last executing test programs:

2.537807517s ago: executing program 2 (id=1457):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4084)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r5, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)
sendto$packet(r6, &(0x7f0000000480)="c1858aec1d0a21756f66b4805f3a", 0xe, 0x40000, &(0x7f0000000240)={0x11, 0xf8, 0x0, 0x1, 0x5, 0x6, @random="24f51e8e0a5a"}, 0x14)

1.209982307s ago: executing program 3 (id=1458):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/vlan/vlan0\x00')
read$FUSE(r0, 0x0, 0xa00)
ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x8, 0x0, 0x5})

1.209076312s ago: executing program 3 (id=1460):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1a1740, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000440)={0x53, 0x0, 0x106, 0x1, @scatter={0x0, 0x0, 0x0}, &(0x7f00000004c0)="851666ce20db96ab0c7d83e114e7ef1762249711e34f4ce12c6afeb7e6d77bd3b97644edd8e3a3b71fcd006b6237766e151f344afb2306455034ea7a31b1a48724e372a5a8a9ca040f5831f2eb11842a4b8ec9064fa439440f374355d9af754314ce445ac9bea7fac19c3ac58a131895c378ec497ffdf9a82032d9fa225397b92d2e2193de6fe2f6b6c0bd0f80de3dc72890b6900c5b86752639bf37ab325c16dc2f3d4d01b4c3b71ebbfd6fc9b316f76a07144538506a68ae00df22f2fa9cbb0c9fa73c1dcf3eb2eb4fe3534fcee01e9ca0c66f27b8e05e7545cbc3511b3d086f51d58f9acd52eab032468cc8075451bcd5c081a8db84ff509a2f874daf6b3ddff977834d87", 0x0, 0x10, 0x5bb727690d5f0ff6, 0x0, 0x0})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r4 = syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000c00000/0x400000)=nil)
r5 = syz_kvm_add_vcpu$x86(r4, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=[@wrmsr={0x65, 0x20, {0x40000000, 0x3}}, @wrmsr={0x65, 0x20, {0x40000001, 0x3f}}], 0x40})
ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r5, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x7, 0x7fffffffffffffff, 0x14, 0x10000, 0x9, 0x40, 0x7, 0x10, 0x4, 0x7ffffffffffffffd, 0x1, 0x5, 0x100003, 0x1, 0x6], 0x0, 0x110900})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.158557381s ago: executing program 2 (id=1461):
r0 = socket$l2tp(0x2, 0x2, 0x73)
recvfrom$l2tp(r0, &(0x7f0000000000)=""/196, 0xc4, 0x2040, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10)
recvfrom$l2tp(0xffffffffffffffff, &(0x7f0000000140)=""/201, 0xc9, 0x0, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x90, r1, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x43ce}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x24c}, {0x6, 0x16, 0xa}, {0x5, 0x12, 0x1}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
sendto$l2tp(r0, &(0x7f0000000400)="b1eebfd3ae40a3ba4fb4e47c1eb939051b1a9d8d9ad9a5ed89ed8e124ab21b84da161b2cf6416f4da5e2c4e0384332b7682c65af3b9aa942eec6d2bb0f7f7043f13067c8d3f5fc802cfe610e8ebafcab16ef3908551a9246c57b32f3fb5bec385d1de48811e4f0ff259fd26833795a9e08584252f93f48a2d1f5367aed658aba7d5fe536dd131541379648096fdfcd43c0db72ffe6db17d9f3ec6393837ffa447a266c4a0b64b8edcb96a8fc9476a2d6af1fd859a27f9d2b1544e11df988bdaf5741ca35cc4a", 0xc6, 0x4, &(0x7f0000000500)={0x2, 0x0, @rand_addr=0x64010102, 0x4}, 0x10)
ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_START_SCHED_SCAN(r2, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x8, 0x42}}}}, [@NL80211_ATTR_BG_SCAN_PERIOD={0x6}, @NL80211_ATTR_SCAN_SSIDS={0x28, 0x2d, 0x0, 0x1, [{0x15, 0x0, @random="537106013df0ed9629d637fd31b424f426"}, {0xa, 0x0, @default_ibss_ssid}]}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x6}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4080}, 0x6000c080)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000900)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000008c0)={&(0x7f00000006c0)={0x1f0, r1, 0x8, 0x70bd27, 0x25dfdbfd, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x60001}, 0x800)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000980), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000c80)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000c40)={&(0x7f00000009c0)={0x248, r3, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x4}, {0xc, 0x8f, 0x75}, {0xc, 0x90, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x10}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x7}, {0xc, 0x90, 0x5f}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x6}, {0xc, 0x90, 0xffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xa}, {0xc, 0x90, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0x101}, {0xc, 0x90, 0x7ff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0x3}, {0xc, 0x90, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xc0000000000000}, {0xc, 0x90, 0x3cd}}]}, 0x248}, 0x1, 0x0, 0x0, 0x814}, 0x4004080)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x18, 0x2, &(0x7f0000000cc0)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x3, 0x2, 0x0, 0xfffffffffffffff0, 0xfffffffffffffff0}], &(0x7f0000000d00)='GPL\x00', 0x7f, 0x61, &(0x7f0000000d40)=""/97, 0x40f00, 0x46, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000dc0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000e00)={0x2, 0xb, 0x2, 0x5}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000e40)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x40}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001040)={@fallback=<r5=>r2, 0x8, 0x1, 0x80000001, &(0x7f0000000f40)=[0x0], 0x1, 0x0, &(0x7f0000000f80)=[0x0, 0x0, 0x0], &(0x7f0000000fc0)=[0x0, 0x0, 0x0], &(0x7f0000001000)=[0x0, 0x0], <r6=>0x0}, 0x40)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000010c0)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x401, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x50)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001080)={@map=r7, r4, 0x24, 0x1b, 0xffffffffffffffff, @void, @value, @void, @void, r6}, 0x20)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000001200)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000001140)="855e2dca20be75698374e49255064bfd42e3b6d0063160ba8a48fa4d5d869ff497a0670a8d1f9f4873a9a20b776177de9c554dd70f001c9a919f976955dbfd557e04c22b2a04793adf90df5a8bac83e84f06ec7e87a163494160869dd0e57c8f849d7853737fe3f3aaff6e17f06fd179be2fd3f56c2431841af4a0e94c25322d01b79bfff447a588e719de61399cf0613eb9dae9821a", 0x96, r7}, 0x68)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r5, 0x89f3, &(0x7f0000001340)={'ip_vti0\x00', &(0x7f00000012c0)={'gretap0\x00', <r8=>0x0, 0x1, 0x8000, 0xda3, 0x8, {{0x12, 0x4, 0x3, 0x5, 0x48, 0x64, 0x0, 0x1, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x42}, @loopback, {[@noop, @ra={0x94, 0x4, 0x1}, @generic={0x89, 0xe, "56addfb7248cfb1dac079370"}, @rr={0x7, 0xf, 0xa3, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}, @local]}, @lsrr={0x83, 0xf, 0xd3, [@private=0xa010102, @multicast2, @broadcast]}]}}}}})
sendmsg$nl_route_sched(r5, &(0x7f0000001400)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)=@getchain={0x3c, 0x66, 0x400, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0x6, 0x6}, {0xd, 0x7}, {0xc, 0xb}}, [{0x8, 0xb, 0xcdf}, {0x8, 0xb, 0x9}, {0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000010)
r9 = openat$audio1(0xffffffffffffff9c, &(0x7f0000001440), 0x20201, 0x0)
quotactl_fd$Q_GETFMT(r9, 0xffffffff80000401, 0xee01, &(0x7f0000001480))
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, &(0x7f00000014c0)={0x0, @in6={{0xa, 0x4e20, 0x7ff, @remote, 0x10}}, [0xa, 0x5, 0x40, 0x2, 0x100000000, 0x0, 0x9, 0x9, 0xea, 0x6, 0x8478, 0x3ff, 0x4, 0x1, 0x9]}, &(0x7f00000015c0)=0x100)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$batadv(&(0x7f0000001640), r2)
sendmsg$BATADV_CMD_SET_MESH(r10, &(0x7f0000001700)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x24, r11, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x4}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x28000}]}, 0x24}, 0x1, 0x0, 0x0, 0x1050}, 0x10004044)
syz_clone3(&(0x7f0000001a40)={0x8000000, &(0x7f0000001740), &(0x7f0000001780)=<r12=>0x0, &(0x7f00000017c0), {0x27}, &(0x7f0000001800)=""/239, 0xef, &(0x7f0000001900)=""/213, &(0x7f0000001a00)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x5, {r5}}, 0x58)
capset(&(0x7f0000001ac0)={0x19980330, r12}, &(0x7f0000001b00)={0x0, 0x1, 0x5, 0x38e9, 0x7f, 0x1})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r5, &(0x7f0000001e00)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001dc0)={&(0x7f0000001b80)={0x208, r3, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x81}, {0x6, 0x16, 0x3}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x1}, {0x6, 0x16, 0xc}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0xa9af}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xd1}, {0x6}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x3}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x4bf}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xfba0}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xf8e}, {0x6, 0x16, 0x8}, {0x5, 0x12, 0x1}}]}, 0x208}, 0x1, 0x0, 0x0, 0x4040000}, 0x4049004)
accept4$bt_l2cap(r5, &(0x7f0000001e40)={0x1f, 0x0, @fixed}, &(0x7f0000001e80)=0xe, 0x80800)
ioctl$CDROMREADTOCHDR(r5, 0x5305, &(0x7f0000001ec0)={0x0, 0x4})

1.157773609s ago: executing program 0 (id=1463):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='affs\x00', 0x1000, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
write$selinux_create(r1, &(0x7f0000000200)=@objname={'system_u:object_r:ifconfig_exec_t:s0', 0x20, '/usr/sbin/ntpd', 0x20, 0xc8, 0x20, './file0\x00'}, 0x51)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r1, r1, 0x9, 0x0, @void}, 0x10)
mount$bpf(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x40020, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES16=r1])

1.089817126s ago: executing program 0 (id=1465):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000002080)={0x2, {"a2e3ad214fc752f91b450a0787f70e06d038e7ff7fc6e5539b326d078b089b2008385d090890e0878f0e1ac6e70a9b334a959b689a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5bb6f5dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f0841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b158b41f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b00005e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85824056526f889af43a605608057228652010400006c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d82d6734b849304c27b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833c596c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f5d6d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9ef6d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ca4d24ad92f243941ed274f12a29ff962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e029efe0703615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712ea5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9b97474a5966a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185daba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687fd1602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81da8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6687f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741258c5488efeee327415cc19451432c6f14c27693102a5bd848d7cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a941f0000005f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c86310e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39e3313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13b5c1fa7cfaadba85c7248758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb9957697c9ede7885d94ffb0759be0daf60a842b09eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f49013a3a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b1271e0400", 0x1000}}, 0x1006)
r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000500)={0x3ff, 0x0, 0x4, {0x9, @raw_data="e63e09b33e64369d8dae60e1e6e735d73f64ea1b51edd82d923da428ca836d3295d0c9b12d3bb819c276dfe5003698b901165421f38b48f2e58e6d50f68960de10a1d05064227456803708d41adaff2023ccc507000000b81433647f5d5aee7df2e720448f2fbfc7684178ad817581d3180327796bbec48401556e4429464b7514dcc765288d05c22b02aec6e7cf0e0991b0d8c7bae62d5c2c67542265f7197d9d534aa3f543e7563ccc4bd3e3e7f137e4fd5538e16f7aa9f3b545ae927ed6afc98f34332d0d43d7"}, 0x9}) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10) (async)
r5 = syz_open_dev$vcsa(&(0x7f0000000000), 0xa33, 0x400)
close_range(r5, 0xffffffffffffffff, 0x0) (async)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@ip_ttl={{0x14, 0x0, 0x2, 0x2}}], 0x18}}], 0x1, 0x20004840)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) (async)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000240)={[0x692, 0x7d, 0x80006, 0x4000000010000e51, 0x102, 0x547a, 0x103d, 0x200000000006, 0xfffffffffffffffd, 0x3aa, 0xfffffffffffff9de, 0x1, 0x5, 0x40000000009, 0x378, 0xfffffffffffff802], 0x6000, 0x194110}) (async)
ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b00)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a280000000c0a010200000000000000000200000308000440000000010900020073797a310000000030000000000a01080000000000000000050000090900010073797a3000000000040006000900010073797a3100000000140000000c0a020200000000000000000200000620000000000a01030000000000000000010000080900010073797a310000000030000000160a01040000000000000000050000090900010073797a310000000004000380090002"], 0x104}, 0x1, 0x0, 0x0, 0x40}, 0xc840)

1.087865022s ago: executing program 2 (id=1466):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x1, 0x8, 0x7fffffff, 0x2, 0x80007, 0x7f, 0x20000006, 0xca, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x100001, 0x3, 0x0, 0x5, 0x6, 0x2000001, 0x7, 0x3c5b, 0x1, 0x24, 0x8006, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x8, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0xfffffffc, 0x8000806e, 0x7, 0x17, 0xd, 0x3, 0x2, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0x5, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0xa, 0x2f, 0x10, 0x312, 0xd, 0x8, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x7ffe, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x700bb7ef, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0x10001, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0xa6d, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x2000000, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x2000000a, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1fe, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0x5, 0x7, 0x4000a9, 0x5, 0x9, 0xac8, 0x2000af, 0xfffffffe, 0x8, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x1, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x2, 0x5, 0x42c2, 0x6, 0x6, 0x0, 0xb9, 0x4e7, 0x5, 0x2, 0x57, 0x4, 0x8000003, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0x0, 0x8, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xcb, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x6, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x45, 0x8, 0x30b1d693, 0x5, 0x1f40, 0x7, 0x41, 0x6c1b, 0x0, 0x804, 0xac1, 0xb1e, 0xd7, 0x9, 0xffff3441, 0xfff]}, 0x45c)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r6, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4084)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r8, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r7, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)
sendto$packet(r8, &(0x7f0000000080)="c1858a54f549bc2e1c4577f55f2e96a16c8a66b4805f3a", 0x17, 0x40000, &(0x7f0000000240)={0x11, 0xf8, r7, 0x1, 0x5, 0x6, @random="08231e824af9"}, 0x14)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r11=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000980)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r11, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2, 0x2, 0x3, 0x0, 0x7}, {0x3e, 0x2, 0x1, 0xf, 0x81, 0xfffffe01}, 0x7, 0x80000001, 0x482}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x300}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setopts(0x4200, r0, 0x80e96, 0x100011)
r12 = socket(0x18, 0x5, 0xfffffff7)
setsockopt$netlink_NETLINK_TX_RING(r12, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003900)=ANY=[@ANYBLOB="2400000000000000000400000000000003d90000040b00000c00ecff0000000000000000"], 0x24}}, 0x0)

929.690955ms ago: executing program 0 (id=1469):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2b1f5}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @multicast2}]}}}]}, 0x38}}, 0x800) (fail_nth: 11)

929.130565ms ago: executing program 0 (id=1470):
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
syz_open_dev$MSR(&(0x7f00000001c0), 0x9, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x6)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=@framed={{0xdb, 0xa, 0xa, 0xfe00, 0xa0, 0x71, 0x10, 0x1d}}, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000380)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000300)='%pi6   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r2, <r3=>0xffffffffffffffff}, 0x3c)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0x10, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000020000000000000000010000b7080000000000007b8af8ff00000000b7080000090000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="ebff000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

859.117528ms ago: executing program 0 (id=1471):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @remote}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) (fail_nth: 12)

835.580661ms ago: executing program 2 (id=1472):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xb)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4c22, 0x8, @loopback, 0x20000005}, 0x1c)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x3893, &(0x7f0000000040)={0x0, 0x1000c89b, 0xc000, 0x800007, 0x41, 0x0, r1})
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='/', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x5, &(0x7f0000000140), 0x4)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'veth0_virt_wifi\x00', 0x112})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000740)={'pim6reg1\x00', 0x400})
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'rose0\x00'})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0xb, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x4000)

749.2777ms ago: executing program 0 (id=1473):
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000002a40), 0x4a0, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001940), 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000c300)=ANY=[], 0x68}}, 0x20004060)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0xffffff95})
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r2, 0x2)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000000380)={0x2020}, 0x2020)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r5, 0x40000000)
sendto$inet6(r6, 0x0, 0x0, 0x4, 0x0, 0x0)
write$FUSE_NOTIFY_RESEND(r4, &(0x7f0000000080)={0x14}, 0x14)
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r7, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
connect$netrom(r7, &(0x7f00000000c0)={{0x3, @bcast, 0xad}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48)
ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, &(0x7f0000002a80))
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000024c0)={r2, 0xe0, &(0x7f00000023c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r8=>0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x0, 0x32, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0xb8, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002500)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x1, '\x00', r8, r2, 0x5, 0x4, 0x5}, 0x50)

699.924859ms ago: executing program 1 (id=1474):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan0\x00'})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x3c, r3, 0x1, 0x0, 0xffffffff, {{}, {@void, @val={0xc, 0x99, {0x2001, 0x56}}}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x10d, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x11, 0x2, [{0x2, 0x6}, {0x1, 0x1}, {0x7, 0x7}, {0x3}, {0x1, 0x19}, {0x3, 0x2}, {0x5, 0x6}, {0x2, 0x6}, {0x2, 0x7}, {0x2, 0x4}, {0x3, 0x2}, {0x3, 0x2}, {0x1}]}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000065}, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x58, r3, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x8044)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0xffffffffffffffbc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4d7e00000000000000002a0000000c000500000000000000000005003600010000000c0005000201aaaaaaaaaaaa00002f0001abcb6c060006b0030000000c0005000202aaaaaaaaaaaa181843e7890a21128f26141ea5f8b512d50238faa672d3803f553304b3c93f57e7a0dd468e042d0524c5ef3ca109713a233ff296b196284559532b19aa"], 0x54}, 0x4, 0x700000000000000}, 0x0)

630.189736ms ago: executing program 1 (id=1475):
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x880)
openat$tun(0xffffffffffffff9c, 0x0, 0x1a8b0affa98ce571, 0x0)
close(0xffffffffffffffff)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r0, 0x8914, 0x0)

629.654293ms ago: executing program 1 (id=1476):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@code={0x1, 0x49, {"0f01ca2e646740c159368266bad004b0bdee66baa100ed640f017c9993660f38816da4470f019d0d000000f3430fc776100f01c3460f013a"}}], 0x49})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@mcast2, @in=@private=0xa010100, 0x0, 0x0, 0x4e21, 0x0, 0x2}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9c0, 0x3}, {0xffffbffffffffffc, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@empty, 0x4d3, 0x3c}, 0x2, @in=@multicast2, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x4000000, 0x1}}, 0xe8)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r5)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r9, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4084)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
r11 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r11, &(0x7f0000000140)="bad330fbc9b5544972e7a5ea0756", 0x36, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r10, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14)
sendto$packet(r11, &(0x7f0000000480)="c1858aec1d0a21756f66b4805f3a", 0xe, 0x40000, &(0x7f0000000240)={0x11, 0xf8, r10, 0x1, 0x5, 0x6, @random="24f51e8e0a5a"}, 0x14)

570.281203ms ago: executing program 2 (id=1477):
r0 = syz_io_uring_setup(0x830, &(0x7f0000000300)={0x0, 0x1000cd1d, 0x10100}, &(0x7f0000000000), &(0x7f0000000080), &(0x7f0000000000))
r1 = syz_open_procfs(0x0, &(0x7f0000000600)='net/xfrm_stat\x00')
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, &(0x7f00000000c0)={0x5, "39ea31e0d8b86e36080aadc4ea3eb01dd9790005353373e459de379dc77edaef", 0x2, 0x6, 0x2, 0x10003, 0x8})
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x4000}, {0x0}, {0x0, 0x0, 0x1}, {0x0}]}, 0x4, 0x2}, 0x1)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)

518.363237ms ago: executing program 2 (id=1478):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
socket$packet(0x11, 0x3, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000000)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0000d2"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x80)
ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f00000000c0)={0x2, 0x200, 0xfffffffe})
ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={'rose', 0x0}, 0x5, 'syz1\x00', @bcast, 0x0, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]})
r2 = syz_open_dev$loop(&(0x7f0000000000), 0x1000, 0x10280)
ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000040))

