last executing test programs:

13.591208534s ago: executing program 0 (id=2927):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c00000001040300000000000000000005000003050001000200000008000340000000100a000200000000060200000005000100010000000600064000020000080005400000010006000640000200000800044000"], 0x6c}, 0x1, 0x0, 0x0, 0x4004000}, 0xc044) (fail_nth: 2)

13.478403844s ago: executing program 0 (id=2928):
bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x3}}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
socket(0x80000000000000a, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18110000000000000000002800000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@func_proto={0x2, 0x0, 0x0, 0x13, 0x2}]}, {0x0, [0x5f]}}, 0x0, 0x27}, 0x28)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000180)=[{0x0}], 0x1, 0x401, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13101}}, 0x20}}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4, r5})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)

12.978479317s ago: executing program 0 (id=2929):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x82042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x4, 0x10000, 0x100, 0x9004, 0x0, 0x8, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x1, 0x20002, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x3, 0x2, 0x888f, 0x1, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x0, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0x2, 0x2b, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x0, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000071000040"])

12.771393677s ago: executing program 0 (id=2932):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
close_range(r0, r0, 0x2)
fsetxattr$security_ima(r0, 0x0, 0x0, 0x0, 0x3)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x40a700, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x3}, 0x10)
sendmsg$tipc(r4, &(0x7f0000000540)={&(0x7f0000000200)=@name, 0x10, 0x0}, 0x4)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88)
timer_create(0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000002900)=0x5, 0x2)

11.78682957s ago: executing program 4 (id=2934):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x11, 0x4, 0x4, 0xc}, 0x50)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6cb, 0x81a7, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\"\v'], 0x0}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x8000000004)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000900000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@private}, {@in=@broadcast, 0x0, 0x32}, @in6=@private1, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x3504, 0x2, 0x0, 0x0, 0xcd}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x1a0}}, 0x0)

11.525371456s ago: executing program 0 (id=2936):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x6, 0x4, 0x8, 0xa, 0x0, 0xffffffffffffffff, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x37e2f4aba9289b81, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x80005, 0x6f}, 0x2c)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x6, 0x3, 0x1815}, {@private=0xa010102, 0xce20, 0x4, 0xa, 0x80812f58, 0x12d5c}}, 0x44)

10.260738767s ago: executing program 0 (id=2937):
recvfrom(0xffffffffffffffff, 0x0, 0x12, 0x40002050, 0x0, 0x58)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r1, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10)
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000280))
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r3, &(0x7f0000000040)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @loopback}, 0x1c)
recvmmsg(r3, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x140540, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x1000000, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file2'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r4, 0xc0189372, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

8.052681323s ago: executing program 4 (id=2945):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r4=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x24, r2, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}]}, 0x24}, 0x4, 0x700000000000000}, 0x0)
r5 = socket(0x2a, 0x2, 0x5)
sendto(r5, 0x0, 0x0, 0x0, &(0x7f0000000040)=@qipcrtr, 0x80)
read$qrtrtun(r0, 0x0, 0xeffd)
dup2(r0, r5)

7.500378675s ago: executing program 2 (id=2947):
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00b6dc239792"], 0x0}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000400)="b011d0cfce62e9195a2a2d9c41189f5896679b21a1f6a2c8a136d01bf5c619a4", 0x20)
ioctl$UFFDIO_POISON(r2, 0xc020aa08, &(0x7f0000000140)={{&(0x7f0000002000/0x2000)=nil, 0x2000}})
r3 = accept$alg(r2, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000002380)=""/4096, 0x1000}], 0x1}, 0x81}], 0x1, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x3f01)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0)
r4 = syz_open_dev$audion(&(0x7f0000000180), 0x1, 0x410102)
ioctl$TIOCSSOFTCAR(r4, 0x541a, &(0x7f00000001c0)=0x1)

7.292939913s ago: executing program 4 (id=2949):
io_setup(0x9, &(0x7f0000000b80)=<r0=>0x0)
r1 = openat$dlm_plock(0xffffff9c, &(0x7f0000000180), 0x101400, 0x0)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/12, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', <r3=>0x0})
syz_open_dev$vim2m(&(0x7f0000000380), 0x1fa, 0x2)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x202)
fanotify_init(0x200, 0x40000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0xbfdffffa}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x47f6, 0x0, 0x4, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xe, 0x5}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0xfffffffa}]}}]}, 0x40}}, 0x4000010)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="5f79d0f34cb59052e4731c95da9c8e8b24a842310473344421f0d0b935aec724364e1831c2176c702e62a697160643ba2761fab3", @ANYBLOB="e6251ff4e705903a39c29e843d697bcf99b1c070b6904659c0fb6cca18e65f41107df099ba830e2859bd5c84370de9e78e2eb554e9e45438e5a307208a75cb67e38dd575abb11a3873bb7de235268e8159b995568f365919254a79e159d6d71bef6ed30c78cf8ddcfd25ed2b8f35eb84017384d1fd4f007a62ad379a70946f4856fed587a222b1e0cdb4f7de713fa7ea9d5b8d1715c0c0fbdb61469ea059d6fa84c79abb7e6befe0f23d95cdbb0fc910b1f928a0c5451e5916e3c16d9064b2f2996d46abdf613a68ff70a494b1387805bb8a70f1fca9cc31c968fbbca488251936523b003c65defa0dd69e0c5bac9e"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r9}, 0x10)
r10 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r10, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000400)='id\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x8e1w\xfd')
r11 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x84001, 0x0)
ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000280)={0x9, &(0x7f00000001c0)=[{<r12=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}]})
ioctl$DRM_IOCTL_GET_SAREA_CTX(r11, 0xc010641d, &(0x7f0000000400)={r12, &(0x7f00000002c0)=""/74})

6.48975484s ago: executing program 2 (id=2952):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x6d42, &(0x7f0000000280)={0x0, 0x32c8, 0x1000}, &(0x7f0000c57000), 0x0)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc018aa06, &(0x7f0000000380)={{&(0x7f00007db000/0x2000)=nil, 0x2000}})

4.62478631s ago: executing program 2 (id=2957):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg(r1, 0x0, 0x4000040)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000000)="100c0681000000ba8b0ad775b31b", 0xe, 0xfffffffffffffffc)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x2}, &(0x7f0000000380)={0x1, 0x0, @a}, 0x48, 0xffffffffffffffff)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r3 = syz_open_pts(r2, 0x141601)
fcntl$setstatus(r3, 0x4, 0x102800)
write(r3, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x582})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, &(0x7f0000000240))
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x3)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0x140}, 0x1, 0x0, 0x0, 0x4075}, 0x4800)
syz_usb_connect(0x0, 0x24, &(0x7f00000004c0)=ANY=[@ANYBLOB="1201410130f56920ac05190272f001020301090200"/32], 0x0)

4.615699724s ago: executing program 1 (id=2958):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
userfaultfd(0x80801)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r4, 0x0, 0xffffffffffffffff}, 0x18)
r5 = memfd_create(&(0x7f0000000000)='e\xf4E\x88-\x00', 0x0)
pwritev(r5, 0x0, 0x0, 0x4000001, 0x0)
syz_io_uring_setup(0x320f, &(0x7f0000000280)={0x0, 0x0, 0x4000, 0x0, 0x22d}, 0x0, 0x0)
syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x400, 0x1, 0x1}, 0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
setuid(0xee00)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x800)
recvmmsg$unix(r8, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
sendto(r8, &(0x7f0000000140)="d8e22679f5", 0x5, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x1, @remote}, r9, 0xfffffffc}}, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.645290157s ago: executing program 1 (id=2959):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$SNDCTL_SEQ_CTRLRATE(r0, 0xc0045103, &(0x7f0000000080)=0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4c, 0xffffffff, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1]}})
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)

3.449529472s ago: executing program 1 (id=2960):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)

3.447447884s ago: executing program 4 (id=2961):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000000)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
ioctl$COMEDI_CMD(0xffffffffffffffff, 0x80506409, &(0x7f0000000100)={0x1, 0x30000, 0x40, 0xc00000, 0x0, 0x0, 0x40, 0x800, 0xffffff6f, 0xfff, 0x0, 0x8, &(0x7f0000000000)=[0x8], 0x1, 0x0})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)=@ipv4_newaddr={0x20, 0x14, 0x2, 0x70bd27, 0x25dfdbfc, {0x2, 0x8, 0x0, 0xc8}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0xa0c0)
ioctl$sock_inet_SIOCSARP(r3, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x0, {0x2, 0x0, @empty}})
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_128={{0x304}, "45542f745866c700", "7ffdfd042f0fef2e31eea67362f87200", "960ffc3d", "faffffffffffffff"}, 0x28)
ioctl$SIOCSIFHWADDR(r0, 0x8931, &(0x7f0000000000)={'wlan0\x00'})

3.191028493s ago: executing program 1 (id=2962):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.894031263s ago: executing program 3 (id=2963):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x7, 0x180862)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x5, 0x7fc00002}]})
socket(0xa, 0x3, 0x2)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x502, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x22221000, 0x3000, 0x0, 0x0, 0x8})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000008c0)=ANY=[@ANYBLOB="0100000000630000007708000000000000fcffffffffffff29bdf5530bbfd11fb92a269edd3fa36bb4d431b0e7df1b614aca2397450225a02fd43c59dcba3e7f59b6dcf1f2888091f730ab6d234dca8035f3d06782d28ca2c72d"])
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r4, 0x0, 0x0, 0x200087fc, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)

2.50877064s ago: executing program 3 (id=2964):
r0 = socket$nl_route(0x10, 0x3, 0x0)
read(r0, &(0x7f0000000140)=""/188, 0xbc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000009380)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x25dfdbff}, 0x24}, 0x1, 0x0, 0x0, 0x40051}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1000000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESHEX=r3, @ANYRESHEX=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00|\x00'/28], 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
chown(&(0x7f00000079c0)='.\x00', 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x10, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='rpc_pipefs\x00', 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
pipe2$9p(&(0x7f00000001c0), 0x4800)

1.457973227s ago: executing program 2 (id=2965):
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000021c0)="75c6c1015909d4338683df9486bbc81e43f13e4926c27c2f82f846633ae45dde55cd4aa48598dfcbe26577ac059a9420bca1c94427a6d7872a1b30832e91813fe7e1af1f00f4587326ea389615a22b9b665a4b77d6cd3efb7c7ef750596fd9d755e7c9200af5a208abf303434848890294b53f279f4390b8cba0f4c94ad8b0815e520566857afa936aea2e23f24e936f8f9b2e7aafcabd0f1fdc885b32e9dcf5eddf7cd4445f872327973e0789fe437e6201e32297c99c6be42731a056ed21fee6df04daae244d4164b1f27764dc0d3b38d824461b54c9b7f13dba393b8e2029454f5174b5a59a35970316b38de13bd00db37eb9029abcf71c734e0a865ce878284540125caad33853dc11039bda8f0fb6bb9f67065a858d9d13aa1e8a79727b376ac3b5e25f688821e19fa5573034c50882e3fcbd111e137b80b428f6986d9d8cdb2a2476fbebf22de118e27f0fc48bcfb54fccde391238eea73f5a9fbe2138ae958f44fcfe66845acb714d9b49bfba663b6fe29e09f58ff81d65abe5516378bc176bf7212ed988d1e306b36a37d35ca97a62fa5c70e76829b3f63b3deaa7b98b67fc19586cc60541fadf4b6c5da31a083e57a34399348f53b9c5ab83579ce5ea883195be71b8383cbc6e6227054f1867bcb321d9da7eff2a93f0487ecf6bd2ae805d95be46bea30d267f52ace8c21410b357fef133ace7eba38a326dae7c708a25320c70f229c555289cd8703b680d78b9c6eac6bc99c8abfe8e656f6054a7cede6330f335e9c43d88f1f31380e575fec7e04b1c8cb7b43288849dc0e1ec01e259a15986e23a501ce360a25ec565e0d7d12a20513e82c89fd4f89774ad4b395191b6a9d6b26c99bccd3bc61668dd642aeddeb506782ee87da02eab31f8281587b0dff57a7dd4d8f470c96b467a711f19855c939ef8b503a302673545eb77ba3e599962eeb4e30d5261490bde68860d14d7dfd2e797674384394a39ba4635f902d15e6198e6a2df8357fd0ef40c5a309a2aafd0d94f2983d83086b93ad787ae6b6c22389cd36ee9e958b6e297123ffa6dddfa0d5f7c56de809681b23b89ddb0f38c889c5d7957d47e2aaa1330b12cde716d47c9d60c5e0ded86c8f3c592394eec7c94740e14fdfe799d75f2417c9c8d7ff3247e85bcecda02f7c22d8133a92bc44f3c96f1b7c24fb8493b117efbb2fab56013a4f442da56c46beee7ff473e8e2618e387cb2576d6a4b1d8937203bd01f5f1f8bc035c4009ac67ebc53f88e314ceeda2c1156e0150ca1c4686db66be31986aac9d0799905058a998bf04b417fefa43a9d28e89eae3e5bce4e645097646708d26789c01ecd2b592bce9caffa134a2a31bdbd14d1cc20ef586e6827a009b3472b3fc6b8e759afce903e35f588416480621d1ffb3d7fb66dfe4f0f00e343128cd677ea9833c979cdf94f3cc3eccca626af6537a268297d860e1ee10dfa3e6ee4b30cc369208ab8d44d52e6bcc961766a303053a8e459bc95be9f0f815aba00a9f9e6d4f8c13289169e6f4c2ad4f4a0ddd88e3c54460fa01814a6e154447bade1c4d2dc99d9eadf2427ba9bffb6c3c1fe76d83971d082f7f60435f226754b647ed02aa4364ed22d4331647f4c7aa8bdf5822ecf2ec217d929e5aff4625fee1dcaf38bf4dcd2233d84eba0667c868a18a39c4337f41e9ac33b94bf7856994efcf2564fb1111518ab8dd5459939043c8d72636fc2b089aa99ff158d252a864cb2281592154ff3699623da1b8dfab8f874c14672e7a3f676a0bc654495dd1779e9ba599bfcab5b77bfdce1429dc68c8738ac23056328c918ff8e6eb735c524ce0a1413cdeebe26906d123999c3445d8a6b74dadc9b2d8718c028b52ca3bc5fd30411673dd5564111dcb4f1423c880c3160d2dd83a41bd76fc80474b7e0601a8bd2708ebe85f1b23e190833485f7f3f43b4767b9aba721711dd79d55ac5aecd9ddaa66b04490f52bf6b6475309f15bb64132dc6111be416267c04a2658c490542a7e04d6a7a9dec7237555cbdb32f051c33018452976101cda7d145f39011ac31d019dddb8755998ad1721a04b3fc3f7bb07b3ac2f2087e8f63c9070c65c509238b9d0e33a596b1247108bb7985b35bc33b9c4426e90554f00b6a9c37d1e9ddc27f2f8b16ec70a8fbf13a48659fd75cf71e245772848b4999d37e1b45a3253ae3900b03acd571f5f4621b5d0b672fd87ee83bc1c0d2c08a478fb57091c1634e10d196b4a185728736e75066eb222bfdb463762e773912d5f78fcaf400531fcb2ebe375ab81be7e5412dc153b18bdd3cb0a271e5c650ee2b3fb41727144659bd9e3867733ef3dafccff61adcbc079f0034080ad6cebd2d591f5519f374c1e9cfcc1e1d149b19ed169f3d0a63ee80513db620807e89ceb0ad9c8a5bfc3e1207aab30df7e460fc715bd0e1cf8bd1f346d56e2046f2174d67e89180e5b80c2b3947a3fa80a5def940eaabd2a53d8658d07dc7290dbbdd5277ae9a5e66a8afdbe591798e2f283903bb389274e70af2b45863e6660b62b31b0b0b7c3785f9b0cc292659f97464089399a3f517a8b3b48eb751b855f37ad65d5f2c8ff377a87225ed7c9a970dcde700c62a107b59d10e8c7a6bc2d218099c457be927e35ca4fcc839a5e77ebd022b12848a85c4611d81c6dfa703dae14cbde0e4f0d4df9c888976b09b36d4b63fd474777e8841fda0fa58a3d4291303440e5c7af3ccf8bb478068577214556f48bc14fe4f25c4566c300cde1b20aeeb90c8b6e14ceea3b1c2545e9add0036af3ef47b70eeb6a4bd945bbd514b6f297992aed30393295ac72a5170b0e4b0048b4b4b16a0174405f6165721e69d5ac1c0a1b1c31f6756a0750ab9cf5e1325b77678266b4ee9e5efab246bdee0f1d48b1281cfaa0578e063caeaab14508a340043e6ea18b495ecfe518aadbd0ba4e6d534376611121917ce1eb5197997daed456437207d1e83ad98aee13e3581b0a826eb34a6ec65b6258b0791a2e86a3cdae26d3ef60cfe77ea622bc234d42530c40bc63f86a66c2e6df3efb6b0b6f1c3370eee8e123fe6d952f03ca7ffb94f2f837296771294febf0e4dc28f626da6b4a5bfc7b4c980e3a1eb2d5fa669bc661be59a73d681cefae5def0b866bf4fd7fcd967f9a3bca09c327aaff7635e218b5b7f822c759fd2a6a0a2ddcbd1daa57aef73d69ca88679dfd39934377321e080f4fccaeb5a08786fbf7c6df97ae830f1b2ab77e66bbb9ed9aea46114638b1afd0443a625f0a6e708db7431ebd946638993ffcc7f837e30f5e66abfff9cddf1f9ceba7b025b2452014616c2a66db5d6f4afaf678b1330a70bbdfbbcfb950df9f75f03eb013189982ba8d204315ecd13d70b3ed75f14386224f83b0c95fa45fb4c40a2e655204a01187aaf705bec8e6dfa8f3a387fded3205a613606b794356818ba193a89c4eb716c66ccda98becddd25e9b681307d87d8bf1f3a581ec11becc96996cdc953fa357a1b9537c25c7ea3524d8a929caef9165970aa400e4a2d9ef6dbd7bab4a79491916112073880da0ebcc22035c1f0ea07512ef2908ec62a8e7993f2871aab05016d9cdc548bb7eb8962a54a5c13977ef6b79573d2ca2977b65c22519708af129cebc852563368c225f80d4ae2e51a7bb7d5cf7031c6379697bef8bd696f1e5671d41f4121da411d9ed6a9c345c64d71c469454c1ce8fd8f9c745f6160093cd6400e625e60b7b5646c1d1d167a63379cc87201987d28ad3dae05ab8651591ece4ddb055bf5f7310ea6858040f6cd4f38fea70568f10b09a98a12d1546e7fd5efe549622f54bbc10dcd42f60f8d61aa31fa050a0f7bcbc6e45f9dce0091b5e769ed9ed4aa31e9c1b97619945c03fccf60f8bd547dc0fa072093e4265940d223555534b77489f6cef12f523deab648d6e77b7af4614eaf283a292e3034c6bcd485e8c65f7cc52ff123d1432f53ca3bd42be8b348ba3bfaf57451a5483fce32956669ec96863c3989794fb3359a4b4ac54fbedf566859b9818a5d71779f676874fd126888ad4c03a0dd018732cf5a11e58836556d5378a50c31ae83c364ae9fdeb5e183e5b34587c13e814f2fc757cbb4dbbffeb2d362d442d0617050c33c6aaa1ea593f63374566f10b741f57805d4c74fb43435b54b92c532f865300b4351e1913a34cdc80f5eb0e09e29b248df71a08cfb93351f2af9c9cb052c46d100beeb326d92d70e40da88eabb5acca56fb5fe498ee5d9e1302c3fbd05c6bc7ab12446d089635cd4d9ad88752b131e6ec91fa553afb66ace2c2e3c3709d97b68647b244843e247cf09fd7d056002e4c1754434bd4507f0b79b964bddfd3ad9ed1d1e361995f448808c886998d69f2feadc6d2babcfda86e694866728701b8ae04ef2df56d11fe16da0da9390371fa1ad5158528c5e316b292c123e3f56a579b9e9f516e6f5d321b1df3080959443ce2f88460ec57d7707b87d7f0f878aa3a0c6dff6de51b778410906cb9668c86ebb43a856d651f475142809abecf6cfafff6ed7143b4923d375678f9cb05409a23875d180c3b60a8f80dab10cee5d54fd9b12521c47e09b5df1a5c6d05e25d81232c144385bb3b46f2b5436ee0836e066d12dfe7e844c249431dfd8713ae6428607a337f06d35778ecc5ddfe3470287fc777cde9f0f8aad11e5bf89fd3c097a0fd8f8da1ebd1e4d4de1b39ad0d1cc933e1386875cae224c29a232a15d4fc1e79196ede9ec8f2ec6fa72098a93b90d8cfce870bcffc270e0874f10dd5387867aadf6413925da4ad1d581201cc914bcbe7754685a25ee3b52bdbe20491d460f7275f943f5be210faa4e9d5dbcd4a4e23adc739c521dbc78a2040d33f206e85f3ac04dfc0195368d211de09ab29855f3ea400e12ac2d43f8ca8d12502bba88fe8e027f5970ccac619e9136ee0c9bce5ee7dd16d715a046a539e042c662723b7fac74c4e2de06f7f7ef4e31648a19b0bf9628d57f3bee570147aaa29faaa60ecf78e5eee6f2b5ce48706a498d72ada4334b82815af52991a77a3546dbbc80c3e53c3a4546fe7f1c0b2dd22100a943b83125c0d0e9a7c5412aa1245c228e13bb9d176fd3734c75963d18260ae25ee11a4588a41c480220bd089223cf5bb70318d4109b5ba190525362374b457b4f198a916ff6066acc5d6e1e3d19a48b2d89ce74cf9338c9ac9ed32343536549b694eb334a5c6316522bd7c703e2df29e6266d7b715ab740098dc98c4338ea91ca592f686ac5b09ceed0fc17ad127b817556289d039bed5f7afeb9922a25a64e6259e9dfa407bc595e97b3a234c053061e9d216292b60c9f2d2465b42c31a8b0357209c6134d3b94d9bc68af60204738301072792e416c8dc612405b766bc2bc4b97acde6f6844b5fb2dfee21be5c1d91a2301bdd5740852ebc8df9c36fb1ff7d8aaee18e2c75c9763366fa7692f87f7d1076980436892251203790599dc789310964a9c03f88dc1f1c0b1cac159f5e36399c75cdb805744486f5624876e81af3f0e1590d098183a40afecf0841d0acf687b13049148eed079796bbb6c1edd3f5c0f5661a2d329b0165ac12f5cf58606970656d2c4d13a4cf2e15aaec175fc59bd9f23ea7869db744fcc0eba039259c7e541efaa066106e9b2c92bdded3e42884a8a02e71457f44775692a1c4fd845ff5ba8595c55ad4bb2177f975de0d22e0feac37f5c3f16426ebcd99d17c829759ac72dc1448661394d3a104999cd40cb09d086146cc92c6408ab1a0b0ad898cbfe76d4962ad0eec1c572a78f9d7342c3de64e881e99afc5b1df3227e198c79c1727a141a8a9da7ba3aae5b3e4ee59a84020191b70fa928d7ce136904c0b03c6c13391f55b381e2df7087b00932251ad7688117cd02ef5ceb5c7dda16d069de3a3e3ff2e341db15df06a96cab1ad2a51db41310ac48d572229695ca941cdfc8416b4307ac6dc176566635bc87d94557e7e4f7a14bdf86d1293c6dafe9ecc280d1a36cc6734485d41b6bd6a33e3605591d98e17fd34f901cdbc33710d768f791b9600218fed28a5d21a0e6589c7d6fb5120c8446eba3a8c8b39dddff369b30cffc0426484ef0b6f6664bec8655e040b2bb3fe3f6863c0a36fe182e3627f6ac38d23050092327f8b67beef764bc35207ed73e4850b43a229d48105d3649c45dc658e27b964b149f978b884268e69a4b353a06e473da3dc7d94c93f7070aae7f3cd2b422840ae55105a6ade053b47b2c72f8b7bad5edc52bc6a8daae76922517e6e3f19b82c5a286e7bfc7254d764ddb79c612e91e1bc61927ad424d1914043a6aacfecb7c90ffb16797349a1ec02de9585b51f19da3a0665f484826f77759234b4b4b7ebf0e176fde2571abc3d4714b543000a1726743dc9e0e6c0bc393b25300287603f47464988eed454ca2dc4377c4c1056f688aa1b5a40d380ba787e962f5cbb902db29a084e305b68f289df8112d19b9a34a32b76a827aa607eb306982aa8aa071c3909c9d1120a0e15a041524eeb12cba62e0378ffcfdf14821710c0d767e32e6a1bd09e76e4f6f9fe4843a967bd633a5fae28a3ae1f64861df70aec3c0cff134a5c8609f011686a430a0c7ef3a36a34a36e0d401b51e51c7eb6e8d13e8616f8c40f0bea3ed9c2b722e141567dbb558da1d7c509ee205b2e9936702b79cec40270398b97dc3525bad7b6809aece6cbe80728c4a188935aaad9edf706a557b84614741259345dfcff830299c640ab3cc534bc1ed744b3a935bb2943e4f8582600394b43269bb94b7c8b6de766770c43b96b04d59d6bb15831fe0bfbc0bb930141d0bd64c280c0a42f49380dd315adab35a4ebaa081ae1f736669156088e2d07670169ec89b85fe4149362135b290336c20451330a968e457c1c8b30ba6ee5ec335b9356a84a19dd459d49ed0b12f730289c24565d2ab0c1d5ed68fb4fa92800c8be4eba970913dd2cec7cfc1617ef0b3f7cae1d2979d2944bcdc375cf0c16a86ac6d5ed98a8d9405b674108f0bfb16b9c0408b134bec0df951bbf261ebc0be30ef15321bf82a6a482bc02db237e1a3d0c401316082ba674962a819d73671829f329b67dd5fcf3715fe6219fbf3631d265a5f0c7cfc3c107e469a55318357fc4f5f28fe48c534025fe0c1f06fa815987b7e1f5acd5a16fdd1c0dccb18d1047f8fb837affeb16dffbf91e01ea904571b21a1c0ac3cab6054314a7becb4188c96596258661a8eb71fcb374ada50b4c8e381f8e76a6b56a9e20a04ecf87445eb164760a4b9abcf96be310a9e0c2ac067f3be2bc05aeb0e91e9998bd1be01c68ce885edb372ca48d8518b45ecce90e2144c2356ceac563bfb4735ce0f21427bec2f728798578ef3c83e0a9ec0e16c4bb1ee24e99ca4dec6888eec3727702e058a3e0d5b8d5a72819b5b9dedd5e698ddb1f4542bd19f6cfdfe62cc179c7ee17307d2d8868c61d061a9310b8a037009017d24dcc6137f79926e20ff015cef3de464c2a9774b1db06a885782ac5abfcd1d48a0d65cdb898d3acaf6fbe347d4a80c9455cf7f16d8c890bc629b5d28d669e74db300023471c887f718ad5e7150890e7fdb8c78f2e63f727b205c71640840bedc58f9a52445ea55b95a6b7ddb7919e64728f716ad19c416fb51bac0e3535ff50a16acf7bdfe8066d519ce21ca4a17e4008c00b9f21c72f718d4de2d0cbeff5ca13032d498540478685bc7e45b4d5773c28acc39e58737dc2a3c907bef44e3e2af584fc7aac8f0e7d82fffc341cc984a9a7523de2ef72970646ce8b0d608315d888cc7cfa0f32d1d8da8aa646d9ad12b5dbe8049178b1ffe3bd13183d76dd06073cbca93685f096d8aedfde7c16060ca6bf3d14a24fcfa073673d77321ebfb290b2e92ea026e69ac6881a94e9ebc9b8ddb799ffb8ee771b7951312cc110a1c99a06529c0a0775b830805c54367001ceb69dcf5ab6a11d197bf1d170f686d53ec1b9635db856fd27b92e966f6c6a59ba8bb1ba812937d1b1e68193b3d7e4b213f7eb2a716717a73db04dd22878bfc34646499ded4a7acbffe6694bbae40635e6f0f322dc1662eb7e34b5a1f4a19c0c77bf2faa29b4aa2e2bb88238302cebc0210674473a3a440ddd1ce34317d74638acef8f6b8e471568887a6192a9ddf7c9d003e4890e4390a05bb5a0de8ca6ee7cebe360e6a7b326b3bf56f08fe8732fe8cf56781054ee56db70b45719f40b529d9cc9ff65362fae742c19b958cced92dac22a880ed6def03c3729612bb0ee34ff18557087a103474eff4f8066f8f25379a4d823f95718afbe5601a613abf3af27d247c88fba62280e904c4038fd8b370018a103693091ad3a44fb8be1e73fe9651c8beb51d70f945ca6ac32585b1a693b2d4598178839c10a7e60553fc83122647c5853e31bdef3a1b304da02a5b6df5d37217749c03467024a70703e32d0ec971ce4a8bab10b7a5a12303a7db83526a7fa3c4ec9fc6e125089c05f3a16e7be89249495e5b20cd6857c93378f524d0c46894e595ee76e301bd6da1743ae4e7e750ad8c4f0282f0bbf12e90383af5796e447fee78e302cf46e3a45126fd59d49a624f7033caeac61d49e147d5ed8e85a90c8914efbdfe2bebdf2ae19b58ce9b61684697dc6f0c65088437df7ec3810724ad7a021ec82b0351826dad927acd1a0662f7fc0278bcfcaafa11315bf5121d1b62f0f0471c54052bee73f2b1fb4139243a6d8de170c80604eadab39021306ff9cf5ce751af1fef52e232fc7c64247e32119e4de98d076b0dc84cf918100d8d3ebff83abefee2353acd133612e3815b8ae14d4f0d1006152807e3b42e035b9a62b58d64706730809a21440c7a9ea228ee033abf7cff2343fc4360b541311fa9ad18110be064ccab41436ca6560081111528dd2eb46a961392f024026d127b5836466fdfba1078b1a89f4c88bf8244b640da376a81142db5b1f27bc7e429cc15e6bad993f3d76f2ba3ff0815895361f20067f57fddd43f44b47375340c39283b3871a68f28b0a8166ac3ee35c8393278d5d2d3887c8a0a964f56f1769c29adbba6fbca7901415e2ab3b63f82d09caa3bf6e7f2e743aa073b57ed8a097f80c47ee546e2fe7b4f6fcbc98770fd7e9f1480517f26656171d394cf47ea395bfb995c087f93cde36b07f3507de2ae23d75b000a532c71265521631e4f8126c5eb96f15d04f183e2162ad9c967c0a1c291f1f1fc2b644271f160764af4e469823c3535ebb25cbc37f09b43fbd258b4a1d45335f162ad5f3d9e5406b671811cc0a16e76f4874041bac7b116483a0727f59a2144ca0490fb8acac82e62cba2e45442d4bf35e49f240a57f542be5df86f6942a5a4b82ff437ff2494c7837d22711aae24265a954d8b6e44b731022214e97ef1111f9bd5fde591bba1541799641670bdb290bd45c15c6b7f594179e3a81873f60e382de67bfe33ec177b64950e05706f1243388ffce2a541c5f30a72cf25623e1c35e72bdebf6d87b4684ff156efb10f96392ddb71353d8c8535173ce57ca41905afbef07ba646a067b2fd71bf3e9335e47672fb43639d7a6a4d51923243121724cb3bca92d304ba2c3fc4942b50c302f1ebb15902c5e191d0b3588df150ddb6aa67477a0046394f6ba91c38cb70d4bf5181e5e99d5c5e1fc39ed3c9b793f0520cf96831d65d51b0ecd92e3bee353b413483fa57690152bb4b524fa6d81d82f66bc2b260a40c232dabe1962f0349a078ec42ccc93bd4acbbcfe61af01388719bcf395f27c401f604684a312624820bfa594755fba5a7f61a7d59f364122398b573f37af4b0526099350b43e5bb8c42300be4f2f78a7fd5a317cb6a7cba8758d25122bb3e0fdab6d4968a668fb6db5e9a7944a78dbb0760059e1f3c2e372f28f3787c1c0163fdcf4812c48c08a381a651d4acab89797cf7a4cb1b792d049fdb4d61eb5e65e2870d94b5b23adbabb1c3e6860a021ec90e226475e5b7358199ffe783536ad7be7437b536affb32c74d5c7702b2d6eb47f3b14132bc270ee6ff482fcf6bd5125ac3b17f72e1de54f07d8f97535a0e59c5b8738c9aa630eeddb0c72d3320bf6e99eaf2b321965734106a49b82c57851f2cdbfcbe7197c3eee3a51e03beedb57a186972f0c276579c0cd429e012b3c09f697ec9a71aa074385e1a1c3d3f235bf6e72072be48d025965866667d64a9d80a18baba65ebf3594c5514dee7e4b414e72f79a47a6aab389cfdc5258d08bbb808c97e1f6e0598bc8b7935dc6faa051a95635cc31169b5b8a044a7ecdb9435b1dd5dcf7d28998cb834212777b49a02932787bd690f102fb0772284feed90aa7b5b4887c8d397c0350a010dffe01c6d35e0de2685e6dcc5e71e1542998610b12eec1cebf0bcfa4ddce0bf7b666216c1a352818e941904203dd64d7a253c9632672885e83e2bccd48410a80294a4628f24913cca629fbc5f4a5c4fa0c3c918f479c2247b8cd3768a144894ee10f41f73d18555661b68679dc09f6fb8647f85a4c752d66679468f96400f300d2636e97af596fccb3fa68038ec626d896b40b1297ab4f849dbbe109886fdb3db6cd230271a8c164be8565772125c86059dcb3aa18d40cbcc356450859b5c157f60f4c657d38c0abf8287a836ced10d852025b70000b04d6977306b5d19cac3ed6d50cf0f2a623fce68a233dd6263c0635783998d0a2da76d5080ca8aac7afe8b5750004be87b260f5c6f6dfe4ffbe55fa86924b3fae0f84e2c23f608f41e4d4e4611f22cb282d9ec2413817656806265cd4b0ec24b2ccf79235f348d5d327618c79717f4a849bf838ce3edf7b02fc27bf92abe64aded9f6f2ee8857384dbf63f88471c73cc28366c30b37361ccdb95e16523a6f65f198906b75e148e9ca78ea7e823db6ab7221697e5fc285dfb308ccfa47980e7c4bb4f6047da4cb127ba2334b6ae616098149ffb0cfd5467dc97580d838929b5363768030a59ee1b60f60194094ca8f02ba5aa3eccf7eab811a8204f6f73a886f74d0ac4669d282c7f1cfb29b26f4902f6f7e0b027b01090f362313a5ad20aa719432cea2444959d19c7889f5b3c37ae7439974bd7cb2c03279a402418600bc854b1f9456d62081a89c931b1bf427e3f495e4dcb6f85d9beb948c62a19ea47b40a00525704bda039ba87a7ea1a674da1e9d2da3878438ef4f48fb764f65841934fe0d1886714a422f1b13db25c0587f4557c042545fbae6c91aa2e9fc5a8f84b5fe90427192b0140527c56fc437be55a48d0a82d2fbb8e5254da21a3d48e5632933d1a54b3a2c0bc7ea34321640708a5790185b1f00439971d676ae6fddf92db22bc801cce738768b0618578f192fcfb4a9b9d736b61f7aeaac0ae76039ee17052f20c23754c9e3ab751a5567648eeae2de4183a7ae6d6149eeca6566a7388c3c7ff41bc7e3858978ea73dae0c9af915232f9f05308bb6b7f99fcd265a95edc4ff3ff5ccb02840c75f4d19a118deb7ef445f617bcd15a8c6fb975e51e776527eff86c7b50bcae2e3797d26237ae8e9722639decaf9489b12ad7aeaff6db3e447df91302ac942de2b6ff30b1eb506a43a0e65f02de7d512f41ee700d62b70b982d55dca30494c04a28adee874a1c7c", 0x2000, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={0x78, 0xfffffffffffffff5, 0x100000000, {0x5, 0x6, 0x0, {0x2, 0xfffffffffffffff8, 0x7052, 0x8, 0x80000000, 0xfff, 0x4, 0xe, 0x1, 0x4000, 0x1, 0x0, 0x0, 0x9, 0x40}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r4, 0x0)
connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c00018006000600800a00000800028004007280080007", @ANYRES32=r5, @ANYRES16=r0, @ANYBLOB="806705c3501356bd5b40645cab101544c96a75f9481a9cc399516583f1c37da607771e51965c9b48e3939b2ea729541320a7132147849529f0c365205ef059b7db7afb6245d471960770d364db8f4b86a571d431ed6ef4c025434829041a71c434410be9eaa469fbfa4d5ef7fac03d170fab610d98c4dc80d8b372e9b75079437a7002addcb58e5d9726acb9426712c99be36547c81e4c248db4da88d480a98a0fe9fa3c5dcbf57aaa90fbb4b0f0c16b79f6b36099646547872f67eac417e8f3073a4faf9c5ffcd08aa68e0ed1b9"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010)
quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000000c0)='./file1\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r6 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r6, &(0x7f0000000000)={0x2a, 0x0, 0xbffe}, 0xc)
getsockopt$sock_buf(r6, 0x1, 0x1c, 0x0, &(0x7f0000000840))

