565][   T30] audit: type=1326 audit(1767529855.094:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  511.572266][   T30] audit: type=1326 audit(1767529855.124:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12861 comm="syz.2.2001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0d25d8f783 code=0x7ffc0000
[  511.991278][T12884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2007'.
[  512.494293][T12894] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  514.327532][T12929] overlayfs: failed to resolve './file2': -2
[  515.811144][T12947] netlink: 'syz.0.2022': attribute type 10 has an invalid length.
[  516.548068][T12965] FAULT_INJECTION: forcing a failure.
[  516.548068][T12965] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  516.566531][T12965] CPU: 1 UID: 0 PID: 12965 Comm: syz.4.2031 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  516.566550][T12965] Tainted: [L]=SOFTLOCKUP
[  516.566554][T12965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  516.566560][T12965] Call Trace:
[  516.566564][T12965]  <TASK>
[  516.566568][T12965]  dump_stack_lvl+0x16c/0x1f0
[  516.566586][T12965]  should_fail_ex+0x512/0x640
[  516.566606][T12965]  _copy_to_user+0x32/0xd0
[  516.566623][T12965]  store_msg+0x44/0x160
[  516.566641][T12965]  do_msg_fill+0xa5/0xf0
[  516.566657][T12965]  do_msgrcv+0x1020/0x16c0
[  516.566674][T12965]  ? __pfx_do_msg_fill+0x10/0x10
[  516.566694][T12965]  ? __pfx_do_msgrcv+0x10/0x10
[  516.566714][T12965]  ? __pfx_ksys_write+0x10/0x10
[  516.566732][T12965]  ? do_syscall_64+0xcd/0xf80
[  516.566746][T12965]  do_syscall_64+0xcd/0xf80
[  516.566761][T12965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.566772][T12965] RIP: 0033:0x7f8a2618f749
[  516.566782][T12965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  516.566793][T12965] RSP: 002b:00007f8a27014038 EFLAGS: 00000246 ORIG_RAX: 0000000000000046
[  516.566804][T12965] RAX: ffffffffffffffda RBX: 00007f8a263e5fa0 RCX: 00007f8a2618f749
[  516.566811][T12965] RDX: 000000000000005c RSI: 00002000000004c0 RDI: 0000000000000000
[  516.566818][T12965] RBP: 00007f8a27014090 R08: 0000000000002000 R09: 0000000000000000
[  516.566824][T12965] R10: da72ed5a9dc29567 R11: 0000000000000246 R12: 0000000000000001
[  516.566830][T12965] R13: 00007f8a263e6038 R14: 00007f8a263e5fa0 R15: 00007fff28a925e8
[  516.566844][T12965]  </TASK>
[  516.924601][T12967] FAULT_INJECTION: forcing a failure.
[  516.924601][T12967] name failslab, interval 1, probability 0, space 0, times 0
[  516.965221][T12967] CPU: 0 UID: 0 PID: 12967 Comm: syz.4.2032 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  516.965249][T12967] Tainted: [L]=SOFTLOCKUP
[  516.965256][T12967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  516.965266][T12967] Call Trace:
[  516.965272][T12967]  <TASK>
[  516.965279][T12967]  dump_stack_lvl+0x16c/0x1f0
[  516.965306][T12967]  should_fail_ex+0x512/0x640
[  516.965333][T12967]  ? fs_reclaim_acquire+0xae/0x150
[  516.965360][T12967]  should_failslab+0xc2/0x120
[  516.965385][T12967]  __kmalloc_noprof+0xeb/0x910
[  516.965412][T12967]  ? tomoyo_encode2+0x100/0x3e0
[  516.965442][T12967]  ? tomoyo_encode2+0x100/0x3e0
[  516.965464][T12967]  tomoyo_encode2+0x100/0x3e0
[  516.965492][T12967]  tomoyo_encode+0x29/0x50
[  516.965514][T12967]  tomoyo_realpath_from_path+0x18f/0x6e0
[  516.965547][T12967]  tomoyo_path_number_perm+0x245/0x580
[  516.965567][T12967]  ? tomoyo_path_number_perm+0x237/0x580
[  516.965589][T12967]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  516.965612][T12967]  ? find_held_lock+0x2b/0x80
[  516.965663][T12967]  ? find_held_lock+0x2b/0x80
[  516.965688][T12967]  ? hook_file_ioctl_common+0x144/0x410
[  516.965721][T12967]  ? __fget_files+0x20e/0x3c0
[  516.965751][T12967]  security_file_ioctl+0x9b/0x240
[  516.965775][T12967]  __x64_sys_ioctl+0xb7/0x210
[  516.965797][T12967]  do_syscall_64+0xcd/0xf80
[  516.965822][T12967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  516.965839][T12967] RIP: 0033:0x7f8a2618f749
[  516.965853][T12967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  516.965868][T12967] RSP: 002b:00007f8a27014038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  516.965881][T12967] RAX: ffffffffffffffda RBX: 00007f8a263e5fa0 RCX: 00007f8a2618f749
[  516.965888][T12967] RDX: 00002000000001c0 RSI: 0000000040187542 RDI: 0000000000000003
[  516.965894][T12967] RBP: 00007f8a27014090 R08: 0000000000000000 R09: 0000000000000000
[  516.965900][T12967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  516.965907][T12967] R13: 00007f8a263e6038 R14: 00007f8a263e5fa0 R15: 00007fff28a925e8
[  516.965921][T12967]  </TASK>
[  516.966175][T12967] ERROR: Out of memory at tomoyo_realpath_from_path.
[  517.384620][T12971] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  517.402331][T12971] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  517.572554][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  517.572569][   T30] audit: type=1400 audit(1767529861.144:725): avc:  denied  { lock } for  pid=12979 comm="syz.1.2036" path="socket:[37260]" dev="sockfs" ino=37260 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  518.142523][T12992] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2040'.
[  518.206138][T13000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2042'.
[  518.236080][T13000] gtp0: entered promiscuous mode
[  518.241084][T13000] gtp0: entered allmulticast mode
[  518.971374][T13005] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  519.414217][T13041] openvswitch: netlink: Flow key attr not present in new flow.
[  519.422195][   T30] audit: type=1400 audit(1767529862.994:726): avc:  denied  { read } for  pid=13039 comm="syz.1.2049" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  520.028342][T13068] netlink: 'syz.2.2054': attribute type 5 has an invalid length.
[  520.102220][T13072] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2051'.
[  520.395510][T13078] Failed to initialize the IGMP autojoin socket (err -2)
[  520.423789][T13081] fuse: Bad value for 'fd'
[  520.588399][T13086] netlink: 'syz.4.2056': attribute type 10 has an invalid length.
[  520.615271][T13086] bond0: (slave wlan1): Opening slave failed
[  520.616817][T13087] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2057'.
[  522.155093][T13114] openvswitch: netlink: Flow key attr not present in new flow.
[  522.572042][T13137] Failed to initialize the IGMP autojoin socket (err -2)
[  522.667157][   T30] audit: type=1400 audit(1767529866.234:727): avc:  denied  { remount } for  pid=13136 comm="syz.1.2059" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  522.800205][T13149] fuse: Bad value for 'fd'
[  523.575877][   T30] audit: type=1326 audit(1767529867.144:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.612034][   T30] audit: type=1326 audit(1767529867.164:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.659828][   T30] audit: type=1326 audit(1767529867.174:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.685713][   T30] audit: type=1326 audit(1767529867.204:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.722310][   T30] audit: type=1326 audit(1767529867.214:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.746310][   T30] audit: type=1326 audit(1767529867.214:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.771520][   T30] audit: type=1326 audit(1767529867.214:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.796383][   T30] audit: type=1326 audit(1767529867.214:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  523.835665][   T30] audit: type=1326 audit(1767529867.214:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13154 comm="syz.3.2069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fed4c38f749 code=0x7ffc0000
[  525.193152][T13191] netlink: 'syz.4.2077': attribute type 10 has an invalid length.
[  525.746565][T13195] fuse: Invalid rootmode
[  526.021107][T13203] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  526.827290][T13221] overlayfs: failed to clone upperpath
[  527.428264][T13227] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2089'.
[  528.191258][T13237] openvswitch: netlink: IP tunnel dst address not specified
[  529.480984][T13249] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2094'.
[  529.560958][T13253] netlink: 'syz.2.2095': attribute type 10 has an invalid length.
[  529.858031][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  529.858047][   T30] audit: type=1400 audit(1767529873.424:749): avc:  denied  { create } for  pid=13259 comm="syz.4.2099" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  530.006873][T13266] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2100'.
[  530.423867][   T30] audit: type=1326 audit(1767529873.944:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13263 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd52b8f749 code=0x7fc00000
[  530.631781][T13292] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2107'.
[  530.643701][T13290] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2108'.
[  530.654089][T13290] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2108'.
