last executing test programs:

11.573025703s ago: executing program 2 (id=1104):
semop(0xffffffffffffffff, &(0x7f0000000000)=[{0x4, 0xf}], 0x1)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x1c, r1, 0xc11, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40440c6}, 0x8000)

11.282416724s ago: executing program 2 (id=1108):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f00000f8000/0x2000)=nil, 0x2000, 0xb635773f06ebbee3, 0x1010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r4 = socket(0x200000000000011, 0x4000000000080002, 0x0)
bind$packet(r4, &(0x7f0000000d00)={0x11, 0x0, 0x0, 0x1, 0x7f, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x31}}, 0x14)

10.775177031s ago: executing program 2 (id=1110):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x0, {0x0, 0x0, 0x2}, 0x1}, 0x18)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="0b5bb55a008b05b7f5265be7aebdf5310a832a5cb64fbb82b265bdb4f4a67c4e3b122c97feb5bc8cdccc39b2350ed65f25f2d78e59212a678edf88a733b22fdec22b64597ae86b612c23dd5d8313be0b5f30eea0d11653c5051b0f794a7fd95b408fc61dd2a5c492c178fd91a1d78279c51d3841b3c636a448d38923ad1b44b39645888d961d4938e66007dac5570fe49629bd70d9b87962e947e64c10c76c410202098933d7326f22898aca2f576e8df10191446f28e47aacf37c62cf8428125b363005994014eff3bc0cff61425d23d4874edb56", 0xd5}, {&(0x7f0000000440)="bd5cc661df5ed14f3bf00fb2d4cd580950c84e55ddc23b87074ed0fb66dadf1c0a323f4fe02984d0e3a6431cdbb88b47ad008a774c31685e8f7805deb49c6973f45e36b236618b06e4a6b57decf4610031ef34ecdc01688997e8ca5d36f4e0a641ea", 0x62}], 0x2, &(0x7f00000004c0)=ANY=[@ANYBLOB="3000000000000000000000000700000089133cac14144400000000e0000001e0000002070289210a010102140000000000000000040000010000000900000000000000"], 0x48}, 0x4000)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0x1}, 0x2}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2$watch_queue(0x0, 0x80)
r3 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040), 0x43)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, 0x0, 0x0)
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0xa, 0x0, 0x10000}, 0x28)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x18, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x4}]}, 0x18}}, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
recvmmsg(r4, &(0x7f0000004400), 0x3fffffffffffff2, 0x0, 0x0)
getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080), &(0x7f0000000180)=0x4)
syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff)
creat(&(0x7f00000000c0)='./file0\x00', 0x8b)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

8.292325913s ago: executing program 0 (id=1117):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0, 0x20}, {}, {0x0, 0x9}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x0, 0x2}}, 0xe8)
unshare(0x60600)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2005ae3a82"], 0x10}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x810, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a", @ANYRES32=r0, @ANYRESDEC=r3, @ANYRES16], 0x80}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x30000091)
socketpair(0x25, 0x1, 0x0, &(0x7f0000000080))
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x82881, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@local, 0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r6, 0x7a6, &(0x7f0000000100)={0x6, 0x3, 0x3, 0x1, 0xfa, 0x4b})

7.828955251s ago: executing program 0 (id=1121):
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getdents64(0xffffffffffffffff, &(0x7f0000000440)=""/191, 0xbf)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffed]}, 0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xa6}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file1\x00', &(0x7f0000000240)='system.posix_acl_default\x00', 0x0, 0x0, 0x0)
rt_sigaction(0x28, &(0x7f00000000c0)={&(0x7f0000000040)="c4c2859aae2822b8fc653667f2c8613b758fe878c162861d0fae3a660f3835790fc4636178248bc4c48171c41e4766400f382a0a36450f38081f40d9ec", 0xd0000002, &(0x7f0000000080)="f30f512cf2c4e1f85a1bc4e21bf5af000000006546dfe0470f1a3522f8887e64ad660f383801c42221991491c46109f4595c6566430f1716", {[0xfffffffffffffffc]}}, 0x0, 0x8, &(0x7f00000003c0))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x3, 0x7fffffff)
syz_emit_vhci(&(0x7f0000000780)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}}}, 0x9)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{0xa, 0x5}, {0x6, 0x1}, {0x6, 0xfffffffd}]}]}}, &(0x7f0000000100)=""/141, 0x3e, 0x8d, 0x1, 0x7}, 0x28)
signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0x698]}, 0x8, 0x80000)
kexec_load(0xf5, 0x1, &(0x7f0000000b80)=[{0x0, 0x0, 0x0, 0x1000}], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001a40), 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10)

6.487097735s ago: executing program 1 (id=1123):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
creat(&(0x7f0000000400)='./bus\x00', 0x0)
truncate(0x0, 0x231f)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f00000003c0)=""/188)

6.301031253s ago: executing program 0 (id=1125):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="1400000016000b63d25a80648c25940121", 0x11}, {&(0x7f0000000280)="e26248", 0x3}], 0x2}, 0x40050)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x34004811)
symlink(&(0x7f0000000880)='.\x00', 0x0)
mount$nfs(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x4e24, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0xffffffff}}, 0x0, 0x0, 0x34, 0x0, "7a850d6b1d0490593df217dd0ec166c75521843e14d85d1193430697451dda895b1dfeb2f16747f29749132de02698a14260cce307f16c462b3128a6f5b70cb022ef798fb9eac93902e796b0c549b80f"}, 0xd8)

6.224033163s ago: executing program 1 (id=1126):
r0 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r0, 0x0, 0x0)

6.168187866s ago: executing program 4 (id=1127):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045011, 0x0)
r0 = openat$rtc(0xffffff9c, 0x0, 0xb0000, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0x11000000)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000180)={0x3, 0x980900, 0x1})
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000012c0)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'})
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0xfe, &(0x7f00000001c0)=[{&(0x7f00000007c0)="d8000000180081054e81f782db4cb904021d0800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370301a8001600a40002400f000100035c0461c1d67f6f94007134cf6edb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090014d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00350db798262f3d40fad95667e006dcdf63951f215c3f8b6ad2cba0e2375ee535e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x20000800)
ioprio_set$pid(0x2, 0x0, 0x4000)

5.585193678s ago: executing program 1 (id=1128):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640))
r0 = socket$inet(0x2, 0x4000000000000001, 0x2)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000240)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005001600000000000c240000e9fffff5ffffffff222403f3ff00000502452406", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16, @ANYRES8=r0], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00004a3000/0x2000)=nil, 0x2000}, 0x5})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0200"])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = getpid()
prlimit64(r3, 0xe, &(0x7f0000000080)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r5 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000ac0)={0x0, 0xd0}, &(0x7f0000000b00)=0x8)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)

5.458054401s ago: executing program 0 (id=1130):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000006040)={0x3c, r1, 0x29d4c3e6147add6f, 0x0, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x10, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3000000}]}]}]}, 0x3c}}, 0x0)
unshare(0x26020280)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0}}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={r4, @in={{0x2, 0x0, @empty}}, 0xfffffffe, 0x0, 0x0, 0x0, 0xd4, 0x40000}, 0x9c)
syz_clone(0x5000, 0x0, 0xfffffffffffffd57, 0x0, 0x0, 0x0)
syz_clone(0x180, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x601, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x1)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000004200)={0x50, 0x0, r7, {0x7, 0x29, 0x2, 0x80000}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f00000042c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eeffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x0, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x83, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0xb)
read$FUSE(r8, &(0x7f00000062c0)={0x2020}, 0x2020)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
writev(r5, &(0x7f0000000240)=[{&(0x7f0000000740)="a8d85701d3e3874de4d12e610eb1889b379a412d0800ce4719fb59075558b8060af3cd0fa31e259c88086c99d2f9d27324e8496642294d8f471f3181e68501e971838b56febe55885f4d640d472d7b220ee47a76c3aa115a175cfc1a40cf53a00075e69dfefc2b3a27cbc52dd4867283c6949c0e88180f0fcca5211388dde738cd5a560676f9ee5c85b2338513c5bea662ea2a18809eb47035f7c5a80bf7c41575ba18858d223035d60921180b048cd0708385116155b4e6bf8eeace7a5148892975c00f7e938ff147512051a96e9e1f92b81b729565f8f9d5ba178fa95a9fbdc6e4f0bea9c9c385e86fc878aa71afca0efd782e50913b8c7d82bce037bae12e9a8ec9f3b7e69e68231d117ff9c4d2410100d5773282d9a8c864dc79a91b91a230f5a7940c65e32d7e8e9107b04d427c6c0462436b0fa9f3916ff4d29828a2c923466c12b8640f1fc2e241f8d1a32abd421adc1664cecd362181ef6798ee576b13124e8d759f1b99beda344b4be5285c045efd5abf4a9493453b721f4bf848edd73bb79043315720dc039f3ccce3df1f9e2b96302634f81ce0a1ddd969a642a8e534b3d7a3becb6c53687195f1601fbbc12ece850f9ca0cdedf24aaeeec5a4d8a432bdefcd352333b9b302e34237fdc2406315c3c7311d03a05c7ebf9bc4c2fe286957f45ce6e6185229f4634a9a28aa78d7f03c0a65ca10e11a62a8bbe58599115a55bcf90fe65509c88024651ca84d7dc7e40b1c407fc6f47a898c81e27a938b0c6fc183cb588a1ff8870a2a2b8aa21296fdb2f0760eb49f47d5049d68688a706e79c282394854b3a5e9ba7cad953b510123d76a93e85754b9752f900cdd05d383c87657ad389685be93e0ceb8b8e7f377aae818ae5385ca94295861b7879911713cd420f8673ef2349fb15f751311ee64900c961e8fbbbc5451edfcbc51ff049c81ed9d598ab2d113675ee128710ac9358a3a2b966f8e7233380606ed8d34d3ce20ef1f4805a4a013a10189d3222087e8988da1bc64104ab452bcc2e6db2123cadda37b7a777ab8570fc165d5b080321600aa90c5e4ceb5f36e80a1", 0x2fd}], 0x1)
r10 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r10, 0x0, 0x0)
syz_usb_control_io$hid(r10, 0x0, 0x0)
syz_usb_control_io(r10, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000240)={0x0, 0x13}, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x4, {0x0, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TCSETAW(r5, 0x5407, &(0x7f00000024c0)={0x5, 0x9, 0x6, 0x7, 0x1b, "f1b3830dab37cfb4"})

5.444182946s ago: executing program 4 (id=1131):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0xa0, 0x20}, {}, {0x0, 0x9}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in=@empty, 0x0, 0x0, 0x2}}, 0xe8)
unshare(0x60600)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2005ae3a82"], 0x10}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x810, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a", @ANYRES32=r0, @ANYRESDEC=r3, @ANYRES16], 0x80}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x30000091)
socketpair(0x25, 0x1, 0x0, &(0x7f0000000080))
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x82881, 0x0)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@local, 0x1})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r6, 0x7a6, &(0x7f0000000100)={0x6, 0x3, 0x3, 0x1, 0xfa, 0x4b})

5.425769588s ago: executing program 3 (id=1132):
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0xe, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000009da330a4ec42205482"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$igmp(0x2, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
pivot_root(0x0, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x24}}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000034700)=""/102381, 0x18fed)
kexec_load(0x0, 0x1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x41000000}], 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x44080)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$tmpfs(0x0, 0x0, &(0x7f00000001c0), 0x80, &(0x7f00000000c0)=ANY=[@ANYBLOB="71756f121711375d27d9bb1f9c463c6a5d134680f7f42321077affd4cb0754bad7002c088cc21acc6dd24808cf114c6654ee918555e6ecf2cbe10a96c56c7662ebaa8663e315dfb2d63fbf81fbf4cfa2ff5fe1616caad9f6"])
read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020)
socket(0x1, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4420115d26675f27598841965fa91088252"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000080), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0xfffffffffffffe71)
r5 = fsopen(&(0x7f00000011c0)='hfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r6, @ANYRES32=r4, @ANYBLOB='&'], 0x10)

4.168854852s ago: executing program 3 (id=1133):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r2, 0x29, 0x37, 0x0, 0x8)
openat$audio(0xffffff9c, 0x0, 0x80, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0xee24, 0xffffffffffffffff, 0x0, 0x3}, 0x0)
fsopen(&(0x7f0000000000)='exfat\x00', 0x0)

4.167988412s ago: executing program 4 (id=1134):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xb00, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, 0x0) (fail_nth: 2)

3.826905903s ago: executing program 4 (id=1135):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000000c80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}, {{&(0x7f0000001180)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)="0a541f", 0x3}], 0x1}}], 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000040), &(0x7f0000000080)=0x4)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r2 = inotify_init1(0x0)
ptrace$getenv(0x4201, 0x0, 0x5, &(0x7f0000000380))
inotify_add_watch(r2, &(0x7f0000000040)='./file1\x00', 0x2000775)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000001c0)=@abs, 0x6e)
chown(&(0x7f0000001140)='./cgroup.cpu/cgroup.procs\x00', 0xee00, 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$TIPC_NL_PEER_REMOVE(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="60010000", @ANYRES16=r6, @ANYBLOB="01000000000000000000140000000c00078008000200ff7f00000c00068004000200040005009000058007000100696200000700010069620000440002800800020007000000080004000400000008000400040000000800010017000000080002000500000008000300070000000000000003000000080004000a00"], 0x160}}, 0x0)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000780)={[&(0x7f0000000280)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000380)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000480)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000580)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000840)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}, &(0x7f0000000a80)={[&(0x7f0000000a40)='.^*%$\'-\\:\x00']})

3.429966091s ago: executing program 2 (id=1136):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000400), 0x9, 0x0)
syz_usb_connect(0x5, 0x3d, &(0x7f0000000500)=ANY=[@ANYBLOB="12011001c2bc7710fd0b060189ec010203010902"], 0x0)
pipe2$watch_queue(&(0x7f0000000540), 0x80)
setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x1ff}, 0x8)
pselect6(0x40, &(0x7f0000000140)={0xfc, 0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000001c0)=0x2)
listen(r0, 0x0)
r3 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080), 0x10)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x80108907, 0x0)
sendmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x24008094)

2.766024302s ago: executing program 4 (id=1137):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x101, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f0000000140)="84", 0x1}], 0x2}}], 0x1, 0x4400c800)
socket$inet_udp(0x2, 0x2, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000206d0494c2000000000001090224000100000003090400000103000300092134b40001220600090581030002"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000a40)={0x2c, &(0x7f0000000340)={0x40, 0x8, 0x6, {0x6, 0xd, "85050000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
open(0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r2, &(0x7f0000000980)=[{&(0x7f0000000500)="be", 0x1}], 0x1, 0x5, 0xa, 0x20)

2.692190723s ago: executing program 3 (id=1138):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)

2.294946615s ago: executing program 0 (id=1139):
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='gfs2\x00', 0x2208004, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xc, &(0x7f0000000300)={0x10000000000008, 0x200000100008c}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x3, &(0x7f0000000340)=0xc001)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002240)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x1, &(0x7f0000000040)=0x401)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r7, 0x0, 0x0)
pread64(0xffffffffffffffff, &(0x7f0000000400)=""/253, 0xfd, 0x4eb)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

1.754236479s ago: executing program 1 (id=1140):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='attr\x00')
ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000240)={0x0, {0x2, 0x4e20, @multicast1}, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1c}}, {0x2, 0x4e22, @loopback}, 0x20, 0x0, 0x0, 0x0, 0x4, &(0x7f00000001c0)='pimreg0\x00', 0x0, 0xff, 0x3})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b0400724031000001800a00010071756f7461000000100002800c00014000000000000000030900010073797a30000000000900020006797a3200000000140000001100010000000000000000000000000a00"/123], 0x78}}, 0x0)
close(0x3)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
setsockopt$inet6_tcp_int(r1, 0x11a, 0x3, &(0x7f0000000100)=0x304, 0x4)
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r4, 0x890c, 0x0)
ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000000)=<r5=>0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r4, 0x8983, &(0x7f00000000c0)={0x1, 'wg1\x00', {}, 0x2})
sched_setscheduler(r5, 0x5, &(0x7f0000000040)=0x50)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x200b00, 0x0)

1.694875241s ago: executing program 1 (id=1141):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r1 = gettid()
r2 = syz_open_procfs(r1, &(0x7f0000000040)='timerslack_ns\x00')
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000100)={0x30}, 0x30)

1.541741902s ago: executing program 1 (id=1142):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800100000400000028000000", @ANYRES32, @ANYBLOB, @ANYRES32=<r1=>0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000558b68aac2ad00b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x288, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYRES16=r1], 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x10)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r3, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'veth1\x00', <r11=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r12 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r12, &(0x7f0000019680)=""/102392, 0x18ff8)
open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8001, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x4005, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x8000, 0x5, 0xffffffff, 0xe661, 0x4, 0x5, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0x2, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x2e, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x9, 0x9, 0x5, 0x4, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x4000005, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x10009, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x800d7, 0x200, 0xffff3441, 0xfff]}, 0x45c)

1.479406612s ago: executing program 2 (id=1143):
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000126abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3acb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f00000009c0)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
r5 = epoll_create(0x9ec7)
epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r1, &(0x7f0000000280)={0xd0000001})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='bcache_btree_gc_coalesce\x00', r1, 0x0, 0x3}, 0x18)
sendmsg$IPCTNL_MSG_EXP_NEW(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="900000000002010400000000000000000a000000040001803c0003800c00028005000100840000002c00018014000300"], 0x90}, 0x1, 0x0, 0x0, 0x14}, 0x0)
io_submit(0x0, 0x2190, &(0x7f0000000000))
setsockopt$WPAN_WANTLQI(r6, 0x0, 0x3, &(0x7f0000000240), 0x4)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
close(r0)

674.332443ms ago: executing program 4 (id=1144):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x4}, 0x50)
r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x50)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
r6 = fanotify_init(0x10, 0x80000)
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000000), 0x2000000, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}})
r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480)=0xffffffffffffffff, 0x4)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000004c0)={0xd3, <r8=>0x0}, 0x8)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x1, 0x28, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x4}, {}, {}, [@generic={0xb, 0x6, 0x7, 0x1, 0x4}, @call={0x85, 0x0, 0x0, 0x43}, @call={0x85, 0x0, 0x0, 0x77}, @map_fd={0x18, 0x2, 0x1, 0x0, r1}, @tail_call, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff9}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000640)='syzkaller\x00', 0x4, 0x43, &(0x7f0000000680)=""/67, 0x41000, 0x55, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, r0, 0x2, &(0x7f0000000740)=[0x1, 0xffffffffffffffff], &(0x7f0000000780)=[{0x2, 0x5, 0xf, 0x8}, {0x4, 0x5, 0x7}]}, 0x94)
r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xbbdb, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x1}, 0x50)
r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000900)={0xffffffffffffffff, 0x3, 0x8}, 0xc)
r12 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000034000000bc00000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000940)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5}, 0x50)
pipe2$9p(&(0x7f0000000080)={<r14=>0xffffffffffffffff, <r15=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r15, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r16 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r16, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e20, @empty}], 0x10)
r17 = dup(r15)
write$FUSE_BMAP(r17, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000680)=ANY=[@ANYRESHEX=r14, @ANYBLOB=',wfdno=', @ANYRESHEX=r17, @ANYBLOB=',cache=readahead,'])
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x1a, 0x2e, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@ldst={0x0, 0x1, 0x4, 0x7, 0xa, 0xfffffffffffffff2, 0x10}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @map_fd={0x18, 0x3, 0x1, 0x0, r4}, @printk={@d, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @map_idx={0x18, 0x0, 0x5, 0x0, 0xf}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x2c, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x9, &(0x7f00000009c0)=[r10, r11, r12, 0x1, 0x1, r13, r17], &(0x7f0000000a00)=[{0x2, 0x1, 0x8, 0x5}, {0x1, 0x5, 0x4, 0x4}, {0x2, 0x1, 0xb, 0xf}, {0x0, 0x1, 0x0, 0x5}, {0x3, 0x1, 0xf, 0x8}, {0x4, 0x4, 0x5}, {0x4, 0x2, 0x1, 0x1}, {0x3, 0x2}, {0x3, 0x3, 0x6, 0x9}], 0x10, 0x1}, 0x94)

670.850782ms ago: executing program 0 (id=1145):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000200000006110600000000000c60000000000000095000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x15}, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vxcan0\x00', <r4=>0x0})
r5 = epoll_create1(0x0)
r6 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
syz_usb_connect$cdc_ncm(0x6, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f0000000400)={0xa})
epoll_pwait(r5, &(0x7f0000000080)=[{}], 0x1, 0x4c6, 0x0, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r9}, 0x18)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r2, &(0x7f00000004c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000340)={0x108, r3, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x20, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x34}}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xe7}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x11}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4346b75d}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x40, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x2c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xe}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3d}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x4008054}, 0x80)
prlimit64(0x0, 0xe, 0x0, 0x0)
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r10, 0xc0502100, &(0x7f0000000180)={<r11=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r10, 0xc0182101, &(0x7f00000000c0)={r11})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r10, 0xc0502100, &(0x7f0000002780)={<r12=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r10, 0x40182103, &(0x7f0000000080)={r12, 0x3, r10, 0x5})
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r1, r0, 0x5}, 0x10)

640.140473ms ago: executing program 3 (id=1146):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc1105511, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 'syz0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='attr/fscreate\x00')
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
socket(0x2a, 0x2, 0x0)
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0xea60})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)

