last executing test programs:

1m51.526826011s ago: executing program 3 (id=7112):
r0 = syz_open_dev$radio(&(0x7f00000003c0), 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x40305828, &(0x7f0000000180)={0x1fd, 0x0, 0x6000, 0x2000, &(0x7f0000001000/0x2000)=nil})
writev(0xffffffffffffffff, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x4000, 0x3}, 0x18, 0x0)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
get_robust_list(0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
io_uring_enter(r2, 0x3779, 0x9b3a, 0x1e, &(0x7f0000000100)={[0x8]}, 0x8)
fcntl$setsig(r0, 0xa, 0x2b)

1m50.698280484s ago: executing program 3 (id=7116):
creat(0x0, 0x10)
ioctl$KVM_GET_MSRS_sys(0xffffffffffffffff, 0xc008ae88, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x20, [0x6, 0x8, 0xfffffff1, 0x9, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x7fffffff, 0x40000000, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0xffff, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x3ff, 0x2, 0x24, 0x3, 0x3, 0x43, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x9, 0x80071, 0x5, 0xfffff000, 0x104, 0x0, 0x5, 0x803c, 0x4, 0x1, 0x3, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0x9], [0x10000004, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x7c, 0x10000ea3, 0xa, 0xe, 0x0, 0x8000, 0xfffffff8, 0x400, 0x101, 0x0, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0xc, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x4, 0x1, 0x0, 0xffff, 0x0, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x3], [0xfffffff9, 0x4, 0xffffffff, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0x14, 0x87, 0x0, 0x5, 0x5, 0x3b, 0xda6, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x3, 0x3, 0x1, 0xbf, 0x200, 0x0, 0x400002, 0x8, 0x4, 0x5, 0xf23, 0x0, 0x6, 0x8, 0x9, 0x3, 0x6, 0xd, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0xfffffffc, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0x6, 0x100002, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400007, 0xffffffa1, 0x5, 0x9, 0x8, 0x4, 0x50fd, 0x10001, 0x3, 0x9, 0x100, 0x9, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x10000, 0xfffffffe, 0x8, 0x6, 0xa23, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c)
io_setup(0x8, &(0x7f0000004200)=<r2=>0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x2}])
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r4, &(0x7f0000000040)="e2", 0x918)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00'})
close(r6)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r8, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r9, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000940)=""/74, 0x4a}], 0x4}, 0x5d}], 0x1b00, 0x10022, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x10b200, 0x0)

1m42.963890039s ago: executing program 3 (id=7127):
syz_open_procfs$namespace(0xffffffffffffffff, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x24}, 0x94)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
socket$kcm(0x10, 0x2, 0x4)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000c40)={<r2=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, &(0x7f00000000c0)={r2})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000002780)={<r3=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r1, 0x40182103, &(0x7f0000000080)={r3, 0x3, r1, 0x5})

1m42.732020751s ago: executing program 3 (id=7130):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x4b)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}})
write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x200000000000, 0x1, 0x2, '\x00', 0x8}}, 0x2a)

1m37.758231845s ago: executing program 3 (id=7143):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

1m37.353624591s ago: executing program 3 (id=7144):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0001, 0x0, 0x0, 0x0, 0x40}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f05, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='block_bio_remap\x00', r0}, 0x18)
sync()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r6=>0x0], &(0x7f0000000040), 0x3, r5, 0xcccccccc})
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x1f00, 0x1, &(0x7f0000000240)=[r5], &(0x7f0000000200), &(0x7f00000000c0)=[r6], &(0x7f0000000040), 0x0, 0x300})

1m22.2316104s ago: executing program 32 (id=7144):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0001, 0x0, 0x0, 0x0, 0x40}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f05, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='block_bio_remap\x00', r0}, 0x18)
sync()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, &(0x7f0000000040)={&(0x7f0000000300)=[0x0, 0x0, <r6=>0x0], &(0x7f0000000040), 0x3, r5, 0xcccccccc})
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x1f00, 0x1, &(0x7f0000000240)=[r5], &(0x7f0000000200), &(0x7f00000000c0)=[r6], &(0x7f0000000040), 0x0, 0x300})

7.480759172s ago: executing program 5 (id=7435):
r0 = syz_open_dev$radio(&(0x7f00000003c0), 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x4000, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
get_robust_list(0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3779, 0x9b3a, 0x1e, &(0x7f0000000100)={[0x8]}, 0x8)
fcntl$setsig(r0, 0xa, 0x2b)

6.843015839s ago: executing program 5 (id=7436):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
close(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r3, 0x5)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
accept4$inet6(r3, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
r5 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="e0000000100009"], 0xe0}], 0x1}, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x3})
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBMODE(r6, 0x4b44, &(0x7f0000000080))
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r7, 0x11, 0xa, &(0x7f0000000040)=0x3, 0x4)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000001000000000000000000000850000009b00000018010000207834b000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a00ef0085f3ffff9a0000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x12}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x24, 0x0, 0x0, 0x0}, 0xfffffffffffffd98)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)

5.761929205s ago: executing program 5 (id=7438):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb0100180000000000000000feffff1400000002000000000000000100000d000000000000000100"/62], 0x0, 0x2e, 0x0, 0x0, 0x20002}, 0x20)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080004008006000008001b0000"], 0x30}}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[], 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000680)={0x84, &(0x7f00000001c0)={0x40, 0x17, 0x5, "739e2a166e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xa59e, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)

5.761293169s ago: executing program 2 (id=7439):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0xca352c92cb699c71, 0xffffffffffffffff, 0xd0a55000)
syz_io_uring_setup(0xd5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0xc0}, &(0x7f00000002c0), &(0x7f0000000640))
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@getsa={0x168, 0x12, 0x0, 0x70bd2d, 0x25dfdbfb, {@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d5, 0x2, 0x6c}, [@XFRMA_SET_MARK={0x8, 0x1d, 0x6}, @algo_auth={0xdc, 0x1, {{'sm3-generic\x00'}, 0x4a0, "173f3045069cdd8ffb9dceee0b05a2eab275bd0955acc28869dea3bde1a870eaa394424483bdb65f27b1c1dfdcd0c3ee85917769fb11f8d7d8e5f59188fb0a8ea67bac30c42a9b2adb20b452705b592df6032a8039a5b23cbff0e62a4d3e8a721eea2bc30250752f26e2a4661aa6cba505322e54676f3bc26107170e849f554fce30471400673303c9fedeb5f071218b051f8904"}}, @lifetime_val={0x24, 0x9, {0x101, 0x8, 0x2, 0x1}}, @lastused={0xc, 0xf, 0x7}, @lifetime_val={0x24, 0x9, {0x5, 0xfa26, 0x7fffffffffffffff, 0x3}}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}]}, 0x168}}, 0x40)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x5, &(0x7f0000000500)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2e}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000440), 0x40800, 0x0)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r2, &(0x7f0000000680)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x58, r3, 0x8, 0x70bd2c, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}]}, @MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x44010}, 0x44004)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_XCRS(r6, 0x4188aea7, &(0x7f0000000240)={0xb, 0x7, [{0x1ff}, {0x1, 0x0, 0xe6da}, {0x7fffffff, 0x0, 0xe6}, {0x1, 0x0, 0x1}, {0x6b, 0x0, 0x7}, {0x5, 0x0, 0x2}, {0x7ff, 0x0, 0x9}, {0x3, 0x0, 0x2}, {0x2, 0x0, 0x2385}, {0x1, 0x0, 0x4}, {0x9, 0x0, 0x5}, {0x8, 0x0, 0x80000001}, {0x616933dc, 0x0, 0x100000000}, {0xec}, {0x7}, {0x0, 0x0, 0x2}]})

5.64768571s ago: executing program 2 (id=7441):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0)
read$FUSE(r0, 0x0, 0x0)

5.209951863s ago: executing program 2 (id=7442):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={<r4=>0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0xffff, 0x0, @loopback}]}, &(0x7f0000000240)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc0100"/56, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac1414"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x111}}, 0x20)
r7 = openat$rtc(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'bond_slave_1\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="400000001000290427bd70ea00000005bd9a48199800000000f25b4c33fc7ed28cac18d9e284a77c71ac2152c50e6c7439a30c70610c2edc7cbbc5d47338657a73067e57e11fdc4e89346fd0e896e6832e6793385f89b8f4c6c4ef4bc8549f7e66612f769f5989768b8e6809c60a2e252503a83b04aaa0f01b5c45228d7ce85fb9931afbd0e8f264aacd3c025869f007163f445d913e0a0273b18c5194677baab19fa2215aed1e299d6ec8fc74f5afba84b3bf2cd16685f234b957eaf34c", @ANYRES32=r10, @ANYBLOB="0c340000f2780600200012800f000100626f6e645f736c61766500000c000580"], 0x40}, 0x1, 0x0, 0x0, 0x8044}, 0x2000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r11 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r11, &(0x7f000001b700)=""/102392, 0x18ff8)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
ioctl$RTC_UIE_ON(r7, 0x7003)

4.27194725s ago: executing program 2 (id=7444):
syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
write$FUSE_ATTR(r1, 0x0, 0x0)
r2 = gettid()
prlimit64(r2, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x2c, 0x0, &(0x7f0000000040)=[@clear_death, @increfs_done, @release], 0x46, 0x0, &(0x7f0000000180)="0bba687a0cb81887388967b59a8425b7321f98a5d280eea109648f454d7569468366378e4d6fbb84d35667503b3b344ed67a9992881619935649b46971d672a519a3b75ca0dc"})
r6 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_STREAMON(r6, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f00000003c0)=@multiplanar_overlay={0x1, 0x2, 0x4, 0x400, 0x1, {0x77359400}, {0x2, 0x0, 0xf2, 0x8, 0xa, 0x49, "f7d77830"}, 0x3, 0x3, {0x0}, 0x6})
ioctl$vim2m_VIDIOC_QBUF(r6, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x5, 0x0, 0x0, 0x0, 0x20, 0x29, "fafc00"}, 0x0, 0x1, {0x0}})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x0)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

4.078404509s ago: executing program 1 (id=7445):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000007, 0x20011, r1, 0x0)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x404})
syz_clone(0x22040480, &(0x7f0000000140)="c76b7debd817e329e8474d018d43cd57ff07b76db4d6ef898837e87f17c6d480e563f0b2893d0bb293ab6fa7278c8f7755c7224f691e7935f41d9cc3930ee74d689aae709fbb6a777924634e4dfe98517daa70c8879748179613352053cf37068f9835c0106b2779c166d581af3e3110aaed0226a3e500c8a1970de5dea2fffece3ddf1c5abaa6dcc07f6efd8e30c816e5b2bdb9b0732076629dd74c37a39f15243812cf87e249147ad78b0a382363c939b81b81c2f882ed5892b926e1d107abc9f45fc7c511d81e4ca9d00745482cabffa9098b41d485192aad043e66c2694daecc1507ae3a00c842be8a430689d0ebb711c2", 0xf3, &(0x7f0000000080), &(0x7f0000000240), &(0x7f0000000280)="e2a781b271fadbbedc6ba6cd05f6cdf60bff5db1aa9c16790615632b48347cc1491f109da980356afab2779fa76aea7b53157ef8bc1c0d4e6da794072a38030e1112339d42bc06e7a4dd040b8505036fe3078e783ee08308c044bd923c769252fb84b9678d2e4e69be02e9c57365c666b2797eee23d4e80473aee361a0a12b1842b64a25e7d3aad2646d4d371d2d0f")
r3 = fsopen(&(0x7f0000000000)='f2fs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000000c0)='test_dummy_encryption', 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000072d000/0x2000)=nil, &(0x7f0000b4e000/0x3000)=nil, 0x2000, 0x3})

3.936303894s ago: executing program 1 (id=7447):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x80, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f00000002c0))
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r2 = dup(0xffffffffffffffff)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
r3 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x39c4, 0x2, 0x4}, &(0x7f0000000580), &(0x7f0000000280))
io_uring_enter(r3, 0x66a8, 0x4000, 0xf, 0x0, 0x18)

3.406245281s ago: executing program 0 (id=7449):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e21, @loopback}}, 0x7, 0x1000, 0x5, 0x7, 0xc}, &(0x7f0000000140)=0x98) (fail_nth: 2)

2.674521067s ago: executing program 2 (id=7451):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000002040), 0x82401, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000000000)=@framed, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x1, 0x6, 0x4, 0x0, 0x7, 0x8, 0x652, 0x7, 0x8000009657, 0x1, 0x6, 0x0, 0x10, 0x800000000b, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x10000000000001, 0x0, 0x809, 0x0, 0xfffffffffffffffa, 0x80003, 0xf64d}) (fail_nth: 2)

2.673702991s ago: executing program 5 (id=7452):
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200087fc, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0xc0045103, 0x0)

2.447646882s ago: executing program 2 (id=7453):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$KDSETKEYCODE(r4, 0x4b4d, &(0x7f00000002c0)={0x3, 0xfffffffd})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xb325}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0xfffffffd, 0xb}, {0x4, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x1, 0x4c, 0x2, 0x0, 0x3}}, 0xfffffffd})
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000240)='cubic', 0x9)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
fcntl$getownex(r1, 0x10, &(0x7f00000001c0))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0xea)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x9)
r7 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000300)={0x8462, 0x32314d59, 0x1, @stepwise={0x3, 0xc, 0x1, 0x1, 0x3, 0xe53}})
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r8, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, 0x0)
r9 = syz_usb_connect$sierra_net(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x3, 0x3}, {0x9, 0x5, 0xa, 0x2, 0x10, 0x6e, 0x1, 0x6}, {0x9, 0x5, 0x9, 0x3, 0x200, 0x8, 0x5}}}}}}]}}, 0x0)
syz_usb_control_io$sierra_net(r9, 0x0, 0x0)

2.294222929s ago: executing program 0 (id=7455):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2fa39, 0xa000}, [@IFLA_IFNAME={0x14, 0x3, 'veth1_to_batadv\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0xfffffffb, 0x7}}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x40) (fail_nth: 2)

2.244140659s ago: executing program 1 (id=7456):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x3, &(0x7f0000000140)=[&(0x7f0000a0d000/0x3000)=nil, &(0x7f0000a3a000/0x1000)=nil, &(0x7f0000fc7000/0x13000)=nil], &(0x7f0000000240)=[0x1], &(0x7f0000000000), 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, 0x0, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x5, &(0x7f0000000000)=0x1, 0x4)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1100000004000000040000000c00000000000000", @ANYRES32, @ANYBLOB="00000000000000000167000013031500000000002eb27aa53fb291b9d926a0c9e70f457cb85294113517c90e0000000000000400ee764e69da14e59ea9d1ebb6818d8324538162f4756badb0adbdbaa58ae5616136a28fb8a3", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x5c, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0)
read$msr(r4, &(0x7f0000002240)=""/102400, 0x19000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0)
writev(r5, &(0x7f0000000440)=[{&(0x7f0000000040)="93d90400000300", 0x7}], 0x1)
r6 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$user(&(0x7f0000000080), 0x0, &(0x7f0000000140)="27bb8a6af547da4cad0fbd9a8e46fa06226f81d37635a6370b94c473d2c66a0324b50da8e60cbdc7109c4f7fa0", 0x2d, r6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@newtaction={0xea4, 0x30, 0xb, 0x0, 0x0, {}, [{0xe90, 0x1, [@m_gact={0x3c, 0x1, 0x0, 0x0, {{0x9}, {0x10, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0x8df, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x5, 0xa, 0x4, 0x1, 0x2000000}, 0x5, 0x1}, [{0x9, 0x80000001, 0x1, 0x630, 0x8, 0x1}, {0xdf, 0x4, 0x5, 0x5, 0x10, 0xe}, {0x1, 0x85a, 0x5, 0xe6db, 0x3, 0xfffffffc}, {0x6, 0x400, 0x9321, 0xa2, 0x6, 0x7}, {0x5, 0x5, 0xffffffc0, 0x1, 0x3}, {0xe, 0xf5, 0x3, 0x9, 0xffffbff8, 0x3}, {0x0, 0x7, 0xfff, 0x2, 0x9163ef6c, 0x40080003}, {0x3, 0x5, 0x80, 0x0, 0xacc8, 0x2}, {0x8001, 0xffb, 0x9, 0xffff, 0xfffffffe, 0x81}, {0x8, 0xfff, 0x6, 0xeb84, 0x8, 0x30c4}, {0x7, 0x9, 0xfffffffc, 0x100, 0x4}, {0x8004, 0x80000001, 0xfffffeff, 0x80000df, 0x4, 0x5}, {0x0, 0x80000001, 0x9, 0x7, 0xfff, 0x7}, {0x5, 0x2, 0xfffffffd, 0x9, 0x474, 0x594}, {0x7fffffff, 0x1, 0x8, 0xfffffff9, 0x6, 0xffffffff}, {0x24, 0x5, 0xf, 0x6, 0x6, 0x8000003}, {0xbb, 0x5, 0x2, 0x310, 0xf}, {0x9b7d, 0x52fc, 0x3, 0x3, 0x48, 0x9}, {0xbd, 0x8, 0x10, 0xe4d, 0x7f, 0x3}, {0x8, 0x8, 0x9, 0x27, 0x2, 0x5}, {0x4, 0x1000, 0x5, 0x6, 0x93e, 0x6}, {0x1, 0x7, 0x0, 0x1, 0xff, 0x3}, {0xb, 0x7f, 0xfffff417, 0x1, 0x3ff, 0x9}, {0x4, 0x8, 0x7, 0xb, 0x8, 0x80004d}, {0x34db, 0xffff, 0x0, 0x3ff, 0x1, 0x400}, {0x1, 0xcb1d, 0x8, 0x1, 0x0, 0x4}, {0x5, 0x3, 0xfffffffc, 0x8, 0x3, 0x984}, {0x2, 0xffffffff, 0x3, 0x2, 0x9, 0x40}, {0x7, 0x281, 0x7fffffff, 0x3, 0x3, 0x8}, {0x5, 0x4, 0x1, 0x8, 0x4, 0x2f}, {0x6, 0x3, 0x4, 0x4000d1a1, 0x9, 0x7}, {0x5, 0x3, 0x8, 0x4, 0x16, 0x2}, {0x8001, 0x87, 0x6, 0x1, 0x3, 0x4}, {0x6, 0x9e4, 0x8b7f, 0x11, 0x3, 0x7}, {0x7, 0x1, 0x800, 0x70f, 0x8001, 0x3}, {0x4, 0x10, 0x6, 0x1, 0x4, 0x22ff}, {0x5, 0x10001, 0x9, 0x0, 0x10001, 0x7}, {0xf85, 0x2e, 0x100, 0x3, 0x100, 0xe60c}, {0x2, 0x5, 0x1, 0x21000}, {0x4e2, 0x6ae, 0x2, 0x100, 0x5, 0xd}, {0x1, 0xcad, 0xa5, 0x2, 0x4d800, 0x6}, {0x20, 0x7f, 0x33, 0x2, 0x400, 0x4}, {0x4, 0x62e, 0xb, 0x219c, 0x0, 0x5}, {0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0x945a, 0x0, 0x0, 0x8, 0x3}, {0xda1, 0x893, 0x2, 0x9, 0xfffffa2e, 0x6}, {0x1, 0xfffffff3, 0x5, 0x8, 0x0, 0x1}, {0x2, 0x8, 0x2, 0xe, 0x2, 0x2}, {0x6, 0x100, 0xe, 0x10000, 0x5, 0x7}, {0x0, 0x6, 0x7, 0x4, 0xc, 0x800}, {0x8, 0x10000, 0x1, 0x1, 0x7}, {0x7d5, 0x2, 0x4, 0x800, 0xf, 0x3}, {0x1, 0x5, 0x6, 0x2, 0x8, 0xc}, {0x2, 0x1, 0x3, 0xc, 0x1, 0x2c3}, {0x1000, 0x3, 0xbc, 0x8001, 0xfa, 0x8}, {0x2, 0x3, 0x9, 0x50e, 0x55ac, 0xa5e2}, {0x0, 0x196680, 0xffffff91, 0xfd, 0x3, 0x7}, {0x4, 0x4, 0x2, 0x1, 0x0, 0xe}, {0xfffffff5, 0x8, 0x7023, 0x8, 0x5, 0x851}, {0x3, 0x78, 0x7, 0xa, 0x5dec4cac, 0x6}, {0x4, 0x9, 0x3a, 0x2, 0x8, 0x602}, {0x4, 0x7fffffff, 0x8, 0x8, 0x8, 0xff}, {0x7, 0xfffffff1, 0x2f2c, 0x400, 0x6, 0x6}, {0x10001, 0x81, 0x40, 0x2, 0x85, 0x2}, {0x2, 0x8550, 0x4c, 0x3, 0xfffffffa, 0x736d}, {0x7f, 0x199, 0x5, 0x9, 0x7, 0x2}, {0x7, 0x801, 0x8, 0x7, 0x2, 0x7}, {0x9, 0x3f1, 0x4, 0x5, 0x4, 0x8}, {0x100, 0x3ff, 0x0, 0x7f53, 0x7, 0x1}, {0x3ff, 0xc, 0x4, 0x1, 0x4, 0x4}, {0x9, 0x381, 0xfff, 0x5d7c, 0x0, 0x8001}, {0x8, 0x0, 0x7, 0xfffffffb, 0x3ee, 0x4}, {0xbfffffe, 0x6, 0x101, 0x5, 0x400, 0x8000400}, {0x7fff, 0xb3, 0x2, 0x10000, 0x6, 0x14}, {0x0, 0x1, 0x4c90, 0x4, 0x2000007f, 0x8}, {0x5, 0x25b, 0x0, 0x3, 0x2, 0x2}, {0x29dbdf0, 0xd, 0xfffffffd, 0x7, 0x6, 0x3}, {0x7, 0x1, 0x4e6, 0x8, 0x5, 0x5}, {0x473, 0x8, 0x2, 0x400, 0x4000000, 0x69b3d6e6}, {0x1, 0xb7bb, 0x22800000, 0x0, 0x10, 0x5}, {0x7f, 0x7, 0x6, 0xffffffff, 0x3, 0x8}, {0xfffffff7, 0x5, 0xa, 0x40, 0x863, 0x2}, {0xb, 0x9, 0xc, 0x3c1, 0x6e, 0x40}, {0x6, 0xd, 0x6, 0xfb0000, 0x1, 0x7}, {0xe0, 0x100, 0x1, 0xb, 0x8, 0x7}, {0xffc, 0x1, 0x0, 0x38, 0x0, 0x9}, {0x82, 0x10, 0x10001, 0x0, 0x4, 0xef}, {0x7, 0x2, 0xfffffff8, 0x8, 0x9, 0x2}, {0x54, 0x5, 0xa33f, 0x101, 0x2, 0x10001}, {0x1, 0x10000004, 0x800004, 0x10001, 0x2, 0xce}, {0x4, 0x8, 0x8, 0x3, 0xf, 0x9}, {0x6, 0x5, 0x8, 0xffffffff, 0x405b9, 0x6}, {0x9, 0x0, 0x9, 0x2, 0x9}, {0x0, 0x2, 0xb, 0x7fffffff, 0xfc0, 0x7f1b4893}, {0x4, 0xd, 0x3, 0x4, 0x7, 0x7}, {0x4, 0x5, 0xe, 0x3, 0x3dcb, 0x9}, {0x200, 0x0, 0xe8, 0x1, 0x800000d4, 0x1}, {0xc651, 0x5f83, 0x2, 0x1, 0xd, 0x8}, {0xfff, 0x5, 0x1, 0x0, 0x49, 0x5}, {0x5, 0x3, 0x7, 0x97fd, 0xef, 0x202}, {0x2, 0xa, 0x1000, 0x1, 0x6, 0xe0}, {0x800, 0x4c, 0x7, 0x0, 0xfffffff7, 0x9}, {0x6, 0xffff, 0xffff8001, 0xa, 0xae36, 0x36b6800}, {0xcfb7, 0x0, 0x101, 0x2, 0x1, 0xaa82}, {0x6, 0x800, 0xec3d, 0xffffffff, 0xea5, 0x3}, {0x9, 0x5, 0x2, 0x0, 0x0, 0xdd}, {0x6, 0x6, 0x0, 0x1e9, 0x6, 0x1}, {0x3, 0x7, 0x5, 0x3, 0x400, 0x81}, {0x970, 0x100, 0xb2eb, 0x2, 0x3, 0x9}, {0x3, 0x6, 0x8, 0x7, 0xd, 0x474c}, {0xf, 0x101, 0x9a, 0x1000, 0x2, 0xfffffffc}, {0x3, 0x98e, 0x1a5e666b, 0x10, 0x7, 0x9}, {0xfffffffb, 0x3, 0x3, 0x2ee8000, 0x7f3}, {0x3, 0x2, 0x2, 0x3, 0x3, 0x2}, {0x7, 0x4, 0x1, 0x7, 0x101, 0xef}, {0x70a0, 0x9, 0x425b597f, 0x1, 0x2, 0x7}, {0x6, 0xc000000, 0x402, 0x4, 0x8, 0x5}, {0x3, 0x6, 0x7, 0xfffffff9, 0x0, 0xffffffff}, {0x7, 0x9, 0x8, 0x0, 0x9, 0xd6}, {0x24, 0x10001, 0x8000006, 0x1, 0x39d6}, {0x401, 0x7d4, 0x9, 0x8000, 0xffff, 0x7}, {0x6, 0x92e4, 0x130, 0x0, 0x4, 0x9}, {0x0, 0x7fff, 0x7, 0x8001, 0x8, 0x5}, {0x7e, 0x800, 0xfffffff9, 0x6, 0x4b64, 0x80000001}, {0x2ad78a25, 0x2, 0x6, 0x6, 0x4, 0x8}, {0x2, 0x9, 0x0, 0x80000000, 0x129, 0xc}, {0x7, 0x2, 0x8, 0x3, 0xe01, 0xf933271}, {0x4a3, 0x4, 0x3, 0x514c, 0xf8a, 0x19}], [{0x1}, {0x4, 0x1}, {}, {0x5}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x4}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {0x5, 0x1}, {}, {}, {0x3}, {0x2, 0x1}, {0x4}, {0x5}, {0x7}, {0x3, 0x1}, {0x4}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x4}, {0x0, 0x1}, {0x0, 0x1}, {0x2}, {0x5}, {0x9, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x2}, {0x5}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x2}, {0x2}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x4}, {0x6, 0x1}, {0x5, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xea4}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}}, 0x0)

