last executing test programs:

3m58.692806936s ago: executing program 4 (id=447):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0x408c, &(0x7f0000000040)={0x0, 0xf84, 0x10081, 0x1, 0x2e1}, &(0x7f0000000300), &(0x7f0000000200), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000240)=[0xffffffffffffffff], 0x1)
read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0x3)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x20009, 0x2, 0x18, 0x5, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x20000006, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffe, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x7, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0xfffffffe, 0x400, 0xe, 0x4, 0xffffffff, 0x6c, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x35, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x200025, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x5, 0x400, 0x7ffd, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x68, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0xffff, 0x6, 0x96, 0x9, 0x2, 0x0, 0x200, 0x401, 0xc, 0x2, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x5, 0x7, 0x200, 0x3], [0x8, 0x8000c584, 0x5, 0xcd3, 0x7, 0x1f, 0x400, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x4, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x6, 0x5, 0x80, 0x9, 0x7ffe, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0xfffffffc, 0x8, 0x3, 0x3ff, 0x20000006, 0x9, 0x95e, 0xffffffff, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x10002, 0x1, 0x3, 0x88, 0x2, 0xffffff80, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x6, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xfffff734, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x82, 0x44, 0x409, 0x1, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x1f3, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0x1f, 0x136, 0x6]}, 0x45c)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000600000004000000000000010400000020040000000000000000000d040000000000000000000010040000000400000000000008030000000000000061"], 0x0, 0x52}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x2, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x1, 0x4}, 0x50)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
readv(0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x1, 0x82)
r7 = openat$cgroup_int(r6, 0x0, 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000080)=0xfffffffd, 0x12)
write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
prlimit64(r2, 0xc, 0x0, &(0x7f0000000280))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0)

3m58.052484266s ago: executing program 4 (id=449):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000940)={'erspan0\x00', &(0x7f0000000800)={'syztnl2\x00', <r1=>0x0, 0x7830, 0x80, 0x6, 0x0, {{0x13, 0x4, 0x0, 0x34, 0x4c, 0x65, 0x0, 0x3, 0x29, 0x0, @loopback, @multicast2, {[@generic={0x82, 0x4, "a98e"}, @rr={0x7, 0x13, 0x53, [@loopback, @rand_addr=0x64010101, @rand_addr=0x64010101, @loopback]}, @rr={0x7, 0x1f, 0x2f, [@loopback, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2a}, @local, @local, @private=0xa010101]}]}}}}})
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000a40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xdc, 0xdc, 0x9, [@struct={0x8, 0x1, 0x0, 0x4, 0x1, 0x8, [{0xe, 0x4, 0xc}]}, @decl_tag={0x4, 0x0, 0x0, 0x11, 0x1, 0x6}, @volatile={0x6, 0x0, 0x0, 0x9, 0x5}, @union={0x3, 0xa, 0x0, 0x5, 0x1, 0x2, [{0xf, 0x1, 0xad94}, {0x10, 0x0, 0x1}, {0xa, 0x4, 0x35c}, {0xc, 0x1, 0x2}, {0x7, 0x5, 0x5}, {0x3, 0x3, 0x7}, {0xe, 0x2, 0x1}, {0x3, 0x0, 0x8}, {0x3, 0x4, 0xffff}, {0x0, 0x4, 0xebfa}]}, @ptr={0xc, 0x0, 0x0, 0x2, 0x4}, @fwd={0x5}, @volatile={0x3}]}, {0x0, [0x61, 0x2e, 0x30, 0x2e, 0x5f, 0x2e, 0x0]}}, &(0x7f0000000b40)=""/247, 0xfd, 0xf7, 0x1, 0x8, 0x10000}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000fc0)={0xffffffffffffffff, 0xe0, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000cc0)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f0000000d00)=[0x0, 0x0], &(0x7f0000000d40)=[0x0, 0x0], <r3=>0x0, 0xab, &(0x7f0000000d80)=[{}], 0x8, 0x10, &(0x7f0000000dc0), &(0x7f0000000e00), 0x8, 0x8e, 0x8, 0x8, &(0x7f0000000e40)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x14, 0x16, &(0x7f0000000040)=@raw=[@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xff}}, @ldst={0x1, 0x3, 0x6, 0x1, 0x9, 0x50, 0xfffffffffffffff0}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4611}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}], &(0x7f0000000100)='syzkaller\x00', 0x101, 0xec, &(0x7f0000000700)=""/236, 0x41000, 0x19, '\x00', r1, @fallback=0x11, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000c80)={0x2, 0xe, 0x100, 0x376}, 0x10, r3, 0xffffffffffffffff, 0x0, &(0x7f0000001000)=[r0, r0, r0, r0, r0, r0], 0x0, 0x10, 0x5}, 0x94)
epoll_create1(0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x15, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffdffd, 0x0, 0x0, 0x0, 0x800}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x1e00, 0x4a, '\x00', 0x0, @sk_reuseport=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)='\x00'/14, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4d)

3m57.941101175s ago: executing program 4 (id=450):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001600)={0x14, r1, 0x1, 0x70bd2c, 0x1200}, 0x14}}, 0x20000004)

3m57.891217486s ago: executing program 4 (id=451):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010961b080000000000000109022400010000000109040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa05, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000ff0100007b8af8ff00000000bfa200000000000007020000f8ffffffb703000004000000b7040000000000008500000015000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = syz_open_dev$loop(&(0x7f0000000000), 0x400, 0x101001)
ioprio_set$pid(0x2, 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7020000006f00008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffff", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r7}, 0xc)
sync()
ioctl$BLKALIGNOFF(r4, 0x127a, &(0x7f00000002c0))
syz_usb_control_io$hid(r0, &(0x7f0000000c80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"\a'], 0x0}, 0x0)

3m53.972066176s ago: executing program 4 (id=464):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket(0xa, 0x5, 0x0)
sendto$inet6(r2, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x17)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000019300)={'\x00', 0x401, 0x9, 0x2, 0x8873, 0x2, <r3=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000280)=0x4)
ptrace$ARCH_GET_GS(0x1e, r3, &(0x7f0000019380), 0x1004)
r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r4, &(0x7f0000000300)=""/102400, 0x19000)
r5 = syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2)
ioctl$VIDIOC_G_FMT(r5, 0xc0d05604, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000193c0)=ANY=[@ANYBLOB="480000001300010028bd7000f8dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="20315f766972745f7769699861ac9c248094c6e666690014001680100001800c0005007e000000710f0000619c70010020212e8c170b855b47b1f9842c1b546697cee0ba5fe5cf729b35d8146d6ff22ee9211516a30d245cc55d8e45ce9d2d9181530bffb00ca832b4c242432b82b4f81ca3f1cb47da0aae6e461585e55a8eca97d887073ebf53ad93c26a762e73fda7f5ff30ee335f5a14739736a15d7564eb5164668cfa1425028a768f2624abf2460813a92f28706893edfab75e3c15d86e0ddeeda67bdd9f6c2fffb14760d821cf7989c7300b9ba7d01a4ef2dae3563916fdea7ff62226035dfb7253af6fff29d6b81f0f771b81acc43ca17e0426a06fc1c1"], 0x48}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x20b, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x9}]}], {0x14}}, 0x64}}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x20, r9, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x20}}, 0x0)
r10 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r10, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$RDS_CANCEL_SENT_TO(r10, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, &(0x7f0000000080))

3m52.276946171s ago: executing program 4 (id=474):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRESHEX=0x0, @ANYRESOCT=0x0], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = getpid()
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f0000000200)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300800a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a68fbff9cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000000000000000000000084d6f31d5de024f", 0xc0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chdir(0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000000))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
unlink(&(0x7f00000000c0)='./file0\x00')
pwritev2(r5, &(0x7f0000000980)=[{&(0x7f0000000500)="be", 0x1}], 0x1, 0x5, 0xa, 0x14)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01f200100000000000000800030000000000", @ANYRES32=r8, @ANYBLOB="10005a800c00038005000400ec000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r9, 0x9c3fa077fa966179, 0x12, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)

3m36.648076581s ago: executing program 32 (id=474):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[@ANYRESHEX=0x0, @ANYRESOCT=0x0], 0x0, 0x6, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = getpid()
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f0000000200)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300800a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a68fbff9cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000000000000000000000084d6f31d5de024f", 0xc0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chdir(0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000000))
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
unlink(&(0x7f00000000c0)='./file0\x00')
pwritev2(r5, &(0x7f0000000980)=[{&(0x7f0000000500)="be", 0x1}], 0x1, 0x5, 0xa, 0x14)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01f200100000000000000800030000000000", @ANYRES32=r8, @ANYBLOB="10005a800c00038005000400ec000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r9, 0x9c3fa077fa966179, 0x12, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)

2m29.178077722s ago: executing program 2 (id=539):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r2)
getsockname$packet(r2, 0x0, &(0x7f00000002c0))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x9dfe, 0x11})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8042, 0x0)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x0)
read$msr(r5, &(0x7f0000001a40)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000440))
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
io_uring_setup(0x3b45, &(0x7f00000002c0)={0x0, 0x86a1, 0x800, 0x0, 0x20000004})
sendto$inet(r4, &(0x7f0000000580)="17", 0xffffffffffffff77, 0x10008095, 0x0, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x7fff, 0xf, "0062007d82000000000000002240f7ffffff00"})
syz_open_pts(r3, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000200)=0x17)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0, 0x4b}], 0x1, 0x0, 0x0, 0x0)

2m16.720856068s ago: executing program 2 (id=544):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x4, 0xe4}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x1400, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r2 = creat(&(0x7f0000000000)='./file1\x00', 0xf8)
r3 = fanotify_init(0xf00, 0x1)
fanotify_mark(r3, 0x105, 0x40009975, r2, 0x0)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

2m10.681151636s ago: executing program 2 (id=550):
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x2, 0xffffffffffffffff, 0x4}, 0x38)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
r1 = syz_io_uring_setup(0x3b66, &(0x7f0000000100)={0x0, 0xa776, 0x1000, 0x3, 0x256, 0x0, r0}, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280))
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r4, @ANYBLOB="01002cbd70100400000005000000080009000200000008000c00a80a000008000b00000000000600010005"], 0x34}}, 0x0)
syz_emit_ethernet(0x5c, &(0x7f0000000600)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x22, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x22, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e794d9f636841e9a83a802860f9"}}}}}}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_delrule={0x30, 0x21, 0x1, 0x70bd2c, 0x25dfdbfb, {0xa, 0xa0, 0x0, 0x4, 0xfe, 0x0, 0x0, 0x0, 0xc}, [@FRA_DST={0x14, 0x1, @mcast2}]}, 0x30}, 0x1, 0x0, 0x0, 0x851}, 0x20048000)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0x4004743d, 0x110e22fff6)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000500)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x3, 0xcc7, 0x8, 0x7, 0x1, 0xff, 0x2, 0x1, 0x8, 0x2, 0x6, 0x9, 0x1, 0x8, 0x43, 0x40000003, 0x89, 0x9, 0xf27, 0x6, 0x800b, 0x8, 0x20000005, 0x6, 0x8, 0x10000, 0xfffffff4]})
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04132108c8000200c8000000c8000900c9000900bb00018001000700c80006000100f7ff"], 0x24)
syz_io_uring_setup(0x29b0, &(0x7f00000002c0)={0x0, 0x1cf7, 0x3204, 0x1, 0x352, 0x0, r1}, &(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0))
socket$unix(0x1, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

2m9.732432655s ago: executing program 2 (id=552):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1b)
openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001380)=@newtfilter={0xc4, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x4}, {}, {0x1, 0xe}}, [@filter_kind_options=@f_u32={{0x8}, {0x98, 0x2, [@TCA_U32_SEL={0x94, 0x5, {0x0, 0x6, 0x8, 0x101, 0x4, 0xe, 0x7, 0x2, [{0x8e5, 0x8b39, 0x3a, 0x40}, {0x8, 0x7, 0x9, 0x2d}, {0xffffff89, 0x9d2, 0x2, 0x10000}, {0x9, 0x3, 0x8, 0x8}, {0x0, 0x8, 0x3bb, 0x5}, {0x553e3387, 0x3, 0x8000, 0x2}, {0x8001, 0x4, 0x1}, {0xffffffff, 0xa8c, 0xfffffff8, 0xd}]}}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20000010}, 0x80)
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r6, {0xd, 0xc}, {0x0, 0xfff1}, {0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4049080)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010025bd7000fedbdf25030000000900010073797a32000000008d25aa32522c6987920ed7c7e1f1fc0ec7775acf0cec146d4e265af9efc4e4de8a"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4040)

2m4.747788427s ago: executing program 2 (id=556):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x448c0}, 0x400504c)
socket(0x10, 0x3, 0x0)
r1 = gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$int_in(r2, 0x5452, &(0x7f0000b28000)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000110000000000000000000000000a4c0000001d0a0b04000000000000000002000000200004801c0001800a00010071756575650000000c00028008000440000000020900010073797a3000000000090002"], 0x74}}, 0x80)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
dup2(r2, r3)
tkill(r1, 0x13)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x15}, @TCA_SAMPLE_PARMS={0x18}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x20}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0)

1m59.551460546s ago: executing program 2 (id=559):
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)
r0 = syz_io_uring_setup(0x126b, &(0x7f00000006c0)={0x0, 0x72da, 0x4}, &(0x7f0000000300), &(0x7f0000000780), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0x2, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff]}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000002c0)={<r2=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
sched_setaffinity(0x0, 0x0, 0x0)
getpid()
sched_setscheduler(0x0, 0x1, 0x0)
r3 = syz_usb_connect$midi(0x0, 0x0, 0x0, 0x0)
syz_usb_connect$uac2(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r4, r6, 0x25, 0x0, @void}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
socket(0x2, 0xa, 0x300)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}})
unshare(0x62040200)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3}}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$TUNSETOWNER(r10, 0x800454d3, 0xffffffffffffffff)
splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0)

1m50.22295606s ago: executing program 0 (id=565):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x8400)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r0, 0x0, 0x24000000)
socket$kcm(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000840)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan1\x00'})
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r4, 0xf21, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0)

1m42.139593494s ago: executing program 33 (id=559):
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108)
r0 = syz_io_uring_setup(0x126b, &(0x7f00000006c0)={0x0, 0x72da, 0x4}, &(0x7f0000000300), &(0x7f0000000780), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0x2, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff]}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000002c0)={<r2=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
sched_setaffinity(0x0, 0x0, 0x0)
getpid()
sched_setscheduler(0x0, 0x1, 0x0)
r3 = syz_usb_connect$midi(0x0, 0x0, 0x0, 0x0)
syz_usb_connect$uac2(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r4, r6, 0x25, 0x0, @void}, 0x10)
r7 = socket(0x10, 0x803, 0x0)
socket(0x2, 0xa, 0x300)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}})
unshare(0x62040200)
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3}}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
ioctl$TUNSETOWNER(r10, 0x800454d3, 0xffffffffffffffff)
splice(r8, 0x0, r9, 0x0, 0xf3a, 0x0)

1m42.018807655s ago: executing program 3 (id=570):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001a00010028bd70000000000002202000ff00000700020000080002000a01010008000100ac14143308000300", @ANYRES8=r1], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0xea5bc50b6199d76e)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000140), 0x0)
epoll_create1(0x0)
r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
keyctl$set_reqkey_keyring(0x6, 0xfffffffffffffff4)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x6, 0x0, 0x0, 0x0)
read$FUSE(r5, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffdb5, &(0x7f0000000200)=0x400000bce)
r6 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r6, &(0x7f0000000680)=""/102392, 0x18ff8)
tkill(r4, 0x2d)
r7 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_G_AUDOUT(r7, 0x80345631, 0x0)

1m35.833926762s ago: executing program 0 (id=572):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x17, 0x3, 'lblcr\x00', 0xd, 0x4, 0x5d}, 0x2c)
r2 = socket$kcm(0xa, 0x2, 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x8)
preadv(0xffffffffffffffff, &(0x7f0000002940)=[{&(0x7f0000002680)=""/236, 0xec}], 0x1, 0x2, 0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@seclabel}, {@fowner_lt}, {@smackfsfloor={'smackfsfloor', 0x3d, '#'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x20}}}}]}]}, 0x8c}}, 0x0)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1d}, @hci_evt_le_cis_established={{}, {0x1, 0xc8, "3b1751", "9a3e67", "593f1c", '\x00', 0x7, 0x1, 0x5, 0x3, 0x9, 0x47, 0x4, 0x4, 0xffff, 0x9}}}}, 0x20)