390.107137ms ago: executing program 3 (id=1479):
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000340), 0x40, 0x0)
ioctl$RNDGETENTCNT(r0, 0x80045200, &(0x7f0000000380))
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8924, &(0x7f00000000c0)={'wlan0\x00', 0x1})

389.029225ms ago: executing program 1 (id=1480):
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x880)
openat$tun(0xffffffffffffff9c, 0x0, 0x1a8b0affa98ce571, 0x0)
ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000000)={0x0, 0x0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x1d)
close(r1)
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00'})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]})
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @default, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) (fail_nth: 4)

337.654396ms ago: executing program 3 (id=1481):
r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f0000000840)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002bbd7000ffdbdf250300000008000100000000002800078024000180080001"], 0x44}, 0x1, 0x0, 0x0, 0x40085}, 0xc090) (fail_nth: 8)

219.587214ms ago: executing program 3 (id=1482):
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
ioctl$FE_SET_PROPERTY(r0, 0x40106f52, &(0x7f00000001c0)={0x3b, &(0x7f0000000140)=[{0x19, '\x00', @st={0x4, [{0x0, @uvalue=0x1}, {0x0, @uvalue=0xfffffffffffffffd}, {0x3}, {0x0, @svalue=0xd83a}]}}]})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="86eb01001800000003db00000000180000001800000004000000020000000000000c02000000000000000000000d000000000000"], 0x0, 0x34}, 0x20)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={&(0x7f00000006c0)="2512eee06b1290d51c73c3cef2a6f2859bd1ed4a09096221f9a231b08d7003691ce862b30ce597499a0c096f9640e980b43e9f1c80d67c9bde07653dd0e6809d6b9f0413ff6dd7436f3f4b043e1d773478417d5da167515d9b166d415e02a13f613a88c92251fb98c82261292578ce5eaa2d658780589a6f555b9b8dddd9a17ccafc2dc16d5aa337c58e39b4ccec443ded6543e3b45983ae95b8019e793848a912ef49a712d6a8d0e7c7f55aec9dd966d67144eea7355249a1be2d7014225790b522eb6c099b7e1ef2914e55f23ee28ecc1c5e50f6a571f4df179b760b6a00cca746dd41d475a0a1991f5b", &(0x7f0000000280)="a077d1ba7e2c28fe2adf0000e8000000000020000000814f3ef137b17408f3efc9698782b7254a041d869aabcb3832361bce6e8ff5419a011899681fc13fd0af12cb502fb4631b586503e500"/91}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x77359400}, {0x0, 0x9}}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000b00)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)='%pB    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r3, <r4=>0xffffffffffffffff}, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="5000000009060102000000000000000003000000090002007b797a31000000000500010007000000280007fb018008000140ffffffff0c00148008004deb0140ac1414190c0002800800014064010101"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5758661d46}, 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000200)={0x0, 0xfc, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000007060108000000000000000000005f000500010006"], 0x1c}}, 0x0)
recvmmsg(r7, 0x0, 0x0, 0x20, 0x0)
close_range(r6, r7, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r8, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
r9 = userfaultfd(0x801)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r10 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117})
io_uring_register$IORING_REGISTER_BUFFERS(r10, 0x0, &(0x7f0000000640)=[{0x0}], 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff02"], 0x0}, 0x94)
io_uring_register$IORING_REGISTER_FILES(r10, 0x1e, &(0x7f0000000000)=[r10], 0x1)

98.949832ms ago: executing program 3 (id=1483):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x40)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller0\x00', @broadcast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001740)=@newqdisc={0x434, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x1, 0x9, 0x8000, 0x3, 0x5, 0x5, 0xb762, 0x6, 0x7, 0x8, 0xf, 0x2, 0x80000001, 0x400, 0x7fc, 0xffff8000, 0x6, 0x401, 0x9, 0xb89, 0xffffe4f5, 0xd6, 0x4, 0x847, 0x7, 0x0, 0x2, 0x101, 0x1, 0xfffffffc, 0x4, 0x1, 0x1, 0x9, 0xc, 0x20001000, 0x4, 0x2, 0x7, 0x4, 0x99, 0x9, 0x5, 0x6, 0x7, 0xfffffff7, 0x1, 0x2, 0x9, 0x9, 0x44, 0x8, 0x8, 0x1, 0x4, 0x7ff, 0x8, 0x7, 0x80000001, 0x400, 0x8, 0xfffffa72, 0xcd, 0xffffff80, 0x80000000, 0xc, 0x4, 0x65, 0x91, 0x659, 0x9, 0xf, 0x9, 0xc28, 0x9, 0x7, 0x3, 0x401, 0x3, 0x2, 0xfffffffa, 0x1, 0x10001, 0x3, 0x1, 0x4, 0x8, 0x8, 0x7, 0x1, 0x1, 0x1, 0x7, 0x40, 0x7, 0x12, 0x8000, 0x1, 0x4dc, 0x80, 0x3, 0x7fffffff, 0xff, 0x9, 0xa7, 0xf, 0x2, 0x0, 0x3, 0x1000, 0x4, 0x401, 0x7, 0x80000000, 0xffff, 0x6, 0x5, 0x4, 0xffffffff, 0x80000000, 0x1966f9ab, 0x200, 0x20200, 0xed5, 0xfffffc00, 0x6, 0x4, 0x8, 0x485e, 0xa85, 0x80000040, 0x2, 0x7, 0x7, 0x102, 0x2d5421e8, 0x7, 0x10000, 0xffffffff, 0x6, 0x3ff, 0xf04, 0x0, 0x2, 0x5, 0xfffffc00, 0x5, 0x8d, 0x4, 0x401, 0x4, 0x9, 0x3, 0xfffffffb, 0x1, 0x0, 0x0, 0x2, 0x5, 0x8, 0x3, 0x0, 0x800, 0x2, 0x8, 0x7ff, 0x1, 0x9, 0x6, 0x5, 0x5, 0x4d15, 0x1ff, 0xfffff060, 0x3, 0x469, 0x3, 0x0, 0x200, 0x10000005, 0x7, 0x1, 0x8, 0x42ba, 0x4, 0x9, 0x3, 0x8, 0x8, 0x53, 0x6, 0x4, 0x400, 0x8000, 0x0, 0x2c310b18, 0xfff, 0x0, 0x3, 0xcd34, 0x9, 0x81, 0xdf3, 0x2, 0x7, 0x8, 0xfff, 0x1ff, 0x8000, 0x3, 0x8, 0x3, 0x9, 0x9a6, 0xe4cb, 0x402, 0x1, 0x1ff, 0x3e, 0x9b4, 0x1, 0x8, 0x0, 0x8, 0x0, 0x9, 0x0, 0x4, 0x10, 0x901, 0x5, 0x2, 0x7b, 0xfffffeff, 0x6, 0x6, 0xc, 0x1000, 0x9, 0x9, 0xe6, 0xab, 0x400, 0x7fffffff, 0xed, 0x7ff, 0xd83, 0x68, 0x80000001, 0x4, 0x1, 0x6, 0x200, 0x2]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40098}, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r7, &(0x7f0000000200)="2478546ca4fa3b0bfe4ddf30cc5a", 0xe, 0x4000050, &(0x7f00000001c0)={0x11, 0xf7, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14)
syz_usb_connect(0x3, 0x61, 0x0, 0x0)
close(0x3)

97.920656ms ago: executing program 1 (id=1484):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04", 0x13}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000008d"], 0x0, 0x26}, 0x20)
r0 = socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
write$selinux_attr(r1, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
r2 = memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\x03\x00l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\xea\xe8\x015\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz\xc213\x9b\x87\xd5\x99\r\xa2P\x03\x1cl\x0f\xcb)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af', 0x0)
syz_clone3(&(0x7f00000001c0)={0x100001200, &(0x7f0000000040), 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0}, 0x58)
execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)

0s ago: executing program 1 (id=1485):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x9})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0xff, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0x12, 0x5, 0xcc}, {0x804, 0x2, 0x1, 0x45, 0x7, 0x0, 0x2, 0xff, 0x0, 0x4, 0x1, 0x7f, 0x20c}, {0x0, 0x3, 0x38, 0x3, 0x84, 0x7, 0x3, 0x50, 0x8, 0x1, 0x4, 0x9, 0x24ab}], 0xffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r1, 0x4068aea3, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0xd4, 0x8, 0x61, 0x4, 0x1, 0x2004c8, 0x0, 0x0, 0x36ae, 0x5, 0x5, 0x3, 0x400000000, 0x6, 0xf73c], 0x80a0000})
ioctl$KVM_RUN(r2, 0xae80, 0xf800)

0s ago: executing program 0 (id=1486):
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0xfffffffd)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r1], 0x3c}}, 0x10)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCDELRT(r4, 0x890c, &(0x7f00000001c0)={0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bpq0, 0x2, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x0, 0x0, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]})

kernel console output (not intermixed with test programs):