1.318837215s ago: executing program 3 (id=2966):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0xcc, 0x6, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0xa4, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_FLAGS={0x8}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x4a}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0xb}, @NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}, {0x30, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_LEN={0x8, 0x4, 0x1, 0x0, 0x62}, @NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0x83}]}}}, {0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}, {0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}], {0x14}}, 0xf4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1e0000000000000006000000ff07000020000200", @ANYRES32, @ANYBLOB="fffeffff0000009f7041c3d500c5000000000000966dbd3448041880fd9d36f251deae81e51ac7ef44bd5a52265f0a41526c7fe92f272be175f559063a77a4cb22c385b2b44851e362e36b1673130f7e4ba20e28d03b9f9b38c5d6c8aacbb1756e833fb80b168646feb9163c5751ea3126d782abdfcdbf8fc1baf4d8a1513eb67e0747cb8f6836de0dac715d63d256cdef5cbdb90792d935bab127089361264c7e80561a1c5a78d375ee7c29f8cfbc17e6b243a4b3002fec705ad5388d9a4c862a96a40fc941bd4f78e706d90a06dcfb8db8b19e43d3c0f562aa873a819531bd814d", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000005000000000000000b00"/28], 0x50)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@userxattr}]})
chdir(&(0x7f00000003c0)='./bus\x00')
symlink(&(0x7f000000a900)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040)='./file1\x00')
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000083000040"])
close_range(r1, 0xffffffffffffffff, 0x0)

1.197698836s ago: executing program 1 (id=2967):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x22, 0x3a0, 0x5, 0x101}, 0x50)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x4e24, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7177}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000080)=0x5d6aff9e)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000080)={r2, @in6={{0xa, 0x4e24, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}}, 0x5, 0x0, 0x80000003, 0x104, 0xe2d8f2eb1d010935, 0x7, 0x6}, 0x9c)

1.144620166s ago: executing program 3 (id=2968):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpid()
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x7, &(0x7f00000000c0))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c) (fail_nth: 1)

643.800281ms ago: executing program 3 (id=2969):
unshare(0x400)

642.79971ms ago: executing program 4 (id=2970):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r0 = socket$tipc(0x1e, 0x5, 0x0)
listen(r0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket(0xa, 0x3, 0xff)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x200002, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0) (fail_nth: 2)

336.18115ms ago: executing program 2 (id=2971):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)

279.980022ms ago: executing program 3 (id=2972):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff00000000000000000004851000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

130.023603ms ago: executing program 1 (id=2973):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x7, 0x180862)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x5, 0x7fc00002}]})
socket(0xa, 0x3, 0x2)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x502, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000008c0)=ANY=[@ANYBLOB="0100000000630000007708000000000000fcffffffffffff29bdf5530bbfd11fb92a269edd3fa36bb4d431b0e7df1b614aca2397450225a02fd43c59dcba3e7f59b6dcf1f2888091f730ab6d234dca8035f3d06782d28ca2c72d"])
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x200087fc, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)

82.474616ms ago: executing program 4 (id=2974):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x4000, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x49108}, [@IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x31e4}, @IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}]}, 0x3c}}, 0x0) (fail_nth: 2)

0s ago: executing program 2 (id=2975):
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000a40)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0, <r1=>0x0})
ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000080)=r1)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"])
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x2000000, 0xe, 0xf0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x1e)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"])
r6 = fcntl$dupfd(r0, 0x0, r3)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000002c0)={"00996c4776918e8963e45084129f7e1523cc11ca06279122dede2e0ac5f2332242d95f566e67c4fe30e7b70135a5600f3af1171476a01bcf89835e7fcbd08c77aa8f63f5e80a54738c5d16d8655d7baf5c7a9a9fdc5a4374f714a4f04d881bae9ac3427769056f592b3c9ecc0636f42f6b21144179dd85b3f92e19edb9670b699e1ac4898026031352039e6983ea3350a61306682823d15624f2b0fbdcd234ad19587ef0da5978fb82fa8ad932f6276053ee710985614d937d6ab4353069e1fd0b20055893b56d5c8bb15d6a3afc9c287105322997cd6bfffdb530650d8d0588961076d25de10d4d94c1140ebdfebff15806baba3ed5d7a9018109ddcc7bc9bd1e535ca04784f77659e816b10117c570d36264f1fe95d9a8e8e848228d8f448aee6e56825c49d65088cecbc17540dc4aebc4e01dc86a383fff259b9bb8d7f7d1bc94d4daf07a5ee70701173532a6fb3b04747bb76dc166922a435a5e04a8701f37a4b3b0dbde9c462d6cf5825a307a23d92efd99db6271ba38d286d90974ff7f672370a6cb58e5af91cf02460ef0a4d9926f79fdb632fce6ab61140976475e50178000db9ee3524839381a0b3ac831d3f3088250a8dc88c6a87526a785241f8fb813053301d1d6a00189b497fa7b9a678443b2137a7297c09d8df4d8656a575b85516628cd3cf1868e772a33e50faecd16194ec874344ffcbbfe371bd6efa71be6e9eb5f18715f584483bd84c7a7a8e9be79f533d156866d1c7158c57314ed3d099c32aa3aebea45142e3bf1ab7e390841f642be8765f569db1706d0be23e963f2a874935c866ce8b2ad0810d0a32a88ebdd666a567cfbd6a2706c9f97815ffcd570bbf249fb4aca777bc76cfd82be93ec486fb9d76c017a245b76ba748d52bdfd38846b009f60a1a1efd3bb7e6a8339717f38e646e7286e32f04ecd179b684e69f56562070ba58944c13a7a67f1f7bbcbb21fdc35e1584a5dde2867945676cb96357feb551735b30346412dde79548bb0cd547f108684cfce1b766eff05e5388149cc33397e85e9c43cf678c399bbfe6f8cb98f4b9f9216793e7207051abcc825940a2922ec2fd1f746d86a12fd4ffb0958f370c16605dcc2f9b8eeeda8a5b409c4d189e83eb2121e79db93c1103c5f433bc5ca78a6ebe7fb4494487eb007cf19b8c9a09f94b2892af026c3ce7e144269ac62b268332f6e69bc8bd58c9a6149dc477dadee4df354bfb8216eb65cf2335f3a62b98722a432b2bf9e55fb410cac0242cacb02aebd8948f01debfb51d73e81de564cd638de60c63d8b8c93753c3fcd45592961a5cf2f704a25817313d76cc2e4add2236e9ed0cc9e203e22d7112e5f7e63fbbbd22885b6526082970f794ff993ce5a4ec7d26d86891f4ba1ddf9bcaf20731fd7f636169fd162845ea3df77a8fb4683663665304ad9466cbf22ead3"})

kernel console output (not intermixed with test programs):