[  530.666601][T13290] netlink: 'syz.2.2108': attribute type 6 has an invalid length.
[  530.683242][T13290] netlink: 'syz.2.2108': attribute type 5 has an invalid length.
[  530.691452][T13290] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2108'.
[  530.863177][T13297] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2110'.
[  530.964610][   T30] audit: type=1326 audit(1767529874.534:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13263 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efd52b8f749 code=0x7fc00000
[  531.813348][T13319] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode
[  531.820950][T13319] mac80211_hwsim hwsim3 syzkaller0: entered allmulticast mode
[  531.981623][T13322] No control pipe specified
[  532.318604][T13319] tipc: Started in network mode
[  532.338499][T13319] tipc: Node identity 080211000001, cluster identity 4711
[  532.352161][T13319] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  532.364622][T13319] tipc: Resetting bearer <eth:syzkaller0>
[  532.466345][T13329] netlink: 'syz.4.2118': attribute type 10 has an invalid length.
[  533.018718][T13337] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.2123'.
[  533.311494][T13343] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2125'.
[  533.386033][   T30] audit: type=1400 audit(1767529876.954:752): avc:  denied  { map } for  pid=13346 comm="syz.4.2127" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  533.410721][ T5919] tipc: Node number set to 134418688
[  533.421393][   T30] audit: type=1400 audit(1767529876.954:753): avc:  denied  { execute } for  pid=13346 comm="syz.4.2127" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  533.691690][T13360] overlayfs: failed to clone upperpath
[  534.154640][T13369] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  534.487649][T13378] netlink: 'syz.4.2134': attribute type 10 has an invalid length.
[  534.721133][T13380] netlink: 'syz.3.2136': attribute type 10 has an invalid length.
[  535.036729][T13385] netlink: 'syz.2.2138': attribute type 11 has an invalid length.
[  535.044651][T13385] netlink: 199788 bytes leftover after parsing attributes in process `syz.2.2138'.
[  535.819946][T13396] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  535.888729][T13399] fuse: blksize only supported for fuseblk
[  535.919434][   T30] audit: type=1400 audit(1767529879.484:754): avc:  denied  { sys_module } for  pid=13398 comm="syz.1.2143" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  536.805384][   T30] audit: type=1400 audit(1767529880.104:755): avc:  denied  { listen } for  pid=13403 comm="syz.1.2144" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  536.955422][T13409] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  539.178977][T13445] overlayfs: conflicting options: nfs_export=on,index=off
[  539.658595][T13460] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2159'.
[  539.709836][T13462] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.2160'.
[  540.004261][T13468] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  540.019094][T13471] FAULT_INJECTION: forcing a failure.
[  540.019094][T13471] name failslab, interval 1, probability 0, space 0, times 0
[  540.032009][T13471] CPU: 1 UID: 0 PID: 13471 Comm: syz.1.2162 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  540.032037][T13471] Tainted: [L]=SOFTLOCKUP
[  540.032043][T13471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  540.032053][T13471] Call Trace:
[  540.032059][T13471]  <TASK>
[  540.032066][T13471]  dump_stack_lvl+0x16c/0x1f0
[  540.032093][T13471]  should_fail_ex+0x512/0x640
[  540.032123][T13471]  should_failslab+0xc2/0x120
[  540.032146][T13471]  kmem_cache_alloc_noprof+0x83/0x770
[  540.032164][T13471]  ? lock_acquire+0x179/0x330
[  540.032183][T13471]  ? skb_clone+0x190/0x3f0
[  540.032205][T13471]  ? skb_clone+0x190/0x3f0
[  540.032219][T13471]  skb_clone+0x190/0x3f0
[  540.032236][T13471]  dev_queue_xmit_nit+0x25b/0xac0
[  540.032265][T13471]  dev_hard_start_xmit+0x56b/0x6e0
[  540.032291][T13471]  ? __sys_sendmsg+0x16d/0x220
[  540.032312][T13471]  __dev_queue_xmit+0x6d7/0x46b0
[  540.032349][T13471]  ? __pfx___dev_queue_xmit+0x10/0x10
[  540.032399][T13471]  ? __skb_clone+0x570/0x760
[  540.032432][T13471]  netlink_deliver_tap+0xa87/0xd30
[  540.032459][T13471]  netlink_unicast+0x64c/0x870
[  540.032485][T13471]  ? __pfx_netlink_unicast+0x10/0x10
[  540.032516][T13471]  netlink_sendmsg+0x8c8/0xdd0
[  540.032543][T13471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  540.032575][T13471]  ____sys_sendmsg+0xa5d/0xc30
[  540.032600][T13471]  ? copy_msghdr_from_user+0x10a/0x160
[  540.032617][T13471]  ? __pfx_____sys_sendmsg+0x10/0x10
[  540.032653][T13471]  ___sys_sendmsg+0x134/0x1d0
[  540.032672][T13471]  ? __pfx____sys_sendmsg+0x10/0x10
[  540.032722][T13471]  __sys_sendmsg+0x16d/0x220
[  540.032742][T13471]  ? __pfx___sys_sendmsg+0x10/0x10
[  540.032777][T13471]  do_syscall_64+0xcd/0xf80
[  540.032802][T13471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.032819][T13471] RIP: 0033:0x7fb35118f749
[  540.032834][T13471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  540.032851][T13471] RSP: 002b:00007fb34f3ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  540.032868][T13471] RAX: ffffffffffffffda RBX: 00007fb3513e5fa0 RCX: 00007fb35118f749
[  540.032885][T13471] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  540.032897][T13471] RBP: 00007fb34f3ee090 R08: 0000000000000000 R09: 0000000000000000
[  540.032907][T13471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  540.032917][T13471] R13: 00007fb3513e6038 R14: 00007fb3513e5fa0 R15: 00007ffdb7950308
[  540.032942][T13471]  </TASK>
[  540.904490][T13485] netlink: 'syz.3.2164': attribute type 4 has an invalid length.
[  540.912293][T13485] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2164'.
[  541.136381][T13481] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2166'.
[  541.640736][T13495] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2167'.
[  542.126444][T13507] overlayfs: failed to clone lowerpath
[  542.132128][   T30] audit: type=1400 audit(1767529885.694:756): avc:  denied  { mount } for  pid=13504 comm="syz.3.2172" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  542.383821][T13513] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  542.668551][T13517] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  542.678578][T13517] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  542.688970][T13517] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  542.698857][T13517] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  542.939881][T13524] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2178'.
[  542.977017][T13522] sch_tbf: burst 0 is lower than device lo mtu (11337746) !
[  543.922232][T13554] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2187'.
[  543.931326][T13554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2187'.
[  544.937729][T13578] fuse: Unknown parameter 'use00000000000000000000'
[  546.032455][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  546.332087][   T30] audit: type=1400 audit(1767529889.904:757): avc:  denied  { read write } for  pid=13608 comm="syz.1.2200" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  546.357146][T13609] sd 0:0:1:0: PR command failed: 1026
[  546.365834][T13609] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  546.373597][T13613] netlink: 'syz.2.2202': attribute type 17 has an invalid length.
[  546.382058][   T30] audit: type=1400 audit(1767529889.924:758): avc:  denied  { open } for  pid=13608 comm="syz.1.2200" path="/419/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  546.405104][T13609] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  546.424887][T13615] netlink: 'syz.2.2202': attribute type 17 has an invalid length.
[  546.435401][   T30] audit: type=1400 audit(1767529889.924:759): avc:  denied  { ioctl } for  pid=13608 comm="syz.1.2200" path="/419/file0/file0" dev="fuse" ino=3 ioctlcmd=0x70cc scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  546.516473][T13614] netlink: 'syz.4.2199': attribute type 10 has an invalid length.
[  546.550764][T13613] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  546.600138][T13615] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  549.071314][   T30] audit: type=1400 audit(1767529892.634:760): avc:  denied  { accept } for  pid=13666 comm="syz.4.2215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  549.730865][T13679] netlink: 'syz.2.2217': attribute type 10 has an invalid length.
[  550.077770][ T5824] Bluetooth: hci2: unexpected event for opcode 0x2019
[  553.203788][   T30] audit: type=1400 audit(1767529896.774:761): avc:  denied  { ioctl } for  pid=13716 comm="syz.2.2228" path="socket:[38688]" dev="sockfs" ino=38688 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  554.133236][ T5824] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  554.143057][ T5824] Bluetooth: hci2: Injecting HCI hardware error event
[  554.159273][ T5824] Bluetooth: hci2: hardware error 0x00
[  554.754567][T13749] netlink: 'syz.2.2234': attribute type 10 has an invalid length.