bae8
[  179.127621][ T9471]  </TASK>
[  179.291498][   T40] audit: type=1400 audit(1776440523.990:392): avc:  denied  { write } for  pid=9473 comm="syz.2.1126" name="event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  179.292844][ T9474] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1126'.
[  179.298850][   T40] audit: type=1400 audit(1776440523.990:393): avc:  denied  { open } for  pid=9473 comm="syz.2.1126" path="/dev/input/event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  179.299137][   T40] audit: type=1400 audit(1776440523.990:394): avc:  denied  { ioctl } for  pid=9473 comm="syz.2.1126" path="/dev/input/event0" dev="devtmpfs" ino=941 ioctlcmd=0x4584 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  179.328787][   T40] audit: type=1400 audit(1776440524.020:395): avc:  denied  { setattr } for  pid=9473 comm="syz.2.1126" name="ROSE" dev="sockfs" ino=23210 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  179.339043][   T40] audit: type=1400 audit(1776440524.020:396): avc:  denied  { write } for  pid=9473 comm="syz.2.1126" path="socket:[23210]" dev="sockfs" ino=23210 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  179.359706][ T3255] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  179.370331][   T40] audit: type=1400 audit(1776440524.070:397): avc:  denied  { create } for  pid=9481 comm="syz.3.1128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  179.529007][ T3255] usb 5-1: Using ep0 maxpacket: 8
[  179.532495][ T3255] usb 5-1: config 0 has no interfaces?
[  179.534323][ T3255] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  179.537324][ T3255] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.561101][ T3255] usb 5-1: config 0 descriptor??
[  179.624009][ T9498] syzkaller0: entered promiscuous mode
[  179.625823][ T9498] syzkaller0: entered allmulticast mode
[  179.771409][   T54] usb 5-1: USB disconnect, device number 8
[  179.837799][ T9500] syzkaller0: entered promiscuous mode
[  179.840500][ T9500] syzkaller0: entered allmulticast mode
[  180.161727][ T9513] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1141'.
[  180.171279][ T9513] FAULT_INJECTION: forcing a failure.
[  180.171279][ T9513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  180.179010][ T9513] CPU: 1 UID: 0 PID: 9513 Comm: syz.1.1141 Not tainted syzkaller #0 PREEMPT(full) 
[  180.179041][ T9513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  180.179054][ T9513] Call Trace:
[  180.179062][ T9513]  <TASK>
[  180.179070][ T9513]  dump_stack_lvl+0x100/0x190
[  180.179100][ T9513]  should_fail_ex.cold+0x5/0xa
[  180.179129][ T9513]  _copy_from_iter+0x1f4/0x1690
[  180.179151][ T9513]  ? __asan_memset+0x23/0x50
[  180.179174][ T9513]  ? __pfx__copy_from_iter+0x10/0x10
[  180.179197][ T9513]  ? __pfx___alloc_skb+0x10/0x10
[  180.179227][ T9513]  netlink_sendmsg+0x808/0xda0
[  180.179261][ T9513]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.179288][ T9513]  ? __might_fault+0x60/0x140
[  180.179320][ T9513]  ____sys_sendmsg+0x9e1/0xb70
[  180.179344][ T9513]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.179373][ T9513]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.179410][ T9513]  ___sys_sendmsg+0x190/0x1e0
[  180.179429][ T9513]  ? __pfx____sys_sendmsg+0x10/0x10
[  180.179475][ T9513]  __sys_sendmsg+0x170/0x220
[  180.179499][ T9513]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.179533][ T9513]  ? rcu_is_watching+0x12/0xc0
[  180.179562][ T9513]  do_syscall_64+0x10b/0xf80
[  180.179584][ T9513]  ? clear_bhb_loop+0x40/0x90
[  180.179606][ T9513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.179625][ T9513] RIP: 0033:0x7f0e5379c819
[  180.179641][ T9513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  180.179658][ T9513] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.179678][ T9513] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  180.179689][ T9513] RDX: 000000000000c8c4 RSI: 0000200000000000 RDI: 0000000000000003
[  180.179700][ T9513] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  180.179727][ T9513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  180.179737][ T9513] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  180.179761][ T9513]  </TASK>
[  180.248500][ T9516] netlink: 'syz.2.1142': attribute type 29 has an invalid length.
[  180.285237][ T9518] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9518 comm=syz.1.1143
[  180.285495][ T9516] netlink: 'syz.2.1142': attribute type 29 has an invalid length.
[  180.309892][ T9518] ip6gre2: entered promiscuous mode
[  180.312341][ T9518] ip6gre2: entered allmulticast mode
[  180.326768][ T9518] binder: 9517:9518 unknown command 0
[  180.329419][ T9518] binder: 9517:9518 ioctl c0306201 200000000080 returned -22
[  180.336278][ T9518] binder: 9517:9518 ioctl 5319 0 returned -22
[  180.394068][ T9524] syzkaller0: entered promiscuous mode
[  180.395864][ T9524] syzkaller0: entered allmulticast mode
[  180.415755][ T9528] syzkaller0: entered promiscuous mode
[  180.417602][ T9528] syzkaller0: entered allmulticast mode
[  180.535134][ T9537] random: crng reseeded on system resumption
[  180.552064][ T9537] Restarting kernel threads ...
[  180.556138][ T9537] Done restarting kernel threads.
[  180.802553][ T9559] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1157'.
[  180.861419][ T9565] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  180.946516][ T9569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1160'.
[  180.954380][ T9569] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1160'.
[  180.958668][ T9569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1160'.
[  181.018477][ T9572] syzkaller0: entered promiscuous mode
[  181.020473][ T9572] syzkaller0: entered allmulticast mode
[  181.044756][ T9575] syzkaller0: entered promiscuous mode
[  181.047423][ T9575] syzkaller0: entered allmulticast mode
[  182.085883][ T9596] Bluetooth: MGMT ver 1.23
[  182.145343][ T9601] syzkaller0: entered promiscuous mode
[  182.147187][ T9601] syzkaller0: entered allmulticast mode
[  182.203224][ T9603] syzkaller0: entered promiscuous mode
[  182.205711][ T9603] syzkaller0: entered allmulticast mode
[  182.299503][ T9607] kvm: Disabled LAPIC found during irq injection
[  182.350898][ T9612] syzkaller0: entered promiscuous mode
[  182.353245][ T9612] syzkaller0: entered allmulticast mode
[  182.499792][ T9618] netlink: 'syz.3.1179': attribute type 64 has an invalid length.
[  183.952847][ T9626] syzkaller0: entered promiscuous mode
[  183.954643][ T9626] syzkaller0: entered allmulticast mode
[  184.125915][ T9648] FAULT_INJECTION: forcing a failure.
[  184.125915][ T9648] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  184.131799][ T9648] CPU: 2 UID: 0 PID: 9648 Comm: syz.2.1184 Not tainted syzkaller #0 PREEMPT(full) 
[  184.131816][ T9648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  184.131823][ T9648] Call Trace:
[  184.131827][ T9648]  <TASK>
[  184.131832][ T9648]  dump_stack_lvl+0x100/0x190
[  184.131850][ T9648]  should_fail_ex.cold+0x5/0xa
[  184.131869][ T9648]  _copy_from_iter+0x1f4/0x1690
[  184.131897][ T9648]  ? __asan_memset+0x23/0x50
[  184.131920][ T9648]  ? __pfx__copy_from_iter+0x10/0x10
[  184.131931][ T9648]  ? __pfx___alloc_skb+0x10/0x10
[  184.131951][ T9648]  netlink_sendmsg+0x808/0xda0
[  184.131972][ T9648]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.131990][ T9648]  ? __might_fault+0x60/0x140
[  184.132010][ T9648]  ____sys_sendmsg+0x9e1/0xb70
[  184.132027][ T9648]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.132046][ T9648]  ? __pfx_____sys_sendmsg+0x10/0x10
[  184.132071][ T9648]  ___sys_sendmsg+0x190/0x1e0
[  184.132085][ T9648]  ? __pfx____sys_sendmsg+0x10/0x10
[  184.132112][ T9648]  __sys_sendmsg+0x170/0x220
[  184.132127][ T9648]  ? __pfx___sys_sendmsg+0x10/0x10
[  184.132147][ T9648]  ? rcu_is_watching+0x12/0xc0
[  184.132168][ T9648]  do_syscall_64+0x10b/0xf80
[  184.132182][ T9648]  ? clear_bhb_loop+0x40/0x90
[  184.132197][ T9648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.132209][ T9648] RIP: 0033:0x7f6016f9c819
[  184.132219][ T9648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  184.132231][ T9648] RSP: 002b:00007f6017e9d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.132243][ T9648] RAX: ffffffffffffffda RBX: 00007f6017215fa0 RCX: 00007f6016f9c819
[  184.132250][ T9648] RDX: 000000000000c090 RSI: 0000200000002a40 RDI: 0000000000000004
[  184.132256][ T9648] RBP: 00007f6017e9d090 R08: 0000000000000000 R09: 0000000000000000
[  184.132263][ T9648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.132269][ T9648] R13: 00007f6017216038 R14: 00007f6017215fa0 R15: 00007ffd81866098
[  184.132283][ T9648]  </TASK>
[  185.554928][ T9668] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1186'.
[  185.570848][   T29] e1000 0000:00:06.0 eth0: Reset adapter
[  185.599441][ T9671] dlm: no locking on control device
[  185.608394][ T9673] FAULT_INJECTION: forcing a failure.
[  185.608394][ T9673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  185.614775][ T9673] CPU: 3 UID: 0 PID: 9673 Comm: syz.1.1187 Not tainted syzkaller #0 PREEMPT(full) 
[  185.614791][ T9673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  185.614798][ T9673] Call Trace:
[  185.614802][ T9673]  <TASK>
[  185.614806][ T9673]  dump_stack_lvl+0x100/0x190
[  185.614824][ T9673]  should_fail_ex.cold+0x5/0xa
[  185.614842][ T9673]  _copy_from_user+0x2e/0xd0
[  185.614862][ T9673]  copy_msghdr_from_user+0x9f/0x4f0
[  185.614873][ T9673]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  185.614890][ T9673]  ___sys_sendmsg+0x106/0x1e0
[  185.614901][ T9673]  ? __pfx____sys_sendmsg+0x10/0x10
[  185.614945][ T9673]  __sys_sendmsg+0x170/0x220
[  185.614962][ T9673]  ? __pfx___sys_sendmsg+0x10/0x10
[  185.614985][ T9673]  ? rcu_is_watching+0x12/0xc0
[  185.615004][ T9673]  do_syscall_64+0x10b/0xf80
[  185.615016][ T9673]  ? clear_bhb_loop+0x40/0x90
[  185.615030][ T9673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.615042][ T9673] RIP: 0033:0x7f0e5379c819
[  185.615052][ T9673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  185.615062][ T9673] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  185.615074][ T9673] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  185.615081][ T9673] RDX: 000000000000c090 RSI: 0000200000002a40 RDI: 0000000000000004
[  185.615087][ T9673] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  185.615093][ T9673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  185.615099][ T9673] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  185.615113][ T9673]  </TASK>
[  185.688423][ T9682] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9682 comm=syz.2.1191
[  185.702594][ T9682] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1191'.
[  187.730024][   T29] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[  199.525468][ T9720] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'.
[  199.533209][ T9719] syzkaller0: entered promiscuous mode
[  199.535615][ T9719] syzkaller0: entered allmulticast mode
[  199.577699][ T9726] syzkaller0: entered promiscuous mode
[  199.579842][ T9726] syzkaller0: entered allmulticast mode
[  199.825242][ T9742] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1204'.
[  199.882963][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  199.882980][   T40] audit: type=1400 audit(1776440544.580:405): avc:  denied  { create } for  pid=9746 comm="syz.1.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  199.892217][   T40] audit: type=1400 audit(1776440544.580:406): avc:  denied  { write } for  pid=9746 comm="syz.1.1206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  199.932078][ T9749] FAULT_INJECTION: forcing a failure.
[  199.932078][ T9749] name failslab, interval 1, probability 0, space 0, times 0
[  199.937171][ T9749] CPU: 3 UID: 0 PID: 9749 Comm: syz.1.1207 Not tainted syzkaller #0 PREEMPT(full) 
[  199.937188][ T9749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.937196][ T9749] Call Trace:
[  199.937201][ T9749]  <TASK>
[  199.937207][ T9749]  dump_stack_lvl+0x100/0x190
[  199.937225][ T9749]  should_fail_ex.cold+0x5/0xa
[  199.937244][ T9749]  ? tomoyo_realpath_from_path+0xb6/0x690
[  199.937264][ T9749]  should_failslab+0xc2/0x120
[  199.937284][ T9749]  __kmalloc_noprof+0xe0/0x850
[  199.937318][ T9749]  ? kfree+0x1dd/0x6c0
[  199.937335][ T9749]  tomoyo_realpath_from_path+0xb6/0x690
[  199.937371][ T9749]  tomoyo_path_number_perm+0x23c/0x580
[  199.937386][ T9749]  ? tomoyo_path_number_perm+0x22e/0x580
[  199.937403][ T9749]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  199.937433][ T9749]  ? find_held_lock+0x2b/0x80
[  199.937452][ T9749]  ? __fget_files+0x215/0x3d0
[  199.937463][ T9749]  ? hook_file_ioctl_common+0x149/0x410
[  199.937475][ T9749]  ? __fget_files+0x215/0x3d0
[  199.937489][ T9749]  ? __fget_files+0x21f/0x3d0
[  199.937502][ T9749]  security_file_ioctl+0xd3/0x230
[  199.937520][ T9749]  __x64_sys_ioctl+0xb7/0x210
[  199.937539][ T9749]  do_syscall_64+0x10b/0xf80
[  199.937553][ T9749]  ? clear_bhb_loop+0x40/0x90
[  199.937567][ T9749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.937579][ T9749] RIP: 0033:0x7f0e5379c819
[  199.937591][ T9749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.937602][ T9749] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.937614][ T9749] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  199.937621][ T9749] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  199.937628][ T9749] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  199.937634][ T9749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  199.937641][ T9749] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  199.937656][ T9749]  </TASK>
[  199.937957][ T9749] ERROR: Out of memory at tomoyo_realpath_from_path.
[  199.979000][   T29] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  199.982752][ T9750] syzkaller0: entered promiscuous mode
[  200.016062][ T9752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1208'.
[  200.039210][ T9750] syzkaller0: entered allmulticast mode
[  200.065482][   T40] audit: type=1400 audit(1776440544.760:407): avc:  denied  { read } for  pid=9753 comm="syz.3.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  200.119218][ T9757] syzkaller0: entered promiscuous mode
[  200.121069][ T9757] syzkaller0: entered allmulticast mode
[  200.130912][   T29] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  200.134927][ T1425] ieee802154 phy0 wpan0: encryption failed: -22
[  200.137488][ T1425] ieee802154 phy1 wpan1: encryption failed: -22
[  200.147046][   T29] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  200.151868][   T29] usb 5-1: config 0 interface 0 has no altsetting 0
[  200.157618][   T29] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  200.161518][   T29] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  200.164732][   T29] usb 5-1: Product: syz
[  200.166696][   T29] usb 5-1: Manufacturer: syz
[  200.168334][   T29] usb 5-1: SerialNumber: syz
[  200.174992][   T29] usb 5-1: config 0 descriptor??
[  200.178452][   T29] hub 5-1:0.0: bad descriptor, ignoring hub
[  200.181465][   T29] hub 5-1:0.0: probe with driver hub failed with error -5
[  200.185947][   T29] usb 5-1: selecting invalid altsetting 0
[  200.303934][ T9765] syzkaller0: entered promiscuous mode
[  200.310625][ T9765] syzkaller0: entered allmulticast mode
[  200.365468][ T9769] syzkaller0: entered promiscuous mode
[  200.367411][ T9769] syzkaller0: entered allmulticast mode
[  200.504062][   T40] audit: type=1400 audit(1776440545.200:408): avc:  denied  { read } for  pid=9773 comm="syz.2.1217" name="event0" dev="devtmpfs" ino=941 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  200.522309][   T40] audit: type=1400 audit(1776440545.220:409): avc:  denied  { create } for  pid=9773 comm="syz.2.1217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  200.606103][ T9784] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1220'.
[  200.646427][ T9784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1220'.
[  200.692097][ T9787] syzkaller0: entered promiscuous mode
[  200.694547][ T9787] syzkaller0: entered allmulticast mode
[  200.799134][ T3255] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  200.829096][  T836] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  200.961390][ T3255] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  200.965000][ T3255] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  200.969160][ T3255] usb 8-1: config 0 interface 0 has no altsetting 0
[  200.974370][ T3255] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  200.978000][ T3255] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  200.980728][  T836] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  200.981362][ T3255] usb 8-1: Product: syz
[  200.985366][  T836] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  200.986590][ T3255] usb 8-1: Manufacturer: syz
[  200.990956][  T836] usb 6-1: config 0 interface 0 has no altsetting 0
[  200.992366][ T3255] usb 8-1: SerialNumber: syz
[  200.997131][  T836] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  201.000825][  T836] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  201.001390][ T3255] usb 8-1: config 0 descriptor??
[  201.004615][  T836] usb 6-1: Product: syz
[  201.008356][  T836] usb 6-1: Manufacturer: syz
[  201.010218][  T836] usb 6-1: SerialNumber: syz
[  201.010841][ T3255] hub 8-1:0.0: bad descriptor, ignoring hub
[  201.013853][  T836] usb 6-1: config 0 descriptor??
[  201.014946][ T3255] hub 8-1:0.0: probe with driver hub failed with error -5
[  201.019071][  T836] hub 6-1:0.0: bad descriptor, ignoring hub
[  201.022294][ T3255] usb 8-1: selecting invalid altsetting 0
[  201.024945][  T836] hub 6-1:0.0: probe with driver hub failed with error -5
[  201.061331][  T836] usb 6-1: selecting invalid altsetting 0
[  201.080400][ T9731] usb 5-1: reset high-speed USB device number 9 using dummy_hcd
[  201.091486][ T9731] usb 5-1: device reset changed ep0 maxpacket size!
[  201.096434][   T39] usb 5-1: USB disconnect, device number 9
[  201.228071][ T9795] syzkaller0: entered promiscuous mode
[  201.231576][ T9795] syzkaller0: entered allmulticast mode
[  201.319469][  T846] usb 8-1: USB disconnect, device number 7
[  201.329235][  T836] usb 6-1: USB disconnect, device number 9
[  201.379080][   T39] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  201.539030][   T39] usb 5-1: Using ep0 maxpacket: 8
[  201.543351][   T39] usb 5-1: config 0 has no interfaces?
[  201.545701][   T39] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  201.549859][   T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.564803][   T39] usb 5-1: config 0 descriptor??
[  201.671404][   T10] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  201.752928][  T836] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  201.843940][   T10] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  201.856784][   T10] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  201.861061][   T10] usb 8-1: config 0 interface 0 has no altsetting 0
[  201.866572][   T10] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  201.870551][   T10] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  201.873941][   T10] usb 8-1: Product: syz
[  201.875735][   T10] usb 8-1: Manufacturer: syz
[  201.877790][   T10] usb 8-1: SerialNumber: syz
[  201.883247][   T10] usb 8-1: config 0 descriptor??
[  201.896358][   T10] hub 8-1:0.0: bad descriptor, ignoring hub
[  201.899508][   T10] hub 8-1:0.0: probe with driver hub failed with error -5
[  201.907974][   T10] usb 8-1: selecting invalid altsetting 0
[  201.911398][  T836] usb 6-1: config index 0 descriptor too short (expected 39, got 27)
[  201.916330][  T836] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  201.926251][  T836] usb 6-1: config 0 interface 0 has no altsetting 0
[  201.938276][  T836] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  201.949030][  T836] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  201.955244][  T836] usb 6-1: Product: syz
[  201.956960][  T836] usb 6-1: Manufacturer: syz
[  201.961343][  T836] usb 6-1: SerialNumber: syz
[  201.991159][  T836] usb 6-1: config 0 descriptor??
[  202.026414][  T836] hub 6-1:0.0: bad descriptor, ignoring hub
[  202.029734][  T836] hub 6-1:0.0: probe with driver hub failed with error -5
[  202.035692][  T836] usb 6-1: selecting invalid altsetting 0
[  202.190257][ T6032] usb 8-1: USB disconnect, device number 8
[  202.329254][   T10] usb 6-1: USB disconnect, device number 10
[  203.170621][ T9808] syzkaller0: entered promiscuous mode
[  203.175054][ T9808] syzkaller0: entered allmulticast mode
[  203.231311][ T9822] sp0: Synchronizing with TNC
[  203.252042][ T9822] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1229'.
[  203.307714][ T9826] syzkaller0: entered promiscuous mode
[  203.311812][ T9826] syzkaller0: entered allmulticast mode
[  203.353991][ T9828] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1231'.
[  203.434839][   T40] audit: type=1400 audit(1776440548.130:410): avc:  denied  { ioctl } for  pid=9832 comm="syz.3.1233" path="socket:[26849]" dev="sockfs" ino=26849 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  203.465832][ T9833] FAULT_INJECTION: forcing a failure.