564.339123ms ago: executing program 2 (id=1147):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000800100000400000028000000", @ANYRES32, @ANYBLOB, @ANYRES32=<r1=>0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000558b68aac2ad00b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x288, 0x0, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYRES16=r1], 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000680)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x10)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=r3, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'veth1\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r10 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r10, &(0x7f0000019680)=""/102392, 0x18ff8)
open(&(0x7f0000000080)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, &(0x7f0000000300)='trans=rdma,')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8001, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x4005, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x8000, 0x5, 0xffffffff, 0xe661, 0x4, 0x5, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0x2, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x2e, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x9, 0x9, 0x5, 0x4, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x4000005, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x10009, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0x800d7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2)

49.040919ms ago: executing program 3 (id=1148):
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_mr_cache\x00')
fchdir(r0)
syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862)
r1 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)
sendmmsg$inet(r1, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f00000056c0)=[{&(0x7f0000001240)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30ced1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f46097b1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c8128d92476", 0xdb}, {&(0x7f0000000280)="5b4ea50f20d7212327afde5e7a457cde2dff791c69fbc3", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c9aa13a806d99b2275341fd6022940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d815", 0xeb}, {&(0x7f0000001440)="f0e266805aba28ca0c0d67b3479e1c7cb90d64b8ba8093c11696a92981d4fdd1f40043ce52efdea3f8d7b9ba23840df17c5a35207d6fc677263be310a063adb7b1528b8a04ec5b50d2cfa0df73c57f16a94941e8fb22f429a1f34b5b01514fefc4bd79a2cb936cf2eae82bd7b628431ae2d7b61059b35abc6ee24fd40e3c1bd6106af177bc4670395df7238a420fecf1e6ed3fe8906c3a2843215618fcb72ae77c6d36feefb4d45157e5d35fb4bf297d15ca042520f08e85ad2d7c5045fc7c4a2a8b6e149fc755d70437b3835083ee9fc662afbf840ab97f0adcdde20099bb22e909b937696e9d950ca0a361dfa8f5453454696927ae5a2401340264bdcdcd86941c18b536bdccb964461679d1b62855dadee9b66e5d494183283808c706247cdf83b45c44178775fc957483923b717724549dbe2f9a092fa07e93a7772d16bfbff9a0dd14d48d30b1e4f8206f92cf2fe08a7702f73404b79e77dec1b694e8a7c588a7bb2d770122291b10b456c4419dda49da0433a0aa5f0be221d29b45082b4f9521c2a1fbae507aa2652123619b78f340f01523bf9e6089e8e8186af2b85476d7059226f07467a6e036bf8808f2e9070b2a94ac1c64ec066def276c362a1d4a830edf754783f0a1e52e1adc4f6ca2d7200fd73b9cda79ccfcf57a27f60e184ebe12c4daeb214c2057b69719db280e0dcc2d10b085c7ab8e2394bae44893e3f335a3121bae3a33c32b004ab7bca48726029b77a6c784d2af3789fd520e37009d103c0a63598fa5857ee1b86a38a9feaf1d1f512d1884861c13d647d26888430e2f15e78cdd6a4c875e52de709dfdc4af4775ce03d7c8c3ff2b9fbae82dbabf11460bd1bc1ffe10c5062a265fd211a2b52a41613cc03917b8d34591885396369d1d172df31244a236c49d4457a936848684b59e326872d58c5db20684d1194ccb7ecbf5017f0f702f29c75cdeea09619db8bf00b41b1a165af13b3810d7f7b6a681aef628190f4fd53244a650b0500df500946792d003f2d2f0ba3c57f8257c0cc897cb1dabd63870ef86378a14e7f5068ea6a2311414656d766fb24e43c2a57b44cb1dc584d71e91628348790dc6a9adf85bc403a934e7603f7b45473407cf1395163b3efc9e880963bbd98140adfd624ccfc1141cd899826261e152265b9307695488c0cbad9027bf74b6f0c7adbc9878983d96e6026c818ac30fac3e2392e1c8fdab8ccf902d0915a471701083949efafc7a2e05608139fd0ef22d834ff02569878579c43635ad2d56d7cdfacaba8a3adc47c7fd42e521ca6b14726e68f67e2662c972bf9824ba847e22985400fad74280c22a0636aee80eeb7ef0c691cee94573ec78b53d43316ba691fd5274d1ff8085e297d2781a31f704dfeb58db9fa216c3356341207e953712de9ef27018bdfdddba8abc0c5f205908f12a42685ecc0c20cd92a57bba45a435f7bb412ccab1a6d877392971de8b808af07ea32b102dbcd7d00c869ad5cd8f5a5895b3d6dfef226d51d819756a85ffdde3d08f59fbbb7510a9ac3568f8f039fa7abc7b34685f3579050e88773cb4bb7958ff83aba1f23c8ab4ecd019c59781d47bcc50c64a957c3fa37311a240649313f77fa81020a5da0560d3bdabe6001ab6792ad782fe0e44bbb59efd4a524984742940563dd9e9a0226925324ac94373a9dcb16f32183ef3f465a13b83974f593e664f53131241e2133ce22917fbb412354a51026847f92aa7afadb1cdf51677fc2fe5938812ef17ae79f4db75afdfce3c5b8822dd612457b5f59dd616acdc473e97afb83f3c9789f3df399a2c3c89e8b5e6db33a306168b0cd4e8acbbd6ac81dd46cfb2f7d24b609d009049784611d027daa0cfb12111c1236aa010796cc687cbb151ba30e3a786ee8bfdae51e65a0c3667f7b8856089621742bdc19ad66f60eb48bd7f20b0ac2a523e89e6a7089e3704f266c52c58994e018e5d20b77a0413c71cafd420d9e0abb77e9f1199aca31f6d94372ca5736c749c197cac572e4962fc089f866a896763cd7b804c8e7211bd3a64f1ed12d65182deb850279ecb530683551bd50214e03b9f813431688dadf4caaf77d2e8b20d3e5c424243ab50f9c20462cea0f38eb080b02074e3e77a236d4ec929b04d134dcc5f767736c096794be3aec9f1195b87862128b436fbd0305a6ad6ebb0b2167e184c1de57048144b7567a6ad6c028c4b8a78858925f0ed415313da984484f753d14234d30964aa3d15af13337b6e5338d4f787abc18e0ea4d9656aa3c1d3eee0854078470a0e724062fd61a95f17516ca92faae8397ce07ba558a689ea49d25685a28c68fbc533892827829692d65a15711f0d14f7f685095f6c5dd085b30ffc4dfd9097157c1fab80023d24912861e87d1e484fe5a4476743dcb983d3eecabfe168db03f888432d8b1639e89c8f0513dc36ca8969ec364d28814fa6e21f979020df1292d772cd20c0eb4a5888f38d8d129e30ffee29ab6baf3b2f3a509e02d26b354f1ebe3531fe97968f1f678937b36f3684a8c100030a2328941dfc09574f7cebc26337cd4b2a6fc0b92affc3f3f892542e46fd6cfc2780c0b8a916b3fbb7f33a2537571b06643d82f86e2156740e024b360f48b844797971383610dc93abedc9945ec26d6a56e2701522e3fd6b77d4647a137346985af549d8944c652ddd797e1856a30f296258eb275981bc9432f38532d6e141d603b002c75247b3e71b39dbc01e8e64bc0cd510bd1700685a95ead8fb3fe8fbd72be2e8f9f5a9f1b2c400bfdc0aeabb14a7538c9a38a4839bf41120f2c2aa00277a327d7dff15f52854146a94ea41e4f14a15443124c6bcff43489e7e242c8315ed8d542377fefb6002292c1adc571c730d67b8dab5a4da06659fe7b69bac3147ef39fc877c323edbb9912886ab468c530a8d7844692010ea93effd20f4ccc47b3ff51f378c12b1d03155d49772f14d65bf2ce38f589ca4647b6713ae081fd13e74b307aba8bc34a4406d78c26ccfdf328f5c273b294f6c6419cc157eca59939ec4c0b95cc6d5f97c83c3f14aeb5b88910ec29cf64496d9b1b855fe073d4791507c7533846cdd7810667427583b3a8b7febb2c43643c09bebbb12c08781ac9d0995723fb47febef49e0d6631f054e5b3b3a284391590cfb5d5cf4aaa71586cb37b9fffa15848176da20969e88ed87dd8a4fa2b5140fd56f0a9973217f8ce0c6ee50b67214b6d7d6b84d41d83694a14b2e96f0cb79b49f5fe4dd21727c00819e83b6ea203bada46e9ae8ce7bebaf24f05fd20672e4230b3851b8f05bb2f0977dda7c8cdd1f2689b7a10a72018ff76699e53b2a3f77bf7fa03fe3cf85d4859c9db915fa5c1ddff79e77d0b1b6316d3e50d0d60a42271332f3e81376f120836cd3ea55b7f1453833a7bce0058f79b698a4bd0e857ae35b8ac8f20ed8f238475757af11ce7b450cf89191a4f27a365f594ef68efe6ea1a5c3518712b1aa37a1f47e05f85debfa461f5346d985a71e49ef17f4eb068862977d56671d445176934be6b5318300d7debf3ad8d7da0c014b25af2d8fa52753974116a8cea6c974692f5de03b526a075cc3bc8a4375333f0ef09dd3c361738a151f326ba3253c171f8f7876107eeac122a65124e59dfe7c66bb9546d6428559df314063ac08c03d96b04b6a91508371fa18348c65238546f3d489c7efc1bd01e6e389fbeaa8f125bc7b7c8673904eb676bbdfa3680fea612ba20fab20cdd411c2bafe0417b76852de9e863f09d291bf59510ead793cfd9d6710c0de77cefb5b65481d3aabde2683457b13e3b32ebc06f60d5afa47e36f652a95bd16dcf55dd3e1b05d0df9b8a183553097c2aa95aa175eda6792f58a74170781260e6120981549b3836d13ef037178dd8ddcb5a5624f3790f9d92b0f8f3cd11bddf478cd79456db871f32dd6e24948dd762ba2c22a94300f527c1df5ff05aef5ae4893ff88adc8f7af779d03fcb4ecabfa32460315f27505681242064541657acbb29f531043ce1d04ad189045140232f24f46d0580ada560c61fa4a90aec4743a9a0d466493476923cdff87a21127bac3da7d61d674d8bc9bd63cc3df85c707a912773e090256d5a0bdc5da8ceae2ca25c596410982b63055e6d292a31776cefe58457cb6b5cb92a2c69ed5eeed35e4ea3d6b54ee22e41dea28adac6e1eeadf604f0ef3a67c86974c3ecacdb7f502c74ed31138123dcb80282dbfb0ea0fc2a6016dccecbcbe4952c27b09e7abf784db6b7cc55366d048f16f6473a268b90a1c9b9c612f88bed9008308b11e47d79329cbefc3f313863eff4a16e6a70c41a296d3042a1164d0578297642ec82da1f92dfaa6a67ff9cfcd1b3e88fc442246a303a0e539ce65ad6fcb6d8657937cd88d4c30fd369f2bef0308f5db8824919139b25f82f56e24ef4cf1feda07c3bef9dd215575ed774dc05603f4664332c7b002c48d873bf1ebec930a273efc78dafe153f7eba9161002ca9a8fa855bc357f3a67810fc081b9ae9b4f69401ef93d039c7c1398fa8c9eeb1ce001e08e9231ce2c2beacdafe2955d4056e18d4d09ed22a996666d4df5ca91c37663bb54eb42fe39712736fa0e64ad4f8ca843fe52702c9ae48e60a3f5eac160f58ff3cb80684120845b9e34bc1aecb19662b1a429926ae351d004eca1d367fcb34facbeb2184716c5140a7e420c7f4379b0c43ce872b62723a587d9ad528c2aabf158cefa2df3422203b5cc73e9443825089527700b69a2331e0558a9b1e9d3e69a59896e6cf4df46b41a8cbb0e598a874fc23b16a6eda6eafde02451f0255ff9e6d1bd007c86dee8b6ae875752415b8057b916a3fe7b35cfcf7d38a50e461f1fc1d6a4541ba4079e1f21d0ea2a5ce4aad561215a1d75a2599c757cd6025753fc0578e4b7f4195ad025c46d50c5c351af1ce1e8f8c35439c8598293cd59d2e90a1445497b0249a314379dd13e95f00f2d8240190da9e12adbdd809b1a96900054db156d2893f7998aca02c86f61478a9b21e9e11a6f4b9f7f382243739e492e9048ed9c7b0b8118d966c0f41709abd171873c498a3168639bb2451e0f65e93755fc9cbf3b996ed0873a8256a579372146c3a1e749a9a640f8e9c01af2d0fdd34f2b5fcf4e0bac0b7becd41851359f89dc17156b6ddbd6377c05a059cde362397f28ae2cbbdac107142b40913aaf059d897039ce3fda8c29ae93210676e44f131f78e78d68d858bb7fde230a2f0fd542c5e8374fdc11a488da9de28bc3992a8d74089de36a732110c841bbdc5f24f71663d9a5f5209791fb7027749be23cdb3380f581151563d3707290cd31b28c13139b8e041cd72af3ad9b0fd0b3f131608a8ec5d80c4e7cd458abebae0244c921ef69a4ea0e9a2c2073bd13b49f574a7e278c7ba08c22d89b678a3cd814e8d0dea0101d95f789ada5178f46a4c6beb8dd12352cec179c886ae98ac2bc4382acb565df99eaff3f6824536ef7de884176ea3ca14a9f225f8ada2aac871e7c35df92943600cf7961b8eefdeb70d985fbc93252c978c5c773b4f2ab4b7683e2563d36ebfa4355969f6201e4bcac04ede3c6c9a18ed23f23ec331cbe2d645fa4ffcb2c742ba4905788c27a9bc97536dcbc08d3cbdd2f7195acc0f0eb3cf52aad9a1d23a1dd3633a49a482a1c1eb8761dcc7474f0fd4596a661b7668ab22ebecbfe33886b9b4a0c250380a9a34fefd9724ff89b32e5622258287b3281bcccd0bade4e260b6fefe73219c41f2de521587404ac1d2de4e2999202b3870099718115552aac2d446e649", 0xb47}, {&(0x7f0000002440)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc6ea12ad1a30e4f7038336f1af1d61b04de988f1755e9b3ba9919b2a4952ceda920a7f0e22dd239d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd8870291200e428", 0x71}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x300, 0x0)
connect$tipc(r1, &(0x7f00000004c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x2, 0x4}}, 0x10)
syz_open_dev$evdev(&(0x7f0000000000), 0x8c, 0x200)

0s ago: executing program 3 (id=1149):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r4, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) (fail_nth: 2)
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000002840)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x3, 0x20, 0x68, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x3, 0xc7}]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x102, 0x0)

kernel console output (not intermixed with test programs):