[  557.135615][T13759] kAFS: No cell specified
[  557.291041][T13760] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  557.428970][   T30] audit: type=1400 audit(1767529900.994:762): avc:  denied  { mounton } for  pid=13757 comm="syz.3.2237" path="/" dev="hugetlbfs" ino=38782 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=dir permissive=1
[  558.218418][   T30] audit: type=1400 audit(1767529901.784:763): avc:  denied  { mounton } for  pid=13785 comm="syz.2.2245" path="/bus" dev="ramfs" ino=38815 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  558.240429][T13786] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  558.510874][T13792] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  558.561578][   T30] audit: type=1400 audit(1767529902.134:764): avc:  denied  { getopt } for  pid=13789 comm="syz.1.2246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  558.964084][T13813] netlink: 'syz.2.2249': attribute type 10 has an invalid length.
[  559.098552][T13799] overlayfs: failed to clone upperpath
[  559.150261][ T5824] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  559.290686][T13817] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  559.297778][T13817] overlayfs: failed to set xattr on upper
[  559.303581][T13817] overlayfs: ...falling back to redirect_dir=nofollow.
[  559.310624][T13817] overlayfs: ...falling back to uuid=null.
[  560.062634][T13855] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2256'.
[  560.158723][T13855] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2256'.
[  560.167643][T13855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2256'.
[  560.312530][T13868] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  560.375218][T13869] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2259'.
[  560.912121][T13878] netlink: 'syz.3.2265': attribute type 10 has an invalid length.
[  560.921443][T13878] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2265'.
[  560.930867][T13878] veth0_vlan: entered allmulticast mode
[  560.939221][T13878] bridge0: port 3(veth0_vlan) entered blocking state
[  560.956223][T13878] bridge0: port 3(veth0_vlan) entered disabled state
[  560.993611][T13878] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[  561.848810][T13889] netlink: 'syz.3.2268': attribute type 10 has an invalid length.
[  561.943763][T13894] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2269'.
[  561.977792][T13898] nfs: Unknown parameter ''
[  562.565999][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  562.593722][T13907] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2273'.
[  562.602998][T13907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2273'.
[  562.611948][T13907] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2273'.
[  563.414344][T13923] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2275'.
[  563.669762][T13930] FAULT_INJECTION: forcing a failure.
[  563.669762][T13930] name failslab, interval 1, probability 0, space 0, times 0
[  563.682460][T13930] CPU: 1 UID: 0 PID: 13930 Comm: syz.1.2281 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  563.682486][T13930] Tainted: [L]=SOFTLOCKUP
[  563.682492][T13930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  563.682503][T13930] Call Trace:
[  563.682509][T13930]  <TASK>
[  563.682515][T13930]  dump_stack_lvl+0x16c/0x1f0
[  563.682543][T13930]  should_fail_ex+0x512/0x640
[  563.682568][T13930]  ? __kmalloc_noprof+0xca/0x910
[  563.682598][T13930]  should_failslab+0xc2/0x120
[  563.682622][T13930]  __kmalloc_noprof+0xeb/0x910
[  563.682649][T13930]  ? sock_kmalloc+0x111/0x170
[  563.682676][T13930]  ? sock_kmalloc+0x111/0x170
[  563.682695][T13930]  sock_kmalloc+0x111/0x170
[  563.682718][T13930]  af_alg_get_rsgl+0xe3/0x7f0
[  563.682749][T13930]  skcipher_recvmsg+0x375/0x1030
[  563.682782][T13930]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  563.682819][T13930]  sock_recvmsg+0x1f9/0x250
[  563.682844][T13930]  ____sys_recvmsg+0x218/0x6b0
[  563.682871][T13930]  ? __pfx_____sys_recvmsg+0x10/0x10
[  563.682905][T13930]  ? __lock_acquire+0x436/0x2890
[  563.682931][T13930]  ___sys_recvmsg+0x114/0x1a0
[  563.682949][T13930]  ? __pfx____sys_recvmsg+0x10/0x10
[  563.682991][T13930]  __sys_recvmsg+0x16a/0x220
[  563.683010][T13930]  ? __pfx___sys_recvmsg+0x10/0x10
[  563.683046][T13930]  do_syscall_64+0xcd/0xf80
[  563.683071][T13930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.683089][T13930] RIP: 0033:0x7fb35118f749
[  563.683103][T13930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  563.683120][T13930] RSP: 002b:00007fb34f3ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  563.683136][T13930] RAX: ffffffffffffffda RBX: 00007fb3513e6180 RCX: 00007fb35118f749
[  563.683148][T13930] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000008
[  563.683158][T13930] RBP: 00007fb34f3ac090 R08: 0000000000000000 R09: 0000000000000000
[  563.683169][T13930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.683179][T13930] R13: 00007fb3513e6218 R14: 00007fb3513e6180 R15: 00007ffdb7950308
[  563.683205][T13930]  </TASK>
[  564.071049][T13910] syz.4.2274 (13910): drop_caches: 2
[  564.525956][   T30] audit: type=1400 audit(1767529909.079:765): avc:  denied  { read } for  pid=13935 comm="syz.4.2284" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  564.555356][   T30] audit: type=1400 audit(1767529909.079:766): avc:  denied  { open } for  pid=13935 comm="syz.4.2284" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  564.859535][T13945] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  565.165372][T13947] netlink: 'syz.2.2287': attribute type 10 has an invalid length.
[  565.190884][T13950] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2286'.
[  565.305979][T13950] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2286'.
[  565.325510][T13950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2286'.
[  569.437664][T14026] netlink: 'syz.4.2311': attribute type 1 has an invalid length.
[  570.084869][T14033] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2314'.
[  570.100975][T14033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2314'.
[  570.136368][   T30] audit: type=1400 audit(1767529914.699:767): avc:  denied  { ioctl } for  pid=14034 comm="syz.1.2315" path="socket:[39542]" dev="sockfs" ino=39542 ioctlcmd=0x8949 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  571.282654][T14055] 9pnet: p9_errstr2errno: server reported unknown error 0x0000
[  572.167019][   T30] audit: type=1400 audit(1767529916.709:768): avc:  denied  { map } for  pid=14067 comm="syz.2.2324" path="socket:[39583]" dev="sockfs" ino=39583 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  572.191712][   T30] audit: type=1400 audit(1767529916.709:769): avc:  denied  { write } for  pid=14067 comm="syz.2.2324" path="socket:[39583]" dev="sockfs" ino=39583 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  572.217276][   T30] audit: type=1326 audit(1767529916.709:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14067 comm="syz.2.2324" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0d25d8f749 code=0x0
[  572.811725][T14071] /dev/nullb0: Can't lookup blockdev
[  572.972661][T14078] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2327'.
[  572.982579][T14078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2327'.
[  577.356964][ T6047] bond0: (slave bond_slave_0): interface is now down
[  577.365941][   T30] audit: type=1400 audit(1767529921.929:771): avc:  denied  { getopt } for  pid=14131 comm="syz.4.2346" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  577.385556][ T6047] bond0: (slave bond_slave_1): interface is now down
[  577.392333][ T6047] bond0: (slave bridge0): interface is now down
[  577.399313][T14138] netlink: 'syz.3.2347': attribute type 10 has an invalid length.
[  577.402869][ T6047] bond0: now running without any active interface!
[  577.474268][T14138] syz_tun: entered promiscuous mode
[  577.599112][T14138] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  577.609268][   T30] audit: type=1326 audit(1767529922.179:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  577.638423][ T6451] bond0: (slave syz_tun): interface is now down
[  577.687419][ T6451] bond0: now running without any active interface!
[  577.696848][   T30] audit: type=1326 audit(1767529922.199:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  577.724931][   T30] audit: type=1326 audit(1767529922.209:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=313 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  577.749487][   T30] audit: type=1326 audit(1767529922.209:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  577.815840][   T30] audit: type=1326 audit(1767529922.209:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  577.849553][   T30] audit: type=1326 audit(1767529922.219:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d25d8df90 code=0x7ffc0000
[  577.879529][   T30] audit: type=1326 audit(1767529922.219:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  577.903488][   T30] audit: type=1326 audit(1767529922.219:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d25d8f749 code=0x7ffc0000
[  578.152197][   T30] audit: type=1326 audit(1767529922.219:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14145 comm="syz.2.2350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0d25d8df90 code=0x7ffc0000
[  578.401426][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.417737][T14169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2358'.
[  578.427177][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.442707][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.480238][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.493851][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.509480][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.521983][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.536259][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.550436][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.563394][  T891] hid-generic 0000:0003:0003.000A: unknown main item tag 0x0
[  578.585616][  T891] hid-generic 0000:0003:0003.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  580.696575][T14178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2360'.
[  580.712160][T14178] openvswitch: netlink: IP tunnel dst address not specified
[  580.848718][T14184] 9pnet_fd: Insufficient options for proto=fd
[  582.394848][T14189] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[  584.368028][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  584.368043][   T30] audit: type=1326 audit(1767529928.929:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14218 comm="syz.3.2372" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed4c38f749 code=0x0
[  586.435726][T14261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2381'.