1m35.816232163s ago: executing program 3 (id=573):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x4, 0xe4}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x1400, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
creat(&(0x7f0000000000)='./file1\x00', 0xf8)
fanotify_init(0xf00, 0x1)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

1m34.437877425s ago: executing program 0 (id=574):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006380)={0x2020, 0x0, <r3=>0x0}, 0xfffffd07)
write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r3, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef10542a2201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42731b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c32768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e179100a0000000000000021e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90a14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9edb6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc83cccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r5=>0x0)
io_submit(r5, 0x20, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r4, &(0x7f00000000c0)='!', 0xb7f40, 0x407f0b00}])
dup3(r4, r2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffcb5, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x700}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xb0ff}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1m34.37790585s ago: executing program 1 (id=575):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000100000c02000000000000000000000d0000000000005f"], 0x0, 0x34}, 0x20)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r3 = getpgrp(0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@fwd={0x1, 0x3f}]}}, 0x0, 0x26, 0x0, 0x1, 0x10001}, 0x28)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001e1401002cbd7000ffdbdf08003ce8ff0000000800010002000000"], 0x20}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9}, 0x48)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x10)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000100000000000000801800009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0xb, &(0x7f0000001a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc4f, 0x0, 0x0, 0x0, 0xfffffffc}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1ee1}}]}, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x18, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, r6, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94)
r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r9 = dup(r8)
ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4008ae93, &(0x7f00000000c0)=0xffff)

1m30.458130966s ago: executing program 1 (id=576):
rt_sigtimedwait(&(0x7f0000000040)={[0x9]}, 0x0, &(0x7f00000000c0), 0x8)
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
openat(r0, &(0x7f0000004280)='./file0\x00', 0x400, 0x100)
lseek(0xffffffffffffffff, 0x2, 0x893b8993f4d168b9)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
recvfrom(r0, &(0x7f0000000000), 0x0, 0x183, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
pipe2$watch_queue(0x0, 0x80)
unshare(0x8000000)
setresuid(0xee01, 0xee00, 0x0)
add_key$fscrypt_v1(&(0x7f0000000040), 0x0, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff)
request_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='\x00', 0xfffffffffffffffc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000080))
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in=@multicast1, @in=@multicast1}}, {{@in6=@mcast1}, 0x0, @in=@initdev}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
semtimedop(0x0, 0x0, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)

1m30.166240522s ago: executing program 0 (id=577):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
r1 = creat(0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r4, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6)
getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001640)=@delchain={0x40, 0x2c, 0xf31, 0x80, 0x2000, {0x0, 0x0, 0x0, r7, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xd, 0x7}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008844}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x48)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), r8)
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r8, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000000c0)={'sit0\x00', 0x0})
socket$nl_route(0x10, 0x3, 0x0)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)

1m29.358919436s ago: executing program 1 (id=578):
shmget$private(0x0, 0x4000, 0x800, &(0x7f0000000000/0x4000)=nil)
socket$inet(0x2, 0x4000000000000001, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4000, 0x0, &(0x7f0000001000/0x4000)=nil)
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0x541b, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x0, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f0000000100)=0x9)
r2 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000340)={0x9, @raw_data="618735fd78439a1fc1b5120506a63168f42f6c44fbb95ed9880f7c39f39a0d55000c410c79faa2cb2bbe25b575932873dd7910f10bc44a88ffb4857baf4432a0f36e9af6a720cb4d6996ee3f1b53b50352a148ed21c93a89be318ffd6908cf7fb040fda5adb8790ce0a3389119106cea64456e9bf35fa4273def34317f1b2b0bfa3b05a0f6ad4ca70670a495696377e6201012bf33172cf809d3808dcef62e3cbf17e480511b033e6a9242e96f27ed1460931aa4be94f560e4ded25a70fe9c3fca7c905bc3640f4b"})
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x10000}, 0x50)
close(r5)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffff7}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x54b2ac04}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r6, r5}, 0xc)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00008e5000/0x400000)=nil)

1m27.770953343s ago: executing program 3 (id=579):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 32)
r0 = getpid() (rerun: 32)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5cd000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r1, &(0x7f0000002b80)=[{{&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000700)=[{&(0x7f0000000400)=""/88, 0x58}, {&(0x7f0000000480)}, {&(0x7f00000004c0)=""/92, 0x5c}, {&(0x7f0000000540)=""/162, 0xa2}, {&(0x7f0000000680)=""/86, 0x56}], 0x5}, 0xfffffff1}, {{&(0x7f0000000780)=@alg, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000800)=""/77, 0x4d}, {&(0x7f0000000880)=""/54, 0x36}, {&(0x7f00000008c0)=""/211, 0xd3}, {&(0x7f00000009c0)}, {&(0x7f0000000a00)=""/200, 0xc8}, {&(0x7f0000000b00)=""/155, 0x9b}, {&(0x7f0000000bc0)=""/55, 0x37}, {&(0x7f0000000c00)=""/213, 0xd5}, {&(0x7f0000000d00)=""/241, 0xf1}, {&(0x7f0000000e00)=""/63, 0x3f}], 0xa, &(0x7f0000000f40)=""/10, 0xa}, 0x3}, {{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000f80)=""/66, 0x42}], 0x1, &(0x7f0000001040)=""/193, 0xc1}, 0x2}, {{&(0x7f0000001140)=@nl=@unspec, 0x80, &(0x7f0000001540)=[{&(0x7f00000011c0)=""/34, 0x22}, {&(0x7f0000001200)=""/211, 0xd3}, {&(0x7f0000001300)=""/196, 0xc4}, {&(0x7f0000001400)=""/11, 0xb}, {&(0x7f0000001440)=""/18, 0x12}], 0x5}, 0x2}, {{&(0x7f00000015c0)=@tipc, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001680)=""/48, 0x30}, {&(0x7f00000016c0)=""/231, 0xe7}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f00000018c0)=""/151, 0x97}, {&(0x7f0000001980)=""/68, 0x44}, {&(0x7f0000001a00)=""/63, 0x3f}, {&(0x7f0000001a40)=""/145, 0x91}], 0x7, &(0x7f0000001b80)=""/4096, 0x1000}, 0xbcce}], 0x5, 0x2, 0x0) (async)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x404c084}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async, rerun: 64)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil) (rerun: 64)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
r3 = io_uring_setup(0x115c, &(0x7f0000000600)={0x0, 0xbaed, 0x40, 0x3, 0x117})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 32)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff) (rerun: 32)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r5, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x30, r4, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x64}, @val={0x8}, @val={0xc, 0x99, {0xb, 0x4000003f}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x4044010) (async, rerun: 64)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) (async, rerun: 64)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002cc0)=ANY=[@ANYBLOB="3c000000100001042bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="03050000000000001c0012800b0001006272696467650000ed0c00028021e94e53e75398157d62e73bbfb9a704ee4f7845ba3c0f1bb72df40161a4ac2bef067974c410958f95995dcf4861885ca85fadbe9da451808abe87650e92adede9863d2fad788f784e024aba3fb2b9f7a8e33b1759f0966fc6ca514a2b8a22c818756ab4bc81ad309aebf65f82f914e68f3aa20000000000000000000000000000000065f06503bd883430a255f0857971fac71784a5ff3b3b004f44149720d2d4df925ce8c0b15932a60ee3fa93733d1862138cc92749828f433f569bf1707aea80b11350e6b1c343c70f"], 0x3c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) (async, rerun: 64)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r6}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20) (rerun: 64)
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2) (async)
r9 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb9040a1d080006007c02e8fe55a10a0015000900142603600e1208000f4f1b000401a8001600200005400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92", 0xcb}], 0x1}, 0x0) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000001640)={0x9, 0x2, 0x4})
ioctl$vim2m_VIDIOC_QBUF(r8, 0xc058560f, &(0x7f0000000180)=@overlay={0x7, 0x1, 0x4, 0x100, 0xa, {0x0, 0x2710}, {0x5, 0x2, 0xfb, 0x8, 0xff, 0x6, "f58f4c06"}, 0x8, 0x3, {}, 0x2})

1m27.200278208s ago: executing program 1 (id=580):
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0)
add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)={0x2, 0x0, @b}, 0x48, r0)
syz_usb_connect(0x2, 0x52, &(0x7f0000000000)=ANY=[@ANYBLOB="120100036ffa680863070120ff2c0102030109024000021109400c0904080601ff8bbd020a240107000d02010205240503"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})