59): avc:  denied  { connect } for  pid=9141 comm="syz.1.773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  318.635392][ T9142] FAULT_INJECTION: forcing a failure.
[  318.635392][ T9142] name failslab, interval 1, probability 0, space 0, times 0
[  318.696799][ T9142] CPU: 0 UID: 0 PID: 9142 Comm: syz.1.773 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  318.696823][ T9142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  318.696833][ T9142] Call Trace:
[  318.696838][ T9142]  <TASK>
[  318.696845][ T9142]  dump_stack_lvl+0x16c/0x1f0
[  318.696877][ T9142]  should_fail_ex+0x512/0x640
[  318.696902][ T9142]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  318.696936][ T9142]  should_failslab+0xc2/0x120
[  318.696953][ T9142]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  318.696978][ T9142]  ? __alloc_skb+0x2b2/0x380
[  318.697008][ T9142]  __alloc_skb+0x2b2/0x380
[  318.697034][ T9142]  ? __pfx___alloc_skb+0x10/0x10
[  318.697062][ T9142]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  318.697087][ T9142]  netlink_alloc_large_skb+0x69/0x130
[  318.697109][ T9142]  netlink_sendmsg+0x6a1/0xdd0
[  318.697132][ T9142]  ? __pfx_netlink_sendmsg+0x10/0x10
[  318.697161][ T9142]  ____sys_sendmsg+0xa98/0xc70
[  318.697182][ T9142]  ? copy_msghdr_from_user+0x10a/0x160
[  318.697199][ T9142]  ? __pfx_____sys_sendmsg+0x10/0x10
[  318.697231][ T9142]  ___sys_sendmsg+0x134/0x1d0
[  318.697249][ T9142]  ? __pfx____sys_sendmsg+0x10/0x10
[  318.697263][ T9142]  ? __lock_acquire+0x622/0x1c90
[  318.697309][ T9142]  __sys_sendmsg+0x16d/0x220
[  318.697325][ T9142]  ? __pfx___sys_sendmsg+0x10/0x10
[  318.697358][ T9142]  do_syscall_64+0xcd/0x4c0
[  318.697376][ T9142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.697393][ T9142] RIP: 0033:0x7fb45d98e9a9
[  318.697408][ T9142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.697424][ T9142] RSP: 002b:00007fb45e8c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  318.697440][ T9142] RAX: ffffffffffffffda RBX: 00007fb45dbb5fa0 RCX: 00007fb45d98e9a9
[  318.697451][ T9142] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000006
[  318.697461][ T9142] RBP: 00007fb45e8c6090 R08: 0000000000000000 R09: 0000000000000000
[  318.697471][ T9142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.697480][ T9142] R13: 0000000000000000 R14: 00007fb45dbb5fa0 R15: 00007ffe31620728
[  318.697503][ T9142]  </TASK>
[  318.912823][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.125463][   T30] audit: type=1400 audit(1753730845.252:360): avc:  denied  { wake_alarm } for  pid=9148 comm="syz.3.776" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  319.161292][ T9149] Invalid ELF section header size
[  319.189796][   T30] audit: type=1400 audit(1753730845.312:361): avc:  denied  { relabelfrom } for  pid=9148 comm="syz.3.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  319.209457][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.223146][   T30] audit: type=1400 audit(1753730845.312:362): avc:  denied  { relabelto } for  pid=9148 comm="syz.3.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  319.242680][    C0] vkms_vblank_simulate: vblank timer overrun
[  319.478327][   T30] audit: type=1400 audit(1753730845.602:363): avc:  denied  { ioctl } for  pid=9159 comm="syz.4.779" path="/dev/binderfs/binder0" dev="binder" ino=10 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  319.520620][   T30] audit: type=1400 audit(1753730845.642:364): avc:  denied  { set_context_mgr } for  pid=9159 comm="syz.4.779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  319.540801][   T30] audit: type=1400 audit(1753730845.642:365): avc:  denied  { map } for  pid=9159 comm="syz.4.779" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  319.791026][ T5884] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  319.964986][ T9165] IPVS: Unknown mcast interface: pim6reg
[  319.976705][   T30] audit: type=1400 audit(1753730846.102:366): avc:  denied  { execute } for  pid=9164 comm="syz.1.780" path="/171/cpu.stat" dev="tmpfs" ino=896 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  320.011629][ T5884] usb 5-1: config 0 has an invalid interface number: 11 but max is 0
[  320.020102][ T5884] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  320.097243][ T5884] usb 5-1: config 0 has no interface number 0
[  320.134114][ T5884] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  320.165681][ T5884] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64
[  320.197515][ T9170] netlink: 'syz.3.782': attribute type 1 has an invalid length.
[  320.211510][ T5884] usb 5-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  320.240977][ T5884] usb 5-1: config 0 interface 11 has no altsetting 0
[  320.250779][ T5884] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  320.266311][ T9170] 8021q: adding VLAN 0 to HW filter on device bond5
[  320.276794][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.302310][ T5884] usb 5-1: config 0 descriptor??
[  320.315721][ T5884] keyspan 5-1:0.11: Keyspan 2 port adapter converter detected
[  320.329294][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 7
[  320.344501][ T9173] bond4: (slave wlan0): Releasing active interface
[  320.366348][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 81
[  320.525852][ T9160] binder: 9159:9160 ioctl c10c5541 200000000500 returned -22
[  320.676245][ T9173] bond5: (slave wlan0): Enslaving as an active interface with a down link
[  320.699463][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 82
[  320.733831][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 1
[  320.745277][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 2
[  320.753449][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 85
[  320.766678][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 5
[  320.794886][ T5884] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  320.818205][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 83
[  320.841584][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 84
[  320.861715][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 3
[  320.878718][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 4
[  320.895736][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 86
[  320.962822][ T5884] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 6
[  320.999427][ T5884] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  321.032936][ T5884] usb 5-1: USB disconnect, device number 9
[  321.064865][ T5884] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  321.102441][ T5884] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  321.146138][ T5884] keyspan 5-1:0.11: device disconnected
[  323.739277][ T9214] netlink: 4 bytes leftover after parsing attributes in process `syz.3.788'.
[  323.833354][ T9214] netlink: 'syz.3.788': attribute type 21 has an invalid length.
[  323.842397][ T9214] netlink: 'syz.3.788': attribute type 1 has an invalid length.
[  323.850197][ T9214] netlink: 144 bytes leftover after parsing attributes in process `syz.3.788'.
[  324.057376][ T9219] netlink: 'syz.1.790': attribute type 1 has an invalid length.
[  324.377577][ T9228] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  324.392875][ T9219] 8021q: adding VLAN 0 to HW filter on device bond4
[  324.555944][ T9232] binder: 9231:9232 ioctl c0306201 200000000640 returned -22
[  324.572192][ T9232] binder: 9231:9232 ioctl c04064aa 200000000240 returned -22
[  324.861783][ T9226] bond3: (slave wlan0): Releasing active interface
[  325.171835][ T9226] bond4: (slave wlan0): Enslaving as an active interface with a down link
[  325.223056][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  325.223070][   T30] audit: type=1400 audit(1753730851.352:368): avc:  denied  { unmount } for  pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  325.252781][ T6048] vlan3: left promiscuous mode
[  325.326314][ T9240] netlink: 'syz.2.795': attribute type 1 has an invalid length.
[  325.352939][   T30] audit: type=1400 audit(1753730851.482:369): avc:  denied  { read } for  pid=9239 comm="syz.1.796" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  325.420497][ T9240] 8021q: adding VLAN 0 to HW filter on device bond3
[  325.841065][ T9249] bond2: (slave wlan0): Releasing active interface
[  325.859453][ T9249] bond3: (slave wlan0): Enslaving as an active interface with a down link
[  325.998571][ T9258] netlink: 'syz.2.801': attribute type 1 has an invalid length.
[  326.014948][ T9260] netlink: 'syz.0.802': attribute type 1 has an invalid length.
[  326.153087][ T9258] 8021q: adding VLAN 0 to HW filter on device bond4
[  326.958477][ T9260] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.343828][ T9267] bond0: (slave wlan0): Enslaving as an active interface with a down link
[  327.503006][ T9274] vlan0: entered allmulticast mode
[  327.516512][ T9274] veth1: entered allmulticast mode
[  327.530127][ T9274] veth1: entered promiscuous mode
[  327.554782][ T9274] veth1: left promiscuous mode
[  327.571868][ T9281] FAULT_INJECTION: forcing a failure.
[  327.571868][ T9281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  327.576950][ T9274] bond0: (slave vlan0): making interface the new active one
[  327.592678][ T9281] CPU: 0 UID: 0 PID: 9281 Comm: syz.2.804 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  327.592700][ T9281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  327.592710][ T9281] Call Trace:
[  327.592716][ T9281]  <TASK>
[  327.592721][ T9281]  dump_stack_lvl+0x16c/0x1f0
[  327.592749][ T9281]  should_fail_ex+0x512/0x640
[  327.592775][ T9281]  _copy_from_user+0x2e/0xd0
[  327.592789][ T9281]  move_addr_to_kernel+0x65/0x170
[  327.592809][ T9281]  __copy_msghdr+0x386/0x470
[  327.592821][ T9281]  copy_msghdr_from_user+0xc1/0x160
[  327.592833][ T9281]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  327.592862][ T9281]  ___sys_sendmsg+0xfe/0x1d0
[  327.592876][ T9281]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.592886][ T9281]  ? __lock_acquire+0x622/0x1c90
[  327.592926][ T9281]  __sys_sendmsg+0x16d/0x220
[  327.592938][ T9281]  ? __pfx___sys_sendmsg+0x10/0x10
[  327.592965][ T9281]  do_syscall_64+0xcd/0x4c0
[  327.592980][ T9281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.592994][ T9281] RIP: 0033:0x7f7203f8e9a9
[  327.593004][ T9281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.593017][ T9281] RSP: 002b:00007f7204dbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.593030][ T9281] RAX: ffffffffffffffda RBX: 00007f72041b5fa0 RCX: 00007f7203f8e9a9
[  327.593038][ T9281] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  327.593046][ T9281] RBP: 00007f7204dbc090 R08: 0000000000000000 R09: 0000000000000000
[  327.593054][ T9281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.593061][ T9281] R13: 0000000000000000 R14: 00007f72041b5fa0 R15: 00007ffde65182a8
[  327.593079][ T9281]  </TASK>
[  327.763418][    C0] vkms_vblank_simulate: vblank timer overrun
[  327.764149][ T9274] bond0: (slave wlan0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  327.787507][ T9274] veth1: entered promiscuous mode
[  327.801319][ T9274] vlan0: entered promiscuous mode
[  327.844043][ T9274] bond0: (slave vlan0): Enslaving as an active interface with an up link
[  328.214879][ T9291] netlink: 40 bytes leftover after parsing attributes in process `syz.0.809'.
[  328.973672][   T30] audit: type=1400 audit(1753730855.102:370): avc:  denied  { map } for  pid=9308 comm="syz.0.815" path="socket:[22117]" dev="sockfs" ino=22117 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  329.423577][   T30] audit: type=1400 audit(1753730855.132:371): avc:  denied  { read } for  pid=9308 comm="syz.0.815" path="socket:[22117]" dev="sockfs" ino=22117 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  329.841746][ T5966] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  329.854033][ T9323] netlink: 'syz.1.820': attribute type 1 has an invalid length.
[  329.875231][ T9323] 8021q: adding VLAN 0 to HW filter on device bond5
[  329.888425][ T9323] bond4: (slave wlan0): Releasing active interface
[  329.899969][ T9323] bond5: (slave wlan0): Enslaving as an active interface with a down link
[  330.006787][ T5966] usb 3-1: Using ep0 maxpacket: 16
[  330.014614][ T5966] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  330.028760][ T5966] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  330.040519][ T5966] usb 3-1: config 0 interface 0 has no altsetting 0
[  330.048940][ T5966] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  330.067917][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.091832][ T5966] usb 3-1: config 0 descriptor??
[  330.380830][ T5884] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  330.525448][ T5966] cougar 0003:060B:500A.0004: unexpected long global item
[  330.539290][ T5884] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  330.550164][ T5966] cougar 0003:060B:500A.0004: parse failed
[  330.556192][ T5966] cougar 0003:060B:500A.0004: probe with driver cougar failed with error -22
[  330.565538][ T5884] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  330.592107][ T5884] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  330.609184][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  330.617561][ T5884] usb 2-1: SerialNumber: syz
[  330.766930][ T5936] usb 3-1: USB disconnect, device number 7
[  331.081008][ T5891] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  331.089989][ T5905] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  331.259409][ T5891] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  331.282001][ T5891] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  331.302945][ T5891] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  331.320962][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  331.330096][ T5891] usb 5-1: SerialNumber: syz
[  331.482459][ T5905] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  331.493019][ T5905] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  331.515367][ T5905] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  331.524526][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  331.556857][ T5905] usb 4-1: SerialNumber: syz
[  331.585550][ T5884] usb 2-1: 0:2 : does not exist
[  331.594234][ T5884] usb 2-1: unit 5 not found!
[  331.643894][ T5884] usb 2-1: USB disconnect, device number 8
[  331.793727][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  331.819760][ T5891] usb 5-1: 0:2 : does not exist
[  331.826488][ T5891] usb 5-1: unit 5 not found!
[  331.883763][ T5934] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  332.174153][ T5891] usb 5-1: USB disconnect, device number 10
[  332.249023][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  332.320949][ T5934] usb 3-1: Using ep0 maxpacket: 16
[  332.327481][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  332.339861][ T5934] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  332.351112][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.359302][ T5934] usb 3-1: Product: syz
[  332.363885][ T5934] usb 3-1: Manufacturer: syz
[  332.368504][ T5934] usb 3-1: SerialNumber: syz
[  332.376264][ T5934] usb 3-1: config 0 descriptor??
[  332.387580][ T5934] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  332.400774][ T5934] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  332.408983][ T5905] usb 4-1: 0:2 : does not exist
[  332.414530][ T5905] usb 4-1: unit 5 not found!
[  332.541156][ T5905] usb 4-1: USB disconnect, device number 12
[  332.549110][   T30] audit: type=1400 audit(1753730858.672:372): avc:  denied  { mount } for  pid=9357 comm="syz.1.829" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  332.790432][ T9367] netlink: 'syz.1.831': attribute type 1 has an invalid length.
[  332.855065][ T9367] 8021q: adding VLAN 0 to HW filter on device bond6
[  332.871181][ T9370] bond5: (slave wlan0): Releasing active interface
[  332.889031][ T9370] bond6: (slave wlan0): Enslaving as an active interface with a down link
[  333.052213][ T5934] em28xx 3-1:0.0: unknown em28xx chip ID (53)
[  333.433560][ T9378] netlink: 4 bytes leftover after parsing attributes in process `syz.1.834'.
[  333.559689][ T9377] netlink: 'syz.1.834': attribute type 21 has an invalid length.
[  333.569171][ T9377] netlink: 'syz.1.834': attribute type 1 has an invalid length.
[  333.577217][ T9377] netlink: 144 bytes leftover after parsing attributes in process `syz.1.834'.
[  333.642055][ T9351] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.827'.
[  333.874239][   T30] audit: type=1400 audit(1753730860.002:373): avc:  denied  { ioctl } for  pid=9385 comm="syz.1.837" path="socket:[22355]" dev="sockfs" ino=22355 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  333.905345][ T9387] FAULT_INJECTION: forcing a failure.
[  333.905345][ T9387] name failslab, interval 1, probability 0, space 0, times 0
[  333.918161][ T9387] CPU: 0 UID: 0 PID: 9387 Comm: syz.0.836 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  333.918184][ T9387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  333.918194][ T9387] Call Trace:
[  333.918200][ T9387]  <TASK>
[  333.918207][ T9387]  dump_stack_lvl+0x16c/0x1f0
[  333.918238][ T9387]  should_fail_ex+0x512/0x640
[  333.918267][ T9387]  ? fs_reclaim_acquire+0xae/0x150
[  333.918290][ T9387]  ? tomoyo_encode2+0x100/0x3e0
[  333.918305][ T9387]  should_failslab+0xc2/0x120
[  333.918322][ T9387]  __kmalloc_noprof+0xd2/0x510
[  333.918347][ T9387]  ? d_absolute_path+0x136/0x1a0
[  333.918374][ T9387]  tomoyo_encode2+0x100/0x3e0
[  333.918394][ T9387]  tomoyo_encode+0x29/0x50
[  333.918409][ T9387]  tomoyo_realpath_from_path+0x18f/0x6e0
[  333.918436][ T9387]  tomoyo_path_number_perm+0x245/0x580
[  333.918459][ T9387]  ? tomoyo_path_number_perm+0x237/0x580
[  333.918483][ T9387]  ? finish_task_switch.isra.0+0x1b4/0xc10
[  333.918508][ T9387]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  333.918531][ T9387]  ? rcu_is_watching+0x12/0xc0
[  333.918554][ T9387]  ? lockdep_hardirqs_on+0x7c/0x110
[  333.918608][ T9387]  ? find_held_lock+0x2b/0x80
[  333.918629][ T9387]  ? hook_file_ioctl_common+0x145/0x410
[  333.918655][ T9387]  ? __fget_files+0x20e/0x3c0
[  333.918694][ T9387]  security_file_ioctl+0x9b/0x240
[  333.918712][ T9387]  __x64_sys_ioctl+0xb7/0x210
[  333.918737][ T9387]  do_syscall_64+0xcd/0x4c0
[  333.918755][ T9387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.918772][ T9387] RIP: 0033:0x7f95e5f8e9a9
[  333.918786][ T9387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.918801][ T9387] RSP: 002b:00007f95e6d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  333.918817][ T9387] RAX: ffffffffffffffda RBX: 00007f95e61b6160 RCX: 00007f95e5f8e9a9
[  333.918828][ T9387] RDX: 00002000000002c0 RSI: 00000000c02064b9 RDI: 0000000000000005
[  333.918838][ T9387] RBP: 00007f95e6d6a090 R08: 0000000000000000 R09: 0000000000000000
[  333.918848][ T9387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.918857][ T9387] R13: 0000000000000000 R14: 00007f95e61b6160 R15: 00007fff3c4d47e8
[  333.918881][ T9387]  </TASK>
[  333.918969][ T9387] ERROR: Out of memory at tomoyo_realpath_from_path.
[  334.321274][   T30] audit: type=1400 audit(1753730860.032:374): avc:  denied  { create } for  pid=9379 comm="syz.0.836" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  334.342693][    C0] vkms_vblank_simulate: vblank timer overrun
[  334.422757][ T9386] fuse: Unknown parameter '000000000000000000000030x0000000000000000'
[  334.431965][ T9386] binder: 9385:9386 ioctl c0306201 200000000640 returned -22
[  334.557998][ T9389] netlink: 24 bytes leftover after parsing attributes in process `syz.1.837'.
[  334.618218][   T30] audit: type=1400 audit(1753730860.742:375): avc:  denied  { unlink } for  pid=5835 comm="syz-executor" name="file0" dev="tmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  334.640855][    C0] vkms_vblank_simulate: vblank timer overrun
[  334.653027][ T5934] em28xx 3-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  334.666669][ T5934] em28xx 3-1:0.0: board has no eeprom
[  334.733348][ T9395] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.780835][ T5934] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  334.794113][ T5934] em28xx 3-1:0.0: dvb set to bulk mode.
[  334.806384][ T5905] em28xx 3-1:0.0: Binding DVB extension
[  334.877768][ T5934] usb 3-1: USB disconnect, device number 8
[  335.010286][ T5905] em28xx 3-1:0.0: Registering input extension
[  335.027038][ T5934] em28xx 3-1:0.0: Disconnecting em28xx
[  335.472201][ T5934] em28xx 3-1:0.0: Closing input extension
[  335.503996][ T5934] em28xx 3-1:0.0: Freeing device
[  336.001549][ T5905] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  336.039806][   T30] audit: type=1400 audit(1753730862.162:376): avc:  denied  { read append } for  pid=9410 comm="syz.2.843" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  336.240620][   T30] audit: type=1400 audit(1753730862.162:377): avc:  denied  { open } for  pid=9410 comm="syz.2.843" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  336.327842][ T9424] netlink: 60 bytes leftover after parsing attributes in process `syz.1.842'.
[  336.602968][ T5905] usb 1-1: Using ep0 maxpacket: 8
[  336.609790][ T5905] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  336.619015][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.713656][ T9434] netlink: 60 bytes leftover after parsing attributes in process `syz.3.846'.
[  336.855095][   T30] audit: type=1400 audit(1753730862.982:378): avc:  denied  { append } for  pid=9405 comm="syz.0.840" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  336.877723][    C0] vkms_vblank_simulate: vblank timer overrun
[  336.950832][ T5884] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  336.994777][ T5934] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  337.193315][ T5905] usb 1-1: string descriptor 0 read error: -71
[  337.200252][ T5905] hub 1-1:32.0: bad descriptor, ignoring hub
[  337.216341][ T5905] hub 1-1:32.0: probe with driver hub failed with error -5