[  203.465832][ T9833] name failslab, interval 1, probability 0, space 0, times 0
[  203.471857][ T9833] CPU: 3 UID: 0 PID: 9833 Comm: syz.1.1234 Not tainted syzkaller #0 PREEMPT(full) 
[  203.471882][ T9833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  203.471892][ T9833] Call Trace:
[  203.471898][ T9833]  <TASK>
[  203.471904][ T9833]  dump_stack_lvl+0x100/0x190
[  203.471930][ T9833]  should_fail_ex.cold+0x5/0xa
[  203.471955][ T9833]  should_failslab+0xc2/0x120
[  203.471982][ T9833]  __kmalloc_cache_noprof+0x7a/0x6f0
[  203.471999][ T9833]  ? netdevice_event+0x308/0x9a0
[  203.472018][ T9833]  netdevice_event+0x308/0x9a0
[  203.472034][ T9833]  ? __pfx_netdevice_event+0x10/0x10
[  203.472051][ T9833]  ? __pfx_del_netdev_ips+0x10/0x10
[  203.472074][ T9833]  ? __pfx_pass_all_filter+0x10/0x10
[  203.472108][ T9833]  ? lockdep_rtnl_is_held+0x26/0x40
[  203.472125][ T9833]  notifier_call_chain+0x99/0x400
[  203.472150][ T9833]  call_netdevice_notifiers_info+0xbe/0x110
[  203.472175][ T9833]  unregister_netdevice_many_notify+0x118f/0x24f0
[  203.472205][ T9833]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  203.472229][ T9833]  ? unregister_netdevice_queue+0x22e/0x3c0
[  203.472253][ T9833]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  203.472279][ T9833]  rtnl_dellink+0x472/0xb40
[  203.472299][ T9833]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  203.472322][ T9833]  ? kasan_save_free_info+0x3b/0x70
[  203.472342][ T9833]  ? __kasan_slab_free+0x5f/0x80
[  203.472366][ T9833]  ? kmem_cache_free+0x127/0x6c0
[  203.472386][ T9833]  ? __pfx_rtnl_dellink+0x10/0x10
[  203.472405][ T9833]  ? dev_hard_start_xmit+0x128/0x7a0
[  203.472532][ T9833]  ? __dev_queue_xmit+0x1baa/0x4950
[  203.472549][ T9833]  ? netlink_deliver_tap+0xa4d/0xcc0
[  203.472574][ T9833]  ? ____sys_sendmsg+0x9e1/0xb70
[  203.472599][ T9833]  ? ___sys_sendmsg+0x190/0x1e0
[  203.472658][ T9833]  ? __lock_acquire+0x4a5/0x2630
[  203.472692][ T9833]  ? find_held_lock+0x2b/0x80
[  203.472717][ T9833]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  203.472739][ T9833]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  203.472762][ T9833]  ? __pfx_rtnl_dellink+0x10/0x10
[  203.472783][ T9833]  rtnetlink_rcv_msg+0x95e/0xe90
[  203.472808][ T9833]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  203.472843][ T9833]  ? ref_tracker_free+0x37e/0x6c0
[  203.472867][ T9833]  netlink_rcv_skb+0x159/0x420
[  203.472895][ T9833]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  203.472919][ T9833]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  203.472952][ T9833]  ? netlink_deliver_tap+0x1ae/0xcc0
[  203.472983][ T9833]  netlink_unicast+0x585/0x850
[  203.473013][ T9833]  ? __pfx_netlink_unicast+0x10/0x10
[  203.473047][ T9833]  netlink_sendmsg+0x8b0/0xda0
[  203.473078][ T9833]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.473103][ T9833]  ? __might_fault+0x60/0x140
[  203.473135][ T9833]  ____sys_sendmsg+0x9e1/0xb70
[  203.473160][ T9833]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.473188][ T9833]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.473227][ T9833]  ___sys_sendmsg+0x190/0x1e0
[  203.473246][ T9833]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.473294][ T9833]  __sys_sendmsg+0x170/0x220
[  203.473317][ T9833]  ? __pfx___sys_sendmsg+0x10/0x10
[  203.473347][ T9833]  ? rcu_is_watching+0x12/0xc0
[  203.473376][ T9833]  do_syscall_64+0x10b/0xf80
[  203.473397][ T9833]  ? clear_bhb_loop+0x40/0x90
[  203.473419][ T9833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.473439][ T9833] RIP: 0033:0x7f0e5379c819
[  203.473455][ T9833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  203.473470][ T9833] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  203.473487][ T9833] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  203.473499][ T9833] RDX: 0000000000004000 RSI: 0000200000000240 RDI: 0000000000000005
[  203.473509][ T9833] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  203.473520][ T9833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.473530][ T9833] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  203.473556][ T9833]  </TASK>
[  203.645103][ T9838] capability: warning: `syz.2.1236' uses 32-bit capabilities (legacy support in use)
[  203.674432][ T9838] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1236'.
[  203.709124][ T3255] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  203.849752][ T9843] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1238'.
[  203.853766][ T9843] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1238'.
[  203.856903][ T9843] FAULT_INJECTION: forcing a failure.
[  203.856903][ T9843] name failslab, interval 1, probability 0, space 0, times 0
[  203.861173][ T9843] CPU: 0 UID: 0 PID: 9843 Comm: syz.2.1238 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  203.861192][ T9843] Tainted: [L]=SOFTLOCKUP
[  203.861196][ T9843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  203.861204][ T9843] Call Trace:
[  203.861209][ T9843]  <TASK>
[  203.861214][ T9843]  dump_stack_lvl+0x100/0x190
[  203.861232][ T9843]  should_fail_ex.cold+0x5/0xa
[  203.861251][ T9843]  should_failslab+0xc2/0x120
[  203.861269][ T9843]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  203.861286][ T9843]  ? __alloc_skb+0x140/0x710
[  203.861299][ T9843]  ? __alloc_skb+0x5b7/0x710
[  203.861309][ T3255] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  203.861314][ T9843]  __alloc_skb+0x140/0x710
[  203.861326][ T9843]  ? __alloc_skb+0x5b7/0x710
[  203.861339][ T9843]  ? __pfx___alloc_skb+0x10/0x10
[  203.861355][ T9843]  netlink_ack+0x117/0xb80
[  203.861373][ T9843]  ? __lock_acquire+0x4a5/0x2630
[  203.861390][ T9843]  netlink_rcv_skb+0x333/0x420
[  203.861408][ T9843]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  203.861424][ T9843]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  203.861446][ T9843]  ? netlink_deliver_tap+0x1ae/0xcc0
[  203.861465][ T9843]  netlink_unicast+0x585/0x850
[  203.861485][ T9843]  ? __pfx_netlink_unicast+0x10/0x10
[  203.861506][ T9843]  netlink_sendmsg+0x8b0/0xda0
[  203.861526][ T9843]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.861542][ T9843]  ? __might_fault+0x60/0x140
[  203.861562][ T9843]  ____sys_sendmsg+0x9e1/0xb70
[  203.861579][ T9843]  ? __pfx_netlink_sendmsg+0x10/0x10
[  203.861597][ T9843]  ? __pfx_____sys_sendmsg+0x10/0x10
[  203.861620][ T9843]  ___sys_sendmsg+0x190/0x1e0
[  203.861632][ T9843]  ? __pfx____sys_sendmsg+0x10/0x10
[  203.861658][ T9843]  __sys_sendmsg+0x170/0x220
[  203.861673][ T9843]  ? __pfx___sys_sendmsg+0x10/0x10
[  203.861691][ T9843]  ? fput+0x79/0x100
[  203.861704][ T9843]  ? rcu_is_watching+0x12/0xc0
[  203.861722][ T9843]  do_syscall_64+0x10b/0xf80
[  203.861737][ T9843]  ? clear_bhb_loop+0x40/0x90
[  203.861750][ T9843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.861762][ T9843] RIP: 0033:0x7f6016f9c819
[  203.861773][ T9843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  203.861783][ T9843] RSP: 002b:00007f6017e9d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  203.861794][ T9843] RAX: ffffffffffffffda RBX: 00007f6017215fa0 RCX: 00007f6016f9c819
[  203.861801][ T9843] RDX: 000000000000c8c4 RSI: 0000200000000000 RDI: 0000000000000003
[  203.861808][ T9843] RBP: 00007f6017e9d090 R08: 0000000000000000 R09: 0000000000000000
[  203.861814][ T9843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  203.861820][ T9843] R13: 00007f6017216038 R14: 00007f6017215fa0 R15: 00007ffd81866098
[  203.861834][ T9843]  </TASK>
[  203.899700][ T9845] syzkaller0: entered promiscuous mode
[  203.901256][ T3255] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  203.901885][ T9845] syzkaller0: entered allmulticast mode
[  203.904927][ T3255] usb 8-1: config 0 interface 0 has no altsetting 0
[  203.923159][ T6001] usb 5-1: USB disconnect, device number 10
[  203.927024][ T3255] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  203.992449][ T3255] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  203.992475][ T3255] usb 8-1: Product: syz
[  203.992490][ T3255] usb 8-1: Manufacturer: syz
[  204.000745][ T3255] usb 8-1: SerialNumber: syz
[  204.011173][ T3255] usb 8-1: config 0 descriptor??
[  204.017542][ T3255] hub 8-1:0.0: bad descriptor, ignoring hub
[  204.020427][ T3255] hub 8-1:0.0: probe with driver hub failed with error -5
[  204.025944][ T3255] usb 8-1: selecting invalid altsetting 0
[  204.028151][ T9847] syzkaller0: entered promiscuous mode
[  204.032544][ T9847] syzkaller0: entered allmulticast mode
[  204.344082][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.348019][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.351300][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.354729][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.358184][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.362963][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.366897][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.370463][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.373762][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.376276][   T10] hid-generic 0005:00B6:0009.0003: unknown main item tag 0x0
[  204.418387][   T29] hid (null): unknown global tag 0xc
[  204.421192][   T29] hid (null): unknown global tag 0xe
[  204.423781][   T10] hid-generic 0005:00B6:0009.0003: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1
[  204.428541][ T9874] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  204.432174][   T29] hid (null): global environment stack underflow
[  204.436530][   T29] hid (null): unknown global tag 0xd
[  204.445534][   T29] hid (null): report_id 22799 is invalid
[  204.447316][   T29] hid (null): invalid report_count 28148
[  204.450085][   T29] hid (null): unknown global tag 0xd
[  204.451867][   T29] hid (null): unknown global tag 0xc
[  204.453758][   T29] hid (null): unknown global tag 0xc
[  204.455758][   T29] hid (null): invalid report_count -89235797
[  204.458165][   T29] hid (null): unknown global tag 0x81
[  204.460590][   T29] hid (null): unknown global tag 0xef
[  204.462511][   T29] hid (null): unknown global tag 0xa9
[  204.469117][   T29] hid (null): unknown global tag 0xd
[  204.470901][   T29] hid (null): invalid report_count -1747831108
[  204.470952][   T29] hid (null): invalid report_count 1626180357
[  204.470969][   T29] hid (null): global environment stack underflow
[  204.471579][   T29] hid (null): report_id 909 is invalid
[  204.471596][   T29] hid (null): unknown global tag 0xe
[  204.471626][   T29] hid (null): unknown global tag 0xd
[  204.471640][   T29] hid (null): invalid report_count -1680587001
[  204.471674][   T29] hid (null): report_id 1119088470 is invalid
[  204.471683][   T29] hid (null): unknown global tag 0xc
[  204.471692][   T29] hid (null): report_id 0 is invalid
[  204.471720][   T29] hid (null): invalid report_size 31155
[  204.471751][   T29] hid (null): invalid report_count 21817
[  204.478153][ T9875] fido_id[9875]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  204.478577][   T29] hid-generic 0003:7F3D:0001.0004: unknown global tag 0xc
[  204.494851][ T9878] syzkaller0: entered promiscuous mode
[  204.498496][   T29] hid-generic 0003:7F3D:0001.0004: item 0 1 1 12 parsing failed
[  204.502436][ T9878] syzkaller0: entered allmulticast mode
[  204.505212][   T29] hid-generic 0003:7F3D:0001.0004: probe with driver hid-generic failed with error -22
[  204.628304][ T9884] syzkaller0: entered promiscuous mode
[  204.630667][ T9884] syzkaller0: entered allmulticast mode
[  204.651673][ T9882] kvm: Disabled LAPIC found during irq injection
[  204.652940][ T9886] trusted_key: encrypted_key: keyword 'lo<¨aZcryptfs' not recognized
[  204.707609][ T9890] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  204.764855][ T9894] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11444 sclass=netlink_route_socket pid=9894 comm=syz.2.1256
[  204.770831][ T9895] syzkaller0: entered promiscuous mode
[  204.770859][ T9895] syzkaller0: entered allmulticast mode
[  204.855583][ T9894] kernel read not supported for file /policy (pid: 9894 comm: syz.2.1256)
[  204.856277][   T40] audit: type=1400 audit(1776440549.550:411): avc:  denied  { module_load } for  pid=9893 comm="syz.2.1256" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1
[  204.862106][ T9894] kvm: Disabled LAPIC found during irq injection
[  204.949049][ T9836] usb 8-1: reset high-speed USB device number 9 using dummy_hcd
[  204.976023][ T9897] FAULT_INJECTION: forcing a failure.
[  204.976023][ T9897] name failslab, interval 1, probability 0, space 0, times 0
[  204.981243][ T9897] CPU: 0 UID: 0 PID: 9897 Comm: syz.1.1258 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  204.981264][ T9897] Tainted: [L]=SOFTLOCKUP
[  204.981268][ T9897] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  204.981276][ T9897] Call Trace:
[  204.981281][ T9897]  <TASK>
[  204.981285][ T9897]  dump_stack_lvl+0x100/0x190
[  204.981305][ T9897]  should_fail_ex.cold+0x5/0xa
[  204.981325][ T9897]  should_failslab+0xc2/0x120
[  204.981345][ T9897]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  204.981363][ T9897]  ? mas_preallocate+0x1105/0x14a0
[  204.981384][ T9897]  mas_preallocate+0x1105/0x14a0
[  204.981404][ T9897]  ? __pfx_mas_preallocate+0x10/0x10
[  204.981426][ T9897]  ? anon_vma_name+0x5a/0x250
[  204.981443][ T9897]  __split_vma+0x33d/0xd90
[  204.981461][ T9897]  ? __pfx___split_vma+0x10/0x10
[  204.981485][ T9897]  vma_modify+0x1cf4/0x25c0
[  204.981507][ T9897]  ? __pfx_vma_modify+0x10/0x10
[  204.981521][ T9897]  ? bpf_ksym_find+0x128/0x1c0
[  204.981620][ T9897]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  204.981642][ T9897]  ? is_bpf_text_address+0x94/0x1a0
[  204.981658][ T9897]  ? kernel_text_address+0x8d/0x100
[  204.981674][ T9897]  ? __kernel_text_address+0xd/0x30
[  204.981694][ T9897]  vma_modify_flags+0x257/0x3d0
[  204.981712][ T9897]  ? __pfx_vma_modify_flags+0x10/0x10
[  204.981727][ T9897]  ? _parse_integer_limit+0x17f/0x1d0
[  204.981757][ T9897]  mlock_fixup+0x46e/0xb10
[  204.981776][ T9897]  ? __pfx_mlock_fixup+0x10/0x10
[  204.981800][ T9897]  apply_vma_lock_flags+0x256/0x370
[  204.981816][ T9897]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  204.981831][ T9897]  ? __pfx___might_resched+0x10/0x10
[  204.981851][ T9897]  ? __pfx_down_write_killable+0x10/0x10
[  204.981871][ T9897]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  204.981894][ T9897]  ? kernel_write+0x643/0x6c0
[  204.981920][ T9897]  do_mlock+0x261/0x7f0
[  204.981941][ T9897]  ? __fget_files+0x21f/0x3d0
[  204.981957][ T9897]  ? __pfx_do_mlock+0x10/0x10
[  204.981979][ T9897]  ? fput+0x79/0x100
[  204.981993][ T9897]  ? ksys_write+0x1ac/0x250
[  204.982009][ T9897]  ? __pfx_ksys_write+0x10/0x10
[  204.982029][ T9897]  __x64_sys_mlock+0x59/0x80
[  204.982044][ T9897]  do_syscall_64+0x10b/0xf80
[  204.982056][ T9897]  ? clear_bhb_loop+0x40/0x90
[  204.982070][ T9897]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  204.982082][ T9897] RIP: 0033:0x7f0e5379c819
[  204.982106][ T9897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  204.982118][ T9897] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  204.982132][ T9897] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  204.982139][ T9897] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00002000007d8000
[  204.982146][ T9897] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  204.982152][ T9897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  204.982159][ T9897] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  204.982173][ T9897]  </TASK>
[  205.122788][ T9904] syzkaller0: entered promiscuous mode
[  205.124651][ T9904] syzkaller0: entered allmulticast mode
[  205.149746][ T9904] pim6reg9: entered allmulticast mode
[  205.341668][ T9920] __nla_validate_parse: 1 callbacks suppressed
[  205.341683][ T9920] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1264'.
[  205.374442][   T40] audit: type=1400 audit(1776440550.070:412): avc:  denied  { append } for  pid=9921 comm="syz.1.1265" name="pmem0" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  205.399295][ T9924] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1264'.
[  205.462003][ T9836] usb 8-1: failed to restore interface 0 altsetting 251 (error=-71)
[  205.467490][   T54] usb 8-1: USB disconnect, device number 9
[  205.562663][ T9930] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) !
[  205.584326][ T9930] syzkaller0: entered promiscuous mode
[  205.586842][ T9930] syzkaller0: entered allmulticast mode
[  205.593782][ T9930] netlink: 'syz.1.1267': attribute type 1 has an invalid length.
[  205.607462][ T9931] process 'syz.2.1266' launched './file0' with NULL argv: empty string added
[  205.855012][ T9937] syzkaller0: entered promiscuous mode
[  205.857361][ T9937] syzkaller0: entered allmulticast mode
[  205.921203][   T40] audit: type=1400 audit(1776440550.620:413): avc:  denied  { create } for  pid=9934 comm="syz.1.1268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  205.921613][ T9935] FAULT_INJECTION: forcing a failure.
[  205.921613][ T9935] name failslab, interval 1, probability 0, space 0, times 0
[  205.932368][ T9935] CPU: 3 UID: 0 PID: 9935 Comm: syz.1.1268 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  205.932388][ T9935] Tainted: [L]=SOFTLOCKUP
[  205.932392][ T9935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  205.932399][ T9935] Call Trace:
[  205.932404][ T9935]  <TASK>
[  205.932410][ T9935]  dump_stack_lvl+0x100/0x190
[  205.932429][ T9935]  should_fail_ex.cold+0x5/0xa
[  205.932448][ T9935]  ? tomoyo_encode2+0xfb/0x3c0
[  205.932466][ T9935]  should_failslab+0xc2/0x120
[  205.932485][ T9935]  __kmalloc_noprof+0xe0/0x850
[  205.932533][ T9935]  tomoyo_encode2+0xfb/0x3c0
[  205.932558][ T9935]  tomoyo_encode+0x29/0x50
[  205.932575][ T9935]  tomoyo_realpath_from_path+0x18c/0x690
[  205.932596][ T9935]  tomoyo_path_number_perm+0x23c/0x580
[  205.932611][ T9935]  ? tomoyo_path_number_perm+0x22e/0x580
[  205.932627][ T9935]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  205.932656][ T9935]  ? find_held_lock+0x2b/0x80
[  205.932674][ T9935]  ? __fget_files+0x215/0x3d0
[  205.932686][ T9935]  ? hook_file_ioctl_common+0x149/0x410
[  205.932698][ T9935]  ? __fget_files+0x215/0x3d0
[  205.932711][ T9935]  ? __fget_files+0x21f/0x3d0
[  205.932724][ T9935]  security_file_ioctl+0xd3/0x230
[  205.932741][ T9935]  __x64_sys_ioctl+0xb7/0x210
[  205.932760][ T9935]  do_syscall_64+0x10b/0xf80
[  205.932773][ T9935]  ? clear_bhb_loop+0x40/0x90
[  205.932788][ T9935]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.932800][ T9935] RIP: 0033:0x7f0e5379c819
[  205.932811][ T9935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  205.932826][ T9935] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  205.932839][ T9935] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  205.932846][ T9935] RDX: 00002000000000c0 RSI: 000000000000890c RDI: 0000000000000004
[  205.932853][ T9935] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  205.932942][ T9935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  205.932948][ T9935] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  205.932963][ T9935]  </TASK>
[  205.932986][ T9935] ERROR: Out of memory at tomoyo_realpath_from_path.
[  206.042533][ T9944] FAULT_INJECTION: forcing a failure.
[  206.042533][ T9944] name failslab, interval 1, probability 0, space 0, times 0
[  206.048994][ T9944] CPU: 2 UID: 0 PID: 9944 Comm: syz.3.1272 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  206.049024][ T9944] Tainted: [L]=SOFTLOCKUP
[  206.049031][ T9944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  206.049041][ T9944] Call Trace:
[  206.049047][ T9944]  <TASK>
[  206.049053][ T9944]  dump_stack_lvl+0x100/0x190
[  206.049081][ T9944]  should_fail_ex.cold+0x5/0xa
[  206.049106][ T9944]  should_failslab+0xc2/0x120
[  206.049134][ T9944]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  206.049163][ T9944]  ? security_inode_alloc+0x3b/0x2c0
[  206.049186][ T9944]  ? lockdep_init_map_type+0x5c/0x250
[  206.049210][ T9944]  security_inode_alloc+0x3b/0x2c0
[  206.049233][ T9944]  inode_init_always_gfp+0xcc0/0x1000
[  206.049257][ T9944]  alloc_inode+0x8e/0x250
[  206.049280][ T9944]  new_inode+0x22/0x1c0
[  206.049306][ T9944]  __debugfs_create_file+0x105/0x4f0
[  206.049454][ T9944]  debugfs_create_file_full+0x41/0x60
[  206.049479][ T9944]  ref_tracker_dir_debugfs+0x19e/0x2e0
[  206.049501][ T9944]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  206.049542][ T9944]  ? __kvmalloc_node_noprof+0x37b/0xa00
[  206.049564][ T9944]  ? alloc_netdev_mqs+0xd7/0x14f0
[  206.049603][ T9944]  ? lockdep_init_map_type+0x5c/0x250
[  206.049630][ T9944]  ? __pfx_ipgre_tunnel_setup+0x10/0x10
[  206.049665][ T9944]  alloc_netdev_mqs+0x314/0x14f0
[  206.049696][ T9944]  rtnl_create_link+0xc13/0xf80
[  206.049723][ T9944]  rtnl_newlink+0x13bd/0x2380
[  206.049756][ T9944]  ? __pfx_rtnl_newlink+0x10/0x10
[  206.049776][ T9944]  ? find_held_lock+0x2b/0x80