1m26.824384808s ago: executing program 3 (id=581):
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=<r2=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, r2, 0x1, &(0x7f0000000080))
r3 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(r2, 0xa, &(0x7f00000000c0)={0xfffffffffffffff9, 0x3}, &(0x7f0000000100))
ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r3, 0x4002f516, &(0x7f0000000140)={0x6, 0x9})
ioctl$sock_proto_private(r1, 0x89e1, &(0x7f0000000180)="a07a9f46b3fd0df6d461eadc706d8c37b02d004b55c639792255dfd7bd7bc01eb09febd455789c8fe3c3dfeee8833988455183d1426ac9ec9d8f6d0c8eb9979fcdeb072318b4")
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r3, 0xf502, 0x0)
syz_usb_connect(0x4, 0x10cf, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0xa2, 0x9d, 0x7d, 0x20, 0x19d2, 0x128, 0x1ed5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10bd, 0x3, 0x80, 0x8, 0xc0, 0xb9, "", [{{0x9, 0x4, 0xb4, 0xff, 0x10, 0xff, 0xff, 0xff, 0x7, [@uac_control={{0xa, 0x24, 0x1, 0xe9, 0x1e}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x400, 0x5, 0x1, 0xd5}, @extension_unit={0xb, 0x24, 0x8, 0x5, 0x36, 0x5, "6426b1d7"}]}, @uac_as={[@format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x5, 0x6, 0x4, 0xfb, 0xdb}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x3, 0x3, 0x9, 0x6, "f98f369c2ed549"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xb6, 0x4, 0x8, 0x8, "", 'm8'}, @format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x6, 0x80, 0x6, 0xb7}, @as_header={0x7, 0x24, 0x1, 0x0, 0x40, 0x1}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x2, 0xea, 0x41, 0x9}]}], [{{0x9, 0x5, 0x5, 0x10, 0x3ff, 0x7, 0xb, 0x5, [@generic={0xe1, 0x1b, "8363a8360ccce03724b3498e7d6475cd0cd39bea1cd6a9c199f2b6b22745890097e8799ea2b667016f042759ab3374ef61838463a6e0fc4d840c5e0bf3b95addeb8371eeab9b98342cbadcb3ef0d72ca76cf74153d54bcfb3eabb36771afa682b660c66c67ef01427aff08f087827a8bdd75770abd0f05028bd2b740450a0fe3387580efeed92941b2fc674210bb4ff239e124205f3bd1b7cd78041f422f766b6e98790cf6180061b552fbbb7b85b4344672991044fe53700aea5f614be621a78c863e34859e9f62e80d8c050e8592c39a728dcddd88d5c82d6e1595e8ec39"}, @generic={0x12, 0x23, "16ad7a6703f14af45950b37e1854ac5f"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x40, 0xe, 0xe, 0x81, [@generic={0xaf, 0x24, "e409921c6b1dabcc2769efcb7570f3a4bc4b67a33a141bf91efde2a6f02f868b82f9db183ca0d7fa0265826031f259864e94b62b76e3325b529d333600dd3b16eaede849976ef6d24ab8ddd18d5c1d9cb02fcb28349a50338b66682cd7b8a067d00ece437046f226e5c8429af5eb0ff0848890dc78d1e4dcbd27b1148cccf8053a69f6676a00cb7532e1f261cfd7bc7423a60d6e9109429347d6aa46fa615863312bdfc7d792cd1a6bc7e09f85"}]}}, {{0x9, 0x5, 0x9, 0x4, 0x10, 0x5, 0x1, 0x2}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x8, 0xc, 0x5, [@generic={0x9d, 0x4, "f93cbdb38240d99e8082e53819c2506bda9dba0479b4d6e30624ea34c4640328c47f0a68a66642e91710fb64d3f5b86e81ec0ed1fc3da40ebd56e9a75ca7713fdcf77dd1f85f6283b0139377507dc47d41b1e3f7c08334b444a093e3ab9384b4a1a69c481744c6d750b834fb6a908582eb1456319252a71627ee7469d5a0a6e8a469ce6f0c01cb246c7d10eae18ec87cd96bd0b0396a7ca8548871"}]}}, {{0x9, 0x5, 0xa, 0xc, 0x3ff, 0xf, 0x2, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7f, 0x8001}]}}, {{0x9, 0x5, 0xa, 0x14, 0x3ff, 0xe, 0x0, 0x8, [@generic={0xfe, 0xd, "3b45be3f6ec8615f49dd2854166e4cd79cc70b22db8212ba614903e81a8cff58260f0eb626564a13a72f57385713a7dfa8ba1afb25dc3a97af2b68f572b9d85b1c247f9795760ad290aa59655b128206afd5f8144de45f9fee2b2d9b0108c04645ac9a00fe5906a96207a69d6325ba76132ca1df806c0a82ae200377595df203eb5259e1d06fb517a15bbf0b0d6d0e3149cff27f102a54f6ca0693006ff2fe849b83e5fd80bf1a4321e16b0392c458b9fad0d8737a9e414e421a01e6dd3792c2023b6f2b2d84aa3eedad6bd7e9b4e1bd51119dc4bc879b60918e83efbc622a58485fdf683b406fa102246bea90ba6cb0e7716889a9738d3b4802cebb"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x40, 0xff, 0x2, 0x4}}, {{0x9, 0x5, 0xc, 0x0, 0x40, 0x9, 0x9, 0xf8, [@generic={0xd2, 0x9, "8b977adf4b0814cca358b10f733cd97a888184091794f487ead5889999dba60aa7290cdd4d12dbc41e381c9dc8c026d7bfbc42871e4b1a83e492206cb272803b1d2a332aea0fa8046aa1cee7b248c8f663c5986a2e3b71f1ccd3890d59ca41f71c3f0b6eeddeb0d5fad1b09e3b466ff7ecc4f7e3fd06961113366ac1e55facb576bc193d2e851d130d82ece1c6cfa28c7a7fa907c813bfe4617f14ce722f57ec40e5740ff828c5b330f07101387728588ad2375a14834ce64b2b5130cba14555606ba51a6419bc121ae41be11144551e"}, @generic={0xf6, 0x23, "026fa790b14bb85e92d6f3f0f5a8795f77d028dadf9a8e5b01b7c7e8f06bf374c104b5e85a668dba6ae2baabb32d559592274435f05644019a2db4c5ebe56e0fffd7262441b3d20034e4bcc9c85603bce94a1f65c2eef115567ec5d4e96fed5dd7d89a65a1b1dbb2d718e25195d57171cef73a4fc4eaca94e2fdd2ee45e535843f0150fa4fa8bb81cfbee2bde9c5d0e8fc9e643466bf25537a23eee067022b943499bfdccbd64877b73309a37dfd05ef17bc98726783c3d26fecd045de0e05891e90310de53e28007f7e6bfb61aae32f9a7920708e7e3dc5fa712f43027738ef0827ba779438e71b570f6dba4012040b008f4c32"}]}}, {{0x9, 0x5, 0x1, 0x10, 0x20, 0x3c, 0x6, 0x40, [@generic={0x51, 0x7, "058eba6400fad761b75dcf56f086590027c858a633e46307da5345f748261aca2c133dd6c923cd704704abc38b378f3e631b3a121ce1dc51eff8cd569a52ce07cfa154b0dd4b2b4aee167c273cf530"}, @generic={0x42, 0x21, "41767258613c651a0edc667e1eb2820ce99771359e552c5cdd1ef659b1d9dcf110c4362923430353c7f952dd4dbbbe8438fd0f0cc9cc7c87013cf343c649cd50"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x8, 0x1, 0x76, 0x9, [@generic={0x16, 0x1, "8bc617e99937d29bb00323867a3acf755a0405e0"}]}}, {{0x9, 0x5, 0x7, 0x1, 0x10, 0x1, 0x2, 0xe, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x50, 0x3a4}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x8, 0xb2f}]}}, {{0x9, 0x5, 0xa, 0x1, 0x200, 0x2, 0x6, 0xf9, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xa, 0x3}, @generic={0x7a, 0xd, "1bb327ae73052a88a4d828f4bc19da3e388a020831089cdd0012cc1f1fc5c20abc14b0dac641daedb6363983e122c8046569b1b00315527709295727bf1d905056993706ddeafaec0021204b425bebace0a09e2268b5d83a78a48521164c4ffd600a4fe1bb87ed35b07da1decf915c9f8a0b52727be7c78c"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x10, 0x2f, 0x4, 0x3a, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x80, 0xe}, @generic={0xfd, 0x7, "36a1019a09320f4e302c2d86041a77569096702795b073c29d4ec1186fe781f76198664276bcace36cd215a07ef02f77f426af203f82ac682fa1b0a2497218422806d92ca35ad574927aace67a4fceee9140e13c0a55e9dd688b701c6b38984c4db8db1caefe102a63f9df955e82f4e4e233e56c6e660f0b5ce1d54838e6ea4bd9ffe186387e4a0d4685b0426dc8c1443d0216824a8d01f20d20cea37b262f8fbfe40033e56250cb0076133d17503615a001ede51bbe64df28309cb509a02ff3b2ce1c138c5bcb53f922d405a9febbee88b55164e74383401df1af56325812a227b0adc3791d866567f9032da0777f2fd98be59615d1030932827b"}]}}, {{0x9, 0x5, 0x6, 0xc, 0x200, 0x9, 0x9, 0xb, [@generic={0x8b, 0x22, "03118d6332202ab936edfd6dc41b1d75c89e1915e59a032f81a2a17001e980cde39a39cb4ac662abd2defb77255b6811c9ac3d39f27b0ae3a5c37918ff48f3d47eba7a8a3c188e5c65ba61bc00e66f1f97b87aa126700d1ad6aa59e821c0571c36098ff772d8cba4fae288f47c2dfb041c1991aa4ed234772dcd98a04fd8ede221ea4fa7cf2a0ed3fa"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x10, 0x6, 0x3, 0xff, [@generic={0x69, 0x30, "68d52966f1fd6fe2cced529da541af580d898a2084f2ed1f0215ea58d5b8261a077ef275a2f37d4ae4ca56078051681b2378e3d26adbba2c83b97e87db43ab260130c52d100f4114389104faea5b741e1614e72909efecc806e341dd717fb60d6603f5f1d57095"}]}}, {{0x9, 0x5, 0xe, 0x2, 0x40, 0x80, 0xb0, 0x40}}]}}, {{0x9, 0x4, 0x77, 0x6, 0x8, 0xff, 0xff, 0xff, 0x0, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x1, 0x1, 0x3}]}, @uac_as], [{{0x9, 0x5, 0x5, 0x8, 0x400, 0xed, 0x6, 0x47, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xbb, 0x7ff}, @generic={0x6b, 0xc, "80f8b063909edab7eeab0e32e4e2f64726f283cb74333aadbd26b84c453a45fa56fd5824e292717b4fbf753ff1def51b4a3860e32af2f1c6d54ace5e86096f698f17dd66f686ca962dad813487f3b12f471b2208f764a53274aff8736bc89f47421d5daf0cdf6030a1"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x3ff, 0x2, 0x5, 0x4}}, {{0x9, 0x5, 0xa, 0x2, 0x20, 0x4, 0x8, 0xfb, [@generic={0x1e, 0x7, "94ebb79acab27aa05fecb0daf897624d2c0a86aab19f4f80bd02b099"}, @generic={0xff, 0x7, "1f657bb873820bdc8bfeef1c70ce3ff2e5958e300e377be7ccae5c9fb37f59096d9521cdf77a05795d2d5608a0a99400d669c0847e12e7e0d5d2cd64d7468e7a9ea7774b3c67487135e5b2121f908549d6866488d40b530361fc9dddb495f492c9f32f4743b712119e50dfe1195ebf6d806bd907ea40b12a927806f9847acbdfa8f6351e0556347e3d8a1b0b23423cdd5812da880f1f1b9388b09676ad469fd706dec14d4cf6b88c940a1e1ad74f4835590751b74fc1f842f3310199a3643d02523554c89fde43669ba23c39227d368a3334b88b96d10323eeee7548e0374f0314ff831beec927b6f1bf46d0a3bbece860f7c389e2732542def282bdc1"}]}}, {{0x9, 0x5, 0x1, 0x2, 0x200, 0x4, 0x0, 0x5}}, {{0x9, 0x5, 0x9, 0x2, 0x3ff, 0x0, 0x6, 0x9, [@generic={0x34, 0xc, "ec5833c385fff46a0ec4520f94f907a9bd0a764af1e5c9b6c837ee39117354e8bc35f500523aed7fb569b8a880bd5e401a4c"}, @generic={0x16, 0x31, "5b6a6d89ab7a631ab0245f81c7b0f972c032de35"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x1, 0x5, [@generic={0xd5, 0x21, "860c7c0aa9e8f45cfebe2b068792f00f8aed2e00ac48ca97f5ce47439545dc437b53152c8b952b124d2193dbd20f48d37d780832bfec136438b5683f7f47004a3f10f66cad8669c3b30d73efe48d106ad44f6e52b004ec8e4719d7a2b53713b99e35e68eed3b12346c688b6880be3551fa5ccb2cbc9a0375787829c20aa72a346f66153d420431aff1447543f093ded74cf88955b8003932fdedcc49117d63f8371835e5f6dfde74254e75271074ec02ec06de5d0f6961695760812a4b42cac50f6270598a74e8e5e8c91d8dede4a0742e1afe"}, @uac_iso={0x7, 0x25, 0x1, 0x4, 0x7, 0xf}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0xff, 0x7, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xff, 0x70}]}}, {{0x9, 0x5, 0x2, 0x10, 0x3ff, 0x9, 0x1, 0xa}}]}}, {{0x9, 0x4, 0xc3, 0xb, 0xf, 0xe, 0x1, 0x0, 0x2, [], [{{0x9, 0x5, 0x80, 0x2, 0x200, 0xc, 0xfd, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xd7, 0x1}, @generic={0xca, 0x22, "c424d0f33696eda9f32536a93003c0930dcb1923e5aef674910846af755f640c174ad09692c92c11a5e89a2ac077aebd36bf41eabad6f730167b704fce8ee2ac1808c7d2b5936b20c6cb417a924dcfbc98bd39623179ea5a0d4deb268e15b3f98bc60b05efe6469301f0bbcf265ff89fda2b8baf53cc0c4ed033afef335110811bee9a0f5ac0ed86debe6cab51dcfdd302a9cdba82e535023c8282bc31a257d1723fc7267f3d366fd644941c6f8e8dc928072d3bdacee8f883cb3712b3c748f2b525a4ecf3cf8ca6"}]}}, {{0x9, 0x5, 0xf, 0x0, 0x8, 0x7, 0x81, 0x91, [@generic={0x51, 0xe, "7ae252d7aca593a3f2168f6c902f14dedc666c41f0f55b00cd5a1e1e3d8c86fd9c033a8f97a249fb6956dabd575dec1270830894580a2a1a525c7dde55bb53226444f21d811e1f05e47a30fd3330b4"}, @generic={0x17, 0x23, "d049c333424be7d8da360ea0e26a02249ee14f0624"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x400, 0x2, 0x1, 0x7, [@generic={0x55, 0x3, "cc34eda89b6f707502d263a3e539c3ec2c4559fe645a61846e1edba0eeb8cf56e74815cd2d7b273f9ec8b92f2adb6fa9ea226a4bd9bf903c72e66ee12473d7dcb77880cf478668199ef0a20eeff5db96a87e94"}, @generic={0x4a, 0x32, "cce5261398ac27dcc6552d7357805f723dda3fc0d59d68878e1c8580a781cf0865f98b343c387cf7660c1061eb518245b793fdea105faddcb0ac77a89a73b194f2460ec696ce09c7"}]}}, {{0x9, 0x5, 0x4, 0xc, 0x0, 0x8, 0x0, 0x3, [@generic={0x80, 0x1a, "85736a43cac98529c7da60d8daff465a3dee72a7b4a809057dd2c5b35e39bb8c8b432b5ae674bd64e8654301ef114e6fe34df7d26cb48fffde1d91a8f9a4cdbb57442e675eae204a2da73544bc1d7adc69d9679d94278c47077a8d35f090345ad8962229c2a81afd38c0fdd82aeaa814367cf7d548f9618db81b027dec5e"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xd1, 0x100}]}}, {{0x9, 0x5, 0xb, 0x10, 0x8, 0x6, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x3, 0x5}, @generic={0x41, 0x21, "b71757149c826919c206618424a1e6de49e3d44d7cc946c5330215d2819d9f4634415efca640f9f255182fc4cb88407ffe524c7cf6fb8a43d40896fb45b4ca"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x3ff, 0x6, 0x0, 0x5}}, {{0x9, 0x5, 0x1, 0xc, 0x8, 0x10, 0x16, 0x4, [@generic={0x27, 0x31, "63aaecc1a2b3258f19d3f1fb9fafc8ff8848eb55785e1b60114d30fe9693bb8d663e0fac24"}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0xa, 0xb3cd}]}}, {{0x9, 0x5, 0x2, 0x10, 0x8, 0x6, 0x4, 0xaa, [@generic={0x48, 0x23, "d20e6dcdbbe83813718a2e69a5b22b500a778bd8abb3825244e04c40d3ca725519f6162fd90e9a94ced0946bc9ef81dba551273391dbb9e08c52e2f728289ad695d2a9286ca2"}]}}, {{0x9, 0x5, 0xc, 0x10, 0x20, 0x4, 0x8, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x4, 0xb8c4}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x6}]}}, {{0x9, 0x5, 0xb, 0x10, 0x8, 0x3, 0x0, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x2, 0x2a}]}}, {{0x9, 0x5, 0x80, 0xc, 0x208, 0x8, 0x9, 0x5}}, {{0x9, 0x5, 0xf, 0x3, 0x200, 0x4, 0xf, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x8, 0x2}, @generic={0x93, 0x30, "774f0d864ae2192aa88108fffd0216c1cf369a4dd784a2ebeb4de3a27581c0e9ff491a2846a160838e5797e374f74414736140183a9a0815c420cff11d0e8d1f65aae4c0aac2988c8a68c29fd991282ceca70ba318d164fd4d4e9d76f10ba3f2be3fbb836218d407f0e5ded9b28eec8999c5f095b5de73064591522a81a00169296f9e73dd5d77bb1b6cf356171410b69e"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0x5, 0x8b, 0x40}}, {{0x9, 0x5, 0x3, 0x8, 0x20, 0x2b, 0x0, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xc, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x2, 0xca}]}}, {{0x9, 0x5, 0x4, 0x10, 0x240, 0x5, 0x0, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0x9}]}}]}}]}}]}}, &(0x7f0000001680)={0xa, &(0x7f0000001300)={0xa, 0x6, 0x300, 0x0, 0x0, 0x6, 0xff, 0x2}, 0x5a, &(0x7f0000001340)={0x5, 0xf, 0x5a, 0x6, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x52, "5bc2c93c9d76d67448cafdb408c5d976"}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "562c8b2921e7fb0db3c129815869595c"}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "5ae1f67c51959c05f74e50ed151bc3ba"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x81, 0x71, 0x4, 0x5, 0x6}, @wireless={0xb, 0x10, 0x1, 0x2, 0x84, 0x4, 0x5, 0x8, 0xd}]}, 0x8, [{0x16, &(0x7f00000013c0)=@string={0x16, 0x3, "ef8c8dbacb10103673418afea633294f09c5c70f"}}, {0xc0, &(0x7f0000001400)=@string={0xc0, 0x3, "1ed465bad452c5515378e86667f75553b1f0174e112947d1b4f3997696026b84ecafb2d1dc77aa6e4d03165c781e80bccece2df5b322570d96be40df6ab5f0bd8d9a4d862669951209d522eb85982a9380a8a9aa8fe6d8e623c49ede181dadf7980e6697d3927183987237c4adf8eab5e802eb674ff8e28f8c3f50c6d19db6af1981b9ca7005f7d59de3988294f767b9246e7b88d693497cc08cda3dfb58349181b7128defadebe6ab46306d485246fbeb15f2afe5d6492ae26656da994e"}}, {0x9, &(0x7f00000014c0)=@string={0x9, 0x3, "4825f172d8cb36"}}, {0x60, &(0x7f0000001500)=@string={0x60, 0x3, "66b70127395f15cd204181e81d33e4ad5ff09385f282c9f7763e4523dd388cbf34927c90b4d7dc31f6be6e8d27bf4e57c4be9c214e8123e7641f6ac99b4b20f051ef62867aeb9743ed521268da5135847535a5d7229a71cca8d10d731b01"}}, {0x4, &(0x7f0000001580)=@lang_id={0x4, 0x3, 0x809}}, {0x3f, &(0x7f00000015c0)=@string={0x3f, 0x3, "b6af19b50e3800ba1f63d3797b5294560de96cfa166f1ec563b1af4eff6902b7622c1478b700218ad45e27d109bc6d4a2bc06321d4c19baf0b2520c826"}}, {0x4, &(0x7f0000001600)=@lang_id={0x4, 0x3, 0x40c}}, {0x4, &(0x7f0000001640)=@lang_id={0x4, 0x3, 0x423}}]})