1.893648285s ago: executing program 0 (id=7458):
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, &(0x7f0000000280)={0x401, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x0})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = io_uring_setup(0x4a86, &(0x7f0000000300)={0x0, 0x40006178, 0x40, 0x8001002, 0x3d7})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0})
close_range(r3, 0xffffffffffffffff, 0x0)

1.634030939s ago: executing program 5 (id=7459):
r0 = syz_open_dev$radio(&(0x7f00000003c0), 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x4000, 0x3}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
get_robust_list(0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3779, 0x9b3a, 0x1e, &(0x7f0000000100)={[0x8]}, 0x8)
fcntl$setsig(r0, 0xa, 0x2b)

1.287217022s ago: executing program 1 (id=7460):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0)
getegid()
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
io_setup(0x1, &(0x7f0000000b80)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x800, r0, 0x0}])
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})

1.233913957s ago: executing program 4 (id=7461):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x8}, [@IFLA_GROUP={0x8, 0x1b, 0x1}]}, 0x28}}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r1, @ANYRES32=r1, @ANYRES16=r1], 0x48}}, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
socket(0x10, 0x3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid() (async)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f00000005c0)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
socket(0xa, 0x3, 0x87) (async)
timer_create(0x1, &(0x7f0000000580)={0x0, 0x17, 0x2, @thr={&(0x7f0000000680), &(0x7f0000000740)="6e1f05b74822affbd1d43221b187b67cfdd691d8fa08b0f87c4485da35fa4e051b0b8f75cce5a465675f572c93b20fde146296b08999615e4165419d3903abe9093c31210adee1f3b2a9ebd13adde70ac04afe7cb5d1486dd7b29e086c3cd7e27fdc592f51d80913a1e021993865102bc142ad801386eed1f0ad354a5182"}}, &(0x7f0000000800)) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000022c0), 0xffffffffffffffff)
sendmsg$nl_route(r1, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={0x0}, 0x1, 0x0, 0x0, 0x2000810}, 0x24004000) (async)
sendmsg$TIPC_NL_LINK_GET(r5, &(0x7f0000002600)={0x0, 0x0, &(0x7f00000025c0)={&(0x7f0000000900)={0x2c, r6, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004000}, 0x4000000)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000183b9220b113420016519a02030109021b00010000000009040000012e459e000905c435a3"], 0x0)

1.157642838s ago: executing program 5 (id=7462):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb0100180000000000000000feffff1400000002000000000000000100000d000000000000000100"/62], 0x0, 0x2e, 0x0, 0x0, 0x20002}, 0x20)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000080004008006000008001b0000"], 0x30}}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[], 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000680)={0x84, &(0x7f00000001c0)={0x40, 0x17, 0x5, "739e2a166e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xa59e, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)

1.060295332s ago: executing program 4 (id=7463):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffe4858500000070000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x10, 0x10, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

985.560631ms ago: executing program 4 (id=7464):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x31)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845"], 0x0}, 0x94)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000fdff070008"], 0x50)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r2, 0x0, &(0x7f0000000200)=""/76}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b80)={r1, 0x20, &(0x7f0000000b40)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/151, 0x97}}, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000000400007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r6, 0xb03}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0xfe, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x31) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845"], 0x0}, 0x94) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000fdff070008"], 0x50) (async)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r2, 0x0, &(0x7f0000000200)=""/76}, 0x20) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b80)={r1, 0x20, &(0x7f0000000b40)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/151, 0x97}}, 0x10) (async)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000000400007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff) (async)
sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r6, 0xb03}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0xfe, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)

878.270437ms ago: executing program 4 (id=7465):
io_setup(0x7ff, &(0x7f0000000100)=<r0=>0x0)
r1 = eventfd2(0x8, 0x0)
io_submit(r0, 0x1, &(0x7f0000004500)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x1, r1, 0x0}])
read(r1, &(0x7f0000000480)=""/82, 0x52) (fail_nth: 2)

876.9114ms ago: executing program 1 (id=7466):
r0 = inotify_init()
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
ppoll(&(0x7f0000000240)=[{r1, 0x8094}], 0x1, &(0x7f00000001c0), 0x0, 0x0)
inotify_add_watch(r0, &(0x7f0000000340)='.\x00', 0xa50003d1)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000006c0)=""/189, 0xbd}], 0x1)
close(0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
mount(&(0x7f0000000900)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000080)='squashfs\x00', 0x1408009, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="d9ec94c7768cad56b6c5820fae9d6dcd3292ea54c7beef91", 0x18)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f00000001c0)=0x10001)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000040)=0x10000)
read$dsp(r3, 0x0, 0x4c)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000002c0)=0x1)
read$dsp(r3, &(0x7f0000000200)=""/168, 0xa8)
ioctl$SOUND_PCM_READ_BITS(r3, 0x80045005, &(0x7f0000000180))
r4 = accept4(r2, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}], 0x1, 0x40800)
recvmmsg$unix(r4, &(0x7f00000049c0)=[{{0x0, 0x0, &(0x7f0000001e00)=[{&(0x7f0000000ac0)=""/170, 0xaa}], 0x1}}], 0x1, 0x8060, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r5 = io_uring_setup(0x3450, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r5, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20)

538.190604ms ago: executing program 4 (id=7467):
io_setup(0x7ff, &(0x7f0000000100)=<r0=>0x0)
r1 = eventfd2(0x8, 0x0)
io_submit(r0, 0x1, &(0x7f0000004500)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x1, r1, 0x0}])
read(r1, &(0x7f0000000480)=""/82, 0x52)

521.63415ms ago: executing program 0 (id=7468):
syz_io_uring_submit(0x0, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09103b28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

478.461277ms ago: executing program 0 (id=7469):
r0 = memfd_create(&(0x7f0000000680)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYSp\xa5\xfd\ny\xdfS\xdbU\xf8l\xb5b\x83\x00\x00\x00\x00\xfc\x83\x18\xe46\x8a\x029\x19\x8fjC\xce\xa7S\x81\xd5\xda\x84\xdf\xe3A_\x05XCk\x1d\x1cC\x97r\x93\xd6t\x81b\xc7x\xab\xa2\xf0\av\x88\x01\x92\xeaF\xa9!\xfc\x1c\xbf7q\xcf\xed&\x96\xa6\x1c_\xff\xb4\x00X\x1b\xf2w\xc1\x00\x00\x00\x00\xe0T\x1f\xbc\x85\xd1Z\xa9\x01Z\xc2\xb0\f\x9a\x16\xa5?\xf74\x88\xeez@)&\xb5\a\xc1\v\xe7\xdf\x80\xe4\x9c\xf5f\x94jC\xb1\xcfh\xc5g\x02\xc6 U\xe5\xcea\x88\xee\x0f\xf57*\xb3\xe8iWTav\xff\xd9\xb0C\x1e\xbe\x97\xc8$-\x8d)\xe8\\\x8e;I\xde\x8a\x8e\x0fq\x06\xee\xb9\xc1\xf1)\xa0\xd9T\xec\x8b\x85I\x87OZ\xd8\"4\x87\xb1\xed?:\x84S\xb9\xbf\xab#\xd0N\x8f\x1ey7\x9286p\x10uZ\xf0', 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
readv(r1, &(0x7f0000000180)=[{&(0x7f0000000140)=""/28, 0x1c}], 0x1)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r0, {r1}}, './file0\x00'})
getpeername$l2tp6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @private1}, &(0x7f00000000c0)=0x20)

429.346413ms ago: executing program 4 (id=7470):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x4800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000080)=0x10000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
socket$inet6(0xa, 0x3, 0x5)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000041c3c965fff00000b0000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x2, r5}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000200), 0x1, r5}, 0x38)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
getdents(r8, &(0x7f0000000380)=""/200, 0x1d)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x541b, 0x0)
r10 = accept4$ax25(r8, &(0x7f0000000480)={{0x3, @rose}, [@null, @null, @rose, @default, @bcast, @netrom, @null, @rose]}, &(0x7f0000000180)=0xffffffd9, 0x800)
recvfrom$ax25(r10, &(0x7f0000000280)=""/151, 0x97, 0x10100, 0x0, 0x0)
r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r11)

338.032447ms ago: executing program 0 (id=7471):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000034700)=""/102400, 0x19000)
socket$inet6(0xa, 0x3, 0xff)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000a000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB], 0x48)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000306010200000000000000000a0000010500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
r2 = getpid()
process_vm_writev(r2, &(0x7f0000001800)=[{&(0x7f00000001c0)=""/62, 0x3e}, {0x0}, {&(0x7f00000003c0)=""/136, 0x88}, {&(0x7f0000000480)=""/133, 0x85}, {&(0x7f0000000580)=""/168, 0xa8}, {&(0x7f0000000640)=""/159, 0x9f}, {&(0x7f0000000700)=""/96, 0x60}, {&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000001780)=""/75, 0x4b}], 0x9, &(0x7f0000001940)=[{&(0x7f0000001980)=""/36, 0x24}, {0x0}], 0x2, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200), 0x800)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020)
openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
getegid()

0s ago: executing program 1 (id=7472):
fsopen(&(0x7f0000001340)='fusectl\x00', 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x0, 0x200, 0x80, 0x20000, 0xddb, 0x0, 0x8}, 0x1c)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettaction={0x14, 0x5a, 0x1}, 0x14}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r3, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
r4 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r4, 0x2285, 0x0)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x200000000000005, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="9bfb33e7e4ff004a17eb4f85ec84526c0800000000", @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f0000004180)={0x2020, 0x0, 0x0, 0x0, <r9=>0x0}, 0x2020)
syz_fuse_handle_req(r8, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x90, 0x0, 0x20000000, {0x3, 0x1, 0x0, 0x0, 0xffffffff, 0x0, {0x9, 0x200000000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x2, 0x0, r9, 0x101}}}, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