 callbacks suppressed
[ 1081.973391][T16520] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1082.511042][T16105] usb 1-1: Using ep0 maxpacket: 32
[ 1082.522745][T16105] usb 1-1: config 0 has no interfaces?
[ 1082.547597][T16105] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1082.608848][T16105] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1082.617370][T16105] usb 1-1: Product: syz
[ 1082.623494][T16105] usb 1-1: Manufacturer: syz
[ 1082.628218][T16105] usb 1-1: SerialNumber: syz
[ 1082.750078][T16105] usb 1-1: config 0 descriptor??
[ 1083.324666][ T5898] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[ 1084.248636][T15895] usb 1-1: USB disconnect, device number 26
[ 1084.258315][ T5898] usb 3-1: unable to get BOS descriptor set
[ 1084.268291][ T5898] usb 3-1: not running at top speed; connect to a high speed hub
[ 1084.281162][ T5898] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1084.356080][ T5898] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1084.369611][ T5898] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1084.389635][ T5898] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1084.421243][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1084.429278][ T5898] usb 3-1: Product: syz
[ 1084.448226][ T5898] usb 3-1: Manufacturer: syz
[ 1084.475095][ T5898] usb 3-1: SerialNumber: syz
[ 1085.014705][   T30] audit: type=1400 audit(1754182946.763:511): avc:  denied  { cmd } for  pid=16559 comm="syz.4.2529" path="socket:[47028]" dev="sockfs" ino=47028 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1085.081540][   T30] audit: type=1400 audit(1754182946.783:512): avc:  denied  { read write } for  pid=16554 comm="syz.1.2526" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1085.185840][   T30] audit: type=1400 audit(1754182946.783:513): avc:  denied  { open } for  pid=16554 comm="syz.1.2526" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1085.325920][ T2151] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1085.338544][T16567] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2
[ 1085.519917][ T2151] usb 4-1: Using ep0 maxpacket: 16
[ 1085.543891][ T2151] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1085.562686][ T2151] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1085.575420][ T2151] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1085.586519][ T2151] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1085.597215][ T2151] usb 4-1: SerialNumber: syz
[ 1085.610091][ T2151] hub 4-1:1.0: bad descriptor, ignoring hub
[ 1085.740653][ T2151] hub 4-1:1.0: probe with driver hub failed with error -5
[ 1085.817451][T16557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1085.913656][T16575] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2532'.
[ 1085.944045][T16557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1086.211342][ T5847] usb 4-1: reset high-speed USB device number 28 using dummy_hcd
[ 1086.901590][ T5847] usb 4-1: USB disconnect, device number 28
[ 1087.360806][ T5847] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1087.578220][T16602] PKCS7: Unknown OID: [5] (bad)
[ 1087.594338][T16602] PKCS7: Only support pkcs7_signedData type
[ 1087.616671][T16602] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1087.668906][T16602] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1087.711390][T16604] PKCS7: Unknown OID: [5] (bad)
[ 1087.733977][T16604] PKCS7: Only support pkcs7_signedData type
[ 1087.860800][ T5847] usb 5-1: Using ep0 maxpacket: 16
[ 1087.876042][ T5847] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[ 1087.915125][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1087.937310][ T5847] usb 5-1: Product: syz
[ 1087.941945][ T5847] usb 5-1: Manufacturer: syz
[ 1087.946549][ T5847] usb 5-1: SerialNumber: syz
[ 1087.988311][ T5847] r8152-cfgselector 5-1: Unknown version 0x0000
[ 1087.994815][ T5847] r8152-cfgselector 5-1: config 0 descriptor??
[ 1088.070710][   T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1088.230783][   T10] usb 4-1: Using ep0 maxpacket: 32
[ 1088.240923][   T10] usb 4-1: config 0 has no interfaces?
[ 1088.253003][   T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1088.265110][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1088.274014][   T10] usb 4-1: Product: syz
[ 1088.278387][   T10] usb 4-1: Manufacturer: syz
[ 1088.289497][   T10] usb 4-1: SerialNumber: syz
[ 1088.579683][T16610] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1088.619109][T16610] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1089.124690][   T10] usb 4-1: config 0 descriptor??
[ 1089.601044][ T5898] usb 3-1: 0:2 : does not exist
[ 1089.683356][ T5898] usb 3-1: USB disconnect, device number 25
[ 1091.020738][T16584] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1091.042521][ T5898] usb 4-1: USB disconnect, device number 29
[ 1091.264972][   T10] r8152-cfgselector 5-1: USB disconnect, device number 34
[ 1091.478867][T16632] FAULT_INJECTION: forcing a failure.
[ 1091.478867][T16632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1091.505069][T16632] CPU: 0 UID: 0 PID: 16632 Comm: syz.4.2547 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1091.505098][T16632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1091.505106][T16632] Call Trace:
[ 1091.505111][T16632]  <TASK>
[ 1091.505116][T16632]  dump_stack_lvl+0x16c/0x1f0
[ 1091.505140][T16632]  should_fail_ex+0x512/0x640
[ 1091.505163][T16632]  _copy_from_user+0x2e/0xd0
[ 1091.505178][T16632]  copy_msghdr_from_user+0x98/0x160
[ 1091.505198][T16632]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1091.505225][T16632]  ___sys_sendmsg+0xfe/0x1d0
[ 1091.505244][T16632]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1091.505276][T16632]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1091.505306][T16632]  __sys_sendmsg+0x16d/0x220
[ 1091.505325][T16632]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1091.505354][T16632]  do_syscall_64+0xcd/0x4c0
[ 1091.505376][T16632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.505389][T16632] RIP: 0033:0x7f190278eb69
[ 1091.505400][T16632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1091.505413][T16632] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1091.505426][T16632] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1091.505434][T16632] RDX: 0000000000000000 RSI: 0000200000001ac0 RDI: 0000000000000003
[ 1091.505441][T16632] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1091.505448][T16632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1091.505456][T16632] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1091.505472][T16632]  </TASK>
[ 1091.800622][ T5847] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1091.950677][ T5847] usb 1-1: Using ep0 maxpacket: 16
[ 1092.120410][ T5847] usb 1-1: config 0 has an invalid interface number: 226 but max is 0
[ 1092.168956][T16634] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1092.319182][ T5847] usb 1-1: config 0 has no interface number 0
[ 1092.348319][ T5847] usb 1-1: config 0 interface 226 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1092.403078][ T5847] usb 1-1: config 0 interface 226 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1092.424954][ T5847] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1092.437786][ T5847] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1092.464032][ T5847] usb 1-1: config 0 descriptor??
[ 1092.552567][T16653] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1092.662963][   T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1092.899671][   T10] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1092.927016][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1092.953252][   T10] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1092.953612][ T5847] hid (null): report_id 1753364147 is invalid
[ 1092.974008][   T10] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1093.000651][ T5847] hid (null): unknown global tag 0xc
[ 1093.005662][   T10] usb 4-1: Product: syz
[ 1093.013198][ T5847] hid (null): unknown global tag 0xe
[ 1093.030119][   T10] usb 4-1: Manufacturer: syz
[ 1093.035713][ T5847] hid (null): unknown global tag 0xf0
[ 1093.046116][ T5847] hid (null): unknown global tag 0xc
[ 1093.057847][   T10] usb 4-1: SerialNumber: syz
[ 1093.064669][ T5847] hid (null): bogus close delimiter
[ 1093.086913][   T10] usb 4-1: config 0 descriptor??
[ 1093.118393][   T10] usb 4-1: selecting invalid altsetting 0
[ 1093.140276][T16658] netlink: 'syz.2.2554': attribute type 72 has an invalid length.
[ 1093.339001][ T5898] usb 4-1: USB disconnect, device number 30
[ 1093.531217][ T5847] usb 1-1: USB disconnect, device number 27
[ 1093.540713][   T10] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1093.707653][T16678] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2558'.
[ 1093.718929][   T10] usb 3-1: Using ep0 maxpacket: 8
[ 1093.726068][   T10] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[ 1093.734946][   T30] audit: type=1400 audit(1754182955.473:514): avc:  denied  { getopt } for  pid=16677 comm="syz.1.2558" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1093.738251][   T10] usb 3-1: config 179 has no interface number 0
[ 1093.766544][   T10] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[ 1093.779075][   T10] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[ 1093.796069][   T10] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1093.807624][   T10] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[ 1093.824573][   T10] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[ 1093.847510][   T10] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[ 1093.857703][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1093.875593][T16660] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1094.051666][T16690] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1094.141932][T16690] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1094.175920][T16695] netlink: 'syz.3.2565': attribute type 72 has an invalid length.
[ 1094.412149][T16707] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2568'.
[ 1094.450857][   T10] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input55
[ 1094.619847][T16712] netlink: 'syz.1.2569': attribute type 20 has an invalid length.
[ 1094.669219][   T10] usb 3-1: USB disconnect, device number 26
[ 1094.669256][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[ 1094.669279][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[ 1095.170745][T11016] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[ 1095.360203][T16726] FAULT_INJECTION: forcing a failure.
[ 1095.360203][T16726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1095.373368][T16726] CPU: 1 UID: 0 PID: 16726 Comm: syz.2.2574 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1095.373398][T16726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1095.373410][T16726] Call Trace:
[ 1095.373417][T16726]  <TASK>
[ 1095.373425][T16726]  dump_stack_lvl+0x16c/0x1f0
[ 1095.373459][T16726]  should_fail_ex+0x512/0x640
[ 1095.373495][T16726]  _copy_from_user+0x2e/0xd0
[ 1095.373519][T16726]  copy_msghdr_from_user+0x98/0x160
[ 1095.373548][T16726]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1095.373583][T16726]  ? __lock_acquire+0x62e/0x1ce0
[ 1095.373619][T16726]  ___sys_recvmsg+0xdb/0x1a0
[ 1095.373647][T16726]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1095.373678][T16726]  ? find_held_lock+0x2b/0x80
[ 1095.373721][T16726]  do_recvmmsg+0x2fe/0x750
[ 1095.373753][T16726]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1095.373780][T16726]  ? ksys_write+0x190/0x250
[ 1095.373806][T16726]  ? __mutex_unlock_slowpath+0x163/0x800
[ 1095.373845][T16726]  ? __fget_files+0x20e/0x3c0
[ 1095.373881][T16726]  __x64_sys_recvmmsg+0x22a/0x280
[ 1095.373911][T16726]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1095.373949][T16726]  do_syscall_64+0xcd/0x4c0
[ 1095.373982][T16726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.374002][T16726] RIP: 0033:0x7f11ab18eb69
[ 1095.374018][T16726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1095.374037][T16726] RSP: 002b:00007f11aafd6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1095.374056][T16726] RAX: ffffffffffffffda RBX: 00007f11ab3b6080 RCX: 00007f11ab18eb69
[ 1095.374069][T16726] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000007
[ 1095.374081][T16726] RBP: 00007f11aafd6090 R08: 0000000000000000 R09: 0000000000000000
[ 1095.374093][T16726] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 1095.374105][T16726] R13: 0000000000000000 R14: 00007f11ab3b6080 R15: 00007ffec4a46148
[ 1095.374133][T16726]  </TASK>
[ 1095.456839][T11016] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1095.457030][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1095.588418][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1095.594402][    C1] hrtimer: interrupt took 213861569 ns
[ 1095.694441][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1096.128437][T11016] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1096.143382][T11016] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1096.158440][T11016] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1096.185215][T11016] usb 2-1: Product: syz
[ 1096.189560][T11016] usb 2-1: Manufacturer: syz
[ 1096.194582][T11016] usb 2-1: SerialNumber: syz
[ 1096.203315][T11016] usb 2-1: config 0 descriptor??
[ 1096.213143][T11016] usb 2-1: selecting invalid altsetting 0
[ 1097.170144][ T5847] usb 2-1: USB disconnect, device number 30
[ 1097.243056][T16738] syz.3.2577 (16738): /proc/16736/oom_adj is deprecated, please use /proc/16736/oom_score_adj instead.
[ 1097.948745][T16740] netlink: 'syz.4.2578': attribute type 72 has an invalid length.
[ 1098.360024][ T5847] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1098.706845][T16766] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2
[ 1098.708162][ T5847] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1098.940203][ T5847] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1099.036075][ T5847] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1099.045404][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1099.053593][ T5847] usb 5-1: Product: syz
[ 1099.057805][ T5847] usb 5-1: Manufacturer: syz
[ 1099.062475][ T5847] usb 5-1: SerialNumber: syz
[ 1099.088822][ T5847] usb 5-1: config 0 descriptor??
[ 1099.144400][ T5847] usb 5-1: selecting invalid altsetting 0
[ 1099.603483][ T5847] usb 5-1: USB disconnect, device number 35
[ 1099.729871][T16482] udevd[16482]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1101.148714][T16789] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2593'.
[ 1102.621740][T16819] netlink: 'syz.3.2601': attribute type 1 has an invalid length.
[ 1102.727842][T16819] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1103.022206][T16822] ip6tnl2: entered allmulticast mode
[ 1103.495536][T16822] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1103.511244][T16822] bond2: (slave ip6tnl2): The slave device specified does not support setting the MAC address
[ 1103.547654][T16822] bond2: (slave ip6tnl2): Error -95 calling set_mac_address
[ 1103.762438][T16838] FAULT_INJECTION: forcing a failure.
[ 1103.762438][T16838] name failslab, interval 1, probability 0, space 0, times 0
[ 1103.899125][T16838] CPU: 0 UID: 0 PID: 16838 Comm: syz.0.2608 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1103.899153][T16838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1103.899162][T16838] Call Trace:
[ 1103.899168][T16838]  <TASK>
[ 1103.899176][T16838]  dump_stack_lvl+0x16c/0x1f0
[ 1103.899210][T16838]  should_fail_ex+0x512/0x640
[ 1103.899237][T16838]  ? fs_reclaim_acquire+0xae/0x150
[ 1103.899263][T16838]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1103.899287][T16838]  should_failslab+0xc2/0x120
[ 1103.899308][T16838]  __kmalloc_noprof+0xd2/0x510
[ 1103.899333][T16838]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1103.899358][T16838]  ? tomoyo_profile+0x47/0x60
[ 1103.899387][T16838]  tomoyo_path_number_perm+0x245/0x580
[ 1103.899405][T16838]  ? tomoyo_path_number_perm+0x237/0x580
[ 1103.899427][T16838]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1103.899449][T16838]  ? find_held_lock+0x2b/0x80
[ 1103.899498][T16838]  ? find_held_lock+0x2b/0x80
[ 1103.899519][T16838]  ? hook_file_ioctl_common+0x145/0x410
[ 1103.899552][T16838]  ? __fget_files+0x20e/0x3c0
[ 1103.899577][T16838]  security_file_ioctl+0x9b/0x240
[ 1103.899604][T16838]  __x64_sys_ioctl+0xb7/0x210
[ 1103.899636][T16838]  do_syscall_64+0xcd/0x4c0
[ 1103.899666][T16838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1103.899687][T16838] RIP: 0033:0x7fb0c6f8eb69
[ 1103.899704][T16838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1103.899723][T16838] RSP: 002b:00007fb0c7de3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1103.899742][T16838] RAX: ffffffffffffffda RBX: 00007fb0c71b6080 RCX: 00007fb0c6f8eb69
[ 1103.899759][T16838] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1103.899770][T16838] RBP: 00007fb0c7de3090 R08: 0000000000000000 R09: 0000000000000000
[ 1103.899782][T16838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1103.899793][T16838] R13: 0000000000000001 R14: 00007fb0c71b6080 R15: 00007fffe7d3d4d8
[ 1103.899827][T16838]  </TASK>
[ 1104.147349][T16838] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1105.033716][T16848] FAULT_INJECTION: forcing a failure.
[ 1105.033716][T16848] name failslab, interval 1, probability 0, space 0, times 0
[ 1105.047739][T16848] CPU: 0 UID: 0 PID: 16848 Comm: syz.4.2611 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1105.047766][T16848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1105.047774][T16848] Call Trace:
[ 1105.047778][T16848]  <TASK>
[ 1105.047783][T16848]  dump_stack_lvl+0x16c/0x1f0
[ 1105.047811][T16848]  should_fail_ex+0x512/0x640
[ 1105.047830][T16848]  ? fs_reclaim_acquire+0xae/0x150
[ 1105.047849][T16848]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1105.047865][T16848]  should_failslab+0xc2/0x120
[ 1105.047879][T16848]  __kmalloc_noprof+0xd2/0x510
[ 1105.047895][T16848]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1105.047913][T16848]  ? tomoyo_profile+0x47/0x60
[ 1105.047932][T16848]  tomoyo_path_number_perm+0x245/0x580
[ 1105.047944][T16848]  ? tomoyo_path_number_perm+0x237/0x580
[ 1105.047958][T16848]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1105.047972][T16848]  ? find_held_lock+0x2b/0x80
[ 1105.048001][T16848]  ? find_held_lock+0x2b/0x80
[ 1105.048015][T16848]  ? hook_file_ioctl_common+0x145/0x410
[ 1105.048037][T16848]  ? __fget_files+0x20e/0x3c0
[ 1105.048053][T16848]  security_file_ioctl+0x9b/0x240
[ 1105.048070][T16848]  __x64_sys_ioctl+0xb7/0x210
[ 1105.048090][T16848]  do_syscall_64+0xcd/0x4c0
[ 1105.048109][T16848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1105.048122][T16848] RIP: 0033:0x7f190278eb69
[ 1105.048132][T16848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1105.048145][T16848] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1105.048157][T16848] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1105.048164][T16848] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1105.048171][T16848] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1105.048178][T16848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1105.048185][T16848] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1105.048200][T16848]  </TASK>
[ 1105.048296][T16848] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1105.656189][T16860] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2
[ 1105.686236][   T30] audit: type=1400 audit(1754182967.433:515): avc:  denied  { read } for  pid=16853 comm="syz.1.2614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1105.722063][T16862] tipc: New replicast peer: 255.255.255.255
[ 1105.732968][T16862] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1106.422064][T16898] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1106.433709][T16898] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1106.472995][T16899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2623'.
[ 1106.710696][T16898] netlink: 'syz.4.2620': attribute type 6 has an invalid length.
[ 1107.169236][ T5847] tipc: Node number set to 9409047
[ 1107.738767][T16913] overlayfs: failed to resolve './file1': -2
[ 1107.818703][T16914] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1108.425999][T16919] overlayfs: failed to resolve './file1': -2
[ 1108.502098][T16920] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1109.113802][T16928] FAULT_INJECTION: forcing a failure.
[ 1109.113802][T16928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1109.113843][T16928] CPU: 1 UID: 0 PID: 16928 Comm: syz.0.2632 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1109.113863][T16928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1109.113873][T16928] Call Trace:
[ 1109.113879][T16928]  <TASK>
[ 1109.113886][T16928]  dump_stack_lvl+0x16c/0x1f0
[ 1109.113916][T16928]  should_fail_ex+0x512/0x640
[ 1109.113947][T16928]  _copy_from_user+0x2e/0xd0
[ 1109.113967][T16928]  get_timespec64+0x8b/0x240
[ 1109.113992][T16928]  ? __pfx_get_timespec64+0x10/0x10
[ 1109.114014][T16928]  ? __fget_files+0x20e/0x3c0
[ 1109.114039][T16928]  __x64_sys_recvmmsg+0x166/0x280
[ 1109.114067][T16928]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1109.114092][T16928]  ? syscall_user_dispatch+0x78/0x140
[ 1109.114120][T16928]  do_syscall_64+0xcd/0x4c0
[ 1109.114145][T16928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.114162][T16928] RIP: 0033:0x7fb0c6f8eb69
[ 1109.114175][T16928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1109.114191][T16928] RSP: 002b:00007fb0c7e04038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1109.114207][T16928] RAX: ffffffffffffffda RBX: 00007fb0c71b5fa0 RCX: 00007fb0c6f8eb69
[ 1109.114217][T16928] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[ 1109.114228][T16928] RBP: 00007fb0c7e04090 R08: 0000200000003700 R09: 0000000000000000
[ 1109.114239][T16928] R10: 0000000002040000 R11: 0000000000000246 R12: 0000000000000001
[ 1109.114249][T16928] R13: 0000000000000000 R14: 00007fb0c71b5fa0 R15: 00007fffe7d3d4d8
[ 1109.114273][T16928]  </TASK>
[ 1111.066238][T16945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2635'.
[ 1111.634864][T16927] tty tty27: ldisc open failed (-12), clearing slot 26
[ 1112.185188][   T30] audit: type=1326 audit(1754182973.933:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16956 comm="syz.3.2638" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0366d8eb69 code=0x0
[ 1112.359459][T16967] overlayfs: failed to resolve './file1': -2
[ 1112.438925][T16968] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1114.692710][ T5898] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1114.811891][ T2151] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[ 1115.616505][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.631285][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.665189][ T5898] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1115.690785][ T5898] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1115.700347][ T5898] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1115.710045][ T5898] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1115.718682][ T5898] usb 5-1: Product: syz
[ 1115.723688][ T5898] usb 5-1: Manufacturer: syz
[ 1115.728350][ T5898] usb 5-1: SerialNumber: syz
[ 1115.735619][ T5898] usb 5-1: config 0 descriptor??
[ 1115.899876][ T5898] usb 5-1: selecting invalid altsetting 0
[ 1116.098218][T16993] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2646'.
[ 1116.180367][ T5898] usb 5-1: USB disconnect, device number 36
[ 1116.340678][T13921] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[ 1116.527328][T13921] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1116.557873][T13921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1116.652389][T13921] usb 2-1: Product: syz
[ 1116.659269][T13921] usb 2-1: Manufacturer: syz
[ 1116.666861][T13921] usb 2-1: SerialNumber: syz
[ 1116.768857][T13921] usb 2-1: config 0 descriptor??
[ 1117.000123][T13921] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1117.068569][T16999] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2649'.
[ 1117.688620][T17002] ALSA: seq fatal error: cannot create timer (-22)
[ 1117.819423][T16994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.841014][T16994] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.909186][T16994] netlink: 'syz.1.2648': attribute type 4 has an invalid length.
[ 1118.972205][T16994] netlink: 'syz.1.2648': attribute type 4 has an invalid length.
[ 1119.057119][T13921] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[ 1119.073870][T13921] usb 2-1: USB disconnect, device number 31
[ 1119.240781][T11016] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1119.248139][    C0] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1119.941850][T17030] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2
[ 1120.221094][T17042] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2661'.
[ 1120.596944][T11016] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1120.604033][    C0] IPVS: sh: FWM 3 0x00000003 - no destination available
[ 1120.637273][T17029] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[ 1120.697774][T17029] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1120.752413][T17029] kvm: requested 5028 ns i8254 timer period limited to 200000 ns