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000001700), 0xffffffffffffffff)
copy_file_range(r0, &(0x7f0000001740), r0, &(0x7f0000001780)=0x4, 0x6, 0x0)
ioctl$KVM_GET_API_VERSION(r1, 0xae00, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000017c0)={0x0, <r4=>0x0})
ptrace$ARCH_MAP_VDSO_X32(0x1e, r4, 0x2, 0x2001)
ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000001840)={{r0}, "8fb71e4a05fe124eb9acf5bc6fae16bdd27eb938dbfbafdda9a0b53c88969c0876a4c036298689cb715b5a0f00589116a6c351136ddae12c0e83d4d05558ce4a5b91d8ab926026fe40fa46a1ae5537fc69f00ff50aab07d0108c085b11c2171fd90091d52330de78fb7eb590392bbb707b29c645ac41441e0a07a3cb5b591e1cd7fe86bed83d9ac96c83a1c4ba55304b927b700d53d37aecad38fa518d213dc536f9243f46875ebef7fc40d0b266eb589788d2f93fbed0ef562c69042d74647ba52925c3a1348610ad143cbf9b6cc2e009868da977b2cda0a7c6ffd70a6383abf573337ebfe0cf56b160345a350f9abbe6ca9da0c938feef183e61b31af17eb147c3f0e876f3a836c1d40ef2bcb8d7c9b724ae8504296d8dd690403e392f3bf1fbcdd6edca5cb2c26b984ea12234ddcd75bef70631159b7c7a5732a339e2bfe8f140124f6f7c42dd75337546a8218e2909013689114a614e38a00f14c2f0d620199cd4bd55fa3f8cc2935500d24f073afc128c5109b5ad6e2dd35ae686f79a48983a781d096add666d8c2a8b307bc3e8b8221e7710c79f2043571be4b20c689925e4b1f5828879510e48a9c7f95e2eb0e137ccb260b34c230c6746dffe6916040ea6c1d2b35f21a368d27ffd5b3a5dd175bc98438904e6355fad7e3e76fe99d759c186af334b11f472b1836c213623e6cdc934ce2dca05f01fd7a44d42774aaa705f4e8da28b9a7735c55d3f5956b73d211aa797d4391b9709eb5c72df79d6d7be3608e0aafb27a4a6d6b37ffd46479506cc951eafba763f645449c4c9a756fa722bd2470234c68ae54be297e39a63b13b2206ec77ec73a6e6701a903ad8561ee0284b3b8723981bfb2d5d7fc3d9ada99ed2d5afb805d8e82d78cfde976f587ddfbc48b6d793801ec987e25b3f180d400cea4de5f7eb97ece9415c80e3fec51e7990cdb1d736c5df1b8af9ca3aea09d18935dabca08a588add17a3ba89117e08b0720defe33f2c48a1c1f77f0bb9da912ed5ec6d14f87e2bab0c9ddb567a5735cffc7a708023ce53b900713894a7492c53c9ced982ad38be2d6d02108d5ffb59e0f1097b568b89fdec60a857b32dd0e23243588e4b727af0a49fca8bb3bed15d6746de48cc5a4ac8ab46aaf8dfa259e05d4bdf7f92779cce6ba5adbde280f23c08394a54fe7f11279f98ae7ed464623dc50fcc9b800023dfc847fffc88614baa742b0a7ddf2023347bf563d64911a20e428fad4f65f5b16fab3b6c96aefecaa97674c09f0c6bc744807b19f212743cce3cd7c379cb730ffa75fc2b1c3dfe00ff801f39bc613ac80c205e8804a17128cf1faf1adffb3885fd802a9fbbba110a226e5df22fb7df161b1d3317760a904c7b1a3dc416a590ad591bfca87e77a50272cca6f2f6d8f25eebb7d597cd5719620f57ee738a38204412aad5e52345fd416f1105be5161fcff4606d734fc6fbc10dc91ada46a2ea3af9564323fa6c0c931de88f4160ced6c16e3c3249c25c511904719008a684db390a9752a8521f6787ab2a1e4fb13cba46c0e80ee11cff40567bf063d08771f036f31fe44e5f0f61f0ed39c149d6e271a7859a4268659533f9f6cc51cc3dfb6fab72d1fd76843501fe960454a70574b8d9a57455fba6addf593d0750c92705a82ab2b98c940e399696faef90f1fc6ae92fdf54658930eb6a1af3b21870bb1a9d4e1af7d3aefc2ddf88f09f76beba2039453812bdda9629468baa9f5430dab358fc74494ec11afe5630e2c3862f39ca925af77e0fe57e89685e50f5d198ceae170df482d14567acc1d38dba025a04bc1fd005f9da39f1f0e4fcfcaa5ebc15fdbba86dc5eaa92be0eeec4c14f9f9d87a95beb50575bb24b609a5b60b374612b046b98c1ef60fff3a01c46604494710b8c1b064aa9e76219c93fa5cd7c70bd7ec00362997c83ff9f2fef5f47b10fb85f03a8005b91a69b991dc6014117f4a2e8e1a10b1df96fb13918259c07b3a465903901c36373cacf47e5aa0046ac24ca03cfe75c05fdf31d9ceacf329c0abf6190ef6baa4ac446481447fca635bec5aa9fc7d271c63c46541b70024b24672c04ead1cd095ca5e01138d47f07d299a5bb5197b504ffbc987358615e11311db6e21917fcd448bfaddf232322314b03fcdcbe0fb92025730c1a94e79784662e96d6ed24aa7dffa6b619f8ebf4ec578bba059b8347fb808a3c5f5a3018713d28971b783ff1d5a30f76209c4f5a69defe14b5421756b4064c00d92af0620d2706a66a3a1d62575097862d570d022b9d4eb81ea92bd02db11f8f0ba8170aaeb6d33bc11f7ac04a6870b17f6f5c3fccf1f4557ae702b23e658ed04d5b634fa589352d008f55f784ce419595774aa86db5073e0cb243caaa398df9ebc6bf605da22aa73896a73bf6dcf40fc311a2528f38da123780945e9da98faa363e3356cf42495b34d2ba3f2c16edc3a0a85b106f11402b0bbae588fa29330d246158bde04c1d09fc06df310d495e7702514ef52f863eb0263d9cc2286c12ff91788c93d02b5a23c28a510cae677d071ad13597d3a6ed394880c20559fa3a9679f6f17bfee4c3775c0830d7c8275d349ff3c2ebc267803643500807356a90212506ff5d87a240f1b05f68c7cd9504a3e970b0d6716a4193914caafcaa8564ed00fa7445deccc3ef03e0a72b30ca54bfae19f7e6d553a2949a9cd9009ca813036f8d5d20001c9092dc2342ed0296c0401cadf6beb059fe975805fbeeb8732f418935939009b149784999ce4a155420f013b405652ed912e825f99a09d4735ff3aff3000299404892723a2995ba2e4f2a4354053597e637eb441573c65c25859ffcb8cdf81723b5a5bb45bba8ec6ef303540a0b58048c71e70ccbee3b370a3d7b14ec21819139459f4015a9460decb25a14d97533c88ff005c3895cc2d3ebaed2238ad481bb3ad2f124194ecc61fedb4cce4d76f84e97897ec9f4be34d685bfd18d0052d31cdf1d63505a4cdc4ff5186f44492831a88b9e1cb0bf1989ec41a11f38d007343ca0011881b6f627fc513b7de6ecef619d6a86c98a8728a2abba07b319df326923feebbd0dd98eafa4ac1f349fbee8c7fefe3046d4f47af6f44f969a6b0c1004e6b60069d27667523e4ffa5d989637bf2e586a68227469fcfb35e32c982abeb41b0114d4079fb9e4724524df620b32cdf38e95c27a74ec68fa48ff9d86a6a4aabfcd14387b990df8959ebb1b1647613aad1e61c258fe1066e27967dfca146a68fb2f34a97eb306e5172b1a018db63fb0b96b4c7c20d57446ef9c96e999482f457611eb25d77dc988d9c0ae4e7a7e9a4393fc65deac09a248f5950bffae260b56456ba08685a825cb7e35fcc122dbf5815a5a9044a0ec1d744961f5a9e8d1dcf95c02ae61a701ccc7f16948bbf16e68dadb29d9499943bc4f2237e7b474d768ed4560e1e3d2bb5ff0c909eea6a7dbcaf4d0a3342f0d16e1c41935cd443a9f1b70693ff0e0a63dbb488cf8f3800b1be2826e284991b67c7312d7a33dfa570cdb168bf2476e49c9a09ac74ff5924590109408bd95af71e0a0558d8548936dc02b33e9842072e6bd62effebb891b4b7c655404bd656d3d7687c56cc4e04450aad86aecf797aa5b264825ba02697a93d07998420e1759a218bddb58771ec9f48eb9d8f002febeb7496a2f743fc6da3d9e7dc72cadfd2f3b4a4426ad5f5faa074776b16649a2202468b18eb7e9996009b97f0fe3b753ad5173e35dd5bcb110ae435c86bba0f9d05a49332a61fbbc09825d04a4894d0771eb04c39fb29f3b6b46c5f02315ae1afd63e7101e4efd84b502ebd0b684cfdfabd790f0367589da7ba6f9afe6d4ee06848a5af330b931a4128d63d1c4fb085ca0a0bfc6a7892d182c5013501f227041ca47aca47063132123e7466e798012bbd2f6716c4c54ce030e7178f93392f47ba388ff904502acbae85255872a3219caf56661b4563f9556f4285b804c0b042737e3a5c8c615662179da886907c25660b91fc522435b9e2f02a55285959956e21ff95bfc2f217d5681d4275bac6786c47933a4b1657774dd4c81e1493c9440e678c94843d9c5697a76f2688124d0c80bfa1f34ce93081fc8637473227a3f1760d1605858fb88efbd3ec7edf416f2071d19a6ce8f23c6f8e45551b1a37ab67472dfefb48d9d6060edb5eae00983207a8cc706053006b359fd32dc0e41152225566453fd5b6f6b714afd579c7b09416432a771a7cf3c92afda8de4695d2dc7aa6904a16c86b711d2e80a9ab8ee2b48fcb9da0e03fcc6a84bc896fb4f33b3d962f58d8d556236554374aaea3b6cc9d6c62489ba6ac4aa7ad0f0f4886ec6f16a22f9703222a9404f321562100adeef745595ddb457b8a06a53607986b69ef4f909c5a982c060e99350307492b5e68d532f05540099b189b56a11c341005a443088f8ab369593af21018f28c9e6354dfafaae24ef500eaf9ea5adcb20cad36d1c67726721685a8996729a5c33ee0c6489567003ea1d34b173a7b9b2cc80c6e418f1c6d46311fd04638dd222f4cf79cf28b4a3ad2933da3bfcbf0bf5fc609270ccc39bb02fb894e8ef4dba07ec5b1d25cd75d2a8d7375a312b1d82f840b42336aa3b358cf0a5d130384eb85debe90ee67acf1b5408650b39574c3e2fd08bdc03d963fa1dc11f214ac42c01ca81cb06b883b90dcc1e7d8bd7bf30bf1ba49a2240b8dd4baee3ad9a7edb1fe27d585932c1fac7c2992ff9ca336d675e66756029015fb520dd8958c71bb38b7748bff42f1f07b5dbbb1bee0cb5b8975ea2ec8ce87882ced38e5490dfb3366f526319c92a8c5efb7e5f0ceaebd34577f6b78449334151213191cab8172315c01f875389d196c47c20922d44acb528c5743faeb883a5bb6b756a5ee64d552ec9288dd9282d2e6bdd6af9781476757840d953043d0b0e0f0f2c6df66d0d9fa47635fe5d7e856338d8bebbe5fe4c9d07b8b12e7b0ed55d3c2d4732003033e220e95b49e635ca153ec755db5b80c898281da40a0f8e64c45aedae0b0995026b9a4402280fd90efd7e662a0022f225d5a4c15fddd8c3e128ddd91d61c979ecf749092d16b71fa464a4ea84bd56b3ea2c2db6acc7e7b586f96b63cb6306b6b0db065672f91e638b72fd19902ee0861f6f677b217297f3a80981fc4369117d2561f82c4149de5956bf3fa6578df8183a59842664dbd1dfbb94ae586cb081b62a3a065ad906c26239a796e7fee6e8825881777639a53df27ecba08926a3528e2d3f05583a07f49446d6d5c1c07604107002c03f8d6a8d336d5eb66489a08f0cc497770869a33a3a8b0508bd331bbe041cab45514255c831eca1caab40df233f88e20fa214e51c87735eb3ad30315035e1a689d99b28caac1ae306049bb8ec59852b25fb3f98d9885d8d78fe9bd83fe3d0fe2ba639fe89a249dac01a165ab9b7da15235ec94b38f6e8ae9daf81f49924aa1814cb026ecbda554e9fda77756227e4237ae51498b0f69b01c987b8d3c812ef072744854284fb6764d5f736524e02d1e49c6846a33e9dab2bc28fc861e79d54e492b748e5e300990e9c8b553b3a9396167866a4bc3403a1b55b71f29ca94be997a264c04f66ec63985db6c4883fb09e0c0deebef89a6d1285817b4541925e43e5d664fb2793dd0dc9a5a8501406e3c4a67213a3a733b8c0cb5a34c3958a7bdf090f6dbfedec6d7bdc263a4ffdd3d528326c64d896df9ac7b01deb3d6d23cff4b0a884e1c29ea02d2fca29178f189d8b1070b2677551f8da85c171fe14cd63cffd6cff"})
ptrace$cont(0x18, r4, 0x9, 0x2)
recvfrom$l2tp(r0, &(0x7f0000002840)=""/14, 0xe, 0x0, &(0x7f0000002880)={0x2, 0x0, @private}, 0x10)
syz_usb_connect$uac1(0x6, 0xdf, &(0x7f00000028c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcd, 0x3, 0x1, 0x4, 0xc0, 0x0, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x47}, [@processing_unit={0xa, 0x24, 0x7, 0x4, 0x2, 0x0, "ce0005"}, @extension_unit={0xb, 0x24, 0x8, 0x3, 0x100, 0x7, "f8525a26"}, @input_terminal={0xc, 0x24, 0x2, 0x5, 0x404, 0x5, 0x4, 0xfff8, 0x7, 0x7}, @feature_unit={0x11, 0x24, 0x6, 0x5, 0x1, 0x5, [0x3, 0x2, 0x7, 0x2, 0x5]}, @mixer_unit={0xb, 0x24, 0x4, 0x4, 0x1, "09e38bd657e5"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x7f, 0x1, 0x1001}, @format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x9, 0x4, 0x7f, 0xd, 0x8}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x10, 0x4, 0x2, 0x80, "f798b0aca22c7a"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x9, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x9, 0x7, 0x40, {0x7, 0x25, 0x1, 0xc, 0xd, 0x7fff}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_ext={0xa, 0x24, 0x2, 0x2, 0x0, 0x800, 0x3, 0x40}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x4, 0x9, 0x5, {0x7, 0x25, 0x1, 0xc, 0x4, 0x3ff}}}}}}}}]}}, &(0x7f0000002d80)={0xa, &(0x7f00000029c0)={0xa, 0x6, 0x110, 0x0, 0x7, 0x9, 0x20, 0x5}, 0x1d, &(0x7f0000002a00)={0x5, 0xf, 0x1d, 0x1, [@ssp_cap={0x18, 0x10, 0xa, 0xfb, 0x3, 0x400, 0xf000, 0x3, [0xff3f00, 0x0, 0x0]}]}, 0x7, [{0x4, &(0x7f0000002a40)=@lang_id={0x4, 0x3, 0x80c}}, {0x4b, &(0x7f0000002a80)=@string={0x4b, 0x3, "6889b0c5addf9b08009c0bb4c6c38ff6f93e11d97bcd95ffbe93642e9e4e9608901acdbb6b6181c7309191e865a45849f8fd3831e99c2ed14317e3430c12ead86f433a6896c57a06fb"}}, {0x95, &(0x7f0000002b00)=@string={0x95, 0x3, "8daf42f23ed95f1b941f29ae3f0bd41ea6043de82138d5ddb4b8660157d061b3a08c6a73ab481c09f956bd50ee197fd9d12fcbeeebf9ce438cd493df88599904e5f33d03ac3e2893646888ccae78a0097376d4ff2235524285a67f56e9b7b3ee38bfba21731813dd00a188b18b12c25b03193f59f15a207126969c8624daddfe05df7635bed0b40db4e9b8243b6da903ebcdcc"}}, {0x4c, &(0x7f0000002bc0)=@string={0x4c, 0x3, "bdbe0923c194f0be8ae6f92e64acc9d744d8b07a49fe0ddd8c0950b11e18e08bcbe73babfde94d672b3ffad7ac77aaf32b50bee600f4294813b50b0a0237fab44dc1565e3c0a38b5d7f4"}}, {0x4, &(0x7f0000002c40)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f0000002c80)=@lang_id={0x4, 0x3, 0x240a}}, {0x9e, &(0x7f0000002cc0)=@string={0x9e, 0x3, "fbefc3d1043bb7728e68e15f01bba82f002d847a23e50c01427f9888e042ef9ae21e0e9a89b1f618f274f7c241e70fb40d151497cd1895a1ca85398a0b7e6ff97244b85f4fc100c94ef58cb2606e8fa8c3869ca67070062b7ae7091063b06a9671f8368dfb389e3232fc35a19640d9e48eff03900453a4307a2a58fe3105878e1e5afaec9d93868e311b7c415b375eef437261f1ca45f8ded7300498"}}]})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x7)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000002e00), 0x410280, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000002e80), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_LISTALL(r5, &(0x7f0000002f40)={&(0x7f0000002e40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000002f00)={&(0x7f0000002ec0)={0x38, r6, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xb}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0xb4c934bb82f7d9d4)
memfd_secret(0x0)
socket$inet6(0xa, 0x80000, 0x2a89)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000002fc0), r5)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000003000)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f00000030c0)={&(0x7f0000002f80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003080)={&(0x7f0000003040)={0x2c, r7, 0x400, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000003100))