[  206.049802][ T9944]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  206.049820][ T9944]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  206.049844][ T9944]  ? avc_has_perm_noaudit+0x145/0x3b0
[  206.049886][ T9944]  ? find_held_lock+0x2b/0x80
[  206.049911][ T9944]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  206.049934][ T9944]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  206.049958][ T9944]  ? __pfx_rtnl_newlink+0x10/0x10
[  206.049981][ T9944]  rtnetlink_rcv_msg+0x95e/0xe90
[  206.050007][ T9944]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  206.050037][ T9944]  ? ref_tracker_free+0x37e/0x6c0
[  206.050061][ T9944]  netlink_rcv_skb+0x159/0x420
[  206.050088][ T9944]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  206.050113][ T9944]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  206.050155][ T9944]  ? netlink_deliver_tap+0x1ae/0xcc0
[  206.050186][ T9944]  netlink_unicast+0x585/0x850
[  206.050217][ T9944]  ? __pfx_netlink_unicast+0x10/0x10
[  206.050252][ T9944]  netlink_sendmsg+0x8b0/0xda0
[  206.050285][ T9944]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.050309][ T9944]  ? __might_fault+0x60/0x140
[  206.050343][ T9944]  ____sys_sendmsg+0x9e1/0xb70
[  206.050368][ T9944]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.050397][ T9944]  ? __pfx_____sys_sendmsg+0x10/0x10
[  206.050435][ T9944]  ___sys_sendmsg+0x190/0x1e0
[  206.050455][ T9944]  ? __pfx____sys_sendmsg+0x10/0x10
[  206.050504][ T9944]  __sys_sendmsg+0x170/0x220
[  206.050528][ T9944]  ? __pfx___sys_sendmsg+0x10/0x10
[  206.050563][ T9944]  ? rcu_is_watching+0x12/0xc0
[  206.050592][ T9944]  do_syscall_64+0x10b/0xf80
[  206.050611][ T9944]  ? clear_bhb_loop+0x40/0x90
[  206.050632][ T9944]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.050649][ T9944] RIP: 0033:0x7f65bcd9c819
[  206.050664][ T9944] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  206.050679][ T9944] RSP: 002b:00007f65bdc1c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.050698][ T9944] RAX: ffffffffffffffda RBX: 00007f65bd015fa0 RCX: 00007f65bcd9c819
[  206.050709][ T9944] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: 0000000000000003
[  206.050719][ T9944] RBP: 00007f65bdc1c090 R08: 0000000000000000 R09: 0000000000000000
[  206.050729][ T9944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  206.050738][ T9944] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  206.050764][ T9944]  </TASK>
[  206.050981][ T9944] debugfs: out of free dentries, can not create file 'netdev@ffff88802f24a620'
[  206.221120][ T9944] gre1: entered promiscuous mode
[  206.298737][ T9949] syzkaller0: entered promiscuous mode
[  206.300760][ T9949] syzkaller0: entered allmulticast mode
[  206.356928][   T40] audit: type=1400 audit(1776440551.050:414): avc:  denied  { getopt } for  pid=9956 comm="syz.0.1277" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  206.448468][ T9965] syzkaller0: entered promiscuous mode
[  206.451105][ T9965] syzkaller0: entered allmulticast mode
[  206.504761][   T40] audit: type=1400 audit(1776440551.200:415): avc:  denied  { write } for  pid=9970 comm="syz.3.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  206.534046][   T40] audit: type=1400 audit(1776440551.230:416): avc:  denied  { ioctl } for  pid=9968 comm="syz.2.1280" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9379 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  206.705010][ T9976] FAULT_INJECTION: forcing a failure.
[  206.705010][ T9976] name failslab, interval 1, probability 0, space 0, times 0
[  206.711941][ T9976] CPU: 0 UID: 0 PID: 9976 Comm: syz.0.1283 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  206.711969][ T9976] Tainted: [L]=SOFTLOCKUP
[  206.711974][ T9976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  206.711984][ T9976] Call Trace:
[  206.711990][ T9976]  <TASK>
[  206.711997][ T9976]  dump_stack_lvl+0x100/0x190
[  206.712021][ T9976]  should_fail_ex.cold+0x5/0xa
[  206.712045][ T9976]  should_failslab+0xc2/0x120
[  206.712077][ T9976]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  206.712099][ T9976]  ? __alloc_skb+0x140/0x710
[  206.712116][ T9976]  ? __alloc_skb+0x5b7/0x710
[  206.712137][ T9976]  __alloc_skb+0x140/0x710
[  206.712154][ T9976]  ? __alloc_skb+0x5b7/0x710
[  206.712171][ T9976]  ? __pfx___alloc_skb+0x10/0x10
[  206.712195][ T9976]  netlink_alloc_large_skb+0x69/0x150
[  206.712222][ T9976]  netlink_sendmsg+0x680/0xda0
[  206.712249][ T9976]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.712271][ T9976]  ? __might_fault+0x60/0x140
[  206.712299][ T9976]  ____sys_sendmsg+0x9e1/0xb70
[  206.712322][ T9976]  ? __pfx_netlink_sendmsg+0x10/0x10
[  206.712347][ T9976]  ? __pfx_____sys_sendmsg+0x10/0x10
[  206.712381][ T9976]  ___sys_sendmsg+0x190/0x1e0
[  206.712398][ T9976]  ? __pfx____sys_sendmsg+0x10/0x10
[  206.712442][ T9976]  __sys_sendmsg+0x170/0x220
[  206.712463][ T9976]  ? __pfx___sys_sendmsg+0x10/0x10
[  206.712526][ T9976]  ? rcu_is_watching+0x12/0xc0
[  206.712555][ T9976]  do_syscall_64+0x10b/0xf80
[  206.712573][ T9976]  ? clear_bhb_loop+0x40/0x90
[  206.712594][ T9976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  206.712610][ T9976] RIP: 0033:0x7f9095d9c819
[  206.712625][ T9976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  206.712640][ T9976] RSP: 002b:00007f9096ca3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  206.712657][ T9976] RAX: ffffffffffffffda RBX: 00007f9096015fa0 RCX: 00007f9095d9c819
[  206.712668][ T9976] RDX: 000000000000c090 RSI: 0000200000002a40 RDI: 0000000000000004
[  206.712678][ T9976] RBP: 00007f9096ca3090 R08: 0000000000000000 R09: 0000000000000000
[  206.712687][ T9976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  206.712695][ T9976] R13: 00007f9096016038 R14: 00007f9096015fa0 R15: 00007fffda36e908
[  206.712718][ T9976]  </TASK>
[  206.777907][ T9984] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1286'.
[  206.832111][ T9987] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1287'.
[  206.860610][ T9986] syzkaller0: entered promiscuous mode
[  206.863498][ T9986] syzkaller0: entered allmulticast mode
[  206.892126][ T9984] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1286'.
[  206.918762][ T9984] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1286'.
[  206.963106][   T40] audit: type=1400 audit(1776440551.660:417): avc:  denied  { mount } for  pid=9991 comm="syz.3.1289" name="/" dev="autofs" ino=25519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  207.104317][T10003] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1291'.
[  207.163288][T10005] syzkaller0: entered promiscuous mode
[  207.165281][T10005] syzkaller0: entered allmulticast mode
[  207.281991][T10009] FAULT_INJECTION: forcing a failure.
[  207.281991][T10009] name failslab, interval 1, probability 0, space 0, times 0
[  207.288274][T10009] CPU: 3 UID: 0 PID: 10009 Comm: syz.3.1294 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  207.288303][T10009] Tainted: [L]=SOFTLOCKUP
[  207.288309][T10009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  207.288320][T10009] Call Trace:
[  207.288327][T10009]  <TASK>
[  207.288334][T10009]  dump_stack_lvl+0x100/0x190
[  207.288362][T10009]  should_fail_ex.cold+0x5/0xa
[  207.288390][T10009]  ? tomoyo_encode2+0xfb/0x3c0
[  207.288417][T10009]  should_failslab+0xc2/0x120
[  207.288447][T10009]  __kmalloc_noprof+0xe0/0x850
[  207.288475][T10009]  tomoyo_encode2+0xfb/0x3c0
[  207.288526][T10009]  tomoyo_encode+0x29/0x50
[  207.288550][T10009]  tomoyo_realpath_from_path+0x18c/0x690
[  207.288579][T10009]  tomoyo_path_number_perm+0x23c/0x580
[  207.288601][T10009]  ? tomoyo_path_number_perm+0x22e/0x580
[  207.288625][T10009]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  207.288669][T10009]  ? find_held_lock+0x2b/0x80
[  207.288696][T10009]  ? __fget_files+0x215/0x3d0
[  207.288712][T10009]  ? hook_file_ioctl_common+0x149/0x410
[  207.288730][T10009]  ? __fget_files+0x215/0x3d0
[  207.288750][T10009]  ? __fget_files+0x21f/0x3d0
[  207.288771][T10009]  security_file_ioctl+0xd3/0x230
[  207.288796][T10009]  __x64_sys_ioctl+0xb7/0x210
[  207.288823][T10009]  do_syscall_64+0x10b/0xf80
[  207.288843][T10009]  ? clear_bhb_loop+0x40/0x90
[  207.288872][T10009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.288904][T10009] RIP: 0033:0x7f65bcd9c819
[  207.288921][T10009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  207.288936][T10009] RSP: 002b:00007f65bdc1c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  207.288953][T10009] RAX: ffffffffffffffda RBX: 00007f65bd015fa0 RCX: 00007f65bcd9c819
[  207.288964][T10009] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  207.288974][T10009] RBP: 00007f65bdc1c090 R08: 0000000000000000 R09: 0000000000000000
[  207.288983][T10009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.288993][T10009] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  207.289017][T10009]  </TASK>
[  207.365744][T10009] ERROR: Out of memory at tomoyo_realpath_from_path.
[  207.403120][T10013] netlink: 'syz.1.1295': attribute type 1 has an invalid length.
[  207.471489][T10016] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1297'.
[  207.492012][T10020] syzkaller0: entered promiscuous mode
[  207.499076][T10020] syzkaller0: entered allmulticast mode
[  207.514770][   T40] audit: type=1400 audit(1776440552.210:418): avc:  denied  { accept } for  pid=10015 comm="syz.1.1297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  207.531756][T10016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1297'.
[  207.651201][   T40] audit: type=1400 audit(1776440552.350:419): avc:  denied  { mount } for  pid=10027 comm="syz.0.1301" name="/" dev="hugetlbfs" ino=27158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  207.660236][   T40] audit: type=1400 audit(1776440552.350:420): avc:  denied  { remount } for  pid=10027 comm="syz.0.1301" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  207.670620][   T40] audit: type=1400 audit(1776440552.370:421): avc:  denied  { unmount } for  pid=5942 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  207.690185][T10030] FAULT_INJECTION: forcing a failure.
[  207.690185][T10030] name failslab, interval 1, probability 0, space 0, times 0
[  207.697525][T10030] CPU: 1 UID: 0 PID: 10030 Comm: syz.3.1302 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  207.697549][T10030] Tainted: [L]=SOFTLOCKUP
[  207.697553][T10030] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  207.697560][T10030] Call Trace:
[  207.697565][T10030]  <TASK>
[  207.697571][T10030]  dump_stack_lvl+0x100/0x190
[  207.697592][T10030]  should_fail_ex.cold+0x5/0xa
[  207.697612][T10030]  should_failslab+0xc2/0x120
[  207.697633][T10030]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  207.697651][T10030]  ? __alloc_skb+0x140/0x710
[  207.697666][T10030]  ? __alloc_skb+0x5b7/0x710
[  207.697682][T10030]  __alloc_skb+0x140/0x710
[  207.697696][T10030]  ? __alloc_skb+0x5b7/0x710
[  207.697710][T10030]  ? __pfx___alloc_skb+0x10/0x10
[  207.697729][T10030]  netlink_alloc_large_skb+0x69/0x150
[  207.697752][T10030]  netlink_sendmsg+0x680/0xda0
[  207.697775][T10030]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.697794][T10030]  ? __might_fault+0x60/0x140
[  207.697816][T10030]  ____sys_sendmsg+0x9e1/0xb70
[  207.697835][T10030]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.697856][T10030]  ? __pfx_____sys_sendmsg+0x10/0x10
[  207.697882][T10030]  ___sys_sendmsg+0x190/0x1e0
[  207.697898][T10030]  ? __pfx____sys_sendmsg+0x10/0x10
[  207.697927][T10030]  __sys_sendmsg+0x170/0x220
[  207.697944][T10030]  ? __pfx___sys_sendmsg+0x10/0x10
[  207.697967][T10030]  ? rcu_is_watching+0x12/0xc0
[  207.697988][T10030]  do_syscall_64+0x10b/0xf80
[  207.698002][T10030]  ? clear_bhb_loop+0x40/0x90
[  207.698017][T10030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.698030][T10030] RIP: 0033:0x7f65bcd9c819
[  207.698042][T10030] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  207.698055][T10030] RSP: 002b:00007f65bdc1c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  207.698068][T10030] RAX: ffffffffffffffda RBX: 00007f65bd015fa0 RCX: 00007f65bcd9c819
[  207.698075][T10030] RDX: 0000000000000040 RSI: 00002000000003c0 RDI: 0000000000000009
[  207.698083][T10030] RBP: 00007f65bdc1c090 R08: 0000000000000000 R09: 0000000000000000
[  207.698090][T10030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.698097][T10030] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  207.698112][T10030]  </TASK>
[  207.802931][T10035] MINIX-fs: unable to read superblock
[  207.805523][T10037] block nbd0: not configured, cannot reconfigure
[  209.646309][T10060] syzkaller0: entered promiscuous mode
[  209.648400][T10060] syzkaller0: entered allmulticast mode
[  209.701742][T10062] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1309'.
[  209.812219][T10072] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  209.817000][T10072] tipc: Started in network mode
[  209.820050][T10072] tipc: Node identity 4004, cluster identity 4711
[  209.822534][T10072] tipc: Node number set to 16388
[  209.869417][T10080] FAULT_INJECTION: forcing a failure.
[  209.869417][T10080] name failslab, interval 1, probability 0, space 0, times 0
[  209.874945][T10080] CPU: 3 UID: 0 PID: 10080 Comm: syz.3.1317 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  209.874969][T10080] Tainted: [L]=SOFTLOCKUP
[  209.874975][T10080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  209.874983][T10080] Call Trace:
[  209.874989][T10080]  <TASK>
[  209.874995][T10080]  dump_stack_lvl+0x100/0x190
[  209.875017][T10080]  should_fail_ex.cold+0x5/0xa
[  209.875038][T10080]  should_failslab+0xc2/0x120
[  209.875060][T10080]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  209.875079][T10080]  ? skb_clone+0x190/0x400
[  209.875100][T10080]  skb_clone+0x190/0x400
[  209.875118][T10080]  netlink_deliver_tap+0xaed/0xcc0
[  209.875142][T10080]  netlink_unicast+0x6a5/0x850
[  209.875166][T10080]  ? __pfx_netlink_unicast+0x10/0x10
[  209.875192][T10080]  netlink_ack+0x655/0xb80
[  209.875218][T10080]  netlink_rcv_skb+0x333/0x420
[  209.875239][T10080]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  209.875261][T10080]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  209.875294][T10080]  xfrm_netlink_rcv+0x71/0x90
[  209.875313][T10080]  netlink_unicast+0x585/0x850
[  209.875336][T10080]  ? __pfx_netlink_unicast+0x10/0x10
[  209.875365][T10080]  netlink_sendmsg+0x8b0/0xda0
[  209.875389][T10080]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.875409][T10080]  ? __might_fault+0x60/0x140
[  209.875433][T10080]  ____sys_sendmsg+0x9e1/0xb70
[  209.875453][T10080]  ? __pfx_netlink_sendmsg+0x10/0x10
[  209.875475][T10080]  ? __pfx_____sys_sendmsg+0x10/0x10
[  209.875504][T10080]  ___sys_sendmsg+0x190/0x1e0
[  209.875519][T10080]  ? __pfx____sys_sendmsg+0x10/0x10
[  209.875551][T10080]  __sys_sendmsg+0x170/0x220
[  209.875570][T10080]  ? __pfx___sys_sendmsg+0x10/0x10
[  209.875594][T10080]  ? rcu_is_watching+0x12/0xc0
[  209.875617][T10080]  do_syscall_64+0x10b/0xf80
[  209.875633][T10080]  ? clear_bhb_loop+0x40/0x90
[  209.875649][T10080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  209.875663][T10080] RIP: 0033:0x7f65bcd9c819
[  209.875675][T10080] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  209.875688][T10080] RSP: 002b:00007f65bdc1c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  209.875702][T10080] RAX: ffffffffffffffda RBX: 00007f65bd015fa0 RCX: 00007f65bcd9c819
[  209.875710][T10080] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000004
[  209.875718][T10080] RBP: 00007f65bdc1c090 R08: 0000000000000000 R09: 0000000000000000
[  209.875726][T10080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  209.875733][T10080] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  209.875750][T10080]  </TASK>
[  209.967308][T10090] netlink: 'syz.0.1318': attribute type 7 has an invalid length.
[  209.974381][T10090] netlink: 'syz.0.1318': attribute type 8 has an invalid length.
[  210.266683][T10095] ip6gre1: left promiscuous mode
[  210.269089][ T6001] usb 7-1: new low-speed USB device number 14 using dummy_hcd
[  210.283400][T10095] macvtap1: left promiscuous mode
[  210.289096][   T41] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.292264][   T41] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.295501][   T41] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.299070][   T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  210.373212][T10111] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[  210.511621][ T6001] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  210.515745][ T6001] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  210.519323][ T6001] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  210.522827][ T6001] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  210.525721][ T6001] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.556762][T10096] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  210.568148][ T6001] hub 7-1:1.0: bad descriptor, ignoring hub
[  210.575958][ T6001] hub 7-1:1.0: probe with driver hub failed with error -5
[  210.578775][ T6001] cdc_wdm 7-1:1.0: skipping garbage
[  210.580910][ T6001] cdc_wdm 7-1:1.0: skipping garbage
[  210.587938][T10118] __nla_validate_parse: 4 callbacks suppressed
[  210.588001][T10118] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1327'.
[  210.592119][ T6001] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  210.595029][ T6001] cdc_wdm 7-1:1.0: Unknown control protocol
[  210.648414][T10122] FAULT_INJECTION: forcing a failure.
[  210.648414][T10122] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  210.653404][T10122] CPU: 0 UID: 0 PID: 10122 Comm: syz.1.1329 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  210.653424][T10122] Tainted: [L]=SOFTLOCKUP
[  210.653427][T10122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  210.653499][T10122] Call Trace:
[  210.653559][T10122]  <TASK>
[  210.653565][T10122]  dump_stack_lvl+0x100/0x190
[  210.653657][T10122]  should_fail_ex.cold+0x5/0xa
[  210.653776][T10122]  copy_fpstate_to_sigframe+0x842/0xb00
[  210.653845][T10122]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  210.653928][T10122]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  210.653947][T10122]  ? posixtimer_deliver_signal+0x3c3/0x690
[  210.654014][T10122]  ? x86_task_fpu+0x5f/0x90
[  210.654037][T10122]  get_sigframe+0x3fb/0x940
[  210.654058][T10122]  ? __pfx_get_sigframe+0x10/0x10
[  210.654076][T10122]  ? siginfo_layout+0x156/0x290
[  210.654146][T10122]  x64_setup_rt_frame+0x12f/0xce0
[  210.654166][T10122]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  210.654188][T10122]  arch_do_signal_or_restart+0x59e/0x7a0
[  210.654206][T10122]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  210.654229][T10122]  ? rcu_is_watching+0x12/0xc0
[  210.654305][T10122]  exit_to_user_mode_loop+0x86/0x4a0
[  210.654324][T10122]  ? do_syscall_64+0x52d/0xf80
[  210.654354][T10122]  do_syscall_64+0x706/0xf80
[  210.654369][T10122]  ? clear_bhb_loop+0x40/0x90
[  210.654388][T10122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.654403][T10122] RIP: 0033:0x7f0e5379c817
[  210.654416][T10122] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89
[  210.654430][T10122] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c7
[  210.654445][T10122] RAX: 00000000000000c7 RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  210.654454][T10122] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  210.654463][T10122] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  210.654472][T10122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  210.654480][T10122] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  210.654500][T10122]  </TASK>
[  210.773347][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  210.773429][   T40] audit: type=1400 audit(1776440555.470:424): avc:  denied  { read write } for  pid=10094 comm="syz.2.1322" name="cdc-wdm0" dev="devtmpfs" ino=3195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  210.787440][T10126] syzkaller0: entered promiscuous mode
[  210.787459][T10126] syzkaller0: entered allmulticast mode
[  210.799339][   T40] audit: type=1400 audit(1776440555.470:425): avc:  denied  { open } for  pid=10094 comm="syz.2.1322" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  210.869349][   T34] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  210.881185][   T40] audit: type=1400 audit(1776440555.580:426): avc:  granted  { setsecparam } for  pid=10130 comm="syz.0.1333" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  210.894080][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  210.896152][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  210.898599][    C3] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  210.901773][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  210.904623][    C3] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  210.947135][   T40] audit: type=1400 audit(1776440555.640:427): avc:  granted  { setsecparam } for  pid=10130 comm="syz.0.1333" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  210.955925][   T40] audit: type=1400 audit(1776440555.650:428): avc:  granted  { setsecparam } for  pid=10130 comm="syz.0.1333" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  211.012582][T10138] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1335'.