d: -71
[ 1436.228149][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.235438][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.242832][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.257004][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.264351][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.271661][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.278962][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.286267][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.293623][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.300920][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.308251][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.315964][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.323286][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.330593][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.337875][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.345152][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.356945][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.364251][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.371565][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.378935][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.386213][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.393496][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.400801][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.408157][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.415424][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.422697][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.429943][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.437197][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.444466][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.456857][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.464139][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.471400][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.478666][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.485943][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.493199][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.500453][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.507724][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.514985][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.522268][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.529586][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.536874][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.544135][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.556900][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.564183][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.571464][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.578729][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.586017][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.593308][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.600623][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.607926][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.615168][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.622423][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.629661][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.636909][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.644144][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.651405][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.666805][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.674065][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.681327][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.688578][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.695810][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.703107][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.710359][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.717591][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.724824][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.732090][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.739324][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.746563][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.753832][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.766801][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.774064][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.781333][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.788587][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.795816][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.803045][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.810288][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.817541][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.824782][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.832025][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.839262][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.846503][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.853748][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.866945][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.874219][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.881487][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.888748][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.895980][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.903236][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.913790][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.921531][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.929173][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.936429][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.943669][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.950928][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.958458][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.967106][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.983915][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1436.991429][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1437.000184][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1437.011942][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[ 1437.021288][    C0] usb 2-1: pegasus_irq - urb shutting down with status: -2
[ 1439.772156][T28039] netlink: 164 bytes leftover after parsing attributes in process `syz.4.6990'.
[ 1439.860597][ T5893] usb 2-1: USB disconnect, device number 101
[ 1440.758512][   T30] audit: type=1400 audit(1759540733.121:1643): avc:  denied  { create } for  pid=28054 comm="syz.3.6995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1441.003123][   T30] audit: type=1400 audit(1759540733.371:1644): avc:  denied  { read } for  pid=28054 comm="syz.3.6995" name="ptp0" dev="devtmpfs" ino=1264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1441.035036][   T30] audit: type=1400 audit(1759540733.401:1645): avc:  denied  { open } for  pid=28054 comm="syz.3.6995" path="/dev/ptp0" dev="devtmpfs" ino=1264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1441.060055][   T30] audit: type=1400 audit(1759540733.401:1646): avc:  denied  { ioctl } for  pid=28054 comm="syz.3.6995" path="/dev/ptp0" dev="devtmpfs" ino=1264 ioctlcmd=0x3d05 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1441.423868][T28065] FAULT_INJECTION: forcing a failure.
[ 1441.423868][T28065] name failslab, interval 1, probability 0, space 0, times 0
[ 1441.469259][T28065] CPU: 1 UID: 0 PID: 28065 Comm: syz.2.6997 Not tainted syzkaller #0 PREEMPT(full) 
[ 1441.469277][T28065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1441.469284][T28065] Call Trace:
[ 1441.469289][T28065]  <TASK>
[ 1441.469293][T28065]  dump_stack_lvl+0x16c/0x1f0
[ 1441.469313][T28065]  should_fail_ex+0x512/0x640
[ 1441.469330][T28065]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1441.469352][T28065]  should_failslab+0xc2/0x120
[ 1441.469367][T28065]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1441.469385][T28065]  ? skb_clone+0x190/0x3f0
[ 1441.469403][T28065]  ? skb_clone+0x190/0x3f0
[ 1441.469418][T28065]  skb_clone+0x190/0x3f0
[ 1441.469434][T28065]  netlink_deliver_tap+0xabd/0xd30
[ 1441.469454][T28065]  netlink_unicast+0x64c/0x870
[ 1441.469473][T28065]  ? __pfx_netlink_unicast+0x10/0x10
[ 1441.469490][T28065]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1441.469511][T28065]  netlink_sendmsg+0x8c8/0xdd0
[ 1441.469531][T28065]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1441.469552][T28065]  ____sys_sendmsg+0xa98/0xc70
[ 1441.469565][T28065]  ? copy_msghdr_from_user+0x10a/0x160
[ 1441.469581][T28065]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1441.469604][T28065]  ___sys_sendmsg+0x134/0x1d0
[ 1441.469621][T28065]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1441.469653][T28065]  __sys_sendmsg+0x16d/0x220
[ 1441.469669][T28065]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1441.469694][T28065]  do_syscall_64+0xcd/0x4e0
[ 1441.469711][T28065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1441.469723][T28065] RIP: 0033:0x7f9f7b58eec9
[ 1441.469732][T28065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1441.469743][T28065] RSP: 002b:00007f9f797cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1441.469754][T28065] RAX: ffffffffffffffda RBX: 00007f9f7b7e6090 RCX: 00007f9f7b58eec9
[ 1441.469761][T28065] RDX: 0000000000000000 RSI: 0000200000000c00 RDI: 0000000000000003
[ 1441.469767][T28065] RBP: 00007f9f797cd090 R08: 0000000000000000 R09: 0000000000000000
[ 1441.469774][T28065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1441.469780][T28065] R13: 00007f9f7b7e6128 R14: 00007f9f7b7e6090 R15: 00007ffc415cfa38
[ 1441.469794][T28065]  </TASK>
[ 1441.828150][T28068] vivid-004: =================  START STATUS  =================
[ 1441.836133][T28068] vivid-004: Radio HW Seek Mode: Bounded
[ 1441.852968][T28068] vivid-004: Radio Programmable HW Seek: false
[ 1441.863304][T28068] vivid-004: RDS Rx I/O Mode: Block I/O
[ 1441.877577][T28068] vivid-004: Generate RBDS Instead of RDS: false
[ 1441.888850][T28068] vivid-004: RDS Reception: true
[ 1441.911611][T28068] vivid-004: RDS Program Type: 0 inactive
[ 1441.935335][T28068] vivid-004: RDS PS Name:  inactive
[ 1441.945409][T28068] vivid-004: RDS Radio Text:  inactive
[ 1441.951431][T28068] vivid-004: RDS Traffic Announcement: false inactive
[ 1441.958724][T28068] vivid-004: RDS Traffic Program: false inactive
[ 1441.982151][T28068] vivid-004: RDS Music: false inactive
[ 1441.990434][T28068] vivid-004: ==================  END STATUS  ==================
[ 1442.336696][T20927] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[ 1442.509016][T20927] usb 2-1: too many configurations: 67, using maximum allowed: 8
[ 1442.630930][T20927] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1442.640223][T20927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1442.651443][T20927] usb 2-1: Product: syz
[ 1442.664144][T20927] usb 2-1: Manufacturer: syz
[ 1442.711054][T20927] usb 2-1: SerialNumber: syz
[ 1442.740796][T20927] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1442.752427][   T30] audit: type=1400 audit(1759540735.121:1647): avc:  denied  { firmware_load } for  pid=15879 comm="kworker/1:2" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[ 1442.801942][T15879] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1443.347557][   T30] audit: type=1400 audit(1759540735.431:1648): avc:  denied  { create } for  pid=28079 comm="syz.4.7002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1443.377956][   T30] audit: type=1400 audit(1759540735.501:1649): avc:  denied  { connect } for  pid=28079 comm="syz.4.7002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1443.404502][   T30] audit: type=1400 audit(1759540735.511:1650): avc:  denied  { bind } for  pid=28079 comm="syz.4.7002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1443.822419][    T9] usb 2-1: USB disconnect, device number 102
[ 1444.376805][T15879] usb 2-1: Service connection timeout for: 256
[ 1444.383120][T15879] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[ 1444.427776][T15879] ath9k_htc: Failed to initialize the device
[ 1444.529967][    T9] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1446.185057][T24799] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 1446.195120][T24799] CPU: 1 UID: 0 PID: 24799 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full) 
[ 1446.195148][T24799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1446.195161][T24799] Workqueue: hci1 hci_rx_work
[ 1446.195190][T24799] Call Trace:
[ 1446.195197][T24799]  <TASK>
[ 1446.195205][T24799]  dump_stack_lvl+0x16c/0x1f0
[ 1446.195235][T24799]  sysfs_warn_dup+0x7f/0xa0
[ 1446.195262][T24799]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1446.195289][T24799]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1446.195315][T24799]  ? find_held_lock+0x2b/0x80
[ 1446.195345][T24799]  ? do_raw_spin_unlock+0x172/0x230
[ 1446.195372][T24799]  kobject_add_internal+0x2c4/0x9b0
[ 1446.195395][T24799]  kobject_add+0x16e/0x240
[ 1446.195413][T24799]  ? __pfx_kobject_add+0x10/0x10
[ 1446.195433][T24799]  ? do_raw_spin_unlock+0x172/0x230
[ 1446.195457][T24799]  ? kobject_put+0xab/0x5a0
[ 1446.195494][T24799]  device_add+0x288/0x1aa0
[ 1446.195519][T24799]  ? __pfx_dev_set_name+0x10/0x10
[ 1446.195545][T24799]  ? __pfx_device_add+0x10/0x10
[ 1446.195569][T24799]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1446.195607][T24799]  hci_conn_add_sysfs+0x17e/0x230
[ 1446.195636][T24799]  le_conn_complete_evt+0x1260/0x2150
[ 1446.195669][T24799]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1446.195692][T24799]  ? hci_event_packet+0x459/0x11c0
[ 1446.195726][T24799]  hci_le_conn_complete_evt+0x23c/0x370
[ 1446.195757][T24799]  hci_le_meta_evt+0x354/0x5e0
[ 1446.195785][T24799]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1446.195815][T24799]  hci_event_packet+0x682/0x11c0
[ 1446.195840][T24799]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1446.195868][T24799]  ? __pfx_hci_event_packet+0x10/0x10
[ 1446.195896][T24799]  ? kcov_remote_start+0x3c9/0x6d0
[ 1446.195922][T24799]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1446.195954][T24799]  hci_rx_work+0x2c5/0x16b0
[ 1446.195983][T24799]  ? rcu_is_watching+0x12/0xc0
[ 1446.196014][T24799]  process_one_work+0x9cf/0x1b70
[ 1446.196049][T24799]  ? __pfx_process_one_work+0x10/0x10
[ 1446.196081][T24799]  ? assign_work+0x1a0/0x250
[ 1446.196106][T24799]  worker_thread+0x6c8/0xf10
[ 1446.196137][T24799]  ? __kthread_parkme+0x19e/0x250
[ 1446.196154][T24799]  ? __pfx_worker_thread+0x10/0x10
[ 1446.196178][T24799]  kthread+0x3c2/0x780
[ 1446.196201][T24799]  ? __pfx_kthread+0x10/0x10
[ 1446.196223][T24799]  ? rcu_is_watching+0x12/0xc0
[ 1446.196250][T24799]  ? __pfx_kthread+0x10/0x10
[ 1446.196272][T24799]  ret_from_fork+0x56a/0x730
[ 1446.196291][T24799]  ? __pfx_kthread+0x10/0x10
[ 1446.196313][T24799]  ret_from_fork_asm+0x1a/0x30
[ 1446.196350][T24799]  </TASK>
[ 1446.588150][T24799] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1446.605762][T24799] Bluetooth: hci1: failed to register connection device
[ 1447.447975][   T30] audit: type=1400 audit(1759540739.201:1651): avc:  denied  { mounton } for  pid=28118 comm="syz.2.7012" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 1447.621186][   T30] audit: type=1400 audit(1759540739.201:1652): avc:  denied  { mount } for  pid=28118 comm="syz.2.7012" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1447.676753][   T30] audit: type=1400 audit(1759540739.231:1653): avc:  denied  { setattr } for  pid=28118 comm="syz.2.7012" name="NETROM" dev="sockfs" ino=123489 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1447.704241][   T30] audit: type=1400 audit(1759540739.231:1654): avc:  denied  { ioctl } for  pid=28118 comm="syz.2.7012" path="socket:[123489]" dev="sockfs" ino=123489 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1448.353105][T28131] netlink: 164 bytes leftover after parsing attributes in process `syz.4.7015'.
[ 1448.621249][ T5823] Bluetooth: hci1: command 0x0406 tx timeout
[ 1451.417932][T26485] block nbd0: Possible stuck request ffff888025d05080: control (read@0,1024B). Runtime 660 seconds
[ 1451.417964][T26485] block nbd0: Possible stuck request ffff888025d05240: control (read@1024,1024B). Runtime 660 seconds
[ 1451.417978][T26485] block nbd0: Possible stuck request ffff888025d05400: control (read@2048,1024B). Runtime 660 seconds
[ 1451.436819][T26485] block nbd0: Possible stuck request ffff888025d055c0: control (read@3072,1024B). Runtime 660 seconds
[ 1451.937333][T28180] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7029'.
[ 1452.550952][T28184] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7028'.
[ 1452.639209][T28180] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7029'.
[ 1452.648196][T28180] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7029'.
[ 1454.186653][T20927] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1454.336664][T20927] usb 4-1: Using ep0 maxpacket: 8
[ 1455.092762][T20927] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1455.103449][T20927] usb 4-1: config 0 has no interfaces?
[ 1455.109131][T20927] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1455.118420][T20927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1455.177570][T20927] usb 4-1: config 0 descriptor??
[ 1455.379102][T28219] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7040'.
[ 1455.679671][T18949] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1455.870330][T18949] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1455.879897][T18949] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1455.890421][T18949] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1455.902810][T18949] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1455.918288][T18949] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1456.368995][T18949] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1456.378330][T18949] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1456.389858][T18949] usb 2-1: Product: syz
[ 1456.394050][T18949] usb 2-1: Manufacturer: syz
[ 1456.425504][T18949] cdc_wdm 2-1:1.0: skipping garbage
[ 1456.434208][T18949] cdc_wdm 2-1:1.0: skipping garbage
[ 1456.449726][T18949] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1456.456302][T18949] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1457.223483][T28245] binder: 28244:28245 unknown command 0
[ 1457.229260][T28245] binder: 28244:28245 ioctl c0306201 200000000080 returned -22
[ 1457.309331][   T30] audit: type=1400 audit(1759540749.681:1655): avc:  denied  { read } for  pid=28208 comm="syz.1.7037" name="ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1457.332343][   T30] audit: type=1400 audit(1759540749.681:1656): avc:  denied  { open } for  pid=28208 comm="syz.1.7037" path="/dev/ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1457.356537][   T30] audit: type=1400 audit(1759540749.691:1657): avc:  denied  { ioctl } for  pid=28208 comm="syz.1.7037" path="/dev/ppp" dev="devtmpfs" ino=708 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1457.381265][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1457.666724][    T9] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1457.819868][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1457.831020][    T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1457.840879][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1457.850551][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1457.861217][T28249] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[ 1457.887767][ T5893] usb 4-1: USB disconnect, device number 102
[ 1457.902249][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1458.376059][   T30] audit: type=1400 audit(1759540750.741:1658): avc:  denied  { read write } for  pid=28256 comm="syz.4.7049" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1458.400668][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1458.443669][   T30] audit: type=1400 audit(1759540750.741:1659): avc:  denied  { open } for  pid=28256 comm="syz.4.7049" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1458.468177][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1458.621485][T18949] usb 2-1: USB disconnect, device number 103
[ 1460.336948][T20927] usb 3-1: USB disconnect, device number 90
[ 1460.957162][T20927] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1461.108749][T20927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1461.122576][T20927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1461.166154][T20927] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1461.196874][T20927] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1461.205982][T20927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1461.253149][T20927] usb 3-1: config 0 descriptor??
[ 1461.907102][T20927] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1461.959233][   T30] audit: type=1400 audit(1759540754.331:1660): avc:  denied  { append } for  pid=28284 comm="syz.0.7057" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1462.005304][   T30] audit: type=1400 audit(1759540754.371:1661): avc:  denied  { getopt } for  pid=28284 comm="syz.0.7057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1462.107410][T28253] Set syz1 is full, maxelem 65536 reached
[ 1462.349703][T18949] usb 3-1: USB disconnect, device number 91
[ 1462.368436][   T30] audit: type=1400 audit(1759540754.741:1662): avc:  denied  { bind } for  pid=28284 comm="syz.0.7057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1462.446674][ T5893] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1462.618301][ T5893] usb 4-1: Using ep0 maxpacket: 8
[ 1462.625055][ T5893] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1462.644867][ T5893] usb 4-1: config 0 has no interfaces?
[ 1462.651039][ T5893] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1462.675551][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1462.692060][ T5893] usb 4-1: config 0 descriptor??
[ 1463.306644][T20927] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1463.466688][T20927] usb 3-1: Using ep0 maxpacket: 16
[ 1463.473627][T20927] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1463.492859][T20927] usb 3-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1463.522135][T20927] usb 3-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[ 1463.567454][T20927] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1463.574124][T20927] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1463.592552][T20927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1463.602783][T20927] usb 3-1: config 0 descriptor??
[ 1463.903636][   T30] audit: type=1400 audit(1759540756.271:1663): avc:  denied  { create } for  pid=28299 comm="syz.2.7061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1464.573015][T28309] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1464.640925][T28310] misc userio: Invalid payload size
[ 1466.077380][T28316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1466.168921][T14787] usb 4-1: USB disconnect, device number 103
[ 1466.244834][T20927] usbhid 3-1:0.0: can't add hid device: -71
[ 1466.267339][T20927] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1466.287848][T20927] usb 3-1: USB disconnect, device number 92
[ 1466.831076][T28328] sch_tbf: peakrate 7 is lower than or equals to rate 7 !