1m26.220895454s ago: executing program 3 (id=582):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
mount(0x0, 0x0, &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
r3 = geteuid()
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r5, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000})
ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f0000000000)={0x28, 0x4, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r7, &(0x7f0000002880)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
sendmsg$GTP_CMD_GETPDP(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x40, r8, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_MS_ADDRESS={0x8, 0x5, @multicast2}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}, @GTPA_TID={0xc}, @GTPA_FLOW={0x6, 0x6, 0x4}]}, 0x40}}, 0x40)
mount$fuseblk(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280), 0x2040000, &(0x7f0000000380)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x8}}, {@blksize}, {@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}]}})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
recvmmsg(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60010000, 0x0)

1m25.000594486s ago: executing program 1 (id=583):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x17, 0x3, 'lblcr\x00', 0xd, 0x4, 0x5d}, 0x2c)
r2 = socket$kcm(0xa, 0x2, 0x0)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x8)
preadv(0xffffffffffffffff, &(0x7f0000002940)=[{&(0x7f0000002680)=""/236, 0xec}], 0x1, 0x2, 0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000440)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [{@context={'context', 0x3d, 'sysadm_u'}}, {@seclabel}, {@fowner_lt}, {@smackfsfloor={'smackfsfloor', 0x3d, '#'}}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x40)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44)
sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RESULT={0x8}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x20}}}}]}]}, 0x8c}}, 0x0)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1d}, @hci_evt_le_cis_established={{}, {0x1, 0xc8, "3b1751", "9a3e67", "593f1c", '\x00', 0x7, 0x1, 0x5, 0x3, 0x9, 0x47, 0x4, 0x4, 0xffff, 0x9}}}}, 0x20)

1m24.616319954s ago: executing program 3 (id=584):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0x408c, 0x0, &(0x7f0000000300), &(0x7f0000000200), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000240)=[0xffffffffffffffff], 0x1)
read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
close(0x3)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x20009, 0x2, 0x18, 0x5, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x20000006, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffe, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x7, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0xfffffffe, 0x400, 0xe, 0x4, 0xffffffff, 0x6c, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x35, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x200025, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x5, 0x400, 0x7ffd, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x68, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0xffff, 0x6, 0x96, 0x9, 0x2, 0x0, 0x200, 0x401, 0xc, 0x2, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x5, 0x7, 0x200, 0x3], [0x8, 0x8000c584, 0x5, 0xcd3, 0x7, 0x1f, 0x400, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x4, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x6, 0x5, 0x80, 0x9, 0x7ffe, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0xfffffffc, 0x8, 0x3, 0x3ff, 0x20000006, 0x9, 0x95e, 0xffffffff, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x10002, 0x1, 0x3, 0x88, 0x2, 0xffffff80, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x6, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xfffff734, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x82, 0x44, 0x409, 0x1, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x1f3, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0x1f, 0x136, 0x6]}, 0x45c)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb0100180000000000000034000000340000000600000004000000000000010400000020040000000000000000000d040000000000000000000010040000000400000000000008030000000000000061"], 0x0, 0x52}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x2, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r4, 0x1, 0x4}, 0x50)
ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501)
readv(0xffffffffffffffff, &(0x7f0000001240), 0x0)
r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x1, 0x82)
r7 = openat$cgroup_int(r6, &(0x7f0000000100)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000080)=0xfffffffd, 0x12)
write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
prlimit64(r2, 0xc, 0x0, &(0x7f0000000280))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binfmt_register(0xffffffffffffff9c, 0x0, 0x1, 0x0)

1m24.252377851s ago: executing program 1 (id=585):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0x42) (fail_nth: 1)

1m23.427070514s ago: executing program 0 (id=586):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x410000, 0x0)
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f00000000c0)={0x8, 0x5, 0x8, 0xba, 0x8, "837c73ba17582ccac16653f2ba2e59abed4afd", 0x3, 0xe92})
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000280)={0x0, <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
r6 = syz_open_procfs(r2, &(0x7f00000001c0)='attr/keycreate\x00')
pread64(r6, &(0x7f0000001240)=""/102400, 0x19000, 0xffffffff8)
ioctl$MEDIA_IOC_DEVICE_INFO(r6, 0xc1007c00, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0xce, 0x4)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0x100120}], 0x1}, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, 0x0)

1m9.776775365s ago: executing program 0 (id=587):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x4, 0xe4}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x1400, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
creat(&(0x7f0000000000)='./file1\x00', 0xf8)
fanotify_init(0xf00, 0x1)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

0s ago: executing program 34 (id=587):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x4, 0xe4}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000140), 0x1400, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
creat(&(0x7f0000000000)='./file1\x00', 0xf8)
fanotify_init(0xf00, 0x1)
fallocate(r1, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0)

kernel console output (not intermixed with test programs):