[  337.226439][ T5884] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.236943][ T5884] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  337.253522][ T5884] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  337.263051][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  337.275871][ T5934] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.303776][ T5884] usb 3-1: SerialNumber: syz
[  337.362440][ T5934] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  337.396836][ T5934] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  337.430412][ T5905] usb 1-1: USB disconnect, device number 9
[  337.481151][ T5934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  337.571061][ T5934] usb 5-1: SerialNumber: syz
[  337.624147][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  338.296309][   T30] audit: type=1400 audit(1753730864.412:379): avc:  denied  { mount } for  pid=9444 comm="syz.1.851" name="/" dev="autofs" ino=21345 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  338.977983][ T5884] usb 3-1: 0:2 : does not exist
[  339.502980][ T5884] usb 3-1: unit 5 not found!
[  339.513671][   T30] audit: type=1400 audit(1753730865.642:380): avc:  denied  { unmount } for  pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  339.572749][ T5884] usb 3-1: USB disconnect, device number 9
[  339.736550][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.1.854'.
[  339.793050][ T9461] netlink: 'syz.1.854': attribute type 21 has an invalid length.
[  339.801442][ T9461] netlink: 'syz.1.854': attribute type 1 has an invalid length.
[  339.809258][ T9461] netlink: 144 bytes leftover after parsing attributes in process `syz.1.854'.
[  339.841016][   T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  340.135663][ T5934] usb 5-1: 0:2 : does not exist
[  340.148118][ T5934] usb 5-1: unit 5 not found!
[  340.156519][ T9465] netlink: 'syz.1.856': attribute type 1 has an invalid length.
[  340.167825][ T9465] netlink: 4 bytes leftover after parsing attributes in process `syz.1.856'.
[  340.183625][   T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  340.187262][ T5934] usb 5-1: USB disconnect, device number 11
[  340.197120][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  340.225002][   T24] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  340.244335][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  340.259095][   T24] usb 1-1: SerialNumber: syz
[  340.365655][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  341.013247][   T24] usb 1-1: 0:2 : does not exist
[  341.019726][   T24] usb 1-1: unit 5 not found!
[  341.055870][   T24] usb 1-1: USB disconnect, device number 10
[  341.438005][ T5824] udevd[5824]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  341.492476][ T5836] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  341.501349][ T5836] Bluetooth: hci0: Injecting HCI hardware error event
[  341.509798][ T5825] Bluetooth: hci0: hardware error 0x00
[  342.361010][ T5934] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  342.426129][   T49] vlan0: left promiscuous mode
[  342.601072][ T5934] usb 2-1: Using ep0 maxpacket: 16
[  342.615371][ T5934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  342.801494][ T5934] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  342.811627][ T5934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.819665][ T5934] usb 2-1: Product: syz
[  342.823959][ T5934] usb 2-1: Manufacturer: syz
[  342.828550][ T5934] usb 2-1: SerialNumber: syz
[  342.845439][ T5934] usb 2-1: config 0 descriptor??
[  342.867001][ T5934] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  343.371890][ T5934] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  343.552177][ T5825] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  343.630752][   T30] audit: type=1400 audit(1753730869.752:381): avc:  denied  { getopt } for  pid=9501 comm="syz.4.868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  343.809722][ T5934] em28xx 2-1:0.0: unknown em28xx chip ID (53)
[  343.816752][ T9503] netlink: 'syz.4.868': attribute type 1 has an invalid length.
[  343.840258][ T9503] 8021q: adding VLAN 0 to HW filter on device bond4
[  344.066114][ T9502] syz.4.868: vmalloc error: size 33558528, failed to allocated page array size 65544, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  344.096375][ T9502] CPU: 1 UID: 0 PID: 9502 Comm: syz.4.868 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  344.096399][ T9502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  344.096409][ T9502] Call Trace:
[  344.096415][ T9502]  <TASK>
[  344.096421][ T9502]  dump_stack_lvl+0x16c/0x1f0
[  344.096451][ T9502]  warn_alloc+0x248/0x3a0
[  344.096478][ T9502]  ? __pfx_warn_alloc+0x10/0x10
[  344.096513][ T9502]  ? xskq_create+0xfb/0x1d0
[  344.096535][ T9502]  ? __vmalloc_node_noprof+0xad/0xf0
[  344.096559][ T9502]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  344.096589][ T9502]  ? xskq_create+0xfb/0x1d0
[  344.096617][ T9502]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  344.096645][ T9502]  ? xskq_create+0xfb/0x1d0
[  344.096667][ T9502]  vmalloc_user_noprof+0x9e/0xe0
[  344.096688][ T9502]  ? xskq_create+0xfb/0x1d0
[  344.096717][ T9502]  xskq_create+0xfb/0x1d0
[  344.096741][ T9502]  xsk_setsockopt+0x684/0x840
[  344.096764][ T9502]  ? __pfx_xsk_setsockopt+0x10/0x10
[  344.096784][ T9502]  ? find_held_lock+0x2b/0x80
[  344.096808][ T9502]  ? selinux_socket_setsockopt+0x6a/0x80
[  344.096833][ T9502]  ? __pfx_xsk_setsockopt+0x10/0x10
[  344.096855][ T9502]  do_sock_setsockopt+0xf0/0x1d0
[  344.096877][ T9502]  __sys_setsockopt+0x1a0/0x230
[  344.096905][ T9502]  __x64_sys_setsockopt+0xbd/0x160
[  344.096929][ T9502]  ? do_syscall_64+0x91/0x4c0
[  344.096944][ T9502]  ? lockdep_hardirqs_on+0x7c/0x110
[  344.096967][ T9502]  do_syscall_64+0xcd/0x4c0
[  344.096983][ T9502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.097000][ T9502] RIP: 0033:0x7f0f2ad8e9a9
[  344.097013][ T9502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.097029][ T9502] RSP: 002b:00007f0f2bb51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  344.097045][ T9502] RAX: ffffffffffffffda RBX: 00007f0f2afb5fa0 RCX: 00007f0f2ad8e9a9
[  344.097056][ T9502] RDX: 0000000000000003 RSI: 000000000000011b RDI: 0000000000000005
[  344.097067][ T9502] RBP: 00007f0f2ae10d69 R08: 0000000000000004 R09: 0000000000000000
[  344.097077][ T9502] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000
[  344.097087][ T9502] R13: 0000000000000000 R14: 00007f0f2afb5fa0 R15: 00007ffd02d5a268
[  344.097110][ T9502]  </TASK>
[  344.097116][ T9502] Mem-Info:
[  344.334620][ T9502] active_anon:8666 inactive_anon:0 isolated_anon:0
[  344.334620][ T9502]  active_file:16188 inactive_file:40691 isolated_file:0
[  344.334620][ T9502]  unevictable:768 dirty:562 writeback:0
[  344.334620][ T9502]  slab_reclaimable:12165 slab_unreclaimable:101752
[  344.334620][ T9502]  mapped:33312 shmem:1393 pagetables:1238
[  344.334620][ T9502]  sec_pagetables:0 bounce:0
[  344.334620][ T9502]  kernel_misc_reclaimable:0
[  344.334620][ T9502]  free:1300068 free_pcp:14514 free_cma:0
[  344.381809][ T9502] Node 0 active_anon:34664kB inactive_anon:0kB active_file:64752kB inactive_file:162556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:133248kB dirty:2248kB writeback:0kB shmem:4036kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13220kB pagetables:4620kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  344.418010][ T9502] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  344.449930][ T9502] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  344.483952][ T9502] lowmem_reserve[]: 0 2480 2482 2482 2482
[  344.524213][ T9502] Node 0 DMA32 free:1288508kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34728kB inactive_anon:0kB active_file:64752kB inactive_file:161248kB unevictable:1536kB writepending:2260kB present:3129332kB managed:2540180kB mlocked:0kB bounce:0kB free_pcp:38928kB local_pcp:17496kB free_cma:0kB
[  344.524896][ T9514] block device autoloading is deprecated and will be removed.
[  344.556637][    C1] vkms_vblank_simulate: vblank timer overrun
[  344.569448][ T9502] lowmem_reserve[]: 0 0 1 1 1
[  344.577452][ T9502] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:32kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB
[  344.626171][ T9521] netlink: 16 bytes leftover after parsing attributes in process `syz.3.870'.
[  344.637155][ T9502] lowmem_reserve[]: 0 0 0 0 0
[  344.642741][ T9502] Node 1 Normal free:3896128kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18848kB local_pcp:10720kB free_cma:0kB
[  344.677643][ T9502] lowmem_reserve[]: 0 0 0 0 0
[  344.686059][ T9502] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  344.702822][ T9502] Node 0 DMA32: 325*4kB (M) 425*8kB (UM) 201*16kB (M) 145*32kB (UME) 202*64kB (UME) 71*128kB (UME) 29*256kB (UM) 22*512kB (ME) 10*1024kB (UM) 6*2048kB (ME) 296*4096kB (UM) = 1288204kB
[  344.725738][ T9502] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  344.741929][ T9502] Node 1 Normal: 168*4kB (UE) 50*8kB (UME) 49*16kB (UME) 78*32kB (UME) 27*64kB (UME) 5*128kB (UME) 5*256kB (UME) 4*512kB (UME) 3*1024kB (ME) 0*2048kB 948*4096kB (M) = 3896128kB
[  344.760895][ T9502] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  344.770615][ T9502] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  344.780344][ T9502] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  344.790439][ T9502] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  344.802132][ T9502] 59076 total pagecache pages
[  344.806843][ T9502] 0 pages in swap cache
[  344.820016][ T9502] Free swap  = 124996kB
[  344.824537][ T9502] Total swap = 124996kB
[  344.828690][ T9502] 2097051 pages RAM
[  344.832897][ T9502] 0 pages HighMem/MovableOnly
[  344.837851][ T9502] 430028 pages reserved
[  344.842277][ T9502] 0 pages cma reserved
[  344.860776][ T5891] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  344.948763][ T5934] em28xx 2-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  344.960811][ T5934] em28xx 2-1:0.0: board has no eeprom
[  345.041367][ T5891] usb 3-1: Using ep0 maxpacket: 32
[  345.063062][ T5891] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  345.486200][ T5934] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  345.515858][ T5934] em28xx 2-1:0.0: dvb set to bulk mode.
[  345.522585][ T5966] em28xx 2-1:0.0: Binding DVB extension
[  345.544739][ T9529] pim6reg: left allmulticast mode
[  346.388955][ T5934] usb 2-1: USB disconnect, device number 9
[  346.467009][ T5934] em28xx 2-1:0.0: Disconnecting em28xx
[  346.590084][ T5966] em28xx 2-1:0.0: Registering input extension
[  346.678783][ T5934] em28xx 2-1:0.0: Closing input extension
[  346.733289][ T5891] usb 3-1: config 0 has no interface number 0
[  346.843327][ T5891] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  346.852513][ T5934] em28xx 2-1:0.0: Freeing device
[  346.855693][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.866550][ T5891] usb 3-1: Product: syz
[  346.871743][ T5891] usb 3-1: Manufacturer: syz
[  346.877824][ T5891] usb 3-1: SerialNumber: syz
[  346.903691][ T5891] usb 3-1: config 0 descriptor??
[  346.921577][ T5891] smsc95xx v2.0.0
[  346.934876][ T9548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.880'.
[  347.432831][ T5891] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  347.490276][ T5891] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  347.846929][ T9566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'.
[  348.030742][ T5891] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  348.044632][ T5891] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -61
[  348.258171][ T5966] usb 3-1: USB disconnect, device number 10
[  348.310817][   T30] audit: type=1400 audit(1753730874.432:382): avc:  denied  { write } for  pid=9578 comm="syz.3.890" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  349.340327][ T9598] FAULT_INJECTION: forcing a failure.
[  349.340327][ T9598] name failslab, interval 1, probability 0, space 0, times 0
[  349.355629][ T9598] CPU: 1 UID: 0 PID: 9598 Comm: syz.3.896 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  349.355652][ T9598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  349.355662][ T9598] Call Trace:
[  349.355667][ T9598]  <TASK>
[  349.355673][ T9598]  dump_stack_lvl+0x16c/0x1f0
[  349.355702][ T9598]  should_fail_ex+0x512/0x640
[  349.355723][ T9598]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  349.355750][ T9598]  should_failslab+0xc2/0x120
[  349.355764][ T9598]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  349.355785][ T9598]  ? __alloc_skb+0x2b2/0x380
[  349.355810][ T9598]  __alloc_skb+0x2b2/0x380
[  349.355836][ T9598]  ? __pfx___alloc_skb+0x10/0x10
[  349.355859][ T9598]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  349.355881][ T9598]  netlink_alloc_large_skb+0x69/0x130
[  349.355898][ T9598]  netlink_sendmsg+0x6a1/0xdd0
[  349.355918][ T9598]  ? __pfx_netlink_sendmsg+0x10/0x10
[  349.355944][ T9598]  ____sys_sendmsg+0xa98/0xc70
[  349.355965][ T9598]  ? copy_msghdr_from_user+0x10a/0x160
[  349.355979][ T9598]  ? __pfx_____sys_sendmsg+0x10/0x10
[  349.356009][ T9598]  ___sys_sendmsg+0x134/0x1d0
[  349.356027][ T9598]  ? __pfx____sys_sendmsg+0x10/0x10
[  349.356040][ T9598]  ? __lock_acquire+0x622/0x1c90
[  349.356084][ T9598]  __sys_sendmsg+0x16d/0x220
[  349.356098][ T9598]  ? __pfx___sys_sendmsg+0x10/0x10
[  349.356125][ T9598]  do_syscall_64+0xcd/0x4c0
[  349.356143][ T9598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  349.356160][ T9598] RIP: 0033:0x7fd7b9b8e9a9
[  349.356172][ T9598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  349.356187][ T9598] RSP: 002b:00007fd7ba9e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  349.356203][ T9598] RAX: ffffffffffffffda RBX: 00007fd7b9db5fa0 RCX: 00007fd7b9b8e9a9
[  349.356213][ T9598] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  349.356223][ T9598] RBP: 00007fd7ba9e8090 R08: 0000000000000000 R09: 0000000000000000
[  349.356233][ T9598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  349.356242][ T9598] R13: 0000000000000000 R14: 00007fd7b9db5fa0 R15: 00007ffcbc323ed8
[  349.356261][ T9598]  </TASK>
[  350.164913][ T9603] FAULT_INJECTION: forcing a failure.
[  350.164913][ T9603] name failslab, interval 1, probability 0, space 0, times 0
[  350.182255][ T9603] CPU: 0 UID: 0 PID: 9603 Comm: syz.0.897 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  350.182281][ T9603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  350.182290][ T9603] Call Trace:
[  350.182296][ T9603]  <TASK>
[  350.182301][ T9603]  dump_stack_lvl+0x16c/0x1f0
[  350.182323][ T9603]  should_fail_ex+0x512/0x640
[  350.182340][ T9603]  ? fs_reclaim_acquire+0xae/0x150
[  350.182354][ T9603]  ? tomoyo_encode2+0x100/0x3e0
[  350.182364][ T9603]  should_failslab+0xc2/0x120
[  350.182374][ T9603]  __kmalloc_noprof+0xd2/0x510
[  350.182393][ T9603]  tomoyo_encode2+0x100/0x3e0
[  350.182407][ T9603]  tomoyo_encode+0x29/0x50
[  350.182416][ T9603]  tomoyo_realpath_from_path+0x18f/0x6e0
[  350.182428][ T9603]  ? tomoyo_profile+0x47/0x60
[  350.182441][ T9603]  tomoyo_path_number_perm+0x245/0x580
[  350.182456][ T9603]  ? tomoyo_path_number_perm+0x237/0x580
[  350.182472][ T9603]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  350.182488][ T9603]  ? find_held_lock+0x2b/0x80
[  350.182514][ T9603]  ? find_held_lock+0x2b/0x80
[  350.182526][ T9603]  ? hook_file_ioctl_common+0x145/0x410
[  350.182542][ T9603]  ? __fget_files+0x20e/0x3c0
[  350.182554][ T9603]  security_file_ioctl+0x9b/0x240
[  350.182565][ T9603]  __x64_sys_ioctl+0xb7/0x210
[  350.182580][ T9603]  do_syscall_64+0xcd/0x4c0
[  350.182591][ T9603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.182602][ T9603] RIP: 0033:0x7f95e5f8e9a9
[  350.182612][ T9603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.182622][ T9603] RSP: 002b:00007f95e6dac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  350.182632][ T9603] RAX: ffffffffffffffda RBX: 00007f95e61b5fa0 RCX: 00007f95e5f8e9a9
[  350.182638][ T9603] RDX: 0000200000000140 RSI: 000000000000890b RDI: 0000000000000004
[  350.182645][ T9603] RBP: 00007f95e6dac090 R08: 0000000000000000 R09: 0000000000000000
[  350.182650][ T9603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.182656][ T9603] R13: 0000000000000000 R14: 00007f95e61b5fa0 R15: 00007fff3c4d47e8
[  350.182669][ T9603]  </TASK>
[  350.480816][ T9603] ERROR: Out of memory at tomoyo_realpath_from_path.
[  350.517885][ T9608] FAULT_INJECTION: forcing a failure.
[  350.517885][ T9608] name failslab, interval 1, probability 0, space 0, times 0
[  350.533418][ T9608] CPU: 0 UID: 0 PID: 9608 Comm: syz.1.899 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  350.533442][ T9608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  350.533452][ T9608] Call Trace:
[  350.533458][ T9608]  <TASK>
[  350.533464][ T9608]  dump_stack_lvl+0x16c/0x1f0
[  350.533495][ T9608]  should_fail_ex+0x512/0x640
[  350.533521][ T9608]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  350.533551][ T9608]  should_failslab+0xc2/0x120
[  350.533575][ T9608]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  350.533600][ T9608]  ? __alloc_skb+0x2b2/0x380
[  350.533630][ T9608]  __alloc_skb+0x2b2/0x380
[  350.533655][ T9608]  ? __pfx___alloc_skb+0x10/0x10
[  350.533683][ T9608]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  350.533708][ T9608]  netlink_alloc_large_skb+0x69/0x130
[  350.533730][ T9608]  netlink_sendmsg+0x6a1/0xdd0
[  350.533753][ T9608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  350.533783][ T9608]  ____sys_sendmsg+0xa98/0xc70
[  350.533805][ T9608]  ? copy_msghdr_from_user+0x10a/0x160
[  350.533820][ T9608]  ? __pfx_____sys_sendmsg+0x10/0x10
[  350.533853][ T9608]  ___sys_sendmsg+0x134/0x1d0
[  350.533872][ T9608]  ? __pfx____sys_sendmsg+0x10/0x10
[  350.533886][ T9608]  ? __lock_acquire+0x622/0x1c90
[  350.533932][ T9608]  __sys_sendmsg+0x16d/0x220
[  350.533949][ T9608]  ? __pfx___sys_sendmsg+0x10/0x10
[  350.533981][ T9608]  do_syscall_64+0xcd/0x4c0
[  350.534000][ T9608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.534018][ T9608] RIP: 0033:0x7fb45d98e9a9
[  350.534032][ T9608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.534048][ T9608] RSP: 002b:00007fb45e8c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  350.534065][ T9608] RAX: ffffffffffffffda RBX: 00007fb45dbb5fa0 RCX: 00007fb45d98e9a9
[  350.534076][ T9608] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  350.534085][ T9608] RBP: 00007fb45e8c6090 R08: 0000000000000000 R09: 0000000000000000
[  350.534095][ T9608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.534105][ T9608] R13: 0000000000000000 R14: 00007fb45dbb5fa0 R15: 00007ffe31620728
[  350.534127][ T9608]  </TASK>
[  350.864217][ T9610] netlink: 'syz.3.900': attribute type 1 has an invalid length.
[  350.922754][ T9610] 8021q: adding VLAN 0 to HW filter on device bond6
[  350.996937][ T9610] bond5: (slave wlan0): Releasing active interface
[  351.044814][ T9610] bond6: (slave wlan0): Enslaving as an active interface with a down link
[  351.289366][   T30] audit: type=1400 audit(1753730877.402:383): avc:  denied  { write } for  pid=9615 comm="syz.1.903" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  351.483646][   T30] audit: type=1400 audit(1753730877.412:384): avc:  denied  { map } for  pid=9615 comm="syz.1.903" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  351.515884][   T30] audit: type=1400 audit(1753730877.602:385): avc:  denied  { map } for  pid=9615 comm="syz.1.903" path="socket:[23665]" dev="sockfs" ino=23665 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  351.865336][ T9636] netlink: 12 bytes leftover after parsing attributes in process `syz.0.906'.
[  351.878335][ T9636] netlink: 'syz.0.906': attribute type 19 has an invalid length.
[  351.893489][ T9631] FAULT_INJECTION: forcing a failure.
[  351.893489][ T9631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.923204][ T9631] CPU: 0 UID: 0 PID: 9631 Comm: syz.3.905 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  351.923229][ T9631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  351.923239][ T9631] Call Trace:
[  351.923245][ T9631]  <TASK>
[  351.923251][ T9631]  dump_stack_lvl+0x16c/0x1f0
[  351.923283][ T9631]  should_fail_ex+0x512/0x640
[  351.923314][ T9631]  _copy_to_user+0x32/0xd0
[  351.923333][ T9631]  simple_read_from_buffer+0xcb/0x170
[  351.923360][ T9631]  proc_fail_nth_read+0x197/0x270
[  351.923385][ T9631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.923411][ T9631]  ? rw_verify_area+0xcf/0x680
[  351.923433][ T9631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  351.923457][ T9631]  vfs_read+0x1e1/0xc60
[  351.923485][ T9631]  ? __pfx___mutex_lock+0x10/0x10
[  351.923502][ T9631]  ? __pfx_vfs_read+0x10/0x10
[  351.923533][ T9631]  ? __fget_files+0x20e/0x3c0
[  351.923555][ T9631]  ksys_read+0x12a/0x250
[  351.923579][ T9631]  ? __pfx_ksys_read+0x10/0x10
[  351.923610][ T9631]  do_syscall_64+0xcd/0x4c0
[  351.923627][ T9631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.923644][ T9631] RIP: 0033:0x7fd7b9b8d3bc
[  351.923658][ T9631] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  351.923671][ T9631] RSP: 002b:00007fd7ba9e8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  351.923687][ T9631] RAX: ffffffffffffffda RBX: 00007fd7b9db5fa0 RCX: 00007fd7b9b8d3bc
[  351.923698][ T9631] RDX: 000000000000000f RSI: 00007fd7ba9e80a0 RDI: 0000000000000005
[  351.923707][ T9631] RBP: 00007fd7ba9e8090 R08: 0000000000000000 R09: 0000000000000000
[  351.923716][ T9631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.923725][ T9631] R13: 0000000000000000 R14: 00007fd7b9db5fa0 R15: 00007ffcbc323ed8
[  351.923748][ T9631]  </TASK>
[  352.379348][   T30] audit: type=1400 audit(1753730878.502:386): avc:  denied  { setopt } for  pid=9639 comm="syz.0.911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  352.410324][ T9644] FAULT_INJECTION: forcing a failure.
[  352.410324][ T9644] name failslab, interval 1, probability 0, space 0, times 0