[  586.540619][T14263] SELinux:  Context ? is not valid (left unmapped).
[  587.578307][T14289] netlink: 204 bytes leftover after parsing attributes in process `syz.1.2386'.
[  587.956816][T14302] netlink: 'syz.1.2390': attribute type 1 has an invalid length.
[  587.999660][T14302] netlink: 288 bytes leftover after parsing attributes in process `syz.1.2390'.
[  589.169952][T14317] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(9)
[  589.176482][T14317] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  589.187311][T14317] vhci_hcd vhci_hcd.0: Device attached
[  589.359806][  T891] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  589.419681][  T891] usb 35-1: new full-speed USB device number 3 using vhci_hcd
[  590.896347][T14335] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14335 comm=syz.0.2397
[  591.670080][   T30] audit: type=1326 audit(1767529936.239:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz.4.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  591.696428][   T30] audit: type=1326 audit(1767529936.269:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz.4.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  591.720956][   T30] audit: type=1326 audit(1767529936.269:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz.4.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  591.744734][   T30] audit: type=1326 audit(1767529936.319:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz.4.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  591.768606][   T30] audit: type=1326 audit(1767529936.339:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz.4.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  591.801841][   T30] audit: type=1326 audit(1767529936.359:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14349 comm="syz.4.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a2618f749 code=0x7ffc0000
[  592.205805][T14318] vhci_hcd: connection reset by peer
[  592.211346][ T6451] vhci_hcd vhci_hcd.1: stop threads
[  592.216753][ T6451] vhci_hcd vhci_hcd.1: release socket
[  592.234682][ T6451] vhci_hcd vhci_hcd.1: disconnect device
[  594.569921][  T891] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  594.756038][T14395] fuse: Unknown parameter '0x0000000000000003'
[  594.776727][T14397] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2417'.
[  594.877450][T14399] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  596.498287][T14414] mkiss: ax0: crc mode is auto.
[  596.830096][T14420] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2422'.
[  597.283695][T14434] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2400'.
[  598.299840][T14443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2426'.
[  598.310516][T14443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2426'.
[  598.848270][   T30] audit: type=1400 audit(1767529943.409:846): avc:  denied  { mounton } for  pid=14446 comm="syz.1.2428" path="/471/file0" dev="autofs" ino=41432 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  601.216557][T14492] sp0: Synchronizing with TNC
[  601.229566][T14492] [U] è`
[  602.055502][T14500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2441'.
[  602.458593][   T30] audit: type=1400 audit(1767529946.639:847): avc:  denied  { setattr } for  pid=14493 comm="syz.2.2441" name="file0" dev="tmpfs" ino=2686 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  603.249787][T14517] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  603.311777][T14517] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  604.835746][T14551] fuseblk: block size(6656) > page size(4096) not supported by filesystem
[  604.913871][   T30] audit: type=1400 audit(1767529949.479:848): avc:  denied  { set_context_mgr } for  pid=14553 comm="syz.4.2459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  604.937483][T14554] binder_alloc: 14553: binder_alloc_buf, no vma
[  604.953316][   T30] audit: type=1400 audit(1767529949.509:849): avc:  denied  { call } for  pid=14553 comm="syz.4.2459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  605.057163][T14558] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2460'.
[  605.180858][T14564] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  606.504177][   T30] audit: type=1400 audit(1767529951.069:850): avc:  denied  { read } for  pid=14596 comm="syz.2.2471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  607.157492][T14580] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  607.178516][T14580] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  607.316383][T14580] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  607.412489][T14580] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  607.609822][T14580] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  608.048897][ T5824] Bluetooth: hci0: command 0x0406 tx timeout
[  608.057302][T14580] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  608.273502][T14618] trusted_key: encrypted_key: insufficient parameters specified
[  609.386305][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  609.639673][ T5824] Bluetooth: hci4: command 0x0405 tx timeout
[  610.100296][ T5824] Bluetooth: hci0: command 0x0406 tx timeout
[  610.128125][   T30] audit: type=1400 audit(1767529954.689:851): avc:  denied  { append } for  pid=14654 comm="syz.1.2488" name="video7" dev="devtmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  610.156899][   T30] audit: type=1400 audit(1767529954.719:852): avc:  denied  { write } for  pid=14654 comm="syz.1.2488" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  610.179367][T14656] 
[  611.459947][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  611.699685][ T5824] Bluetooth: hci4: command 0x0405 tx timeout
[  612.287414][   T30] audit: type=1400 audit(1767529956.849:853): avc:  denied  { read } for  pid=14709 comm="syz.2.2507" path="socket:[41765]" dev="sockfs" ino=41765 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  615.388467][T14749] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  616.628784][T14780] futex_wake_op: syz.0.2519 tries to shift op by 32; fix this program
[  618.327681][T14791] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2530'.
[  619.778358][   T30] audit: type=1400 audit(1767529964.339:854): avc:  denied  { create } for  pid=14806 comm="syz.0.2531" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  621.753115][T14845] loop4: detected capacity change from 0 to 7
[  621.774447][T14845] Dev loop4: unable to read RDB block 7
[  621.780689][T14845]  loop4: unable to read partition table
[  621.789086][T14845] loop4: partition table beyond EOD, truncated
[  621.797144][T14845] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  622.175407][   T30] audit: type=1400 audit(1767529966.739:855): avc:  denied  { setopt } for  pid=14854 comm="syz.1.2548" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  622.426503][T14859] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  622.460684][T14859] mkiss: ax0: crc mode is auto.
[  622.863238][T14864] delete_channel: no stack
[  622.869002][   T30] audit: type=1400 audit(1767529967.429:856): avc:  denied  { accept } for  pid=14863 comm="syz.2.2550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  622.888586][T14863] delete_channel: no stack
[  623.404088][T14879] FAULT_INJECTION: forcing a failure.
[  623.404088][T14879] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  623.417576][T14879] CPU: 0 UID: 0 PID: 14879 Comm: syz.1.2554 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  623.417604][T14879] Tainted: [L]=SOFTLOCKUP
[  623.417611][T14879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  623.417622][T14879] Call Trace:
[  623.417628][T14879]  <TASK>
[  623.417635][T14879]  dump_stack_lvl+0x16c/0x1f0
[  623.417661][T14879]  should_fail_ex+0x512/0x640
[  623.417692][T14879]  _copy_from_user+0x2e/0xd0
[  623.417725][T14879]  __snd_timer_user_ioctl.isra.0+0x1677/0x27b0
[  623.417754][T14879]  ? lock_acquire+0x179/0x330
[  623.417776][T14879]  ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10
[  623.417804][T14879]  ? __pfx___might_resched+0x10/0x10
[  623.417823][T14879]  ? rcu_is_watching+0x12/0xc0
[  623.417845][T14879]  ? do_vfs_ioctl+0x128/0x14f0
[  623.417866][T14879]  ? snd_timer_user_ioctl+0x4a/0xd0
[  623.417891][T14879]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  623.417914][T14879]  ? __pfx___mutex_lock+0x10/0x10
[  623.417958][T14879]  snd_timer_user_ioctl+0x76/0xd0
[  623.417982][T14879]  ? __pfx_snd_timer_user_ioctl+0x10/0x10
[  623.418009][T14879]  __x64_sys_ioctl+0x18e/0x210
[  623.418032][T14879]  do_syscall_64+0xcd/0xf80
[  623.418057][T14879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  623.418074][T14879] RIP: 0033:0x7fb35118f749
[  623.418088][T14879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  623.418105][T14879] RSP: 002b:00007fb34f3cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  623.418123][T14879] RAX: ffffffffffffffda RBX: 00007fb3513e6090 RCX: 00007fb35118f749
[  623.418135][T14879] RDX: 00002000000083c0 RSI: 0000000040345410 RDI: 0000000000000005
[  623.418146][T14879] RBP: 00007fb34f3cd090 R08: 0000000000000000 R09: 0000000000000000
[  623.418157][T14879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  623.418167][T14879] R13: 00007fb3513e6128 R14: 00007fb3513e6090 R15: 00007ffdb7950308
[  623.418194][T14879]  </TASK>
[  623.784836][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  624.575933][T14901] FAULT_INJECTION: forcing a failure.