[ 1467.650389][T28338] vivid-001: =================  START STATUS  =================
[ 1467.892027][T28338] vivid-001: Radio HW Seek Mode: Bounded
[ 1467.919539][T28338] vivid-001: Radio Programmable HW Seek: false
[ 1467.929772][T28338] vivid-001: RDS Rx I/O Mode: Block I/O
[ 1467.938128][T28338] vivid-001: Generate RBDS Instead of RDS: false
[ 1468.189233][T28338] vivid-001: RDS Reception: true
[ 1468.196032][T28338] vivid-001: RDS Program Type: 0 inactive
[ 1468.202299][T28338] vivid-001: RDS PS Name:  inactive
[ 1468.345038][T28338] vivid-001: RDS Radio Text:  inactive
[ 1468.351333][T28338] vivid-001: RDS Traffic Announcement: false inactive
[ 1468.361435][T28338] vivid-001: RDS Traffic Program: false inactive
[ 1468.368222][T28338] vivid-001: RDS Music: false inactive
[ 1468.855247][T28338] vivid-001: ==================  END STATUS  ==================
[ 1469.566659][T20927] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[ 1469.918142][T20927] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1469.929162][T20927] usb 5-1: config 0 has no interfaces?
[ 1469.938819][T20927] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1469.948643][T20927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1469.976301][T20927] usb 5-1: config 0 descriptor??
[ 1470.379953][T28266] Set syz1 is full, maxelem 65536 reached
[ 1470.394825][   T30] audit: type=1400 audit(1759540762.761:1664): avc:  denied  { connect } for  pid=28363 comm="syz.3.7078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1470.457873][T20927] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1471.311121][T18949] usb 5-1: USB disconnect, device number 118
[ 1471.476159][T20927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1471.487792][T20927] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1471.516752][T20927] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1471.525810][T20927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1471.540525][   T30] audit: type=1400 audit(1759540763.901:1665): avc:  denied  { setopt } for  pid=28381 comm="syz.4.7082" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1471.546478][T20927] usb 3-1: config 0 descriptor??
[ 1471.598704][T20927] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1471.778586][T15879] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1472.442373][T15879] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1472.453418][T15879] usb 4-1: config 0 has no interfaces?
[ 1472.460624][T15879] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1472.470050][T15879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1472.482782][T15879] usb 4-1: config 0 descriptor??
[ 1473.308045][T28408] vxlan0: entered promiscuous mode
[ 1473.315037][T28408] vxlan0: entered allmulticast mode
[ 1473.330706][T18283] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1473.341598][T18283] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1473.355849][T18283] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1473.374750][T18283] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1473.411658][T15879] usb 3-1: USB disconnect, device number 93
[ 1473.776208][T14817] usb 4-1: USB disconnect, device number 104
[ 1474.690422][T28421] netlink: 164 bytes leftover after parsing attributes in process `syz.3.7092'.
[ 1474.965777][   T30] audit: type=1400 audit(1759540767.331:1666): avc:  denied  { getopt } for  pid=28431 comm="syz.0.7096" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1475.002367][   T30] audit: type=1400 audit(1759540767.371:1667): avc:  denied  { create } for  pid=28424 comm="syz.4.7094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1475.021881][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1476.877499][T28453] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7101'.
[ 1477.057671][T28459] vivid-000: =================  START STATUS  =================
[ 1477.118833][T28459] vivid-000: Radio HW Seek Mode: Bounded
[ 1477.127117][T28459] vivid-000: Radio Programmable HW Seek: false
[ 1477.236262][T28459] vivid-000: RDS Rx I/O Mode: Block I/O
[ 1477.244090][T28459] vivid-000: Generate RBDS Instead of RDS: false
[ 1477.250999][T28459] vivid-000: RDS Reception: true
[ 1477.259828][T28459] vivid-000: RDS Program Type: 0 inactive
[ 1477.266898][T28459] vivid-000: RDS PS Name:  inactive
[ 1477.960581][T28459] vivid-000: RDS Radio Text:  inactive
[ 1477.978671][T28459] vivid-000: RDS Traffic Announcement: false inactive
[ 1478.003297][T28459] vivid-000: RDS Traffic Program: false inactive
[ 1478.010024][T28459] vivid-000: RDS Music: false inactive
[ 1478.019218][T28459] vivid-000: ==================  END STATUS  ==================
[ 1478.030804][   T30] audit: type=1400 audit(1759540770.391:1668): avc:  denied  { create } for  pid=28456 comm="syz.2.7104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1478.486645][T15879] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[ 1478.647142][T28479] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7108'.
[ 1478.808422][T15879] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1478.827055][T15879] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1478.856540][T15879] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1478.889901][T15879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1478.953834][T28469] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1478.989609][T15879] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1479.836985][T28492] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1479.890927][T28494] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7113'.
[ 1480.257148][T18949] usb 5-1: USB disconnect, device number 119
[ 1480.850966][T28507] syzkaller0: entered promiscuous mode
[ 1480.856498][T28507] syzkaller0: entered allmulticast mode
[ 1481.661411][T26485] block nbd0: Possible stuck request ffff888025d05080: control (read@0,1024B). Runtime 690 seconds
[ 1481.674927][T26485] block nbd0: Possible stuck request ffff888025d05240: control (read@1024,1024B). Runtime 690 seconds
[ 1481.687532][T26485] block nbd0: Possible stuck request ffff888025d05400: control (read@2048,1024B). Runtime 690 seconds
[ 1481.976596][T26485] block nbd0: Possible stuck request ffff888025d055c0: control (read@3072,1024B). Runtime 690 seconds
[ 1484.099055][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.105343][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.306671][T18949] usb 2-1: new full-speed USB device number 104 using dummy_hcd
[ 1484.472572][T18949] usb 2-1: config 0 has an invalid interface number: 175 but max is 0
[ 1484.483769][T18949] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1484.553147][T18949] usb 2-1: config 0 has no interface number 0
[ 1484.741078][T18949] usb 2-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[ 1484.758549][T18949] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[ 1484.769850][T18949] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[ 1484.791718][T18949] usb 2-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[ 1484.843925][T18949] usb 2-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[ 1485.711359][T18949] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1485.755788][T18949] usb 2-1: Product: syz
[ 1485.768807][T18949] usb 2-1: Manufacturer: syz
[ 1485.773900][T18949] usb 2-1: SerialNumber: syz
[ 1485.802779][T18949] usb 2-1: config 0 descriptor??
[ 1485.811581][T18949] symbolserial 2-1:0.175: symbol converter detected
[ 1485.834050][T18949] usb 2-1: symbol converter now attached to ttyUSB0
[ 1486.059906][T28525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1486.068468][T28525] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1486.596907][ T5893] usb 2-1: USB disconnect, device number 104
[ 1486.640099][ T5893] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[ 1486.649789][ T5893] symbolserial 2-1:0.175: device disconnected
[ 1487.661685][T28532] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[ 1489.059073][T28564] vlan2: entered promiscuous mode
[ 1489.066629][T28564] vlan2: entered allmulticast mode
[ 1489.071847][T28564] hsr_slave_1: entered allmulticast mode
[ 1489.938133][T28585] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[ 1491.451388][T28600] netlink: 277 bytes leftover after parsing attributes in process `syz.2.7138'.
[ 1493.599588][   T30] audit: type=1400 audit(1759540785.971:1669): avc:  denied  { write } for  pid=28609 comm="syz.2.7142" name="ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1495.312079][T28631] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[ 1496.413682][T28634] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1496.886661][T14817] usb 5-1: new high-speed USB device number 120 using dummy_hcd
[ 1497.096952][T14817] usb 5-1: Using ep0 maxpacket: 8
[ 1497.326797][T14817] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1497.342727][T14817] usb 5-1: config 0 has no interfaces?
[ 1497.356674][T14817] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1497.390273][T14817] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1497.400739][T14817] usb 5-1: config 0 descriptor??
[ 1497.544101][T28655] vivid-000: =================  START STATUS  =================
[ 1497.551814][T28655] vivid-000: Radio HW Seek Mode: Bounded
[ 1497.557702][T28655] vivid-000: Radio Programmable HW Seek: false
[ 1497.563858][T28655] vivid-000: RDS Rx I/O Mode: Block I/O
[ 1497.569518][T28655] vivid-000: Generate RBDS Instead of RDS: false
[ 1497.575871][T28655] vivid-000: RDS Reception: true
[ 1497.592390][T28655] vivid-000: RDS Program Type: 0 inactive
[ 1497.599404][T28655] vivid-000: RDS PS Name:  inactive
[ 1497.604798][T28655] vivid-000: RDS Radio Text:  inactive
[ 1497.615130][T28655] vivid-000: RDS Traffic Announcement: false inactive
[ 1497.991802][T28655] vivid-000: RDS Traffic Program: false inactive
[ 1498.017549][T28655] vivid-000: RDS Music: false inactive
[ 1498.023726][T28655] vivid-000: ==================  END STATUS  ==================
[ 1498.576996][T28666] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7158'.
[ 1498.797594][   T30] audit: type=1400 audit(1759540791.131:1670): avc:  denied  { ioctl } for  pid=28667 comm="syz.2.7159" path="socket:[126694]" dev="sockfs" ino=126694 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1498.904460][T28666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7158'.
[ 1498.914969][T28666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7158'.
[ 1499.315085][   T30] audit: type=1400 audit(1759540791.651:1671): avc:  denied  { shutdown } for  pid=28672 comm="syz.0.7160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1499.742508][T28689] netlink: 277 bytes leftover after parsing attributes in process `syz.1.7162'.
[ 1500.677410][T20927] usb 5-1: USB disconnect, device number 120
[ 1501.342916][   T30] audit: type=1400 audit(1759540793.711:1672): avc:  denied  { create } for  pid=28706 comm="syz.4.7166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[ 1501.440093][   T30] audit: type=1400 audit(1759540793.811:1673): avc:  denied  { unmount } for  pid=24084 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1501.639250][ T5893] usb 5-1: new full-speed USB device number 121 using dummy_hcd
[ 1501.771374][T28714] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7167'.
[ 1501.847894][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1501.861072][ T5893] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[ 1501.870790][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1501.931409][ T5893] usb 5-1: config 0 descriptor??
[ 1502.027848][ T5823] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1502.038005][ T5823] CPU: 1 UID: 0 PID: 5823 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[ 1502.038031][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1502.038044][ T5823] Workqueue: hci5 hci_rx_work
[ 1502.038074][ T5823] Call Trace:
[ 1502.038081][ T5823]  <TASK>
[ 1502.038089][ T5823]  dump_stack_lvl+0x16c/0x1f0
[ 1502.038108][ T5823]  sysfs_warn_dup+0x7f/0xa0
[ 1502.038125][ T5823]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1502.038146][ T5823]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1502.038168][ T5823]  ? find_held_lock+0x2b/0x80
[ 1502.038198][ T5823]  ? do_raw_spin_unlock+0x172/0x230
[ 1502.038223][ T5823]  kobject_add_internal+0x2c4/0x9b0
[ 1502.038241][ T5823]  kobject_add+0x16e/0x240
[ 1502.038252][ T5823]  ? __pfx_kobject_add+0x10/0x10
[ 1502.038265][ T5823]  ? do_raw_spin_unlock+0x172/0x230
[ 1502.038280][ T5823]  ? kobject_put+0xab/0x5a0
[ 1502.038306][ T5823]  device_add+0x288/0x1aa0
[ 1502.038329][ T5823]  ? __pfx_dev_set_name+0x10/0x10
[ 1502.038353][ T5823]  ? __pfx_device_add+0x10/0x10
[ 1502.038374][ T5823]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1502.038395][ T5823]  hci_conn_add_sysfs+0x17e/0x230
[ 1502.038413][ T5823]  le_conn_complete_evt+0x1260/0x2150
[ 1502.038431][ T5823]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1502.038450][ T5823]  ? hci_event_packet+0x459/0x11c0
[ 1502.038482][ T5823]  hci_le_conn_complete_evt+0x23c/0x370
[ 1502.038511][ T5823]  hci_le_meta_evt+0x354/0x5e0
[ 1502.038529][ T5823]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1502.038546][ T5823]  hci_event_packet+0x682/0x11c0
[ 1502.038561][ T5823]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1502.038577][ T5823]  ? __pfx_hci_event_packet+0x10/0x10
[ 1502.038604][ T5823]  ? kcov_remote_start+0x3d9/0x6d0
[ 1502.038634][ T5823]  hci_rx_work+0x2c5/0x16b0
[ 1502.038665][ T5823]  process_one_work+0x9cf/0x1b70
[ 1502.038684][ T5823]  ? __pfx_process_one_work+0x10/0x10
[ 1502.038702][ T5823]  ? assign_work+0x1a0/0x250
[ 1502.038717][ T5823]  worker_thread+0x6c8/0xf10
[ 1502.038748][ T5823]  ? __pfx_worker_thread+0x10/0x10
[ 1502.038773][ T5823]  kthread+0x3c2/0x780
[ 1502.038794][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1502.038812][ T5823]  ? rcu_is_watching+0x12/0xc0
[ 1502.038829][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1502.038843][ T5823]  ret_from_fork+0x56a/0x730
[ 1502.038855][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1502.038868][ T5823]  ret_from_fork_asm+0x1a/0x30
[ 1502.038905][ T5823]  </TASK>
[ 1502.039049][ T5823] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1502.283365][ T5823] Bluetooth: hci5: failed to register connection device
[ 1502.697921][ T5893] greenasia 0003:0E8F:0012.0012: item fetching failed at offset 5/7
[ 1502.773355][ T5893] greenasia 0003:0E8F:0012.0012: parse failed
[ 1502.795241][ T5893] greenasia 0003:0E8F:0012.0012: probe with driver greenasia failed with error -22
[ 1503.850551][T20927] usb 5-1: USB disconnect, device number 121
[ 1504.296691][T24799] Bluetooth: hci5: command 0x0406 tx timeout
[ 1505.696724][T20927] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[ 1505.766885][T27458] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1505.873529][T20927] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1505.886281][T20927] usb 2-1: config 0 has no interfaces?
[ 1505.892246][T20927] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1505.912578][T20927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1505.939969][T20927] usb 2-1: config 0 descriptor??
[ 1505.966598][T27458] usb 3-1: Using ep0 maxpacket: 8
[ 1505.986610][T27458] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1506.003012][T27458] usb 3-1: config 0 has no interfaces?
[ 1506.016612][T27458] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[ 1506.042332][T27458] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1506.052990][T27458] usb 3-1: config 0 descriptor??
[ 1506.326689][T27458] usb 5-1: new high-speed USB device number 122 using dummy_hcd
[ 1506.609628][T27458] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1506.619531][T27458] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1506.627813][T27458] usb 5-1: Product: syz
[ 1506.632034][T27458] usb 5-1: Manufacturer: syz
[ 1506.636881][T27458] usb 5-1: SerialNumber: syz
[ 1506.646981][T27458] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1506.661298][T14787] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1507.283139][ T5893] usb 5-1: USB disconnect, device number 122
[ 1507.736888][T14787] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1507.743987][T14787] ath9k_htc: Failed to initialize the device
[ 1507.750606][ T5893] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1507.941138][T18949] usb 2-1: USB disconnect, device number 105
[ 1508.352425][ T5893] usb 3-1: USB disconnect, device number 94
[ 1508.467744][T18949] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[ 1508.976948][T18949] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1509.008881][T18949] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1509.019836][T18949] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1509.037309][T18949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1509.049650][T28767] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1509.061679][T18949] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[ 1509.626252][T27458] usb 2-1: USB disconnect, device number 106
[ 1509.740685][T28783] FAULT_INJECTION: forcing a failure.
[ 1509.740685][T28783] name failslab, interval 1, probability 0, space 0, times 0
[ 1509.753605][T28783] CPU: 0 UID: 0 PID: 28783 Comm: syz.0.7188 Not tainted syzkaller #0 PREEMPT(full) 
[ 1509.753630][T28783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1509.753640][T28783] Call Trace:
[ 1509.753646][T28783]  <TASK>
[ 1509.753653][T28783]  dump_stack_lvl+0x16c/0x1f0
[ 1509.753683][T28783]  should_fail_ex+0x512/0x640
[ 1509.753709][T28783]  ? __kmalloc_noprof+0xca/0x880
[ 1509.753737][T28783]  should_failslab+0xc2/0x120
[ 1509.753759][T28783]  __kmalloc_noprof+0xdd/0x880
[ 1509.753785][T28783]  ? bpf_test_init.isra.0+0x88/0x130
[ 1509.753812][T28783]  ? bpf_test_init.isra.0+0x88/0x130
[ 1509.753833][T28783]  bpf_test_init.isra.0+0x88/0x130
[ 1509.753859][T28783]  bpf_prog_test_run_xdp+0x556/0x1670
[ 1509.753890][T28783]  ? __fget_files+0x204/0x3c0
[ 1509.753912][T28783]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1509.753939][T28783]  ? __might_fault+0x50/0x190
[ 1509.753959][T28783]  ? fput+0x9b/0xd0
[ 1509.753983][T28783]  ? __bpf_prog_get+0x97/0x2a0
[ 1509.754004][T28783]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[ 1509.754027][T28783]  __sys_bpf+0x1032/0x4980
[ 1509.754048][T28783]  ? __pfx___sys_bpf+0x10/0x10
[ 1509.754064][T28783]  ? find_held_lock+0x2b/0x80
[ 1509.754094][T28783]  ? find_held_lock+0x2b/0x80
[ 1509.754125][T28783]  ? __mutex_unlock_slowpath+0x161/0x7b0
[ 1509.754164][T28783]  ? fput+0x9b/0xd0
[ 1509.754187][T28783]  ? ksys_write+0x1ac/0x250
[ 1509.754205][T28783]  ? __pfx_ksys_write+0x10/0x10
[ 1509.754228][T28783]  __x64_sys_bpf+0x78/0xc0
[ 1509.754244][T28783]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1509.754268][T28783]  do_syscall_64+0xcd/0x4e0
[ 1509.754294][T28783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.754312][T28783] RIP: 0033:0x7f509938eec9
[ 1509.754327][T28783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1509.754343][T28783] RSP: 002b:00007f509a197038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1509.754361][T28783] RAX: ffffffffffffffda RBX: 00007f50995e5fa0 RCX: 00007f509938eec9
[ 1509.754373][T28783] RDX: 0000000000000050 RSI: 0000200000000600 RDI: 000000000000000a
[ 1509.754384][T28783] RBP: 00007f509a197090 R08: 0000000000000000 R09: 0000000000000000
[ 1509.754395][T28783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1509.754412][T28783] R13: 00007f50995e6038 R14: 00007f50995e5fa0 R15: 00007ffc0cd3ff58
[ 1509.754437][T28783]  </TASK>
[ 1510.084519][   T30] audit: type=1400 audit(1759540802.411:1674): avc:  denied  { name_bind } for  pid=28784 comm="syz.2.7187" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1510.100707][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1510.459193][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1510.513443][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1510.521150][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1510.530590][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1510.541620][   T30] audit: type=1400 audit(1759540802.911:1675): avc:  denied  { mounton } for  pid=28788 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 1511.254637][T28788] chnl_net:caif_netlink_parms(): no params data found
[ 1511.294427][T28808] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7191'.
[ 1511.380734][T28788] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1511.392387][T28788] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1511.401456][T28788] bridge_slave_0: entered allmulticast mode
[ 1511.410134][T28788] bridge_slave_0: entered promiscuous mode
[ 1511.419981][T28788] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1511.502789][T28788] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1511.519758][T28788] bridge_slave_1: entered allmulticast mode
[ 1511.530577][T28788] bridge_slave_1: entered promiscuous mode
[ 1511.601281][T28788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1511.850695][T28788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1511.908263][T28788] team0: Port device team_slave_0 added
[ 1511.928953][T28788] team0: Port device team_slave_1 added
[ 1512.160457][T28788] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1512.167576][T28788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1512.618827][ T5823] Bluetooth: hci3: command tx timeout
[ 1512.643038][T26485] block nbd0: Possible stuck request ffff888025d05080: control (read@0,1024B). Runtime 720 seconds
[ 1512.653887][T26485] block nbd0: Possible stuck request ffff888025d05240: control (read@1024,1024B). Runtime 720 seconds
[ 1512.664950][T26485] block nbd0: Possible stuck request ffff888025d05400: control (read@2048,1024B). Runtime 720 seconds
[ 1512.676018][T26485] block nbd0: Possible stuck request ffff888025d055c0: control (read@3072,1024B). Runtime 720 seconds
[ 1512.687336][T28788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1512.758730][T28788] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1512.765731][T28788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1512.798840][T28788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1513.740591][T28788] hsr_slave_0: entered promiscuous mode
[ 1513.757329][T28788] hsr_slave_1: entered promiscuous mode
[ 1514.207121][T28788] debugfs: 'hsr0' already exists in 'hsr'
[ 1514.231854][T28788] Cannot create hsr debugfs directory
[ 1514.696667][ T5823] Bluetooth: hci3: command tx timeout
[ 1516.105603][   T30] audit: type=1400 audit(1759540808.471:1676): avc:  denied  { setattr } for  pid=28851 comm="syz.0.7204" name="file0" dev="tmpfs" ino=1179 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1516.162347][T28788] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1516.195629][T28788] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1516.282617][T28788] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1516.302670][T28788] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1516.364986][   T30] audit: type=1326 audit(1759540808.731:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1516.556820][   T30] audit: type=1326 audit(1759540808.761:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1516.588331][   T30] audit: type=1326 audit(1759540808.781:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1516.654315][   T30] audit: type=1326 audit(1759540808.781:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1516.686733][   T30] audit: type=1326 audit(1759540808.781:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1516.781005][ T5823] Bluetooth: hci3: command tx timeout