[  352.441711][ T9644] CPU: 1 UID: 0 PID: 9644 Comm: syz.4.910 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  352.441735][ T9644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.441744][ T9644] Call Trace:
[  352.441749][ T9644]  <TASK>
[  352.441756][ T9644]  dump_stack_lvl+0x16c/0x1f0
[  352.441787][ T9644]  should_fail_ex+0x512/0x640
[  352.441812][ T9644]  ? fs_reclaim_acquire+0xae/0x150
[  352.441835][ T9644]  ? tomoyo_encode2+0x100/0x3e0
[  352.441850][ T9644]  should_failslab+0xc2/0x120
[  352.441866][ T9644]  __kmalloc_noprof+0xd2/0x510
[  352.441896][ T9644]  tomoyo_encode2+0x100/0x3e0
[  352.441915][ T9644]  tomoyo_encode+0x29/0x50
[  352.441930][ T9644]  tomoyo_realpath_from_path+0x18f/0x6e0
[  352.441949][ T9644]  ? tomoyo_profile+0x47/0x60
[  352.441971][ T9644]  tomoyo_path_number_perm+0x245/0x580
[  352.441994][ T9644]  ? tomoyo_path_number_perm+0x237/0x580
[  352.442020][ T9644]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  352.442046][ T9644]  ? find_held_lock+0x2b/0x80
[  352.442090][ T9644]  ? find_held_lock+0x2b/0x80
[  352.442109][ T9644]  ? hook_file_ioctl_common+0x145/0x410
[  352.442134][ T9644]  ? __fget_files+0x20e/0x3c0
[  352.442154][ T9644]  security_file_ioctl+0x9b/0x240
[  352.442172][ T9644]  __x64_sys_ioctl+0xb7/0x210
[  352.442197][ T9644]  do_syscall_64+0xcd/0x4c0
[  352.442216][ T9644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.442233][ T9644] RIP: 0033:0x7f0f2ad8e9a9
[  352.442247][ T9644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.442262][ T9644] RSP: 002b:00007f0f2bb51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  352.442279][ T9644] RAX: ffffffffffffffda RBX: 00007f0f2afb5fa0 RCX: 00007f0f2ad8e9a9
[  352.442289][ T9644] RDX: 0000200000001040 RSI: 00000000000089f1 RDI: 0000000000000004
[  352.442298][ T9644] RBP: 00007f0f2bb51090 R08: 0000000000000000 R09: 0000000000000000
[  352.442308][ T9644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.442317][ T9644] R13: 0000000000000000 R14: 00007f0f2afb5fa0 R15: 00007ffd02d5a268
[  352.442340][ T9644]  </TASK>
[  352.442355][ T9644] ERROR: Out of memory at tomoyo_realpath_from_path.
[  352.523935][   T30] audit: type=1400 audit(1753730878.502:387): avc:  denied  { watch watch_reads } for  pid=9639 comm="syz.0.911" path="/198" dev="tmpfs" ino=1053 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  352.776437][ T9650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.912'.
[  353.093508][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.914'.
[  353.103759][ T9653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.914'.
[  353.250180][ T9655] netlink: 'syz.0.915': attribute type 1 has an invalid length.
[  353.402920][ T9655] 8021q: adding VLAN 0 to HW filter on device bond1
[  353.506065][ T9662] bond0: (slave wlan0): Releasing active interface
[  353.525866][ T9662] bond0: (slave wlan0): the permanent HWaddr of slave - 08:02:11:00:00:00 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  353.565498][ T9662] vlan0: entered promiscuous mode
[  353.578600][ T9670] netlink: 4 bytes leftover after parsing attributes in process `syz.2.919'.
[  353.596391][ T9662] bond1: (slave wlan0): Enslaving as an active interface with a down link
[  353.911437][ T9681] FAULT_INJECTION: forcing a failure.
[  353.911437][ T9681] name failslab, interval 1, probability 0, space 0, times 0
[  353.935403][ T9681] CPU: 1 UID: 0 PID: 9681 Comm: syz.2.923 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  353.935427][ T9681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  353.935437][ T9681] Call Trace:
[  353.935442][ T9681]  <TASK>
[  353.935448][ T9681]  dump_stack_lvl+0x16c/0x1f0
[  353.935478][ T9681]  should_fail_ex+0x512/0x640
[  353.935503][ T9681]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  353.935530][ T9681]  should_failslab+0xc2/0x120
[  353.935547][ T9681]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  353.935571][ T9681]  ? __alloc_skb+0x2b2/0x380
[  353.935600][ T9681]  __alloc_skb+0x2b2/0x380
[  353.935621][ T9681]  ? __pfx___alloc_skb+0x10/0x10
[  353.935647][ T9681]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  353.935669][ T9681]  netlink_alloc_large_skb+0x69/0x130
[  353.935689][ T9681]  netlink_sendmsg+0x6a1/0xdd0
[  353.935710][ T9681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  353.935737][ T9681]  ____sys_sendmsg+0xa98/0xc70
[  353.935757][ T9681]  ? copy_msghdr_from_user+0x10a/0x160
[  353.935771][ T9681]  ? __pfx_____sys_sendmsg+0x10/0x10
[  353.935808][ T9681]  ___sys_sendmsg+0x134/0x1d0
[  353.935825][ T9681]  ? __pfx____sys_sendmsg+0x10/0x10
[  353.935839][ T9681]  ? __lock_acquire+0x622/0x1c90
[  353.935879][ T9681]  __sys_sendmsg+0x16d/0x220
[  353.935895][ T9681]  ? __pfx___sys_sendmsg+0x10/0x10
[  353.935922][ T9681]  do_syscall_64+0xcd/0x4c0
[  353.935940][ T9681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.935957][ T9681] RIP: 0033:0x7f7203f8e9a9
[  353.935971][ T9681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.935987][ T9681] RSP: 002b:00007f7204dbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  353.936002][ T9681] RAX: ffffffffffffffda RBX: 00007f72041b5fa0 RCX: 00007f7203f8e9a9
[  353.936013][ T9681] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  353.936022][ T9681] RBP: 00007f7204dbc090 R08: 0000000000000000 R09: 0000000000000000
[  353.936032][ T9681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  353.936041][ T9681] R13: 0000000000000000 R14: 00007f72041b5fa0 R15: 00007ffde65182a8
[  353.936061][ T9681]  </TASK>
[  354.152678][    C1] vkms_vblank_simulate: vblank timer overrun
[  354.195590][ T9684] FAULT_INJECTION: forcing a failure.
[  354.195590][ T9684] name failslab, interval 1, probability 0, space 0, times 0
[  354.209420][ T9684] CPU: 0 UID: 0 PID: 9684 Comm: syz.1.924 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  354.209439][ T9684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  354.209446][ T9684] Call Trace:
[  354.209449][ T9684]  <TASK>
[  354.209453][ T9684]  dump_stack_lvl+0x16c/0x1f0
[  354.209473][ T9684]  should_fail_ex+0x512/0x640
[  354.209489][ T9684]  ? __kmalloc_noprof+0xbf/0x510
[  354.209506][ T9684]  ? bpf_test_init.isra.0+0x9e/0x140
[  354.209522][ T9684]  should_failslab+0xc2/0x120
[  354.209532][ T9684]  __kmalloc_noprof+0xd2/0x510
[  354.209547][ T9684]  ? __lock_acquire+0x622/0x1c90
[  354.209558][ T9684]  bpf_test_init.isra.0+0x9e/0x140
[  354.209579][ T9684]  bpf_prog_test_run_xdp+0x4f0/0x1590
[  354.209596][ T9684]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  354.209607][ T9684]  ? __might_fault+0x20/0x190
[  354.209625][ T9684]  ? fput+0x70/0xf0
[  354.209636][ T9684]  ? __bpf_prog_get+0x97/0x2a0
[  354.209647][ T9684]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  354.209658][ T9684]  __sys_bpf+0x170a/0x4ea0
[  354.209674][ T9684]  ? __pfx___sys_bpf+0x10/0x10
[  354.209688][ T9684]  ? ksys_write+0x190/0x250
[  354.209704][ T9684]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  354.209722][ T9684]  ? fput+0x70/0xf0
[  354.209732][ T9684]  ? ksys_write+0x1ac/0x250
[  354.209746][ T9684]  ? __pfx_ksys_write+0x10/0x10
[  354.209763][ T9684]  __x64_sys_bpf+0x78/0xc0
[  354.209776][ T9684]  ? lockdep_hardirqs_on+0x7c/0x110
[  354.209792][ T9684]  do_syscall_64+0xcd/0x4c0
[  354.209803][ T9684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.209814][ T9684] RIP: 0033:0x7fb45d98e9a9
[  354.209823][ T9684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.209834][ T9684] RSP: 002b:00007fb45e8c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  354.209844][ T9684] RAX: ffffffffffffffda RBX: 00007fb45dbb5fa0 RCX: 00007fb45d98e9a9
[  354.209850][ T9684] RDX: 0000000000000050 RSI: 0000200000000780 RDI: 000000000000000a
[  354.209856][ T9684] RBP: 00007fb45e8c6090 R08: 0000000000000000 R09: 0000000000000000
[  354.209862][ T9684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.209867][ T9684] R13: 0000000000000000 R14: 00007fb45dbb5fa0 R15: 00007ffe31620728
[  354.209880][ T9684]  </TASK>
[  354.527909][ T9690] batman_adv: batadv0: Adding interface: ipvlan2
[  354.535746][ T9690] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  354.562916][ T9690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  354.576746][ T9690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  354.587075][ T9690] batman_adv: batadv0: Interface activated: ipvlan2
[  354.800882][ T5934] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  354.930851][ T5934] usb 3-1: device descriptor read/64, error -71
[  355.108151][ T9699] FAULT_INJECTION: forcing a failure.
[  355.108151][ T9699] name failslab, interval 1, probability 0, space 0, times 0
[  355.122098][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: syz.0.930 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  355.122122][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  355.122132][ T9699] Call Trace:
[  355.122141][ T9699]  <TASK>
[  355.122148][ T9699]  dump_stack_lvl+0x16c/0x1f0
[  355.122179][ T9699]  should_fail_ex+0x512/0x640
[  355.122206][ T9699]  ? __kmalloc_noprof+0xbf/0x510
[  355.122233][ T9699]  ? bpf_test_init.isra.0+0x9e/0x140
[  355.122259][ T9699]  should_failslab+0xc2/0x120
[  355.122275][ T9699]  __kmalloc_noprof+0xd2/0x510
[  355.122307][ T9699]  bpf_test_init.isra.0+0x9e/0x140
[  355.122337][ T9699]  bpf_prog_test_run_skb+0x245/0x2280
[  355.122358][ T9699]  ? __fget_files+0x204/0x3c0
[  355.122382][ T9699]  ? __fget_files+0x20e/0x3c0
[  355.122396][ T9699]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  355.122423][ T9699]  ? fput+0x70/0xf0
[  355.122444][ T9699]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  355.122463][ T9699]  __sys_bpf+0x170a/0x4ea0
[  355.122492][ T9699]  ? __pfx___sys_bpf+0x10/0x10
[  355.122516][ T9699]  ? ksys_write+0x190/0x250
[  355.122545][ T9699]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  355.122581][ T9699]  ? fput+0x70/0xf0
[  355.122598][ T9699]  ? ksys_write+0x1ac/0x250
[  355.122627][ T9699]  ? __pfx_ksys_write+0x10/0x10
[  355.122656][ T9699]  __x64_sys_bpf+0x78/0xc0
[  355.122680][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  355.122706][ T9699]  do_syscall_64+0xcd/0x4c0
[  355.122724][ T9699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.122741][ T9699] RIP: 0033:0x7f95e5f8e9a9
[  355.122754][ T9699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.122770][ T9699] RSP: 002b:00007f95e6dac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  355.122787][ T9699] RAX: ffffffffffffffda RBX: 00007f95e61b5fa0 RCX: 00007f95e5f8e9a9
[  355.122797][ T9699] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  355.122807][ T9699] RBP: 00007f95e6dac090 R08: 0000000000000000 R09: 0000000000000000
[  355.122817][ T9699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.122826][ T9699] R13: 0000000000000000 R14: 00007f95e61b5fa0 R15: 00007fff3c4d47e8
[  355.122849][ T9699]  </TASK>
[  355.347803][    C1] vkms_vblank_simulate: vblank timer overrun
[  355.354601][ T5934] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  355.576054][ T5934] usb 3-1: device descriptor read/64, error -71
[  355.622209][ T9709] netlink: 'syz.1.933': attribute type 1 has an invalid length.
[  356.113321][ T5934] usb usb3-port1: attempt power cycle
[  356.131131][ T9709] 8021q: adding VLAN 0 to HW filter on device bond7
[  356.155739][ T9717] bond6: (slave wlan0): Releasing active interface
[  356.178259][ T9717] bond7: (slave wlan0): Enslaving as an active interface with a down link
[  356.371401][ T9722] FAULT_INJECTION: forcing a failure.
[  356.371401][ T9722] name failslab, interval 1, probability 0, space 0, times 0
[  356.402965][ T9722] CPU: 0 UID: 0 PID: 9722 Comm: syz.4.935 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  356.402991][ T9722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  356.403001][ T9722] Call Trace:
[  356.403007][ T9722]  <TASK>
[  356.403014][ T9722]  dump_stack_lvl+0x16c/0x1f0
[  356.403047][ T9722]  should_fail_ex+0x512/0x640
[  356.403073][ T9722]  ? __kmalloc_noprof+0xbf/0x510
[  356.403100][ T9722]  ? bpf_test_init.isra.0+0x9e/0x140
[  356.403126][ T9722]  should_failslab+0xc2/0x120
[  356.403143][ T9722]  __kmalloc_noprof+0xd2/0x510
[  356.403173][ T9722]  bpf_test_init.isra.0+0x9e/0x140
[  356.403202][ T9722]  bpf_prog_test_run_skb+0x245/0x2280
[  356.403224][ T9722]  ? __fget_files+0x204/0x3c0
[  356.403244][ T9722]  ? __fget_files+0x20e/0x3c0
[  356.403259][ T9722]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  356.403282][ T9722]  ? fput+0x70/0xf0
[  356.403302][ T9722]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  356.403321][ T9722]  __sys_bpf+0x170a/0x4ea0
[  356.403349][ T9722]  ? __pfx___sys_bpf+0x10/0x10
[  356.403373][ T9722]  ? ksys_write+0x190/0x250
[  356.403401][ T9722]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  356.403432][ T9722]  ? fput+0x70/0xf0
[  356.403450][ T9722]  ? ksys_write+0x1ac/0x250
[  356.403473][ T9722]  ? __pfx_ksys_write+0x10/0x10
[  356.403501][ T9722]  __x64_sys_bpf+0x78/0xc0
[  356.403524][ T9722]  ? lockdep_hardirqs_on+0x7c/0x110
[  356.403549][ T9722]  do_syscall_64+0xcd/0x4c0
[  356.403568][ T9722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.403584][ T9722] RIP: 0033:0x7f0f2ad8e9a9
[  356.403599][ T9722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.403627][ T9722] RSP: 002b:00007f0f2bb51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  356.403643][ T9722] RAX: ffffffffffffffda RBX: 00007f0f2afb5fa0 RCX: 00007f0f2ad8e9a9
[  356.403654][ T9722] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 000000000000000a
[  356.403663][ T9722] RBP: 00007f0f2bb51090 R08: 0000000000000000 R09: 0000000000000000
[  356.403673][ T9722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  356.403682][ T9722] R13: 0000000000000000 R14: 00007f0f2afb5fa0 R15: 00007ffd02d5a268
[  356.403705][ T9722]  </TASK>
[  356.759586][ T5934] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  356.769351][   T30] audit: type=1400 audit(1753730882.882:388): avc:  denied  { read } for  pid=9726 comm="syz.3.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  356.813284][ T5934] usb 3-1: device descriptor read/8, error -71
[  356.907392][ T9732] netlink: 'syz.3.940': attribute type 1 has an invalid length.
[  356.942915][ T9732] 8021q: adding VLAN 0 to HW filter on device bond7
[  356.972305][ T9732] bond6: (slave wlan0): Releasing active interface
[  357.051183][ T5934] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  357.059342][ T9732] bond7: (slave wlan0): Enslaving as an active interface with a down link
[  357.134225][ T5934] usb 3-1: device descriptor read/8, error -71
[  357.248106][   T30] audit: type=1400 audit(1753730883.372:389): avc:  denied  { write } for  pid=9731 comm="syz.1.941" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  357.496251][   T30] audit: type=1400 audit(1753730883.412:390): avc:  denied  { bind } for  pid=9736 comm="syz.0.942" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  357.824087][ T5934] usb usb3-port1: unable to enumerate USB device
[  357.947224][   T30] audit: type=1400 audit(1753730884.072:391): avc:  denied  { setopt } for  pid=9754 comm="syz.0.947" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  358.011786][ T9753] netlink: 28 bytes leftover after parsing attributes in process `syz.1.946'.
[  358.022721][ T5825] Bluetooth: hci3: unexpected event for opcode 0x1003
[  358.219644][ T9762] netlink: 'syz.0.949': attribute type 1 has an invalid length.
[  358.286599][ T9762] 8021q: adding VLAN 0 to HW filter on device bond2
[  358.398138][ T9767] netlink: 'syz.4.952': attribute type 1 has an invalid length.
[  358.435582][ T9767] 8021q: adding VLAN 0 to HW filter on device bond5
[  358.484066][ T9767] bond3: (slave wlan0): Releasing active interface
[  358.521997][ T9767] bond5: (slave wlan0): Enslaving as an active interface with a down link
[  358.535847][ T9762] bond1: (slave wlan0): Releasing active interface
[  358.549924][ T9762] bond2: (slave wlan0): Enslaving as an active interface with a down link
[  360.514590][ T9794] process 'syz.0.956' launched '/dev/fd/3' with NULL argv: empty string added
[  360.630846][   T30] audit: type=1400 audit(1753730886.652:392): avc:  denied  { execute_no_trans } for  pid=9788 comm="syz.0.956" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  360.660082][    C1] vkms_vblank_simulate: vblank timer overrun
[  360.813588][ T5936] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  360.973577][ T9797] FAULT_INJECTION: forcing a failure.
[  360.973577][ T9797] name failslab, interval 1, probability 0, space 0, times 0
[  360.990919][ T9797] CPU: 0 UID: 0 PID: 9797 Comm: syz.1.957 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  360.990945][ T9797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  360.990954][ T9797] Call Trace:
[  360.990960][ T9797]  <TASK>
[  360.990966][ T9797]  dump_stack_lvl+0x16c/0x1f0
[  360.990997][ T9797]  should_fail_ex+0x512/0x640
[  360.991023][ T9797]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  360.991052][ T9797]  should_failslab+0xc2/0x120
[  360.991069][ T9797]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  360.991093][ T9797]  ? __alloc_skb+0x2b2/0x380
[  360.991122][ T9797]  __alloc_skb+0x2b2/0x380
[  360.991144][ T9797]  ? __pfx___alloc_skb+0x10/0x10
[  360.991172][ T9797]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  360.991196][ T9797]  netlink_alloc_large_skb+0x69/0x130
[  360.991217][ T9797]  netlink_sendmsg+0x6a1/0xdd0
[  360.991240][ T9797]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.991270][ T9797]  ____sys_sendmsg+0xa98/0xc70
[  360.991291][ T9797]  ? copy_msghdr_from_user+0x10a/0x160
[  360.991307][ T9797]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.991355][ T9797]  ___sys_sendmsg+0x134/0x1d0
[  360.991373][ T9797]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.991387][ T9797]  ? __lock_acquire+0x622/0x1c90
[  360.991432][ T9797]  __sys_sendmsg+0x16d/0x220
[  360.991449][ T9797]  ? __pfx___sys_sendmsg+0x10/0x10
[  360.991481][ T9797]  do_syscall_64+0xcd/0x4c0
[  360.991504][ T9797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.991521][ T9797] RIP: 0033:0x7fb45d98e9a9
[  360.991539][ T9797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.991555][ T9797] RSP: 002b:00007fb45e8c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.991573][ T9797] RAX: ffffffffffffffda RBX: 00007fb45dbb5fa0 RCX: 00007fb45d98e9a9
[  360.991584][ T9797] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000004
[  360.991593][ T9797] RBP: 00007fb45e8c6090 R08: 0000000000000000 R09: 0000000000000000
[  360.991603][ T9797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.991612][ T9797] R13: 0000000000000000 R14: 00007fb45dbb5fa0 R15: 00007ffe31620728
[  360.991634][ T9797]  </TASK>
[  361.061080][ T5936] usb 1-1: Using ep0 maxpacket: 16
[  361.189453][ T9805] syzkaller1: entered promiscuous mode
[  361.313510][ T9805] syzkaller1: entered allmulticast mode
[  361.381894][ T5936] usb 1-1: config 6 has an invalid interface number: 28 but max is 3
[  361.390224][ T5936] usb 1-1: config 6 has an invalid interface number: 4 but max is 3
[  361.410993][ T5936] usb 1-1: config 6 contains an unexpected descriptor of type 0x1, skipping
[  361.420110][ T5936] usb 1-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  361.431835][ T5936] usb 1-1: config 6 has 2 interfaces, different from the descriptor's value: 4
[  361.745037][ T5936] usb 1-1: config 6 has no interface number 0
[  361.790741][ T5936] usb 1-1: config 6 has no interface number 1
[  361.807192][ T5936] usb 1-1: config 6 interface 28 altsetting 0 endpoint 0x2 has invalid maxpacket 1576, setting to 64
[  361.818495][ T5936] usb 1-1: config 6 interface 4 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  361.833448][ T5936] usb 1-1: config 6 interface 4 has no altsetting 0
[  361.847970][ T5936] usb 1-1: New USB device found, idVendor=9022, idProduct=d630, bcdDevice=97.a9
[  361.935756][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.952829][ T5936] usb 1-1: Product: syz
[  362.058694][ T5936] usb 1-1: Manufacturer: syz
[  362.063533][ T5936] usb 1-1: SerialNumber: syz
[  362.198698][ T5825] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  362.209129][ T5825] Bluetooth: hci3: Injecting HCI hardware error event
[  362.223463][ T5836] Bluetooth: hci3: hardware error 0x00
[  362.230188][ T9826] netlink: 4 bytes leftover after parsing attributes in process `syz.1.964'.
[  362.341526][ T9826] netlink: 'syz.1.964': attribute type 21 has an invalid length.
[  362.349642][ T9826] netlink: 'syz.1.964': attribute type 1 has an invalid length.
[  362.357556][ T9826] netlink: 144 bytes leftover after parsing attributes in process `syz.1.964'.
[  362.390887][   T43] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  362.666687][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.677011][   T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  362.763585][ T9832] netlink: 60 bytes leftover after parsing attributes in process `syz.4.967'.
[  363.129500][   T43] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  363.139392][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  363.237434][   T43] usb 3-1: SerialNumber: syz
[  363.239974][ T9834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.968'.
[  363.293790][ T9836] FAULT_INJECTION: forcing a failure.
[  363.293790][ T9836] name failslab, interval 1, probability 0, space 0, times 0
[  363.312710][ T9836] CPU: 1 UID: 0 PID: 9836 Comm: syz.4.969 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  363.312740][ T9836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  363.312751][ T9836] Call Trace:
[  363.312757][ T9836]  <TASK>
[  363.312763][ T9836]  dump_stack_lvl+0x16c/0x1f0
[  363.312797][ T9836]  should_fail_ex+0x512/0x640
[  363.312824][ T9836]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  363.312853][ T9836]  should_failslab+0xc2/0x120
[  363.312871][ T9836]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  363.312895][ T9836]  ? __alloc_skb+0x2b2/0x380