[  624.575933][T14901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  624.589553][T14901] CPU: 1 UID: 0 PID: 14901 Comm: syz.1.2561 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  624.589578][T14901] Tainted: [L]=SOFTLOCKUP
[  624.589583][T14901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  624.589593][T14901] Call Trace:
[  624.589599][T14901]  <TASK>
[  624.589610][T14901]  dump_stack_lvl+0x16c/0x1f0
[  624.589638][T14901]  should_fail_ex+0x512/0x640
[  624.589670][T14901]  _copy_to_user+0x32/0xd0
[  624.589704][T14901]  simple_read_from_buffer+0xcb/0x170
[  624.589732][T14901]  proc_fail_nth_read+0x197/0x240
[  624.589752][T14901]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  624.589774][T14901]  ? rw_verify_area+0xcf/0x6c0
[  624.589793][T14901]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  624.589812][T14901]  vfs_read+0x1e4/0xcf0
[  624.589836][T14901]  ? __pfx___mutex_lock+0x10/0x10
[  624.589862][T14901]  ? __pfx_vfs_read+0x10/0x10
[  624.589891][T14901]  ? __fget_files+0x20e/0x3c0
[  624.589914][T14901]  ? bpf_trace_run2+0x1e0/0x5c0
[  624.589940][T14901]  ksys_read+0x12a/0x250
[  624.589962][T14901]  ? __pfx_ksys_read+0x10/0x10
[  624.589982][T14901]  ? syscall_trace_enter+0x1cb/0x220
[  624.590010][T14901]  ? rcu_is_watching+0x12/0xc0
[  624.590030][T14901]  do_syscall_64+0xcd/0xf80
[  624.590055][T14901]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.590073][T14901] RIP: 0033:0x7fb35118e15c
[  624.590087][T14901] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  624.590104][T14901] RSP: 002b:00007fb34f3ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  624.590121][T14901] RAX: ffffffffffffffda RBX: 00007fb3513e5fa0 RCX: 00007fb35118e15c
[  624.590133][T14901] RDX: 000000000000000f RSI: 00007fb34f3ee0a0 RDI: 0000000000000007
[  624.590144][T14901] RBP: 00007fb34f3ee090 R08: 0000000000000000 R09: 0000000000000000
[  624.590155][T14901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.590165][T14901] R13: 00007fb3513e6038 R14: 00007fb3513e5fa0 R15: 00007ffdb7950308
[  624.590191][T14901]  </TASK>
[  625.633510][T14903] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=37 sclass=netlink_tcpdiag_socket pid=14903 comm=syz.0.2562
[  625.754210][T14912] netlink: 'syz.2.2564': attribute type 11 has an invalid length.
[  626.512259][T14923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2567'.
[  627.347585][T14934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2569'.
[  627.360241][T14934] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2569'.
[  627.370866][T14934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2569'.
[  627.379961][T14934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2569'.
[  628.766855][   T30] audit: type=1400 audit(1767529973.329:857): avc:  denied  { getattr } for  pid=14944 comm="syz.2.2573" name="/" dev="pidfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  629.144581][   T30] audit: type=1400 audit(1767529973.709:858): avc:  denied  { mounton } for  pid=14954 comm="syz.4.2577" path="/461/file0" dev="tmpfs" ino=2476 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  629.918208][T14971] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2582'.
[  631.175002][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  631.188151][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  631.198688][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  631.209189][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  631.219150][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  631.229808][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  631.240627][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  631.250194][T14985] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  631.260757][T14985] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  631.340899][T14988] Failed to initialize the IGMP autojoin socket (err -2)
[  632.377894][T14999] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2590'.
[  632.772290][T15007] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (at-a2150c)
[  633.004525][   T30] audit: type=1400 audit(1767529977.569:859): avc:  denied  { execute } for  pid=15010 comm="syz.1.2594" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  634.205494][T15030] sp0: Synchronizing with TNC
[  635.032625][T15028] [U] è
[  635.765067][   T30] audit: type=1326 audit(1767529980.329:860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d25d865e7 code=0x7ffc0000
[  636.757826][   T30] audit: type=1326 audit(1767529981.299:861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0d25d2b829 code=0x7ffc0000
[  636.842277][T15052] Failed to initialize the IGMP autojoin socket (err -2)
[  637.041250][T15049] random: crng reseeded on system resumption
[  637.520600][   T30] audit: type=1326 audit(1767529981.309:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d25d865e7 code=0x7ffc0000
[  637.554841][   T30] audit: type=1326 audit(1767529981.309:863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0d25d2b829 code=0x7ffc0000
[  637.587631][   T30] audit: type=1326 audit(1767529981.309:864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d25d865e7 code=0x7ffc0000
[  637.611876][   T30] audit: type=1326 audit(1767529981.309:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0d25d2b829 code=0x7ffc0000
[  637.635309][   T30] audit: type=1326 audit(1767529981.309:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d25d865e7 code=0x7ffc0000
[  637.664759][   T30] audit: type=1326 audit(1767529981.309:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0d25d2b829 code=0x7ffc0000
[  637.688186][   T30] audit: type=1326 audit(1767529981.309:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0d25d865e7 code=0x7ffc0000
[  637.712129][   T30] audit: type=1326 audit(1767529981.309:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15047 comm="syz.2.2602" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f0d25d2b829 code=0x7ffc0000
[  639.160201][T15090] netlink: 'syz.4.2611': attribute type 10 has an invalid length.
[  639.753181][T15095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2612'.
[  639.767670][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  640.419780][T15099] netlink: 'syz.3.2615': attribute type 10 has an invalid length.
[  640.454334][T15099] batman_adv: batadv0: Adding interface: netdevsim0
[  640.460977][T15099] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  640.486708][T15099] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active
[  641.830849][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  642.376037][T15124] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2620'.
[  643.863504][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  644.811901][T15154] netlink: 'syz.1.2628': attribute type 10 has an invalid length.
[  644.998661][T15154] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.005837][T15154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.013207][T15154] bridge0: port 1(bridge_slave_0) entered blocking state
[  645.020263][T15154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  645.220020][T15154] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.227222][T15154] bridge0: port 1(bridge_slave_0) entered disabled state
[  645.939730][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  648.019953][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  648.286959][T15194] netlink: 'syz.3.2642': attribute type 10 has an invalid length.
[  648.298563][T15194] bond0: (slave wlan1): Opening slave failed
[  648.605090][T15203] netlink: 'syz.2.2645': attribute type 10 has an invalid length.
[  648.869725][T15208] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  648.876254][T15208] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  648.895382][T15208] vhci_hcd vhci_hcd.0: Device attached
[  649.441377][T15200] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2644'.
[  649.499903][ T5919] usb 35-1: new low-speed USB device number 4 using vhci_hcd
[  649.680673][T15217] FAULT_INJECTION: forcing a failure.
[  649.680673][T15217] name failslab, interval 1, probability 0, space 0, times 0
[  649.711470][T15217] CPU: 1 UID: 0 PID: 15217 Comm: syz.4.2646 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  649.711495][T15217] Tainted: [L]=SOFTLOCKUP
[  649.711499][T15217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  649.711506][T15217] Call Trace:
[  649.711510][T15217]  <TASK>
[  649.711514][T15217]  dump_stack_lvl+0x16c/0x1f0
[  649.711533][T15217]  should_fail_ex+0x512/0x640
[  649.711551][T15217]  ? __kmalloc_cache_noprof+0x5f/0x800
[  649.711571][T15217]  should_failslab+0xc2/0x120
[  649.711591][T15217]  __kmalloc_cache_noprof+0x80/0x800
[  649.711609][T15217]  ? binder_get_thread+0x225/0x8c0
[  649.711624][T15217]  ? binder_get_thread+0x225/0x8c0
[  649.711634][T15217]  ? _raw_spin_unlock+0x28/0x50
[  649.711647][T15217]  binder_get_thread+0x225/0x8c0
[  649.711661][T15217]  binder_ioctl+0x274/0x7360
[  649.711681][T15217]  ? tomoyo_path_number_perm+0x18d/0x580
[  649.711698][T15217]  ? __pfx_binder_ioctl+0x10/0x10
[  649.711713][T15217]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  649.711727][T15217]  ? do_vfs_ioctl+0x128/0x14f0
[  649.711741][T15217]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  649.711753][T15217]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  649.711774][T15217]  ? hook_file_ioctl_common+0x144/0x410
[  649.711794][T15217]  ? selinux_file_ioctl+0x180/0x270
[  649.711808][T15217]  ? selinux_file_ioctl+0xb4/0x270
[  649.711822][T15217]  ? __pfx_binder_ioctl+0x10/0x10
[  649.711836][T15217]  __x64_sys_ioctl+0x18e/0x210
[  649.711850][T15217]  do_syscall_64+0xcd/0xf80
[  649.711865][T15217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.711876][T15217] RIP: 0033:0x7f8a2618f749
[  649.711885][T15217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.711896][T15217] RSP: 002b:00007f8a27014038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  649.711906][T15217] RAX: ffffffffffffffda RBX: 00007f8a263e5fa0 RCX: 00007f8a2618f749
[  649.711913][T15217] RDX: 0000200000000300 RSI: 00000000c0306201 RDI: 0000000000000003
[  649.711920][T15217] RBP: 00007f8a27014090 R08: 0000000000000000 R09: 0000000000000000
[  649.711926][T15217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  649.711932][T15217] R13: 00007f8a263e6038 R14: 00007f8a263e5fa0 R15: 00007fff28a925e8
[  649.711946][T15217]  </TASK>
[  649.711951][T15217] binder: 15216:15217 ioctl c0306201 200000000300 returned -12
[  649.947814][T15209] vhci_hcd: connection reset by peer
[  649.979966][T13585] vhci_hcd vhci_hcd.1: stop threads
[  649.985449][T13585] vhci_hcd vhci_hcd.1: release socket
[  649.991360][T13585] vhci_hcd vhci_hcd.1: disconnect device
[  650.111308][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  651.577850][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  651.577862][   T30] audit: type=1400 audit(1767529996.139:928): avc:  denied  { execute } for  pid=15230 comm="syz.2.2651" path="/blkio.bfq.io_wait_time" dev="ramfs" ino=44340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  652.111183][T15257] netlink: 'syz.3.2657': attribute type 10 has an invalid length.