] libceph: mon0 (1)[c::]:6789 connect error
[  128.271115][ T6684] netlink: 156 bytes leftover after parsing attributes in process `syz.3.173'.
[  128.426391][ T6679] Bluetooth: MGMT ver 1.23
[  128.630799][ T6679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.174'.
[  128.754224][ T6671] ceph: No mds server is up or the cluster is laggy
[  128.966108][ T5885] libceph: connect (1)[c::]:6789 error -101
[  129.005807][   T30] audit: type=1400 audit(1776976163.690:264): avc:  denied  { append } for  pid=6690 comm="syz.2.176" name="loop5" dev="devtmpfs" ino=652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  129.125897][ T6687] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  129.581318][ T6695] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  129.664323][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  129.861261][   T30] audit: type=1400 audit(1776976164.560:265): avc:  denied  { read write } for  pid=6701 comm="syz.3.180" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  129.888210][   T10] libceph: connect (1)[c::]:6789 error -101
[  129.894374][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  129.912164][ T6702] input: syz1 as /devices/virtual/input/input6
[  129.985697][ T6712] netlink: 156 bytes leftover after parsing attributes in process `syz.1.179'.
[  130.110150][   T30] audit: type=1400 audit(1776976164.560:266): avc:  denied  { open } for  pid=6701 comm="syz.3.180" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  130.201084][   T10] libceph: connect (1)[c::]:6789 error -101
[  130.311127][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  130.346122][   T30] audit: type=1400 audit(1776976164.590:267): avc:  denied  { ioctl } for  pid=6701 comm="syz.3.180" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  130.346151][   T30] audit: type=1400 audit(1776976165.020:268): avc:  denied  { append } for  pid=6708 comm="syz.2.181" name="file0" dev="tmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  130.346171][   T30] audit: type=1400 audit(1776976165.020:269): avc:  denied  { open } for  pid=6708 comm="syz.2.181" path="/40/file0" dev="tmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  130.407210][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  130.674328][ T6722] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  130.732472][ T5825] Bluetooth: hci1: Invalid connection link type handle 0x00c8
[  130.768374][ T6704] ceph: No mds server is up or the cluster is laggy
[  130.907358][ T6725] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  130.982454][ T6729] random: crng reseeded on system resumption
[  131.452721][ T6734] netlink: 176 bytes leftover after parsing attributes in process `syz.0.188'.
[  131.485844][ T6734] netlink: 2548 bytes leftover after parsing attributes in process `syz.0.188'.
[  132.412107][ T6750] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  132.493801][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  132.989598][ T6736] Bluetooth: hci0: Opcode 0x0401 failed: -110
[  133.263093][ T6753] capability: warning: `syz.3.194' uses deprecated v2 capabilities in a way that may be insecure
[  133.314550][   T30] audit: type=1400 audit(1776976168.000:270): avc:  denied  { create } for  pid=6748 comm="syz.3.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  133.522579][   T30] audit: type=1400 audit(1776976168.000:271): avc:  denied  { bind } for  pid=6748 comm="syz.3.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  133.566684][ T5906] libceph: connect (1)[c::]:6789 error -101
[  133.585627][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  133.596972][   T30] audit: type=1400 audit(1776976168.000:272): avc:  denied  { setopt } for  pid=6748 comm="syz.3.194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  133.641029][ T6765] netlink: 156 bytes leftover after parsing attributes in process `syz.4.195'.
[  133.743140][ T6764] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  133.761261][ T5825] Bluetooth: hci1: Invalid connection link type handle 0x00c8
[  133.839573][   T30] audit: type=1400 audit(1776976168.540:273): avc:  denied  { read } for  pid=6767 comm="syz.0.199" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  133.877203][ T2169] libceph: connect (1)[c::]:6789 error -101
[  133.887123][ T2169] libceph: mon0 (1)[c::]:6789 connect error
[  133.896946][   T30] audit: type=1400 audit(1776976168.540:274): avc:  denied  { open } for  pid=6767 comm="syz.0.199" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  133.948356][   T30] audit: type=1400 audit(1776976168.570:275): avc:  denied  { read } for  pid=6767 comm="syz.0.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  134.186993][ T2169] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  134.406566][ T6755] ceph: No mds server is up or the cluster is laggy
[  134.417369][ T5906] libceph: connect (1)[c::]:6789 error -101
[  134.435617][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  134.508682][ T2169] usb 1-1: Using ep0 maxpacket: 16
[  134.588552][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  134.608394][ T2169] usb 1-1: unable to get BOS descriptor or descriptor too short
[  134.620596][ T2169] usb 1-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.635946][ T2169] usb 1-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024
[  134.647645][ T2169] usb 1-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  134.685075][ T2169] usb 1-1: config 1 interface 0 has no altsetting 0
[  134.723714][ T2169] usb 1-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40
[  134.764049][ T6785] netlink: 24 bytes leftover after parsing attributes in process `syz.3.202'.
[  135.591562][ T2169] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.601361][ T2169] usb 1-1: Product: syz
[  135.605548][ T2169] usb 1-1: Manufacturer: syz
[  135.610175][ T2169] usb 1-1: SerialNumber: syz
[  135.630953][ T6769] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  136.202768][ T6769] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  136.496487][ T6790] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  136.497358][ T6798] FAULT_INJECTION: forcing a failure.
[  136.497358][ T6798] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  136.531963][ T6792] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  136.555418][ T5825] Bluetooth: hci2: hcon ffff888074190000 sent 0 < count 2
[  136.557984][ T6798] CPU: 0 UID: 0 PID: 6798 Comm: syz.3.204 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  136.558009][ T6798] Tainted: [L]=SOFTLOCKUP
[  136.558014][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  136.558023][ T6798] Call Trace:
[  136.558028][ T6798]  <TASK>
[  136.558033][ T6798]  dump_stack_lvl+0x100/0x190
[  136.558056][ T6798]  should_fail_ex.cold+0x5/0xa
[  136.558077][ T6798]  _copy_from_user+0x2e/0xd0
[  136.558097][ T6798]  wext_handle_ioctl+0xc9/0x1b0
[  136.558119][ T6798]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  136.558141][ T6798]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  136.558157][ T6798]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  136.558180][ T6798]  sock_ioctl+0x2d4/0x6b0
[  136.558204][ T6798]  ? __pfx_sock_ioctl+0x10/0x10
[  136.558220][ T6798]  ? hook_file_ioctl_common+0x149/0x410
[  136.558245][ T6798]  ? selinux_file_ioctl+0x13b/0x290
[  136.558261][ T6798]  ? selinux_file_ioctl+0xb6/0x290
[  136.558279][ T6798]  ? __pfx_sock_ioctl+0x10/0x10
[  136.558299][ T6798]  __x64_sys_ioctl+0x18e/0x210
[  136.558315][ T6798]  do_syscall_64+0x10b/0xf80
[  136.558335][ T6798]  ? clear_bhb_loop+0x40/0x90
[  136.558353][ T6798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  136.558368][ T6798] RIP: 0033:0x7f21d239c819
[  136.558380][ T6798] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  136.558394][ T6798] RSP: 002b:00007f21d3337028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  136.558410][ T6798] RAX: ffffffffffffffda RBX: 00007f21d2615fa0 RCX: 00007f21d239c819
[  136.558419][ T6798] RDX: 0000200000000040 RSI: 0000000000008b04 RDI: 0000000000000004
[  136.558428][ T6798] RBP: 00007f21d3337090 R08: 0000000000000000 R09: 0000000000000000
[  136.558436][ T6798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.558444][ T6798] R13: 00007f21d2616038 R14: 00007f21d2615fa0 R15: 00007ffd280877c8
[  136.558464][ T6798]  </TASK>
[  136.761173][ T5825] Bluetooth: hci2: hcon ffff888074190000 sent 0 < count 9
[  136.761215][ T5825] Bluetooth: hci2: hcon ffff8880784e0000 sent 0 < count 9
[  136.761262][ T5825] Bluetooth: hci2: hcon ffff888074190000 sent 0 < count 6
[  137.599667][ T2169] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input7
[  137.703449][ T5183] bcm5974 1-1:1.0: could not read from device
[  137.756409][ T5183] bcm5974 1-1:1.0: could not read from device
[  137.778812][ T2169] usb 1-1: USB disconnect, device number 3
[  137.826377][ T6804] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  137.830390][ T5183] bcm5974 1-1:1.0: could not read from device
[  138.158705][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  138.706536][   T30] audit: type=1400 audit(1776976173.390:276): avc:  denied  { read } for  pid=6808 comm="syz.2.211" name="sg0" dev="devtmpfs" ino=817 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  138.838206][   T30] audit: type=1400 audit(1776976173.390:277): avc:  denied  { open } for  pid=6808 comm="syz.2.211" path="/dev/sg0" dev="devtmpfs" ino=817 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  138.878970][ T5893] libceph: connect (1)[c::]:6789 error -101
[  138.925239][ T6829] netlink: 156 bytes leftover after parsing attributes in process `syz.4.212'.
[  138.935484][ T6819] netlink: 'syz.2.211': attribute type 4 has an invalid length.
[  138.946372][ T5893] libceph: mon0 (1)[c::]:6789 connect error
[  139.165872][   T30] audit: type=1400 audit(1776976173.400:278): avc:  denied  { ioctl } for  pid=6808 comm="syz.2.211" path="/dev/sg0" dev="devtmpfs" ino=817 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  139.230001][ T2169] libceph: connect (1)[c::]:6789 error -101
[  139.258818][ T2169] libceph: mon0 (1)[c::]:6789 connect error
[  139.359205][ T2169] libceph: connect (1)[c::]:6789 error -101
[  139.365320][ T2169] libceph: mon0 (1)[c::]:6789 connect error
[  139.427874][ T6838] netlink: 156 bytes leftover after parsing attributes in process `syz.1.213'.
[  139.629333][ T6823] ceph: No mds server is up or the cluster is laggy
[  139.647260][ T5878] libceph: connect (1)[c::]:6789 error -101
[  139.653645][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  139.700640][   T30] audit: type=1400 audit(1776976174.400:279): avc:  denied  { getopt } for  pid=6841 comm="syz.0.216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  139.805746][ T6844] netlink: 24 bytes leftover after parsing attributes in process `syz.3.215'.
[  140.253159][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  140.686089][ T5878] libceph: connect (1)[c::]:6789 error -101
[  140.692177][ T6834] ceph: No mds server is up or the cluster is laggy
[  140.720564][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  141.023465][ T6845] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  141.032950][ T6845] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  141.042763][ T6845] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  141.053936][   T30] audit: type=1400 audit(1776976175.740:280): avc:  denied  { firmware_load } for  pid=6839 comm="syz.3.215" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  141.928287][ T6854] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  141.949006][   T30] audit: type=1400 audit(1776976176.640:281): avc:  denied  { write } for  pid=6853 comm="syz.3.220" path="socket:[12537]" dev="sockfs" ino=12537 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  142.715628][ T6854] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.333348][ T6869] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  143.546354][ T6875] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  143.557598][ T5878] IPVS: starting estimator thread 0...
[  143.629948][ T5825] Bluetooth: hci2: Invalid connection link type handle 0x00c8
[  143.678952][ T6877] IPVS: using max 77 ests per chain, 184800 per kthread
[  144.212085][ T6854] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.345128][ T6888] random: crng reseeded on system resumption
[  144.453487][ T6854] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.472925][ T6890] kvm: user requested TSC rate below hardware speed
[  144.475960][ T5885] libceph: connect (1)[c::]:6789 error -101
[  144.512401][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  144.533240][ T6898] FAULT_INJECTION: forcing a failure.
[  144.533240][ T6898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.546533][ T6898] CPU: 1 UID: 0 PID: 6898 Comm: syz.4.230 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  144.546562][ T6898] Tainted: [L]=SOFTLOCKUP
[  144.546568][ T6898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  144.546577][ T6898] Call Trace:
[  144.546582][ T6898]  <TASK>
[  144.546588][ T6898]  dump_stack_lvl+0x100/0x190
[  144.546615][ T6898]  should_fail_ex.cold+0x5/0xa
[  144.546639][ T6898]  _copy_to_user+0x32/0xd0
[  144.546664][ T6898]  kvm_arch_vcpu_ioctl+0x38b7/0x5730
[  144.546699][ T6898]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  144.546724][ T6898]  ? __pfx_stack_trace_save+0x10/0x10
[  144.546744][ T6898]  ? stack_depot_save_flags+0x27/0x9d0
[  144.546774][ T6898]  ? __lock_acquire+0x4a5/0x2630
[  144.546795][ T6898]  ? tomoyo_path_number_perm+0x46d/0x580
[  144.546816][ T6898]  ? __lock_acquire+0x4a5/0x2630
[  144.546836][ T6898]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.546863][ T6898]  ? lock_acquire+0x1b1/0x370
[  144.546897][ T6898]  ? trace_contention_end+0x122/0x170
[  144.546922][ T6898]  ? __mutex_lock+0x26d/0x1b10
[  144.546948][ T6898]  ? kvm_vcpu_ioctl+0x322/0x1720
[  144.546972][ T6898]  ? __pfx___mutex_lock+0x10/0x10
[  144.546997][ T6898]  ? kasan_quarantine_put+0x104/0x240
[  144.547027][ T6898]  ? tomoyo_path_number_perm+0x28f/0x580
[  144.547051][ T6898]  ? tomoyo_path_number_perm+0x188/0x580
[  144.547071][ T6898]  ? kvm_vcpu_ioctl+0x8a0/0x1720
[  144.547089][ T6898]  kvm_vcpu_ioctl+0x8a0/0x1720
[  144.547110][ T6898]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  144.547129][ T6898]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  144.547152][ T6898]  ? do_vfs_ioctl+0x226/0x13e0
[  144.547170][ T6898]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  144.547188][ T6898]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  144.547217][ T6898]  ? __fget_files+0x215/0x3d0
[  144.547237][ T6898]  ? hook_file_ioctl_common+0x149/0x410
[  144.547268][ T6898]  ? selinux_file_ioctl+0x13b/0x290
[  144.547287][ T6898]  ? selinux_file_ioctl+0xb6/0x290
[  144.547309][ T6898]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  144.547329][ T6898]  __x64_sys_ioctl+0x18e/0x210
[  144.547349][ T6898]  do_syscall_64+0x10b/0xf80
[  144.547372][ T6898]  ? clear_bhb_loop+0x40/0x90
[  144.547394][ T6898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.547411][ T6898] RIP: 0033:0x7f25a939c819
[  144.547427][ T6898] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  144.547442][ T6898] RSP: 002b:00007f25a75ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  144.547459][ T6898] RAX: ffffffffffffffda RBX: 00007f25a9615fa0 RCX: 00007f25a939c819
[  144.547470][ T6898] RDX: 0000200000000100 RSI: 00000000c048aeca RDI: 0000000000000005
[  144.547480][ T6898] RBP: 00007f25a75ee090 R08: 0000000000000000 R09: 0000000000000000
[  144.547490][ T6898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  144.547499][ T6898] R13: 00007f25a9616038 R14: 00007f25a9615fa0 R15: 00007ffd8c592a78
[  144.547523][ T6898]  </TASK>
[  144.777179][ T5885] libceph: connect (1)[c::]:6789 error -101
[  144.843320][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  144.843652][   T30] audit: type=1400 audit(1776976179.510:282): avc:  denied  { kexec_image_load } for  pid=6889 comm="syz.1.227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  144.850414][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  144.882853][ T6901] netlink: 156 bytes leftover after parsing attributes in process `syz.2.229'.
[  144.993842][ T6903] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  145.274824][ T6892] ceph: No mds server is up or the cluster is laggy
[  145.408606][ T5933] libceph: connect (1)[c::]:6789 error -101
[  145.418748][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  145.684519][ T6912] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  145.764966][ T5825] Bluetooth: hci0: Invalid connection link type handle 0x00c8
[  145.774286][ T1118] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  146.091468][ T1118] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  146.140888][  T133] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  146.179900][   T47] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.117204][ T6924] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  148.161434][ T6938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.238'.
[  148.487015][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  148.996846][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  149.562686][ T6943] random: crng reseeded on system resumption
[  149.739834][   T10] libceph: connect (1)[c::]:6789 error -101
[  149.745856][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  149.859529][ T6957] netlink: 156 bytes leftover after parsing attributes in process `syz.2.244'.
[  150.087545][ T5933] libceph: connect (1)[c::]:6789 error -101
[  150.096493][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  150.280781][   T30] audit: type=1400 audit(1776976184.980:283): avc:  denied  { create } for  pid=6961 comm="syz.0.246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  150.574188][ T6947] ceph: No mds server is up or the cluster is laggy
[  150.607107][  T804] libceph: connect (1)[c::]:6789 error -101
[  150.613214][  T804] libceph: mon0 (1)[c::]:6789 connect error
[  150.820696][ T6970] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  150.840559][ T5825] Bluetooth: hci4: Invalid connection link type handle 0x00c8
[  151.864610][ T6979] netlink: 24 bytes leftover after parsing attributes in process `syz.1.251'.
[  155.397508][ T6987] random: crng reseeded on system resumption
[  155.626904][ T5933] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  155.735748][ T7000] netlink: 20 bytes leftover after parsing attributes in process `syz.2.259'.
[  155.781376][ T7002] Context (ID=0x0) not attached to queue pair (handle=0x4d5:0xffff0100)
[  155.792659][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  155.804800][ T5933] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  155.815077][ T5933] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  155.827879][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.848813][ T5933] usb 4-1: config 0 descriptor??
[  155.988998][ T5816] udevd[5816]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  156.034824][   T10] libceph: connect (1)[c::]:6789 error -101
[  156.083276][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  156.118837][   T30] audit: type=1326 audit(1776976190.820:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.182255][ T7015] netlink: 156 bytes leftover after parsing attributes in process `syz.1.260'.
[  156.463158][   T10] libceph: connect (1)[c::]:6789 error -101
[  156.475729][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  156.502924][   T30] audit: type=1326 audit(1776976190.820:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505495][   T30] audit: type=1326 audit(1776976190.840:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505535][   T30] audit: type=1326 audit(1776976190.840:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505563][   T30] audit: type=1326 audit(1776976190.840:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505584][   T30] audit: type=1326 audit(1776976190.840:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505606][   T30] audit: type=1326 audit(1776976190.850:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505634][   T30] audit: type=1326 audit(1776976190.850:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505667][   T30] audit: type=1326 audit(1776976190.850:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.505700][   T30] audit: type=1326 audit(1776976190.850:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6984 comm="syz.3.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f21d239c819 code=0x7ffc0000
[  156.608342][ T5825] Bluetooth: hci1: hcon ffff88807417c000 sent 0 < count 2
[  156.608368][ T5825] Bluetooth: hci1: hcon ffff88807417c000 sent 0 < count 9
[  156.608388][ T5825] Bluetooth: hci1: hcon ffff888074178000 sent 0 < count 9
[  156.608406][ T5825] Bluetooth: hci1: hcon ffff88807417c000 sent 0 < count 6
[  156.675281][ T5933] usbhid 4-1:0.0: can't add hid device: -71
[  156.675368][ T5933] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  156.771524][ T5933] usb 4-1: USB disconnect, device number 4
[  156.846002][ T7010] ceph: No mds server is up or the cluster is laggy
[  156.998872][ T7022] netlink: 24 bytes leftover after parsing attributes in process `syz.4.262'.
[  157.112980][ T7022] 9pnet_virtio: no channels available for device syz
[  157.113004][ T7024] netlink: 24 bytes leftover after parsing attributes in process `syz.1.263'.
[  157.790049][ T5878] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  158.102480][ T5878] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  158.120714][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.176219][ T7048] FAULT_INJECTION: forcing a failure.
[  158.176219][ T7048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.189652][ T7048] CPU: 1 UID: 0 PID: 7048 Comm: syz.2.269 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  158.189680][ T7048] Tainted: [L]=SOFTLOCKUP