[  211.022191][   T34] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  211.025642][   T34] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  211.031862][   T34] usb 8-1: config 0 interface 0 has no altsetting 0
[  211.034201][T10138] netlink: 'syz.0.1335': attribute type 11 has an invalid length.
[  211.037735][   T34] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  211.042183][   T34] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  211.045752][   T34] usb 8-1: Product: syz
[  211.047887][   T34] usb 8-1: Manufacturer: syz
[  211.050742][   T34] usb 8-1: SerialNumber: syz
[  211.057241][   T34] usb 8-1: config 0 descriptor??
[  211.063481][   T34] hub 8-1:0.0: bad descriptor, ignoring hub
[  211.065880][   T34] hub 8-1:0.0: probe with driver hub failed with error -5
[  211.076814][   T34] usb 8-1: selecting invalid altsetting 0
[  211.163372][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.166199][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.168876][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.171612][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.174476][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.177561][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.180551][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.183311][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.186044][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.188791][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.191659][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.194670][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.197990][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.200952][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.203899][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  211.206611][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  211.214252][T10148] netlink: 'syz.1.1338': attribute type 1 has an invalid length.
[  211.262714][T10120] FAULT_INJECTION: forcing a failure.
[  211.262714][T10120] name failslab, interval 1, probability 0, space 0, times 0
[  211.268264][T10120] CPU: 0 UID: 0 PID: 10120 Comm: syz.3.1328 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  211.268293][T10120] Tainted: [L]=SOFTLOCKUP
[  211.268314][T10120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  211.268327][T10120] Call Trace:
[  211.268334][T10120]  <TASK>
[  211.268342][T10120]  dump_stack_lvl+0x100/0x190
[  211.268368][T10120]  should_fail_ex.cold+0x5/0xa
[  211.268394][T10120]  should_failslab+0xc2/0x120
[  211.268517][T10120]  __kmalloc_cache_noprof+0x7a/0x6f0
[  211.268596][T10120]  ? snd_card_file_add+0x52/0x330
[  211.268617][T10120]  ? __pfx_snd_pcm_playback_open+0x10/0x10
[  211.268639][T10120]  snd_card_file_add+0x52/0x330
[  211.268658][T10120]  ? __pfx_snd_pcm_playback_open+0x10/0x10
[  211.268679][T10120]  snd_pcm_open+0xf1/0x710
[  211.268703][T10120]  ? __pfx_snd_pcm_open+0x10/0x10
[  211.268734][T10120]  ? __pfx_snd_pcm_playback_open+0x10/0x10
[  211.268755][T10120]  snd_pcm_playback_open+0x86/0xe0
[  211.268775][T10120]  snd_open+0x201/0x450
[  211.268801][T10120]  ? __pfx_snd_open+0x10/0x10
[  211.268826][T10120]  chrdev_open+0x234/0x6a0
[  211.268911][T10120]  ? __pfx_chrdev_open+0x10/0x10
[  211.268930][T10120]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[  211.269019][T10120]  do_dentry_open+0x6d8/0x1660
[  211.269063][T10120]  ? __pfx_chrdev_open+0x10/0x10
[  211.269082][T10120]  vfs_open+0x82/0x3f0
[  211.269110][T10120]  path_openat+0x208c/0x31a0
[  211.269205][T10120]  ? __pfx_path_openat+0x10/0x10
[  211.269232][T10120]  do_file_open+0x20e/0x430
[  211.269253][T10120]  ? __pfx_do_file_open+0x10/0x10
[  211.269286][T10120]  ? alloc_fd+0x476/0x790
[  211.269310][T10120]  ? do_getname+0x191/0x390
[  211.269332][T10120]  do_sys_openat2+0x10d/0x1e0
[  211.269352][T10120]  ? __pfx_do_sys_openat2+0x10/0x10
[  211.269370][T10120]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  211.269394][T10120]  ? __fget_files+0x21f/0x3d0
[  211.269414][T10120]  __x64_sys_openat+0x12d/0x210
[  211.269435][T10120]  ? __pfx___x64_sys_openat+0x10/0x10
[  211.269454][T10120]  ? ksys_write+0x1ac/0x250
[  211.269481][T10120]  ? rcu_is_watching+0x12/0xc0
[  211.269509][T10120]  do_syscall_64+0x10b/0xf80
[  211.269527][T10120]  ? clear_bhb_loop+0x40/0x90
[  211.269549][T10120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.269567][T10120] RIP: 0033:0x7f65bcd5d04e
[  211.269584][T10120] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  211.269601][T10120] RSP: 002b:00007f65bdc1bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  211.269620][T10120] RAX: ffffffffffffffda RBX: 00007f65bdc1c6c0 RCX: 00007f65bcd5d04e
[  211.269631][T10120] RDX: 0000000000000000 RSI: 00007f65bdc1bc00 RDI: ffffffffffffff9c
[  211.269643][T10120] RBP: 00007f65bdc1bc00 R08: 0000000000000000 R09: 0000000000000000
[  211.269653][T10120] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  211.269663][T10120] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  211.269687][T10120]  </TASK>
[  211.419550][ T6018] usb 8-1: USB disconnect, device number 10
[  211.426249][T10155] syzkaller0: entered promiscuous mode
[  211.429082][T10155] syzkaller0: entered allmulticast mode
[  211.646449][T10157] syzkaller0: entered promiscuous mode
[  211.651358][T10157] syzkaller0: entered allmulticast mode
[  211.769673][T10097] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  211.931170][T10097] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  211.939024][T10097] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  211.943639][T10097] usb 8-1: config 0 interface 0 has no altsetting 0
[  211.950616][T10097] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  211.954403][T10097] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  211.957186][T10097] usb 8-1: Product: syz
[  211.958613][T10097] usb 8-1: Manufacturer: syz
[  211.960304][T10097] usb 8-1: SerialNumber: syz
[  211.964438][T10097] usb 8-1: config 0 descriptor??
[  211.969035][T10097] hub 8-1:0.0: bad descriptor, ignoring hub
[  211.971223][T10097] hub 8-1:0.0: probe with driver hub failed with error -5
[  211.975401][T10097] usb 8-1: selecting invalid altsetting 0
[  212.033244][T10168] gre1: entered promiscuous mode
[  212.279471][   T24] usb 8-1: USB disconnect, device number 11
[  212.306427][T10188] netdevsim netdevsim0 ªªªªªª: renamed from netdevsim0
[  212.353559][T10190] syzkaller0: entered promiscuous mode
[  212.356033][T10190] syzkaller0: entered allmulticast mode
[  212.406130][   T40] audit: type=1400 audit(1776440557.100:429): avc:  denied  { setattr } for  pid=10191 comm="syz.0.1352" name="/" dev="9p" ino=80478303 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  212.946637][T10206] SELinux:  Context system_u:object_r:passwd_exec_t:s0 is not valid (left unmapped).
[  212.951613][   T40] audit: type=1400 audit(1776440557.650:430): avc:  denied  { relabelto } for  pid=10203 comm="syz.1.1355" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:passwd_exec_t:s0"
[  212.960949][   T40] audit: type=1400 audit(1776440557.650:431): avc:  denied  { associate } for  pid=10203 comm="syz.1.1355" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 srawcon="system_u:object_r:passwd_exec_t:s0"
[  213.065422][T10215] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10215 comm=syz.3.1357
[  213.100444][   T34] usb 7-1: USB disconnect, device number 14
[  213.161971][T10220] syzkaller0: entered promiscuous mode
[  213.164304][T10220] syzkaller0: entered allmulticast mode
[  213.185285][   T40] audit: type=1400 audit(1776440557.880:432): avc:  denied  { write } for  pid=10219 comm="syz.2.1359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  213.219735][   T40] audit: type=1400 audit(1776440557.910:433): avc:  denied  { write } for  pid=10221 comm="syz.3.1360" path="socket:[30772]" dev="sockfs" ino=30772 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  213.281664][T10226] syzkaller0: entered promiscuous mode
[  213.283968][T10226] syzkaller0: entered allmulticast mode
[  213.346942][T10218] FAULT_INJECTION: forcing a failure.
[  213.346942][T10218] name failslab, interval 1, probability 0, space 0, times 0
[  213.352109][T10218] CPU: 0 UID: 0 PID: 10218 Comm: syz.1.1358 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  213.352131][T10218] Tainted: [L]=SOFTLOCKUP
[  213.352135][T10218] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  213.352143][T10218] Call Trace:
[  213.352147][T10218]  <TASK>
[  213.352153][T10218]  dump_stack_lvl+0x100/0x190
[  213.352174][T10218]  should_fail_ex.cold+0x5/0xa
[  213.352194][T10218]  should_failslab+0xc2/0x120
[  213.352215][T10218]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  213.352234][T10218]  ? mas_preallocate+0x1105/0x14a0
[  213.352263][T10218]  mas_preallocate+0x1105/0x14a0
[  213.352293][T10218]  ? __pfx_mas_preallocate+0x10/0x10
[  213.352324][T10218]  ? __asan_memset+0x23/0x50
[  213.352347][T10218]  ? init_multi_vma_prep+0x33c/0x650
[  213.352373][T10218]  commit_merge+0x3e3/0xbd0
[  213.352398][T10218]  ? __pfx_commit_merge+0x10/0x10
[  213.352428][T10218]  ? __pfx___vma_start_write+0x10/0x10
[  213.352450][T10218]  ? dup_anon_vma+0x74/0x2f0
[  213.352499][T10218]  vma_modify+0x10e2/0x25c0
[  213.352523][T10218]  ? __pfx_vma_modify+0x10/0x10
[  213.352542][T10218]  ? mod_memcg_lruvec_state+0x199/0x620
[  213.352567][T10218]  vma_modify_flags+0x257/0x3d0
[  213.352585][T10218]  ? __pfx_vma_modify_flags+0x10/0x10
[  213.352609][T10218]  ? mlock_drain_local+0x254/0x4e0
[  213.352632][T10218]  mlock_fixup+0x46e/0xb10
[  213.352651][T10218]  ? __pfx_mlock_fixup+0x10/0x10
[  213.352677][T10218]  apply_vma_lock_flags+0x256/0x370
[  213.352697][T10218]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[  213.352714][T10218]  ? __pfx___might_resched+0x10/0x10
[  213.352838][T10218]  ? __pfx_down_write_killable+0x10/0x10
[  213.352864][T10218]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  213.352880][T10218]  ? kernel_write+0x643/0x6c0
[  213.352902][T10218]  do_mlock+0x261/0x7f0
[  213.352920][T10218]  ? __fget_files+0x21f/0x3d0
[  213.352934][T10218]  ? __pfx_do_mlock+0x10/0x10
[  213.352952][T10218]  ? fput+0x79/0x100
[  213.352965][T10218]  ? ksys_write+0x1ac/0x250
[  213.352984][T10218]  ? __pfx_ksys_write+0x10/0x10
[  213.353008][T10218]  __x64_sys_mlock+0x59/0x80
[  213.353026][T10218]  do_syscall_64+0x10b/0xf80
[  213.353040][T10218]  ? clear_bhb_loop+0x40/0x90
[  213.353057][T10218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.353070][T10218] RIP: 0033:0x7f0e5379c819
[  213.353088][T10218] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  213.353101][T10218] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  213.353115][T10218] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  213.353123][T10218] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 00002000007d8000
[  213.353131][T10218] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  213.353138][T10218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.353145][T10218] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  213.353161][T10218]  </TASK>
[  213.620891][T10238] syzkaller0: entered promiscuous mode
[  213.623006][T10238] syzkaller0: entered allmulticast mode
[  213.713466][T10242] bridge1: entered promiscuous mode
[  213.715208][T10242] bridge1: entered allmulticast mode
[  213.778475][T10247] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1367'.
[  213.782605][T10247] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1367'.
[  213.865472][T10254] IPVS: wrr: FWM 3 0x00000003 - no destination available
[  213.918599][T10258] syzkaller0: entered promiscuous mode
[  213.921448][T10258] syzkaller0: entered allmulticast mode
[  214.179036][   T24] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  214.348999][   T24] usb 8-1: Using ep0 maxpacket: 8
[  214.352970][   T24] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  214.355817][   T24] usb 8-1: config 179 has no interface number 0
[  214.357986][   T24] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  214.361840][   T24] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  214.362246][T10265] 9pnet_virtio: no channels available for device syz
[  214.365723][   T24] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  214.373562][   T24] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  214.377396][   T24] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  214.379058][   T54] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  214.382194][   T24] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  214.387455][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.394342][T10260] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  214.563764][   T54] usb 7-1: config index 0 descriptor too short (expected 39, got 27)
[  214.570749][   T54] usb 7-1: config 0 interface 0 has no altsetting 0
[  214.591541][   T54] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  214.595334][   T54] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  214.598534][   T54] usb 7-1: Product: syz
[  214.601028][   T54] usb 7-1: Manufacturer: syz
[  214.603042][   T54] usb 7-1: SerialNumber: syz
[  214.611351][   T54] usb 7-1: config 0 descriptor??
[  214.616510][   T54] hub 7-1:0.0: bad descriptor, ignoring hub
[  214.622822][   T54] hub 7-1:0.0: probe with driver hub failed with error -5
[  214.636616][   T24] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:179.65/input/input6
[  214.637945][   T54] usb 7-1: selecting invalid altsetting 0
[  214.838541][T10097] usb 8-1: USB disconnect, device number 12
[  214.838627][    C2] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  214.838664][    C2] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  214.914401][T10267] FAULT_INJECTION: forcing a failure.
[  214.914401][T10267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.921799][T10267] CPU: 1 UID: 0 PID: 10267 Comm: syz.1.1375 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  214.921828][T10267] Tainted: [L]=SOFTLOCKUP
[  214.921834][T10267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  214.921846][T10267] Call Trace:
[  214.921852][T10267]  <TASK>
[  214.921859][T10267]  dump_stack_lvl+0x100/0x190
[  214.921885][T10267]  should_fail_ex.cold+0x5/0xa
[  214.921910][T10267]  _copy_from_user+0x2e/0xd0
[  214.922021][T10267]  rose_rt_ioctl+0xa80/0x2550
[  214.922047][T10267]  ? __pfx_rose_rt_ioctl+0x10/0x10
[  214.922071][T10267]  ? bpf_lsm_capable+0x9/0x10
[  214.922158][T10267]  ? security_capable+0x80/0x260
[  214.922298][T10267]  rose_ioctl+0x491/0x7d0
[  214.922320][T10267]  ? __pfx_rose_ioctl+0x10/0x10
[  214.922340][T10267]  ? tomoyo_path_number_perm+0x188/0x580
[  214.922372][T10267]  sock_do_ioctl+0x118/0x280
[  214.922400][T10267]  ? __pfx_sock_do_ioctl+0x10/0x10
[  214.922431][T10267]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  214.922456][T10267]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  214.922488][T10267]  sock_ioctl+0x599/0x6b0
[  214.922505][T10267]  ? __pfx_sock_ioctl+0x10/0x10
[  214.922520][T10267]  ? hook_file_ioctl_common+0x149/0x410
[  214.922601][T10267]  ? selinux_file_ioctl+0x13b/0x290
[  214.922623][T10267]  ? selinux_file_ioctl+0xb6/0x290
[  214.922649][T10267]  ? __pfx_sock_ioctl+0x10/0x10
[  214.922666][T10267]  __x64_sys_ioctl+0x18e/0x210
[  214.922689][T10267]  do_syscall_64+0x10b/0xf80
[  214.922706][T10267]  ? clear_bhb_loop+0x40/0x90
[  214.922726][T10267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  214.922743][T10267] RIP: 0033:0x7f0e5379c819
[  214.922758][T10267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  214.922774][T10267] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  214.922792][T10267] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  214.922803][T10267] RDX: 00002000000000c0 RSI: 000000000000890c RDI: 0000000000000004
[  214.922813][T10267] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  214.922823][T10267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  214.922834][T10267] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  214.922857][T10267]  </TASK>
[  214.929276][   T24] usb 7-1: USB disconnect, device number 15
[  214.996333][T10273] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1376'.
[  215.017986][T10273] FAULT_INJECTION: forcing a failure.
[  215.017986][T10273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  215.023682][T10273] CPU: 1 UID: 0 PID: 10273 Comm: syz.1.1376 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  215.023718][T10273] Tainted: [L]=SOFTLOCKUP
[  215.023725][T10273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  215.023738][T10273] Call Trace:
[  215.023746][T10273]  <TASK>
[  215.023755][T10273]  dump_stack_lvl+0x100/0x190
[  215.023787][T10273]  should_fail_ex.cold+0x5/0xa
[  215.023818][T10273]  _copy_to_user+0x32/0xd0
[  215.023854][T10273]  simple_read_from_buffer+0xcb/0x170
[  215.023891][T10273]  proc_fail_nth_read+0x1af/0x230
[  215.024014][T10273]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  215.024046][T10273]  ? rw_verify_area+0xce/0x6d0
[  215.024074][T10273]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  215.024104][T10273]  vfs_read+0x1e4/0xb30
[  215.024213][T10273]  ? __pfx_vfs_read+0x10/0x10
[  215.024244][T10273]  ? __fget_files+0x215/0x3d0
[  215.024271][T10273]  ? __fget_files+0x21f/0x3d0
[  215.024299][T10273]  ksys_read+0x12a/0x250
[  215.024327][T10273]  ? __pfx_ksys_read+0x10/0x10
[  215.024361][T10273]  ? rcu_is_watching+0x12/0xc0
[  215.024396][T10273]  do_syscall_64+0x10b/0xf80
[  215.024419][T10273]  ? clear_bhb_loop+0x40/0x90
[  215.024446][T10273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.024516][T10273] RIP: 0033:0x7f0e5375d04e
[  215.024535][T10273] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  215.024554][T10273] RSP: 002b:00007f0e545d9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  215.024575][T10273] RAX: ffffffffffffffda RBX: 00007f0e545da6c0 RCX: 00007f0e5375d04e
[  215.024589][T10273] RDX: 000000000000000f RSI: 00007f0e545da0a0 RDI: 0000000000000004
[  215.024601][T10273] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  215.024613][T10273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  215.024625][T10273] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  215.024655][T10273]  </TASK>
[  215.120982][T10275] kAFS: No cell specified
[  215.159167][   T54] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  215.159448][T10277] block nbd0: not configured, cannot reconfigure
[  215.299083][   T54] usb 5-1: device descriptor read/64, error -71
[  215.377887][T10283] FAULT_INJECTION: forcing a failure.
[  215.377887][T10283] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  215.385128][T10283] CPU: 2 UID: 0 PID: 10283 Comm: syz.3.1380 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  215.385157][T10283] Tainted: [L]=SOFTLOCKUP
[  215.385164][T10283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  215.385175][T10283] Call Trace:
[  215.385181][T10283]  <TASK>
[  215.385190][T10283]  dump_stack_lvl+0x100/0x190
[  215.385217][T10283]  should_fail_ex.cold+0x5/0xa
[  215.385242][T10283]  ? prepare_alloc_pages+0x16d/0x5f0
[  215.385265][T10283]  should_fail_alloc_page+0xeb/0x140
[  215.385305][T10283]  prepare_alloc_pages+0x1f0/0x5f0
[  215.385329][T10283]  ? arch_stack_walk+0xa6/0xf0
[  215.385365][T10283]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  215.385410][T10283]  ? stack_trace_save+0x8e/0xc0
[  215.385443][T10283]  ? __pfx_stack_trace_save+0x10/0x10
[  215.385473][T10283]  ? stack_depot_save_flags+0x27/0x9d0
[  215.385556][T10283]  ? find_held_lock+0x2b/0x80
[  215.385584][T10283]  ? xa_load+0x149/0x2c0
[  215.385610][T10283]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  215.385635][T10283]  ? kasan_save_stack+0x3f/0x50
[  215.385660][T10283]  ? kasan_save_stack+0x30/0x50
[  215.385683][T10283]  ? __kasan_slab_alloc+0x89/0x90
[  215.385708][T10283]  ? security_inode_alloc+0x3b/0x2c0
[  215.385732][T10283]  ? inode_init_always_gfp+0xcc0/0x1000
[  215.385751][T10283]  ? alloc_inode+0x8e/0x250
[  215.385773][T10283]  ? new_inode+0x22/0x1c0
[  215.385794][T10283]  ? __debugfs_create_file+0x105/0x4f0
[  215.385947][T10283]  ? debugfs_create_file_full+0x41/0x60
[  215.385967][T10283]  ? look_up_lock_class+0x55/0x120
[  215.385987][T10283]  ? alloc_netdev_mqs+0x314/0x14f0
[  215.386019][T10283]  ? ____sys_sendmsg+0x9e1/0xb70
[  215.386046][T10283]  ? ___sys_sendmsg+0x190/0x1e0
[  215.386062][T10283]  ? do_syscall_64+0x10b/0xf80
[  215.386085][T10283]  ? __lock_acquire+0x4a5/0x2630
[  215.386106][T10283]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  215.386182][T10283]  ? policy_nodemask+0xed/0x4f0
[  215.386215][T10283]  alloc_pages_mpol+0x1fb/0x540
[  215.386247][T10283]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  215.386274][T10283]  ? do_raw_spin_lock+0x128/0x260
[  215.386303][T10283]  ? find_held_lock+0x2b/0x80
[  215.386330][T10283]  ? inode_doinit_with_dentry+0x70b/0x1320