[  652.190062][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  652.523981][   T30] audit: type=1400 audit(1767529997.089:929): avc:  denied  { setopt } for  pid=15262 comm="syz.2.2660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  653.100500][T15271] FAULT_INJECTION: forcing a failure.
[  653.100500][T15271] name failslab, interval 1, probability 0, space 0, times 0
[  653.113219][T15271] CPU: 0 UID: 0 PID: 15271 Comm: syz.4.2661 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  653.113244][T15271] Tainted: [L]=SOFTLOCKUP
[  653.113248][T15271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  653.113254][T15271] Call Trace:
[  653.113258][T15271]  <TASK>
[  653.113262][T15271]  dump_stack_lvl+0x16c/0x1f0
[  653.113280][T15271]  should_fail_ex+0x512/0x640
[  653.113302][T15271]  ? fs_reclaim_acquire+0xae/0x150
[  653.113319][T15271]  should_failslab+0xc2/0x120
[  653.113334][T15271]  __kmalloc_noprof+0xeb/0x910
[  653.113352][T15271]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  653.113371][T15271]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  653.113386][T15271]  tomoyo_realpath_from_path+0xc2/0x6e0
[  653.113402][T15271]  ? tomoyo_profile+0x47/0x60
[  653.113420][T15271]  tomoyo_path_number_perm+0x245/0x580
[  653.113432][T15271]  ? tomoyo_path_number_perm+0x237/0x580
[  653.113446][T15271]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  653.113475][T15271]  ? hook_file_ioctl_common+0x144/0x410
[  653.113494][T15271]  ? __rcu_read_unlock+0x2b5/0x5a0
[  653.113510][T15271]  ? __fget_files+0x20e/0x3c0
[  653.113528][T15271]  security_file_ioctl+0x9b/0x240
[  653.113545][T15271]  __x64_sys_ioctl+0xb7/0x210
[  653.113559][T15271]  do_syscall_64+0xcd/0xf80
[  653.113574][T15271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.113586][T15271] RIP: 0033:0x7f8a2618f749
[  653.113595][T15271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.113605][T15271] RSP: 002b:00007f8a26ff3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  653.113616][T15271] RAX: ffffffffffffffda RBX: 00007f8a263e6090 RCX: 00007f8a2618f749
[  653.113622][T15271] RDX: 0000200000000000 RSI: 0000000000008b18 RDI: 0000000000000009
[  653.113629][T15271] RBP: 00007f8a26ff3090 R08: 0000000000000000 R09: 0000000000000000
[  653.113635][T15271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.113641][T15271] R13: 00007f8a263e6128 R14: 00007f8a263e6090 R15: 00007fff28a925e8
[  653.113655][T15271]  </TASK>
[  653.113673][T15271] ERROR: Out of memory at tomoyo_realpath_from_path.
[  654.062978][T15289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2668'.
[  654.094002][T15291] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2669'.
[  654.259717][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  654.659715][ T5919] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  654.820002][T15302] cgroup: Unknown subsys name 'rlimit'
[  655.277890][T15308] netlink: 'syz.3.2675': attribute type 10 has an invalid length.
[  656.339703][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  656.439281][T15326] veth0_to_team: entered promiscuous mode
[  657.081375][T15337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.091528][T15337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.754846][   T30] audit: type=1400 audit(1767530002.319:930): avc:  denied  { ioctl } for  pid=15274 comm="syz.4.2663" path="/481/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d1a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  658.455511][ T5824] Bluetooth: hci3: command 0x0406 tx timeout
[  659.221859][T15372] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  659.648387][T15386] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15386 comm=syz.1.2697
[  659.674468][T15386] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=15386 comm=syz.1.2697
[  659.773554][ T5137] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  659.784468][ T5137] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  659.792786][ T5137] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  659.802550][ T5137] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  659.810465][ T5137] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  659.849520][T15389] Failed to initialize the IGMP autojoin socket (err -2)
[  660.140755][T15389] chnl_net:caif_netlink_parms(): no params data found
[  660.474610][T15389] bridge0: port 1(bridge_slave_0) entered blocking state
[  660.530466][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  660.550388][T15389] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.557818][T15389] bridge_slave_0: entered allmulticast mode
[  660.590794][T15389] bridge_slave_0: entered promiscuous mode
[  660.620202][T15389] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.627386][T15389] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.649526][T15389] bridge_slave_1: entered allmulticast mode
[  660.677540][T15389] bridge_slave_1: entered promiscuous mode
[  661.698664][T15389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.744197][   T30] audit: type=1400 audit(1767530006.299:931): avc:  denied  { remove_name } for  pid=15437 comm="syz.4.2706" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  661.767781][   T30] audit: type=1400 audit(1767530006.299:932): avc:  denied  { unlink } for  pid=15437 comm="syz.4.2706" name="binder1" dev="binder" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  661.859981][ T5137] Bluetooth: hci5: command tx timeout
[  662.078565][T15442] CIFS mount error: No usable UNC path provided in device string!
[  662.078565][T15442] 
[  662.089523][T15442] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  662.098785][T15389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  662.169786][T12650] bond0: (slave syz_tun): Releasing backup interface
[  662.583228][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  663.025731][T15389] team0: Port device team_slave_0 added
[  663.087203][T11084] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.174900][T15389] team0: Port device team_slave_1 added
[  663.188481][T11084] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.258989][T11084] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.274624][T15389] batman_adv: batadv0: Adding interface: batadv_slave_0
[  663.281961][T15389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  663.309284][T15389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  663.453155][T15389] batman_adv: batadv0: Adding interface: batadv_slave_1
[  663.461801][T15389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  663.488583][T15389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  663.562383][T11084] batman_adv: batadv0: Removing interface: netdevsim0
[  663.572787][T11084] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.855655][T15389] hsr_slave_0: entered promiscuous mode
[  663.878022][T15389] hsr_slave_1: entered promiscuous mode
[  663.889057][T15389] debugfs: 'hsr0' already exists in 'hsr'
[  663.896888][T15389] Cannot create hsr debugfs directory
[  663.939681][ T5137] Bluetooth: hci5: command tx timeout
[  664.689690][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  664.825809][T15477] use of bytesused == 0 is deprecated and will be removed in the future,
[  664.834477][T15477] use the actual size instead.
[  665.470516][T11084] bridge_slave_1: left allmulticast mode
[  665.497810][T11084] bridge_slave_1: left promiscuous mode
[  665.505597][T11084] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.530709][T11084] bridge_slave_0: left allmulticast mode
[  665.536505][T11084] bridge_slave_0: left promiscuous mode
[  665.542527][T11084] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.717078][T11084] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  665.832564][T15493] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  666.029672][ T5137] Bluetooth: hci5: command tx timeout
[  666.113657][T11084] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  666.134183][T11084] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  666.158705][T11084] bond0 (unregistering): Released all slaves
[  666.329648][T15487] netdevsim netdevsim4 ªªªªª»: renamed from netdevsim0 (while UP)
[  666.681708][T11084] tipc: Left network mode
[  666.803982][T15502] Bluetooth: MGMT ver 1.23
[  666.817716][T15502] ipvlan0: MTU too low for tipc bearer
[  666.823439][T15502] tipc: Enabling of bearer <eth:ipvlan0> rejected, failed to enable media
[  666.836174][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  666.847982][   T30] audit: type=1400 audit(1767530011.359:933): avc:  denied  { create } for  pid=15498 comm="syz.1.2722" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  666.890615][T15500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2721'.
[  668.384575][ T5137] Bluetooth: hci5: command tx timeout
[  668.899707][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  668.910890][   T30] audit: type=1400 audit(1767530013.469:934): avc:  denied  { map } for  pid=15525 comm="syz.4.2727" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=44835 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  669.006590][   T30] audit: type=1400 audit(1767530013.469:935): avc:  denied  { read write } for  pid=15525 comm="syz.4.2727" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=44835 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  669.283674][T15535] netlink: 'syz.4.2729': attribute type 10 has an invalid length.