[  158.189686][ T7048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  158.189695][ T7048] Call Trace:
[  158.189700][ T7048]  <TASK>
[  158.189707][ T7048]  dump_stack_lvl+0x100/0x190
[  158.189734][ T7048]  should_fail_ex.cold+0x5/0xa
[  158.189760][ T7048]  _copy_to_user+0x32/0xd0
[  158.189784][ T7048]  simple_read_from_buffer+0xcb/0x170
[  158.189807][ T7048]  proc_fail_nth_read+0x1af/0x230
[  158.189826][ T7048]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  158.189847][ T7048]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  158.189865][ T7048]  vfs_read+0x1e4/0xb30
[  158.189887][ T7048]  ? __pfx_vfs_read+0x10/0x10
[  158.189904][ T7048]  ? __fget_files+0x215/0x3d0
[  158.189930][ T7048]  ? __fget_files+0x21f/0x3d0
[  158.189958][ T7048]  ksys_read+0x12a/0x250
[  158.189975][ T7048]  ? __pfx_ksys_read+0x10/0x10
[  158.189992][ T7048]  ? rcu_is_watching+0x12/0xc0
[  158.190017][ T7048]  ? exit_to_user_mode_loop+0xdd/0x4a0
[  158.190041][ T7048]  ? rcu_is_watching+0x12/0xc0
[  158.190070][ T7048]  do_syscall_64+0x10b/0xf80
[  158.190093][ T7048]  ? clear_bhb_loop+0x40/0x90
[  158.190115][ T7048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.190132][ T7048] RIP: 0033:0x7f4da2d5d04e
[  158.190146][ T7048] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  158.190162][ T7048] RSP: 002b:00007f4da3c00fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  158.190178][ T7048] RAX: ffffffffffffffda RBX: 00007f4da3c016c0 RCX: 00007f4da2d5d04e
[  158.190188][ T7048] RDX: 000000000000000f RSI: 00007f4da3c010a0 RDI: 0000000000000008
[  158.190198][ T7048] RBP: 00007f4da3c01090 R08: 0000000000000000 R09: 0000000000000000
[  158.190208][ T7048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.190217][ T7048] R13: 00007f4da3016218 R14: 00007f4da3016180 R15: 00007ffd5af4d468
[  158.190241][ T7048]  </TASK>
[  158.398694][ T5878] usb 1-1: config 0 descriptor??
[  158.449557][ T5885] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  158.607259][ T5885] usb 5-1: Using ep0 maxpacket: 32
[  158.615355][ T5885] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  158.629551][ T5885] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  158.647721][ T5885] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  158.657006][ T5885] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  158.665383][ T5885] usb 5-1: Product: syz
[  158.678763][ T5885] usb 5-1: Manufacturer: syz
[  158.700378][ T5885] hub 5-1:4.0: USB hub found
[  158.954873][ T5885] hub 5-1:4.0: 2 ports detected
[  159.162797][ T7060] fuse: Bad value for 'fd'
[  159.342521][  T804] libceph: connect (1)[c::]:6789 error -101
[  159.348891][  T804] libceph: mon0 (1)[c::]:6789 connect error
[  159.356109][ T7062] ceph: No mds server is up or the cluster is laggy
[  160.221804][ T7034] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  160.228117][ T7034] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  160.241683][ T7034] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  160.253150][ T7034] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  160.253777][ T5885] hub 5-1:4.0: activate --> -90
[  160.266614][ T7034] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  160.278327][ T7034] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  160.286658][ T7034] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  160.294591][ T7034] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  160.304608][ T7034] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  160.313028][ T7034] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  160.325392][ T7034] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  160.334319][ T7034] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  160.343371][ T7034] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  160.353402][ T7034] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  160.365811][ T7034] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  160.420983][ T5878] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  160.432943][ T5878] [drm:udl_init] *ERROR* Selecting channel failed
[  160.477820][ T5893] usb 5-1: USB disconnect, device number 5
[  160.478782][ T5885] hub 5-1:4.0: hub_ext_port_status failed (err = -71)
[  160.521741][ T5878] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  160.580850][ T5878] [drm] Initialized udl on minor 2
[  160.839250][ T5878] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  161.013221][ T5878] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  161.031277][ T5951] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  161.109835][ T7080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.277'.
[  161.115739][ T5878] usb 1-1: USB disconnect, device number 4
[  161.119984][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout
[  161.138449][ T7080] netlink: 8 bytes leftover after parsing attributes in process `syz.1.277'.
[  161.156072][ T5951] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  161.216278][ T7086] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  161.255746][ T7086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.280'.
[  161.265021][ T7086] netlink: 56 bytes leftover after parsing attributes in process `syz.4.280'.
[  161.394542][ T7073] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  161.583252][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  161.583283][   T30] audit: type=1400 audit(1776976196.280:347): avc:  denied  { getopt } for  pid=7091 comm="syz.4.281" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  161.746911][ T5878] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  161.761939][   T30] audit: type=1400 audit(1776976196.460:348): avc:  denied  { connect } for  pid=7100 comm="syz.2.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  161.794261][   T30] audit: type=1400 audit(1776976196.490:349): avc:  denied  { ioctl } for  pid=7100 comm="syz.2.283" path="socket:[13215]" dev="sockfs" ino=13215 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  161.913073][ T5951] libceph: connect (1)[c::]:6789 error -101
[  161.919091][ T5878] usb 1-1: Using ep0 maxpacket: 16
[  161.924664][ T5951] libceph: mon0 (1)[c::]:6789 connect error
[  161.934337][ T7103] ceph: No mds server is up or the cluster is laggy
[  161.942644][ T5878] usb 1-1: unable to get BOS descriptor or descriptor too short
[  161.963199][ T5878] usb 1-1: config 4 has an invalid interface number: 241 but max is 0
[  161.994551][ T5878] usb 1-1: config 4 has no interface number 0
[  162.035625][ T5878] usb 1-1: config 4 interface 241 has no altsetting 0
[  162.038830][ T5878] usb 1-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=2b.4b
[  162.038855][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.038867][ T5878] usb 1-1: Product: syz
[  162.038876][ T5878] usb 1-1: Manufacturer: syz
[  162.038885][ T5878] usb 1-1: SerialNumber: syz
[  162.160160][ T7080] ceph: No mds server is up or the cluster is laggy
[  162.337034][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout
[  162.337059][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  162.337361][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  162.397214][ T5825] Bluetooth: hci4: command 0x0c1a tx timeout
[  162.574243][ T7098] loop8: detected capacity change from 0 to 7
[  162.610977][ T7098] Dev loop8: unable to read RDB block 7
[  162.611009][ T7098]  loop8: unable to read partition table
[  162.611107][ T7098] loop8: partition table beyond EOD, truncated
[  162.611128][ T7098] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  162.634523][ T5878] cypress_m8 1-1:4.241: DeLorme Earthmate USB converter detected
[  162.672124][ T5878] earthmate ttyUSB0: required endpoint is missing
[  162.816412][ T5878] usb 1-1: USB disconnect, device number 5
[  162.872261][ T5878] cypress_m8 1-1:4.241: device disconnected
[  163.188073][ T7119] netlink: 24 bytes leftover after parsing attributes in process `syz.1.287'.
[  163.335039][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout
[  164.395678][   T30] audit: type=1400 audit(1776976199.090:350): avc:  denied  { bind } for  pid=7121 comm="syz.0.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  164.415119][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout
[  164.416943][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout
[  164.421161][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  164.443955][   T30] audit: type=1400 audit(1776976199.130:351): avc:  denied  { setopt } for  pid=7121 comm="syz.0.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  164.477529][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  164.831688][ T7128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.291'.
[  164.854716][ T7128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.291'.
[  164.906643][ T5885] libceph: connect (1)[c::]:6789 error -101
[  164.915133][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  165.177252][ T5885] libceph: connect (1)[c::]:6789 error -101
[  165.185277][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  165.248419][   T30] audit: type=1400 audit(1776976199.940:352): avc:  denied  { name_connect } for  pid=7141 comm="syz.4.294" dest=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  165.321131][ T7142] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  165.354351][ T7142] netlink: 20 bytes leftover after parsing attributes in process `syz.2.293'.
[  165.363297][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  165.713036][ T5951] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  165.713168][ T5885] libceph: connect (1)[c::]:6789 error -101
[  166.059887][ T5885] libceph: mon0 (1)[c::]:6789 connect error
[  166.067434][ T5878] libceph: connect (1)[c::]:6789 error -101
[  166.074656][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  166.206376][   T30] audit: type=1400 audit(1776976200.890:353): avc:  denied  { ioctl } for  pid=7150 comm="syz.3.297" path="socket:[13459]" dev="sockfs" ino=13459 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  166.236253][ T5951] usb 2-1: Using ep0 maxpacket: 8
[  166.538543][ T5831] Bluetooth: hci2: command 0x0c1a tx timeout
[  166.538581][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout
[  166.538610][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  166.551730][ T5878] libceph: connect (1)[c::]:6789 error -101
[  166.551842][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  166.567034][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout
[  166.569106][ T5951] usb 2-1: unable to get BOS descriptor or descriptor too short
[  166.570005][ T5951] usb 2-1: config 2 has an invalid interface number: 30 but max is 0
[  166.570026][ T5951] usb 2-1: config 2 has no interface number 0
[  166.570079][ T5951] usb 2-1: config 2 interface 30 has no altsetting 0
[  166.581172][ T5951] usb 2-1: New USB device found, idVendor=99fa, idProduct=8988, bcdDevice=4d.bc
[  166.581201][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.581220][ T5951] usb 2-1: Product: syz
[  166.581234][ T5951] usb 2-1: Manufacturer: syz
[  166.581248][ T5951] usb 2-1: SerialNumber: syz
[  166.582752][   T30] audit: type=1400 audit(1776976200.890:354): avc:  denied  { write } for  pid=7150 comm="syz.3.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  166.686658][ T7128] ceph: No mds server is up or the cluster is laggy
[  166.698629][ T7154] ceph: No mds server is up or the cluster is laggy
[  166.793656][ T7147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.923254][ T7147] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.001299][   T30] audit: type=1400 audit(1776976201.700:355): avc:  denied  { create } for  pid=7171 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  167.004933][ T7174] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pid=7174 comm=syz.0.302
[  167.067835][   T30] audit: type=1400 audit(1776976201.700:356): avc:  denied  { connect } for  pid=7171 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  167.129399][   T30] audit: type=1400 audit(1776976201.790:357): avc:  denied  { accept } for  pid=7146 comm="syz.1.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  167.416926][ T5906] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  167.516789][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  167.581423][   T30] audit: type=1400 audit(1776976202.270:358): avc:  denied  { read write } for  pid=7188 comm="syz.3.306" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  167.609709][ T7191] warning: `syz.3.306' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  167.624661][   T30] audit: type=1400 audit(1776976202.280:359): avc:  denied  { open } for  pid=7188 comm="syz.3.306" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  167.814073][ T5878] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  168.327078][ T7193] Context (ID=0x0) not attached to queue pair (handle=0x4d3:0x1ffff)
[  168.393825][ T7195] FAULT_INJECTION: forcing a failure.
[  168.393825][ T7195] name failslab, interval 1, probability 0, space 0, times 0
[  168.419716][ T7195] CPU: 0 UID: 0 PID: 7195 Comm: syz.0.308 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  168.419744][ T7195] Tainted: [L]=SOFTLOCKUP
[  168.419750][ T7195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  168.419760][ T7195] Call Trace:
[  168.419766][ T7195]  <TASK>
[  168.419772][ T7195]  dump_stack_lvl+0x100/0x190
[  168.419799][ T7195]  should_fail_ex.cold+0x5/0xa
[  168.419825][ T7195]  ? tomoyo_realpath_from_path+0xb6/0x690
[  168.419847][ T7195]  should_failslab+0xc2/0x120
[  168.419868][ T7195]  __kmalloc_noprof+0xe0/0x850
[  168.419891][ T7195]  ? kfree+0x1dd/0x6c0
[  168.419917][ T7195]  tomoyo_realpath_from_path+0xb6/0x690
[  168.419944][ T7195]  tomoyo_path_number_perm+0x23c/0x580
[  168.419962][ T7195]  ? tomoyo_path_number_perm+0x22e/0x580
[  168.419982][ T7195]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  168.420028][ T7195]  ? find_held_lock+0x2b/0x80
[  168.420044][ T7195]  ? __fget_files+0x215/0x3d0
[  168.420064][ T7195]  ? hook_file_ioctl_common+0x149/0x410
[  168.420086][ T7195]  ? __fget_files+0x215/0x3d0
[  168.420109][ T7195]  ? __fget_files+0x21f/0x3d0
[  168.420133][ T7195]  security_file_ioctl+0xd3/0x230
[  168.420154][ T7195]  __x64_sys_ioctl+0xb7/0x210
[  168.420173][ T7195]  do_syscall_64+0x10b/0xf80
[  168.420198][ T7195]  ? clear_bhb_loop+0x40/0x90
[  168.420220][ T7195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  168.420237][ T7195] RIP: 0033:0x7f8f2559c819
[  168.420252][ T7195] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  168.420268][ T7195] RSP: 002b:00007f8f264b0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  168.420285][ T7195] RAX: ffffffffffffffda RBX: 00007f8f25815fa0 RCX: 00007f8f2559c819
[  168.420296][ T7195] RDX: 00002000000003c0 RSI: 00000000000007a9 RDI: 0000000000000003
[  168.420306][ T7195] RBP: 00007f8f264b0090 R08: 0000000000000000 R09: 0000000000000000
[  168.420316][ T7195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.420326][ T7195] R13: 00007f8f25816038 R14: 00007f8f25815fa0 R15: 00007ffe732a96d8
[  168.420351][ T7195]  </TASK>
[  168.420370][ T7195] ERROR: Out of memory at tomoyo_realpath_from_path.
[  168.476911][ T5951] gspca_main: spca506-2.14.0 probing 99fa:8988
[  168.512000][ T7195] Context (ID=0x0) not attached to queue pair (handle=0x4d3:0x1ffff)
[  168.516517][ T5878] usb 5-1: Using ep0 maxpacket: 16
[  168.566880][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  168.639806][   T30] audit: type=1400 audit(1776976203.340:360): avc:  denied  { write } for  pid=7196 comm="syz.3.309" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  168.696541][ T5906] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.706836][ T5906] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  168.720933][ T5906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.730102][ T5951] usb 2-1: USB disconnect, device number 4
[  168.743410][ T5906] usb 3-1: config 0 descriptor??
[  168.750968][ T5878] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  168.760647][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.771973][ T5878] usb 5-1: Product: syz
[  168.783568][ T5878] usb 5-1: Manufacturer: syz
[  168.788430][ T5878] usb 5-1: SerialNumber: syz
[  168.817344][ T5878] usb 5-1: config 0 descriptor??
[  168.835623][   T30] audit: type=1400 audit(1776976203.530:361): avc:  denied  { create } for  pid=7196 comm="syz.3.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  168.840813][ T7200] fuse: Bad value for 'fd'
[  168.903416][   T30] audit: type=1400 audit(1776976203.530:362): avc:  denied  { write } for  pid=7196 comm="syz.3.309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  169.001636][ T7210] FAULT_INJECTION: forcing a failure.
[  169.001636][ T7210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  169.015258][ T7210] CPU: 1 UID: 0 PID: 7210 Comm: syz.0.312 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  169.015285][ T7210] Tainted: [L]=SOFTLOCKUP
[  169.015294][ T7210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  169.015301][ T7210] Call Trace:
[  169.015305][ T7210]  <TASK>
[  169.015309][ T7210]  dump_stack_lvl+0x100/0x190
[  169.015326][ T7210]  should_fail_ex.cold+0x5/0xa
[  169.015341][ T7210]  _copy_from_user+0x2e/0xd0
[  169.015356][ T7210]  copy_msghdr_from_user+0x9f/0x4f0
[  169.015373][ T7210]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  169.015393][ T7210]  ___sys_sendmsg+0x106/0x1e0
[  169.015407][ T7210]  ? __pfx____sys_sendmsg+0x10/0x10
[  169.015436][ T7210]  __sys_sendmsg+0x170/0x220
[  169.015452][ T7210]  ? __pfx___sys_sendmsg+0x10/0x10
[  169.015474][ T7210]  ? rcu_is_watching+0x12/0xc0
[  169.015492][ T7210]  do_syscall_64+0x10b/0xf80
[  169.015506][ T7210]  ? clear_bhb_loop+0x40/0x90
[  169.015519][ T7210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.015531][ T7210] RIP: 0033:0x7f8f2559c819
[  169.015544][ T7210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  169.015560][ T7210] RSP: 002b:00007f8f264b0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  169.015576][ T7210] RAX: ffffffffffffffda RBX: 00007f8f25815fa0 RCX: 00007f8f2559c819
[  169.015587][ T7210] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  169.015594][ T7210] RBP: 00007f8f264b0090 R08: 0000000000000000 R09: 0000000000000000
[  169.015603][ T7210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  169.015618][ T7210] R13: 00007f8f25816038 R14: 00007f8f25815fa0 R15: 00007ffe732a96d8
[  169.015640][ T7210]  </TASK>
[  169.264812][ T7208] input: syz0 as /devices/virtual/input/input8
[  169.299277][   T30] audit: type=1400 audit(1776976203.990:363): avc:  denied  { execute } for  pid=7202 comm="syz.1.310" name="file0" dev="tmpfs" ino=341 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  169.432783][ T5878] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  169.442210][ T5906] ath6kl: mismatched byte count 0 vs. expected 12
[  169.456631][ T5906] ath6kl: Failed to init ath6kl core: -22
[  169.464221][   T30] audit: type=1400 audit(1776976203.990:364): avc:  denied  { execute_no_trans } for  pid=7202 comm="syz.1.310" path="/56/file0" dev="tmpfs" ino=341 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  169.501061][ T5878] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  169.575402][ T7215] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  169.668277][ T5831] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  169.687845][ T7186] dtv5100: wlen = 0, aborting.
[  169.959491][ T5906] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -22
[  169.997816][ T5878] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  170.009620][ T5878] usb 5-1: media controller created
[  170.025727][ T5878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  170.078158][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.4.305'.
[  170.294898][ T5878] zl10353_read_register: readreg error (reg=127, ret==0)
[  170.323465][ T5878] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  170.789175][ T5951] libceph: connect (1)[c::]:6789 error -101
[  170.803117][ T5878] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  170.820606][ T5951] libceph: mon0 (1)[c::]:6789 connect error
[  170.854104][ T5878] usb 5-1: USB disconnect, device number 6
[  170.984994][ T7224] ceph: No mds server is up or the cluster is laggy
[  171.069881][ T5885] usb 3-1: USB disconnect, device number 5
[  171.117186][ T5878] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  171.395240][ T7238] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  171.403990][  T804] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  171.468246][ T5831] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  171.830584][ T7240] FAULT_INJECTION: forcing a failure.
[  171.830584][ T7240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  171.851004][ T7240] CPU: 1 UID: 0 PID: 7240 Comm: syz.4.319 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  171.851026][ T7240] Tainted: [L]=SOFTLOCKUP
[  171.851029][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  171.851035][ T7240] Call Trace:
[  171.851039][ T7240]  <TASK>
[  171.851044][ T7240]  dump_stack_lvl+0x100/0x190
[  171.851061][ T7240]  should_fail_ex.cold+0x5/0xa
[  171.851077][ T7240]  _copy_from_user+0x2e/0xd0
[  171.851092][ T7240]  input_event_from_user+0x123/0x310
[  171.851105][ T7240]  ? __pfx_input_event_from_user+0x10/0x10
[  171.851121][ T7240]  evdev_write+0x342/0x610
[  171.851135][ T7240]  ? __pfx_evdev_write+0x10/0x10
[  171.851148][ T7240]  ? bpf_lsm_file_permission+0x9/0x10
[  171.851165][ T7240]  ? security_file_permission+0x76/0x210
[  171.851179][ T7240]  ? rw_verify_area+0xce/0x6d0
[  171.851197][ T7240]  vfs_write+0x2aa/0x1070
[  171.851208][ T7240]  ? __pfx_evdev_write+0x10/0x10
[  171.851221][ T7240]  ? __pfx_vfs_write+0x10/0x10