[  215.386362][T10283]  alloc_pages_noprof+0x1a/0x160
[  215.386383][T10283]  get_free_pages_noprof+0x10/0xb0
[  215.386411][T10283]  inode_doinit_with_dentry+0x788/0x1320
[  215.386440][T10283]  ? inode_set_ctime_current+0x283/0x870
[  215.386462][T10283]  ? __pfx_inode_doinit_with_dentry+0x10/0x10
[  215.386487][T10283]  ? __pfx_inode_set_ctime_current+0x10/0x10
[  215.386509][T10283]  ? new_inode+0x15a/0x1c0
[  215.386538][T10283]  selinux_d_instantiate+0x26/0x40
[  215.386565][T10283]  security_d_instantiate+0x14c/0x1b0
[  215.386586][T10283]  d_make_persistent+0x6a/0x190
[  215.386612][T10283]  __debugfs_create_file+0x25e/0x4f0
[  215.386640][T10283]  debugfs_create_file_full+0x41/0x60
[  215.386666][T10283]  ref_tracker_dir_debugfs+0x19e/0x2e0
[  215.386691][T10283]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  215.386731][T10283]  ? __kvmalloc_node_noprof+0x37b/0xa00
[  215.386755][T10283]  ? alloc_netdev_mqs+0xd7/0x14f0
[  215.386778][T10283]  ? lockdep_init_map_type+0x5c/0x250
[  215.386803][T10283]  ? __pfx_ipgre_tunnel_setup+0x10/0x10
[  215.386825][T10283]  alloc_netdev_mqs+0x314/0x14f0
[  215.386855][T10283]  rtnl_create_link+0xc13/0xf80
[  215.386885][T10283]  rtnl_newlink+0x13bd/0x2380
[  215.386919][T10283]  ? __pfx_rtnl_newlink+0x10/0x10
[  215.386941][T10283]  ? find_held_lock+0x2b/0x80
[  215.386967][T10283]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  215.386987][T10283]  ? avc_has_perm_noaudit+0x11e/0x3b0
[  215.387017][T10283]  ? avc_has_perm_noaudit+0x145/0x3b0
[  215.387058][T10283]  ? find_held_lock+0x2b/0x80
[  215.387086][T10283]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  215.387108][T10283]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  215.387135][T10283]  ? __pfx_rtnl_newlink+0x10/0x10
[  215.387159][T10283]  rtnetlink_rcv_msg+0x95e/0xe90
[  215.387185][T10283]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  215.387215][T10283]  ? ref_tracker_free+0x37e/0x6c0
[  215.387241][T10283]  netlink_rcv_skb+0x159/0x420
[  215.387271][T10283]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  215.387297][T10283]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  215.387335][T10283]  ? netlink_deliver_tap+0x1ae/0xcc0
[  215.387367][T10283]  netlink_unicast+0x585/0x850
[  215.387400][T10283]  ? __pfx_netlink_unicast+0x10/0x10
[  215.387435][T10283]  netlink_sendmsg+0x8b0/0xda0
[  215.387468][T10283]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.387495][T10283]  ? __might_fault+0x60/0x140
[  215.387529][T10283]  ____sys_sendmsg+0x9e1/0xb70
[  215.387556][T10283]  ? __pfx_netlink_sendmsg+0x10/0x10
[  215.387585][T10283]  ? __pfx_____sys_sendmsg+0x10/0x10
[  215.387625][T10283]  ___sys_sendmsg+0x190/0x1e0
[  215.387646][T10283]  ? __pfx____sys_sendmsg+0x10/0x10
[  215.387696][T10283]  __sys_sendmsg+0x170/0x220
[  215.387721][T10283]  ? __pfx___sys_sendmsg+0x10/0x10
[  215.387754][T10283]  ? rcu_is_watching+0x12/0xc0
[  215.387781][T10283]  do_syscall_64+0x10b/0xf80
[  215.387797][T10283]  ? clear_bhb_loop+0x40/0x90
[  215.387820][T10283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.387836][T10283] RIP: 0033:0x7f65bcd9c819
[  215.387853][T10283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  215.387870][T10283] RSP: 002b:00007f65bdc1c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  215.387886][T10283] RAX: ffffffffffffffda RBX: 00007f65bd015fa0 RCX: 00007f65bcd9c819
[  215.387896][T10283] RDX: 0000000000000800 RSI: 00002000000000c0 RDI: 0000000000000003
[  215.387907][T10283] RBP: 00007f65bdc1c090 R08: 0000000000000000 R09: 0000000000000000
[  215.387917][T10283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  215.387926][T10283] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  215.387949][T10283]  </TASK>
[  215.647838][T10283] gre1: entered promiscuous mode
[  215.665501][T10288] syzkaller0: entered promiscuous mode
[  215.668253][T10288] syzkaller0: entered allmulticast mode
[  215.689061][   T54] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  215.819674][T10295] tipc: Trying to set illegal importance in message
[  215.821223][   T54] usb 5-1: device descriptor read/64, error -71
[  215.824578][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  215.824596][   T40] audit: type=1400 audit(1776440560.520:440): avc:  denied  { setopt } for  pid=10294 comm="syz.2.1385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  215.929146][   T54] usb usb5-port1: attempt power cycle
[  216.064881][T10312] syzkaller0: entered promiscuous mode
[  216.067308][T10312] syzkaller0: entered allmulticast mode
[  216.137511][T10316] netlink: 'syz.2.1392': attribute type 11 has an invalid length.
[  216.269034][   T54] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  216.290311][   T54] usb 5-1: device descriptor read/8, error -71
[  216.320893][T10324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1396'.
[  216.398615][T10326] FAULT_INJECTION: forcing a failure.
[  216.398615][T10326] name failslab, interval 1, probability 0, space 0, times 0
[  216.405178][T10326] CPU: 0 UID: 0 PID: 10326 Comm: syz.2.1397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  216.405209][T10326] Tainted: [L]=SOFTLOCKUP
[  216.405216][T10326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  216.405227][T10326] Call Trace:
[  216.405233][T10326]  <TASK>
[  216.405241][T10326]  dump_stack_lvl+0x100/0x190
[  216.405271][T10326]  should_fail_ex.cold+0x5/0xa
[  216.405300][T10326]  should_failslab+0xc2/0x120
[  216.405331][T10326]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  216.405356][T10326]  ? __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  216.405550][T10326]  __kvm_mmu_topup_memory_cache+0x18f/0x5f0
[  216.405581][T10326]  mmu_topup_memory_caches+0x25/0x170
[  216.405685][T10326]  kvm_mmu_load+0xd6/0x23e0
[  216.405714][T10326]  ? vmx_get_rflags+0x104/0x440
[  216.405744][T10326]  ? kvm_apic_accept_pic_intr+0xdf/0x1b0
[  216.405775][T10326]  ? __pfx_kvm_mmu_load+0x10/0x10
[  216.405796][T10326]  ? vmx_enable_irq_window+0xe0/0x190
[  216.405823][T10326]  ? kvm_check_and_inject_events+0x961/0x10c0
[  216.405850][T10326]  ? record_steal_time+0x380/0xbc0
[  216.405873][T10326]  vcpu_run+0x39f4/0x5ca0
[  216.405911][T10326]  ? __pfx_vcpu_run+0x10/0x10
[  216.405945][T10326]  ? rcu_is_watching+0x12/0xc0
[  216.405978][T10326]  ? kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  216.406004][T10326]  kvm_arch_vcpu_ioctl_run+0x565/0x1830
[  216.406038][T10326]  kvm_vcpu_ioctl+0x730/0x1720
[  216.406061][T10326]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  216.406081][T10326]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  216.406111][T10326]  ? do_vfs_ioctl+0x226/0x13e0
[  216.406141][T10326]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  216.406189][T10326]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  216.406228][T10326]  ? __fget_files+0x215/0x3d0
[  216.406246][T10326]  ? hook_file_ioctl_common+0x149/0x410
[  216.406274][T10326]  ? selinux_file_ioctl+0x13b/0x290
[  216.406300][T10326]  ? selinux_file_ioctl+0xb6/0x290
[  216.406327][T10326]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  216.406349][T10326]  __x64_sys_ioctl+0x18e/0x210
[  216.406378][T10326]  do_syscall_64+0x10b/0xf80
[  216.406398][T10326]  ? clear_bhb_loop+0x40/0x90
[  216.406421][T10326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.406440][T10326] RIP: 0033:0x7f6016f9c819
[  216.406458][T10326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  216.406475][T10326] RSP: 002b:00007f6017e9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  216.406494][T10326] RAX: ffffffffffffffda RBX: 00007f6017215fa0 RCX: 00007f6016f9c819
[  216.406506][T10326] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  216.406517][T10326] RBP: 00007f6017e9d090 R08: 0000000000000000 R09: 0000000000000000
[  216.406528][T10326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  216.406538][T10326] R13: 00007f6017216038 R14: 00007f6017215fa0 R15: 00007ffd81866098
[  216.406563][T10326]  </TASK>
[  216.449130][   T40] audit: type=1400 audit(1776440561.140:441): avc:  denied  { read write } for  pid=10328 comm="syz.3.1398" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:passwd_exec_t:s0"
[  216.526522][   T40] audit: type=1400 audit(1776440561.140:442): avc:  denied  { open } for  pid=10328 comm="syz.3.1398" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 trawcon="system_u:object_r:passwd_exec_t:s0"
[  216.529104][   T54] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  216.561857][   T54] usb 5-1: device descriptor read/8, error -71
[  216.603068][T10333] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.1399'.
[  216.670673][   T54] usb usb5-port1: unable to enumerate USB device
[  216.726960][T10337] netlink: 'syz.3.1401': attribute type 11 has an invalid length.
[  216.794278][T10339] syzkaller0: entered promiscuous mode
[  216.797248][T10339] syzkaller0: entered allmulticast mode
[  217.010981][T10346] syzkaller0: entered promiscuous mode
[  217.013347][T10346] syzkaller0: entered allmulticast mode
[  217.089302][T10348] FAULT_INJECTION: forcing a failure.
[  217.089302][T10348] name failslab, interval 1, probability 0, space 0, times 0
[  217.097159][T10348] CPU: 1 UID: 0 PID: 10348 Comm: syz.1.1405 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  217.097188][T10348] Tainted: [L]=SOFTLOCKUP
[  217.097195][T10348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  217.097207][T10348] Call Trace:
[  217.097215][T10348]  <TASK>
[  217.097223][T10348]  dump_stack_lvl+0x100/0x190
[  217.097251][T10348]  should_fail_ex.cold+0x5/0xa
[  217.097278][T10348]  ? lsm_blob_alloc+0x68/0x90
[  217.097297][T10348]  should_failslab+0xc2/0x120
[  217.097326][T10348]  __kmalloc_noprof+0xe0/0x850
[  217.097351][T10348]  ? audit_alloc+0xa2/0x7b0
[  217.097376][T10348]  lsm_blob_alloc+0x68/0x90
[  217.097395][T10348]  security_task_alloc+0x2a/0x260
[  217.097423][T10348]  copy_process+0x2865/0x7fa0
[  217.097465][T10348]  ? __pfx_copy_process+0x10/0x10
[  217.097494][T10348]  ? lockdep_init_map_type+0x5c/0x250
[  217.097520][T10348]  ? lockdep_init_map_type+0x5c/0x250
[  217.097542][T10348]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  217.097563][T10348]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  217.097594][T10348]  vhost_task_create+0x1db/0x370
[  217.097620][T10348]  ? __pfx_vhost_task_create+0x10/0x10
[  217.097641][T10348]  ? register_lock_class+0x40/0x560
[  217.097689][T10348]  ? __pfx_vhost_task_fn+0x10/0x10
[  217.097715][T10348]  ? __pfx___mutex_lock+0x10/0x10
[  217.097737][T10348]  ? kasan_quarantine_put+0x104/0x240
[  217.097768][T10348]  kvm_mmu_post_init_vm+0x1b3/0x370
[  217.097794][T10348]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[  217.097822][T10348]  ? kvm_vcpu_ioctl+0x1546/0x1720
[  217.097848][T10348]  kvm_vcpu_ioctl+0x730/0x1720
[  217.097870][T10348]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  217.097890][T10348]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  217.097913][T10348]  ? do_vfs_ioctl+0x226/0x13e0
[  217.097941][T10348]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  217.097966][T10348]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  217.098003][T10348]  ? __fget_files+0x215/0x3d0
[  217.098021][T10348]  ? hook_file_ioctl_common+0x149/0x410
[  217.098054][T10348]  ? selinux_file_ioctl+0x13b/0x290
[  217.098079][T10348]  ? selinux_file_ioctl+0xb6/0x290
[  217.098107][T10348]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  217.098128][T10348]  __x64_sys_ioctl+0x18e/0x210
[  217.098158][T10348]  do_syscall_64+0x10b/0xf80
[  217.098178][T10348]  ? clear_bhb_loop+0x40/0x90
[  217.098201][T10348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  217.098221][T10348] RIP: 0033:0x7f0e5379c819
[  217.098239][T10348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  217.098256][T10348] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  217.098276][T10348] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  217.098288][T10348] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  217.098299][T10348] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  217.098310][T10348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  217.098321][T10348] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  217.098346][T10348]  </TASK>
[  217.326685][T10350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1406'.
[  217.441759][T10353] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.1407'.
[  217.455637][T10353] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  217.923275][T10360] block nbd0: not configured, cannot reconfigure
[  218.018605][T10363] syzkaller0: entered promiscuous mode
[  218.022404][T10363] syzkaller0: entered allmulticast mode
[  218.028512][T10363] netlink: 'syz.3.1412': attribute type 8 has an invalid length.
[  218.249077][ T6032] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  218.306591][   T40] audit: type=1400 audit(1776440563.000:443): avc:  denied  { write } for  pid=10361 comm="syz.1.1411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xfd000)
[  218.409046][ T6032] usb 5-1: Using ep0 maxpacket: 32
[  218.413226][ T6032] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  218.417317][ T6032] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.424962][ T6032] usb 5-1: config 0 descriptor??
[  218.464859][ T6032] as10x_usb: device has been detected
[  218.468411][ T6032] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  218.485113][ T1121] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[  218.493622][ T1121] ata1: failed to read log page 10h (errno=-5)
[  218.498329][ T1121] ata1.00: exception Emask 0x1 SAct 0x4000 SErr 0x0 action 0x0
[  218.507300][ T1121] ata1.00: irq_stat 0x41000008
[  218.512421][ T1121] ata1.00: failed command: WRITE FPDMA QUEUED
[  218.515798][T10372] netlink: 'syz.3.1414': attribute type 11 has an invalid length.
[  218.520159][ T1121] ata1.00: cmd 61/e8:70:4e:69:0a/07:00:00:00:00/40 tag 14 ncq dma 1036288 ou
[  218.520159][ T1121]          res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[  218.532942][ T6032] usb 5-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  218.536856][ T1121] ata1.00: status: { DRDY }
[  218.536894][ T1121] ata1.00: error: { ABRT }
[  218.538350][ T1121] ata1.00: configured for UDMA/100
[  218.550855][ T1121] ata1: EH complete
[  218.580471][ T6032] as10x_usb: error during firmware upload part1
[  218.584035][ T6032] Registered device nBox DVB-T Dongle
[  218.602763][T10375] zonefs: Unknown parameter '%^'
[  218.633226][ T6001] usb 5-1: USB disconnect, device number 15
[  218.667322][ T6001] Unregistered device nBox DVB-T Dongle
[  218.668212][ T6001] as10x_usb: device has been disconnected
[  218.676565][   T40] audit: type=1400 audit(1776440563.370:444): avc:  denied  { shutdown } for  pid=10373 comm="syz.3.1415" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  218.682325][T10376] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1415'.
[  218.884685][T10378] FAULT_INJECTION: forcing a failure.
[  218.884685][T10378] name failslab, interval 1, probability 0, space 0, times 0
[  218.890459][T10378] CPU: 0 UID: 0 PID: 10378 Comm: syz.2.1417 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  218.890488][T10378] Tainted: [L]=SOFTLOCKUP
[  218.890494][T10378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  218.890504][T10378] Call Trace:
[  218.890510][T10378]  <TASK>
[  218.890517][T10378]  dump_stack_lvl+0x100/0x190
[  218.890543][T10378]  should_fail_ex.cold+0x5/0xa
[  218.890565][T10378]  should_failslab+0xc2/0x120
[  218.890590][T10378]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  218.890612][T10378]  ? security_inode_alloc+0x3b/0x2c0
[  218.890635][T10378]  ? lockdep_init_map_type+0x5c/0x250
[  218.890661][T10378]  security_inode_alloc+0x3b/0x2c0
[  218.890683][T10378]  inode_init_always_gfp+0xcc0/0x1000
[  218.890703][T10378]  alloc_inode+0x8e/0x250
[  218.890726][T10378]  sock_alloc+0x44/0x280
[  218.890750][T10378]  do_accept+0xf9/0x530
[  218.890768][T10378]  ? do_raw_spin_lock+0x128/0x260
[  218.890791][T10378]  ? __pfx_do_accept+0x10/0x10
[  218.890826][T10378]  __sys_accept4+0x108/0x200
[  218.890845][T10378]  ? __pfx___sys_accept4+0x10/0x10
[  218.890862][T10378]  ? ksys_write+0x1ac/0x250
[  218.890887][T10378]  ? __pfx_ksys_write+0x10/0x10
[  218.890915][T10378]  __x64_sys_accept+0x74/0xb0
[  218.890931][T10378]  ? lockdep_hardirqs_on+0x78/0x100
[  218.890948][T10378]  do_syscall_64+0x10b/0xf80
[  218.890965][T10378]  ? clear_bhb_loop+0x40/0x90
[  218.890987][T10378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.891005][T10378] RIP: 0033:0x7f6016f9c819
[  218.891020][T10378] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  218.891037][T10378] RSP: 002b:00007f6017e9d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  218.891055][T10378] RAX: ffffffffffffffda RBX: 00007f6017215fa0 RCX: 00007f6016f9c819
[  218.891065][T10378] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000b
[  218.891073][T10378] RBP: 00007f6017e9d090 R08: 0000000000000000 R09: 0000000000000000
[  218.891083][T10378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.891093][T10378] R13: 00007f6017216038 R14: 00007f6017215fa0 R15: 00007ffd81866098
[  218.891116][T10378]  </TASK>
[  219.543776][   T40] audit: type=1400 audit(1776440564.240:445): avc:  denied  { ioctl } for  pid=10411 comm="syz.3.1429" path="socket:[30117]" dev="sockfs" ino=30117 ioctlcmd=0x4943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  219.634787][T10421] overlay: filesystem on ./file1 not supported
[  219.634895][   T40] audit: type=1400 audit(1776440564.330:446): avc:  denied  { mounton } for  pid=10411 comm="syz.3.1429" path="/bus" dev="autofs" ino=32824 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  219.642182][T10419] syzkaller0: entered promiscuous mode
[  219.648177][T10419] syzkaller0: entered allmulticast mode
[  219.659752][   T40] audit: type=1400 audit(1776440564.360:447): avc:  denied  { block_suspend } for  pid=10411 comm="syz.3.1429" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  219.734738][T10423] netlink: 204 bytes leftover after parsing attributes in process `syz.0.1433'.
[  219.770843][T10425] syzkaller0: entered promiscuous mode
[  219.773138][T10425] syzkaller0: entered allmulticast mode
[  219.842755][T10411] delete_channel: no stack
[  219.885406][T10427] netlink: 207952 bytes leftover after parsing attributes in process `syz.3.1435'.
[  219.966723][T10435] FAULT_INJECTION: forcing a failure.
[  219.966723][T10435] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.975278][T10435] CPU: 3 UID: 0 PID: 10435 Comm: syz.0.1437 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  219.975314][T10435] Tainted: [L]=SOFTLOCKUP
[  219.975321][T10435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  219.975334][T10435] Call Trace:
[  219.975342][T10435]  <TASK>
[  219.975350][T10435]  dump_stack_lvl+0x100/0x190
[  219.975386][T10435]  should_fail_ex.cold+0x5/0xa
[  219.975417][T10435]  strncpy_from_user+0x3b/0x2d0
[  219.975442][T10435]  path_removexattrat+0xc8/0x5f0
[  219.975467][T10435]  ? __pfx_path_removexattrat+0x10/0x10
[  219.975489][T10435]  ? __pfx_get_signal+0x10/0x10
[  219.975543][T10435]  ? exit_to_user_mode_loop+0xdd/0x4a0
[  219.975569][T10435]  ? rcu_is_watching+0x12/0xc0
[  219.975598][T10435]  ? exit_to_user_mode_loop+0xdd/0x4a0
[  219.975628][T10435]  __x64_sys_fremovexattr+0x5a/0x80
[  219.975654][T10435]  do_syscall_64+0x10b/0xf80
[  219.975679][T10435]  ? clear_bhb_loop+0x40/0x90
[  219.975704][T10435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.975724][T10435] RIP: 0033:0x7f9095d9c819
[  219.975764][T10435] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  219.975783][T10435] RSP: 002b:00007f9096ca3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000c7
[  219.975805][T10435] RAX: ffffffffffffffda RBX: 00007f9096015fa0 RCX: 00007f9095d9c819
[  219.975818][T10435] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  219.975830][T10435] RBP: 00007f9096ca3090 R08: 0000000000000000 R09: 0000000000000000
[  219.975843][T10435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  219.975855][T10435] R13: 00007f9096016038 R14: 00007f9096015fa0 R15: 00007fffda36e908
[  219.975887][T10435]  </TASK>
[  219.992516][T10437] syzkaller0: entered promiscuous mode
[  220.057574][T10437] syzkaller0: entered allmulticast mode
[  220.081377][T10441] syzkaller0: entered promiscuous mode
[  220.083693][T10441] syzkaller0: entered allmulticast mode
[  220.189901][T10445] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1441'.
[  220.212885][T10447] openvswitch: netlink: Duplicate or invalid key (type 0).
[  220.218161][T10447] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  220.248820][T10449] syzkaller0: entered promiscuous mode
[  220.253685][T10449] syzkaller0: entered allmulticast mode
[  220.432242][T10464] syzkaller0: entered promiscuous mode
[  220.434673][T10464] syzkaller0: entered allmulticast mode
[  220.548085][T10470] FAULT_INJECTION: forcing a failure.
[  220.548085][T10470] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.559657][T10470] CPU: 0 UID: 0 PID: 10470 Comm: syz.1.1450 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  220.559690][T10470] Tainted: [L]=SOFTLOCKUP