[  669.403373][T11084] hsr_slave_0: left promiscuous mode
[  669.417425][T11084] hsr_slave_1: left promiscuous mode
[  669.487296][T11084] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  669.529384][T11084] batman_adv: batadv0: Removing interface: batadv_slave_0
[  669.612550][T11084] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  669.631899][T11084] batman_adv: batadv0: Removing interface: batadv_slave_1
[  669.671027][T11084] batman_adv: batadv0: Removing interface: virt_wifi0
[  669.752055][T11084] veth0_macvtap: left promiscuous mode
[  669.776726][T11084] veth1_vlan: left promiscuous mode
[  670.311311][   T30] audit: type=1400 audit(1767530014.879:936): avc:  denied  { setopt } for  pid=15546 comm="syz.2.2732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  670.354548][T15549] netlink: 'syz.2.2732': attribute type 10 has an invalid length.
[  670.406173][T15552] netlink: 176 bytes leftover after parsing attributes in process `syz.2.2732'.
[  670.455732][T15552] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2732'.
[  670.979860][ T5137] Bluetooth: hci3: command 0x0406 tx timeout
[  671.797408][T15549] team0: Port device netdevsim0 added
[  672.294300][T15389] netdevsim netdevsim3 netdevsim0: renamed from eth1
[  672.478111][T15389] netdevsim netdevsim3 netdevsim1: renamed from eth2
[  672.511421][T15389] netdevsim netdevsim3 netdevsim2: renamed from eth3
[  672.605264][T15389] netdevsim netdevsim3 netdevsim3: renamed from eth4
[  777.859580][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  777.866522][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P15556/1:b..l P15550/1:b..l
[  777.876105][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=60553, q=404 ncpus=2)
[  777.883793][    C0] task:syz.1.2728      state:R  running task     stack:26568 pid:15550 tgid:15547 ppid:5817   task_flags:0x40044c flags:0x00080001
[  777.897773][    C0] Call Trace:
[  777.901027][    C0]  <TASK>
[  777.903933][    C0]  ? __schedule+0x10b9/0x6150
[  777.908584][    C0]  __schedule+0x1139/0x6150
[  777.913066][    C0]  ? __pfx___schedule+0x10/0x10
[  777.917888][    C0]  ? find_held_lock+0x2b/0x80
[  777.922541][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  777.927882][    C0]  preempt_schedule_common+0x44/0xc0
[  777.933139][    C0]  preempt_schedule_thunk+0x16/0x30
[  777.938319][    C0]  _raw_spin_unlock+0x3e/0x50
[  777.942965][    C0]  unmap_page_range+0x1047/0x43c0
[  777.947972][    C0]  ? __pfx_unmap_page_range+0x10/0x10
[  777.953314][    C0]  ? mas_next_slot+0x12d3/0x1cb0
[  777.958228][    C0]  ? uprobe_munmap+0x20/0x600
[  777.962875][    C0]  unmap_single_vma+0x153/0x240
[  777.967699][    C0]  unmap_vmas+0x218/0x470
[  777.972003][    C0]  ? __pfx_unmap_vmas+0x10/0x10
[  777.976826][    C0]  ? mas_next_slot+0x12d3/0x1cb0
[  777.981743][    C0]  exit_mmap+0x1b0/0xb60
[  777.985962][    C0]  ? __pfx_exit_mmap+0x10/0x10
[  777.990701][    C0]  ? kasan_quarantine_put+0x10a/0x240
[  777.996042][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  778.001220][    C0]  __mmput+0x12a/0x410
[  778.005264][    C0]  mmput+0x62/0x70
[  778.008957][    C0]  do_exit+0x7d7/0x2bd0
[  778.013083][    C0]  ? __pfx___might_resched+0x10/0x10
[  778.018337][    C0]  ? __pfx_do_exit+0x10/0x10
[  778.022896][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  778.027893][    C0]  ? find_held_lock+0x2b/0x80
[  778.032545][    C0]  do_group_exit+0xd3/0x2a0
[  778.037018][    C0]  get_signal+0x2671/0x26d0
[  778.041499][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  778.046410][    C0]  ? __pfx_get_signal+0x10/0x10
[  778.051238][    C0]  arch_do_signal_or_restart+0x8f/0x7e0
[  778.056757][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  778.062885][    C0]  ? __x64_sys_recvmmsg+0x1d9/0x280
[  778.068065][    C0]  exit_to_user_mode_loop+0x8c/0x540
[  778.073324][    C0]  do_syscall_64+0x4ee/0xf80
[  778.077886][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.083748][    C0] RIP: 0033:0x7fb35118f749
[  778.088129][    C0] RSP: 002b:00007fb34f3cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  778.096509][    C0] RAX: 0000000000010106 RBX: 00007fb3513e6090 RCX: 00007fb35118f749
[  778.104453][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  778.112393][    C0] RBP: 00007fb351213f91 R08: 0000000000000000 R09: 0000000000000000
[  778.120333][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  778.128272][    C0] R13: 00007fb3513e6128 R14: 00007fb3513e6090 R15: 00007ffdb7950308
[  778.136218][    C0]  </TASK>
[  778.139207][    C0] task:syz.4.2733      state:R  running task     stack:24104 pid:15556 tgid:15556 ppid:5821   task_flags:0x40064c flags:0x00080001
[  778.152643][    C0] Call Trace:
[  778.155892][    C0]  <TASK>
[  778.158800][    C0]  ? __schedule+0x10b9/0x6150
[  778.163448][    C0]  __schedule+0x1139/0x6150
[  778.167929][    C0]  ? __pfx___schedule+0x10/0x10
[  778.172749][    C0]  ? lock_acquire+0x179/0x330
[  778.177399][    C0]  preempt_schedule_irq+0x51/0x90
[  778.182400][    C0]  irqentry_exit+0x1d8/0x8c0
[  778.186964][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  778.192913][    C0] RIP: 0010:lock_acquire+0x62/0x330
[  778.198079][    C0] Code: b4 18 12 83 f8 07 0f 87 a2 02 00 00 89 c0 48 0f a3 05 22 be ee 0e 0f 82 74 02 00 00 8b 35 ba ee ee 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 39 b4 18 12 0f 85 ad 02 00 00 48 83 c4
[  778.217655][    C0] RSP: 0018:ffffc9000be3eec0 EFLAGS: 00000206
[  778.223688][    C0] RAX: 0000000000000046 RBX: ffffffff8e3c96a0 RCX: 0000000068c1bacb
[  778.231628][    C0] RDX: 0000000000000000 RSI: ffffffff8daa845f RDI: ffffffff8bf2b480
[  778.239574][    C0] RBP: 0000000000000002 R08: 00000000ffffffff R09: 00000000ffffffff
[  778.247524][    C0] R10: 0000000000000002 R11: ffff8880203b54b0 R12: 0000000000000000
[  778.255464][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  778.263412][    C0]  ? unwind_next_frame+0x3f4/0x20b0
[  778.268586][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  778.274709][    C0]  unwind_next_frame+0xd1/0x20b0
[  778.279622][    C0]  ? unwind_next_frame+0xbd/0x20b0
[  778.284704][    C0]  ? dput+0x1f/0x30
[  778.288483][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  778.294616][    C0]  arch_stack_walk+0x94/0x100
[  778.299270][    C0]  ? dput+0x1f/0x30
[  778.303050][    C0]  stack_trace_save+0x8e/0xc0
[  778.307696][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  778.313037][    C0]  ? __lock_acquire+0x436/0x2890
[  778.317943][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  778.323114][    C0]  save_stack+0x160/0x1f0
[  778.327416][    C0]  ? __pfx_save_stack+0x10/0x10
[  778.332238][    C0]  ? free_unref_folios+0xa22/0x1610
[  778.337402][    C0]  ? folios_put_refs+0x4be/0x750
[  778.342307][    C0]  ? shmem_undo_range+0x58f/0x1140
[  778.347386][    C0]  ? shmem_evict_inode+0x39e/0xbe0
[  778.352462][    C0]  ? evict+0x3c2/0xad0
[  778.356498][    C0]  ? iput.part.0+0x621/0x1190
[  778.361143][    C0]  ? iput+0x35/0x40
[  778.364920][    C0]  ? dentry_unlink_inode+0x29c/0x480
[  778.370178][    C0]  ? __dentry_kill+0x1d0/0x600
[  778.374913][    C0]  ? finish_dput+0x76/0x480
[  778.379383][    C0]  ? dput.part.0+0x451/0x570
[  778.383944][    C0]  ? dput+0x1f/0x30
[  778.387723][    C0]  ? page_ext_put+0x3e/0xd0
[  778.392199][    C0]  __reset_page_owner+0x84/0x1a0
[  778.397109][    C0]  free_unref_folios+0xa22/0x1610
[  778.402103][    C0]  ? rcu_is_watching+0x12/0xc0