[ 1516.807190][   T30] audit: type=1326 audit(1759540808.781:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1516.996922][   T30] audit: type=1326 audit(1759540808.781:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1517.046881][   T30] audit: type=1326 audit(1759540808.781:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28867 comm="syz.1.7206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f518eb8eec9 code=0x7ffc0000
[ 1517.082496][T28788] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1517.129154][   T30] audit: type=1400 audit(1759540809.501:1685): avc:  denied  { read } for  pid=28879 comm="syz.1.7208" name="nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1517.262873][T28788] 8021q: adding VLAN 0 to HW filter on device team0
[ 1517.325067][T28788] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1517.335634][T28788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1517.877205][ T4580] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1517.884372][ T4580] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1517.908551][ T4580] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1517.915684][ T4580] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1518.254392][T15879] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1518.614849][T15879] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1518.642096][T15879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1518.666032][T15879] usb 3-1: Product: syz
[ 1518.672795][T15879] usb 3-1: Manufacturer: syz
[ 1518.688606][T15879] usb 3-1: SerialNumber: syz
[ 1518.705567][T15879] usb 3-1: config 0 descriptor??
[ 1518.731071][T15879] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 095
[ 1518.762670][T28788] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1518.946607][ T5823] Bluetooth: hci3: command tx timeout
[ 1519.189717][T28910] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1519.231105][T15879]  (null): failure reading functionality
[ 1519.238279][T28788] veth0_vlan: entered promiscuous mode
[ 1519.239881][T15879] i2c i2c-1: connected i2c-tiny-usb device
[ 1519.249444][T28788] veth1_vlan: entered promiscuous mode
[ 1519.320386][T28788] veth0_macvtap: entered promiscuous mode
[ 1519.391347][T28788] veth1_macvtap: entered promiscuous mode
[ 1519.643112][ T5893] usb 3-1: USB disconnect, device number 95
[ 1519.692097][T28788] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1519.749861][T28788] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1519.770256][T26635] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.798398][T26635] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.827490][T26635] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1519.853657][T26635] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1520.028575][T28920] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7219'.
[ 1520.144119][T12648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1520.164358][T12648] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1520.354493][T28860] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1520.370727][T28860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1520.741912][T28934] netlink: 164 bytes leftover after parsing attributes in process `syz.4.7222'.
[ 1520.839271][T28937] netlink: 277 bytes leftover after parsing attributes in process `syz.0.7223'.
[ 1522.076168][T28945] ªªªªªª: renamed from wg2 (while UP)
[ 1523.096902][T14817] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1523.283298][T14817] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1523.293100][T14817] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1523.329293][T14817] usb 3-1: Product: syz
[ 1523.348607][T14817] usb 3-1: Manufacturer: syz
[ 1523.353332][T14817] usb 3-1: SerialNumber: syz
[ 1523.399002][T14817] usb 3-1: config 0 descriptor??
[ 1523.548180][T14817] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 096
[ 1523.624072][T28966] netlink: 277 bytes leftover after parsing attributes in process `syz.0.7228'.
[ 1524.076690][ T5893] usb 5-1: new high-speed USB device number 123 using dummy_hcd
[ 1524.225472][T14817]  (null): failure reading functionality
[ 1524.652315][T14817] i2c i2c-1: connected i2c-tiny-usb device
[ 1524.728786][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1524.755106][T14817] usb 3-1: USB disconnect, device number 96
[ 1524.768121][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1524.781142][ T5893] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1524.796644][ T5893] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1525.023515][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1525.066187][ T5893] usb 5-1: config 0 descriptor??
[ 1525.155355][T28974] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7231'.
[ 1526.235771][ T5893] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1526.508023][T28977] netlink: 192 bytes leftover after parsing attributes in process `syz.2.7232'.
[ 1526.800453][T28985] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7234'.
[ 1526.810639][T27458] usb 5-1: USB disconnect, device number 123
[ 1527.514517][T28996] syzkaller0: entered promiscuous mode
[ 1527.520086][T28996] syzkaller0: entered allmulticast mode
[ 1528.838128][T29005] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7241'.
[ 1529.082693][T29007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7241'.
[ 1529.091791][T29007] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7241'.
[ 1530.227048][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1530.227064][   T30] audit: type=1400 audit(1759540822.591:1695): avc:  denied  { unmount } for  pid=24797 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1531.895544][T29028] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7246'.
[ 1532.299382][T29031] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7247'.
[ 1532.820043][   T30] audit: type=1400 audit(1759540825.181:1696): avc:  denied  { watch } for  pid=29038 comm="syz.4.7251" path="/174/file0" dev="tmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1532.830948][T29042] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7251'.
[ 1533.013675][   T30] audit: type=1400 audit(1759540825.181:1697): avc:  denied  { watch_sb watch_reads } for  pid=29038 comm="syz.4.7251" path="/174/file0" dev="tmpfs" ino=955 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1533.384702][   T30] audit: type=1326 audit(1759540825.751:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=29038 comm="syz.4.7251" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5d79f8eec9 code=0x0
[ 1533.485122][T29052] netlink: 277 bytes leftover after parsing attributes in process `syz.5.7252'.
[ 1534.764965][T29064] FAULT_INJECTION: forcing a failure.
[ 1534.764965][T29064] name failslab, interval 1, probability 0, space 0, times 0
[ 1534.780432][T29064] CPU: 0 UID: 0 PID: 29064 Comm: syz.2.7258 Not tainted syzkaller #0 PREEMPT(full) 
[ 1534.780456][T29064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1534.780468][T29064] Call Trace:
[ 1534.780474][T29064]  <TASK>
[ 1534.780481][T29064]  dump_stack_lvl+0x16c/0x1f0
[ 1534.780509][T29064]  should_fail_ex+0x512/0x640
[ 1534.780531][T29064]  ? __kmalloc_cache_noprof+0x5f/0x780
[ 1534.780557][T29064]  should_failslab+0xc2/0x120
[ 1534.780577][T29064]  __kmalloc_cache_noprof+0x72/0x780
[ 1534.780601][T29064]  ? sctp_datamsg_from_user+0x8d/0x1330
[ 1534.780627][T29064]  ? sctp_datamsg_from_user+0x8d/0x1330
[ 1534.780649][T29064]  sctp_datamsg_from_user+0x8d/0x1330
[ 1534.780680][T29064]  ? __genradix_ptr+0x148/0x1a0
[ 1534.780699][T29064]  sctp_sendmsg_to_asoc+0xae2/0x1bd0
[ 1534.780732][T29064]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[ 1534.780755][T29064]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1534.780777][T29064]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1534.780805][T29064]  ? sctp_sendmsg_check_sflags+0x176/0x320
[ 1534.780831][T29064]  sctp_sendmsg+0xe99/0x1e00
[ 1534.780873][T29064]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1534.780894][T29064]  ? __pfx_sock_has_perm+0x10/0x10
[ 1534.780921][T29064]  ? __import_iovec+0x1dd/0x650
[ 1534.780935][T29064]  ? __might_fault+0xe3/0x190
[ 1534.780949][T29064]  ? __might_fault+0x13b/0x190
[ 1534.780963][T29064]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1534.780981][T29064]  inet_sendmsg+0x119/0x140
[ 1534.781002][T29064]  ____sys_sendmsg+0x973/0xc70
[ 1534.781020][T29064]  ? copy_msghdr_from_user+0x10a/0x160
[ 1534.781044][T29064]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1534.781066][T29064]  ? __pfx__kstrtoull+0x10/0x10
[ 1534.781094][T29064]  ___sys_sendmsg+0x134/0x1d0
[ 1534.781117][T29064]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1534.781150][T29064]  ? find_held_lock+0x2b/0x80
[ 1534.781186][T29064]  __sys_sendmmsg+0x200/0x420
[ 1534.781210][T29064]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1534.781247][T29064]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1534.781284][T29064]  ? fput+0x9b/0xd0
[ 1534.781309][T29064]  ? ksys_write+0x1ac/0x250
[ 1534.781324][T29064]  ? __pfx_ksys_write+0x10/0x10
[ 1534.781344][T29064]  __x64_sys_sendmmsg+0x9c/0x100
[ 1534.781365][T29064]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1534.781386][T29064]  do_syscall_64+0xcd/0x4e0
[ 1534.781413][T29064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.781429][T29064] RIP: 0033:0x7f9f7b58eec9
[ 1534.781442][T29064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1534.781457][T29064] RSP: 002b:00007f9f797ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1534.781472][T29064] RAX: ffffffffffffffda RBX: 00007f9f7b7e5fa0 RCX: 00007f9f7b58eec9
[ 1534.781482][T29064] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
[ 1534.781492][T29064] RBP: 00007f9f797ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1534.781501][T29064] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 1534.781510][T29064] R13: 00007f9f7b7e6038 R14: 00007f9f7b7e5fa0 R15: 00007ffc415cfa38
[ 1534.781531][T29064]  </TASK>
[ 1535.240783][ T5893] usb 5-1: new high-speed USB device number 124 using dummy_hcd
[ 1535.563999][ T5893] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1535.573763][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1535.596521][T29072] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7260'.
[ 1535.628654][ T5893] usb 5-1: Product: syz
[ 1535.633153][ T5893] usb 5-1: Manufacturer: syz
[ 1535.643551][ T5893] usb 5-1: SerialNumber: syz
[ 1535.717347][ T5893] usb 5-1: config 0 descriptor??
[ 1536.058328][ T5893] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 124
[ 1536.346226][ T5893]  (null): failure setting delay to 10us
[ 1536.369644][ T5893] i2c-tiny-usb 5-1:0.0: probe with driver i2c-tiny-usb failed with error -5
[ 1536.403866][ T5893] usb 5-1: USB disconnect, device number 124
[ 1536.668348][T29083] FAULT_INJECTION: forcing a failure.
[ 1536.668348][T29083] name failslab, interval 1, probability 0, space 0, times 0
[ 1536.696885][T29083] CPU: 0 UID: 0 PID: 29083 Comm: syz.5.7264 Not tainted syzkaller #0 PREEMPT(full) 
[ 1536.696908][T29083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1536.696918][T29083] Call Trace:
[ 1536.696923][T29083]  <TASK>
[ 1536.696930][T29083]  dump_stack_lvl+0x16c/0x1f0
[ 1536.696957][T29083]  should_fail_ex+0x512/0x640
[ 1536.696979][T29083]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[ 1536.696997][T29083]  should_failslab+0xc2/0x120
[ 1536.697015][T29083]  kmem_cache_alloc_node_noprof+0x78/0x770
[ 1536.697029][T29083]  ? __alloc_skb+0x2b2/0x380
[ 1536.697054][T29083]  ? __alloc_skb+0x2b2/0x380
[ 1536.697071][T29083]  ? __pfx_avc_has_perm+0x10/0x10
[ 1536.697086][T29083]  __alloc_skb+0x2b2/0x380
[ 1536.697105][T29083]  ? __pfx___alloc_skb+0x10/0x10
[ 1536.697123][T29083]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1536.697144][T29083]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1536.697170][T29083]  netlink_alloc_large_skb+0x69/0x140
[ 1536.697196][T29083]  netlink_sendmsg+0x698/0xdd0
[ 1536.697243][T29083]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1536.697277][T29083]  ____sys_sendmsg+0xa98/0xc70
[ 1536.697296][T29083]  ? copy_msghdr_from_user+0x10a/0x160
[ 1536.697317][T29083]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1536.697334][T29083]  ___sys_sendmsg+0x134/0x1d0
[ 1536.697351][T29083]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1536.697382][T29083]  __sys_sendmsg+0x16d/0x220
[ 1536.697398][T29083]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1536.697422][T29083]  do_syscall_64+0xcd/0x4e0
[ 1536.697439][T29083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1536.697452][T29083] RIP: 0033:0x7f874678eec9
[ 1536.697461][T29083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1536.697473][T29083] RSP: 002b:00007f8747579038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1536.697484][T29083] RAX: ffffffffffffffda RBX: 00007f87469e5fa0 RCX: 00007f874678eec9
[ 1536.697491][T29083] RDX: 0000000020004804 RSI: 0000200000000000 RDI: 0000000000000004
[ 1536.697498][T29083] RBP: 00007f8747579090 R08: 0000000000000000 R09: 0000000000000000
[ 1536.697505][T29083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1536.697511][T29083] R13: 00007f87469e6038 R14: 00007f87469e5fa0 R15: 00007ffe90625a88
[ 1536.697524][T29083]  </TASK>
[ 1537.120129][T29086] FAULT_INJECTION: forcing a failure.
[ 1537.120129][T29086] name failslab, interval 1, probability 0, space 0, times 0
[ 1537.132978][T29086] CPU: 0 UID: 0 PID: 29086 Comm: syz.2.7265 Not tainted syzkaller #0 PREEMPT(full) 
[ 1537.132993][T29086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1537.133000][T29086] Call Trace:
[ 1537.133004][T29086]  <TASK>
[ 1537.133009][T29086]  dump_stack_lvl+0x16c/0x1f0
[ 1537.133029][T29086]  should_fail_ex+0x512/0x640
[ 1537.133046][T29086]  ? fs_reclaim_acquire+0xae/0x150
[ 1537.133061][T29086]  should_failslab+0xc2/0x120
[ 1537.133075][T29086]  __kmalloc_noprof+0xdd/0x880
[ 1537.133092][T29086]  ? tomoyo_encode2+0x100/0x3e0
[ 1537.133112][T29086]  ? tomoyo_encode2+0x100/0x3e0
[ 1537.133127][T29086]  tomoyo_encode2+0x100/0x3e0
[ 1537.133145][T29086]  tomoyo_encode+0x29/0x50
[ 1537.133161][T29086]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1537.133179][T29086]  ? tomoyo_profile+0x47/0x60
[ 1537.133191][T29086]  tomoyo_path_number_perm+0x245/0x580
[ 1537.133205][T29086]  ? tomoyo_path_number_perm+0x237/0x580
[ 1537.133221][T29086]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1537.133236][T29086]  ? find_held_lock+0x2b/0x80
[ 1537.133264][T29086]  ? find_held_lock+0x2b/0x80
[ 1537.133279][T29086]  ? hook_file_ioctl_common+0x145/0x410
[ 1537.133294][T29086]  ? __fget_files+0x20e/0x3c0
[ 1537.133308][T29086]  security_file_ioctl+0x9b/0x240
[ 1537.133326][T29086]  __x64_sys_ioctl+0xb7/0x210
[ 1537.133344][T29086]  do_syscall_64+0xcd/0x4e0
[ 1537.133361][T29086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1537.133373][T29086] RIP: 0033:0x7f9f7b58eec9
[ 1537.133381][T29086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1537.133392][T29086] RSP: 002b:00007f9f797ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1537.133403][T29086] RAX: ffffffffffffffda RBX: 00007f9f7b7e5fa0 RCX: 00007f9f7b58eec9
[ 1537.133410][T29086] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1537.133417][T29086] RBP: 00007f9f797ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1537.133424][T29086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1537.133430][T29086] R13: 00007f9f7b7e6038 R14: 00007f9f7b7e5fa0 R15: 00007ffc415cfa38
[ 1537.133445][T29086]  </TASK>
[ 1537.133532][T29086] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1537.365913][   T30] audit: type=1400 audit(1759540829.731:1699): avc:  denied  { read } for  pid=29088 comm="syz.4.7266" path="socket:[129939]" dev="sockfs" ino=129939 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1537.420229][   T30] audit: type=1400 audit(1759540829.791:1700): avc:  denied  { ioctl } for  pid=29088 comm="syz.4.7266" path="socket:[129953]" dev="sockfs" ino=129953 ioctlcmd=0xaea3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1537.450530][   T30] audit: type=1400 audit(1759540829.791:1701): avc:  denied  { setattr } for  pid=29088 comm="syz.4.7266" path="socket:[129948]" dev="sockfs" ino=129948 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1537.507169][   T30] audit: type=1400 audit(1759540829.791:1702): avc:  denied  { ioctl } for  pid=29088 comm="syz.4.7266" path="socket:[129951]" dev="sockfs" ino=129951 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1538.429958][   T30] audit: type=1400 audit(1759540830.791:1703): avc:  denied  { bind } for  pid=29105 comm="syz.2.7270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1538.469687][   T30] audit: type=1400 audit(1759540830.801:1704): avc:  denied  { write } for  pid=29105 comm="syz.2.7270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1538.521307][T29110] FAULT_INJECTION: forcing a failure.
[ 1538.521307][T29110] name failslab, interval 1, probability 0, space 0, times 0
[ 1538.576777][T29110] CPU: 1 UID: 0 PID: 29110 Comm: syz.1.7272 Not tainted syzkaller #0 PREEMPT(full) 
[ 1538.576800][T29110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1538.576810][T29110] Call Trace:
[ 1538.576816][T29110]  <TASK>
[ 1538.576821][T29110]  dump_stack_lvl+0x16c/0x1f0
[ 1538.576841][T29110]  should_fail_ex+0x512/0x640
[ 1538.576858][T29110]  ? fs_reclaim_acquire+0xae/0x150
[ 1538.576873][T29110]  should_failslab+0xc2/0x120
[ 1538.576888][T29110]  __kmalloc_noprof+0xdd/0x880
[ 1538.576905][T29110]  ? tomoyo_encode2+0x100/0x3e0
[ 1538.576924][T29110]  ? tomoyo_encode2+0x100/0x3e0
[ 1538.576940][T29110]  tomoyo_encode2+0x100/0x3e0
[ 1538.576958][T29110]  tomoyo_encode+0x29/0x50
[ 1538.576974][T29110]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1538.576992][T29110]  ? tomoyo_profile+0x47/0x60
[ 1538.577005][T29110]  tomoyo_path_number_perm+0x245/0x580
[ 1538.577019][T29110]  ? tomoyo_path_number_perm+0x237/0x580
[ 1538.577039][T29110]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1538.577055][T29110]  ? find_held_lock+0x2b/0x80
[ 1538.577083][T29110]  ? find_held_lock+0x2b/0x80
[ 1538.577098][T29110]  ? hook_file_ioctl_common+0x145/0x410
[ 1538.577112][T29110]  ? __fget_files+0x20e/0x3c0
[ 1538.577127][T29110]  security_file_ioctl+0x9b/0x240
[ 1538.577145][T29110]  __x64_sys_ioctl+0xb7/0x210
[ 1538.577163][T29110]  do_syscall_64+0xcd/0x4e0
[ 1538.577180][T29110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.577192][T29110] RIP: 0033:0x7f518eb8eec9
[ 1538.577201][T29110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1538.577213][T29110] RSP: 002b:00007f518fb11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1538.577223][T29110] RAX: ffffffffffffffda RBX: 00007f518ede5fa0 RCX: 00007f518eb8eec9
[ 1538.577231][T29110] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1538.577237][T29110] RBP: 00007f518fb11090 R08: 0000000000000000 R09: 0000000000000000
[ 1538.577244][T29110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1538.577250][T29110] R13: 00007f518ede6038 R14: 00007f518ede5fa0 R15: 00007fff30415ae8
[ 1538.577264][T29110]  </TASK>
[ 1538.577275][T29110] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1539.020448][T29121] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7274'.
[ 1539.497591][T29121] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7274'.
[ 1539.506586][T29121] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7274'.
[ 1539.996868][T14817] usb 2-1: new full-speed USB device number 107 using dummy_hcd
[ 1540.260188][T14817] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[ 1540.268895][T14817] usb 2-1: config 1 has no interface number 0
[ 1540.301901][T14817] usb 2-1: config 1 interface 105 has no altsetting 0
[ 1540.345797][T14817] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[ 1540.468083][T14817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1540.928630][T14817] usb 2-1: Product: syz
[ 1540.932828][T14817] usb 2-1: Manufacturer: syz
[ 1540.939206][T14817] usb 2-1: SerialNumber: syz
[ 1541.020252][T29138] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7278'.
[ 1541.493944][T29144] netlink: 277 bytes leftover after parsing attributes in process `syz.2.7279'.
[ 1542.136172][T14817] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[ 1542.400077][T14817] aqc111 2-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 2a:7c:73:63:b4:eb
[ 1542.508852][T29138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7278'.
[ 1542.517967][T29138] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7278'.
[ 1542.865905][T29153] netlink: 104 bytes leftover after parsing attributes in process `syz.2.7281'.
[ 1542.937353][T26485] block nbd0: Possible stuck request ffff888025d05080: control (read@0,1024B). Runtime 750 seconds
[ 1542.948807][T26485] block nbd0: Possible stuck request ffff888025d05240: control (read@1024,1024B). Runtime 750 seconds
[ 1542.960066][T26485] block nbd0: Possible stuck request ffff888025d05400: control (read@2048,1024B). Runtime 750 seconds
[ 1542.971404][T26485] block nbd0: Possible stuck request ffff888025d055c0: control (read@3072,1024B). Runtime 750 seconds
[ 1543.529928][T29161] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7284'.
[ 1543.901784][    T9] usb 2-1: USB disconnect, device number 107
[ 1543.926002][    T9] aqc111 2-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[ 1544.139454][T29173] FAULT_INJECTION: forcing a failure.
[ 1544.139454][T29173] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1544.214949][T29173] CPU: 1 UID: 0 PID: 29173 Comm: syz.2.7288 Not tainted syzkaller #0 PREEMPT(full) 
[ 1544.214975][T29173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1544.214985][T29173] Call Trace:
[ 1544.214991][T29173]  <TASK>
[ 1544.214999][T29173]  dump_stack_lvl+0x16c/0x1f0
[ 1544.215033][T29173]  should_fail_ex+0x512/0x640
[ 1544.215060][T29173]  _copy_from_user+0x2e/0xd0
[ 1544.215079][T29173]  move_addr_to_kernel+0x65/0x170
[ 1544.215094][T29173]  __copy_msghdr+0x386/0x470
[ 1544.215110][T29173]  copy_msghdr_from_user+0xc1/0x160
[ 1544.215125][T29173]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1544.215144][T29173]  ? __pfx__kstrtoull+0x10/0x10
[ 1544.215160][T29173]  ___sys_sendmsg+0xfe/0x1d0
[ 1544.215176][T29173]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1544.215203][T29173]  ? find_held_lock+0x2b/0x80
[ 1544.215229][T29173]  __sys_sendmmsg+0x200/0x420
[ 1544.215246][T29173]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1544.215266][T29173]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1544.215289][T29173]  ? fput+0x9b/0xd0
[ 1544.215304][T29173]  ? ksys_write+0x1ac/0x250
[ 1544.215315][T29173]  ? __pfx_ksys_write+0x10/0x10
[ 1544.215329][T29173]  __x64_sys_sendmmsg+0x9c/0x100
[ 1544.215344][T29173]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1544.215359][T29173]  do_syscall_64+0xcd/0x4e0
[ 1544.215377][T29173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1544.215388][T29173] RIP: 0033:0x7f9f7b58eec9