[  220.559696][T10470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  220.559706][T10470] Call Trace:
[  220.559712][T10470]  <TASK>
[  220.559719][T10470]  dump_stack_lvl+0x100/0x190
[  220.559745][T10470]  should_fail_ex.cold+0x5/0xa
[  220.559771][T10470]  _copy_from_user+0x2e/0xd0
[  220.559801][T10470]  copy_msghdr_from_user+0x9f/0x4f0
[  220.559820][T10470]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  220.559857][T10470]  ___sys_sendmsg+0x106/0x1e0
[  220.559877][T10470]  ? __pfx____sys_sendmsg+0x10/0x10
[  220.559927][T10470]  __sys_sendmsg+0x170/0x220
[  220.559952][T10470]  ? __pfx___sys_sendmsg+0x10/0x10
[  220.559983][T10470]  ? rcu_is_watching+0x12/0xc0
[  220.560012][T10470]  do_syscall_64+0x10b/0xf80
[  220.560031][T10470]  ? clear_bhb_loop+0x40/0x90
[  220.560053][T10470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.560073][T10470] RIP: 0033:0x7f0e5379c819
[  220.560092][T10470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  220.560108][T10470] RSP: 002b:00007f0e545da028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  220.560129][T10470] RAX: ffffffffffffffda RBX: 00007f0e53a15fa0 RCX: 00007f0e5379c819
[  220.560140][T10470] RDX: 000000000000c090 RSI: 0000200000002a40 RDI: 0000000000000004
[  220.560151][T10470] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  220.560162][T10470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.560171][T10470] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  220.560194][T10470]  </TASK>
[  220.739166][T10474] netlink: 'syz.1.1452': attribute type 11 has an invalid length.
[  220.774082][T10475] netlink: 207952 bytes leftover after parsing attributes in process `syz.2.1451'.
[  220.825642][T10478] syzkaller0: entered promiscuous mode
[  220.828146][T10478] syzkaller0: entered allmulticast mode
[  222.717580][T10483] syzkaller0: entered promiscuous mode
[  222.719928][T10483] syzkaller0: entered allmulticast mode
[  222.895068][   T40] audit: type=1400 audit(1776440567.590:448): avc:  denied  { remount } for  pid=10520 comm="syz.0.1463" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  223.012658][T10530] syzkaller0: entered promiscuous mode
[  223.015202][T10530] syzkaller0: entered allmulticast mode
[  223.034301][T10535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1467'.
[  223.037933][T10535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1467'.
[  223.197431][T10553] FAULT_INJECTION: forcing a failure.
[  223.197431][T10553] name failslab, interval 1, probability 0, space 0, times 0
[  223.198293][   T40] audit: type=1400 audit(1776440567.890:449): avc:  denied  { create } for  pid=10552 comm="syz.2.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  223.216628][T10553] CPU: 3 UID: 0 PID: 10553 Comm: syz.0.1471 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  223.216666][T10553] Tainted: [L]=SOFTLOCKUP
[  223.216675][T10553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  223.216689][T10553] Call Trace:
[  223.216696][T10553]  <TASK>
[  223.216705][T10553]  dump_stack_lvl+0x100/0x190
[  223.216737][T10553]  should_fail_ex.cold+0x5/0xa
[  223.216771][T10553]  should_failslab+0xc2/0x120
[  223.216807][T10553]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  223.216838][T10553]  ? __alloc_skb+0x140/0x710
[  223.216884][T10553]  ? __alloc_skb+0x5b7/0x710
[  223.216915][T10553]  __alloc_skb+0x140/0x710
[  223.216940][T10553]  ? __alloc_skb+0x5b7/0x710
[  223.216966][T10553]  ? __pfx___alloc_skb+0x10/0x10
[  223.217001][T10553]  alloc_skb_with_frags+0xdd/0x760
[  223.217037][T10553]  ? __page_table_check_zero+0x338/0x410
[  223.217076][T10553]  sock_alloc_send_pskb+0x801/0x980
[  223.217120][T10553]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  223.217154][T10553]  ? __lock_acquire+0x4a5/0x2630
[  223.217182][T10553]  __ip_append_data+0x2039/0x4410
[  223.217220][T10553]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  223.217250][T10553]  ? find_held_lock+0x2b/0x80
[  223.217291][T10553]  ? ip_dst_mtu_maybe_forward.constprop.0+0x3e9/0x750
[  223.217315][T10553]  ? __pfx___ip_append_data+0x10/0x10
[  223.217353][T10553]  ip_make_skb+0x28b/0x310
[  223.217378][T10553]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  223.217409][T10553]  ? __pfx_ip_make_skb+0x10/0x10
[  223.217441][T10553]  ? udp_sendmsg+0x171c/0x2720
[  223.217468][T10553]  udp_sendmsg+0x171c/0x2720
[  223.217505][T10553]  ? __pfx_udp_sendmsg+0x10/0x10
[  223.217534][T10553]  ? avc_has_perm+0x135/0x1e0
[  223.217584][T10553]  ? __might_fault+0x60/0x140
[  223.217608][T10553]  ? __might_fault+0xc5/0x140
[  223.217632][T10553]  ? __pfx_udp_sendmsg+0x10/0x10
[  223.217664][T10553]  inet_sendmsg+0x105/0x140
[  223.217686][T10553]  ____sys_sendmsg+0x98d/0xb70
[  223.217714][T10553]  ? __pfx_inet_sendmsg+0x10/0x10
[  223.217736][T10553]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.217771][T10553]  ? find_held_lock+0x2b/0x80
[  223.217799][T10553]  ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[  223.217832][T10553]  ___sys_sendmsg+0x190/0x1e0
[  223.217851][T10553]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.217866][T10553]  ? do_user_addr_fault+0x7de/0x12f0
[  223.217996][T10553]  ? irqentry_exit+0x246/0x790
[  223.218014][T10553]  ? lockdep_hardirqs_on+0x78/0x100
[  223.218041][T10553]  ? __pfx___might_resched+0x10/0x10
[  223.218065][T10553]  ? __might_fault+0x111/0x140
[  223.218095][T10553]  __sys_sendmmsg+0x205/0x430
[  223.218121][T10553]  ? __pfx___sys_sendmmsg+0x10/0x10
[  223.218151][T10553]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  223.218181][T10553]  ? fput+0x79/0x100
[  223.218201][T10553]  ? ksys_write+0x1ac/0x250
[  223.218226][T10553]  ? __pfx_ksys_write+0x10/0x10
[  223.218254][T10553]  __x64_sys_sendmmsg+0x9c/0x100
[  223.218275][T10553]  ? lockdep_hardirqs_on+0x78/0x100
[  223.218294][T10553]  do_syscall_64+0x10b/0xf80
[  223.218313][T10553]  ? clear_bhb_loop+0x40/0x90
[  223.218335][T10553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.218355][T10553] RIP: 0033:0x7f9095d9c819
[  223.218371][T10553] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  223.218386][T10553] RSP: 002b:00007f9096ca3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  223.218405][T10553] RAX: ffffffffffffffda RBX: 00007f9096015fa0 RCX: 00007f9095d9c819
[  223.218415][T10553] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000004
[  223.218425][T10553] RBP: 00007f9096ca3090 R08: 0000000000000000 R09: 0000000000000000
[  223.218434][T10553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  223.218444][T10553] R13: 00007f9096016038 R14: 00007f9096015fa0 R15: 00007fffda36e908
[  223.218466][T10553]  </TASK>
[  223.229908][   T40] audit: type=1400 audit(1776440567.930:450): avc:  denied  { setopt } for  pid=10552 comm="syz.2.1472" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  223.279093][T10560] program syz.0.1473 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  223.331977][T10563] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1474'.
[  223.334363][    C3] sr 2:0:0:0: [sr0] tag#3 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  223.405216][    C3] sr 2:0:0:0: [sr0] tag#3 CDB: opcode=0x95 95 ff ff ff 00 00 00 00 80 00 00 00 00 20 00 00
[  223.670985][T10581] block nbd0: not configured, cannot reconfigure
[  223.673225][T10581] FAULT_INJECTION: forcing a failure.
[  223.673225][T10581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.677598][T10581] CPU: 0 UID: 0 PID: 10581 Comm: syz.3.1481 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  223.677616][T10581] Tainted: [L]=SOFTLOCKUP
[  223.677620][T10581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  223.677628][T10581] Call Trace:
[  223.677633][T10581]  <TASK>
[  223.677637][T10581]  dump_stack_lvl+0x100/0x190
[  223.677655][T10581]  should_fail_ex.cold+0x5/0xa
[  223.677672][T10581]  _copy_to_user+0x32/0xd0
[  223.677692][T10581]  simple_read_from_buffer+0xcb/0x170
[  223.677712][T10581]  proc_fail_nth_read+0x1af/0x230
[  223.677730][T10581]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  223.677747][T10581]  ? rw_verify_area+0xce/0x6d0
[  223.677776][T10581]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  223.677793][T10581]  vfs_read+0x1e4/0xb30
[  223.677811][T10581]  ? __pfx_vfs_read+0x10/0x10
[  223.677827][T10581]  ? __fget_files+0x215/0x3d0
[  223.677841][T10581]  ? __fget_files+0x21f/0x3d0
[  223.677856][T10581]  ksys_read+0x12a/0x250
[  223.677871][T10581]  ? __pfx_ksys_read+0x10/0x10
[  223.677889][T10581]  ? rcu_is_watching+0x12/0xc0
[  223.677907][T10581]  do_syscall_64+0x10b/0xf80
[  223.678007][T10581]  ? clear_bhb_loop+0x40/0x90
[  223.678022][T10581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.678035][T10581] RIP: 0033:0x7f65bcd5d04e
[  223.678045][T10581] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  223.678056][T10581] RSP: 002b:00007f65bdc1bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  223.678068][T10581] RAX: ffffffffffffffda RBX: 00007f65bdc1c6c0 RCX: 00007f65bcd5d04e
[  223.678075][T10581] RDX: 000000000000000f RSI: 00007f65bdc1c0a0 RDI: 0000000000000003
[  223.678081][T10581] RBP: 00007f65bdc1c090 R08: 0000000000000000 R09: 0000000000000000
[  223.678087][T10581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.678093][T10581] R13: 00007f65bd016038 R14: 00007f65bd015fa0 R15: 00007ffc0c0dbae8
[  223.678107][T10581]  </TASK>
[  223.785999][T10583] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  223.794392][T10578] FAULT_INJECTION: forcing a failure.
[  223.794392][T10578] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.798998][T10578] CPU: 3 UID: 0 PID: 10578 Comm: syz.1.1480 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  223.799020][T10578] Tainted: [L]=SOFTLOCKUP
[  223.799024][T10578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  223.799031][T10578] Call Trace:
[  223.799037][T10578]  <TASK>
[  223.799041][T10578]  dump_stack_lvl+0x100/0x190
[  223.799067][T10578]  should_fail_ex.cold+0x5/0xa
[  223.799084][T10578]  _copy_to_user+0x32/0xd0
[  223.799105][T10578]  simple_read_from_buffer+0xcb/0x170
[  223.799125][T10578]  proc_fail_nth_read+0x1af/0x230
[  223.799143][T10578]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  223.799160][T10578]  ? rw_verify_area+0xce/0x6d0
[  223.799175][T10578]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  223.799192][T10578]  vfs_read+0x1e4/0xb30
[  223.799210][T10578]  ? __pfx_vfs_read+0x10/0x10
[  223.799226][T10578]  ? __fget_files+0x215/0x3d0
[  223.799240][T10578]  ? __fget_files+0x21f/0x3d0
[  223.799254][T10578]  ksys_read+0x12a/0x250
[  223.799271][T10578]  ? __pfx_ksys_read+0x10/0x10
[  223.799288][T10578]  ? rcu_is_watching+0x12/0xc0
[  223.799306][T10578]  do_syscall_64+0x10b/0xf80
[  223.799319][T10578]  ? clear_bhb_loop+0x40/0x90
[  223.799332][T10578]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.799344][T10578] RIP: 0033:0x7f0e5375d04e
[  223.799354][T10578] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  223.799365][T10578] RSP: 002b:00007f0e545d9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  223.799376][T10578] RAX: ffffffffffffffda RBX: 00007f0e545da6c0 RCX: 00007f0e5375d04e
[  223.799383][T10578] RDX: 000000000000000f RSI: 00007f0e545da0a0 RDI: 0000000000000009
[  223.799390][T10578] RBP: 00007f0e545da090 R08: 0000000000000000 R09: 0000000000000000
[  223.799396][T10578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.799402][T10578] R13: 00007f0e53a16038 R14: 00007f0e53a15fa0 R15: 00007ffce4788a08
[  223.799416][T10578]  </TASK>
[  223.970900][   T40] audit: type=1400 audit(1776440568.660:451): avc:  denied  { nosuid_transition } for  pid=10589 comm="syz.1.1484" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1
[  223.976366][T10590] netlink: 'syz.1.1484': attribute type 1 has an invalid length.
[  223.978512][   T40] audit: type=1400 audit(1776440568.670:452): avc:  denied  { transition } for  pid=10589 comm="syz.1.1484" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=3104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  223.981881][T10590] netlink: 16142 bytes leftover after parsing attributes in process `syz.1.1484'.
[  223.995991][   T40] audit: type=1400 audit(1776440568.670:453): avc:  denied  { entrypoint } for  pid=10589 comm="syz.1.1484" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=3104 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  224.010998][   T40] audit: type=1400 audit(1776440568.670:454): avc:  denied  { share } for  pid=10589 comm="syz.1.1484" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  224.019137][   T40] audit: type=1400 audit(1776440568.670:455): avc:  denied  { noatsecure } for  pid=10589 comm="syz.1.1484" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  224.156476][T10598] 
[  224.157551][T10598] ======================================================
[  224.160679][T10598] WARNING: possible circular locking dependency detected
[  224.163855][T10598] syzkaller #0 Tainted: G             L     
[  224.166569][T10598] ------------------------------------------------------
[  224.169527][T10598] syz.0.1486/10598 is trying to acquire lock:
[  224.172117][T10598] ffffffff908a3dd8 (nr_neigh_list_lock){+...}-{3:3}, at: nr_rt_ioctl+0x1fa2/0x29e0
[  224.176261][T10598] 
[  224.176261][T10598] but task is already holding lock:
[  224.179897][T10598] ffff88803fe18670 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_ioctl+0x10e3/0x29e0
[  224.184021][T10598] 
[  224.184021][T10598] which lock already depends on the new lock.
[  224.184021][T10598] 
[  224.188430][T10598] 
[  224.188430][T10598] the existing dependency chain (in reverse order) is:
[  224.192307][T10598] 
[  224.192307][T10598] -> #2 (&nr_node->node_lock){+...}-{3:3}:
[  224.195830][T10598]        _raw_spin_lock_bh+0x33/0x40
[  224.198104][T10598]        nr_rt_device_down+0x18e/0x820
[  224.199179][  T836] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  224.200567][T10598]        nr_device_event+0x126/0x170
[  224.205400][T10598]        notifier_call_chain+0x99/0x400
[  224.207859][T10598]        call_netdevice_notifiers_info+0xbe/0x110
[  224.210767][T10598]        __dev_notify_flags+0x1f7/0x2e0
[  224.213215][T10598]        netif_change_flags+0x108/0x160
[  224.215608][T10598]        dev_change_flags+0xba/0x250
[  224.217846][T10598]        dev_ifsioc+0x1682/0x1f20
[  224.219970][T10598]        dev_ioctl+0x342/0x10e0
[  224.222169][T10598]        sock_do_ioctl+0x1a0/0x280
[  224.224646][T10598]        sock_ioctl+0x599/0x6b0
[  224.226859][T10598]        __x64_sys_ioctl+0x18e/0x210
[  224.229175][T10598]        do_syscall_64+0x10b/0xf80
[  224.231354][T10598]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.233690][T10598] 
[  224.233690][T10598] -> #1 (nr_node_list_lock){+...}-{3:3}:
[  224.236276][T10598]        _raw_spin_lock_bh+0x33/0x40
[  224.238259][T10598]        nr_rt_device_down+0xd3/0x820
[  224.240238][T10598]        nr_device_event+0x126/0x170
[  224.242134][T10598]        notifier_call_chain+0x99/0x400
[  224.243913][T10598]        call_netdevice_notifiers_info+0xbe/0x110
[  224.245994][T10598]        __dev_notify_flags+0x1f7/0x2e0
[  224.247734][T10598]        netif_change_flags+0x108/0x160
[  224.249604][T10598]        dev_change_flags+0xba/0x250
[  224.251299][T10598]        dev_ifsioc+0x1682/0x1f20
[  224.252967][T10598]        dev_ioctl+0x342/0x10e0
[  224.254728][T10598]        sock_do_ioctl+0x1a0/0x280
[  224.256694][T10598]        sock_ioctl+0x599/0x6b0
[  224.258463][T10598]        __x64_sys_ioctl+0x18e/0x210
[  224.260238][T10598]        do_syscall_64+0x10b/0xf80
[  224.261929][T10598]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.263994][T10598] 
[  224.263994][T10598] -> #0 (nr_neigh_list_lock){+...}-{3:3}:
[  224.266709][T10598]        __lock_acquire+0x14b8/0x2630
[  224.268745][T10598]        lock_acquire+0x1b1/0x370
[  224.270585][T10598]        _raw_spin_lock_bh+0x33/0x40
[  224.272342][T10598]        nr_rt_ioctl+0x1fa2/0x29e0
[  224.274053][T10598]        nr_ioctl+0x16e/0x2d0
[  224.275600][T10598]        sock_do_ioctl+0x118/0x280
[  224.277286][T10598]        sock_ioctl+0x599/0x6b0
[  224.278906][T10598]        __x64_sys_ioctl+0x18e/0x210
[  224.280616][T10598]        do_syscall_64+0x10b/0xf80
[  224.282312][T10598]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.284542][T10598] 
[  224.284542][T10598] other info that might help us debug this:
[  224.284542][T10598] 
[  224.288473][T10598] Chain exists of:
[  224.288473][T10598]   nr_neigh_list_lock --> nr_node_list_lock --> &nr_node->node_lock
[  224.288473][T10598] 
[  224.293333][T10598]  Possible unsafe locking scenario:
[  224.293333][T10598] 
[  224.295796][T10598]        CPU0                    CPU1
[  224.297528][T10598]        ----                    ----
[  224.299329][T10598]   lock(&nr_node->node_lock);
[  224.300948][T10598]                                lock(nr_node_list_lock);
[  224.303624][T10598]                                lock(&nr_node->node_lock);
[  224.306178][T10598]   lock(nr_neigh_list_lock);
[  224.307703][T10598] 
[  224.307703][T10598]  *** DEADLOCK ***
[  224.307703][T10598] 
[  224.310306][T10598] 2 locks held by syz.0.1486/10598:
[  224.311848][T10598]  #0: ffffffff908a3e38 (nr_node_list_lock){+...}-{3:3}, at: nr_rt_ioctl+0x105f/0x29e0
[  224.315173][T10598]  #1: ffff88803fe18670 (&nr_node->node_lock){+...}-{3:3}, at: nr_rt_ioctl+0x10e3/0x29e0
[  224.319183][T10598] 
[  224.319183][T10598] stack backtrace:
[  224.321634][T10598] CPU: 1 UID: 0 PID: 10598 Comm: syz.0.1486 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  224.321663][T10598] Tainted: [L]=SOFTLOCKUP
[  224.321670][T10598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.321679][T10598] Call Trace:
[  224.321688][T10598]  <TASK>
[  224.321697][T10598]  dump_stack_lvl+0x100/0x190
[  224.321725][T10598]  print_circular_bug.cold+0x178/0x1c7
[  224.321834][T10598]  check_noncircular+0x146/0x160
[  224.321860][T10598]  __lock_acquire+0x14b8/0x2630
[  224.321883][T10598]  lock_acquire+0x1b1/0x370
[  224.321903][T10598]  ? nr_rt_ioctl+0x1fa2/0x29e0
[  224.321924][T10598]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  224.321943][T10598]  ? __local_bh_enable_ip+0x9e/0x120
[  224.321964][T10598]  ? lockdep_hardirqs_on+0x78/0x100
[  224.321981][T10598]  _raw_spin_lock_bh+0x33/0x40
[  224.321994][T10598]  ? nr_rt_ioctl+0x1fa2/0x29e0
[  224.322009][T10598]  nr_rt_ioctl+0x1fa2/0x29e0
[  224.322027][T10598]  ? __pfx_nr_rt_ioctl+0x10/0x10
[  224.322043][T10598]  ? kasan_quarantine_put+0x104/0x240
[  224.322069][T10598]  ? bpf_lsm_capable+0x9/0x10
[  224.322083][T10598]  ? security_capable+0x80/0x260
[  224.322106][T10598]  nr_ioctl+0x16e/0x2d0
[  224.322126][T10598]  sock_do_ioctl+0x118/0x280
[  224.322148][T10598]  ? __pfx_sock_do_ioctl+0x10/0x10
[  224.322169][T10598]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  224.322188][T10598]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  224.322211][T10598]  sock_ioctl+0x599/0x6b0
[  224.322224][T10598]  ? __pfx_sock_ioctl+0x10/0x10
[  224.322237][T10598]  ? hook_file_ioctl_common+0x149/0x410
[  224.322257][T10598]  ? selinux_file_ioctl+0x13b/0x290
[  224.322277][T10598]  ? selinux_file_ioctl+0xb6/0x290
[  224.322296][T10598]  ? __pfx_sock_ioctl+0x10/0x10
[  224.322309][T10598]  __x64_sys_ioctl+0x18e/0x210
[  224.322328][T10598]  do_syscall_64+0x10b/0xf80
[  224.322342][T10598]  ? clear_bhb_loop+0x40/0x90
[  224.322357][T10598]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.322371][T10598] RIP: 0033:0x7f9095d9c819
[  224.322384][T10598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.322397][T10598] RSP: 002b:00007f9096ca3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  224.322412][T10598] RAX: ffffffffffffffda RBX: 00007f9096015fa0 RCX: 00007f9095d9c819
[  224.322421][T10598] RDX: 00002000000001c0 RSI: 000000000000890c RDI: 0000000000000008
[  224.322429][T10598] RBP: 00007f9095e32c91 R08: 0000000000000000 R09: 0000000000000000
[  224.322437][T10598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.322446][T10598] R13: 00007f9096016038 R14: 00007f9096015fa0 R15: 00007fffda36e908
[  224.322459][T10598]  </TASK>
[  224.421088][  T836] usb 8-1: config index 0 descriptor too short (expected 39, got 27)
[  224.423906][  T836] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  224.427346][  T836] usb 8-1: config 0 interface 0 has no altsetting 0
[  224.435133][  T836] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  224.438100][  T836] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  224.441022][  T836] usb 8-1: Product: syz
[  224.442762][  T836] usb 8-1: Manufacturer: syz
[  224.444970][  T836] usb 8-1: SerialNumber: syz
[  224.449190][  T836] usb 8-1: config 0 descriptor??
[  224.453877][  T836] hub 8-1:0.0: bad descriptor, ignoring hub
[  224.456915][  T836] hub 8-1:0.0: probe with driver hub failed with error -5
[  224.461413][  T836] usb 8-1: selecting invalid altsetting 0
[  224.710845][T10602] syzkaller0: entered promiscuous mode
[  224.712788][T10602] syzkaller0: entered allmulticast mode
[  225.501120][   T10] usb 8-1: USB disconnect, device number 13