[  363.312923][ T9836]  __alloc_skb+0x2b2/0x380
[  363.312947][ T9836]  ? __pfx___alloc_skb+0x10/0x10
[  363.312973][ T9836]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  363.312998][ T9836]  netlink_alloc_large_skb+0x69/0x130
[  363.313018][ T9836]  netlink_sendmsg+0x6a1/0xdd0
[  363.313041][ T9836]  ? __pfx_netlink_sendmsg+0x10/0x10
[  363.313070][ T9836]  ____sys_sendmsg+0xa98/0xc70
[  363.313092][ T9836]  ? copy_msghdr_from_user+0x10a/0x160
[  363.313107][ T9836]  ? __pfx_____sys_sendmsg+0x10/0x10
[  363.313139][ T9836]  ___sys_sendmsg+0x134/0x1d0
[  363.313157][ T9836]  ? __pfx____sys_sendmsg+0x10/0x10
[  363.313171][ T9836]  ? __lock_acquire+0x622/0x1c90
[  363.313216][ T9836]  __sys_sendmsg+0x16d/0x220
[  363.313233][ T9836]  ? __pfx___sys_sendmsg+0x10/0x10
[  363.313265][ T9836]  do_syscall_64+0xcd/0x4c0
[  363.313283][ T9836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.313300][ T9836] RIP: 0033:0x7f0f2ad8e9a9
[  363.313315][ T9836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.313331][ T9836] RSP: 002b:00007f0f2bb51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  363.313348][ T9836] RAX: ffffffffffffffda RBX: 00007f0f2afb5fa0 RCX: 00007f0f2ad8e9a9
[  363.313358][ T9836] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  363.313368][ T9836] RBP: 00007f0f2bb51090 R08: 0000000000000000 R09: 0000000000000000
[  363.313378][ T9836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.313387][ T9836] R13: 0000000000000000 R14: 00007f0f2afb5fa0 R15: 00007ffd02d5a268
[  363.313409][ T9836]  </TASK>
[  363.533704][    C1] vkms_vblank_simulate: vblank timer overrun
[  363.691695][ T9845] netlink: 'syz.0.972': attribute type 1 has an invalid length.
[  363.771120][ T5936] dvb-usb: found a 'TeVii S630 USB' in cold state, will try to load a firmware
[  363.794516][ T5936] usb 1-1: Direct firmware load for dvb-usb-s630.fw failed with error -2
[  363.808786][ T5936] usb 1-1: Falling back to sysfs fallback for: dvb-usb-s630.fw
[  363.843593][   T30] audit: type=1400 audit(1753730889.932:393): avc:  denied  { firmware_load } for  pid=5936 comm="kworker/1:7" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  364.062144][ T5898] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  364.134827][ T9845] 8021q: adding VLAN 0 to HW filter on device bond3
[  364.167670][ T9847] bond2: (slave wlan0): Releasing active interface
[  364.213139][ T9847] bond3: (slave wlan0): Enslaving as an active interface with a down link
[  364.240836][ T5898] usb 2-1: Using ep0 maxpacket: 16
[  364.247660][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.269283][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  364.318383][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  364.350499][   T43] usb 3-1: 0:2 : does not exist
[  364.358588][   T43] usb 3-1: unit 5 not found!
[  364.366354][ T5898] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  364.404955][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  364.423252][   T43] usb 3-1: USB disconnect, device number 15
[  364.438139][ T5898] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  364.558928][ T5836] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  364.596566][ T5898] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  365.059313][ T5898] usb 2-1: Manufacturer: syz
[  365.077485][ T5898] usb 2-1: config 0 descriptor??
[  365.093540][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  365.293096][ T9842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.379506][ T9842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.417274][ T9842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.482394][ T9842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.497254][ T9842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.573776][ T9842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.667827][ T9842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.680074][ T9842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.688267][ T5898] rc_core: IR keymap rc-hauppauge not found
[  365.698429][ T5898] Registered IR keymap rc-empty
[  365.700498][ T9842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.711045][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  365.753246][ T9842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.761336][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  365.886530][ T5898] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  365.893821][ T5898] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input14
[  366.479830][   T30] audit: type=1400 audit(1753730892.602:394): avc:  denied  { ioctl } for  pid=5185 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3051 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  366.520924][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.551605][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.582300][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.647190][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.670915][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.695818][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.710268][ T9892] netlink: 'syz.2.980': attribute type 11 has an invalid length.
[  366.720859][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.730481][ T9892] netlink: 149476 bytes leftover after parsing attributes in process `syz.2.980'.
[  366.740855][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.760862][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.780816][ T5898] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  366.802392][ T9891] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  366.814586][ T5898] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  366.825945][ T5898] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  366.830924][ T5934] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  367.062995][ T5934] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  367.073491][ T5934] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  367.104082][ T9901] netlink: 'syz.4.983': attribute type 1 has an invalid length.
[  367.125776][ T9901] 8021q: adding VLAN 0 to HW filter on device bond6
[  367.138757][ T5934] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  367.155722][ T5934] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  367.168816][ T9904] FAULT_INJECTION: forcing a failure.
[  367.168816][ T9904] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.189281][ T9905] bond5: (slave wlan0): Releasing active interface
[  367.203732][ T9905] bond6: (slave wlan0): Enslaving as an active interface with a down link
[  367.214467][ T5934] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  367.224238][ T5934] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  367.234999][ T9904] CPU: 0 UID: 0 PID: 9904 Comm: syz.2.984 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  367.235020][ T9904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  367.235030][ T9904] Call Trace:
[  367.235035][ T9904]  <TASK>
[  367.235041][ T9904]  dump_stack_lvl+0x16c/0x1f0
[  367.235072][ T9904]  should_fail_ex+0x512/0x640
[  367.235100][ T9904]  _copy_to_user+0x32/0xd0
[  367.235117][ T9904]  simple_read_from_buffer+0xcb/0x170
[  367.235140][ T9904]  proc_fail_nth_read+0x197/0x270
[  367.235155][ T9904]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.235171][ T9904]  ? rw_verify_area+0xcf/0x680
[  367.235184][ T9904]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.235203][ T9904]  vfs_read+0x1e1/0xc60
[  367.235228][ T9904]  ? __pfx___mutex_lock+0x10/0x10
[  367.235243][ T9904]  ? __pfx_vfs_read+0x10/0x10
[  367.235272][ T9904]  ? __fget_files+0x20e/0x3c0
[  367.235287][ T9904]  ksys_read+0x12a/0x250
[  367.235302][ T9904]  ? __pfx_ksys_read+0x10/0x10
[  367.235320][ T9904]  do_syscall_64+0xcd/0x4c0
[  367.235331][ T9904]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.235345][ T9904] RIP: 0033:0x7f7203f8d3bc
[  367.235359][ T9904] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  367.235374][ T9904] RSP: 002b:00007f7204dbc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  367.235389][ T9904] RAX: ffffffffffffffda RBX: 00007f72041b5fa0 RCX: 00007f7203f8d3bc
[  367.235399][ T9904] RDX: 000000000000000f RSI: 00007f7204dbc0a0 RDI: 0000000000000006
[  367.235408][ T9904] RBP: 00007f7204dbc090 R08: 0000000000000000 R09: 0000000000000000
[  367.235417][ T9904] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  367.235425][ T9904] R13: 0000000000000000 R14: 00007f72041b5fa0 R15: 00007ffde65182a8
[  367.235438][ T9904]  </TASK>
[  367.239144][ T5934] usb 4-1: Product: syz
[  367.498608][ T5934] usb 4-1: Manufacturer: syz
[  367.520437][ T5934] cdc_wdm 4-1:1.0: skipping garbage
[  367.537736][ T5934] cdc_wdm 4-1:1.0: skipping garbage
[  367.580026][ T5934] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  367.936843][ T5934] cdc_wdm 4-1:1.0: Unknown control protocol
[  367.954376][ T5934] usb 4-1: USB disconnect, device number 13
[  368.145609][ T5905] usb 2-1: USB disconnect, device number 10
[  368.236019][ T9917] 9pnet_fd: Insufficient options for proto=fd
[  369.396918][ T9933] netlink: 'syz.3.991': attribute type 10 has an invalid length.
[  369.654161][ T9937] fuse: Bad value for 'group_id'
[  369.659193][ T9937] fuse: Bad value for 'group_id'
[  370.390797][   T30] audit: type=1400 audit(1753730895.772:395): avc:  denied  { connect } for  pid=9935 comm="syz.0.993" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  370.601039][ T9942] netlink: 'syz.0.995': attribute type 1 has an invalid length.
[  370.793867][ T9942] 8021q: adding VLAN 0 to HW filter on device bond4
[  370.873302][ T9944] bond3: (slave wlan0): Releasing active interface
[  370.965248][ T9944] bond4: (slave wlan0): Enslaving as an active interface with a down link
[  371.165627][   T36] vlan0: left promiscuous mode
[  371.460053][   T30] audit: type=1400 audit(1753730897.582:396): avc:  denied  { ioctl } for  pid=9956 comm="syz.4.999" path="mnt:[4026533073]" dev="nsfs" ino=4026533073 ioctlcmd=0x662b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  371.757433][ T9948] infiniband syz2: set active
[  371.765000][ T9948] infiniband syz2: added batadv_slave_1
[  372.108223][ T9948] syz2: rxe_create_cq: returned err = -12
[  372.114931][ T9964] xt_TCPMSS: Only works on TCP SYN packets
[  372.120985][ T9948] infiniband syz2: Couldn't create ib_mad CQ
[  372.130274][ T9948] infiniband syz2: Couldn't open port 1
[  372.211535][ T9971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1003'.
[  372.940433][ T9948] RDS/IB: syz2: added
[  372.950390][ T9948] smc: adding ib device syz2 with port count 1
[  372.985600][ T9948] smc:    ib device syz2 port 1 has pnetid 
[  373.101325][ T9982] netlink: 'syz.3.1007': attribute type 1 has an invalid length.
[  373.796039][ T9995] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1008'.
[  374.277980][ T9982] 8021q: adding VLAN 0 to HW filter on device bond8
[  374.315713][ T9985] bond7: (slave wlan0): Releasing active interface
[  374.335373][ T9985] bond8: (slave wlan0): Enslaving as an active interface with a down link
[  374.681965][T10010] netlink: 'syz.3.1012': attribute type 1 has an invalid length.
[  374.715991][T10010] 8021q: adding VLAN 0 to HW filter on device bond9
[  374.756501][T10010] bond8: (slave wlan0): Releasing active interface
[  374.767704][T10010] bond9: (slave wlan0): Enslaving as an active interface with a down link
[  374.811347][ T5891] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  375.312168][ T5891] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  375.350879][ T5891] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  375.369632][ T5891] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  375.382147][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  375.402590][ T5891] usb 3-1: SerialNumber: syz
[  377.143822][T10027] netlink: 'syz.1.1016': attribute type 1 has an invalid length.
[  377.672712][ T5891] usb 3-1: 0:2 : does not exist
[  377.678013][ T5891] usb 3-1: unit 5 not found!
[  377.691808][T10027] 8021q: adding VLAN 0 to HW filter on device bond8
[  377.714980][ T5891] usb 3-1: USB disconnect, device number 16
[  377.737393][T10030] bond7: (slave wlan0): Releasing active interface
[  377.817630][T10030] bond8: (slave wlan0): Enslaving as an active interface with a down link
[  377.839467][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  378.107093][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.113894][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  378.237109][T10055] tipc: Started in network mode
[  378.242879][T10055] tipc: Node identity e2ad598ff1c1, cluster identity 4711
[  378.252735][T10055] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.280638][T10055] syzkaller0: entered promiscuous mode
[  378.287013][T10055] syzkaller0: entered allmulticast mode
[  378.304816][T10055] input: syz1 as /devices/virtual/input/input16
[  379.026828][   T30] audit: type=1400 audit(1753730905.092:397): avc:  denied  { read } for  pid=10065 comm="syz.3.1027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  379.124598][T10054] tipc: Resetting bearer <eth:syzkaller0>
[  379.268438][ T5934] tipc: Node number set to 325867919
[  379.281842][T10054] tipc: Disabling bearer <eth:syzkaller0>
[  379.305643][T10073] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1028'.
[  379.393580][T10072] netlink: 'syz.1.1028': attribute type 21 has an invalid length.
[  379.401864][T10072] netlink: 'syz.1.1028': attribute type 1 has an invalid length.
[  379.409779][T10072] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1028'.
[  379.588694][T10080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1029'.
[  379.642580][T10080] netlink: 'syz.3.1029': attribute type 21 has an invalid length.
[  379.650568][T10080] netlink: 'syz.3.1029': attribute type 1 has an invalid length.
[  379.658398][T10080] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1029'.
[  379.913749][   T30] audit: type=1400 audit(1753730906.042:398): avc:  denied  { setopt } for  pid=10082 comm="syz.4.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  379.996344][T10086] netlink: 'syz.1.1032': attribute type 1 has an invalid length.
[  380.249365][T10093] netlink: 'syz.3.1033': attribute type 1 has an invalid length.
[  380.378975][T10086] 8021q: adding VLAN 0 to HW filter on device bond9
[  380.469215][T10094] bond8: (slave wlan0): Releasing active interface
[  380.515642][T10094] bond9: (slave wlan0): Enslaving as an active interface with a down link
[  380.663366][T10093] 8021q: adding VLAN 0 to HW filter on device bond10
[  380.713192][T10096] bond9: (slave wlan0): Releasing active interface
[  380.742086][T10096] bond10: (slave wlan0): Enslaving as an active interface with a down link
[  381.018038][T10109] netlink: 'syz.4.1039': attribute type 1 has an invalid length.
[  381.119163][T10113] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1038'.
[  381.587680][T10109] 8021q: adding VLAN 0 to HW filter on device bond7
[  381.621076][T10115] bond6: (slave wlan0): Releasing active interface
[  381.941770][T10115] bond7: (slave wlan0): Enslaving as an active interface with a down link
[  382.097557][T10119] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1040'.
[  383.325857][T10128] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1042'.
[  383.464221][T10126] netlink: 'syz.1.1042': attribute type 21 has an invalid length.
[  383.476983][T10126] netlink: 'syz.1.1042': attribute type 1 has an invalid length.
[  383.484744][T10126] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1042'.
[  383.750809][ T5934] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  383.976146][T10139] netlink: 'syz.1.1045': attribute type 11 has an invalid length.
[  383.984031][T10139] netlink: 149476 bytes leftover after parsing attributes in process `syz.1.1045'.
[  384.568972][T10136] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  384.797684][ T5934] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  384.918422][ T5934] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  385.072173][ T5934] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  385.186005][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  385.236898][ T5934] usb 3-1: SerialNumber: syz
[  386.905087][T10167] netlink: 'syz.3.1051': attribute type 1 has an invalid length.
[  386.941649][T10167] 8021q: adding VLAN 0 to HW filter on device bond11
[  386.977016][T10167] bond10: (slave wlan0): Releasing active interface
[  386.980939][ T5966] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  387.004958][T10167] bond11: (slave wlan0): Enslaving as an active interface with a down link
[  387.066922][ T5934] usb 3-1: 0:2 : does not exist
[  387.078243][ T5934] usb 3-1: unit 5 not found!
[  387.097322][ T5934] usb 3-1: USB disconnect, device number 17
[  387.143527][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  387.178189][ T5966] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  387.226321][ T5966] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  387.273347][ T5966] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  387.293853][ T5966] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  387.313154][ T5966] usb 2-1: SerialNumber: syz
[  388.159757][ T5966] usb 2-1: 0:2 : does not exist
[  388.182096][ T5966] usb 2-1: unit 5 not found!
[  388.251231][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1055'.
[  388.270299][T10195] netlink: 'syz.2.1055': attribute type 21 has an invalid length.
[  388.279151][T10195] netlink: 'syz.2.1055': attribute type 1 has an invalid length.
[  388.287073][T10195] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1055'.
[  388.529579][ T5966] usb 2-1: USB disconnect, device number 11
[  388.686699][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  388.954659][T10203] FAULT_INJECTION: forcing a failure.
[  388.954659][T10203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.967783][T10203] CPU: 1 UID: 0 PID: 10203 Comm: syz.4.1056 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  388.967805][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  388.967816][T10203] Call Trace:
[  388.967822][T10203]  <TASK>
[  388.967828][T10203]  dump_stack_lvl+0x16c/0x1f0
[  388.967861][T10203]  should_fail_ex+0x512/0x640
[  388.967892][T10203]  _copy_from_user+0x2e/0xd0
[  388.967911][T10203]  __keyctl_dh_compute+0x1b6/0x10e0
[  388.967933][T10203]  ? get_pid_task+0xfc/0x250
[  388.967951][T10203]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  388.967973][T10203]  ? __lock_acquire+0xb8a/0x1c90
[  388.968016][T10203]  keyctl_dh_compute+0xd2/0x140
[  388.968035][T10203]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  388.968058][T10203]  ? ksys_write+0x1ac/0x250
[  388.968083][T10203]  ? __pfx_ksys_write+0x10/0x10
[  388.968111][T10203]  __do_sys_keyctl+0x4df/0x590
[  388.968137][T10203]  do_syscall_64+0xcd/0x4c0
[  388.968155][T10203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.968172][T10203] RIP: 0033:0x7f0f2ad8e9a9
[  388.968186][T10203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.968202][T10203] RSP: 002b:00007f0f2bb51038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  388.968218][T10203] RAX: ffffffffffffffda RBX: 00007f0f2afb5fa0 RCX: 00007f0f2ad8e9a9
[  388.968230][T10203] RDX: 0000200000000280 RSI: 0000200000000400 RDI: 0000000000000017
[  388.968240][T10203] RBP: 00007f0f2bb51090 R08: 00002000000003c0 R09: 0000000000000000
[  388.968250][T10203] R10: 00000000000000be R11: 0000000000000246 R12: 0000000000000001
[  388.968260][T10203] R13: 0000000000000000 R14: 00007f0f2afb5fa0 R15: 00007ffd02d5a268
[  388.968283][T10203]  </TASK>
[  389.668797][T10217] FAULT_INJECTION: forcing a failure.
[  389.668797][T10217] name failslab, interval 1, probability 0, space 0, times 0
[  389.681793][T10217] CPU: 1 UID: 0 PID: 10217 Comm: syz.0.1064 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  389.681817][T10217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  389.681827][T10217] Call Trace:
[  389.681833][T10217]  <TASK>
[  389.681839][T10217]  dump_stack_lvl+0x16c/0x1f0
[  389.681873][T10217]  should_fail_ex+0x512/0x640
[  389.681899][T10217]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  389.681928][T10217]  should_failslab+0xc2/0x120
[  389.681944][T10217]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  389.681971][T10217]  ? __alloc_skb+0x2b2/0x380
[  389.682001][T10217]  __alloc_skb+0x2b2/0x380
[  389.682027][T10217]  ? __pfx___alloc_skb+0x10/0x10
[  389.682055][T10217]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  389.682079][T10217]  netlink_alloc_large_skb+0x69/0x130
[  389.682099][T10217]  netlink_sendmsg+0x6a1/0xdd0
[  389.682123][T10217]  ? __pfx_netlink_sendmsg+0x10/0x10
[  389.682151][T10217]  ____sys_sendmsg+0xa98/0xc70
[  389.682174][T10217]  ? copy_msghdr_from_user+0x10a/0x160
[  389.682190][T10217]  ? __pfx_____sys_sendmsg+0x10/0x10
[  389.682222][T10217]  ___sys_sendmsg+0x134/0x1d0
[  389.682240][T10217]  ? __pfx____sys_sendmsg+0x10/0x10
[  389.682254][T10217]  ? __lock_acquire+0x622/0x1c90
[  389.682305][T10217]  __sys_sendmsg+0x16d/0x220
[  389.682322][T10217]  ? __pfx___sys_sendmsg+0x10/0x10
[  389.682354][T10217]  do_syscall_64+0xcd/0x4c0
[  389.682372][T10217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.682389][T10217] RIP: 0033:0x7f95e5f8e9a9
[  389.682403][T10217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.682419][T10217] RSP: 002b:00007f95e6dac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  389.682436][T10217] RAX: ffffffffffffffda RBX: 00007f95e61b5fa0 RCX: 00007f95e5f8e9a9
[  389.682446][T10217] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000003
[  389.682456][T10217] RBP: 00007f95e6dac090 R08: 0000000000000000 R09: 0000000000000000
[  389.682465][T10217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.682475][T10217] R13: 0000000000000000 R14: 00007f95e61b5fa0 R15: 00007fff3c4d47e8
[  389.682498][T10217]  </TASK>
[  390.146286][ T5966] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  390.510888][ T5966] usb 2-1: Using ep0 maxpacket: 16