[ 1544.215398][T29173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1544.215408][T29173] RSP: 002b:00007f9f797ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1544.215420][T29173] RAX: ffffffffffffffda RBX: 00007f9f7b7e5fa0 RCX: 00007f9f7b58eec9
[ 1544.215427][T29173] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000003
[ 1544.215433][T29173] RBP: 00007f9f797ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1544.215440][T29173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1544.215446][T29173] R13: 00007f9f7b7e6038 R14: 00007f9f7b7e5fa0 R15: 00007ffc415cfa38
[ 1544.215460][T29173]  </TASK>
[ 1545.407199][ T5823] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[ 1545.418383][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[ 1545.418402][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1545.418414][ T5823] Workqueue: hci3 hci_rx_work
[ 1545.418443][ T5823] Call Trace:
[ 1545.418450][ T5823]  <TASK>
[ 1545.418459][ T5823]  dump_stack_lvl+0x16c/0x1f0
[ 1545.418488][ T5823]  sysfs_warn_dup+0x7f/0xa0
[ 1545.418508][ T5823]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1545.418523][ T5823]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1545.418538][ T5823]  ? find_held_lock+0x2b/0x80
[ 1545.418558][ T5823]  ? do_raw_spin_unlock+0x172/0x230
[ 1545.418575][ T5823]  kobject_add_internal+0x2c4/0x9b0
[ 1545.418590][ T5823]  kobject_add+0x16e/0x240
[ 1545.418602][ T5823]  ? __pfx_kobject_add+0x10/0x10
[ 1545.418613][ T5823]  ? do_raw_spin_unlock+0x172/0x230
[ 1545.418628][ T5823]  ? kobject_put+0xab/0x5a0
[ 1545.418649][ T5823]  device_add+0x288/0x1aa0
[ 1545.418664][ T5823]  ? __pfx_dev_set_name+0x10/0x10
[ 1545.418679][ T5823]  ? __pfx_device_add+0x10/0x10
[ 1545.418693][ T5823]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1545.418713][ T5823]  hci_conn_add_sysfs+0x17e/0x230
[ 1545.418730][ T5823]  le_conn_complete_evt+0x1260/0x2150
[ 1545.418749][ T5823]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1545.418764][ T5823]  ? hci_event_packet+0x459/0x11c0
[ 1545.418784][ T5823]  hci_le_conn_complete_evt+0x23c/0x370
[ 1545.418803][ T5823]  hci_le_meta_evt+0x354/0x5e0
[ 1545.418819][ T5823]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1545.418836][ T5823]  hci_event_packet+0x682/0x11c0
[ 1545.418851][ T5823]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1545.418867][ T5823]  ? __pfx_hci_event_packet+0x10/0x10
[ 1545.418884][ T5823]  ? kcov_remote_start+0x3c9/0x6d0
[ 1545.418899][ T5823]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1545.418918][ T5823]  hci_rx_work+0x2c5/0x16b0
[ 1545.418936][ T5823]  ? rcu_is_watching+0x12/0xc0
[ 1545.418955][ T5823]  process_one_work+0x9cf/0x1b70
[ 1545.418975][ T5823]  ? __pfx_process_one_work+0x10/0x10
[ 1545.418994][ T5823]  ? assign_work+0x1a0/0x250
[ 1545.419008][ T5823]  worker_thread+0x6c8/0xf10
[ 1545.419028][ T5823]  ? __pfx_worker_thread+0x10/0x10
[ 1545.419042][ T5823]  kthread+0x3c2/0x780
[ 1545.419056][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1545.419069][ T5823]  ? rcu_is_watching+0x12/0xc0
[ 1545.419085][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1545.419098][ T5823]  ret_from_fork+0x56a/0x730
[ 1545.419110][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1545.419123][ T5823]  ret_from_fork_asm+0x1a/0x30
[ 1545.419145][ T5823]  </TASK>
[ 1545.419160][ T5823] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1545.672761][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.679313][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[ 1545.689587][ T5823] Bluetooth: hci3: failed to register connection device
[ 1545.766890][    T9] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[ 1545.776973][    T9] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[ 1545.870405][    T9] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[ 1545.970494][T29189] FAULT_INJECTION: forcing a failure.
[ 1545.970494][T29189] name failslab, interval 1, probability 0, space 0, times 0
[ 1546.071242][T29189] CPU: 1 UID: 0 PID: 29189 Comm: syz.4.7292 Not tainted syzkaller #0 PREEMPT(full) 
[ 1546.071260][T29189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1546.071266][T29189] Call Trace:
[ 1546.071270][T29189]  <TASK>
[ 1546.071275][T29189]  dump_stack_lvl+0x16c/0x1f0
[ 1546.071295][T29189]  should_fail_ex+0x512/0x640
[ 1546.071312][T29189]  ? fs_reclaim_acquire+0xae/0x150
[ 1546.071328][T29189]  should_failslab+0xc2/0x120
[ 1546.071342][T29189]  __kmalloc_noprof+0xdd/0x880
[ 1546.071359][T29189]  ? tomoyo_encode2+0x100/0x3e0
[ 1546.071378][T29189]  ? tomoyo_encode2+0x100/0x3e0
[ 1546.071394][T29189]  tomoyo_encode2+0x100/0x3e0
[ 1546.071412][T29189]  tomoyo_encode+0x29/0x50
[ 1546.071428][T29189]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1546.071446][T29189]  ? tomoyo_profile+0x47/0x60
[ 1546.071459][T29189]  tomoyo_path_number_perm+0x245/0x580
[ 1546.071473][T29189]  ? tomoyo_path_number_perm+0x237/0x580
[ 1546.071488][T29189]  ? io_schedule_timeout+0x144/0x150
[ 1546.071502][T29189]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1546.071529][T29189]  ? hook_file_ioctl_common+0x36/0x410
[ 1546.071541][T29189]  ? hook_file_ioctl_common+0x66/0x410
[ 1546.071553][T29189]  ? hook_file_ioctl_common+0x145/0x410
[ 1546.071567][T29189]  ? __fget_files+0x20e/0x3c0
[ 1546.071582][T29189]  security_file_ioctl+0x9b/0x240
[ 1546.071600][T29189]  __x64_sys_ioctl+0xb7/0x210
[ 1546.071618][T29189]  do_syscall_64+0xcd/0x4e0
[ 1546.071635][T29189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1546.071647][T29189] RIP: 0033:0x7f5d79f8eec9
[ 1546.071656][T29189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1546.071667][T29189] RSP: 002b:00007f5d7ae3e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1546.071677][T29189] RAX: ffffffffffffffda RBX: 00007f5d7a1e5fa0 RCX: 00007f5d79f8eec9
[ 1546.071684][T29189] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1546.071691][T29189] RBP: 00007f5d7ae3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1546.071697][T29189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1546.071704][T29189] R13: 00007f5d7a1e6038 R14: 00007f5d7a1e5fa0 R15: 00007ffe66188438
[ 1546.071717][T29189]  </TASK>
[ 1546.071728][T29189] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1546.730567][T29195] FAULT_INJECTION: forcing a failure.
[ 1546.730567][T29195] name failslab, interval 1, probability 0, space 0, times 0
[ 1546.793207][T29195] CPU: 1 UID: 0 PID: 29195 Comm: syz.4.7293 Not tainted syzkaller #0 PREEMPT(full) 
[ 1546.793231][T29195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1546.793242][T29195] Call Trace:
[ 1546.793248][T29195]  <TASK>
[ 1546.793255][T29195]  dump_stack_lvl+0x16c/0x1f0
[ 1546.793285][T29195]  should_fail_ex+0x512/0x640
[ 1546.793311][T29195]  ? __kmalloc_cache_noprof+0x5f/0x780
[ 1546.793341][T29195]  should_failslab+0xc2/0x120
[ 1546.793364][T29195]  __kmalloc_cache_noprof+0x72/0x780
[ 1546.793391][T29195]  ? tcp_sendmsg_fastopen+0x24d/0x750
[ 1546.793418][T29195]  ? tcp_sendmsg_fastopen+0x24d/0x750
[ 1546.793438][T29195]  tcp_sendmsg_fastopen+0x24d/0x750
[ 1546.793465][T29195]  tcp_sendmsg_locked+0x2438/0x42e0
[ 1546.793487][T29195]  ? avc_has_perm+0x144/0x1f0
[ 1546.793509][T29195]  ? __lock_acquire+0xb97/0x1ce0
[ 1546.793538][T29195]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1546.793561][T29195]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1546.793584][T29195]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1546.793613][T29195]  ? __local_bh_enable_ip+0xa4/0x120
[ 1546.793642][T29195]  tcp_sendmsg+0x2e/0x50
[ 1546.793660][T29195]  ? __pfx_tcp_sendmsg+0x10/0x10
[ 1546.793679][T29195]  inet6_sendmsg+0xb9/0x140
[ 1546.793700][T29195]  __sys_sendto+0x376/0x520
[ 1546.793724][T29195]  ? __pfx___sys_sendto+0x10/0x10
[ 1546.793770][T29195]  ? ksys_write+0x1ac/0x250
[ 1546.793787][T29195]  ? __pfx_ksys_write+0x10/0x10
[ 1546.793810][T29195]  __x64_sys_sendto+0xe0/0x1c0
[ 1546.793832][T29195]  ? do_syscall_64+0x91/0x4e0
[ 1546.793856][T29195]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1546.793882][T29195]  do_syscall_64+0xcd/0x4e0
[ 1546.793909][T29195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1546.793927][T29195] RIP: 0033:0x7f5d79f8eec9
[ 1546.793942][T29195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1546.793959][T29195] RSP: 002b:00007f5d7ae3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1546.793976][T29195] RAX: ffffffffffffffda RBX: 00007f5d7a1e5fa0 RCX: 00007f5d79f8eec9
[ 1546.793988][T29195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[ 1546.793998][T29195] RBP: 00007f5d7ae3e090 R08: 0000200000000040 R09: 000000000000001c
[ 1546.794009][T29195] R10: 0000000020000004 R11: 0000000000000246 R12: 0000000000000001
[ 1546.794019][T29195] R13: 00007f5d7a1e6038 R14: 00007f5d7a1e5fa0 R15: 00007ffe66188438
[ 1546.794049][T29195]  </TASK>
[ 1547.336316][T29208] netlink: 104 bytes leftover after parsing attributes in process `syz.5.7295'.
[ 1547.391935][T29206] FAULT_INJECTION: forcing a failure.
[ 1547.391935][T29206] name failslab, interval 1, probability 0, space 0, times 0
[ 1547.406829][T29213] FAULT_INJECTION: forcing a failure.
[ 1547.406829][T29213] name failslab, interval 1, probability 0, space 0, times 0
[ 1547.426949][T29213] CPU: 1 UID: 0 PID: 29213 Comm: syz.2.7299 Not tainted syzkaller #0 PREEMPT(full) 
[ 1547.426975][T29213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1547.426986][T29213] Call Trace:
[ 1547.426993][T29213]  <TASK>
[ 1547.427001][T29213]  dump_stack_lvl+0x16c/0x1f0
[ 1547.427031][T29213]  should_fail_ex+0x512/0x640
[ 1547.427055][T29213]  ? fs_reclaim_acquire+0xae/0x150
[ 1547.427080][T29213]  should_failslab+0xc2/0x120
[ 1547.427102][T29213]  __kmalloc_noprof+0xdd/0x880
[ 1547.427129][T29213]  ? tomoyo_encode2+0x100/0x3e0
[ 1547.427160][T29213]  ? tomoyo_encode2+0x100/0x3e0
[ 1547.427190][T29213]  tomoyo_encode2+0x100/0x3e0
[ 1547.427219][T29213]  tomoyo_encode+0x29/0x50
[ 1547.427243][T29213]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1547.427276][T29213]  tomoyo_path_number_perm+0x245/0x580
[ 1547.427298][T29213]  ? tomoyo_path_number_perm+0x237/0x580
[ 1547.427323][T29213]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1547.427348][T29213]  ? find_held_lock+0x2b/0x80
[ 1547.427396][T29213]  ? find_held_lock+0x2b/0x80
[ 1547.427419][T29213]  ? hook_file_ioctl_common+0x145/0x410
[ 1547.427443][T29213]  ? __fget_files+0x20e/0x3c0
[ 1547.427468][T29213]  security_file_ioctl+0x9b/0x240
[ 1547.427495][T29213]  __x64_sys_ioctl+0xb7/0x210
[ 1547.427523][T29213]  do_syscall_64+0xcd/0x4e0
[ 1547.427550][T29213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1547.427568][T29213] RIP: 0033:0x7f9f7b58eec9
[ 1547.427584][T29213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1547.427600][T29213] RSP: 002b:00007f9f797ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1547.427617][T29213] RAX: ffffffffffffffda RBX: 00007f9f7b7e5fa0 RCX: 00007f9f7b58eec9
[ 1547.427628][T29213] RDX: 000000000000000a RSI: 000000000000ae03 RDI: 0000000000000003
[ 1547.427639][T29213] RBP: 00007f9f797ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1547.427649][T29213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1547.427659][T29213] R13: 00007f9f7b7e6038 R14: 00007f9f7b7e5fa0 R15: 00007ffc415cfa38
[ 1547.427683][T29213]  </TASK>
[ 1547.427700][T29213] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1547.430975][T29206] CPU: 0 UID: 0 PID: 29206 Comm: syz.1.7298 Not tainted syzkaller #0 PREEMPT(full) 
[ 1547.431000][T29206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1547.431009][T29206] Call Trace:
[ 1547.431015][T29206]  <TASK>
[ 1547.431021][T29206]  dump_stack_lvl+0x16c/0x1f0
[ 1547.431047][T29206]  should_fail_ex+0x512/0x640
[ 1547.431069][T29206]  ? fs_reclaim_acquire+0xae/0x150
[ 1547.431090][T29206]  should_failslab+0xc2/0x120
[ 1547.431109][T29206]  __kmalloc_noprof+0xdd/0x880
[ 1547.431132][T29206]  ? tomoyo_encode2+0x100/0x3e0
[ 1547.431159][T29206]  ? tomoyo_encode2+0x100/0x3e0
[ 1547.431181][T29206]  tomoyo_encode2+0x100/0x3e0
[ 1547.431206][T29206]  tomoyo_encode+0x29/0x50
[ 1547.431227][T29206]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1547.431258][T29206]  tomoyo_path_number_perm+0x245/0x580
[ 1547.431277][T29206]  ? tomoyo_path_number_perm+0x237/0x580
[ 1547.431299][T29206]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1547.431321][T29206]  ? find_held_lock+0x2b/0x80
[ 1547.431363][T29206]  ? find_held_lock+0x2b/0x80
[ 1547.431384][T29206]  ? hook_file_ioctl_common+0x145/0x410
[ 1547.431405][T29206]  ? __fget_files+0x20e/0x3c0
[ 1547.431426][T29206]  security_file_ioctl+0x9b/0x240
[ 1547.431450][T29206]  __x64_sys_ioctl+0xb7/0x210
[ 1547.431475][T29206]  do_syscall_64+0xcd/0x4e0
[ 1547.431499][T29206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1547.431515][T29206] RIP: 0033:0x7f518eb8eec9
[ 1547.431528][T29206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1547.431542][T29206] RSP: 002b:00007f518fb11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1547.431557][T29206] RAX: ffffffffffffffda RBX: 00007f518ede5fa0 RCX: 00007f518eb8eec9
[ 1547.431567][T29206] RDX: 000000000000000e RSI: 0000000000005607 RDI: 0000000000000003
[ 1547.431577][T29206] RBP: 00007f518fb11090 R08: 0000000000000000 R09: 0000000000000000
[ 1547.431586][T29206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1547.431594][T29206] R13: 00007f518ede6038 R14: 00007f518ede5fa0 R15: 00007fff30415ae8
[ 1547.431616][T29206]  </TASK>
[ 1547.431630][T29206] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1547.816872][ T5823] Bluetooth: hci3: command tx timeout
[ 1548.090216][T29222] netlink: 277 bytes leftover after parsing attributes in process `syz.0.7297'.
[ 1548.635254][   T30] audit: type=1400 audit(1759540841.001:1705): avc:  denied  { open } for  pid=29231 comm="syz.4.7305" path="/dev/ttyqd" dev="devtmpfs" ino=387 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[ 1548.916807][   T30] audit: type=1400 audit(1759540841.131:1706): avc:  denied  { write } for  pid=29224 comm="syz.0.7303" path="socket:[131595]" dev="sockfs" ino=131595 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1549.026696][T15879] usb 2-1: new full-speed USB device number 108 using dummy_hcd
[ 1549.036607][T14817] usb 5-1: new high-speed USB device number 125 using dummy_hcd
[ 1549.227059][T15879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1549.266614][T14817] usb 5-1: Using ep0 maxpacket: 16
[ 1549.273084][T14817] usb 5-1: config 0 has no interfaces?
[ 1549.408561][T14817] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1549.417738][T14817] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1549.418602][T15879] usb 2-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[ 1549.426248][T14817] usb 5-1: Manufacturer: syz
[ 1549.447564][T14817] usb 5-1: config 0 descriptor??
[ 1549.480671][T15879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1549.511680][T15879] usb 2-1: config 0 descriptor??
[ 1549.567108][T29234] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1549.662712][T29232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1549.671360][T29232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1549.739329][T14817] usb 5-1: USB disconnect, device number 125
[ 1549.983441][T29234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1549.995787][T29234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1550.012555][T29234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1550.022268][T29234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1550.033619][T15879] usbhid 2-1:0.0: can't add hid device: -71
[ 1550.039685][T15879] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1550.050961][T15879] usb 2-1: USB disconnect, device number 108
[ 1551.525263][T29259] netlink: 'syz.4.7313': attribute type 74 has an invalid length.
[ 1551.957987][T29270] FAULT_INJECTION: forcing a failure.
[ 1551.957987][T29270] name failslab, interval 1, probability 0, space 0, times 0
[ 1551.971052][T29270] CPU: 0 UID: 0 PID: 29270 Comm: syz.4.7316 Not tainted syzkaller #0 PREEMPT(full) 
[ 1551.971078][T29270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1551.971088][T29270] Call Trace:
[ 1551.971095][T29270]  <TASK>
[ 1551.971102][T29270]  dump_stack_lvl+0x16c/0x1f0
[ 1551.971133][T29270]  should_fail_ex+0x512/0x640
[ 1551.971198][T29270]  ? fs_reclaim_acquire+0xae/0x150
[ 1551.971231][T29270]  should_failslab+0xc2/0x120
[ 1551.971256][T29270]  __kmalloc_noprof+0xdd/0x880
[ 1551.971283][T29270]  ? tomoyo_encode2+0x100/0x3e0
[ 1551.971313][T29270]  ? tomoyo_encode2+0x100/0x3e0
[ 1551.971338][T29270]  tomoyo_encode2+0x100/0x3e0
[ 1551.971367][T29270]  tomoyo_encode+0x29/0x50
[ 1551.971392][T29270]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1551.971427][T29270]  tomoyo_path_number_perm+0x245/0x580
[ 1551.971449][T29270]  ? tomoyo_path_number_perm+0x237/0x580
[ 1551.971474][T29270]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1551.971524][T29270]  ? find_held_lock+0x2b/0x80
[ 1551.971549][T29270]  ? hook_file_ioctl_common+0x145/0x410
[ 1551.971573][T29270]  ? __fget_files+0x20e/0x3c0
[ 1551.971598][T29270]  security_file_ioctl+0x9b/0x240
[ 1551.971626][T29270]  __x64_sys_ioctl+0xb7/0x210
[ 1551.971656][T29270]  do_syscall_64+0xcd/0x4e0
[ 1551.971684][T29270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1551.971702][T29270] RIP: 0033:0x7f5d79f8eacb
[ 1551.971719][T29270] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 1551.971736][T29270] RSP: 002b:00007f5d7ae1cf20 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1551.971754][T29270] RAX: ffffffffffffffda RBX: 00007f5d7a1e6090 RCX: 00007f5d79f8eacb
[ 1551.971766][T29270] RDX: 00007f5d7ae1cf9c RSI: 0000000080045430 RDI: 0000000000000003
[ 1551.971777][T29270] RBP: 00007f5d7ae1d090 R08: 0000000000000000 R09: 0000000000000000
[ 1551.971788][T29270] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[ 1551.971799][T29270] R13: 00007f5d7a1e6128 R14: 00007f5d7a1e6090 R15: 00007ffe66188438
[ 1551.971824][T29270]  </TASK>
[ 1551.971947][T29270] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1552.188010][T29263] netlink: 277 bytes leftover after parsing attributes in process `syz.5.7314'.
[ 1552.939143][T29291] netlink: 'syz.5.7322': attribute type 1 has an invalid length.
[ 1553.093331][T18949] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[ 1553.197384][T29292] vlan2: entered allmulticast mode
[ 1553.202620][T29292] veth1: entered allmulticast mode
[ 1553.308060][T18949] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1553.319649][T18949] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1553.330130][T18949] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1553.339935][T18949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1553.355411][T29282] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1553.392716][T18949] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1553.618045][T18949] usb 5-1: USB disconnect, device number 126
[ 1554.485669][T29309] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1664) !
[ 1555.518009][T29317] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7328'.
[ 1555.820771][T29322] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7331'.
[ 1556.071643][T29324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7331'.
[ 1556.080669][T29324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7331'.
[ 1556.962893][T29330] netlink: 277 bytes leftover after parsing attributes in process `syz.5.7332'.
[ 1557.326481][T29331] netlink: 164 bytes leftover after parsing attributes in process `syz.2.7330'.
[ 1557.460091][T29337] netlink: 164 bytes leftover after parsing attributes in process `syz.4.7334'.
[ 1558.371692][T29349] netlink: 164 bytes leftover after parsing attributes in process `syz.0.7335'.
[ 1558.469610][T29352] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[ 1559.985611][T29362] bridge_slave_0: left allmulticast mode
[ 1559.991416][T29362] bridge_slave_0: left promiscuous mode
[ 1559.997732][T29362] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1560.014111][T29362] bridge_slave_1: left allmulticast mode
[ 1560.019831][T29362] bridge_slave_1: left promiscuous mode
[ 1560.025844][T29362] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1560.043665][T29362] bond0: (slave bond_slave_0): Releasing backup interface
[ 1560.873399][T29362] bond_slave_0: left promiscuous mode
[ 1560.926571][   T30] audit: type=1400 audit(1759540852.321:1707): avc:  denied  { ioctl } for  pid=29359 comm="syz.4.7340" path="socket:[131941]" dev="sockfs" ino=131941 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1561.028762][T29362] bond0: (slave bond_slave_1): Releasing backup interface
[ 1561.066670][   T30] audit: type=1400 audit(1759540852.431:1708): avc:  denied  { read } for  pid=29359 comm="syz.4.7340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1561.127703][T29361] netlink: 164 bytes leftover after parsing attributes in process `syz.5.7339'.
[ 1561.139968][T29362] bond_slave_1: left promiscuous mode
[ 1561.226167][T29362] team0: Port device team_slave_0 removed
[ 1561.257499][T29362] team0: Port device team_slave_1 removed
[ 1561.263694][T29362] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1561.278220][T29362] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1561.406757][T29362] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1561.414206][T29362] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1561.529292][T29362] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1562.360323][T29393] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7350'.
[ 1563.194423][T29409] netlink: 'syz.2.7347': attribute type 30 has an invalid length.
[ 1563.603056][T29418] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7357'.
[ 1566.557342][   T30] audit: type=1400 audit(1759540858.901:1709): avc:  denied  { watch watch_reads } for  pid=29448 comm="syz.1.7366" path="/281" dev="tmpfs" ino=1584 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1566.712845][   T30] audit: type=1804 audit(1759540858.921:1710): pid=29452 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.7366" name="/newroot/281/bus" dev="tmpfs" ino=1589 res=1 errno=0
[ 1567.526271][T29465] netlink: 20 bytes leftover after parsing attributes in process `syz.5.7369'.
[ 1567.816603][    T9] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1568.255126][T29470] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7369'.
[ 1568.264196][T29470] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7369'.
[ 1568.612627][    T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1568.623956][    T9] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1568.633855][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1568.646592][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1568.661503][T29460] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1568.670453][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1569.096661][T14787] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[ 1569.346631][T14787] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1569.369936][    T9] usb 3-1: USB disconnect, device number 97
[ 1569.398399][T14787] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1569.460931][T14787] usb 5-1: Product: syz
[ 1569.465111][T14787] usb 5-1: Manufacturer: syz
[ 1569.513304][T14787] usb 5-1: SerialNumber: syz