[ 1120.788479][T17029] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[ 1120.797234][T17029] kvm: requested 170133 ns i8254 timer period limited to 200000 ns
[ 1120.805788][T17029] kvm: requested 2514 ns i8254 timer period limited to 200000 ns
[ 1120.814150][T17029] kvm: requested 3352 ns i8254 timer period limited to 200000 ns
[ 1120.887333][T17029] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[ 1120.927544][T17029] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1120.977686][T11016] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1121.371571][T17053] FAULT_INJECTION: forcing a failure.
[ 1121.371571][T17053] name failslab, interval 1, probability 0, space 0, times 0
[ 1121.384283][T11016] usb 1-1: Using ep0 maxpacket: 32
[ 1121.400620][T17053] CPU: 1 UID: 0 PID: 17053 Comm: syz.2.2666 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1121.400648][T17053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1121.400658][T17053] Call Trace:
[ 1121.400669][T17053]  <TASK>
[ 1121.400676][T17053]  dump_stack_lvl+0x16c/0x1f0
[ 1121.400705][T17053]  should_fail_ex+0x512/0x640
[ 1121.400733][T17053]  ? fs_reclaim_acquire+0xae/0x150
[ 1121.400757][T17053]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1121.400780][T17053]  should_failslab+0xc2/0x120
[ 1121.400800][T17053]  __kmalloc_noprof+0xd2/0x510
[ 1121.400825][T17053]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1121.400850][T17053]  ? tomoyo_profile+0x47/0x60
[ 1121.400878][T17053]  tomoyo_path_number_perm+0x245/0x580
[ 1121.400896][T17053]  ? tomoyo_path_number_perm+0x237/0x580
[ 1121.400916][T17053]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1121.400934][T17053]  ? find_held_lock+0x2b/0x80
[ 1121.400973][T17053]  ? find_held_lock+0x2b/0x80
[ 1121.400991][T17053]  ? hook_file_ioctl_common+0x145/0x410
[ 1121.401017][T17053]  ? __fget_files+0x20e/0x3c0
[ 1121.401036][T17053]  security_file_ioctl+0x9b/0x240
[ 1121.401056][T17053]  __x64_sys_ioctl+0xb7/0x210
[ 1121.401078][T17053]  do_syscall_64+0xcd/0x4c0
[ 1121.401102][T17053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.401118][T17053] RIP: 0033:0x7f11ab18eb69
[ 1121.401130][T17053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1121.401145][T17053] RSP: 002b:00007f11aafd6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1121.401159][T17053] RAX: ffffffffffffffda RBX: 00007f11ab3b6080 RCX: 00007f11ab18eb69
[ 1121.401169][T17053] RDX: 0000000020000000 RSI: 0000000000001276 RDI: 0000000000000005
[ 1121.401178][T17053] RBP: 00007f11aafd6090 R08: 0000000000000000 R09: 0000000000000000
[ 1121.401187][T17053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1121.401195][T17053] R13: 0000000000000000 R14: 00007f11ab3b6080 R15: 00007ffec4a46148
[ 1121.401215][T17053]  </TASK>
[ 1121.401248][T17053] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1121.420725][T11016] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1121.638802][T17054] netlink: 'syz.2.2666': attribute type 20 has an invalid length.
[ 1121.766145][T11016] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1121.778420][T11016] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1121.787671][T11016] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.132682][T11016] usb 1-1: config 0 descriptor??
[ 1122.610815][T11016] ft260 0003:0403:6030.000F: unknown main item tag 0x7
[ 1122.781577][T11016] ft260 0003:0403:6030.000F: chip code: 6424 8183
[ 1123.399409][T11016] ft260 0003:0403:6030.000F: failed to retrieve system status
[ 1123.454195][   T30] audit: type=1400 audit(1754182985.193:517): avc:  denied  { read } for  pid=17081 comm="syz.4.2675" path="socket:[51294]" dev="sockfs" ino=51294 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1123.477958][T11016] ft260 0003:0403:6030.000F: probe with driver ft260 failed with error -32
[ 1123.628327][T17091] random: crng reseeded on system resumption
[ 1123.684640][T17092] FAULT_INJECTION: forcing a failure.
[ 1123.684640][T17092] name failslab, interval 1, probability 0, space 0, times 0
[ 1123.697456][T17092] CPU: 1 UID: 0 PID: 17092 Comm: syz.3.2676 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1123.697485][T17092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1123.697496][T17092] Call Trace:
[ 1123.697502][T17092]  <TASK>
[ 1123.697510][T17092]  dump_stack_lvl+0x16c/0x1f0
[ 1123.697546][T17092]  should_fail_ex+0x512/0x640
[ 1123.697576][T17092]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1123.697602][T17092]  should_failslab+0xc2/0x120
[ 1123.697624][T17092]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1123.697645][T17092]  ? getname_flags.part.0+0x4c/0x550
[ 1123.697679][T17092]  getname_flags.part.0+0x4c/0x550
[ 1123.697716][T17092]  getname_flags+0x93/0xf0
[ 1123.697737][T17092]  __x64_sys_link+0x58/0xa0
[ 1123.697762][T17092]  do_syscall_64+0xcd/0x4c0
[ 1123.697793][T17092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.697814][T17092] RIP: 0033:0x7f0366d8eb69
[ 1123.697830][T17092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1123.697850][T17092] RSP: 002b:00007f0364bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[ 1123.697870][T17092] RAX: ffffffffffffffda RBX: 00007f0366fb6160 RCX: 00007f0366d8eb69
[ 1123.697883][T17092] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000200000000200
[ 1123.697895][T17092] RBP: 00007f0364bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1123.697907][T17092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1123.697918][T17092] R13: 0000000000000000 R14: 00007f0366fb6160 R15: 00007ffcb7dee538
[ 1123.697946][T17092]  </TASK>
[ 1123.862313][T17092] input: syz0 as /devices/virtual/input/input56
[ 1124.840266][T17105] : entered promiscuous mode
[ 1125.339783][   T30] audit: type=1400 audit(1754182986.953:518): avc:  denied  { mount } for  pid=17110 comm="syz.3.2684" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1125.664707][ T2151] usb 1-1: USB disconnect, device number 29
[ 1126.299439][T17133] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1126.376926][T17134] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2688'.
[ 1127.647532][T17150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2694'.
[ 1127.659477][T17146] FAULT_INJECTION: forcing a failure.
[ 1127.659477][T17146] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1127.697568][T17146] CPU: 0 UID: 0 PID: 17146 Comm: syz.4.2692 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1127.697594][T17146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1127.697604][T17146] Call Trace:
[ 1127.697611][T17146]  <TASK>
[ 1127.697625][T17146]  dump_stack_lvl+0x16c/0x1f0
[ 1127.697656][T17146]  should_fail_ex+0x512/0x640
[ 1127.697685][T17146]  _copy_from_user+0x2e/0xd0
[ 1127.697704][T17146]  copy_msghdr_from_user+0x98/0x160
[ 1127.697728][T17146]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1127.697762][T17146]  ___sys_sendmsg+0xfe/0x1d0
[ 1127.697786][T17146]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1127.697832][T17146]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1127.697864][T17146]  __sys_sendmsg+0x16d/0x220
[ 1127.697886][T17146]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1127.697924][T17146]  do_syscall_64+0xcd/0x4c0
[ 1127.697949][T17146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.697966][T17146] RIP: 0033:0x7f190278eb69
[ 1127.697981][T17146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1127.697997][T17146] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1127.698015][T17146] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1127.698026][T17146] RDX: 0000000004000054 RSI: 0000200000000480 RDI: 0000000000000005
[ 1127.698036][T17146] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1127.698044][T17146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1127.698054][T17146] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1127.698076][T17146]  </TASK>
[ 1127.876146][   T30] audit: type=1400 audit(1754182989.433:519): avc:  denied  { getopt } for  pid=17149 comm="syz.2.2694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1127.990834][T15895] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1128.160796][T15895] usb 3-1: Using ep0 maxpacket: 8
[ 1128.172916][T17152] FAULT_INJECTION: forcing a failure.
[ 1128.172916][T17152] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1128.178145][T15895] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1128.215281][T15895] usb 3-1: config 0 has an invalid interface number: 88 but max is 0
[ 1128.223888][T15895] usb 3-1: config 0 has no interface number 0
[ 1128.240351][T15895] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1128.261260][T15895] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1128.275881][T15895] usb 3-1: config 0 interface 88 has no altsetting 0
[ 1128.282405][T17152] CPU: 1 UID: 0 PID: 17152 Comm: syz.4.2695 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1128.282432][T17152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1128.282441][T17152] Call Trace:
[ 1128.282447][T17152]  <TASK>
[ 1128.282453][T17152]  dump_stack_lvl+0x16c/0x1f0
[ 1128.282483][T17152]  should_fail_ex+0x512/0x640
[ 1128.282511][T17152]  _copy_from_user+0x2e/0xd0
[ 1128.282531][T17152]  copy_msghdr_from_user+0x98/0x160
[ 1128.282554][T17152]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1128.282586][T17152]  ___sys_sendmsg+0xfe/0x1d0
[ 1128.282609][T17152]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1128.282652][T17152]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1128.282683][T17152]  __sys_sendmsg+0x16d/0x220
[ 1128.282707][T17152]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1128.282747][T17152]  do_syscall_64+0xcd/0x4c0
[ 1128.282775][T17152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.282793][T17152] RIP: 0033:0x7f190278eb69
[ 1128.282807][T17152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1128.282821][T17152] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1128.282837][T17152] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1128.282849][T17152] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003
[ 1128.282860][T17152] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1128.282870][T17152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1128.282879][T17152] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1128.282903][T17152]  </TASK>
[ 1128.302083][T17158] FAULT_INJECTION: forcing a failure.
[ 1128.302083][T17158] name failslab, interval 1, probability 0, space 0, times 0
[ 1128.307547][T15895] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[ 1128.314754][T17158] CPU: 1 UID: 0 PID: 17158 Comm: syz.3.2698 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1128.314779][T17158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1128.314788][T17158] Call Trace:
[ 1128.314793][T17158]  <TASK>
[ 1128.314799][T17158]  dump_stack_lvl+0x16c/0x1f0
[ 1128.314828][T17158]  should_fail_ex+0x512/0x640
[ 1128.314851][T17158]  ? __kmalloc_noprof+0xbf/0x510
[ 1128.314869][T17158]  ? sock_kmalloc+0x111/0x170
[ 1128.314883][T17158]  should_failslab+0xc2/0x120
[ 1128.314901][T17158]  __kmalloc_noprof+0xd2/0x510
[ 1128.314921][T17158]  sock_kmalloc+0x111/0x170
[ 1128.314937][T17158]  alg_setsockopt+0x390/0xdd0
[ 1128.314963][T17158]  ? __pfx_alg_setsockopt+0x10/0x10
[ 1128.314985][T17158]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1128.315003][T17158]  ? __pfx_alg_setsockopt+0x10/0x10
[ 1128.315026][T17158]  do_sock_setsockopt+0xf3/0x1d0
[ 1128.315053][T17158]  __sys_setsockopt+0x1a0/0x230
[ 1128.315077][T17158]  __x64_sys_setsockopt+0xbd/0x160
[ 1128.315096][T17158]  ? do_syscall_64+0x91/0x4c0
[ 1128.315118][T17158]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1128.315139][T17158]  do_syscall_64+0xcd/0x4c0
[ 1128.315162][T17158]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.315178][T17158] RIP: 0033:0x7f0366d8eb69
[ 1128.315191][T17158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1128.315206][T17158] RSP: 002b:00007f0367b4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1128.315223][T17158] RAX: ffffffffffffffda RBX: 00007f0366fb5fa0 RCX: 00007f0366d8eb69
[ 1128.315234][T17158] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[ 1128.315243][T17158] RBP: 00007f0367b4d090 R08: 0000000000000010 R09: 0000000000000000
[ 1128.315253][T17158] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[ 1128.315262][T17158] R13: 0000000000000000 R14: 00007f0366fb5fa0 R15: 00007ffcb7dee538
[ 1128.315283][T17158]  </TASK>
[ 1128.506163][T17161] tmpfs: Unknown parameter ''
[ 1128.551154][T15895] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[ 1128.678164][   T30] audit: type=1400 audit(1754182990.233:520): avc:  denied  { read } for  pid=17155 comm="syz.1.2697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1128.734216][T15895] usb 3-1: Product: syz
[ 1128.738414][T15895] usb 3-1: Manufacturer: syz
[ 1128.746270][T17159] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1128.939844][T15895] usb 3-1: SerialNumber: syz
[ 1128.958882][T15895] usb 3-1: config 0 descriptor??
[ 1129.162769][   T30] audit: type=1400 audit(1754182990.913:521): avc:  denied  { ioctl } for  pid=17155 comm="syz.1.2697" path="socket:[51453]" dev="sockfs" ino=51453 ioctlcmd=0x42c8 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1129.292455][   T30] audit: type=1400 audit(1754182991.003:522): avc:  denied  { getopt } for  pid=17155 comm="syz.1.2697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1129.697219][T15895] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input57
[ 1129.762995][T15895] usb 3-1: USB disconnect, device number 27
[ 1129.878716][T16482] udevd[16482]: Error opening device "/dev/input/event4": No such file or directory
[ 1129.915734][T16482] udevd[16482]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1129.930243][T16482] udevd[16482]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1130.540007][T17197] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1131.079599][T17200] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2708'.
[ 1131.417607][T17210] FAULT_INJECTION: forcing a failure.
[ 1131.417607][T17210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1131.474613][T17210] CPU: 1 UID: 0 PID: 17210 Comm: syz.1.2712 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1131.474652][T17210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1131.474663][T17210] Call Trace:
[ 1131.474670][T17210]  <TASK>
[ 1131.474679][T17210]  dump_stack_lvl+0x16c/0x1f0
[ 1131.474715][T17210]  should_fail_ex+0x512/0x640
[ 1131.474752][T17210]  _copy_from_user+0x2e/0xd0
[ 1131.474775][T17210]  copy_msghdr_from_user+0x98/0x160
[ 1131.474806][T17210]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1131.474842][T17210]  ? __pfx__kstrtoull+0x10/0x10
[ 1131.474876][T17210]  ___sys_sendmsg+0xfe/0x1d0
[ 1131.474908][T17210]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1131.474951][T17210]  ? find_held_lock+0x2b/0x80
[ 1131.474997][T17210]  __sys_sendmmsg+0x200/0x420
[ 1131.475030][T17210]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1131.475068][T17210]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1131.475112][T17210]  ? fput+0x9b/0xd0
[ 1131.475139][T17210]  ? ksys_write+0x1ac/0x250
[ 1131.475158][T17210]  ? __pfx_ksys_write+0x10/0x10
[ 1131.475184][T17210]  __x64_sys_sendmmsg+0x9c/0x100
[ 1131.475212][T17210]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1131.475241][T17210]  do_syscall_64+0xcd/0x4c0
[ 1131.475273][T17210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1131.475293][T17210] RIP: 0033:0x7fae4bf8eb69
[ 1131.475310][T17210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1131.475329][T17210] RSP: 002b:00007fae4ce5b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1131.475350][T17210] RAX: ffffffffffffffda RBX: 00007fae4c1b5fa0 RCX: 00007fae4bf8eb69
[ 1131.475362][T17210] RDX: 0000000000000001 RSI: 00002000000098c0 RDI: 0000000000000003
[ 1131.475374][T17210] RBP: 00007fae4ce5b090 R08: 0000000000000000 R09: 0000000000000000
[ 1131.475385][T17210] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001
[ 1131.475396][T17210] R13: 0000000000000000 R14: 00007fae4c1b5fa0 R15: 00007ffc160986a8
[ 1131.475424][T17210]  </TASK>
[ 1131.677606][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1132.247062][T17223] FAULT_INJECTION: forcing a failure.
[ 1132.247062][T17223] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1132.276316][T17223] CPU: 0 UID: 0 PID: 17223 Comm: syz.3.2716 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1132.276343][T17223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1132.276354][T17223] Call Trace:
[ 1132.276361][T17223]  <TASK>
[ 1132.276368][T17223]  dump_stack_lvl+0x16c/0x1f0
[ 1132.276401][T17223]  should_fail_ex+0x512/0x640
[ 1132.276434][T17223]  _copy_from_iter+0x29f/0x16f0
[ 1132.276461][T17223]  ? __pfx__copy_from_iter+0x10/0x10
[ 1132.276484][T17223]  ? get_pid_task+0xfc/0x250
[ 1132.276510][T17223]  file_tty_write.constprop.0+0x488/0x9b0
[ 1132.276547][T17223]  vfs_write+0x6c4/0x1150
[ 1132.276578][T17223]  ? __pfx_tty_write+0x10/0x10
[ 1132.276607][T17223]  ? __pfx_vfs_write+0x10/0x10
[ 1132.276623][T17223]  ? find_held_lock+0x2b/0x80
[ 1132.276667][T17223]  ksys_write+0x12a/0x250
[ 1132.276686][T17223]  ? __pfx_ksys_write+0x10/0x10
[ 1132.276714][T17223]  do_syscall_64+0xcd/0x4c0
[ 1132.276744][T17223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1132.276764][T17223] RIP: 0033:0x7f0366d8eb69
[ 1132.276778][T17223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1132.276795][T17223] RSP: 002b:00007f0364bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1132.276814][T17223] RAX: ffffffffffffffda RBX: 00007f0366fb6160 RCX: 00007f0366d8eb69
[ 1132.276824][T17223] RDX: 0000000000001006 RSI: 0000200000001980 RDI: 0000000000000007
[ 1132.276833][T17223] RBP: 00007f0364bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1132.276841][T17223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1132.276849][T17223] R13: 0000000000000000 R14: 00007f0366fb6160 R15: 00007ffcb7dee538
[ 1132.276869][T17223]  </TASK>
[ 1133.127585][T17234] comedi comedi3: 8255: I/O port conflict (0x2,4)
[ 1133.134684][T17234] comedi comedi3: 8255: I/O port conflict (0x8000006,4)
[ 1133.141837][T17234] comedi comedi3: 8255: I/O port conflict (0x2,4)
[ 1133.148700][T17234] comedi comedi3: 8255: I/O port conflict (0x8,4)
[ 1133.155523][T17234] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1133.162360][T17234] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4)
[ 1133.169597][T17234] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[ 1133.176909][T17234] comedi comedi3: 8255: I/O port conflict (0x3000000,4)
[ 1133.184060][T17234] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1133.190577][T17234] comedi comedi3: 8255: I/O port conflict (0xffffffffffffffff,4)
[ 1133.198687][T17234] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1133.205517][T17234] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1133.212273][T17234] comedi comedi3: 8255: I/O port conflict (0x1,4)
[ 1133.218909][T17234] comedi comedi3: 8255: I/O port conflict (0x4,4)
[ 1133.900380][T17241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2721'.
[ 1134.841883][T17245] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2722'.
[ 1135.376767][   T30] audit: type=1400 audit(1754182997.123:523): avc:  denied  { create } for  pid=17246 comm="syz.0.2723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1136.814163][T17278] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2
[ 1137.914614][T17287] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2733'.
[ 1139.123561][   T30] audit: type=1400 audit(1754183000.493:524): avc:  denied  { setopt } for  pid=17288 comm="syz.3.2734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1139.149368][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1139.611668][T17293] comedi comedi4: bad chanlist[0]=0x00000008 chan=8 range length=2
[ 1139.739523][T17296] FAULT_INJECTION: forcing a failure.
[ 1139.739523][T17296] name failslab, interval 1, probability 0, space 0, times 0
[ 1139.822155][T17296] CPU: 0 UID: 0 PID: 17296 Comm: syz.4.2736 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1139.822187][T17296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1139.822198][T17296] Call Trace:
[ 1139.822204][T17296]  <TASK>
[ 1139.822212][T17296]  dump_stack_lvl+0x16c/0x1f0
[ 1139.822244][T17296]  should_fail_ex+0x512/0x640
[ 1139.822273][T17296]  ? fs_reclaim_acquire+0xae/0x150
[ 1139.822298][T17296]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1139.822328][T17296]  should_failslab+0xc2/0x120
[ 1139.822350][T17296]  __kmalloc_noprof+0xd2/0x510
[ 1139.822375][T17296]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1139.822404][T17296]  ? tomoyo_profile+0x47/0x60
[ 1139.822431][T17296]  tomoyo_path_number_perm+0x245/0x580
[ 1139.822449][T17296]  ? tomoyo_path_number_perm+0x237/0x580
[ 1139.822471][T17296]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1139.822492][T17296]  ? find_held_lock+0x2b/0x80
[ 1139.822539][T17296]  ? find_held_lock+0x2b/0x80
[ 1139.822559][T17296]  ? hook_file_ioctl_common+0x145/0x410
[ 1139.822591][T17296]  ? __fget_files+0x20e/0x3c0
[ 1139.822615][T17296]  security_file_ioctl+0x9b/0x240
[ 1139.822639][T17296]  __x64_sys_ioctl+0xb7/0x210
[ 1139.822668][T17296]  do_syscall_64+0xcd/0x4c0
[ 1139.822697][T17296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1139.822715][T17296] RIP: 0033:0x7f190278eb69
[ 1139.822730][T17296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1139.822748][T17296] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1139.822767][T17296] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1139.822778][T17296] RDX: 0000200000000000 RSI: 00000000c08c5336 RDI: 0000000000000003
[ 1139.822789][T17296] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1139.822799][T17296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1139.822809][T17296] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1139.822834][T17296]  </TASK>
[ 1139.829332][T17296] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1140.230290][T17309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2739'.
[ 1141.143693][   T10] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1141.356805][T17335] PKCS7: Unknown OID: [5] (bad)
[ 1141.361976][T17335] PKCS7: Only support pkcs7_signedData type
[ 1141.444711][   T10] usb 3-1: Using ep0 maxpacket: 16
[ 1141.487147][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1141.573887][   T10] usb 3-1: New USB device found, idVendor=0586, idProduct=1500, bcdDevice=2e.97
[ 1141.584933][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.609437][   T10] usb 3-1: Product: syz
[ 1141.625066][   T10] usb 3-1: Manufacturer: syz
[ 1141.635134][   T10] usb 3-1: SerialNumber: syz
[ 1141.660819][ T5847] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1141.691710][   T10] omninet 3-1:1.0: required endpoints missing
[ 1141.805098][ T5847] usb 5-1: device descriptor read/64, error -71
[ 1141.868895][   T10] usb 3-1: USB disconnect, device number 28
[ 1142.050773][ T5847] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1142.190805][ T5847] usb 5-1: device descriptor read/64, error -71
[ 1142.286166][T17341] FAULT_INJECTION: forcing a failure.
[ 1142.286166][T17341] name failslab, interval 1, probability 0, space 0, times 0
[ 1142.340670][T17341] CPU: 0 UID: 0 PID: 17341 Comm: syz.0.2749 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1142.340691][T17341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1142.340698][T17341] Call Trace:
[ 1142.340705][T17341]  <TASK>
[ 1142.340711][T17341]  dump_stack_lvl+0x16c/0x1f0
[ 1142.340733][T17341]  should_fail_ex+0x512/0x640
[ 1142.340752][T17341]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1142.340767][T17341]  should_failslab+0xc2/0x120
[ 1142.340780][T17341]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1142.340792][T17341]  ? __alloc_skb+0x2b2/0x380
[ 1142.340810][T17341]  __alloc_skb+0x2b2/0x380
[ 1142.340825][T17341]  ? __pfx___alloc_skb+0x10/0x10
[ 1142.340842][T17341]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1142.340862][T17341]  netlink_alloc_large_skb+0x69/0x130
[ 1142.340881][T17341]  netlink_sendmsg+0x6a1/0xdd0
[ 1142.340901][T17341]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1142.340923][T17341]  ____sys_sendmsg+0xa95/0xc70
[ 1142.340936][T17341]  ? copy_msghdr_from_user+0x10a/0x160
[ 1142.340952][T17341]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1142.340970][T17341]  ___sys_sendmsg+0x134/0x1d0
[ 1142.340988][T17341]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1142.341015][T17341]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1142.341038][T17341]  __sys_sendmsg+0x16d/0x220
[ 1142.341055][T17341]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1142.341079][T17341]  do_syscall_64+0xcd/0x4c0
[ 1142.341098][T17341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1142.341110][T17341] RIP: 0033:0x7fb0c6f8eb69
[ 1142.341119][T17341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1142.341131][T17341] RSP: 002b:00007fb0c7e04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1142.341143][T17341] RAX: ffffffffffffffda RBX: 00007fb0c71b5fa0 RCX: 00007fb0c6f8eb69
[ 1142.341150][T17341] RDX: 0000000000000010 RSI: 0000200000000940 RDI: 0000000000000003
[ 1142.341156][T17341] RBP: 00007fb0c7e04090 R08: 0000000000000000 R09: 0000000000000000