[  390.849517][ T5966] usb 2-1: unable to get BOS descriptor or descriptor too short
[  390.893098][ T5966] usb 2-1: config 1 has an invalid descriptor of length 14, skipping remainder of the config
[  390.930904][ T5966] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  391.006243][ T5966] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  391.015862][ T5966] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.025637][ T5966] usb 2-1: Product: syz
[  391.043400][ T5966] usb 2-1: Manufacturer: syz
[  391.056008][ T5966] usb 2-1: SerialNumber: syz
[  391.324919][   T30] audit: type=1400 audit(1753730917.428:399): avc:  denied  { create } for  pid=10212 comm="syz.1.1061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  391.431311][T10242] netlink: 'syz.3.1067': attribute type 1 has an invalid length.
[  391.439619][   T30] audit: type=1400 audit(1753730917.428:400): avc:  denied  { sys_admin } for  pid=10212 comm="syz.1.1061" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  391.616056][T10242] 8021q: adding VLAN 0 to HW filter on device bond12
[  391.754752][T10245] bond11: (slave wlan0): Releasing active interface
[  391.813305][T10245] bond12: (slave wlan0): Enslaving as an active interface with a down link
[  392.049407][T10277] FAULT_INJECTION: forcing a failure.
[  392.049407][T10277] name failslab, interval 1, probability 0, space 0, times 0
[  392.078688][T10277] CPU: 1 UID: 0 PID: 10277 Comm: syz.0.1074 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  392.078715][T10277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  392.078725][T10277] Call Trace:
[  392.078731][T10277]  <TASK>
[  392.078738][T10277]  dump_stack_lvl+0x16c/0x1f0
[  392.078769][T10277]  should_fail_ex+0x512/0x640
[  392.078794][T10277]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  392.078823][T10277]  should_failslab+0xc2/0x120
[  392.078840][T10277]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  392.078866][T10277]  ? __alloc_skb+0x2b2/0x380
[  392.078895][T10277]  __alloc_skb+0x2b2/0x380
[  392.078919][T10277]  ? __pfx___alloc_skb+0x10/0x10
[  392.078946][T10277]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  392.078971][T10277]  netlink_alloc_large_skb+0x69/0x130
[  392.078992][T10277]  netlink_sendmsg+0x6a1/0xdd0
[  392.079016][T10277]  ? __pfx_netlink_sendmsg+0x10/0x10
[  392.079044][T10277]  ____sys_sendmsg+0xa98/0xc70
[  392.079066][T10277]  ? copy_msghdr_from_user+0x10a/0x160
[  392.079081][T10277]  ? __pfx_____sys_sendmsg+0x10/0x10
[  392.079113][T10277]  ___sys_sendmsg+0x134/0x1d0
[  392.079130][T10277]  ? __pfx____sys_sendmsg+0x10/0x10
[  392.079144][T10277]  ? __lock_acquire+0x622/0x1c90
[  392.079187][T10277]  __sys_sendmsg+0x16d/0x220
[  392.079204][T10277]  ? __pfx___sys_sendmsg+0x10/0x10
[  392.079244][T10277]  do_syscall_64+0xcd/0x4c0
[  392.079263][T10277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.079280][T10277] RIP: 0033:0x7f95e5f8e9a9
[  392.079294][T10277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.079308][T10277] RSP: 002b:00007f95e6dac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.079323][T10277] RAX: ffffffffffffffda RBX: 00007f95e61b5fa0 RCX: 00007f95e5f8e9a9
[  392.079333][T10277] RDX: 0000000000000000 RSI: 0000200000001140 RDI: 0000000000000004
[  392.079343][T10277] RBP: 00007f95e6dac090 R08: 0000000000000000 R09: 0000000000000000
[  392.079352][T10277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.079360][T10277] R13: 0000000000000000 R14: 00007f95e61b5fa0 R15: 00007fff3c4d47e8
[  392.079381][T10277]  </TASK>
[  392.361367][   T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  392.539138][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  392.541615][ T5905] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  392.550291][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  392.734841][   T24] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  392.748395][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  392.806135][   T24] usb 3-1: SerialNumber: syz
[  392.890833][ T5905] usb 5-1: Using ep0 maxpacket: 16
[  392.897532][ T5905] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  392.911823][ T5905] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  392.939781][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.959391][ T5905] usb 5-1: Product: syz
[  392.969221][ T5905] usb 5-1: Manufacturer: syz
[  392.983339][ T5905] usb 5-1: SerialNumber: syz
[  393.006971][ T5905] usb 5-1: config 0 descriptor??
[  393.045113][ T5905] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  393.062171][ T5905] usb 5-1: Detected FT232R
[  395.171899][ T5905] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  395.184449][ T5905] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71
[  395.201048][ T5905] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  395.249045][   T24] usb 3-1: 0:2 : does not exist
[  395.254765][ T5905] usb 5-1: USB disconnect, device number 12
[  395.266663][ T5905] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  395.280419][ T5905] ftdi_sio 5-1:0.0: device disconnected
[  395.294003][   T24] usb 3-1: unit 5 not found!
[  395.321154][ T5966] cdc_ether 2-1:1.0: skipping garbage
[  395.364839][ T5966] cdc_ether 2-1:1.0: skipping garbage
[  395.384333][ T5966] cdc_ether 2-1:1.0: skipping garbage
[  395.389744][ T5966] cdc_ether 2-1:1.0: skipping garbage
[  395.397232][ T5966] cdc_ether 2-1:1.0: skipping garbage
[  395.401113][   T24] usb 3-1: USB disconnect, device number 18
[  395.402952][ T5966] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  395.433412][ T5966] usb 2-1: USB disconnect, device number 12
[  395.604187][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  395.750803][ T5905] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  395.891772][ T5891] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  395.912236][ T5905] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  395.942827][ T5905] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  395.953375][ T5905] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  395.970423][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  395.975363][T10318] FAULT_INJECTION: forcing a failure.
[  395.975363][T10318] name failslab, interval 1, probability 0, space 0, times 0
[  395.978688][ T5905] usb 5-1: SerialNumber: syz
[  396.000703][T10318] CPU: 1 UID: 0 PID: 10318 Comm: syz.0.1081 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  396.000725][T10318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  396.000733][T10318] Call Trace:
[  396.000738][T10318]  <TASK>
[  396.000744][T10318]  dump_stack_lvl+0x16c/0x1f0
[  396.000770][T10318]  should_fail_ex+0x512/0x640
[  396.000790][T10318]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  396.000813][T10318]  should_failslab+0xc2/0x120
[  396.000826][T10318]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  396.000846][T10318]  ? __alloc_skb+0x2b2/0x380
[  396.000870][T10318]  __alloc_skb+0x2b2/0x380
[  396.000890][T10318]  ? __pfx___alloc_skb+0x10/0x10
[  396.000911][T10318]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  396.000932][T10318]  netlink_alloc_large_skb+0x69/0x130
[  396.000948][T10318]  netlink_sendmsg+0x6a1/0xdd0
[  396.000967][T10318]  ? __pfx_netlink_sendmsg+0x10/0x10
[  396.000991][T10318]  ____sys_sendmsg+0xa98/0xc70
[  396.001009][T10318]  ? copy_msghdr_from_user+0x10a/0x160
[  396.001021][T10318]  ? __pfx_____sys_sendmsg+0x10/0x10
[  396.001047][T10318]  ___sys_sendmsg+0x134/0x1d0
[  396.001061][T10318]  ? __pfx____sys_sendmsg+0x10/0x10
[  396.001072][T10318]  ? __lock_acquire+0x622/0x1c90
[  396.001110][T10318]  __sys_sendmsg+0x16d/0x220
[  396.001123][T10318]  ? __pfx___sys_sendmsg+0x10/0x10
[  396.001149][T10318]  do_syscall_64+0xcd/0x4c0
[  396.001165][T10318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.001178][T10318] RIP: 0033:0x7f95e5f8e9a9
[  396.001191][T10318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.001204][T10318] RSP: 002b:00007f95e6dac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  396.001218][T10318] RAX: ffffffffffffffda RBX: 00007f95e61b5fa0 RCX: 00007f95e5f8e9a9
[  396.001227][T10318] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  396.001235][T10318] RBP: 00007f95e6dac090 R08: 0000000000000000 R09: 0000000000000000
[  396.001243][T10318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.001250][T10318] R13: 0000000000000000 R14: 00007f95e61b5fa0 R15: 00007fff3c4d47e8
[  396.001268][T10318]  </TASK>
[  396.302176][ T5891] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  396.312424][ T5891] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  396.326960][ T5891] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  396.345240][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  396.382237][ T5891] usb 4-1: SerialNumber: syz
[  396.863764][T10332] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1084'.
[  396.888995][T10332] netlink: 'syz.2.1084': attribute type 21 has an invalid length.
[  396.897501][T10332] netlink: 'syz.2.1084': attribute type 1 has an invalid length.
[  396.905447][T10332] netlink: 144 bytes leftover after parsing attributes in process `syz.2.1084'.
[  398.122550][   T30] audit: type=1400 audit(1753730923.878:401): avc:  denied  { getopt } for  pid=10333 comm="syz.0.1085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  398.160002][ T5891] usb 4-1: 0:2 : does not exist
[  398.191295][ T5891] usb 4-1: unit 5 not found!
[  398.256317][ T5905] usb 5-1: 0:2 : does not exist
[  398.262127][ T5905] usb 5-1: unit 5 not found!
[  398.280947][ T5891] usb 4-1: USB disconnect, device number 14
[  398.399576][ T5905] usb 5-1: USB disconnect, device number 13
[  398.942865][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  399.761318][   T30] audit: type=1400 audit(1753730925.548:402): avc:  denied  { ioctl } for  pid=10345 comm="syz.2.1089" path="socket:[26452]" dev="sockfs" ino=26452 ioctlcmd=0xaf07 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  399.786960][   T30] audit: type=1400 audit(1753730925.568:403): avc:  denied  { mount } for  pid=10345 comm="syz.2.1089" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  399.890875][ T5905] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  400.054105][ T5905] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  400.073744][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.109560][   T30] audit: type=1400 audit(1753730926.238:404): avc:  denied  { unmount } for  pid=5832 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  400.161667][ T5905] usb 4-1: config 0 descriptor??
[  400.256228][T10361] FAULT_INJECTION: forcing a failure.
[  400.256228][T10361] name failslab, interval 1, probability 0, space 0, times 0
[  400.302249][T10361] CPU: 0 UID: 0 PID: 10361 Comm: syz.2.1094 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  400.302268][T10361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  400.302274][T10361] Call Trace:
[  400.302278][T10361]  <TASK>
[  400.302282][T10361]  dump_stack_lvl+0x16c/0x1f0
[  400.302303][T10361]  should_fail_ex+0x512/0x640
[  400.302320][T10361]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  400.302337][T10361]  should_failslab+0xc2/0x120
[  400.302350][T10361]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  400.302366][T10361]  ? __alloc_skb+0x2b2/0x380
[  400.302384][T10361]  __alloc_skb+0x2b2/0x380
[  400.302400][T10361]  ? __pfx___alloc_skb+0x10/0x10
[  400.302416][T10361]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  400.302433][T10361]  netlink_alloc_large_skb+0x69/0x130
[  400.302446][T10361]  netlink_sendmsg+0x6a1/0xdd0
[  400.302460][T10361]  ? __pfx_netlink_sendmsg+0x10/0x10
[  400.302476][T10361]  ____sys_sendmsg+0xa98/0xc70
[  400.302490][T10361]  ? copy_msghdr_from_user+0x10a/0x160
[  400.302500][T10361]  ? __pfx_____sys_sendmsg+0x10/0x10
[  400.302523][T10361]  ___sys_sendmsg+0x134/0x1d0
[  400.302533][T10361]  ? __pfx____sys_sendmsg+0x10/0x10
[  400.302542][T10361]  ? __lock_acquire+0x622/0x1c90
[  400.302568][T10361]  __sys_sendmsg+0x16d/0x220
[  400.302578][T10361]  ? __pfx___sys_sendmsg+0x10/0x10
[  400.302596][T10361]  do_syscall_64+0xcd/0x4c0
[  400.302607][T10361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.302618][T10361] RIP: 0033:0x7f7203f8e9a9
[  400.302627][T10361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.302637][T10361] RSP: 002b:00007f7204dbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  400.302647][T10361] RAX: ffffffffffffffda RBX: 00007f72041b5fa0 RCX: 00007f7203f8e9a9
[  400.302653][T10361] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  400.302659][T10361] RBP: 00007f7204dbc090 R08: 0000000000000000 R09: 0000000000000000
[  400.302665][T10361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.302671][T10361] R13: 0000000000000000 R14: 00007f72041b5fa0 R15: 00007ffde65182a8
[  400.302683][T10361]  </TASK>
[  400.559730][   T30] audit: type=1400 audit(1753730926.498:405): avc:  denied  { create } for  pid=10362 comm="syz.0.1095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  400.714237][T10369] netlink: 'syz.1.1096': attribute type 1 has an invalid length.
[  401.308361][ T5905] usb 4-1: Cannot read MAC address
[  401.320349][ T5905] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  401.352998][T10369] 8021q: adding VLAN 0 to HW filter on device bond10
[  401.390239][ T5905] usb 4-1: USB disconnect, device number 15
[  401.455463][T10371] bond9: (slave wlan0): Releasing active interface
[  401.495145][T10371] bond10: (slave wlan0): Enslaving as an active interface with a down link
[  401.849333][   T30] audit: type=1326 audit(1753730927.978:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10382 comm="syz.2.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7203f8e9a9 code=0x7ffc0000
[  401.873472][   T30] audit: type=1326 audit(1753730928.008:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10382 comm="syz.2.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7203f8e9a9 code=0x7ffc0000
[  401.942241][   T30] audit: type=1326 audit(1753730928.028:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10382 comm="syz.2.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f7203f8e9a9 code=0x7ffc0000
[  401.967566][   T30] audit: type=1326 audit(1753730928.028:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10382 comm="syz.2.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7203f8e9a9 code=0x7ffc0000
[  402.011760][   T30] audit: type=1326 audit(1753730928.028:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10382 comm="syz.2.1100" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7203f8e9a9 code=0x7ffc0000
[  402.459697][T10388] 8021q: VLANs not supported on ipvlan1
[  402.467734][T10387] [U] 
[  403.049931][T10406] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1109'.
[  403.477891][T10418] netlink: 'syz.1.1112': attribute type 1 has an invalid length.
[  403.680638][T10418] 8021q: adding VLAN 0 to HW filter on device bond11
[  403.759003][T10425] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1111'.
[  404.293381][T10422] bond10: (slave wlan0): Releasing active interface
[  404.732014][T10422] bond11: (slave wlan0): Enslaving as an active interface with a down link
[  404.761886][T10431] netlink: 'syz.0.1113': attribute type 6 has an invalid length.
[  404.861559][T10431] FAULT_INJECTION: forcing a failure.
[  404.861559][T10431] name failslab, interval 1, probability 0, space 0, times 0
[  404.919327][T10431] CPU: 1 UID: 0 PID: 10431 Comm: syz.0.1113 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  404.919358][T10431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  404.919368][T10431] Call Trace:
[  404.919374][T10431]  <TASK>
[  404.919381][T10431]  dump_stack_lvl+0x16c/0x1f0
[  404.919412][T10431]  should_fail_ex+0x512/0x640
[  404.919437][T10431]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  404.919464][T10431]  should_failslab+0xc2/0x120
[  404.919481][T10431]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  404.919504][T10431]  ? __alloc_skb+0x2b2/0x380
[  404.919534][T10431]  __alloc_skb+0x2b2/0x380
[  404.919559][T10431]  ? __pfx___alloc_skb+0x10/0x10
[  404.919583][T10431]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  404.919609][T10431]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  404.919641][T10431]  netlink_alloc_large_skb+0x69/0x130
[  404.919662][T10431]  netlink_sendmsg+0x6a1/0xdd0
[  404.919684][T10431]  ? __pfx_netlink_sendmsg+0x10/0x10
[  404.919711][T10431]  ____sys_sendmsg+0xa98/0xc70
[  404.919733][T10431]  ? copy_msghdr_from_user+0x10a/0x160
[  404.919749][T10431]  ? __pfx_____sys_sendmsg+0x10/0x10
[  404.919773][T10431]  ? __pfx__kstrtoull+0x10/0x10
[  404.919800][T10431]  ___sys_sendmsg+0x134/0x1d0
[  404.919817][T10431]  ? __pfx____sys_sendmsg+0x10/0x10
[  404.919845][T10431]  ? find_held_lock+0x2b/0x80
[  404.919881][T10431]  __sys_sendmmsg+0x200/0x420
[  404.919900][T10431]  ? __pfx___sys_sendmmsg+0x10/0x10
[  404.919924][T10431]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  404.919952][T10431]  ? fput+0x70/0xf0
[  404.919971][T10431]  ? ksys_write+0x1ac/0x250
[  404.919995][T10431]  ? __pfx_ksys_write+0x10/0x10
[  404.920023][T10431]  __x64_sys_sendmmsg+0x9c/0x100
[  404.920039][T10431]  ? lockdep_hardirqs_on+0x7c/0x110
[  404.920066][T10431]  do_syscall_64+0xcd/0x4c0
[  404.920084][T10431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.920101][T10431] RIP: 0033:0x7f95e5f8e9a9
[  404.920114][T10431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.920130][T10431] RSP: 002b:00007f95e6dac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  404.920146][T10431] RAX: ffffffffffffffda RBX: 00007f95e61b5fa0 RCX: 00007f95e5f8e9a9
[  404.920157][T10431] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003
[  404.920166][T10431] RBP: 00007f95e6dac090 R08: 0000000000000000 R09: 0000000000000000
[  404.920176][T10431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.920185][T10431] R13: 0000000000000000 R14: 00007f95e61b5fa0 R15: 00007fff3c4d47e8
[  404.920203][T10431]  </TASK>
[  405.173768][    C1] vkms_vblank_simulate: vblank timer overrun
[  405.514678][T10442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1116'.
[  405.533013][T10442] netlink: 'syz.1.1116': attribute type 21 has an invalid length.
[  405.541289][T10442] netlink: 'syz.1.1116': attribute type 1 has an invalid length.
[  405.549076][T10442] netlink: 144 bytes leftover after parsing attributes in process `syz.1.1116'.
[  405.963246][T10447] netlink: 'syz.1.1118': attribute type 1 has an invalid length.
[  406.442068][T10447] 8021q: adding VLAN 0 to HW filter on device bond12
[  406.858459][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  406.858486][   T30] audit: type=1400 audit(1753730932.978:442): avc:  denied  { kexec_image_load } for  pid=10453 comm="syz.0.1121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  407.092559][T10466] sp0: Synchronizing with TNC
[  407.098450][   T30] audit: type=1400 audit(1753730933.218:443): avc:  denied  { bind } for  pid=10465 comm="syz.4.1122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  407.347177][T10468] sp0: Found TNC
[  407.542731][T10465] [U] è`
[  408.009103][T10481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1127'.
[  408.074082][T10481] netlink: 'syz.4.1127': attribute type 21 has an invalid length.
[  408.082431][T10481] netlink: 'syz.4.1127': attribute type 1 has an invalid length.
[  408.090209][T10481] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1127'.
[  409.458538][   T30] audit: type=1400 audit(1753730935.588:444): avc:  denied  { mounton } for  pid=10490 comm="syz.0.1130" path="/250/file0" dev="tmpfs" ino=1329 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  409.653946][T10504] FAULT_INJECTION: forcing a failure.
[  409.653946][T10504] name failslab, interval 1, probability 0, space 0, times 0
[  409.672065][T10504] CPU: 0 UID: 0 PID: 10504 Comm: syz.4.1134 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  409.672090][T10504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  409.672100][T10504] Call Trace:
[  409.672105][T10504]  <TASK>
[  409.672112][T10504]  dump_stack_lvl+0x16c/0x1f0
[  409.672142][T10504]  should_fail_ex+0x512/0x640
[  409.672165][T10504]  ? fs_reclaim_acquire+0xae/0x150
[  409.672186][T10504]  ? tomoyo_encode2+0x100/0x3e0
[  409.672202][T10504]  should_failslab+0xc2/0x120
[  409.672219][T10504]  __kmalloc_noprof+0xd2/0x510
[  409.672242][T10504]  ? d_absolute_path+0x136/0x1a0
[  409.672266][T10504]  tomoyo_encode2+0x100/0x3e0
[  409.672282][T10504]  tomoyo_encode+0x29/0x50
[  409.672297][T10504]  tomoyo_realpath_from_path+0x18f/0x6e0
[  409.672319][T10504]  tomoyo_path_number_perm+0x245/0x580
[  409.672342][T10504]  ? tomoyo_path_number_perm+0x237/0x580
[  409.672373][T10504]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  409.672397][T10504]  ? find_held_lock+0x2b/0x80
[  409.672440][T10504]  ? find_held_lock+0x2b/0x80
[  409.672459][T10504]  ? hook_file_ioctl_common+0x145/0x410
[  409.672484][T10504]  ? __fget_files+0x20e/0x3c0
[  409.672504][T10504]  security_file_ioctl+0x9b/0x240
[  409.672522][T10504]  __x64_sys_ioctl+0xb7/0x210
[  409.672547][T10504]  do_syscall_64+0xcd/0x4c0
[  409.672565][T10504]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.672583][T10504] RIP: 0033:0x7f0f2ad8e9a9
[  409.672597][T10504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.672613][T10504] RSP: 002b:00007f0f2bb51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  409.672630][T10504] RAX: ffffffffffffffda RBX: 00007f0f2afb5fa0 RCX: 00007f0f2ad8e9a9
[  409.672642][T10504] RDX: 0000000000000000 RSI: 0000000040047459 RDI: 0000000000000004
[  409.672652][T10504] RBP: 00007f0f2bb51090 R08: 0000000000000000 R09: 0000000000000000
[  409.672661][T10504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.672670][T10504] R13: 0000000000000000 R14: 00007f0f2afb5fa0 R15: 00007ffd02d5a268
[  409.672694][T10504]  </TASK>
[  409.677241][T10504] ERROR: Out of memory at tomoyo_realpath_from_path.