[  778.406836][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  778.412616][    C0]  folios_put_refs+0x4be/0x750
[  778.417352][    C0]  ? __pfx_folios_put_refs+0x10/0x10
[  778.422607][    C0]  ? folio_batch_remove_exceptionals+0x115/0x1a0
[  778.428917][    C0]  shmem_undo_range+0x58f/0x1140
[  778.433827][    C0]  ? __pfx_shmem_undo_range+0x10/0x10
[  778.439187][    C0]  ? unwind_get_return_address+0x59/0xa0
[  778.444790][    C0]  ? arch_stack_walk+0xa6/0x100
[  778.449617][    C0]  shmem_evict_inode+0x39e/0xbe0
[  778.454526][    C0]  ? inode_wait_for_writeback+0x170/0x390
[  778.460219][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  778.465646][    C0]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  778.471686][    C0]  ? find_held_lock+0x2b/0x80
[  778.476338][    C0]  ? evict+0x37e/0xad0
[  778.480386][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  778.485812][    C0]  evict+0x3c2/0xad0
[  778.489677][    C0]  ? find_held_lock+0x2b/0x80
[  778.494327][    C0]  ? __pfx_evict+0x10/0x10
[  778.498712][    C0]  ? iput.part.0+0x619/0x1190
[  778.503360][    C0]  iput.part.0+0x621/0x1190
[  778.507846][    C0]  iput+0x35/0x40
[  778.511450][    C0]  dentry_unlink_inode+0x29c/0x480
[  778.516538][    C0]  __dentry_kill+0x1d0/0x600
[  778.521100][    C0]  finish_dput+0x76/0x480
[  778.525399][    C0]  dput.part.0+0x451/0x570
[  778.529786][    C0]  dput+0x1f/0x30
[  778.533389][    C0]  __fput+0x51c/0xb70
[  778.537340][    C0]  task_work_run+0x150/0x240
[  778.541902][    C0]  ? __pfx_task_work_run+0x10/0x10
[  778.546990][    C0]  do_exit+0x87f/0x2bd0
[  778.551116][    C0]  ? proc_coredump_connector+0x2d1/0x4f0
[  778.556720][    C0]  ? __pfx_do_exit+0x10/0x10
[  778.561282][    C0]  do_group_exit+0xd3/0x2a0
[  778.565756][    C0]  get_signal+0x2671/0x26d0
[  778.570239][    C0]  ? __pfx_get_signal+0x10/0x10
[  778.575067][    C0]  arch_do_signal_or_restart+0x8f/0x7e0
[  778.580585][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  778.586714][    C0]  ? __bad_area_nosemaphore+0x350/0x690
[  778.592233][    C0]  irqentry_exit+0x38a/0x8c0
[  778.596798][    C0]  asm_exc_page_fault+0x26/0x30
[  778.601628][    C0] RIP: 0033:0x7f8a2604f6b7
[  778.606011][    C0] RSP: 002b:00007f8a26ff51a0 EFLAGS: 00010206
[  778.612044][    C0] RAX: 0000000000000000 RBX: 000000000000000b RCX: 00007f8a2618f749
[  778.619996][    C0] RDX: 00007f8a26ff51c0 RSI: 00007f8a26ff52f0 RDI: 000000000000000b
[  778.627937][    C0] RBP: 00007f8a26213f91 R08: 0000000000000000 R09: 0000000000000000
[  778.635876][    C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  778.643816][    C0] R13: 00007f8a263e6038 R14: 00007f8a263e5fa0 R15: 00007fff28a925e8
[  778.651763][    C0]  </TASK>
[  778.654752][    C0] rcu: rcu_preempt kthread starved for 10578 jiffies! g60553 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  778.666081][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  778.676015][    C0] rcu: RCU grace-period kthread stack dump:
[  778.681868][    C0] task:rcu_preempt     state:I stack:27432 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  778.693739][    C0] Call Trace:
[  778.696999][    C0]  <TASK>
[  778.699902][    C0]  ? __schedule+0x10b9/0x6150
[  778.704551][    C0]  __schedule+0x1139/0x6150
[  778.709027][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  778.714196][    C0]  ? __pfx___schedule+0x10/0x10
[  778.719019][    C0]  preempt_schedule_irq+0x51/0x90
[  778.724013][    C0]  irqentry_exit+0x1d8/0x8c0
[  778.728575][    C0]  ? rcu_is_watching+0x12/0xc0
[  778.733309][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  778.738735][    C0] RIP: 0010:rcu_gp_fqs_loop+0x1b8/0xaf0
[  778.744251][    C0] Code: 4c 8d ac 24 80 00 00 00 48 c7 84 24 80 00 00 00 00 00 00 00 48 83 e8 58 48 89 84 24 88 00 00 00 48 89 84 24 90 00 00 00 eb 35 <0f> bf 2d 09 54 99 0c 89 e8 a8 02 75 42 48 8b 05 ac 4e 99 0c 48 85
[  778.763828][    C0] RSP: 0018:ffffc90000157c28 EFLAGS: 00000246
[  778.769863][    C0] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000000
[  778.777802][    C0] RDX: 0000000000000001 RSI: ffffffff8dace4f3 RDI: 0000000000000001
[  778.785742][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[  778.793681][    C0] R10: ffffffff9088b9d7 R11: ffff88801da88b30 R12: ffffffff8e011280
[  778.801620][    C0] R13: ffffc90000157ca8 R14: 0000000000000001 R15: 0000000000000000
[  778.809573][    C0]  ? rcu_gp_fqs_loop+0x201/0xaf0
[  778.814489][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  778.819746][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  778.824920][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  778.829827][    C0]  ? rcu_gp_cleanup+0x7c1/0xe90
[  778.834656][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  778.840433][    C0]  rcu_gp_kthread+0x26d/0x380
[  778.845082][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  778.850249][    C0]  ? rcu_is_watching+0x12/0xc0
[  778.854981][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  778.860149][    C0]  ? __kthread_parkme+0x19e/0x250
[  778.865144][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  778.870313][    C0]  kthread+0x3c5/0x780
[  778.874353][    C0]  ? __pfx_kthread+0x10/0x10
[  778.878914][    C0]  ? rcu_is_watching+0x12/0xc0
[  778.883643][    C0]  ? __pfx_kthread+0x10/0x10
[  778.888204][    C0]  ret_from_fork+0x983/0xb10
[  778.892765][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  778.897847][    C0]  ? __switch_to+0x7af/0x10d0
[  778.902494][    C0]  ? __pfx_kthread+0x10/0x10
[  778.907056][    C0]  ret_from_fork_asm+0x1a/0x30
[  778.911800][    C0]  </TASK>
[  778.914789][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  778.921075][    C0] Sending NMI from CPU 0 to CPUs 1:
[  778.926253][    C1] NMI backtrace for cpu 1
[  778.926266][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  778.926285][    C1] Tainted: [L]=SOFTLOCKUP
[  778.926290][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  778.926297][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  778.926314][    C1] Code: c6 5f 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 49 12 00 fb f4 <e9> cc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  778.926326][    C1] RSP: 0018:ffffc90000197de8 EFLAGS: 000002c6
[  778.926337][    C1] RAX: 0000000002963e75 RBX: 0000000000000001 RCX: ffffffff8b7816d9
[  778.926345][    C1] RDX: 0000000000000000 RSI: ffffffff8dace4f3 RDI: ffffffff8bf2b480
[  778.926354][    C1] RBP: ffffed1003b56498 R08: 0000000000000001 R09: ffffed10170a673d
[  778.926362][    C1] R10: ffff8880b85339eb R11: ffff88801dab2ff0 R12: 0000000000000001
[  778.926371][    C1] R13: ffff88801dab24c0 R14: ffffffff9088b9d0 R15: 0000000000000000
[  778.926380][    C1] FS:  0000000000000000(0000) GS:ffff8881249f5000(0000) knlGS:0000000000000000
[  778.926394][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  778.926403][    C1] CR2: 00007f8a261733e0 CR3: 000000007527f000 CR4: 00000000003526f0
[  778.926411][    C1] Call Trace:
[  778.926416][    C1]  <TASK>
[  778.926421][    C1]  default_idle+0x13/0x20
[  778.926439][    C1]  default_idle_call+0x6c/0xb0
[  778.926457][    C1]  do_idle+0x38d/0x510
[  778.926478][    C1]  ? __pfx_do_idle+0x10/0x10
[  778.926500][    C1]  cpu_startup_entry+0x4f/0x60
[  778.926519][    C1]  start_secondary+0x21d/0x2d0
[  778.926533][    C1]  ? __pfx_start_secondary+0x10/0x10
[  778.926548][    C1]  common_startup_64+0x13e/0x148
[  778.926569][    C1]  </TASK>