[ 1142.341163][T17341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1142.341169][T17341] R13: 0000000000000000 R14: 00007fb0c71b5fa0 R15: 00007fffe7d3d4d8
[ 1142.341183][T17341]  </TASK>
[ 1142.565456][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1142.573811][ T5847] usb usb5-port1: attempt power cycle
[ 1143.350625][ T5847] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1143.737976][ T5847] usb 5-1: device descriptor read/8, error -71
[ 1143.975183][T17366] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1144.002870][T17366] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1144.450765][ T5847] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1144.675907][ T5847] usb 5-1: device not accepting address 40, error -71
[ 1144.687143][ T5847] usb usb5-port1: unable to enumerate USB device
[ 1144.879178][T17376] SELinux:  policydb magic number 0x3eec5ae3 does not match expected magic number 0xf97cff8c
[ 1144.889953][T17376] SELinux: failed to load policy
[ 1144.906505][   T30] audit: type=1400 audit(1754183006.623:525): avc:  denied  { load_policy } for  pid=17374 comm="syz.2.2759" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[ 1145.360703][T15895] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1145.429801][T17386] overlay: Unknown parameter 'uid>00000000000000000000'
[ 1145.511238][   T10] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1145.521463][T15895] usb 1-1: Using ep0 maxpacket: 32
[ 1145.530008][T15895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1145.541301][T15895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1145.551918][T15895] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1145.569219][T15895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1145.589477][T15895] usb 1-1: config 0 descriptor??
[ 1145.637331][T17392] FAULT_INJECTION: forcing a failure.
[ 1145.637331][T17392] name failslab, interval 1, probability 0, space 0, times 0
[ 1145.650703][T17392] CPU: 0 UID: 0 PID: 17392 Comm: syz.3.2767 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1145.650730][T17392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1145.650744][T17392] Call Trace:
[ 1145.650749][T17392]  <TASK>
[ 1145.650756][T17392]  dump_stack_lvl+0x16c/0x1f0
[ 1145.650788][T17392]  should_fail_ex+0x512/0x640
[ 1145.650814][T17392]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[ 1145.650836][T17392]  should_failslab+0xc2/0x120
[ 1145.650856][T17392]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[ 1145.650875][T17392]  ? sock_alloc_inode+0x25/0x1c0
[ 1145.650896][T17392]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1145.650911][T17392]  sock_alloc_inode+0x25/0x1c0
[ 1145.650926][T17392]  alloc_inode+0x64/0x240
[ 1145.650951][T17392]  sock_alloc+0x40/0x280
[ 1145.650978][T17392]  __sock_create+0xc1/0x8d0
[ 1145.651000][T17392]  __sys_socket+0x14d/0x260
[ 1145.651019][T17392]  ? __pfx___sys_socket+0x10/0x10
[ 1145.651040][T17392]  ? do_user_addr_fault+0x843/0x1370
[ 1145.651063][T17392]  __x64_sys_socket+0x72/0xb0
[ 1145.651081][T17392]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1145.651105][T17392]  do_syscall_64+0xcd/0x4c0
[ 1145.651131][T17392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1145.651149][T17392] RIP: 0033:0x7f0366d90a87
[ 1145.651164][T17392] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1145.651181][T17392] RSP: 002b:00007f0367b4bfa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029
[ 1145.651198][T17392] RAX: ffffffffffffffda RBX: 00007f0366fb5fa0 RCX: 00007f0366d90a87
[ 1145.651210][T17392] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
[ 1145.651220][T17392] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
[ 1145.651229][T17392] R10: 0000200000000000 R11: 0000000000000286 R12: 0000000000000001
[ 1145.651240][T17392] R13: 0000000000000000 R14: 00007f0366fb5fa0 R15: 00007ffcb7dee538
[ 1145.651262][T17392]  </TASK>
[ 1145.651296][T17392] socket: no more sockets
[ 1145.820738][ T5847] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[ 1145.841752][   T10] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1145.865897][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1145.873993][   T10] usb 2-1: Product: syz
[ 1145.878177][   T10] usb 2-1: Manufacturer: syz
[ 1145.882893][   T10] usb 2-1: SerialNumber: syz
[ 1145.899897][   T10] usb 2-1: config 0 descriptor??
[ 1145.950449][T17394] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1145.992430][ T5847] usb 5-1: unable to get BOS descriptor set
[ 1146.006774][ T5847] usb 5-1: not running at top speed; connect to a high speed hub
[ 1146.007653][T15895] ft260 0003:0403:6030.0010: unknown main item tag 0x7
[ 1146.017313][ T5847] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1146.051732][T17394] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1146.062165][ T5847] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1146.075097][ T5847] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1146.088269][ T5847] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1146.101177][ T5847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.139063][T17382] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1146.140573][ T5847] usb 5-1: Product: syz
[ 1146.159851][ T5847] usb 5-1: Manufacturer: syz
[ 1146.165077][ T5847] usb 5-1: SerialNumber: syz
[ 1146.186410][T17401] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1146.206017][T15895] ft260 0003:0403:6030.0010: chip code: 0000 0000
[ 1146.238971][ T5898] usb 2-1: USB disconnect, device number 32
[ 1146.416751][T15895] ft260 0003:0403:6030.0010: failed to retrieve system status
[ 1146.452522][T15895] ft260 0003:0403:6030.0010: probe with driver ft260 failed with error -32
[ 1146.713203][T17415] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1147.137916][T17418] FAULT_INJECTION: forcing a failure.
[ 1147.137916][T17418] name failslab, interval 1, probability 0, space 0, times 0
[ 1147.155097][T17418] CPU: 0 UID: 0 PID: 17418 Comm: syz.1.2773 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1147.155129][T17418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1147.155141][T17418] Call Trace:
[ 1147.155147][T17418]  <TASK>
[ 1147.155153][T17418]  dump_stack_lvl+0x16c/0x1f0
[ 1147.155185][T17418]  should_fail_ex+0x512/0x640
[ 1147.155213][T17418]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1147.155244][T17418]  should_failslab+0xc2/0x120
[ 1147.155266][T17418]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1147.155286][T17418]  ? __alloc_skb+0x2b2/0x380
[ 1147.155316][T17418]  __alloc_skb+0x2b2/0x380
[ 1147.155343][T17418]  ? __pfx___alloc_skb+0x10/0x10
[ 1147.155371][T17418]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1147.155405][T17418]  netlink_alloc_large_skb+0x69/0x130
[ 1147.155432][T17418]  netlink_sendmsg+0x6a1/0xdd0
[ 1147.155463][T17418]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1147.155497][T17418]  ____sys_sendmsg+0xa95/0xc70
[ 1147.155517][T17418]  ? copy_msghdr_from_user+0x10a/0x160
[ 1147.155540][T17418]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1147.155569][T17418]  ___sys_sendmsg+0x134/0x1d0
[ 1147.155596][T17418]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1147.155640][T17418]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1147.155675][T17418]  __sys_sendmsg+0x16d/0x220
[ 1147.155699][T17418]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1147.155738][T17418]  do_syscall_64+0xcd/0x4c0
[ 1147.155765][T17418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1147.155782][T17418] RIP: 0033:0x7fae4bf8eb69
[ 1147.155797][T17418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1147.155814][T17418] RSP: 002b:00007fae4ce5b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1147.155831][T17418] RAX: ffffffffffffffda RBX: 00007fae4c1b5fa0 RCX: 00007fae4bf8eb69
[ 1147.155841][T17418] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004
[ 1147.155851][T17418] RBP: 00007fae4ce5b090 R08: 0000000000000000 R09: 0000000000000000
[ 1147.155861][T17418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1147.155871][T17418] R13: 0000000000000000 R14: 00007fae4c1b5fa0 R15: 00007ffc160986a8
[ 1147.155894][T17418]  </TASK>
[ 1147.782291][   T30] audit: type=1400 audit(1754183009.533:526): avc:  denied  { mounton } for  pid=17426 comm="syz.4.2777" path="/proc/2009/cgroup" dev="proc" ino=53275 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[ 1147.972389][T17430] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2775'.
[ 1148.369054][T15895] usb 1-1: USB disconnect, device number 30
[ 1148.737775][T17437] FAULT_INJECTION: forcing a failure.
[ 1148.737775][T17437] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1148.824253][T17437] CPU: 0 UID: 0 PID: 17437 Comm: syz.1.2781 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1148.824281][T17437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1148.824291][T17437] Call Trace:
[ 1148.824298][T17437]  <TASK>
[ 1148.824304][T17437]  dump_stack_lvl+0x16c/0x1f0
[ 1148.824333][T17437]  should_fail_ex+0x512/0x640
[ 1148.824359][T17437]  _copy_to_user+0x32/0xd0
[ 1148.824374][T17437]  simple_read_from_buffer+0xcb/0x170
[ 1148.824395][T17437]  proc_fail_nth_read+0x197/0x240
[ 1148.824408][T17437]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1148.824425][T17437]  ? rw_verify_area+0xcf/0x6c0
[ 1148.824450][T17437]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1148.824468][T17437]  vfs_read+0x1e4/0xc60
[ 1148.824487][T17437]  ? __pfx___mutex_lock+0x10/0x10
[ 1148.824509][T17437]  ? __pfx_vfs_read+0x10/0x10
[ 1148.824523][T17437]  ? __fget_files+0x20e/0x3c0
[ 1148.824539][T17437]  ksys_read+0x12a/0x250
[ 1148.824549][T17437]  ? __pfx_ksys_read+0x10/0x10
[ 1148.824564][T17437]  do_syscall_64+0xcd/0x4c0
[ 1148.824590][T17437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1148.824607][T17437] RIP: 0033:0x7fae4bf8d57c
[ 1148.824620][T17437] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1148.824635][T17437] RSP: 002b:00007fae4ce5b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1148.824650][T17437] RAX: ffffffffffffffda RBX: 00007fae4c1b5fa0 RCX: 00007fae4bf8d57c
[ 1148.824657][T17437] RDX: 000000000000000f RSI: 00007fae4ce5b0a0 RDI: 0000000000000006
[ 1148.824663][T17437] RBP: 00007fae4ce5b090 R08: 0000000000000000 R09: 0000000000000000
[ 1148.824670][T17437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1148.824676][T17437] R13: 0000000000000000 R14: 00007fae4c1b5fa0 R15: 00007ffc160986a8
[ 1148.824689][T17437]  </TASK>
[ 1150.500623][   T30] audit: type=1400 audit(1754183012.193:527): avc:  denied  { accept } for  pid=17432 comm="syz.0.2778" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1150.804667][   T30] audit: type=1400 audit(1754183012.403:528): avc:  denied  { execute } for  pid=17452 comm="syz.1.2785" path="/dev/audio1" dev="devtmpfs" ino=1297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[ 1151.179095][T17462] gretap0: entered promiscuous mode
[ 1151.280050][ T5847] usb 5-1: 0:2 : does not exist
[ 1151.901231][T11016] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1152.110883][T11016] usb 3-1: Using ep0 maxpacket: 32
[ 1152.134363][T11016] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1152.153950][T11016] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1152.171042][T11016] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1152.562713][T11016] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1152.579615][T11016] usb 3-1: config 0 descriptor??
[ 1152.940651][T15895] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[ 1152.994658][T11016] ft260 0003:0403:6030.0011: unknown main item tag 0x7
[ 1153.144416][T15895] usb 2-1: unable to get BOS descriptor set
[ 1153.952693][ T5847] usb 5-1: USB disconnect, device number 41
[ 1153.986609][T15895] usb 2-1: not running at top speed; connect to a high speed hub
[ 1153.999991][T11016] ft260 0003:0403:6030.0011: chip code: 0000 0000
[ 1154.006608][T15895] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1154.022557][T15895] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1154.035369][T15895] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1154.054977][T15895] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1154.088355][T15895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.127492][T15895] usb 2-1: Product: syz
[ 1154.133957][T15895] usb 2-1: Manufacturer: syz
[ 1154.136217][T17493] FAULT_INJECTION: forcing a failure.
[ 1154.136217][T17493] name failslab, interval 1, probability 0, space 0, times 0
[ 1154.138612][T15895] usb 2-1: SerialNumber: syz
[ 1154.185645][T17493] CPU: 1 UID: 0 PID: 17493 Comm: syz.4.2795 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1154.185672][T17493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1154.185682][T17493] Call Trace:
[ 1154.185687][T17493]  <TASK>
[ 1154.185694][T17493]  dump_stack_lvl+0x16c/0x1f0
[ 1154.185723][T17493]  should_fail_ex+0x512/0x640
[ 1154.185747][T17493]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1154.185768][T17493]  should_failslab+0xc2/0x120
[ 1154.185787][T17493]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1154.185805][T17493]  ? do_epoll_ctl+0x1170/0x3790
[ 1154.185829][T17493]  do_epoll_ctl+0x1170/0x3790
[ 1154.185850][T17493]  ? ksys_write+0x190/0x250
[ 1154.185875][T17493]  ? __pfx_do_epoll_ctl+0x10/0x10
[ 1154.185892][T17493]  ? find_held_lock+0x2b/0x80
[ 1154.185911][T17493]  ? __might_fault+0xe3/0x190
[ 1154.185926][T17493]  ? __might_fault+0xe3/0x190
[ 1154.185950][T17493]  ? __x64_sys_epoll_ctl+0x15c/0x1e0
[ 1154.185966][T17493]  __x64_sys_epoll_ctl+0x15c/0x1e0
[ 1154.185986][T17493]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[ 1154.186012][T17493]  do_syscall_64+0xcd/0x4c0
[ 1154.186038][T17493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.186055][T17493] RIP: 0033:0x7f190278eb69
[ 1154.186069][T17493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1154.186085][T17493] RSP: 002b:00007f1903614038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[ 1154.186102][T17493] RAX: ffffffffffffffda RBX: 00007f19029b6080 RCX: 00007f190278eb69
[ 1154.186114][T17493] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000005
[ 1154.186124][T17493] RBP: 00007f1903614090 R08: 0000000000000000 R09: 0000000000000000
[ 1154.186133][T17493] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1154.186142][T17493] R13: 0000000000000000 R14: 00007f19029b6080 R15: 00007ffec0ec6ce8
[ 1154.186166][T17493]  </TASK>
[ 1154.187342][T11016] ft260 0003:0403:6030.0011: failed to retrieve system status
[ 1154.466145][T11016] ft260 0003:0403:6030.0011: probe with driver ft260 failed with error -32
[ 1156.736830][T11016] usb 3-1: USB disconnect, device number 29
[ 1156.745170][T15895] usb 2-1: 0:2 : does not exist
[ 1156.803589][T15895] usb 2-1: USB disconnect, device number 33
[ 1156.837047][T17517] overlayfs: workdir and upperdir must be separate subtrees
[ 1157.300918][ T5912] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[ 1157.582342][ T5912] usb 4-1: config index 0 descriptor too short (expected 69, got 36)
[ 1157.590733][ T5912] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1157.613055][ T5912] usb 4-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[ 1158.056685][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.064766][ T5912] usb 4-1: Product: syz
[ 1158.068957][ T5912] usb 4-1: Manufacturer: syz
[ 1158.073619][ T5912] usb 4-1: SerialNumber: syz
[ 1158.091360][ T5912] usb 4-1: config 0 descriptor??
[ 1158.102670][ T5912] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[ 1158.372996][T17541] FAULT_INJECTION: forcing a failure.
[ 1158.372996][T17541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1158.414879][T17541] CPU: 1 UID: 0 PID: 17541 Comm: syz.0.2809 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1158.414909][T17541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1158.414921][T17541] Call Trace:
[ 1158.414931][T17541]  <TASK>
[ 1158.414938][T17541]  dump_stack_lvl+0x16c/0x1f0
[ 1158.414968][T17541]  should_fail_ex+0x512/0x640
[ 1158.414990][T17541]  _copy_from_user+0x2e/0xd0
[ 1158.415004][T17541]  memdup_user+0x6b/0xe0
[ 1158.415019][T17541]  strndup_user+0x78/0xe0
[ 1158.415032][T17541]  __x64_sys_mount+0x137/0x310
[ 1158.415049][T17541]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1158.415064][T17541]  ? getname_flags.part.0+0x1c5/0x550
[ 1158.415085][T17541]  do_syscall_64+0xcd/0x4c0
[ 1158.415104][T17541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1158.415119][T17541] RIP: 0033:0x7fb0c6f8eb69
[ 1158.415129][T17541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1158.415141][T17541] RSP: 002b:00007fb0c7e04038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1158.415153][T17541] RAX: ffffffffffffffda RBX: 00007fb0c71b5fa0 RCX: 00007fb0c6f8eb69
[ 1158.415161][T17541] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[ 1158.415167][T17541] RBP: 00007fb0c7e04090 R08: 0000200000000400 R09: 0000000000000000
[ 1158.415174][T17541] R10: 0000000001000000 R11: 0000000000000246 R12: 0000000000000001
[ 1158.415181][T17541] R13: 0000000000000000 R14: 00007fb0c71b5fa0 R15: 00007fffe7d3d4d8
[ 1158.415196][T17541]  </TASK>
[ 1158.609507][   T30] audit: type=1400 audit(1754183020.343:529): avc:  denied  { unmount } for  pid=5850 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1158.970707][T15895] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1158.986045][T17526] netlink: 180 bytes leftover after parsing attributes in process `syz.3.2804'.
[ 1159.002340][T17526] netlink: 180 bytes leftover after parsing attributes in process `syz.3.2804'.
[ 1159.017850][T17526] netlink: 180 bytes leftover after parsing attributes in process `syz.3.2804'.
[ 1159.067045][ T5912] input: gspca_pac7302 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input59
[ 1159.076220][ T2151] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1159.160864][T15895] usb 5-1: Using ep0 maxpacket: 32
[ 1159.182176][T15895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1159.220622][T15895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1159.264636][T15895] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1159.284164][ T2151] usb 1-1: Using ep0 maxpacket: 32
[ 1159.298369][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1159.344587][T16105] usb 4-1: USB disconnect, device number 31
[ 1159.350589][T15895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.363781][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1159.377568][T15895] usb 5-1: config 0 descriptor??
[ 1159.413255][ T2151] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1159.460970][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.501189][ T2151] usb 1-1: config 0 descriptor??
[ 1159.829951][T15895] usbhid 5-1:0.0: can't add hid device: -32
[ 1159.838875][T15895] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[ 1159.866696][T15895] usb 5-1: USB disconnect, device number 42
[ 1159.950981][T16105] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[ 1159.971885][ T2151] ft260 0003:0403:6030.0012: unknown main item tag 0x7
[ 1160.166531][ T2151] ft260 0003:0403:6030.0012: chip code: 6424 8183
[ 1160.243521][T16105] usb 3-1: unable to get BOS descriptor set
[ 1160.256736][T16105] usb 3-1: not running at top speed; connect to a high speed hub
[ 1160.268063][T16105] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1160.277473][T16105] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1160.288404][T16105] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1160.338297][T16105] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1160.358906][T16105] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.369809][ T2151] ft260 0003:0403:6030.0012: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0
[ 1160.391284][T16105] usb 3-1: Product: syz
[ 1160.395652][T16105] usb 3-1: Manufacturer: syz
[ 1160.401080][T16105] usb 3-1: SerialNumber: syz
[ 1161.112442][ T2151] ft260 0003:0403:6030.0012: failed to retrieve status: -71
[ 1161.264284][ T2151] ft260 0003:0403:6030.0012: failed to reset I2C controller: -71
[ 1161.302941][ T2151] usb 1-1: USB disconnect, device number 31
[ 1162.963160][T16105] usb 3-1: 0:2 : does not exist
[ 1163.035900][T16105] usb 3-1: USB disconnect, device number 30
[ 1163.677901][T17597] netlink: 'syz.1.2827': attribute type 4 has an invalid length.
[ 1163.726091][T17597] netlink: 'syz.1.2827': attribute type 4 has an invalid length.
[ 1163.828091][   T30] audit: type=1400 audit(1754183025.573:530): avc:  denied  { getopt } for  pid=17601 comm="syz.4.2829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1164.966240][T17623] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2832'.
[ 1166.140702][    T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1166.528625][    T9] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[ 1166.539829][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.548162][    T9] usb 2-1: Product: syz
[ 1166.554767][    T9] usb 2-1: Manufacturer: syz
[ 1166.560809][    T9] usb 2-1: SerialNumber: syz
[ 1166.829910][    T9] usb 2-1: config 0 descriptor??
[ 1167.487395][   T30] audit: type=1400 audit(1754183029.233:531): avc:  denied  { relabelfrom } for  pid=17647 comm="syz.2.2846" name="NETROM" dev="sockfs" ino=52718 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1167.487623][T17649] SELinux:  Context system_u:object_r:crontab_exec_t:s0 is not valid (left unmapped).
[ 1167.521795][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1167.570110][   T30] audit: type=1400 audit(1754183029.313:532): avc:  denied  { relabelto } for  pid=17647 comm="syz.2.2846" name="NETROM" dev="sockfs" ino=52718 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netrom_socket permissive=1 trawcon="system_u:object_r:crontab_exec_t:s0"
[ 1167.714357][T17629] overlayfs: failed to resolve './file0': -2
[ 1167.969833][    T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1167.984517][    T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[ 1168.050210][    T9] asix 2-1:0.0: probe with driver asix failed with error -71
[ 1168.089468][    T9] usb 2-1: USB disconnect, device number 34
[ 1169.251327][   T30] audit: type=1400 audit(1754183030.993:533): avc:  denied  { setopt } for  pid=17675 comm="syz.2.2853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1169.385175][   T30] audit: type=1400 audit(1754183031.023:534): avc:  denied  { write } for  pid=17675 comm="syz.2.2853" path="socket:[52770]" dev="sockfs" ino=52770 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1169.618216][T17680] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2853'.
[ 1169.627949][    T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1169.813239][    T9] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1169.839643][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1169.864240][    T9] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1169.875328][    T9] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1170.010718][    T9] usb 4-1: Product: syz
[ 1170.035277][    T9] usb 4-1: Manufacturer: syz
[ 1170.045388][    T9] usb 4-1: SerialNumber: syz
[ 1170.094982][    T9] usb 4-1: config 0 descriptor??
[ 1170.117152][    T9] usb 4-1: selecting invalid altsetting 0
[ 1170.340184][ T2151] usb 4-1: USB disconnect, device number 32
[ 1170.849424][T17697] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2858'.
[ 1171.989140][T17708] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1173.397704][   T30] audit: type=1400 audit(1754183035.143:535): avc:  denied  { ioctl } for  pid=17717 comm="syz.2.2863" path="socket:[54024]" dev="sockfs" ino=54024 ioctlcmd=0xf50b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1173.423116][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1174.465539][T17733] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2867'.
[ 1174.941608][T17747] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[ 1175.160908][ T5912] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[ 1175.428592][ T5912] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1175.454304][ T5912] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1175.472885][ T5912] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1175.510753][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1175.519461][ T5912] usb 1-1: Product: syz
[ 1175.529746][ T5912] usb 1-1: Manufacturer: syz
[ 1175.541121][ T5912] usb 1-1: SerialNumber: syz
[ 1175.662668][ T5912] usb 1-1: config 0 descriptor??
[ 1175.675729][ T5912] usb 1-1: selecting invalid altsetting 0
[ 1175.991512][ T5912] usb 1-1: USB disconnect, device number 32
[ 1176.843130][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.870636][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.122443][   T30] audit: type=1400 audit(1754183038.873:536): avc:  denied  { accept } for  pid=17760 comm="syz.1.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[ 1177.896936][T17773] FAULT_INJECTION: forcing a failure.
[ 1177.896936][T17773] name failslab, interval 1, probability 0, space 0, times 0
[ 1177.939147][T17773] CPU: 1 UID: 0 PID: 17773 Comm: syz.0.2877 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1177.939175][T17773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1177.939186][T17773] Call Trace:
[ 1177.939192][T17773]  <TASK>
[ 1177.939200][T17773]  dump_stack_lvl+0x16c/0x1f0
[ 1177.939232][T17773]  should_fail_ex+0x512/0x640
[ 1177.939258][T17773]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1177.939280][T17773]  should_failslab+0xc2/0x120