[ 1569.584967][T14787] usb 5-1: config 0 descriptor??
[ 1569.831816][T14787] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 127
[ 1569.924087][   T30] audit: type=1400 audit(1759540862.291:1711): avc:  denied  { write } for  pid=29489 comm="syz.2.7376" name="nvram" dev="devtmpfs" ino=622 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1570.545731][T14787]  (null): failure reading functionality
[ 1570.551510][   T30] audit: type=1400 audit(1759540862.531:1712): avc:  denied  { create } for  pid=29496 comm="syz.0.7377" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1570.575148][T14787] i2c i2c-1: connected i2c-tiny-usb device
[ 1570.778810][T14817] usb 5-1: USB disconnect, device number 127
[ 1570.912168][   T30] audit: type=1400 audit(1759540863.181:1713): avc:  denied  { unlink } for  pid=24797 comm="syz-executor" name="file0" dev="tmpfs" ino=1355 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1572.076795][T18949] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[ 1572.811100][T18949] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1572.836033][T18949] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1572.880030][T18949] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1572.963923][   T30] audit: type=1400 audit(1759540865.331:1714): avc:  denied  { setopt } for  pid=29531 comm="syz.5.7387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1572.985432][T18949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1573.091543][T24581] block nbd0: Possible stuck request ffff888025d05080: control (read@0,1024B). Runtime 780 seconds
[ 1573.103057][T24581] block nbd0: Possible stuck request ffff888025d05240: control (read@1024,1024B). Runtime 780 seconds
[ 1573.114066][T24581] block nbd0: Possible stuck request ffff888025d05400: control (read@2048,1024B). Runtime 780 seconds
[ 1573.125063][T24581] block nbd0: Possible stuck request ffff888025d055c0: control (read@3072,1024B). Runtime 780 seconds
[ 1573.150164][T29511] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1573.161364][T18949] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1573.452332][   T30] audit: type=1400 audit(1759540865.641:1715): avc:  denied  { execute_no_trans } for  pid=29534 comm="syz.4.7385" path="/201/file0" dev="tmpfs" ino=1098 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1574.542194][   T30] audit: type=1804 audit(1759540866.911:1716): pid=29557 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.7393" name="/newroot/282/bus" dev="tmpfs" ino=1595 res=1 errno=0
[ 1574.594058][T29551] netlink: 104 bytes leftover after parsing attributes in process `syz.4.7391'.
[ 1575.284259][T14787] usb 3-1: USB disconnect, device number 98
[ 1576.428114][T29580] netlink: 164 bytes leftover after parsing attributes in process `syz.2.7396'.
[ 1578.426583][   T30] audit: type=1400 audit(1759540870.781:1717): avc:  denied  { mounton } for  pid=29591 comm="syz.4.7401" path="/205/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[ 1579.255796][   T30] audit: type=1400 audit(1759540871.061:1718): avc:  denied  { shutdown } for  pid=29600 comm="syz.2.7405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1580.688622][T29636] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7416'.
[ 1580.702442][T29636] tipc: Started in network mode
[ 1580.707421][T29636] tipc: Node identity 66de012b37d1, cluster identity 4711
[ 1580.715144][T29636] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1580.724819][T29636] syzkaller0: entered promiscuous mode
[ 1580.733446][T29636] syzkaller0: entered allmulticast mode
[ 1581.293212][T29633] tipc: Resetting bearer <eth:syzkaller0>
[ 1581.473668][T29633] tipc: Disabling bearer <eth:syzkaller0>
[ 1581.748532][T29649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7420'.
[ 1583.163630][T27458] usb 3-1: new low-speed USB device number 99 using dummy_hcd
[ 1583.377945][T27458] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1583.440201][T27458] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1583.461522][T27458] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1583.529955][T27458] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1583.736405][T27458] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1583.812887][T27458] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1583.844497][T27458] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1583.859955][T29665] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1583.869678][T27458] hub 3-1:1.0: bad descriptor, ignoring hub
[ 1583.875558][T27458] hub 3-1:1.0: probe with driver hub failed with error -5
[ 1583.902198][T27458] cdc_wdm 3-1:1.0: skipping garbage
[ 1583.922027][T27458] cdc_wdm 3-1:1.0: skipping garbage
[ 1583.940401][T27458] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1584.201774][T27458] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1584.487985][T29692] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7434'.
[ 1584.517547][T27458] usb 3-1: USB disconnect, device number 99
[ 1584.679317][   T30] audit: type=1400 audit(1759540877.051:1719): avc:  denied  { create } for  pid=29696 comm="syz.5.7436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1584.703682][   T30] audit: type=1400 audit(1759540877.081:1720): avc:  denied  { write } for  pid=29696 comm="syz.5.7436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[ 1584.819827][T29704] netlink: 68 bytes leftover after parsing attributes in process `syz.1.7437'.
[ 1585.178886][ T5823] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[ 1585.189868][ T5823] CPU: 1 UID: 0 PID: 5823 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[ 1585.189894][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1585.189907][ T5823] Workqueue: hci5 hci_rx_work
[ 1585.189938][ T5823] Call Trace:
[ 1585.189945][ T5823]  <TASK>
[ 1585.189952][ T5823]  dump_stack_lvl+0x16c/0x1f0
[ 1585.189981][ T5823]  sysfs_warn_dup+0x7f/0xa0
[ 1585.190008][ T5823]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1585.190041][ T5823]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1585.190066][ T5823]  ? find_held_lock+0x2b/0x80
[ 1585.190099][ T5823]  ? do_raw_spin_unlock+0x172/0x230
[ 1585.190123][ T5823]  kobject_add_internal+0x2c4/0x9b0
[ 1585.190145][ T5823]  kobject_add+0x16e/0x240
[ 1585.190161][ T5823]  ? __pfx_kobject_add+0x10/0x10
[ 1585.190178][ T5823]  ? do_raw_spin_unlock+0x172/0x230
[ 1585.190202][ T5823]  ? kobject_put+0xab/0x5a0
[ 1585.190236][ T5823]  device_add+0x288/0x1aa0
[ 1585.190261][ T5823]  ? __pfx_dev_set_name+0x10/0x10
[ 1585.190286][ T5823]  ? __pfx_device_add+0x10/0x10
[ 1585.190309][ T5823]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1585.190342][ T5823]  hci_conn_add_sysfs+0x17e/0x230
[ 1585.190371][ T5823]  le_conn_complete_evt+0x1260/0x2150
[ 1585.190403][ T5823]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1585.190427][ T5823]  ? hci_event_packet+0x459/0x11c0
[ 1585.190456][ T5823]  hci_le_conn_complete_evt+0x23c/0x370
[ 1585.190488][ T5823]  hci_le_meta_evt+0x354/0x5e0
[ 1585.190514][ T5823]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1585.190541][ T5823]  hci_event_packet+0x682/0x11c0
[ 1585.190565][ T5823]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1585.190593][ T5823]  ? __pfx_hci_event_packet+0x10/0x10
[ 1585.190620][ T5823]  ? kcov_remote_start+0x3c9/0x6d0
[ 1585.190645][ T5823]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1585.190677][ T5823]  hci_rx_work+0x2c5/0x16b0
[ 1585.190715][ T5823]  ? rcu_is_watching+0x12/0xc0
[ 1585.190748][ T5823]  process_one_work+0x9cf/0x1b70
[ 1585.190783][ T5823]  ? __pfx_process_one_work+0x10/0x10
[ 1585.190814][ T5823]  ? assign_work+0x1a0/0x250
[ 1585.190842][ T5823]  worker_thread+0x6c8/0xf10
[ 1585.190876][ T5823]  ? __pfx_worker_thread+0x10/0x10
[ 1585.190899][ T5823]  kthread+0x3c2/0x780
[ 1585.190921][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1585.190944][ T5823]  ? rcu_is_watching+0x12/0xc0
[ 1585.190971][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1585.190993][ T5823]  ret_from_fork+0x56a/0x730
[ 1585.191012][ T5823]  ? __pfx_kthread+0x10/0x10
[ 1585.191039][ T5823]  ret_from_fork_asm+0x1a/0x30
[ 1585.191076][ T5823]  </TASK>
[ 1585.191134][ T5823] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1585.201809][T29706] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1585.493332][ T5823] Bluetooth: hci5: failed to register connection device
[ 1585.837867][T29717] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7440'.
[ 1585.868079][T14787] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1586.239007][T14787] usb 6-1: device descriptor read/64, error -71
[ 1586.339086][T29724] netlink: 68 bytes leftover after parsing attributes in process `syz.2.7442'.
[ 1586.356688][T29724] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7442'.
[ 1586.978848][T29717] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7440'.
[ 1586.987848][T29717] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7440'.
[ 1587.071439][T14787] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1587.534405][T14787] usb 6-1: device descriptor read/64, error -71
[ 1587.592739][T24799] Bluetooth: hci5: command 0x0406 tx timeout
[ 1587.600931][T29733] Invalid source name
[ 1587.604921][T29733] UBIFS error (pid: 29733): cannot open "./file0", error -22
[ 1587.620148][   T30] audit: type=1400 audit(1759540879.981:1721): avc:  denied  { mounton } for  pid=29730 comm="syz.2.7444" path="/325/file0" dev="tmpfs" ino=1766 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1587.816685][T14787] usb usb6-port1: attempt power cycle
[ 1587.954320][   T30] audit: type=1400 audit(1759540880.311:1722): avc:  denied  { setopt } for  pid=29744 comm="syz.4.7448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1588.049667][T29750] FAULT_INJECTION: forcing a failure.
[ 1588.049667][T29750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1588.217205][T14787] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1588.236753][T29750] CPU: 0 UID: 0 PID: 29750 Comm: syz.0.7449 Not tainted syzkaller #0 PREEMPT(full) 
[ 1588.236787][T29750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1588.236797][T29750] Call Trace:
[ 1588.236803][T29750]  <TASK>
[ 1588.236811][T29750]  dump_stack_lvl+0x16c/0x1f0
[ 1588.236841][T29750]  should_fail_ex+0x512/0x640
[ 1588.236869][T29750]  _copy_from_user+0x2e/0xd0
[ 1588.236898][T29750]  sctp_getsockopt_peer_addr_info+0xc4/0x460
[ 1588.236920][T29750]  ? __pfx_sctp_getsockopt_peer_addr_info+0x10/0x10
[ 1588.236954][T29750]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1588.236975][T29750]  ? __local_bh_enable_ip+0xa4/0x120
[ 1588.237004][T29750]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1588.237020][T29750]  sctp_getsockopt+0x2c1f/0x6a40
[ 1588.237043][T29750]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1588.237064][T29750]  ? __pfx_sctp_getsockopt+0x10/0x10
[ 1588.237084][T29750]  ? avc_has_perm+0x144/0x1f0
[ 1588.237104][T29750]  ? __pfx_avc_has_perm+0x10/0x10
[ 1588.237126][T29750]  ? __lock_acquire+0xb97/0x1ce0
[ 1588.237151][T29750]  ? sock_has_perm+0x259/0x2f0
[ 1588.237181][T29750]  ? find_held_lock+0x2b/0x80
[ 1588.237205][T29750]  ? __might_fault+0xe3/0x190
[ 1588.237223][T29750]  ? __might_fault+0xe3/0x190
[ 1588.237239][T29750]  ? __might_fault+0x13b/0x190
[ 1588.237265][T29750]  ? __pfx_sock_common_getsockopt+0x10/0x10
[ 1588.237283][T29750]  do_sock_getsockopt+0x34a/0x440
[ 1588.237303][T29750]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1588.237320][T29750]  ? __fget_files+0x204/0x3c0
[ 1588.237354][T29750]  __sys_getsockopt+0x12f/0x260
[ 1588.237384][T29750]  __x64_sys_getsockopt+0xbd/0x160
[ 1588.237407][T29750]  ? do_syscall_64+0x91/0x4e0
[ 1588.237433][T29750]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1588.237457][T29750]  do_syscall_64+0xcd/0x4e0
[ 1588.237485][T29750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.237503][T29750] RIP: 0033:0x7f509938eec9
[ 1588.237519][T29750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1588.237537][T29750] RSP: 002b:00007f509a176038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1588.237556][T29750] RAX: ffffffffffffffda RBX: 00007f50995e6090 RCX: 00007f509938eec9
[ 1588.237569][T29750] RDX: 000000000000000f RSI: 0000000000000084 RDI: 0000000000000003
[ 1588.237580][T29750] RBP: 00007f509a176090 R08: 0000200000000140 R09: 0000000000000000
[ 1588.237591][T29750] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[ 1588.237602][T29750] R13: 00007f50995e6128 R14: 00007f50995e6090 R15: 00007ffc0cd3ff58
[ 1588.237628][T29750]  </TASK>
[ 1588.506630][T14787] usb 6-1: device descriptor read/8, error -71
[ 1588.637346][   T30] audit: type=1400 audit(1759540881.011:1723): avc:  denied  { append } for  pid=29753 comm="syz.2.7451" name="ptp0" dev="devtmpfs" ino=1264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1588.663740][T29754] FAULT_INJECTION: forcing a failure.
[ 1588.663740][T29754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1588.684222][T29754] CPU: 0 UID: 0 PID: 29754 Comm: syz.2.7451 Not tainted syzkaller #0 PREEMPT(full) 
[ 1588.684246][T29754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1588.684256][T29754] Call Trace:
[ 1588.684262][T29754]  <TASK>
[ 1588.684269][T29754]  dump_stack_lvl+0x16c/0x1f0
[ 1588.684299][T29754]  should_fail_ex+0x512/0x640
[ 1588.684328][T29754]  _copy_to_user+0x32/0xd0
[ 1588.684358][T29754]  simple_read_from_buffer+0xcb/0x170
[ 1588.684379][T29754]  proc_fail_nth_read+0x197/0x240
[ 1588.684403][T29754]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1588.684428][T29754]  ? rw_verify_area+0xcf/0x6c0
[ 1588.684455][T29754]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1588.684478][T29754]  vfs_read+0x1e1/0xcf0
[ 1588.684500][T29754]  ? __pfx___mutex_lock+0x10/0x10
[ 1588.684526][T29754]  ? __pfx_vfs_read+0x10/0x10
[ 1588.684552][T29754]  ? __fget_files+0x20e/0x3c0
[ 1588.684579][T29754]  ksys_read+0x12a/0x250
[ 1588.684597][T29754]  ? __pfx_ksys_read+0x10/0x10
[ 1588.684623][T29754]  do_syscall_64+0xcd/0x4e0
[ 1588.684652][T29754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1588.684670][T29754] RIP: 0033:0x7f9f7b58d8dc
[ 1588.684684][T29754] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1588.684701][T29754] RSP: 002b:00007f9f797ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1588.684718][T29754] RAX: ffffffffffffffda RBX: 00007f9f7b7e5fa0 RCX: 00007f9f7b58d8dc
[ 1588.684730][T29754] RDX: 000000000000000f RSI: 00007f9f797ee0a0 RDI: 0000000000000006
[ 1588.684741][T29754] RBP: 00007f9f797ee090 R08: 0000000000000000 R09: 0000000000000000
[ 1588.684751][T29754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1588.684761][T29754] R13: 00007f9f7b7e6038 R14: 00007f9f7b7e5fa0 R15: 00007ffc415cfa38
[ 1588.684794][T29754]  </TASK>
[ 1589.039965][T29764] FAULT_INJECTION: forcing a failure.
[ 1589.039965][T29764] name failslab, interval 1, probability 0, space 0, times 0
[ 1589.088887][T29764] CPU: 0 UID: 0 PID: 29764 Comm: syz.0.7455 Not tainted syzkaller #0 PREEMPT(full) 
[ 1589.088914][T29764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1589.088924][T29764] Call Trace:
[ 1589.088931][T29764]  <TASK>
[ 1589.088939][T29764]  dump_stack_lvl+0x16c/0x1f0
[ 1589.088970][T29764]  should_fail_ex+0x512/0x640
[ 1589.088995][T29764]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[ 1589.089016][T29764]  should_failslab+0xc2/0x120
[ 1589.089038][T29764]  kmem_cache_alloc_node_noprof+0x78/0x770
[ 1589.089055][T29764]  ? __alloc_skb+0x2b2/0x380
[ 1589.089083][T29764]  ? __alloc_skb+0x2b2/0x380
[ 1589.089105][T29764]  __alloc_skb+0x2b2/0x380
[ 1589.089128][T29764]  ? __pfx___alloc_skb+0x10/0x10
[ 1589.089153][T29764]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1589.089186][T29764]  netlink_alloc_large_skb+0x69/0x140
[ 1589.089215][T29764]  netlink_sendmsg+0x698/0xdd0
[ 1589.089247][T29764]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1589.089283][T29764]  ____sys_sendmsg+0xa98/0xc70
[ 1589.089304][T29764]  ? copy_msghdr_from_user+0x10a/0x160
[ 1589.089329][T29764]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1589.089359][T29764]  ___sys_sendmsg+0x134/0x1d0
[ 1589.089385][T29764]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1589.089438][T29764]  __sys_sendmsg+0x16d/0x220
[ 1589.089463][T29764]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1589.089500][T29764]  do_syscall_64+0xcd/0x4e0
[ 1589.089526][T29764]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1589.089544][T29764] RIP: 0033:0x7f509938eec9
[ 1589.089559][T29764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1589.089576][T29764] RSP: 002b:00007f509a197038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1589.089592][T29764] RAX: ffffffffffffffda RBX: 00007f50995e5fa0 RCX: 00007f509938eec9
[ 1589.089608][T29764] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 0000000000000003
[ 1589.089619][T29764] RBP: 00007f509a197090 R08: 0000000000000000 R09: 0000000000000000
[ 1589.089629][T29764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1589.089639][T29764] R13: 00007f50995e6038 R14: 00007f50995e5fa0 R15: 00007ffc0cd3ff58
[ 1589.089664][T29764]  </TASK>
[ 1589.707948][T20928] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1590.112629][T20928] usb 3-1: config 1 has an invalid interface number: 7 but max is 0
[ 1590.144025][T20928] usb 3-1: config 1 has no interface number 0
[ 1590.167918][T20928] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[ 1590.194333][T20928] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0xA has invalid maxpacket 16
[ 1590.219379][T20928] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1590.229654][T20928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1590.238304][T20928] usb 3-1: Product: syz
[ 1590.242635][T20928] usb 3-1: Manufacturer: syz
[ 1590.262860][T20928] usb 3-1: SerialNumber: syz
[ 1590.283118][T29765] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1590.290891][T29765] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1590.303090][T20928] usb 3-1: Error in usbnet_get_endpoints (-22)
[ 1590.465374][T29798] FAULT_INJECTION: forcing a failure.
[ 1590.465374][T29798] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1590.478818][T29798] CPU: 1 UID: 0 PID: 29798 Comm: syz.4.7465 Not tainted syzkaller #0 PREEMPT(full) 
[ 1590.478844][T29798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1590.478861][T29798] Call Trace:
[ 1590.478868][T29798]  <TASK>
[ 1590.478876][T29798]  dump_stack_lvl+0x16c/0x1f0
[ 1590.478908][T29798]  should_fail_ex+0x512/0x640
[ 1590.478938][T29798]  _copy_to_user+0x32/0xd0
[ 1590.478967][T29798]  simple_read_from_buffer+0xcb/0x170
[ 1590.478989][T29798]  proc_fail_nth_read+0x197/0x240
[ 1590.479013][T29798]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1590.479038][T29798]  ? rw_verify_area+0xcf/0x6c0
[ 1590.479064][T29798]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1590.479086][T29798]  vfs_read+0x1e1/0xcf0
[ 1590.479108][T29798]  ? __pfx___mutex_lock+0x10/0x10
[ 1590.479133][T29798]  ? __pfx_vfs_read+0x10/0x10
[ 1590.479159][T29798]  ? __fget_files+0x20e/0x3c0
[ 1590.479187][T29798]  ksys_read+0x12a/0x250
[ 1590.479206][T29798]  ? __pfx_ksys_read+0x10/0x10
[ 1590.479232][T29798]  do_syscall_64+0xcd/0x4e0
[ 1590.479259][T29798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1590.479278][T29798] RIP: 0033:0x7f5d79f8d8dc
[ 1590.479293][T29798] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1590.479310][T29798] RSP: 002b:00007f5d7ae3e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1590.479329][T29798] RAX: ffffffffffffffda RBX: 00007f5d7a1e5fa0 RCX: 00007f5d79f8d8dc
[ 1590.479340][T29798] RDX: 000000000000000f RSI: 00007f5d7ae3e0a0 RDI: 0000000000000004
[ 1590.479351][T29798] RBP: 00007f5d7ae3e090 R08: 0000000000000000 R09: 0000000000000000
[ 1590.479362][T29798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1590.479372][T29798] R13: 00007f5d7a1e6038 R14: 00007f5d7a1e5fa0 R15: 00007ffe66188438
[ 1590.479397][T29798]  </TASK>
[ 1590.482461][T29791] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1590.727213][T20928] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1590.878896][T20928] usb 6-1: device descriptor read/64, error -71
[ 1591.146741][T20928] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1591.366970][T15879] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[ 1591.376723][T20928] usb 6-1: device descriptor read/64, error -71
[ 1591.407342][   T30] audit: type=1400 audit(1759540883.781:1724): avc:  denied  { ioctl } for  pid=29817 comm="syz.1.7472" path="/dev/sg0" dev="devtmpfs" ino=772 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1591.487218][T20928] usb usb6-port1: attempt power cycle
[ 1591.937693][T20928] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1591.987391][T20928] usb 6-1: device descriptor read/8, error -71
[ 1593.746913][T20928] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1598.896660][T15879] usb 5-1: device descriptor read/all, error -110
[ 1598.897686][T20928] usb 6-1: device descriptor read/8, error -110
[ 1599.086742][T15879] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[ 1599.286703][T15879] usb 5-1: device descriptor read/64, error -32
[ 1599.436941][T15879] usb usb5-port1: attempt power cycle
[ 1599.886653][T15879] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[ 1599.936939][T15879] usb 5-1: device descriptor read/8, error -32
[ 1696.536482][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1696.536502][    C1] rcu: 	0-...!: (1 GPs behind) idle=78d4/1/0x4000000000000000 softirq=159781/159782 fqs=258
[ 1696.537186][    C1] rcu: 	(detected by 1, t=10505 jiffies, g=147873, q=158 ncpus=2)
[ 1696.537205][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1696.537232][    C0] NMI backtrace for cpu 0
[ 1696.537245][    C0] CPU: 0 UID: 0 PID: 30 Comm: kauditd Not tainted syzkaller #0 PREEMPT(full) 
[ 1696.537261][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1696.537270][    C0] RIP: 0010:_raw_spin_lock_irqsave+0x42/0x60
[ 1696.537292][    C0] Code: 00 e8 72 b1 39 f6 ff 74 24 10 48 8d 7b 18 45 31 c9 31 c9 41 b8 01 00 00 00 31 d2 31 f6 e8 d6 e3 48 f6 48 89 df e8 be 2c 49 f6 <58> 48 89 e8 5b 5d c3 cc cc cc cc e8 ee a7 74 f6 eb c0 66 66 2e 0f
[ 1696.537306][    C0] RSP: 0018:ffffc90000007d30 EFLAGS: 00000096
[ 1696.537319][    C0] RAX: 0000000000000000 RBX: ffffffff9aa292f0 RCX: ffffffff8197ad8c
[ 1696.537328][    C0] RDX: 1ffffffff3545260 RSI: 0000000000000004 RDI: ffffc90000007cc0
[ 1696.537338][    C0] RBP: 0000000000000002 R08: 0000000000000001 R09: fffff52000000f98
[ 1696.537347][    C0] R10: 0000000000000003 R11: 0000000000000000 R12: ffffffff9aa292e8
[ 1696.537355][    C0] R13: dffffc0000000000 R14: ffff888078295340 R15: 1ffff92000000fac
[ 1696.537365][    C0] FS:  0000000000000000(0000) GS:ffff888124e85000(0000) knlGS:0000000000000000
[ 1696.537379][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1696.537389][    C0] CR2: 0000200000138030 CR3: 0000000047ced000 CR4: 00000000003526f0
[ 1696.537398][    C0] DR0: 0000000000000000 DR1: 0000000000006800 DR2: 0000000000009951
[ 1696.537407][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1696.537415][    C0] Call Trace:
[ 1696.537420][    C0]  <IRQ>
[ 1696.537426][    C0]  ? debug_object_deactivate+0x135/0x3a0
[ 1696.537444][    C0]  debug_object_deactivate+0x135/0x3a0
[ 1696.537458][    C0]  ? __pfx_debug_object_activate+0x10/0x10