[  409.891594][ T5905] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  410.173995][ T5905] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  410.184634][ T5905] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  410.205783][ T5905] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  410.215107][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  410.231223][ T5905] usb 2-1: SerialNumber: syz
[  410.245320][T10511] netlink: 164 bytes leftover after parsing attributes in process `syz.4.1135'.
[  410.909975][ T5934] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  411.133125][ T5934] usb 3-1: Using ep0 maxpacket: 16
[  411.153689][ T5934] usb 3-1: config 0 has no interfaces?
[  411.162083][ T5934] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0106, bcdDevice=ec.89
[  411.171264][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.179255][ T5934] usb 3-1: Product: syz
[  411.183573][ T5934] usb 3-1: Manufacturer: syz
[  411.188205][ T5934] usb 3-1: SerialNumber: syz
[  411.196239][ T5934] usb 3-1: config 0 descriptor??
[  411.223303][ T5905] usb 2-1: 0:2 : does not exist
[  411.228450][ T5905] usb 2-1: unit 5 not found!
[  411.251160][ T5905] usb 2-1: USB disconnect, device number 13
[  411.275040][T10297] udevd[10297]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  411.340776][ T5891] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  411.400902][    T9] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  411.418354][   T43] usb 3-1: USB disconnect, device number 19
[  411.474415][T10521] syz.0.1139: attempt to access beyond end of device
[  411.474415][T10521] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=0
[  411.488911][T10521] gfs2: error -5 reading superblock
[  411.513783][ T5891] usb 5-1: Using ep0 maxpacket: 32
[  411.521284][ T5891] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  411.532678][ T5891] usb 5-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  411.542073][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.564837][ T5891] usb 5-1: config 0 descriptor??
[  411.575089][    T9] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  411.584856][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.909165][    T9] usb 4-1: config 0 descriptor??
[  412.056780][T10525] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1140'.
[  412.107977][ T5891] logitech 0003:046D:C294.0005: unknown main item tag 0x0
[  412.117840][ T5891] logitech 0003:046D:C294.0005: hidraw0: USB HID vb4.34 Device [HID 046d:c294] on usb-dummy_hcd.4-1/input0
[  412.134595][ T5891] logitech 0003:046D:C294.0005: no inputs found
[  412.154787][    T9] usb 4-1: Cannot read MAC address
[  412.167433][    T9] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  412.169040][   T30] audit: type=1400 audit(1753730938.298:445): avc:  denied  { mounton } for  pid=10527 comm="syz.1.1141" path="/proc/856/task" dev="proc" ino=27888 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  412.253903][    T9] usb 4-1: USB disconnect, device number 16
[  412.273364][T10530] netlink: 'syz.1.1142': attribute type 1 has an invalid length.
[  412.333824][T10530] 8021q: adding VLAN 0 to HW filter on device bond13
[  412.361829][ T5905] usb 5-1: USB disconnect, device number 14
[  412.529715][T10533] bond11: (slave wlan0): Releasing active interface
[  412.546873][T10533] bond13: (slave wlan0): Enslaving as an active interface with a down link
[  412.710937][T10536] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1143'.
[  413.307630][T10544] netlink: 'syz.2.1147': attribute type 1 has an invalid length.
[  413.700541][T10544] 8021q: adding VLAN 0 to HW filter on device bond5
[  413.775616][   T30] audit: type=1400 audit(1753730939.888:446): avc:  denied  { connect } for  pid=10554 comm="syz.3.1148" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  413.892621][T10550] bond3: (slave wlan0): Releasing active interface
[  413.974038][T10550] bond5: (slave wlan0): Enslaving as an active interface with a down link
[  414.192271][T10560] FAULT_INJECTION: forcing a failure.
[  414.192271][T10560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.193464][T10560] 
[  414.193471][T10560] ======================================================
[  414.193483][T10560] WARNING: possible circular locking dependency detected
[  414.193489][T10560] 6.16.0-syzkaller #0 Not tainted
[  414.193498][T10560] ------------------------------------------------------
[  414.193504][T10560] syz.3.1149/10560 is trying to acquire lock:
[  414.193512][T10560] ffffffff8e4d2380 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  414.193555][T10560] 
[  414.193555][T10560] but task is already holding lock:
[  414.193560][T10560] ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  414.193598][T10560] 
[  414.193598][T10560] which lock already depends on the new lock.
[  414.193598][T10560] 
[  414.193603][T10560] 
[  414.193603][T10560] the existing dependency chain (in reverse order) is:
[  414.193609][T10560] 
[  414.193609][T10560] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  414.193628][T10560]        _raw_spin_lock_nested+0x31/0x40
[  414.193655][T10560]        raw_spin_rq_lock_nested+0x29/0x130
[  414.193673][T10560]        task_rq_lock+0xcf/0x490
[  414.193691][T10560]        cgroup_move_task+0x81/0x2a0
[  414.193711][T10560]        css_set_move_task+0x288/0x5f0
[  414.193726][T10560]        cgroup_post_fork+0x201/0x9e0
[  414.193744][T10560]        copy_process+0x5c82/0x7650
[  414.193764][T10560]        kernel_clone+0xfc/0x960
[  414.193783][T10560]        user_mode_thread+0xc7/0x110
[  414.193802][T10560]        rest_init+0x23/0x2b0
[  414.193819][T10560]        start_kernel+0x3ee/0x4d0
[  414.193833][T10560]        x86_64_start_reservations+0x18/0x30
[  414.193857][T10560]        x86_64_start_kernel+0x130/0x190
[  414.193870][T10560]        common_startup_64+0x13e/0x148
[  414.193885][T10560] 
[  414.193885][T10560] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  414.193904][T10560]        _raw_spin_lock_irqsave+0x3a/0x60
[  414.193924][T10560]        try_to_wake_up+0xb2/0x1680
[  414.193942][T10560]        __wake_up_common+0x132/0x1f0
[  414.193955][T10560]        __wake_up+0x31/0x60
[  414.193974][T10560]        tty_port_default_wakeup+0x2a/0x40
[  414.193991][T10560]        serial8250_tx_chars+0x68e/0x860
[  414.194008][T10560]        serial8250_handle_irq+0x761/0xcb0
[  414.194026][T10560]        serial8250_default_handle_irq+0x9a/0x210
[  414.194044][T10560]        serial8250_interrupt+0x106/0x210
[  414.194064][T10560]        __handle_irq_event_percpu+0x22c/0x7d0
[  414.194082][T10560]        handle_irq_event+0xab/0x1e0
[  414.194100][T10560]        handle_edge_irq+0x28e/0xab0
[  414.194117][T10560]        __common_interrupt+0xdf/0x250
[  414.194137][T10560]        common_interrupt+0x61/0xe0
[  414.194155][T10560]        asm_common_interrupt+0x26/0x40
[  414.194169][T10560]        _raw_spin_unlock_irqrestore+0x31/0x80
[  414.194191][T10560]        rcu_core+0x10fd/0x14e0
[  414.194208][T10560]        handle_softirqs+0x219/0x8e0
[  414.194226][T10560]        __irq_exit_rcu+0x109/0x170
[  414.194243][T10560]        irq_exit_rcu+0x9/0x30
[  414.194260][T10560]        sysvec_apic_timer_interrupt+0xa4/0xc0
[  414.194283][T10560]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  414.194299][T10560]        console_flush_all+0x9a2/0xc60
[  414.194316][T10560]        console_unlock+0xd8/0x210
[  414.194333][T10560]        vprintk_emit+0x418/0x6d0
[  414.194352][T10560]        _printk+0xc7/0x100
[  414.194364][T10560]        kauditd_hold_skb+0x205/0x250
[  414.194392][T10560]        kauditd_send_queue+0x236/0x290
[  414.194413][T10560]        kauditd_thread+0x623/0xa70
[  414.194435][T10560]        kthread+0x3c2/0x780
[  414.194448][T10560]        ret_from_fork+0x5d4/0x6f0
[  414.194470][T10560]        ret_from_fork_asm+0x1a/0x30
[  414.194487][T10560] 
[  414.194487][T10560] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  414.194507][T10560]        _raw_spin_lock_irqsave+0x3a/0x60
[  414.194528][T10560]        __wake_up+0x1c/0x60
[  414.194547][T10560]        tty_port_default_wakeup+0x2a/0x40
[  414.194563][T10560]        serial8250_tx_chars+0x68e/0x860
[  414.194579][T10560]        serial8250_handle_irq+0x761/0xcb0
[  414.194597][T10560]        serial8250_default_handle_irq+0x9a/0x210
[  414.194616][T10560]        serial8250_interrupt+0x106/0x210
[  414.194635][T10560]        __handle_irq_event_percpu+0x22c/0x7d0
[  414.194653][T10560]        handle_irq_event+0xab/0x1e0
[  414.194671][T10560]        handle_edge_irq+0x28e/0xab0
[  414.194688][T10560]        __common_interrupt+0xdf/0x250
[  414.194706][T10560]        common_interrupt+0xba/0xe0
[  414.194723][T10560]        asm_common_interrupt+0x26/0x40
[  414.194737][T10560]        _raw_spin_unlock_irqrestore+0x31/0x80
[  414.194759][T10560]        uart_write+0x2a4/0xb30
[  414.194773][T10560]        n_tty_write+0x40f/0x1160
[  414.194791][T10560]        file_tty_write.constprop.0+0x504/0x9b0
[  414.194806][T10560]        redirected_tty_write+0xd4/0x150
[  414.194820][T10560]        vfs_write+0x6c4/0x1150
[  414.194842][T10560]        ksys_write+0x12a/0x250
[  414.194862][T10560]        do_syscall_64+0xcd/0x4c0
[  414.194877][T10560]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.194891][T10560] 
[  414.194891][T10560] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  414.194910][T10560]        _raw_spin_lock_irqsave+0x3a/0x60
[  414.194931][T10560]        serial8250_console_write+0x181/0x1890
[  414.194950][T10560]        console_flush_all+0x801/0xc60
[  414.194968][T10560]        console_unlock+0xd8/0x210
[  414.194986][T10560]        vprintk_emit+0x418/0x6d0
[  414.195004][T10560]        _printk+0xc7/0x100
[  414.195016][T10560]        register_console+0xc2d/0x11b0
[  414.195035][T10560]        univ8250_console_init+0x5f/0x90
[  414.195049][T10560]        console_init+0x14f/0x680
[  414.195062][T10560]        start_kernel+0x29f/0x4d0
[  414.195074][T10560]        x86_64_start_reservations+0x18/0x30
[  414.195098][T10560]        x86_64_start_kernel+0x130/0x190
[  414.195112][T10560]        common_startup_64+0x13e/0x148
[  414.195126][T10560] 
[  414.195126][T10560] -> #0 (console_owner){-.-.}-{0:0}:
[  414.195145][T10560]        __lock_acquire+0x126f/0x1c90
[  414.195159][T10560]        lock_acquire+0x179/0x350
[  414.195215][T10560]        console_lock_spinning_enable+0xb0/0xd0
[  414.195233][T10560]        console_flush_all+0x7aa/0xc60
[  414.195250][T10560]        console_unlock+0xd8/0x210
[  414.195267][T10560]        vprintk_emit+0x418/0x6d0
[  414.195285][T10560]        _printk+0xc7/0x100
[  414.195297][T10560]        should_fail_ex+0x4e7/0x640
[  414.195320][T10560]        strncpy_from_user+0x3b/0x2e0
[  414.195340][T10560]        strncpy_from_user_nofault+0x7f/0x180
[  414.195356][T10560]        bpf_probe_read_compat_str+0xe8/0x180
[  414.195371][T10560]        bpf_prog_c1796171ffc7efef+0x3e/0x44
[  414.195383][T10560]        bpf_trace_run4+0x24c/0x5a0
[  414.195403][T10560]        __bpf_trace_sched_switch+0x145/0x190
[  414.195421][T10560]        __traceiter_sched_switch+0x6f/0xc0
[  414.195438][T10560]        __schedule+0x1bee/0x5dd0
[  414.195459][T10560]        preempt_schedule_common+0x44/0xc0
[  414.195481][T10560]        preempt_schedule_thunk+0x16/0x30
[  414.195499][T10560]        __local_bh_enable_ip+0x107/0x120
[  414.195517][T10560]        __skb_recv_udp+0x734/0x940
[  414.195537][T10560]        udp_recvmsg+0x1b0/0x1300
[  414.195554][T10560]        inet_recvmsg+0x444/0x6a0
[  414.195575][T10560]        sock_recvmsg+0x1b2/0x250
[  414.195593][T10560]        ____sys_recvmsg+0x218/0x6b0
[  414.195610][T10560]        ___sys_recvmsg+0x114/0x1a0
[  414.195622][T10560]        do_recvmmsg+0x2fe/0x750
[  414.195635][T10560]        __x64_sys_recvmmsg+0x22a/0x280
[  414.195650][T10560]        do_syscall_64+0xcd/0x4c0
[  414.195663][T10560]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.195678][T10560] 
[  414.195678][T10560] other info that might help us debug this:
[  414.195678][T10560] 
[  414.195682][T10560] Chain exists of:
[  414.195682][T10560]   console_owner --> &p->pi_lock --> &rq->__lock
[  414.195682][T10560] 
[  414.195709][T10560]  Possible unsafe locking scenario:
[  414.195709][T10560] 
[  414.195713][T10560]        CPU0                    CPU1
[  414.195717][T10560]        ----                    ----
[  414.195721][T10560]   lock(&rq->__lock);
[  414.195730][T10560]                                lock(&p->pi_lock);
[  414.195740][T10560]                                lock(&rq->__lock);
[  414.195751][T10560]   lock(console_owner);
[  414.195760][T10560] 
[  414.195760][T10560]  *** DEADLOCK ***
[  414.195760][T10560] 
[  414.195763][T10560] 4 locks held by syz.3.1149/10560:
[  414.195772][T10560]  #0: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  414.195811][T10560]  #1: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0
[  414.195846][T10560]  #2: ffffffff8e5b27c0 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  414.195880][T10560]  #3: ffffffff8e5b2830 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  414.195918][T10560] 
[  414.195918][T10560] stack backtrace:
[  414.195926][T10560] CPU: 1 UID: 0 PID: 10560 Comm: syz.3.1149 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  414.195944][T10560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  414.195955][T10560] Call Trace:
[  414.195960][T10560]  <TASK>
[  414.195966][T10560]  dump_stack_lvl+0x116/0x1f0
[  414.195993][T10560]  print_circular_bug+0x275/0x350
[  414.196019][T10560]  check_noncircular+0x14c/0x170
[  414.196046][T10560]  __lock_acquire+0x126f/0x1c90
[  414.196065][T10560]  lock_acquire+0x179/0x350
[  414.196080][T10560]  ? console_lock_spinning_enable+0x9f/0xd0
[  414.196099][T10560]  ? console_lock_spinning_enable+0x88/0xd0
[  414.196121][T10560]  console_lock_spinning_enable+0xb0/0xd0
[  414.196139][T10560]  ? console_lock_spinning_enable+0x9f/0xd0
[  414.196158][T10560]  console_flush_all+0x7aa/0xc60
[  414.196180][T10560]  ? __pfx_console_flush_all+0x10/0x10
[  414.196203][T10560]  ? is_printk_cpu_sync_owner+0x32/0x40
[  414.196226][T10560]  console_unlock+0xd8/0x210
[  414.196245][T10560]  ? __pfx_console_unlock+0x10/0x10
[  414.196264][T10560]  ? do_raw_spin_unlock+0xd0/0x230
[  414.196282][T10560]  ? _printk+0xc7/0x100
[  414.196296][T10560]  ? __down_trylock_console_sem+0xb0/0x140
[  414.196314][T10560]  vprintk_emit+0x418/0x6d0
[  414.196334][T10560]  ? __pfx_vprintk_emit+0x10/0x10
[  414.196357][T10560]  _printk+0xc7/0x100
[  414.196370][T10560]  ? __pfx__printk+0x10/0x10
[  414.196391][T10560]  ? __pfx____ratelimit+0x10/0x10
[  414.196416][T10560]  should_fail_ex+0x4e7/0x640
[  414.196441][T10560]  strncpy_from_user+0x3b/0x2e0
[  414.196465][T10560]  strncpy_from_user_nofault+0x7f/0x180
[  414.196481][T10560]  bpf_probe_read_compat_str+0xe8/0x180
[  414.196499][T10560]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  414.196511][T10560]  bpf_trace_run4+0x24c/0x5a0
[  414.196528][T10560]  ? __pfx_bpf_trace_run4+0x10/0x10
[  414.196561][T10560]  ? is_bpf_text_address+0x8a/0x1a0
[  414.196582][T10560]  ? lock_release+0x201/0x2f0
[  414.196597][T10560]  ? __lock_acquire+0xb8a/0x1c90
[  414.196613][T10560]  __bpf_trace_sched_switch+0x145/0x190
[  414.196633][T10560]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  414.196654][T10560]  ? plist_check_prev_next+0x12a/0x1a0
[  414.196676][T10560]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  414.196697][T10560]  __traceiter_sched_switch+0x6f/0xc0
[  414.196714][T10560]  ? set_next_task_rt+0x403/0x6a0
[  414.196738][T10560]  __schedule+0x1bee/0x5dd0
[  414.196767][T10560]  ? __pfx___schedule+0x10/0x10
[  414.196788][T10560]  ? irqentry_exit+0x3b/0x90
[  414.196802][T10560]  ? lockdep_hardirqs_on+0x7c/0x110
[  414.196829][T10560]  ? preempt_schedule_thunk+0x16/0x30
[  414.196850][T10560]  preempt_schedule_common+0x44/0xc0
[  414.196874][T10560]  preempt_schedule_thunk+0x16/0x30
[  414.196895][T10560]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  414.196913][T10560]  ? __skb_recv_udp+0x734/0x940
[  414.196929][T10560]  __local_bh_enable_ip+0x107/0x120
[  414.196949][T10560]  __skb_recv_udp+0x734/0x940
[  414.196967][T10560]  ? __pfx_sk_busy_loop_end+0x10/0x10
[  414.196988][T10560]  ? __pfx___skb_recv_udp+0x10/0x10
[  414.197007][T10560]  ? avc_has_perm+0x11a/0x1c0
[  414.197028][T10560]  udp_recvmsg+0x1b0/0x1300
[  414.197049][T10560]  ? __pfx_udp_recvmsg+0x10/0x10
[  414.197068][T10560]  ? __pfx_sock_has_perm+0x10/0x10
[  414.197093][T10560]  ? __pfx_udp_recvmsg+0x10/0x10
[  414.197110][T10560]  inet_recvmsg+0x444/0x6a0
[  414.197133][T10560]  ? __pfx_inet_recvmsg+0x10/0x10
[  414.197158][T10560]  sock_recvmsg+0x1b2/0x250
[  414.197176][T10560]  ____sys_recvmsg+0x218/0x6b0
[  414.197197][T10560]  ? __pfx_____sys_recvmsg+0x10/0x10
[  414.197220][T10560]  ? __lock_acquire+0x622/0x1c90
[  414.197236][T10560]  ___sys_recvmsg+0x114/0x1a0
[  414.197251][T10560]  ? __pfx____sys_recvmsg+0x10/0x10
[  414.197267][T10560]  ? find_held_lock+0x2b/0x80
[  414.197292][T10560]  do_recvmmsg+0x2fe/0x750
[  414.197309][T10560]  ? __pfx_do_recvmmsg+0x10/0x10
[  414.197325][T10560]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  414.197344][T10560]  ? __fget_files+0x20e/0x3c0
[  414.197361][T10560]  __x64_sys_recvmmsg+0x22a/0x280
[  414.197377][T10560]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  414.197401][T10560]  do_syscall_64+0xcd/0x4c0
[  414.197418][T10560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.197433][T10560] RIP: 0033:0x7fd7b9b8e9a9
[  414.197446][T10560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.197462][T10560] RSP: 002b:00007fd7ba9a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  414.197477][T10560] RAX: ffffffffffffffda RBX: 00007fd7b9db6160 RCX: 00007fd7b9b8e9a9
[  414.197488][T10560] RDX: 040000000000012d RSI: 0000200000000080 RDI: 0000000000000006
[  414.197498][T10560] RBP: 00007fd7ba9a6090 R08: 0000000000000000 R09: 0000000000000000
[  414.197507][T10560] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  414.197517][T10560] R13: 0000000000000000 R14: 00007fd7b9db6160 R15: 00007ffcbc323ed8
[  414.197533][T10560]  </TASK>
[  415.509273][T10560] CPU: 1 UID: 0 PID: 10560 Comm: syz.3.1149 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  415.509289][T10560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  415.509295][T10560] Call Trace:
[  415.509300][T10560]  <TASK>
[  415.509306][T10560]  dump_stack_lvl+0x116/0x1f0
[  415.509328][T10560]  should_fail_ex+0x512/0x640
[  415.509346][T10560]  strncpy_from_user+0x3b/0x2e0
[  415.509362][T10560]  strncpy_from_user_nofault+0x7f/0x180
[  415.509374][T10560]  bpf_probe_read_compat_str+0xe8/0x180
[  415.509385][T10560]  bpf_prog_c1796171ffc7efef+0x3e/0x44
[  415.509394][T10560]  bpf_trace_run4+0x24c/0x5a0
[  415.509404][T10560]  ? __pfx_bpf_trace_run4+0x10/0x10
[  415.509414][T10560]  ? is_bpf_text_address+0x8a/0x1a0
[  415.509427][T10560]  ? lock_release+0x201/0x2f0
[  415.509437][T10560]  ? __lock_acquire+0xb8a/0x1c90
[  415.509446][T10560]  __bpf_trace_sched_switch+0x145/0x190
[  415.509460][T10560]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  415.509473][T10560]  ? plist_check_prev_next+0x12a/0x1a0
[  415.509487][T10560]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  415.509501][T10560]  __traceiter_sched_switch+0x6f/0xc0
[  415.509512][T10560]  ? set_next_task_rt+0x403/0x6a0
[  415.509527][T10560]  __schedule+0x1bee/0x5dd0
[  415.509545][T10560]  ? __pfx___schedule+0x10/0x10
[  415.509559][T10560]  ? irqentry_exit+0x3b/0x90
[  415.509568][T10560]  ? lockdep_hardirqs_on+0x7c/0x110
[  415.509584][T10560]  ? preempt_schedule_thunk+0x16/0x30
[  415.509598][T10560]  preempt_schedule_common+0x44/0xc0
[  415.509613][T10560]  preempt_schedule_thunk+0x16/0x30
[  415.509626][T10560]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  415.509638][T10560]  ? __skb_recv_udp+0x734/0x940
[  415.509649][T10560]  __local_bh_enable_ip+0x107/0x120
[  415.509662][T10560]  __skb_recv_udp+0x734/0x940
[  415.509673][T10560]  ? __pfx_sk_busy_loop_end+0x10/0x10
[  415.509687][T10560]  ? __pfx___skb_recv_udp+0x10/0x10
[  415.509699][T10560]  ? avc_has_perm+0x11a/0x1c0
[  415.509713][T10560]  udp_recvmsg+0x1b0/0x1300
[  415.509726][T10560]  ? __pfx_udp_recvmsg+0x10/0x10
[  415.509737][T10560]  ? __pfx_sock_has_perm+0x10/0x10
[  415.509754][T10560]  ? __pfx_udp_recvmsg+0x10/0x10
[  415.509765][T10560]  inet_recvmsg+0x444/0x6a0
[  415.509779][T10560]  ? __pfx_inet_recvmsg+0x10/0x10
[  415.509795][T10560]  sock_recvmsg+0x1b2/0x250
[  415.509807][T10560]  ____sys_recvmsg+0x218/0x6b0
[  415.509820][T10560]  ? __pfx_____sys_recvmsg+0x10/0x10
[  415.509834][T10560]  ? __lock_acquire+0x622/0x1c90
[  415.509844][T10560]  ___sys_recvmsg+0x114/0x1a0
[  415.509853][T10560]  ? __pfx____sys_recvmsg+0x10/0x10
[  415.509863][T10560]  ? find_held_lock+0x2b/0x80
[  415.509878][T10560]  do_recvmmsg+0x2fe/0x750
[  415.509887][T10560]  ? __pfx_do_recvmmsg+0x10/0x10
[  415.509897][T10560]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  415.509909][T10560]  ? __fget_files+0x20e/0x3c0
[  415.509920][T10560]  __x64_sys_recvmmsg+0x22a/0x280
[  415.509930][T10560]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  415.509942][T10560]  do_syscall_64+0xcd/0x4c0
[  415.509952][T10560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.509963][T10560] RIP: 0033:0x7fd7b9b8e9a9
[  415.509972][T10560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.509982][T10560] RSP: 002b:00007fd7ba9a6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  415.509992][T10560] RAX: ffffffffffffffda RBX: 00007fd7b9db6160 RCX: 00007fd7b9b8e9a9
[  415.509999][T10560] RDX: 040000000000012d RSI: 0000200000000080 RDI: 0000000000000006
[  415.510005][T10560] RBP: 00007fd7ba9a6090 R08: 0000000000000000 R09: 0000000000000000
[  415.510011][T10560] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  415.510017][T10560] R13: 0000000000000000 R14: 00007fd7b9db6160 R15: 00007ffcbc323ed8
[  415.510025][T10560]  </TASK>