[ 1177.939299][T17773]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1177.939317][T17773]  ? __alloc_skb+0x2b2/0x380
[ 1177.939346][T17773]  __alloc_skb+0x2b2/0x380
[ 1177.939367][T17773]  ? __pfx___alloc_skb+0x10/0x10
[ 1177.939392][T17773]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1177.939428][T17773]  netlink_alloc_large_skb+0x69/0x130
[ 1177.939456][T17773]  netlink_sendmsg+0x6a1/0xdd0
[ 1177.939487][T17773]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1177.939524][T17773]  ____sys_sendmsg+0xa95/0xc70
[ 1177.939544][T17773]  ? copy_msghdr_from_user+0x10a/0x160
[ 1177.939568][T17773]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1177.939600][T17773]  ___sys_sendmsg+0x134/0x1d0
[ 1177.939626][T17773]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1177.939677][T17773]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1177.939711][T17773]  __sys_sendmsg+0x16d/0x220
[ 1177.939737][T17773]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1177.939780][T17773]  do_syscall_64+0xcd/0x4c0
[ 1177.939807][T17773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.939825][T17773] RIP: 0033:0x7fb0c6f8eb69
[ 1177.939839][T17773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1177.939855][T17773] RSP: 002b:00007fb0c7e04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1177.939874][T17773] RAX: ffffffffffffffda RBX: 00007fb0c71b5fa0 RCX: 00007fb0c6f8eb69
[ 1177.939886][T17773] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1177.939897][T17773] RBP: 00007fb0c7e04090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.939907][T17773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1177.939917][T17773] R13: 0000000000000000 R14: 00007fb0c71b5fa0 R15: 00007fffe7d3d4d8
[ 1177.939941][T17773]  </TASK>
[ 1178.155081][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1178.574461][   T30] audit: type=1400 audit(1754183040.323:537): avc:  denied  { ioctl } for  pid=17777 comm="syz.0.2880" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[ 1182.109187][T17822] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2892'.
[ 1182.613310][T17821] ALSA: seq fatal error: cannot create timer (-22)
[ 1182.929842][   T30] audit: type=1400 audit(1754183044.673:538): avc:  denied  { connect } for  pid=17824 comm="syz.0.2894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1183.306568][   T30] audit: type=1400 audit(1754183045.043:539): avc:  denied  { listen } for  pid=17830 comm="syz.3.2897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1183.339858][T17838] FAULT_INJECTION: forcing a failure.
[ 1183.339858][T17838] name failslab, interval 1, probability 0, space 0, times 0
[ 1183.361480][T13700] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1183.372473][T13700] CPU: 1 UID: 0 PID: 13700 Comm: kworker/u9:0 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1183.372505][T13700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1183.372521][T13700] Workqueue: hci2 hci_rx_work
[ 1183.372553][T13700] Call Trace:
[ 1183.372561][T13700]  <TASK>
[ 1183.372570][T13700]  dump_stack_lvl+0x16c/0x1f0
[ 1183.372599][T13700]  sysfs_warn_dup+0x7f/0xa0
[ 1183.372626][T13700]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1183.372651][T13700]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1183.372675][T13700]  ? find_held_lock+0x2b/0x80
[ 1183.372703][T13700]  ? do_raw_spin_unlock+0x172/0x230
[ 1183.372728][T13700]  kobject_add_internal+0x2c4/0x9b0
[ 1183.372752][T13700]  kobject_add+0x16e/0x240
[ 1183.372770][T13700]  ? __pfx_kobject_add+0x10/0x10
[ 1183.372790][T13700]  ? do_raw_spin_unlock+0x172/0x230
[ 1183.372813][T13700]  ? kobject_put+0xab/0x5a0
[ 1183.372851][T13700]  device_add+0x288/0x1aa0
[ 1183.372872][T13700]  ? __pfx_dev_set_name+0x10/0x10
[ 1183.372894][T13700]  ? __pfx_device_add+0x10/0x10
[ 1183.372915][T13700]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1183.372945][T13700]  hci_conn_add_sysfs+0x17e/0x230
[ 1183.372973][T13700]  le_conn_complete_evt+0x1075/0x1d70
[ 1183.372995][T13700]  ? preempt_count_sub+0x80/0x160
[ 1183.373023][T13700]  ? find_held_lock+0x2b/0x80
[ 1183.373043][T13700]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1183.373065][T13700]  ? hci_event_packet+0x459/0x11c0
[ 1183.373091][T13700]  ? __mutex_unlock_slowpath+0x163/0x800
[ 1183.373123][T13700]  hci_le_conn_complete_evt+0x23c/0x370
[ 1183.373152][T13700]  hci_le_meta_evt+0x357/0x5e0
[ 1183.373184][T13700]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1183.373211][T13700]  hci_event_packet+0x682/0x11c0
[ 1183.373233][T13700]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1183.373260][T13700]  ? __pfx_hci_event_packet+0x10/0x10
[ 1183.373287][T13700]  ? kcov_remote_start+0x3c9/0x6d0
[ 1183.373310][T13700]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1183.373345][T13700]  hci_rx_work+0x2c5/0x16b0
[ 1183.373374][T13700]  ? rcu_is_watching+0x12/0xc0
[ 1183.373403][T13700]  process_one_work+0x9cc/0x1b70
[ 1183.373436][T13700]  ? __pfx_process_one_work+0x10/0x10
[ 1183.373464][T13700]  ? assign_work+0x1a0/0x250
[ 1183.373486][T13700]  worker_thread+0x6c8/0xf10
[ 1183.373511][T13700]  ? __kthread_parkme+0x19e/0x250
[ 1183.373537][T13700]  ? __pfx_worker_thread+0x10/0x10
[ 1183.373558][T13700]  kthread+0x3c5/0x780
[ 1183.373577][T13700]  ? __pfx_kthread+0x10/0x10
[ 1183.373596][T13700]  ? rcu_is_watching+0x12/0xc0
[ 1183.373618][T13700]  ? __pfx_kthread+0x10/0x10
[ 1183.373638][T13700]  ret_from_fork+0x5d7/0x6f0
[ 1183.373655][T13700]  ? __pfx_kthread+0x10/0x10
[ 1183.373674][T13700]  ret_from_fork_asm+0x1a/0x30
[ 1183.373710][T13700]  </TASK>
[ 1183.373739][T13700] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1183.391991][T17838] CPU: 0 UID: 0 PID: 17838 Comm: syz.2.2900 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1183.392027][T17838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1183.392042][T17838] Call Trace:
[ 1183.392059][T17838]  <TASK>
[ 1183.392068][T17838]  dump_stack_lvl+0x16c/0x1f0
[ 1183.392108][T17838]  should_fail_ex+0x512/0x640
[ 1183.392143][T17838]  ? __kmalloc_noprof+0xbf/0x510
[ 1183.392168][T17838]  ? bpf_test_init.isra.0+0x9e/0x140
[ 1183.392197][T17838]  should_failslab+0xc2/0x120
[ 1183.392224][T17838]  __kmalloc_noprof+0xd2/0x510
[ 1183.392254][T17838]  bpf_test_init.isra.0+0x9e/0x140
[ 1183.392286][T17838]  bpf_prog_test_run_skb+0x245/0x2280
[ 1183.392320][T17838]  ? __fget_files+0x204/0x3c0
[ 1183.392351][T17838]  ? __fget_files+0x20e/0x3c0
[ 1183.392374][T17838]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1183.392410][T17838]  ? fput+0x9b/0xd0
[ 1183.392443][T17838]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1183.392477][T17838]  __sys_bpf+0x1050/0x4de0
[ 1183.392512][T17838]  ? __pfx___sys_bpf+0x10/0x10
[ 1183.392541][T17838]  ? ksys_write+0x190/0x250
[ 1183.392570][T17838]  ? __mutex_unlock_slowpath+0x163/0x800
[ 1183.392628][T17838]  ? fput+0x9b/0xd0
[ 1183.392657][T17838]  ? ksys_write+0x1ac/0x250
[ 1183.392679][T17838]  ? __pfx_ksys_write+0x10/0x10
[ 1183.392707][T17838]  __x64_sys_bpf+0x78/0xc0
[ 1183.392735][T17838]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1183.392757][T17838]  do_syscall_64+0xcd/0x4c0
[ 1183.392781][T17838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1183.392798][T17838] RIP: 0033:0x7f11ab18eb69
[ 1183.392811][T17838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1183.392826][T17838] RSP: 002b:00007f11aaff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1183.392842][T17838] RAX: ffffffffffffffda RBX: 00007f11ab3b5fa0 RCX: 00007f11ab18eb69
[ 1183.392852][T17838] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[ 1183.392862][T17838] RBP: 00007f11aaff7090 R08: 0000000000000000 R09: 0000000000000000
[ 1183.392872][T17838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1183.392881][T17838] R13: 0000000000000000 R14: 00007f11ab3b5fa0 R15: 00007ffec4a46148
[ 1183.392903][T17838]  </TASK>
[ 1183.409631][   T30] audit: type=1400 audit(1754183045.083:540): avc:  denied  { write } for  pid=17831 comm="syz.1.2898" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1183.412193][T13700] Bluetooth: hci2: failed to register connection device
[ 1183.464962][   T30] audit: type=1804 audit(1754183045.103:541): pid=17840 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.2897" name="/newroot/586/file0" dev="tmpfs" ino=3264 res=1 errno=0
[ 1183.945937][   T30] audit: type=1804 audit(1754183045.113:542): pid=17840 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.2897" name="/newroot/586/file0" dev="tmpfs" ino=3264 res=1 errno=0
[ 1183.950750][T17839] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1184.240609][T16105] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1184.352967][T17863] FAULT_INJECTION: forcing a failure.
[ 1184.352967][T17863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1184.400750][T17863] CPU: 0 UID: 0 PID: 17863 Comm: syz.4.2905 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1184.400778][T17863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1184.400789][T17863] Call Trace:
[ 1184.400795][T17863]  <TASK>
[ 1184.400802][T17863]  dump_stack_lvl+0x16c/0x1f0
[ 1184.400832][T17863]  should_fail_ex+0x512/0x640
[ 1184.400863][T17863]  _copy_to_user+0x32/0xd0
[ 1184.400882][T17863]  simple_read_from_buffer+0xcb/0x170
[ 1184.400919][T17863]  proc_fail_nth_read+0x197/0x240
[ 1184.400940][T17863]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1184.400962][T17863]  ? rw_verify_area+0xcf/0x6c0
[ 1184.400989][T17863]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1184.401009][T17863]  vfs_read+0x1e4/0xc60
[ 1184.401030][T17863]  ? __pfx___mutex_lock+0x10/0x10
[ 1184.401054][T17863]  ? __pfx_vfs_read+0x10/0x10
[ 1184.401071][T17863]  ? __fget_files+0x20e/0x3c0
[ 1184.401088][T17863]  ksys_read+0x12a/0x250
[ 1184.401104][T17863]  ? __pfx_ksys_read+0x10/0x10
[ 1184.401128][T17863]  do_syscall_64+0xcd/0x4c0
[ 1184.401154][T17863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.401173][T17863] RIP: 0033:0x7f190278d57c
[ 1184.401189][T17863] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1184.401206][T17863] RSP: 002b:00007f1903614030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1184.401224][T17863] RAX: ffffffffffffffda RBX: 00007f19029b6080 RCX: 00007f190278d57c
[ 1184.401237][T17863] RDX: 000000000000000f RSI: 00007f19036140a0 RDI: 0000000000000004
[ 1184.401248][T17863] RBP: 00007f1903614090 R08: 0000000000000000 R09: 0000000000000000
[ 1184.401259][T17863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1184.401269][T17863] R13: 0000000000000000 R14: 00007f19029b6080 R15: 00007ffec0ec6ce8
[ 1184.401294][T17863]  </TASK>
[ 1184.402240][T16105] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1184.844049][ T6098] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1184.861150][ T6098] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1184.889394][ T6098] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1184.943152][ T6098] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1184.944392][T16105] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1185.027135][T16105] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1185.049520][T16105] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1185.070205][T16105] usb 2-1: Product: syz
[ 1185.070948][T17867] sctp: [Deprecated]: syz.4.2907 (pid 17867) Use of int in maxseg socket option.
[ 1185.070948][T17867] Use struct sctp_assoc_value instead
[ 1185.189263][T16105] usb 2-1: Manufacturer: syz
[ 1185.196290][T17859] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2904'.
[ 1185.209587][T16105] usb 2-1: SerialNumber: syz
[ 1185.241023][T16105] usb 2-1: config 0 descriptor??
[ 1185.247533][T17859] x_tables: ip_tables: udp match: only valid for protocol 17
[ 1185.286699][T16105] usb 2-1: selecting invalid altsetting 0
[ 1185.742750][T15895] usb 2-1: USB disconnect, device number 35
[ 1186.943392][T17889] FAULT_INJECTION: forcing a failure.
[ 1186.943392][T17889] name failslab, interval 1, probability 0, space 0, times 0
[ 1187.035339][T17889] CPU: 0 UID: 0 PID: 17889 Comm: syz.0.2913 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1187.035368][T17889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1187.035380][T17889] Call Trace:
[ 1187.035386][T17889]  <TASK>
[ 1187.035394][T17889]  dump_stack_lvl+0x16c/0x1f0
[ 1187.035425][T17889]  should_fail_ex+0x512/0x640
[ 1187.035451][T17889]  ? fs_reclaim_acquire+0xae/0x150
[ 1187.035476][T17889]  ? tomoyo_encode2+0x100/0x3e0
[ 1187.035497][T17889]  should_failslab+0xc2/0x120
[ 1187.035518][T17889]  __kmalloc_noprof+0xd2/0x510
[ 1187.035536][T17889]  ? d_absolute_path+0x136/0x1a0
[ 1187.035565][T17889]  tomoyo_encode2+0x100/0x3e0
[ 1187.035590][T17889]  tomoyo_encode+0x29/0x50
[ 1187.035611][T17889]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1187.035641][T17889]  tomoyo_path_number_perm+0x245/0x580
[ 1187.035659][T17889]  ? tomoyo_path_number_perm+0x237/0x580
[ 1187.035681][T17889]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1187.035702][T17889]  ? find_held_lock+0x2b/0x80
[ 1187.035748][T17889]  ? find_held_lock+0x2b/0x80
[ 1187.035768][T17889]  ? hook_file_ioctl_common+0x145/0x410
[ 1187.035799][T17889]  ? __fget_files+0x20e/0x3c0
[ 1187.035823][T17889]  security_file_ioctl+0x9b/0x240
[ 1187.035846][T17889]  __x64_sys_ioctl+0xb7/0x210
[ 1187.035877][T17889]  do_syscall_64+0xcd/0x4c0
[ 1187.035903][T17889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.035921][T17889] RIP: 0033:0x7fb0c6f8eb69
[ 1187.035936][T17889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1187.035953][T17889] RSP: 002b:00007fb0c7e04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1187.035973][T17889] RAX: ffffffffffffffda RBX: 00007fb0c71b5fa0 RCX: 00007fb0c6f8eb69
[ 1187.035985][T17889] RDX: 0000200000000280 RSI: 00000000802c550a RDI: 0000000000000003
[ 1187.035997][T17889] RBP: 00007fb0c7e04090 R08: 0000000000000000 R09: 0000000000000000
[ 1187.036008][T17889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1187.036019][T17889] R13: 0000000000000000 R14: 00007fb0c71b5fa0 R15: 00007fffe7d3d4d8
[ 1187.036044][T17889]  </TASK>
[ 1187.036864][T17889] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1187.352541][T17899] FAULT_INJECTION: forcing a failure.
[ 1187.352541][T17899] name failslab, interval 1, probability 0, space 0, times 0
[ 1187.400939][T17889] usb usb8: usbfs: process 17889 (syz.0.2913) did not claim interface 0 before use
[ 1187.404380][T17899] CPU: 0 UID: 0 PID: 17899 Comm: syz.2.2917 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1187.404405][T17899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1187.404415][T17899] Call Trace:
[ 1187.404421][T17899]  <TASK>
[ 1187.404428][T17899]  dump_stack_lvl+0x16c/0x1f0
[ 1187.404456][T17899]  should_fail_ex+0x512/0x640
[ 1187.404480][T17899]  ? fs_reclaim_acquire+0xae/0x150
[ 1187.404503][T17899]  ? tomoyo_encode2+0x100/0x3e0
[ 1187.404522][T17899]  should_failslab+0xc2/0x120
[ 1187.404541][T17899]  __kmalloc_noprof+0xd2/0x510
[ 1187.404557][T17899]  ? d_absolute_path+0x136/0x1a0
[ 1187.404583][T17899]  tomoyo_encode2+0x100/0x3e0
[ 1187.404604][T17899]  tomoyo_encode+0x29/0x50
[ 1187.404623][T17899]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1187.404649][T17899]  tomoyo_path_number_perm+0x245/0x580
[ 1187.404665][T17899]  ? tomoyo_path_number_perm+0x237/0x580
[ 1187.404683][T17899]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1187.404702][T17899]  ? find_held_lock+0x2b/0x80
[ 1187.404741][T17899]  ? find_held_lock+0x2b/0x80
[ 1187.404759][T17899]  ? hook_file_ioctl_common+0x145/0x410
[ 1187.404786][T17899]  ? __fget_files+0x20e/0x3c0
[ 1187.404807][T17899]  security_file_ioctl+0x9b/0x240
[ 1187.404827][T17899]  __x64_sys_ioctl+0xb7/0x210
[ 1187.404852][T17899]  do_syscall_64+0xcd/0x4c0
[ 1187.404876][T17899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.404897][T17899] RIP: 0033:0x7f11ab18eb69
[ 1187.404910][T17899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1187.404925][T17899] RSP: 002b:00007f11aaff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1187.404941][T17899] RAX: ffffffffffffffda RBX: 00007f11ab3b5fa0 RCX: 00007f11ab18eb69
[ 1187.404951][T17899] RDX: 0000200000000200 RSI: 00000000000007a5 RDI: 0000000000000003
[ 1187.404961][T17899] RBP: 00007f11aaff7090 R08: 0000000000000000 R09: 0000000000000000
[ 1187.404970][T17899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1187.404980][T17899] R13: 0000000000000000 R14: 00007f11ab3b5fa0 R15: 00007ffec4a46148
[ 1187.405002][T17899]  </TASK>
[ 1187.405018][T17899] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1187.789341][T17910] FAULT_INJECTION: forcing a failure.
[ 1187.789341][T17910] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1187.826426][T17910] CPU: 1 UID: 0 PID: 17910 Comm: syz.0.2920 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1187.826454][T17910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1187.826465][T17910] Call Trace:
[ 1187.826471][T17910]  <TASK>
[ 1187.826480][T17910]  dump_stack_lvl+0x16c/0x1f0
[ 1187.826511][T17910]  should_fail_ex+0x512/0x640
[ 1187.826543][T17910]  _copy_from_user+0x2e/0xd0
[ 1187.826564][T17910]  kstrtouint_from_user+0xd6/0x1d0
[ 1187.826591][T17910]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1187.826614][T17910]  ? __lock_acquire+0xb97/0x1ce0
[ 1187.826654][T17910]  proc_fail_nth_write+0x83/0x220
[ 1187.826676][T17910]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1187.826704][T17910]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1187.826723][T17910]  vfs_write+0x29d/0x1150
[ 1187.826745][T17910]  ? __pfx___mutex_lock+0x10/0x10
[ 1187.826772][T17910]  ? __pfx_vfs_write+0x10/0x10
[ 1187.826797][T17910]  ? __fget_files+0x20e/0x3c0
[ 1187.826827][T17910]  ksys_write+0x12a/0x250
[ 1187.826845][T17910]  ? __pfx_ksys_write+0x10/0x10
[ 1187.826871][T17910]  do_syscall_64+0xcd/0x4c0
[ 1187.826898][T17910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1187.826916][T17910] RIP: 0033:0x7fb0c6f8d61f
[ 1187.826932][T17910] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1187.826949][T17910] RSP: 002b:00007fb0c7de3030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1187.826966][T17910] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb0c6f8d61f
[ 1187.826978][T17910] RDX: 0000000000000001 RSI: 00007fb0c7de30a0 RDI: 0000000000000003
[ 1187.826989][T17910] RBP: 00007fb0c7de3090 R08: 0000000000000000 R09: 0000000000000000
[ 1187.827000][T17910] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1187.827011][T17910] R13: 0000000000000001 R14: 00007fb0c71b6080 R15: 00007fffe7d3d4d8
[ 1187.827037][T17910]  </TASK>
[ 1189.108103][T17926] FAULT_INJECTION: forcing a failure.
[ 1189.108103][T17926] name failslab, interval 1, probability 0, space 0, times 0
[ 1189.126924][T17926] CPU: 0 UID: 0 PID: 17926 Comm: syz.0.2927 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1189.126952][T17926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1189.126962][T17926] Call Trace:
[ 1189.126969][T17926]  <TASK>
[ 1189.126975][T17926]  dump_stack_lvl+0x16c/0x1f0
[ 1189.127006][T17926]  should_fail_ex+0x512/0x640
[ 1189.127032][T17926]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1189.127052][T17926]  should_failslab+0xc2/0x120
[ 1189.127070][T17926]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1189.127087][T17926]  ? __alloc_skb+0x2b2/0x380
[ 1189.127114][T17926]  __alloc_skb+0x2b2/0x380
[ 1189.127135][T17926]  ? __pfx___alloc_skb+0x10/0x10
[ 1189.127159][T17926]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1189.127188][T17926]  netlink_alloc_large_skb+0x69/0x130
[ 1189.127216][T17926]  netlink_sendmsg+0x6a1/0xdd0
[ 1189.127246][T17926]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1189.127281][T17926]  ____sys_sendmsg+0xa95/0xc70
[ 1189.127300][T17926]  ? copy_msghdr_from_user+0x10a/0x160
[ 1189.127322][T17926]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1189.127351][T17926]  ___sys_sendmsg+0x134/0x1d0
[ 1189.127375][T17926]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1189.127419][T17926]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1189.127448][T17928] FAULT_INJECTION: forcing a failure.
[ 1189.127448][T17928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1189.127451][T17926]  __sys_sendmsg+0x16d/0x220
[ 1189.127477][T17926]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1189.127511][T17926]  do_syscall_64+0xcd/0x4c0
[ 1189.127535][T17926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.127552][T17926] RIP: 0033:0x7fb0c6f8eb69
[ 1189.127566][T17926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1189.127581][T17926] RSP: 002b:00007fb0c7e04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1189.127597][T17926] RAX: ffffffffffffffda RBX: 00007fb0c71b5fa0 RCX: 00007fb0c6f8eb69
[ 1189.127609][T17926] RDX: 000000000000c044 RSI: 00002000000005c0 RDI: 0000000000000003
[ 1189.127618][T17926] RBP: 00007fb0c7e04090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.127628][T17926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1189.127637][T17926] R13: 0000000000000000 R14: 00007fb0c71b5fa0 R15: 00007fffe7d3d4d8
[ 1189.127657][T17926]  </TASK>
[ 1189.382843][T17928] CPU: 0 UID: 0 PID: 17928 Comm: syz.3.2925 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1189.382875][T17928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1189.382886][T17928] Call Trace:
[ 1189.382893][T17928]  <TASK>
[ 1189.382901][T17928]  dump_stack_lvl+0x16c/0x1f0
[ 1189.382944][T17928]  should_fail_ex+0x512/0x640
[ 1189.382977][T17928]  _copy_to_user+0x32/0xd0
[ 1189.382999][T17928]  simple_read_from_buffer+0xcb/0x170
[ 1189.383033][T17928]  proc_fail_nth_read+0x197/0x240
[ 1189.383056][T17928]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1189.383078][T17928]  ? rw_verify_area+0xcf/0x6c0
[ 1189.383104][T17928]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1189.383125][T17928]  vfs_read+0x1e4/0xc60
[ 1189.383146][T17928]  ? __pfx___mutex_lock+0x10/0x10
[ 1189.383174][T17928]  ? __pfx_vfs_read+0x10/0x10
[ 1189.383197][T17928]  ? __fget_files+0x20e/0x3c0
[ 1189.383225][T17928]  ksys_read+0x12a/0x250
[ 1189.383242][T17928]  ? __pfx_ksys_read+0x10/0x10
[ 1189.383267][T17928]  do_syscall_64+0xcd/0x4c0
[ 1189.383295][T17928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1189.383314][T17928] RIP: 0033:0x7f0366d8d57c
[ 1189.383331][T17928] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1189.383349][T17928] RSP: 002b:00007f0367b2c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1189.383368][T17928] RAX: ffffffffffffffda RBX: 00007f0366fb6080 RCX: 00007f0366d8d57c
[ 1189.383381][T17928] RDX: 000000000000000f RSI: 00007f0367b2c0a0 RDI: 0000000000000005
[ 1189.383392][T17928] RBP: 00007f0367b2c090 R08: 0000000000000000 R09: 0000000000000000
[ 1189.383403][T17928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1189.383414][T17928] R13: 0000000000000000 R14: 00007f0366fb6080 R15: 00007ffcb7dee538
[ 1189.383440][T17928]  </TASK>
[ 1189.553035][T17932] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1189.560691][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1191.220921][T15895] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1191.412474][T15895] usb 5-1: Using ep0 maxpacket: 8
[ 1192.202991][T17968] PKCS7: Unknown OID: [5] (bad)
[ 1192.220860][T17968] PKCS7: Only support pkcs7_signedData type
[ 1192.227350][T15895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1192.247127][T15895] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1192.288861][T15895] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[ 1192.341660][T15895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.355743][T15895] usb 5-1: config 0 descriptor??
[ 1192.739496][   T30] audit: type=1400 audit(1754183054.323:543): avc:  denied  { bind } for  pid=17973 comm="syz.0.2937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1192.921149][   T30] audit: type=1400 audit(1754183054.623:544): avc:  denied  { append } for  pid=17973 comm="syz.0.2937" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[ 1192.935655][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1192.973931][   T30] audit: type=1400 audit(1754183054.713:545): avc:  denied  { write } for  pid=17973 comm="syz.0.2937" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[ 1192.997561][T16105] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[ 1193.053350][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.099087][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.170842][T16105] usb 2-1: Using ep0 maxpacket: 32
[ 1193.189096][T16105] usb 2-1: config 0 has no interfaces?
[ 1193.231819][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.256568][T16105] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1193.286554][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.295871][T16105] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1193.305304][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.317529][T16105] usb 2-1: Product: syz
[ 1193.340705][T16105] usb 2-1: Manufacturer: syz
[ 1193.355060][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.364196][T17988] FAULT_INJECTION: forcing a failure.
[ 1193.364196][T17988] name failslab, interval 1, probability 0, space 0, times 0
[ 1193.381498][T16105] usb 2-1: SerialNumber: syz
[ 1193.401623][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.416269][T16105] usb 2-1: config 0 descriptor??