[ 1696.537475][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[ 1696.537492][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1696.537513][    C0]  __hrtimer_run_queues+0x46f/0xad0
[ 1696.537534][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1696.537552][    C0]  ? read_tsc+0x9/0x20
[ 1696.537573][    C0]  hrtimer_interrupt+0x397/0x8e0
[ 1696.537596][    C0]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[ 1696.537613][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1696.537630][    C0]  </IRQ>
[ 1696.537634][    C0]  <TASK>
[ 1696.537640][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1696.537654][    C0] RIP: 0010:console_flush_all+0x9a2/0xc60
[ 1696.537673][    C0] Code: 00 e8 42 f1 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 f0 f8 20 00 48 85 db 0f 85 55 01 00 00 e8 72 fd 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 b7 71 89
[ 1696.537685][    C0] RSP: 0018:ffffc90000a679c8 EFLAGS: 00000293
[ 1696.537702][    C0] RAX: ffffffff8ee33578 RBX: 0000000000000000 RCX: ffffffff819a3830
[ 1696.537711][    C0] RDX: ffff8880202e8000 RSI: ffffffff819a383e RDI: 0000000000000007
[ 1696.537720][    C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[ 1696.537728][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8ee33578
[ 1696.537736][    C0] R13: ffffffff8ee33520 R14: ffffc90000a67a58 R15: dffffc0000000000
[ 1696.537749][    C0]  ? console_flush_all+0x990/0xc60
[ 1696.537766][    C0]  ? console_flush_all+0x99e/0xc60
[ 1696.537785][    C0]  ? console_flush_all+0x99e/0xc60
[ 1696.537805][    C0]  ? __pfx_console_flush_all+0x10/0x10
[ 1696.537825][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1696.537847][    C0]  console_unlock+0xd8/0x210
[ 1696.537864][    C0]  ? __pfx_console_unlock+0x10/0x10
[ 1696.537881][    C0]  ? do_raw_spin_unlock+0x150/0x230
[ 1696.537898][    C0]  ? _printk+0xc7/0x100
[ 1696.537912][    C0]  ? __down_trylock_console_sem+0xb0/0x140
[ 1696.537929][    C0]  vprintk_emit+0x3d7/0x680
[ 1696.537947][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[ 1696.537965][    C0]  ? find_held_lock+0x2b/0x80
[ 1696.537985][    C0]  ? __pfx_kauditd_send_multicast_skb+0x10/0x10
[ 1696.538001][    C0]  _printk+0xc7/0x100
[ 1696.538014][    C0]  ? __pfx__printk+0x10/0x10
[ 1696.538030][    C0]  ? netlink_has_listeners+0x20f/0x430
[ 1696.538049][    C0]  ? __pfx____ratelimit+0x10/0x10
[ 1696.538066][    C0]  ? kauditd_hold_skb+0x1bc/0x250
[ 1696.538082][    C0]  kauditd_hold_skb+0x205/0x250
[ 1696.538097][    C0]  kauditd_send_queue+0x239/0x290
[ 1696.538111][    C0]  ? __pfx_kauditd_hold_skb+0x10/0x10
[ 1696.538127][    C0]  kauditd_thread+0x623/0xa70
[ 1696.538141][    C0]  ? __pfx_kauditd_thread+0x10/0x10
[ 1696.538157][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1696.538178][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1696.538196][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1696.538209][    C0]  ? __pfx_kauditd_thread+0x10/0x10
[ 1696.538224][    C0]  kthread+0x3c2/0x780
[ 1696.538239][    C0]  ? __pfx_kthread+0x10/0x10
[ 1696.538254][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1696.538273][    C0]  ? __pfx_kthread+0x10/0x10
[ 1696.538288][    C0]  ret_from_fork+0x56a/0x730
[ 1696.538301][    C0]  ? __pfx_kthread+0x10/0x10
[ 1696.538316][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1696.538338][    C0]  </TASK>
[ 1696.539227][    C1] rcu: rcu_preempt kthread starved for 9210 jiffies! g147873 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 1696.539247][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1696.539256][    C1] rcu: RCU grace-period kthread stack dump:
[ 1696.539262][    C1] task:rcu_preempt     state:R  running task     stack:28232 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[ 1696.539320][    C1] Call Trace:
[ 1696.539326][    C1]  <TASK>
[ 1696.539337][    C1]  __schedule+0x1190/0x5de0
[ 1696.539374][    C1]  ? __pfx___schedule+0x10/0x10
[ 1696.539401][    C1]  ? find_held_lock+0x2b/0x80
[ 1696.539426][    C1]  ? schedule+0x2d7/0x3a0
[ 1696.539455][    C1]  schedule+0xe7/0x3a0
[ 1696.539477][    C1]  schedule_timeout+0x123/0x290
[ 1696.539496][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1696.539517][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1696.539546][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1696.539568][    C1]  ? prepare_to_swait_event+0xf5/0x480
[ 1696.539590][    C1]  rcu_gp_fqs_loop+0x1ea/0xaf0
[ 1696.539613][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1696.539633][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1696.539657][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[ 1696.539675][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[ 1696.539698][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1696.539723][    C1]  rcu_gp_kthread+0x26d/0x380
[ 1696.539743][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1696.539762][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1696.539786][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1696.539811][    C1]  ? __kthread_parkme+0x19e/0x250
[ 1696.539829][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1696.539849][    C1]  kthread+0x3c2/0x780
[ 1696.539869][    C1]  ? __pfx_kthread+0x10/0x10
[ 1696.539891][    C1]  ? rcu_is_watching+0x12/0xc0
[ 1696.539915][    C1]  ? __pfx_kthread+0x10/0x10
[ 1696.539936][    C1]  ret_from_fork+0x56a/0x730
[ 1696.539953][    C1]  ? __pfx_kthread+0x10/0x10
[ 1696.539973][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1696.540007][    C1]  </TASK>
[ 1696.540014][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1696.540022][    C1] CPU: 1 UID: 0 PID: 24060 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1696.540042][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1696.540052][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x3b/0x70
[ 1696.540075][    C1] Code: 8b 05 69 7a be 11 a9 00 01 ff 00 74 1d f6 c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 7c 16 00 00 85 c0 74 2b <8b> 82 58 16 00 00 83 f8 02 75 20 48 8b 8a 60 16 00 00 8b 92 5c 16
[ 1696.540091][    C1] RSP: 0018:ffffc90003f7f700 EFLAGS: 00000246
[ 1696.540105][    C1] RAX: 0000000000000002 RBX: ffff8880b8642800 RCX: ffffffff81af2a21
[ 1696.540116][    C1] RDX: ffff88804c3b2480 RSI: ffffffff81af29fb RDI: 0000000000000005
[ 1696.540128][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 1696.540138][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
[ 1696.540149][    C1] R13: ffffed10170c8501 R14: 0000000000000001 R15: 0000000000000000
[ 1696.540161][    C1] FS:  0000000000000000(0000) GS:ffff888124f85000(0000) knlGS:0000000000000000
[ 1696.540178][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1696.540190][    C1] CR2: 00007f87449f6d58 CR3: 000000000df82000 CR4: 00000000003526f0
[ 1696.540202][    C1] DR0: 0000000000000000 DR1: 0000000000006800 DR2: 0000000000009951
[ 1696.540224][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1696.540236][    C1] Call Trace:
[ 1696.540242][    C1]  <TASK>
[ 1696.540248][    C1]  smp_call_function_many_cond+0xdfb/0x1600
[ 1696.540279][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1696.540304][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1696.540340][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1696.540358][    C1]  on_each_cpu_cond_mask+0x40/0x90
[ 1696.540385][    C1]  flush_tlb_mm_range+0x4a0/0x17a0
[ 1696.540406][    C1]  ? __pfx_free_pgtables+0x10/0x10
[ 1696.540429][    C1]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1696.540457][    C1]  tlb_finish_mmu+0x3c9/0x7c0
[ 1696.540486][    C1]  exit_mmap+0x3fc/0xb90
[ 1696.540510][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1696.540538][    C1]  ? __lock_acquire+0xb97/0x1ce0
[ 1696.540567][    C1]  ? arch_uprobe_clear_state+0x16/0x150
[ 1696.540593][    C1]  __mmput+0x12a/0x410
[ 1696.540618][    C1]  mmput+0x62/0x70
[ 1696.540640][    C1]  do_exit+0x7c7/0x2bf0
[ 1696.540657][    C1]  ? find_held_lock+0x2b/0x80
[ 1696.540683][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1696.540698][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1696.540719][    C1]  ? find_held_lock+0x2b/0x80
[ 1696.540746][    C1]  do_group_exit+0xd3/0x2a0
[ 1696.540765][    C1]  get_signal+0x2671/0x26d0
[ 1696.540794][    C1]  ? css_rstat_updated+0x1c2/0x510
[ 1696.540822][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1696.540848][    C1]  ? __do_sys_wait4+0xd1/0x170
[ 1696.540869][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[ 1696.540894][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1696.540932][    C1]  exit_to_user_mode_loop+0x85/0x130
[ 1696.540955][    C1]  do_syscall_64+0x419/0x4e0
[ 1696.540981][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1696.540997][    C1] RIP: 0033:0x7f9f7b584fd3
[ 1696.541011][    C1] Code: Unable to access opcode bytes at 0x7f9f7b584fa9.
[ 1696.541020][    C1] RSP: 002b:00007ffc415cff88 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[ 1696.541036][    C1] RAX: fffffffffffffe00 RBX: 0000000000005e14 RCX: 00007f9f7b584fd3
[ 1696.541047][    C1] RDX: 0000000040000000 RSI: 00007ffc415cff9c RDI: 00000000ffffffff
[ 1696.541059][    C1] RBP: 00007ffc415cff9c R08: 0000000000000000 R09: 0000000000000000
[ 1696.541069][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1696.541080][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1696.541103][    C1]  </TASK>
[ 1849.813912][    C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [syz-executor:24060]
[ 1849.813935][    C1] Modules linked in:
[ 1849.813944][    C1] irq event stamp: 2296832
[ 1849.813951][    C1] hardirqs last  enabled at (2296831): [<ffffffff8b4bd54b>] irqentry_exit+0x3b/0x90
[ 1849.813981][    C1] hardirqs last disabled at (2296832): [<ffffffff8b4bc01e>] sysvec_apic_timer_interrupt+0xe/0xc0
[ 1849.814004][    C1] softirqs last  enabled at (2296826): [<ffffffff817bc0ae>] handle_softirqs+0x5be/0x8e0
[ 1849.814031][    C1] softirqs last disabled at (2296751): [<ffffffff817bc569>] __irq_exit_rcu+0x109/0x170
[ 1849.814059][    C1] CPU: 1 UID: 0 PID: 24060 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[ 1849.814078][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1849.814088][    C1] RIP: 0010:smp_call_function_many_cond+0xe07/0x1600
[ 1849.814114][    C1] Code: 10 49 89 d5 48 89 d5 48 89 54 24 18 49 c1 ed 03 83 e5 07 4d 01 e5 83 c5 03 e8 b5 0b 0c 00 f3 90 41 0f b6 45 00 40 38 c5 7c 08 <84> c0 0f 85 e0 05 00 00 8b 43 08 31 ff 83 e0 01 41 89 c6 89 c6 e8
[ 1849.814129][    C1] RSP: 0018:ffffc90003f7f708 EFLAGS: 00000206
[ 1849.814142][    C1] RAX: 0000000000000000 RBX: ffff8880b8642800 RCX: ffffffff81af2a21
[ 1849.814153][    C1] RDX: ffff88804c3b2480 RSI: ffffffff81af29fb RDI: 0000000000000005
[ 1849.814164][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 1849.814173][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
[ 1849.814183][    C1] R13: ffffed10170c8501 R14: 0000000000000001 R15: 0000000000000000
[ 1849.814193][    C1] FS:  0000000000000000(0000) GS:ffff888124f85000(0000) knlGS:0000000000000000
[ 1849.814209][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1849.814221][    C1] CR2: 00007f87449f6d58 CR3: 000000000df82000 CR4: 00000000003526f0
[ 1849.814231][    C1] DR0: 0000000000000000 DR1: 0000000000006800 DR2: 0000000000009951
[ 1849.814241][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1849.814251][    C1] Call Trace:
[ 1849.814257][    C1]  <TASK>
[ 1849.814268][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1849.814293][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1849.814327][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1849.814343][    C1]  on_each_cpu_cond_mask+0x40/0x90
[ 1849.814369][    C1]  flush_tlb_mm_range+0x4a0/0x17a0
[ 1849.814391][    C1]  ? __pfx_free_pgtables+0x10/0x10
[ 1849.814412][    C1]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1849.814435][    C1]  tlb_finish_mmu+0x3c9/0x7c0
[ 1849.814461][    C1]  exit_mmap+0x3fc/0xb90
[ 1849.814485][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1849.814512][    C1]  ? __lock_acquire+0xb97/0x1ce0
[ 1849.814540][    C1]  ? arch_uprobe_clear_state+0x16/0x150
[ 1849.814565][    C1]  __mmput+0x12a/0x410
[ 1849.814589][    C1]  mmput+0x62/0x70
[ 1849.814610][    C1]  do_exit+0x7c7/0x2bf0
[ 1849.814626][    C1]  ? find_held_lock+0x2b/0x80
[ 1849.814651][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1849.814667][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1849.814687][    C1]  ? find_held_lock+0x2b/0x80
[ 1849.814713][    C1]  do_group_exit+0xd3/0x2a0
[ 1849.814732][    C1]  get_signal+0x2671/0x26d0
[ 1849.814759][    C1]  ? css_rstat_updated+0x1c2/0x510
[ 1849.814788][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1849.814813][    C1]  ? __do_sys_wait4+0xd1/0x170
[ 1849.814834][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[ 1849.814863][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1849.814901][    C1]  exit_to_user_mode_loop+0x85/0x130
[ 1849.814923][    C1]  do_syscall_64+0x419/0x4e0
[ 1849.814948][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1849.814965][    C1] RIP: 0033:0x7f9f7b584fd3
[ 1849.814979][    C1] Code: Unable to access opcode bytes at 0x7f9f7b584fa9.
[ 1849.814986][    C1] RSP: 002b:00007ffc415cff88 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[ 1849.815001][    C1] RAX: fffffffffffffe00 RBX: 0000000000005e14 RCX: 00007f9f7b584fd3
[ 1849.815012][    C1] RDX: 0000000040000000 RSI: 00007ffc415cff9c RDI: 00000000ffffffff
[ 1849.815022][    C1] RBP: 00007ffc415cff9c R08: 0000000000000000 R09: 0000000000000000
[ 1849.815032][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1849.815042][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1849.815063][    C1]  </TASK>
[ 1849.815070][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1849.815098][    C0] NMI backtrace for cpu 0
[ 1849.815108][    C0] CPU: 0 UID: 0 PID: 30 Comm: kauditd Not tainted syzkaller #0 PREEMPT(full) 
[ 1849.815123][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1849.815130][    C0] RIP: 0010:__sanitizer_cov_trace_pc+0x1e/0x70
[ 1849.815150][    C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 34 24 65 48 8b 15 58 7a be 11 65 8b 05 69 7a be 11 a9 00 01 ff 00 74 1d <f6> c4 01 74 43 a9 00 00 0f 00 75 3c a9 00 00 f0 00 75 35 8b 82 7c
[ 1849.815162][    C0] RSP: 0018:ffffc90000007e38 EFLAGS: 00000006
[ 1849.815173][    C0] RAX: 0000000000010001 RBX: ffff8880b8627d80 RCX: ffffc90000007d54
[ 1849.815182][    C0] RDX: ffff8880202e8000 RSI: ffffffff81a7fbf0 RDI: ffff8880202e8b18
[ 1849.815191][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[ 1849.815199][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff8880b8627c80
[ 1849.815207][    C0] R13: 0000000000000000 R14: ffff888078295340 R15: 0000000000000001
[ 1849.815216][    C0] FS:  0000000000000000(0000) GS:ffff888124e85000(0000) knlGS:0000000000000000
[ 1849.815230][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1849.815239][    C0] CR2: 0000200000138030 CR3: 0000000047ced000 CR4: 00000000003526f0
[ 1849.815248][    C0] DR0: 0000000000000000 DR1: 0000000000006800 DR2: 0000000000009951
[ 1849.815256][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1849.815265][    C0] Call Trace:
[ 1849.815270][    C0]  <IRQ>
[ 1849.815274][    C0]  __hrtimer_run_queues+0x250/0xad0
[ 1849.815296][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1849.815314][    C0]  ? read_tsc+0x9/0x20
[ 1849.815334][    C0]  hrtimer_interrupt+0x397/0x8e0
[ 1849.815357][    C0]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[ 1849.815374][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1849.815391][    C0]  </IRQ>
[ 1849.815395][    C0]  <TASK>
[ 1849.815400][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1849.815414][    C0] RIP: 0010:console_flush_all+0x9a2/0xc60
[ 1849.815433][    C0] Code: 00 e8 42 f1 28 00 9c 5b 81 e3 00 02 00 00 31 ff 48 89 de e8 f0 f8 20 00 48 85 db 0f 85 55 01 00 00 e8 72 fd 20 00 fb 4c 89 e0 <48> c1 e8 03 42 80 3c 38 00 0f 84 11 ff ff ff 4c 89 e7 e8 b7 71 89
[ 1849.815445][    C0] RSP: 0018:ffffc90000a679c8 EFLAGS: 00000293
[ 1849.815455][    C0] RAX: ffffffff8ee33578 RBX: 0000000000000000 RCX: ffffffff819a3830
[ 1849.815464][    C0] RDX: ffff8880202e8000 RSI: ffffffff819a383e RDI: 0000000000000007
[ 1849.815472][    C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[ 1849.815481][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8ee33578
[ 1849.815489][    C0] R13: ffffffff8ee33520 R14: ffffc90000a67a58 R15: dffffc0000000000
[ 1849.815501][    C0]  ? console_flush_all+0x990/0xc60
[ 1849.815518][    C0]  ? console_flush_all+0x99e/0xc60
[ 1849.815537][    C0]  ? console_flush_all+0x99e/0xc60
[ 1849.815556][    C0]  ? __pfx_console_flush_all+0x10/0x10
[ 1849.815577][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1849.815598][    C0]  console_unlock+0xd8/0x210
[ 1849.815615][    C0]  ? __pfx_console_unlock+0x10/0x10
[ 1849.815633][    C0]  ? do_raw_spin_unlock+0x150/0x230
[ 1849.815650][    C0]  ? _printk+0xc7/0x100
[ 1849.815665][    C0]  ? __down_trylock_console_sem+0xb0/0x140
[ 1849.815681][    C0]  vprintk_emit+0x3d7/0x680
[ 1849.815700][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[ 1849.815717][    C0]  ? find_held_lock+0x2b/0x80
[ 1849.815736][    C0]  ? __pfx_kauditd_send_multicast_skb+0x10/0x10
[ 1849.815752][    C0]  _printk+0xc7/0x100
[ 1849.815765][    C0]  ? __pfx__printk+0x10/0x10
[ 1849.815781][    C0]  ? netlink_has_listeners+0x20f/0x430
[ 1849.815800][    C0]  ? __pfx____ratelimit+0x10/0x10
[ 1849.815818][    C0]  ? kauditd_hold_skb+0x1bc/0x250
[ 1849.815833][    C0]  kauditd_hold_skb+0x205/0x250
[ 1849.815848][    C0]  kauditd_send_queue+0x239/0x290
[ 1849.815862][    C0]  ? __pfx_kauditd_hold_skb+0x10/0x10
[ 1849.815878][    C0]  kauditd_thread+0x623/0xa70
[ 1849.815893][    C0]  ? __pfx_kauditd_thread+0x10/0x10
[ 1849.815908][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1849.815929][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1849.815947][    C0]  ? __kthread_parkme+0x19e/0x250
[ 1849.815960][    C0]  ? __pfx_kauditd_thread+0x10/0x10
[ 1849.815974][    C0]  kthread+0x3c2/0x780
[ 1849.815989][    C0]  ? __pfx_kthread+0x10/0x10
[ 1849.816004][    C0]  ? rcu_is_watching+0x12/0xc0
[ 1849.816023][    C0]  ? __pfx_kthread+0x10/0x10
[ 1849.816038][    C0]  ret_from_fork+0x56a/0x730
[ 1849.816051][    C0]  ? __pfx_kthread+0x10/0x10
[ 1849.816066][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1849.816088][    C0]  </TASK>
[ 1849.817091][    C1] Kernel panic - not syncing: softlockup: hung tasks
[ 1849.817104][    C1] CPU: 1 UID: 0 PID: 24060 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1849.817127][    C1] Tainted: [L]=SOFTLOCKUP
[ 1849.817134][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1849.817144][    C1] Call Trace:
[ 1849.817150][    C1]  <IRQ>
[ 1849.817157][    C1]  dump_stack_lvl+0x3d/0x1f0
[ 1849.817183][    C1]  vpanic+0x640/0x6f0
[ 1849.817202][    C1]  panic+0xca/0xd0
[ 1849.817219][    C1]  ? __pfx_panic+0x10/0x10
[ 1849.817235][    C1]  ? nmi_backtrace_stall_check+0x6e/0x540
[ 1849.817257][    C1]  ? irq_work_queue+0xce/0x100
[ 1849.817280][    C1]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1849.817298][    C1]  ? __wake_up_klogd.part.0+0x99/0xf0
[ 1849.817319][    C1]  ? watchdog_timer_fn+0x5ee/0x780
[ 1849.817343][    C1]  ? watchdog_timer_fn+0x5e1/0x780
[ 1849.817368][    C1]  watchdog_timer_fn+0x5ff/0x780
[ 1849.817394][    C1]  ? __pfx_watchdog_timer_fn+0x10/0x10
[ 1849.817416][    C1]  __hrtimer_run_queues+0x5ed/0xad0
[ 1849.817446][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1849.817468][    C1]  ? read_tsc+0x9/0x20
[ 1849.817498][    C1]  hrtimer_interrupt+0x397/0x8e0
[ 1849.817532][    C1]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[ 1849.817554][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[ 1849.817576][    C1]  </IRQ>
[ 1849.817583][    C1]  <TASK>
[ 1849.817590][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1849.817609][    C1] RIP: 0010:smp_call_function_many_cond+0xe07/0x1600
[ 1849.817634][    C1] Code: 10 49 89 d5 48 89 d5 48 89 54 24 18 49 c1 ed 03 83 e5 07 4d 01 e5 83 c5 03 e8 b5 0b 0c 00 f3 90 41 0f b6 45 00 40 38 c5 7c 08 <84> c0 0f 85 e0 05 00 00 8b 43 08 31 ff 83 e0 01 41 89 c6 89 c6 e8
[ 1849.817649][    C1] RSP: 0018:ffffc90003f7f708 EFLAGS: 00000206
[ 1849.817662][    C1] RAX: 0000000000000000 RBX: ffff8880b8642800 RCX: ffffffff81af2a21
[ 1849.817673][    C1] RDX: ffff88804c3b2480 RSI: ffffffff81af29fb RDI: 0000000000000005
[ 1849.817685][    C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 1849.817696][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: dffffc0000000000
[ 1849.817707][    C1] R13: ffffed10170c8501 R14: 0000000000000001 R15: 0000000000000000
[ 1849.817725][    C1]  ? smp_call_function_many_cond+0xe21/0x1600
[ 1849.817749][    C1]  ? smp_call_function_many_cond+0xdfb/0x1600
[ 1849.817778][    C1]  ? smp_call_function_many_cond+0xdfb/0x1600
[ 1849.817806][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1849.817829][    C1]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[ 1849.817871][    C1]  ? __pfx_flush_tlb_func+0x10/0x10
[ 1849.817888][    C1]  on_each_cpu_cond_mask+0x40/0x90
[ 1849.817915][    C1]  flush_tlb_mm_range+0x4a0/0x17a0
[ 1849.817937][    C1]  ? __pfx_free_pgtables+0x10/0x10
[ 1849.817958][    C1]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[ 1849.817981][    C1]  tlb_finish_mmu+0x3c9/0x7c0
[ 1849.818009][    C1]  exit_mmap+0x3fc/0xb90
[ 1849.818034][    C1]  ? __pfx_exit_mmap+0x10/0x10
[ 1849.818061][    C1]  ? __lock_acquire+0xb97/0x1ce0
[ 1849.818090][    C1]  ? arch_uprobe_clear_state+0x16/0x150
[ 1849.818114][    C1]  __mmput+0x12a/0x410
[ 1849.818138][    C1]  mmput+0x62/0x70
[ 1849.818160][    C1]  do_exit+0x7c7/0x2bf0
[ 1849.818177][    C1]  ? find_held_lock+0x2b/0x80
[ 1849.818203][    C1]  ? __pfx_do_exit+0x10/0x10
[ 1849.818220][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1849.818240][    C1]  ? find_held_lock+0x2b/0x80
[ 1849.818267][    C1]  do_group_exit+0xd3/0x2a0
[ 1849.818287][    C1]  get_signal+0x2671/0x26d0
[ 1849.818315][    C1]  ? css_rstat_updated+0x1c2/0x510
[ 1849.818343][    C1]  ? __pfx_get_signal+0x10/0x10
[ 1849.818369][    C1]  ? __do_sys_wait4+0xd1/0x170
[ 1849.818390][    C1]  arch_do_signal_or_restart+0x8f/0x7c0
[ 1849.818414][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1849.818452][    C1]  exit_to_user_mode_loop+0x85/0x130
[ 1849.818473][    C1]  do_syscall_64+0x419/0x4e0
[ 1849.818499][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1849.818515][    C1] RIP: 0033:0x7f9f7b584fd3
[ 1849.818528][    C1] Code: Unable to access opcode bytes at 0x7f9f7b584fa9.
[ 1849.818536][    C1] RSP: 002b:00007ffc415cff88 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[ 1849.818552][    C1] RAX: fffffffffffffe00 RBX: 0000000000005e14 RCX: 00007f9f7b584fd3
[ 1849.818563][    C1] RDX: 0000000040000000 RSI: 00007ffc415cff9c RDI: 00000000ffffffff
[ 1849.818574][    C1] RBP: 00007ffc415cff9c R08: 0000000000000000 R09: 0000000000000000
[ 1849.818585][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1849.818596][    C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1849.818619][    C1]  </TASK>
[ 1850.904197][    C1] Shutting down cpus with NMI
[ 1850.904405][    C1] Kernel Offset: disabled