[ 1193.438640][T17988] CPU: 0 UID: 0 PID: 17988 Comm: syz.2.2941 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1193.438673][T17988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1193.438685][T17988] Call Trace:
[ 1193.438693][T17988]  <TASK>
[ 1193.438702][T17988]  dump_stack_lvl+0x16c/0x1f0
[ 1193.438739][T17988]  should_fail_ex+0x512/0x640
[ 1193.438770][T17988]  ? __kmalloc_noprof+0xbf/0x510
[ 1193.438793][T17988]  ? bpf_test_init.isra.0+0x9e/0x140
[ 1193.438819][T17988]  should_failslab+0xc2/0x120
[ 1193.438843][T17988]  __kmalloc_noprof+0xd2/0x510
[ 1193.438870][T17988]  ? __lock_acquire+0x62e/0x1ce0
[ 1193.438906][T17988]  bpf_test_init.isra.0+0x9e/0x140
[ 1193.438935][T17988]  bpf_prog_test_run_xdp+0x4f0/0x1590
[ 1193.438976][T17988]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1193.439007][T17988]  ? __might_fault+0xe0/0x190
[ 1193.439032][T17988]  ? fput+0x9b/0xd0
[ 1193.439058][T17988]  ? __bpf_prog_get+0x97/0x2a0
[ 1193.439081][T17988]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1193.439109][T17988]  __sys_bpf+0x1050/0x4de0
[ 1193.439140][T17988]  ? __pfx___sys_bpf+0x10/0x10
[ 1193.439168][T17988]  ? ksys_write+0x190/0x250
[ 1193.439198][T17988]  ? __mutex_unlock_slowpath+0x163/0x800
[ 1193.439254][T17988]  ? fput+0x9b/0xd0
[ 1193.439285][T17988]  ? ksys_write+0x1ac/0x250
[ 1193.439308][T17988]  ? __pfx_ksys_write+0x10/0x10
[ 1193.439339][T17988]  __x64_sys_bpf+0x78/0xc0
[ 1193.439369][T17988]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1193.439407][T17988]  do_syscall_64+0xcd/0x4c0
[ 1193.439445][T17988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1193.439470][T17988] RIP: 0033:0x7f11ab18eb69
[ 1193.439491][T17988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1193.439515][T17988] RSP: 002b:00007f11aaff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1193.439541][T17988] RAX: ffffffffffffffda RBX: 00007f11ab3b5fa0 RCX: 00007f11ab18eb69
[ 1193.439558][T17988] RDX: 0000000000000050 RSI: 0000200000000380 RDI: 000000000000000a
[ 1193.439572][T17988] RBP: 00007f11aaff7090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.439587][T17988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1193.439602][T17988] R13: 0000000000000000 R14: 00007f11ab3b5fa0 R15: 00007ffec4a46148
[ 1193.439635][T17988]  </TASK>
[ 1193.439750][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.981428][T15895] hid-rmi 0003:06CB:81A7.0013: unknown main item tag 0x0
[ 1193.995532][T15895] hid-rmi 0003:06CB:81A7.0013: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.4-1/input0
[ 1194.586984][T15895] usb 5-1: USB disconnect, device number 43
[ 1194.829244][T17999] fido_id[17999]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[ 1194.865890][T18011] FAULT_INJECTION: forcing a failure.
[ 1194.865890][T18011] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1194.913618][T18011] CPU: 0 UID: 0 PID: 18011 Comm: syz.2.2946 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1194.913650][T18011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1194.913662][T18011] Call Trace:
[ 1194.913669][T18011]  <TASK>
[ 1194.913678][T18011]  dump_stack_lvl+0x16c/0x1f0
[ 1194.913716][T18011]  should_fail_ex+0x512/0x640
[ 1194.913751][T18011]  _copy_to_user+0x32/0xd0
[ 1194.913776][T18011]  simple_read_from_buffer+0xcb/0x170
[ 1194.913813][T18011]  proc_fail_nth_read+0x197/0x240
[ 1194.913844][T18011]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1194.913870][T18011]  ? rw_verify_area+0xcf/0x6c0
[ 1194.913899][T18011]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1194.913921][T18011]  vfs_read+0x1e4/0xc60
[ 1194.913945][T18011]  ? __pfx___mutex_lock+0x10/0x10
[ 1194.913975][T18011]  ? __pfx_vfs_read+0x10/0x10
[ 1194.914002][T18011]  ? __fget_files+0x20e/0x3c0
[ 1194.914033][T18011]  ksys_read+0x12a/0x250
[ 1194.914052][T18011]  ? __pfx_ksys_read+0x10/0x10
[ 1194.914080][T18011]  do_syscall_64+0xcd/0x4c0
[ 1194.914111][T18011]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1194.914132][T18011] RIP: 0033:0x7f11ab18d57c
[ 1194.914149][T18011] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1194.914170][T18011] RSP: 002b:00007f11aaff7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1194.914191][T18011] RAX: ffffffffffffffda RBX: 00007f11ab3b5fa0 RCX: 00007f11ab18d57c
[ 1194.914205][T18011] RDX: 000000000000000f RSI: 00007f11aaff70a0 RDI: 0000000000000003
[ 1194.914218][T18011] RBP: 00007f11aaff7090 R08: 0000000000000000 R09: 0000000000000000
[ 1194.914231][T18011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1194.914243][T18011] R13: 0000000000000000 R14: 00007f11ab3b5fa0 R15: 00007ffec4a46148
[ 1194.914271][T18011]  </TASK>
[ 1195.101245][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.139220][T16105] usb 2-1: USB disconnect, device number 36
[ 1195.264599][T13700] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1195.284723][T13700] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1195.295954][T13700] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1195.305391][T13700] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1195.319937][T13700] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1195.344532][   T30] audit: type=1400 audit(1754183057.093:546): avc:  denied  { mounton } for  pid=18013 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 1195.458844][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1195.471191][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1195.680833][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1195.760760][   T30] audit: type=1400 audit(1754183057.493:547): avc:  denied  { create } for  pid=18020 comm="syz.4.2949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1195.775329][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1196.142187][   T30] audit: type=1400 audit(1754183057.843:548): avc:  denied  { write } for  pid=18020 comm="syz.4.2949" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1196.186806][T18013] lo speed is unknown, defaulting to 1000
[ 1196.451136][   T30] audit: type=1400 audit(1754183058.193:549): avc:  denied  { listen } for  pid=18036 comm="syz.1.2954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1196.534075][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1196.551916][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1197.402089][ T5167] Bluetooth: hci1: command tx timeout
[ 1198.134049][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1198.245472][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1198.460626][T18057] ucma_write: process 2109 (syz.1.2958) changed security contexts after opening file descriptor, this is not allowed.
[ 1198.759861][T18055] PKCS7: Unknown OID: [5] (bad)
[ 1198.781203][T18055] PKCS7: Only support pkcs7_signedData type
[ 1198.816426][T15895] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1199.016638][T15895] usb 4-1: Using ep0 maxpacket: 8
[ 1199.031910][T15895] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1199.050886][T16105] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1199.072888][T15895] usb 4-1: config 4 interface 0 has no altsetting 0
[ 1199.104872][T15895] usb 4-1: string descriptor 0 read error: -22
[ 1199.127516][T15895] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1199.164649][T18013] chnl_net:caif_netlink_parms(): no params data found
[ 1199.180572][T15895] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1199.231095][T16105] usb 3-1: Using ep0 maxpacket: 32
[ 1199.275846][T15895] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1199.330404][T15895] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1199.352099][T16105] usb 3-1: config 0 has no interfaces?
[ 1199.352139][   T13] bridge_slave_1: left allmulticast mode
[ 1199.390955][T15895] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1199.410677][   T13] bridge_slave_1: left promiscuous mode
[ 1199.416341][T15895] usb 4-1: media controller created
[ 1199.430228][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1199.460979][T16105] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1199.468214][T15895] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1199.489168][ T5167] Bluetooth: hci1: command tx timeout
[ 1199.492573][T16105] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1199.498354][T18048] FAULT_INJECTION: forcing a failure.
[ 1199.498354][T18048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1199.521342][T18048] CPU: 0 UID: 0 PID: 18048 Comm: syz.3.2956 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1199.521374][T18048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1199.521385][T18048] Call Trace:
[ 1199.521393][T18048]  <TASK>
[ 1199.521402][T18048]  dump_stack_lvl+0x16c/0x1f0
[ 1199.521439][T18048]  should_fail_ex+0x512/0x640
[ 1199.521475][T18048]  _copy_from_user+0x2e/0xd0
[ 1199.521498][T18048]  kstrtouint_from_user+0xd6/0x1d0
[ 1199.521526][T18048]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1199.521553][T18048]  ? __lock_acquire+0xb97/0x1ce0
[ 1199.521599][T18048]  proc_fail_nth_write+0x83/0x220
[ 1199.521624][T18048]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1199.521657][T18048]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1199.521680][T18048]  vfs_write+0x29d/0x1150
[ 1199.521708][T18048]  ? __pfx___mutex_lock+0x10/0x10
[ 1199.521740][T18048]  ? __pfx_vfs_write+0x10/0x10
[ 1199.521769][T18048]  ? __fget_files+0x20e/0x3c0
[ 1199.521804][T18048]  ksys_write+0x12a/0x250
[ 1199.521824][T18048]  ? __pfx_ksys_write+0x10/0x10
[ 1199.521861][T18048]  do_syscall_64+0xcd/0x4c0
[ 1199.521894][T18048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1199.521915][T18048] RIP: 0033:0x7f0366d8d61f
[ 1199.521933][T18048] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1199.521953][T18048] RSP: 002b:00007f0367b4d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1199.521975][T18048] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0366d8d61f
[ 1199.521988][T18048] RDX: 0000000000000001 RSI: 00007f0367b4d0a0 RDI: 0000000000000004
[ 1199.522000][T18048] RBP: 00007f0367b4d090 R08: 0000000000000000 R09: 0000000000000000
[ 1199.522013][T18048] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1199.522025][T18048] R13: 0000000000000000 R14: 00007f0366fb5fa0 R15: 00007ffcb7dee538
[ 1199.522053][T18048]  </TASK>
[ 1199.727227][T16105] usb 3-1: Product: syz
[ 1199.741967][T16105] usb 3-1: Manufacturer: syz
[ 1199.749936][T16105] usb 3-1: SerialNumber: syz
[ 1199.755906][   T13] bridge_slave_0: left allmulticast mode
[ 1199.763981][T16105] usb 3-1: config 0 descriptor??
[ 1199.764663][T15895] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1199.793924][   T13] bridge_slave_0: left promiscuous mode
[ 1199.831683][T15895] usb 4-1: USB disconnect, device number 33
[ 1199.843927][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1200.000837][ T5847] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1200.170917][ T5847] usb 2-1: Using ep0 maxpacket: 32
[ 1200.177751][ T5847] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1200.222298][ T5847] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1200.260407][ T5847] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1200.391191][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.434195][ T5847] usb 2-1: config 0 descriptor??
[ 1200.733597][   T30] audit: type=1400 audit(1754183062.323:550): avc:  denied  { mounton } for  pid=18083 comm="syz.3.2964" path="/603/file0" dev="rpc_pipefs" ino=55621 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1
[ 1200.912512][ T5847] usbhid 2-1:0.0: can't add hid device: -71
[ 1200.919131][ T5847] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1200.956226][ T5847] usb 2-1: USB disconnect, device number 37
[ 1201.164764][T15895] usb 3-1: USB disconnect, device number 31
[ 1201.351450][T18096] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1201.529896][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1201.546098][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1201.560827][ T5167] Bluetooth: hci1: command tx timeout
[ 1201.566668][   T13] bond0 (unregistering): Released all slaves
[ 1202.293696][   T30] audit: type=1400 audit(1754183064.013:551): avc:  denied  { listen } for  pid=18132 comm="syz.4.2970" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1202.316105][T18133] FAULT_INJECTION: forcing a failure.
[ 1202.316105][T18133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1202.338625][T18133] CPU: 0 UID: 0 PID: 18133 Comm: syz.4.2970 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1202.338653][T18133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1202.338663][T18133] Call Trace:
[ 1202.338669][T18133]  <TASK>
[ 1202.338676][T18133]  dump_stack_lvl+0x16c/0x1f0
[ 1202.338707][T18133]  should_fail_ex+0x512/0x640
[ 1202.338735][T18133]  _copy_from_user+0x2e/0xd0
[ 1202.338753][T18133]  core_sys_select+0x35b/0xc10
[ 1202.338778][T18133]  ? __pfx_core_sys_select+0x10/0x10
[ 1202.338815][T18133]  ? set_user_sigmask+0x21b/0x2b0
[ 1202.338834][T18133]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1202.338858][T18133]  do_pselect.constprop.0+0x19f/0x1e0
[ 1202.338876][T18133]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1202.338901][T18133]  __x64_sys_pselect6+0x182/0x240
[ 1202.338919][T18133]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1202.338944][T18133]  do_syscall_64+0xcd/0x4c0
[ 1202.338970][T18133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.338986][T18133] RIP: 0033:0x7f190278eb69
[ 1202.338999][T18133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1202.339015][T18133] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1202.339032][T18133] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1202.339052][T18133] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1202.339062][T18133] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1202.339072][T18133] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1202.339095][T18133] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1202.339117][T18133]  </TASK>
[ 1202.618223][T18141] FAULT_INJECTION: forcing a failure.
[ 1202.618223][T18141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1202.619679][T18141] 
[ 1202.619688][T18141] ======================================================
[ 1202.619695][T18141] WARNING: possible circular locking dependency detected
[ 1202.619702][T18141] 6.16.0-syzkaller-11129-geacf91b0c78a #0 Not tainted
[ 1202.619713][T18141] ------------------------------------------------------
[ 1202.619719][T18141] syz.4.2974/18141 is trying to acquire lock:
[ 1202.619728][T18141] ffffffff8e4ce740 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[ 1202.619774][T18141] 
[ 1202.619774][T18141] but task is already holding lock:
[ 1202.619779][T18141] ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1202.619816][T18141] 
[ 1202.619816][T18141] which lock already depends on the new lock.
[ 1202.619816][T18141] 
[ 1202.619822][T18141] 
[ 1202.619822][T18141] the existing dependency chain (in reverse order) is:
[ 1202.619828][T18141] 
[ 1202.619828][T18141] -> #4 (&rq->__lock){-.-.}-{2:2}:
[ 1202.619848][T18141]        _raw_spin_lock_nested+0x31/0x40
[ 1202.619871][T18141]        raw_spin_rq_lock_nested+0x29/0x130
[ 1202.619891][T18141]        task_rq_lock+0xcf/0x490
[ 1202.619910][T18141]        cgroup_move_task+0x81/0x2a0
[ 1202.619932][T18141]        css_set_move_task+0x288/0x5f0
[ 1202.619947][T18141]        cgroup_post_fork+0x201/0x9e0
[ 1202.619967][T18141]        copy_process+0x5cfa/0x7690
[ 1202.619988][T18141]        kernel_clone+0xfc/0x930
[ 1202.620008][T18141]        user_mode_thread+0xc7/0x110
[ 1202.620034][T18141]        rest_init+0x23/0x2b0
[ 1202.620050][T18141]        start_kernel+0x3ee/0x4d0
[ 1202.620065][T18141]        x86_64_start_reservations+0x18/0x30
[ 1202.620081][T18141]        x86_64_start_kernel+0x130/0x190
[ 1202.620095][T18141]        common_startup_64+0x13e/0x148
[ 1202.620112][T18141] 
[ 1202.620112][T18141] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[ 1202.620132][T18141]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1202.620153][T18141]        try_to_wake_up+0xb7/0x1870
[ 1202.620170][T18141]        __wake_up_common+0x132/0x1f0
[ 1202.620195][T18141]        __wake_up+0x31/0x60
[ 1202.620215][T18141]        tty_port_default_wakeup+0x2a/0x40
[ 1202.620231][T18141]        serial8250_tx_chars+0x68e/0x860
[ 1202.620247][T18141]        serial8250_handle_irq+0x761/0xcb0
[ 1202.620264][T18141]        serial8250_default_handle_irq+0x9a/0x250
[ 1202.620282][T18141]        serial8250_interrupt+0xf5/0x1b0
[ 1202.620300][T18141]        __handle_irq_event_percpu+0x22c/0x7d0
[ 1202.620319][T18141]        handle_irq_event+0xab/0x1e0
[ 1202.620338][T18141]        handle_edge_irq+0x3ca/0x9e0
[ 1202.620355][T18141]        __common_interrupt+0xdf/0x250
[ 1202.620377][T18141]        common_interrupt+0xba/0xe0
[ 1202.620394][T18141]        asm_common_interrupt+0x26/0x40
[ 1202.620411][T18141]        __sanitizer_cov_trace_const_cmp4+0xa/0x20
[ 1202.620429][T18141]        mas_wr_store_type+0x153/0x21d0
[ 1202.620451][T18141]        mas_store+0x62f/0x1160
[ 1202.620466][T18141]        dup_mmap+0xafd/0x21d0
[ 1202.620492][T18141]        copy_process+0x4081/0x7690
[ 1202.620510][T18141]        kernel_clone+0xfc/0x930
[ 1202.620530][T18141]        __do_sys_clone+0xce/0x120
[ 1202.620551][T18141]        do_syscall_64+0xcd/0x4c0
[ 1202.620574][T18141]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.620590][T18141] 
[ 1202.620590][T18141] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[ 1202.620611][T18141]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1202.620631][T18141]        __wake_up+0x1c/0x60
[ 1202.620650][T18141]        tty_port_default_wakeup+0x2a/0x40
[ 1202.620664][T18141]        serial8250_tx_chars+0x68e/0x860
[ 1202.620680][T18141]        serial8250_handle_irq+0x761/0xcb0
[ 1202.620696][T18141]        serial8250_default_handle_irq+0x9a/0x250
[ 1202.620714][T18141]        serial8250_interrupt+0xf5/0x1b0
[ 1202.620731][T18141]        __handle_irq_event_percpu+0x22c/0x7d0
[ 1202.620750][T18141]        handle_irq_event+0xab/0x1e0
[ 1202.620768][T18141]        handle_edge_irq+0x3ca/0x9e0
[ 1202.620784][T18141]        __common_interrupt+0xdf/0x250
[ 1202.620805][T18141]        common_interrupt+0xba/0xe0
[ 1202.620821][T18141]        asm_common_interrupt+0x26/0x40
[ 1202.620836][T18141]        _raw_spin_unlock_irqrestore+0x31/0x80
[ 1202.620857][T18141]        uart_write+0x2a4/0xb30
[ 1202.620880][T18141]        n_tty_write+0x41f/0x11e0
[ 1202.620897][T18141]        file_tty_write.constprop.0+0x501/0x9b0
[ 1202.620921][T18141]        redirected_tty_write+0xd4/0x150
[ 1202.620944][T18141]        vfs_write+0x6c4/0x1150
[ 1202.620959][T18141]        ksys_write+0x12a/0x250
[ 1202.620972][T18141]        do_syscall_64+0xcd/0x4c0
[ 1202.620994][T18141]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.621007][T18141] 
[ 1202.621007][T18141] -> #1 (&port_lock_key){-.-.}-{3:3}:
[ 1202.621029][T18141]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1202.621055][T18141]        serial8250_console_write+0x181/0x1890
[ 1202.621073][T18141]        console_flush_all+0x801/0xc60
[ 1202.621090][T18141]        console_unlock+0xd8/0x210
[ 1202.621107][T18141]        vprintk_emit+0x418/0x6d0
[ 1202.621125][T18141]        _printk+0xc7/0x100
[ 1202.621138][T18141]        register_console+0xc2d/0x11b0
[ 1202.621157][T18141]        univ8250_console_init+0x5f/0x90
[ 1202.621173][T18141]        console_init+0x14f/0x680
[ 1202.621189][T18141]        start_kernel+0x29f/0x4d0
[ 1202.621203][T18141]        x86_64_start_reservations+0x18/0x30
[ 1202.621219][T18141]        x86_64_start_kernel+0x130/0x190
[ 1202.621234][T18141]        common_startup_64+0x13e/0x148
[ 1202.621261][T18141] 
[ 1202.621261][T18141] -> #0 (console_owner){-.-.}-{0:0}:
[ 1202.621282][T18141]        __lock_acquire+0x12a6/0x1ce0
[ 1202.621306][T18141]        lock_acquire+0x179/0x350
[ 1202.621329][T18141]        console_lock_spinning_enable+0xb0/0xd0
[ 1202.621347][T18141]        console_flush_all+0x7aa/0xc60
[ 1202.621365][T18141]        console_unlock+0xd8/0x210
[ 1202.621382][T18141]        vprintk_emit+0x418/0x6d0
[ 1202.621400][T18141]        _printk+0xc7/0x100
[ 1202.621412][T18141]        should_fail_ex+0x4e7/0x640
[ 1202.621436][T18141]        strncpy_from_user+0x3b/0x2e0
[ 1202.621458][T18141]        strncpy_from_user_nofault+0x7f/0x180
[ 1202.621477][T18141]        bpf_bprintf_prepare+0xe90/0x13f0
[ 1202.621500][T18141]        bpf_trace_printk+0xda/0x190
[ 1202.621515][T18141]        bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[ 1202.621528][T18141]        bpf_trace_run2+0x236/0x590
[ 1202.621543][T18141]        __bpf_trace_contention_begin+0xc9/0x110
[ 1202.621568][T18141]        trace_contention_begin.constprop.0+0xde/0x160
[ 1202.621585][T18141]        __pv_queued_spin_lock_slowpath+0x109/0xcf0
[ 1202.621609][T18141]        do_raw_spin_lock+0x20e/0x2b0
[ 1202.621624][T18141]        raw_spin_rq_lock_nested+0x7e/0x130
[ 1202.621644][T18141]        __schedule+0x307/0x5de0
[ 1202.621663][T18141]        preempt_schedule_irq+0x51/0x90
[ 1202.621684][T18141]        irqentry_exit+0x36/0x90
[ 1202.621705][T18141]        asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1202.621722][T18141]        copy_iovec_from_user+0x10f/0x170
[ 1202.621738][T18141]        __import_iovec+0x44e/0x650
[ 1202.621754][T18141]        import_iovec+0x109/0x140
[ 1202.621771][T18141]        copy_msghdr_from_user+0xf9/0x160
[ 1202.621793][T18141]        ___sys_sendmsg+0xfe/0x1d0
[ 1202.621814][T18141]        __sys_sendmsg+0x16d/0x220
[ 1202.621834][T18141]        do_syscall_64+0xcd/0x4c0
[ 1202.621857][T18141]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.621872][T18141] 
[ 1202.621872][T18141] other info that might help us debug this:
[ 1202.621872][T18141] 
[ 1202.621877][T18141] Chain exists of:
[ 1202.621877][T18141]   console_owner --> &p->pi_lock --> &rq->__lock
[ 1202.621877][T18141] 
[ 1202.621901][T18141]  Possible unsafe locking scenario:
[ 1202.621901][T18141] 
[ 1202.621906][T18141]        CPU0                    CPU1
[ 1202.621911][T18141]        ----                    ----
[ 1202.621915][T18141]   lock(&rq->__lock);
[ 1202.621925][T18141]                                lock(&p->pi_lock);
[ 1202.621937][T18141]                                lock(&rq->__lock);
[ 1202.621948][T18141]   lock(console_owner);
[ 1202.621958][T18141] 
[ 1202.621958][T18141]  *** DEADLOCK ***
[ 1202.621958][T18141] 
[ 1202.621962][T18141] 4 locks held by syz.4.2974/18141:
[ 1202.621972][T18141]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1202.622013][T18141]  #1: ffffffff8e5c1120 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1bc/0x590
[ 1202.622056][T18141]  #2: ffffffff8e5aeb80 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[ 1202.622091][T18141]  #3: ffffffff8e5aebf0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[ 1202.622133][T18141] 
[ 1202.622133][T18141] stack backtrace:
[ 1202.622142][T18141] CPU: 0 UID: 0 PID: 18141 Comm: syz.4.2974 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1202.622164][T18141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1202.622175][T18141] Call Trace:
[ 1202.622181][T18141]  <TASK>
[ 1202.622187][T18141]  dump_stack_lvl+0x116/0x1f0
[ 1202.622213][T18141]  print_circular_bug+0x275/0x350
[ 1202.622237][T18141]  check_noncircular+0x14c/0x170
[ 1202.622264][T18141]  __lock_acquire+0x12a6/0x1ce0
[ 1202.622295][T18141]  lock_acquire+0x179/0x350
[ 1202.622320][T18141]  ? console_lock_spinning_enable+0x9f/0xd0
[ 1202.622340][T18141]  ? console_lock_spinning_enable+0x88/0xd0
[ 1202.622362][T18141]  console_lock_spinning_enable+0xb0/0xd0
[ 1202.622382][T18141]  ? console_lock_spinning_enable+0x9f/0xd0
[ 1202.622400][T18141]  console_flush_all+0x7aa/0xc60
[ 1202.622422][T18141]  ? __pfx_console_flush_all+0x10/0x10
[ 1202.622445][T18141]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1202.622467][T18141]  console_unlock+0xd8/0x210
[ 1202.622485][T18141]  ? __pfx_console_unlock+0x10/0x10
[ 1202.622504][T18141]  ? do_raw_spin_unlock+0xa0/0x230
[ 1202.622524][T18141]  ? _printk+0xc7/0x100
[ 1202.622538][T18141]  ? __down_trylock_console_sem+0xb0/0x140
[ 1202.622556][T18141]  vprintk_emit+0x418/0x6d0
[ 1202.622576][T18141]  ? __pfx_vprintk_emit+0x10/0x10
[ 1202.622600][T18141]  _printk+0xc7/0x100
[ 1202.622614][T18141]  ? __pfx__printk+0x10/0x10
[ 1202.622631][T18141]  ? __pfx____ratelimit+0x10/0x10
[ 1202.622656][T18141]  should_fail_ex+0x4e7/0x640
[ 1202.622683][T18141]  strncpy_from_user+0x3b/0x2e0
[ 1202.622707][T18141]  strncpy_from_user_nofault+0x7f/0x180
[ 1202.622734][T18141]  bpf_bprintf_prepare+0xe90/0x13f0
[ 1202.622767][T18141]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[ 1202.622796][T18141]  ? bpf_trace_run2+0x3e1/0x590
[ 1202.622812][T18141]  bpf_trace_printk+0xda/0x190
[ 1202.622833][T18141]  ? __pfx_bpf_trace_printk+0x10/0x10
[ 1202.622849][T18141]  ? bpf_ksym_find+0x127/0x1c0
[ 1202.622871][T18141]  ? bpf_trace_run2+0x3e1/0x590
[ 1202.622892][T18141]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[ 1202.622906][T18141]  bpf_trace_run2+0x236/0x590
[ 1202.622923][T18141]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1202.622941][T18141]  ? __pfx_stack_trace_save+0x10/0x10
[ 1202.622964][T18141]  ? stack_depot_save_flags+0x28/0xa40
[ 1202.622996][T18141]  __bpf_trace_contention_begin+0xc9/0x110
[ 1202.623023][T18141]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[ 1202.623054][T18141]  ? find_held_lock+0x2b/0x80
[ 1202.623081][T18141]  ? rb_read_data_buffer.constprop.0+0x18c/0x430
[ 1202.623112][T18141]  trace_contention_begin.constprop.0+0xde/0x160
[ 1202.623137][T18141]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[ 1202.623163][T18141]  ? __lock_acquire+0xb97/0x1ce0
[ 1202.623188][T18141]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[ 1202.623217][T18141]  do_raw_spin_lock+0x20e/0x2b0
[ 1202.623235][T18141]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1202.623253][T18141]  ? rcu_qs+0x2b/0xe0
[ 1202.623272][T18141]  ? rcu_note_context_switch+0x192/0x1e00
[ 1202.623296][T18141]  raw_spin_rq_lock_nested+0x7e/0x130
[ 1202.623316][T18141]  ? preempt_schedule_irq+0x51/0x90
[ 1202.623338][T18141]  __schedule+0x307/0x5de0
[ 1202.623359][T18141]  ? rb_commit+0x11f/0x9f0
[ 1202.623384][T18141]  ? ring_buffer_unlock_commit+0x2e8/0x620
[ 1202.623401][T18141]  ? __pfx___schedule+0x10/0x10
[ 1202.623422][T18141]  ? trace_buffer_unlock_commit_regs+0xd7/0x550
[ 1202.623447][T18141]  ? trace_event_buffer_commit+0x204/0xa50
[ 1202.623472][T18141]  preempt_schedule_irq+0x51/0x90
[ 1202.623495][T18141]  irqentry_exit+0x36/0x90
[ 1202.623517][T18141]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1202.623535][T18141] RIP: 0010:copy_iovec_from_user+0x10f/0x170
[ 1202.623554][T18141] Code: 48 8b 04 24 49 8d 7c 24 08 49 89 04 24 48 89 f8 48 c1 e8 03 42 80 3c 38 00 75 5b 4d 89 74 24 08 49 83 ed 01 31 ff 48 83 c5 10 <4c> 89 ee 49 83 c4 10 e8 65 4e db fc 4d 85 ed 0f 85 59 ff ff ff e8
[ 1202.623571][T18141] RSP: 0018:ffffc9001a2ffa30 EFLAGS: 00040206
[ 1202.623586][T18141] RAX: 1ffff9200345ff8d RBX: 0000000000000000 RCX: ffffffff84e03539
[ 1202.623598][T18141] RDX: ffff88804f3ec880 RSI: ffffffff84e03547 RDI: 0000000000000000
[ 1202.623610][T18141] RBP: 0000200000000150 R08: 0000000000000007 R09: 0000000000000000
[ 1202.623620][T18141] R10: 000000000000003c R11: 0000000000000000 R12: ffffc9001a2ffc60
[ 1202.623631][T18141] R13: 0000000000000000 R14: 000000000000003c R15: dffffc0000000000
[ 1202.623643][T18141]  ? copy_iovec_from_user+0xc9/0x170
[ 1202.623661][T18141]  ? copy_iovec_from_user+0xd7/0x170
[ 1202.623683][T18141]  __import_iovec+0x44e/0x650
[ 1202.623702][T18141]  ? __might_fault+0xe3/0x190
[ 1202.623719][T18141]  ? __might_fault+0x13b/0x190
[ 1202.623738][T18141]  import_iovec+0x109/0x140
[ 1202.623758][T18141]  copy_msghdr_from_user+0xf9/0x160
[ 1202.623782][T18141]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1202.623813][T18141]  ___sys_sendmsg+0xfe/0x1d0
[ 1202.623838][T18141]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1202.623873][T18141]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1202.623902][T18141]  __sys_sendmsg+0x16d/0x220
[ 1202.623927][T18141]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1202.623959][T18141]  do_syscall_64+0xcd/0x4c0
[ 1202.623986][T18141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1202.624004][T18141] RIP: 0033:0x7f190278eb69
[ 1202.624018][T18141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1202.624040][T18141] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1202.624057][T18141] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1202.624069][T18141] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
[ 1202.624081][T18141] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1202.624092][T18141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1202.624103][T18141] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1202.624119][T18141]  </TASK>
[ 1204.002977][T18141] CPU: 0 UID: 0 PID: 18141 Comm: syz.4.2974 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1204.003000][T18141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1204.003009][T18141] Call Trace:
[ 1204.003016][T18141]  <TASK>
[ 1204.003023][T18141]  dump_stack_lvl+0x116/0x1f0
[ 1204.003054][T18141]  should_fail_ex+0x512/0x640
[ 1204.003078][T18141]  strncpy_from_user+0x3b/0x2e0
[ 1204.003098][T18141]  strncpy_from_user_nofault+0x7f/0x180
[ 1204.003118][T18141]  bpf_bprintf_prepare+0xe90/0x13f0
[ 1204.003142][T18141]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[ 1204.003166][T18141]  ? bpf_trace_run2+0x3e1/0x590
[ 1204.003180][T18141]  bpf_trace_printk+0xda/0x190
[ 1204.003193][T18141]  ? __pfx_bpf_trace_printk+0x10/0x10
[ 1204.003205][T18141]  ? bpf_ksym_find+0x127/0x1c0
[ 1204.003223][T18141]  ? bpf_trace_run2+0x3e1/0x590
[ 1204.003240][T18141]  bpf_prog_7c77c7e0f6645ad8+0x3e/0x44
[ 1204.003251][T18141]  bpf_trace_run2+0x236/0x590
[ 1204.003265][T18141]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1204.003280][T18141]  ? __pfx_stack_trace_save+0x10/0x10
[ 1204.003299][T18141]  ? stack_depot_save_flags+0x28/0xa40
[ 1204.003322][T18141]  __bpf_trace_contention_begin+0xc9/0x110
[ 1204.003345][T18141]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[ 1204.003366][T18141]  ? find_held_lock+0x2b/0x80
[ 1204.003384][T18141]  ? rb_read_data_buffer.constprop.0+0x18c/0x430
[ 1204.003407][T18141]  trace_contention_begin.constprop.0+0xde/0x160
[ 1204.003424][T18141]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[ 1204.003447][T18141]  ? __lock_acquire+0xb97/0x1ce0
[ 1204.003467][T18141]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[ 1204.003491][T18141]  do_raw_spin_lock+0x20e/0x2b0
[ 1204.003506][T18141]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1204.003520][T18141]  ? rcu_qs+0x2b/0xe0
[ 1204.003536][T18141]  ? rcu_note_context_switch+0x192/0x1e00
[ 1204.003555][T18141]  raw_spin_rq_lock_nested+0x7e/0x130
[ 1204.003573][T18141]  ? preempt_schedule_irq+0x51/0x90
[ 1204.003592][T18141]  __schedule+0x307/0x5de0
[ 1204.003610][T18141]  ? rb_commit+0x11f/0x9f0
[ 1204.003630][T18141]  ? ring_buffer_unlock_commit+0x2e8/0x620
[ 1204.003645][T18141]  ? __pfx___schedule+0x10/0x10
[ 1204.003661][T18141]  ? trace_buffer_unlock_commit_regs+0xd7/0x550
[ 1204.003681][T18141]  ? trace_event_buffer_commit+0x204/0xa50
[ 1204.003702][T18141]  preempt_schedule_irq+0x51/0x90
[ 1204.003721][T18141]  irqentry_exit+0x36/0x90
[ 1204.003740][T18141]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1204.003755][T18141] RIP: 0010:copy_iovec_from_user+0x10f/0x170
[ 1204.003772][T18141] Code: 48 8b 04 24 49 8d 7c 24 08 49 89 04 24 48 89 f8 48 c1 e8 03 42 80 3c 38 00 75 5b 4d 89 74 24 08 49 83 ed 01 31 ff 48 83 c5 10 <4c> 89 ee 49 83 c4 10 e8 65 4e db fc 4d 85 ed 0f 85 59 ff ff ff e8
[ 1204.003785][T18141] RSP: 0018:ffffc9001a2ffa30 EFLAGS: 00040206
[ 1204.003798][T18141] RAX: 1ffff9200345ff8d RBX: 0000000000000000 RCX: ffffffff84e03539
[ 1204.003808][T18141] RDX: ffff88804f3ec880 RSI: ffffffff84e03547 RDI: 0000000000000000
[ 1204.003817][T18141] RBP: 0000200000000150 R08: 0000000000000007 R09: 0000000000000000
[ 1204.003825][T18141] R10: 000000000000003c R11: 0000000000000000 R12: ffffc9001a2ffc60
[ 1204.003834][T18141] R13: 0000000000000000 R14: 000000000000003c R15: dffffc0000000000
[ 1204.003845][T18141]  ? copy_iovec_from_user+0xc9/0x170
[ 1204.003858][T18141]  ? copy_iovec_from_user+0xd7/0x170
[ 1204.003875][T18141]  __import_iovec+0x44e/0x650
[ 1204.003889][T18141]  ? __might_fault+0xe3/0x190
[ 1204.003902][T18141]  ? __might_fault+0x13b/0x190
[ 1204.003916][T18141]  import_iovec+0x109/0x140
[ 1204.003932][T18141]  copy_msghdr_from_user+0xf9/0x160
[ 1204.003953][T18141]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1204.003976][T18141]  ___sys_sendmsg+0xfe/0x1d0
[ 1204.003995][T18141]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1204.004022][T18141]  ? __mutex_unlock_slowpath+0x80/0x800
[ 1204.004044][T18141]  __sys_sendmsg+0x16d/0x220
[ 1204.004067][T18141]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1204.004092][T18141]  do_syscall_64+0xcd/0x4c0
[ 1204.004114][T18141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1204.004128][T18141] RIP: 0033:0x7f190278eb69
[ 1204.004140][T18141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1204.004152][T18141] RSP: 002b:00007f1903635038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1204.004166][T18141] RAX: ffffffffffffffda RBX: 00007f19029b5fa0 RCX: 00007f190278eb69
[ 1204.004176][T18141] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1204.004184][T18141] RBP: 00007f1903635090 R08: 0000000000000000 R09: 0000000000000000
[ 1204.004193][T18141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1204.004201][T18141] R13: 0000000000000000 R14: 00007f19029b5fa0 R15: 00007ffec0ec6ce8
[ 1204.004215][T18141]  </TASK>
[ 1204.460615][ T5167] Bluetooth: hci1: command tx timeout
[ 1204.491123][T18013] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1204.593227][T18013] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1204.600411][T18013] bridge_slave_0: entered allmulticast mode
[ 1204.622394][T18013] bridge_slave_0: entered promiscuous mode
[ 1204.629828][T18141] vlan0: entered promiscuous mode
[ 1205.204801][   T13] hsr_slave_0: left promiscuous mode
[ 1205.213228][   T13] hsr_slave_1: left promiscuous mode
[ 1205.219555][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1205.227172][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1205.238912][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1205.247131][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1205.260787][   T13] veth1_macvtap: left promiscuous mode
[ 1205.267597][   T13] veth0_macvtap: left promiscuous mode
[ 1205.273462][   T13] veth1_vlan: left promiscuous mode
[ 1205.278734][   T13] veth0_vlan: left promiscuous mode
[ 1205.379779][   T13] pim6reg (unregistering): left allmulticast mode
[ 1205.491881][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1205.515883][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1205.857778][   T13] IPVS: stop unused estimator thread 0...
[ 1205.915627][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1205.927409][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1205.938831][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.010807][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1206.023274][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.034244][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.092523][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1206.103060][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.113653][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.167538][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1206.178759][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.190360][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.270912][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.282676][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.344175][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.357723][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.407347][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.419165][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.476546][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.486947][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.584603][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.594987][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.624629][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.634960][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.674075][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.685478][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.745888][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.758545][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.843128][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.853581][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.928496][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.939499][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1206.996037][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.008456][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1207.089669][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.100319][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[ 1207.184437][   T13] bridge_slave_1: left allmulticast mode
[ 1207.190123][   T13] bridge_slave_1: left promiscuous mode
[ 1207.200601][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.208983][   T13] bridge_slave_0: left allmulticast mode
[ 1207.216585][   T13] bridge_slave_0: left promiscuous mode
[ 1207.222466][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.241640][   T13] bridge_slave_1: left allmulticast mode
[ 1207.247337][   T13] bridge_slave_1: left promiscuous mode
[ 1207.255400][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.264300][   T13] bridge_slave_0: left allmulticast mode
[ 1207.269974][   T13] bridge_slave_0: left promiscuous mode
[ 1207.277395][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.286278][   T13] bridge_slave_0: left allmulticast mode
[ 1207.293265][   T13] bridge_slave_0: left promiscuous mode
[ 1207.299027][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.308171][   T13] bridge_slave_1: left allmulticast mode
[ 1207.315817][   T13] bridge_slave_1: left promiscuous mode
[ 1207.322268][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.332469][   T13] bridge_slave_0: left allmulticast mode
[ 1207.338130][   T13] bridge_slave_0: left promiscuous mode
[ 1207.343853][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.474179][   T13] bridge_slave_1: left allmulticast mode
[ 1207.479844][   T13] bridge_slave_1: left promiscuous mode
[ 1207.485766][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.499138][   T13] bridge_slave_0: left allmulticast mode
[ 1207.504970][   T13] bridge_slave_0: left promiscuous mode
[ 1207.511231][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1207.656157][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1207.665864][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1207.675931][   T13] bond0 (unregistering): Released all slaves
[ 1207.754092][   T13] bond1 (unregistering): Released all slaves
[ 1207.798894][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1207.808423][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1207.818400][   T13] bond0 (unregistering): Released all slaves
[ 1207.896199][   T13] bond0 (unregistering): Released all slaves
[ 1207.972394][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1207.981910][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1207.994733][   T13] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1208.006421][   T13] bond0 (unregistering): Released all slaves
[ 1208.083622][   T13] bond1 (unregistering): (slave veth3): Releasing active interface
[ 1208.092448][   T13] bond1 (unregistering): Released all slaves
[ 1208.179453][   T13] bond2 (unregistering): Released all slaves
[ 1208.250545][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1208.260095][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1208.269417][   T13] bond0 (unregistering): Released all slaves
[ 1208.388179][   T13] : left promiscuous mode
[ 1208.413636][   T13] : left promiscuous mode
[ 1208.471169][   T13] tipc: Left network mode
[ 1208.499717][   T13] tipc: Left network mode
[ 1208.505803][   T13] tipc: Disabling bearer <udp:syz2>
[ 1208.511720][   T13] tipc: Left network mode
[ 1209.038814][   T13] hsr_slave_0: left promiscuous mode
[ 1209.046255][   T13] hsr_slave_1: left promiscuous mode
[ 1209.057391][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1209.065442][   T13] batadv0: mtu less than device minimum
[ 1209.072868][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.083518][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.094042][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.104690][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.115214][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.125853][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.136387][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.147000][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.157517][   T13] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[ 1209.171429][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1209.179225][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1209.191317][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1209.198860][   T13] batman_adv: batadv0: Interface deactivated: dummy0
[ 1209.205717][   T13] batman_adv: batadv0: Removing interface: dummy0
[ 1209.213879][   T13] hsr_slave_0: left promiscuous mode
[ 1209.219458][   T13] hsr_slave_1: left promiscuous mode
[ 1209.225077][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1209.232649][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1209.240230][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1209.247898][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1209.257455][   T13] hsr_slave_0: left promiscuous mode
[ 1209.263326][   T13] hsr_slave_1: left promiscuous mode
[ 1209.268859][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1209.276311][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1209.284511][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1209.292116][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1209.301713][   T13] hsr_slave_0: left promiscuous mode
[ 1209.307243][   T13] hsr_slave_1: left promiscuous mode
[ 1209.312937][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1209.320376][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1209.328158][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1209.335589][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1209.348931][   T13] veth1_macvtap: left promiscuous mode
[ 1209.354585][   T13] veth0_macvtap: left promiscuous mode
[ 1209.360129][   T13] veth1_vlan: left promiscuous mode
[ 1209.366044][   T13] veth1_macvtap: left promiscuous mode
[ 1209.371561][   T13] veth0_macvtap: left promiscuous mode
[ 1209.377065][   T13] veth1_vlan: left promiscuous mode
[ 1209.383007][   T13] veth0_vlan: left promiscuous mode
[ 1209.388829][   T13] veth1_macvtap: left promiscuous mode
[ 1209.394572][   T13] veth0_macvtap: left promiscuous mode
[ 1209.400187][   T13] veth1_vlan: left promiscuous mode
[ 1209.406188][   T13] veth1_macvtap: left promiscuous mode
[ 1209.411713][   T13] veth0_macvtap: left promiscuous mode
[ 1209.417215][   T13] veth1_vlan: left promiscuous mode
[ 1209.422666][   T13] veth0_vlan: left promiscuous mode
[ 1209.598523][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1209.623347][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1209.758450][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1209.779296][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1209.949986][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1209.969831][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1210.154232][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1210.176910][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1210.224982][T16105] lo speed is unknown, defaulting to 1000
[ 1210.230955][T16105] infiniband syz0: ib_query_port failed (-19)
[ 1211.242631][   T13] IPVS: stop unused estimator thread 0...
[ 1211.249341][   T13] IPVS: stop unused estimator thread 0...
[ 1211.260015][   T13] IPVS: stop unused estimator thread 0...
[ 1211.267413][   T13] IPVS: stop unused estimator thread 0...
[ 1211.296560][   T13] ------------[ cut here ]------------
[ 1211.302383][   T13] WARNING: CPU: 0 PID: 13 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x28c/0x320
[ 1211.311990][   T13] Modules linked in:
[ 1211.315926][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1211.327773][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1211.338229][   T13] Workqueue: netns cleanup_net
[ 1211.343240][   T13] RIP: 0010:xfrm_state_fini+0x28c/0x320
[ 1211.348895][   T13] Code: 89 f7 90 0f 0b 90 e9 e7 fe ff ff e8 fe d8 89 f7 90 0f 0b 90 e9 39 ff ff ff e8 f0 d8 89 f7 90 0f 0b 90 eb 8a e8 e5 d8 89 f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 67 1e f0 f7 e9 f8 fd ff ff e8 8d 1e f0
[ 1211.368759][   T13] RSP: 0018:ffffc90000127aa0 EFLAGS: 00010293
[ 1211.375086][   T13] RAX: 0000000000000000 RBX: ffff88807b482440 RCX: fffff52000024f25
[ 1211.383283][   T13] RDX: ffff88801e2d0000 RSI: ffffffff8a31af9b RDI: ffff88801e2d0444
[ 1211.391526][   T13] RBP: ffff88807b4838c0 R08: 0000000000000005 R09: 0000000000000000
[ 1211.399511][   T13] R10: 0000000000000000 R11: ffffffff8221cbf7 R12: ffffc90000127be8
[ 1211.407759][   T13] R13: dffffc0000000000 R14: fffffbfff20a7560 R15: ffffffff9053aae0
[ 1211.415939][   T13] FS:  0000000000000000(0000) GS:ffff8881246c8000(0000) knlGS:0000000000000000
[ 1211.425062][   T13] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1211.431938][   T13] CR2: 000055b4bcdb8300 CR3: 000000007a281000 CR4: 00000000003526f0
[ 1211.439925][   T13] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000000000508c
[ 1211.448154][   T13] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1211.456202][   T13] Call Trace:
[ 1211.459487][   T13]  <TASK>
[ 1211.462474][   T13]  ? __pfx_xfrm_net_exit+0x10/0x10
[ 1211.467602][   T13]  xfrm_net_exit+0x2d/0x70
[ 1211.472058][   T13]  ops_undo_list+0x2eb/0xab0
[ 1211.476658][   T13]  ? __pfx_ops_undo_list+0x10/0x10
[ 1211.481845][   T13]  ? cleanup_net+0x334/0x890
[ 1211.486453][   T13]  ? lock_release+0x201/0x2f0
[ 1211.491192][   T13]  ? idr_destroy+0x62/0x2e0
[ 1211.495706][   T13]  cleanup_net+0x408/0x890
[ 1211.500127][   T13]  ? __pfx_cleanup_net+0x10/0x10
[ 1211.505129][   T13]  ? lock_acquire+0x2cd/0x350
[ 1211.509821][   T13]  ? rcu_is_watching+0x12/0xc0
[ 1211.514666][   T13]  process_one_work+0x9cc/0x1b70
[ 1211.519649][   T13]  ? __pfx_cleanup_net+0x10/0x10
[ 1211.524666][   T13]  ? __pfx_process_one_work+0x10/0x10
[ 1211.530056][   T13]  ? assign_work+0x1a0/0x250
[ 1211.534719][   T13]  worker_thread+0x6c8/0xf10
[ 1211.539322][   T13]  ? __pfx_worker_thread+0x10/0x10
[ 1211.544518][   T13]  kthread+0x3c5/0x780
[ 1211.548593][   T13]  ? __pfx_kthread+0x10/0x10
[ 1211.553347][   T13]  ? rcu_is_watching+0x12/0xc0
[ 1211.558118][   T13]  ? __pfx_kthread+0x10/0x10
[ 1211.562783][   T13]  ret_from_fork+0x5d7/0x6f0
[ 1211.567376][   T13]  ? __pfx_kthread+0x10/0x10
[ 1211.572025][   T13]  ret_from_fork_asm+0x1a/0x30
[ 1211.576804][   T13]  </TASK>
[ 1211.579825][   T13] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1211.587109][   T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) 
[ 1211.598746][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1211.608806][   T13] Workqueue: netns cleanup_net
[ 1211.613584][   T13] Call Trace:
[ 1211.616866][   T13]  <TASK>
[ 1211.619807][   T13]  dump_stack_lvl+0x3d/0x1f0
[ 1211.624416][   T13]  vpanic+0x6a3/0x780
[ 1211.628411][   T13]  ? __pfx_vpanic+0x10/0x10
[ 1211.632931][   T13]  ? xfrm_state_fini+0x28c/0x320
[ 1211.637866][   T13]  panic+0xca/0xd0
[ 1211.641586][   T13]  ? __pfx_panic+0x10/0x10
[ 1211.645991][   T13]  ? check_panic_on_warn+0x1f/0xb0
[ 1211.651081][   T13]  check_panic_on_warn+0xab/0xb0
[ 1211.655996][   T13]  __warn+0xf6/0x3c0
[ 1211.659891][   T13]  ? xfrm_state_fini+0x28c/0x320
[ 1211.664829][   T13]  report_bug+0x3c3/0x580
[ 1211.669145][   T13]  ? xfrm_state_fini+0x28c/0x320
[ 1211.674072][   T13]  handle_bug+0x184/0x210
[ 1211.678384][   T13]  exc_invalid_op+0x17/0x50
[ 1211.682869][   T13]  asm_exc_invalid_op+0x1a/0x20
[ 1211.687705][   T13] RIP: 0010:xfrm_state_fini+0x28c/0x320
[ 1211.693236][   T13] Code: 89 f7 90 0f 0b 90 e9 e7 fe ff ff e8 fe d8 89 f7 90 0f 0b 90 e9 39 ff ff ff e8 f0 d8 89 f7 90 0f 0b 90 eb 8a e8 e5 d8 89 f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 67 1e f0 f7 e9 f8 fd ff ff e8 8d 1e f0
[ 1211.712822][   T13] RSP: 0018:ffffc90000127aa0 EFLAGS: 00010293
[ 1211.718888][   T13] RAX: 0000000000000000 RBX: ffff88807b482440 RCX: fffff52000024f25
[ 1211.726846][   T13] RDX: ffff88801e2d0000 RSI: ffffffff8a31af9b RDI: ffff88801e2d0444
[ 1211.734802][   T13] RBP: ffff88807b4838c0 R08: 0000000000000005 R09: 0000000000000000
[ 1211.742768][   T13] R10: 0000000000000000 R11: ffffffff8221cbf7 R12: ffffc90000127be8
[ 1211.750734][   T13] R13: dffffc0000000000 R14: fffffbfff20a7560 R15: ffffffff9053aae0
[ 1211.758689][   T13]  ? kasan_record_aux_stack+0xa7/0xc0
[ 1211.764068][   T13]  ? xfrm_state_fini+0x28b/0x320
[ 1211.768994][   T13]  ? __pfx_xfrm_net_exit+0x10/0x10
[ 1211.774110][   T13]  xfrm_net_exit+0x2d/0x70
[ 1211.778518][   T13]  ops_undo_list+0x2eb/0xab0
[ 1211.783107][   T13]  ? __pfx_ops_undo_list+0x10/0x10
[ 1211.788204][   T13]  ? cleanup_net+0x334/0x890
[ 1211.792775][   T13]  ? lock_release+0x201/0x2f0
[ 1211.797444][   T13]  ? idr_destroy+0x62/0x2e0
[ 1211.801928][   T13]  cleanup_net+0x408/0x890
[ 1211.806321][   T13]  ? __pfx_cleanup_net+0x10/0x10
[ 1211.811234][   T13]  ? lock_acquire+0x2cd/0x350
[ 1211.815903][   T13]  ? rcu_is_watching+0x12/0xc0
[ 1211.820745][   T13]  process_one_work+0x9cc/0x1b70
[ 1211.825667][   T13]  ? __pfx_cleanup_net+0x10/0x10
[ 1211.830593][   T13]  ? __pfx_process_one_work+0x10/0x10
[ 1211.835950][   T13]  ? assign_work+0x1a0/0x250
[ 1211.840527][   T13]  worker_thread+0x6c8/0xf10
[ 1211.845115][   T13]  ? __pfx_worker_thread+0x10/0x10
[ 1211.850216][   T13]  kthread+0x3c5/0x780
[ 1211.854262][   T13]  ? __pfx_kthread+0x10/0x10
[ 1211.858830][   T13]  ? rcu_is_watching+0x12/0xc0
[ 1211.863573][   T13]  ? __pfx_kthread+0x10/0x10
[ 1211.868142][   T13]  ret_from_fork+0x5d7/0x6f0
[ 1211.872716][   T13]  ? __pfx_kthread+0x10/0x10
[ 1211.877289][   T13]  ret_from_fork_asm+0x1a/0x30
[ 1211.882039][   T13]  </TASK>
[ 1211.885260][   T13] Kernel Offset: disabled
[ 1211.889557][   T13] Rebooting in 86400 seconds..