[  171.851230][ T7240]  ? find_held_lock+0x2b/0x80
[  171.851240][ T7240]  ? __fget_files+0x215/0x3d0
[  171.851252][ T7240]  ? __fget_files+0x215/0x3d0
[  171.851267][ T7240]  ? __fget_files+0x21f/0x3d0
[  171.851283][ T7240]  ksys_write+0x1f8/0x250
[  171.851294][ T7240]  ? __pfx_ksys_write+0x10/0x10
[  171.851307][ T7240]  ? rcu_is_watching+0x12/0xc0
[  171.851331][ T7240]  do_syscall_64+0x10b/0xf80
[  171.851348][ T7240]  ? clear_bhb_loop+0x40/0x90
[  171.851361][ T7240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.851372][ T7240] RIP: 0033:0x7f25a939c819
[  171.851382][ T7240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  171.851392][ T7240] RSP: 002b:00007f25a75ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  171.851403][ T7240] RAX: ffffffffffffffda RBX: 00007f25a9615fa0 RCX: 00007f25a939c819
[  171.851410][ T7240] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000005
[  171.851416][ T7240] RBP: 00007f25a75ee090 R08: 0000000000000000 R09: 0000000000000000
[  171.851422][ T7240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  171.851427][ T7240] R13: 00007f25a9616038 R14: 00007f25a9615fa0 R15: 00007ffd8c592a78
[  171.851441][ T7240]  </TASK>
[  171.947035][  T804] usb 1-1: Using ep0 maxpacket: 8
[  172.168727][  T804] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  172.181855][  T804] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.251187][  T804] usb 1-1: Product: syz
[  172.255503][  T804] usb 1-1: Manufacturer: syz
[  172.263880][  T804] usb 1-1: SerialNumber: syz
[  172.305764][  T804] usb 1-1: config 0 descriptor??
[  172.906618][  T804] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  173.985992][ T7266] netlink: 156 bytes leftover after parsing attributes in process `syz.1.326'.
[  174.072554][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  174.072590][   T30] audit: type=1400 audit(1776976208.770:369): avc:  denied  { ioctl } for  pid=7268 comm="syz.3.328" path="socket:[13626]" dev="sockfs" ino=13626 ioctlcmd=0x671f scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  174.192401][ T7272] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  174.871527][ T5825] Bluetooth: hci0: Unable to find connection with handle 0x00c8
[  175.240395][ T7281] netlink: 24 bytes leftover after parsing attributes in process `syz.4.331'.
[  175.451531][  T804] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  176.119554][  T804] usb 1-1: USB disconnect, device number 6
[  176.650848][ T7260] ceph: No mds server is up or the cluster is laggy
[  176.681933][   T30] audit: type=1400 audit(1776976211.380:370): avc:  denied  { write } for  pid=7283 comm="syz.4.333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  178.865541][   T30] audit: type=1400 audit(1776976212.760:371): avc:  denied  { getopt } for  pid=7309 comm="syz.1.340" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  178.885938][   T30] audit: type=1400 audit(1776976213.550:372): avc:  denied  { mount } for  pid=7310 comm="syz.0.339" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  178.976936][   T30] audit: type=1400 audit(1776976213.550:373): avc:  denied  { remount } for  pid=7310 comm="syz.0.339" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  179.098069][ T7324] netlink: 220 bytes leftover after parsing attributes in process `syz.0.339'.
[  179.108190][ T7324] netlink: 'syz.0.339': attribute type 2 has an invalid length.
[  179.125206][  T804] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  179.355611][   T30] audit: type=1326 audit(1776976214.030:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.386920][   T30] audit: type=1326 audit(1776976214.030:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.488969][  T804] usb 2-1: unable to get BOS descriptor or descriptor too short
[  179.524684][   T30] audit: type=1326 audit(1776976214.030:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.548435][   T30] audit: type=1326 audit(1776976214.030:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.577618][   T30] audit: type=1326 audit(1776976214.030:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.601226][   T30] audit: type=1326 audit(1776976214.030:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.624597][  T804] usb 2-1: config 194 has 0 interfaces, different from the descriptor's value: 1
[  179.634294][  T804] usb 2-1: string descriptor 0 read error: -22
[  179.634396][  T804] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=b0.85
[  179.634418][  T804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.661347][ T7330] 9pnet_virtio: no channels available for device syz
[  179.662527][   T30] audit: type=1326 audit(1776976214.030:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7310 comm="syz.0.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f2559c819 code=0x7fc00000
[  179.690815][ T7333] netlink: 4 bytes leftover after parsing attributes in process `syz.0.343'.
[  179.801331][ T7333] hsr_slave_1 (unregistering): left promiscuous mode
[  179.814738][   T30] audit: type=1400 audit(1776976214.510:381): avc:  denied  { append } for  pid=7329 comm="syz.2.344" name="sg0" dev="devtmpfs" ino=817 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  179.846210][ T7316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  179.855248][ T7316] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  179.929922][ T5878] libceph: connect (1)[c::]:6789 error -101
[  179.938936][ T5878] libceph: mon0 (1)[c::]:6789 connect error
[  180.059331][ T7343] netlink: 156 bytes leftover after parsing attributes in process `syz.0.345'.
[  180.223232][ T5906] libceph: connect (1)[c::]:6789 error -101
[  180.227551][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  180.739966][ T5906] libceph: connect (1)[c::]:6789 error -101
[  180.790978][ T7336] ceph: No mds server is up or the cluster is laggy
[  180.799911][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  180.977246][ T5906] usb 2-1: USB disconnect, device number 5
[  181.107263][   T30] audit: type=1400 audit(1776976215.760:382): avc:  denied  { name_bind } for  pid=7355 comm="syz.2.350" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  181.115724][ T7357] FAULT_INJECTION: forcing a failure.
[  181.115724][ T7357] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  181.115752][ T7357] CPU: 0 UID: 0 PID: 7357 Comm: syz.2.350 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  181.115772][ T7357] Tainted: [L]=SOFTLOCKUP
[  181.115776][ T7357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  181.115784][ T7357] Call Trace:
[  181.115789][ T7357]  <TASK>
[  181.115794][ T7357]  dump_stack_lvl+0x100/0x190
[  181.115816][ T7357]  should_fail_ex.cold+0x5/0xa
[  181.115837][ T7357]  _copy_from_user+0x2e/0xd0
[  181.115856][ T7357]  do_ip6t_set_ctl+0x8d4/0xba0
[  181.115877][ T7357]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  181.115896][ T7357]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  181.115928][ T7357]  ? nf_sockopt_find.isra.0+0x222/0x290
[  181.115953][ T7357]  nf_setsockopt+0x8d/0xf0
[  181.115979][ T7357]  ipv6_setsockopt+0x135/0x170
[  181.116003][ T7357]  rawv6_setsockopt+0xee/0x5a0
[  181.116021][ T7357]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  181.116039][ T7357]  ? selinux_socket_setsockopt+0x6a/0x80
[  181.116057][ T7357]  ? sock_common_setsockopt+0x2e/0xf0
[  181.116078][ T7357]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  181.116099][ T7357]  do_sock_setsockopt+0xf3/0x1d0
[  181.116121][ T7357]  __sys_setsockopt+0x195/0x220
[  181.116152][ T7357]  __x64_sys_setsockopt+0xbd/0x160
[  181.116177][ T7357]  ? do_syscall_64+0x90/0xf80
[  181.116202][ T7357]  ? lockdep_hardirqs_on+0x78/0x100
[  181.116226][ T7357]  do_syscall_64+0x10b/0xf80
[  181.116268][ T7357]  ? clear_bhb_loop+0x40/0x90
[  181.116291][ T7357]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.116310][ T7357] RIP: 0033:0x7f4da2d9c819
[  181.116325][ T7357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  181.116342][ T7357] RSP: 002b:00007f4da3c22028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  181.116360][ T7357] RAX: ffffffffffffffda RBX: 00007f4da3016090 RCX: 00007f4da2d9c819
[  181.116371][ T7357] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000007
[  181.116381][ T7357] RBP: 00007f4da3c22090 R08: 0000000000000528 R09: 0000000000000000
[  181.116391][ T7357] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000001
[  181.116401][ T7357] R13: 00007f4da3016128 R14: 00007f4da3016090 R15: 00007ffd5af4d468
[  181.116424][ T7357]  </TASK>
[  182.088822][ T5885] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  182.212032][   T30] audit: type=1400 audit(1776976216.910:383): avc:  denied  { ioctl } for  pid=7362 comm="syz.0.354" path="socket:[14646]" dev="sockfs" ino=14646 ioctlcmd=0x8932 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  182.237599][ T5885] usb 5-1: Using ep0 maxpacket: 8
[  182.239595][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  182.239624][ T5885] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  182.239646][ T5885] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  182.239682][ T5885] usb 5-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  182.239704][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.241848][ T5885] usb 5-1: config 0 descriptor??
[  182.738573][  T804] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  183.086984][  T804] usb 4-1: Using ep0 maxpacket: 32
[  183.118554][  T804] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  183.118655][  T804] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  183.118700][  T804] usb 4-1: config 0 has no interface number 0
[  183.118864][  T804] usb 4-1: config 0 interface 1 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  183.118951][  T804] usb 4-1: config 0 interface 1 has no altsetting 0
[  183.141912][  T804] usb 4-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  183.141982][  T804] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.142051][  T804] usb 4-1: Product: syz
[  183.142093][  T804] usb 4-1: Manufacturer: syz
[  183.142136][  T804] usb 4-1: SerialNumber: syz
[  183.179988][ T7354] openvswitch: netlink: EtherType 50a is less than min 600
[  183.205853][  T804] usb 4-1: config 0 descriptor??
[  183.224056][  T804] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  183.224090][  T804] cx231xx 4-1:0.1: Not found matching IAD interface
[  183.634979][ T5885] usbhid 5-1:0.0: can't add hid device: -71
[  183.635065][ T5885] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  183.654601][ T5885] usb 5-1: USB disconnect, device number 7
[  183.738589][ T5886] usb 4-1: USB disconnect, device number 5
[  184.048030][ T7379] 9pnet_virtio: no channels available for device syz
[  184.204841][ T7374] netlink: 40 bytes leftover after parsing attributes in process `syz.0.356'.
[  185.123608][ T7395] netlink: 24 bytes leftover after parsing attributes in process `syz.1.360'.
[  185.972591][ T5885] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  186.128861][ T5885] usb 5-1: unable to get BOS descriptor or descriptor too short
[  186.444560][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  186.444577][   T30] audit: type=1400 audit(1776976221.140:395): avc:  denied  { write } for  pid=7398 comm="syz.0.363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  186.548524][ T5885] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7
[  186.780740][ T5885] usb 5-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40
[  186.806101][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.826269][ T5885] usb 5-1: Product: syz
[  186.837123][ T5885] usb 5-1: Manufacturer: syz
[  186.846109][ T5885] usb 5-1: SerialNumber: syz
[  187.118490][ T7416] netlink: 24 bytes leftover after parsing attributes in process `syz.2.367'.
[  188.308093][ T5885] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  188.316484][ T5885] usb 5-1: 2:1 : unknown format tag 0x4 is detected.  processed as MPEG.
[  188.393335][ T5885] usb 5-1: found format II with max.bitrate = 4, frame size=7372
[  188.472088][ T7420] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  188.629469][ T5831] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  188.747420][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  188.805688][ T5885] usb 5-1: parse_audio_format_rates_v2v3(): unable to retrieve number of sample rates (clock 0)
[  188.828812][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  188.930592][ T5885] usb 5-1: USB disconnect, device number 8
[  189.200914][ T7431] 9pnet_virtio: no channels available for device syz
[  189.519802][   T30] audit: type=1400 audit(1776976224.220:396): avc:  denied  { create } for  pid=7430 comm="syz.4.373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  189.530192][ T5816] udevd[5816]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  189.604608][   T30] audit: type=1400 audit(1776976224.220:397): avc:  denied  { read } for  pid=7430 comm="syz.4.373" path="socket:[14979]" dev="sockfs" ino=14979 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  191.013890][ T7444] overlayfs: failed to resolve './file1': -2
[  191.300935][ T5906] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  191.433107][ T7459] netlink: 24 bytes leftover after parsing attributes in process `syz.0.380'.
[  192.725461][ T5886] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  192.736630][ T7458] FAULT_INJECTION: forcing a failure.
[  192.736630][ T7458] name failslab, interval 1, probability 0, space 0, times 0
[  192.750207][ T7458] CPU: 1 UID: 0 PID: 7458 Comm: syz.4.381 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  192.750224][ T7458] Tainted: [L]=SOFTLOCKUP
[  192.750228][ T7458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  192.750234][ T7458] Call Trace:
[  192.750238][ T7458]  <TASK>
[  192.750242][ T7458]  dump_stack_lvl+0x100/0x190
[  192.750258][ T7458]  should_fail_ex.cold+0x5/0xa
[  192.750273][ T7458]  should_failslab+0xc2/0x120
[  192.750285][ T7458]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  192.750301][ T7458]  ? skb_clone+0x190/0x400
[  192.750320][ T7458]  skb_clone+0x190/0x400
[  192.750336][ T7458]  netlink_deliver_tap+0xaed/0xcc0
[  192.750352][ T7458]  netlink_unicast+0x62b/0x850
[  192.750366][ T7458]  ? __pfx_netlink_unicast+0x10/0x10
[  192.750382][ T7458]  netlink_sendmsg+0x8b0/0xda0
[  192.750396][ T7458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.750408][ T7458]  ? __might_fault+0x30/0x140
[  192.750427][ T7458]  ____sys_sendmsg+0x9e1/0xb70
[  192.750438][ T7458]  ? __pfx_netlink_sendmsg+0x10/0x10
[  192.750456][ T7458]  ? __pfx_____sys_sendmsg+0x10/0x10
[  192.750474][ T7458]  ___sys_sendmsg+0x190/0x1e0
[  192.750488][ T7458]  ? __pfx____sys_sendmsg+0x10/0x10
[  192.750515][ T7458]  __sys_sendmsg+0x170/0x220
[  192.750532][ T7458]  ? __pfx___sys_sendmsg+0x10/0x10
[  192.750553][ T7458]  ? rcu_is_watching+0x12/0xc0
[  192.750571][ T7458]  do_syscall_64+0x10b/0xf80
[  192.750586][ T7458]  ? clear_bhb_loop+0x40/0x90
[  192.750599][ T7458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.750610][ T7458] RIP: 0033:0x7f25a939c819
[  192.750619][ T7458] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  192.750630][ T7458] RSP: 002b:00007f25a75ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  192.750640][ T7458] RAX: ffffffffffffffda RBX: 00007f25a9615fa0 RCX: 00007f25a939c819
[  192.750647][ T7458] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003
[  192.750653][ T7458] RBP: 00007f25a75ee090 R08: 0000000000000000 R09: 0000000000000000
[  192.750659][ T7458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.750665][ T7458] R13: 00007f25a9616038 R14: 00007f25a9615fa0 R15: 00007ffd8c592a78
[  192.750678][ T7458]  </TASK>
[  192.758593][ T7448] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  192.858093][ T5906] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  192.957331][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  193.292816][ T5886] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.303110][ T7466] input: syz0 as /devices/virtual/input/input9
[  193.304347][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.370530][ T5886] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  193.374015][ T5906] usb 2-1: config 0 descriptor??
[  193.387322][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.393921][ T5906] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  193.412743][ T5886] usb 3-1: Product: syz
[  193.418508][   T30] audit: type=1400 audit(1776976228.110:398): avc:  denied  { read } for  pid=7465 comm="syz.3.384" path="socket:[14058]" dev="sockfs" ino=14058 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  193.445341][ T5886] usb 3-1: Manufacturer: syz
[  193.455675][ T5886] usb 3-1: SerialNumber: syz
[  193.467211][   T30] audit: type=1400 audit(1776976228.170:399): avc:  denied  { getopt } for  pid=7465 comm="syz.3.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  193.488478][ T5886] usb 3-1: config 0 descriptor??
[  193.506123][ T5886] iowarrior 3-1:0.0: no interrupt-in endpoint found
[  193.710040][ T7453] overlayfs: missing 'lowerdir'
[  193.718117][ T5951] usb 3-1: USB disconnect, device number 6
[  194.128444][ T7477] 9pnet_virtio: no channels available for device syz
[  195.245651][   T30] audit: type=1400 audit(1776976229.940:400): avc:  denied  { connect } for  pid=7447 comm="syz.1.378" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  195.320984][   T30] audit: type=1400 audit(1776976229.990:401): avc:  denied  { write } for  pid=7447 comm="syz.1.378" laddr=fe80::16 lport=255 faddr=ff01::1 fport=65534 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  195.362182][ T7485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.607176][ T7485] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.644015][ T5906] gspca_stv06xx: I2C: Read error writing address: -71
[  195.668630][ T5906] usb 2-1: USB disconnect, device number 6
[  195.863508][   T30] audit: type=1400 audit(1776976230.430:402): avc:  denied  { write } for  pid=7484 comm="syz.4.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  196.135559][ T7491] Dead loop on virtual device ip6_vti0 (net 37), fix it urgently!
[  196.342238][   T30] audit: type=1400 audit(1776976231.040:403): avc:  denied  { shutdown } for  pid=7492 comm="syz.0.390" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  196.477902][   T30] audit: type=1400 audit(1776976231.180:404): avc:  denied  { write } for  pid=7504 comm="syz.4.396" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.540000][   T30] audit: type=1400 audit(1776976231.180:405): avc:  denied  { open } for  pid=7504 comm="syz.4.396" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.587433][   T30] audit: type=1400 audit(1776976231.220:406): avc:  denied  { ioctl } for  pid=7504 comm="syz.4.396" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.736910][ T5951] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  196.761280][   T30] audit: type=1400 audit(1776976231.460:407): avc:  denied  { read } for  pid=7510 comm="syz.1.398" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.967559][ T5951] usb 4-1: Using ep0 maxpacket: 32
[  196.978190][ T5951] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  196.998159][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.008552][ T7515] 9pnet_virtio: no channels available for device syz
[  197.030048][ T5951] usb 4-1: Product: syz
[  197.049489][ T5951] usb 4-1: Manufacturer: syz
[  197.065702][ T5951] usb 4-1: SerialNumber: syz
[  197.093114][ T5951] usb 4-1: config 0 descriptor??
[  197.119248][ T5951] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  197.734975][ T7503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.778069][ T7503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.846805][ T5951] gspca_topro: reg_r err -71
[  198.853333][ T5951] gspca_topro: Sensor soi763a
[  198.898572][ T5951] usb 4-1: USB disconnect, device number 6
[  198.901963][ T7533] netlink: 156 bytes leftover after parsing attributes in process `syz.1.403'.
[  199.128513][ T7536] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  199.167594][ T5831] Bluetooth: hci2: Unable to find connection with handle 0x00c8
[  199.619642][ T7527] ceph: No mds server is up or the cluster is laggy
[  199.791426][   T30] audit: type=1400 audit(1776976234.490:408): avc:  denied  { accept } for  pid=7538 comm="syz.4.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  200.024005][   T30] audit: type=1400 audit(1776976234.630:409): avc:  denied  { setopt } for  pid=7538 comm="syz.4.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  200.074114][ T5933] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  200.206632][   T30] audit: type=1400 audit(1776976234.640:410): avc:  denied  { ioctl } for  pid=7540 comm="syz.3.407" path="/dev/vhost-vsock" dev="devtmpfs" ino=1275 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  200.288568][ T7543] Driver unsupported XDP return value 0 on prog  (id 23) dev N/A, expect packet loss!
[  200.306796][   T30] audit: type=1400 audit(1776976235.000:411): avc:  denied  { name_connect } for  pid=7551 comm="syz.2.408" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  200.417282][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'.
[  200.442730][ T5933] usb 1-1: Using ep0 maxpacket: 8
[  200.461218][ T5933] usb 1-1: config index 0 descriptor too short (expected 1307, got 27)
[  200.471755][ T5933] usb 1-1: config 0 has an invalid interface number: 0 but max is -1
[  200.481342][ T5933] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  200.492188][ T5933] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0
[  200.502908][ T5933] usb 1-1: too many endpoints for config 0 interface 0 altsetting 255: 255, using maximum allowed: 30
[  201.069303][ T5933] usb 1-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  201.083758][ T5933] usb 1-1: config 0 interface 0 has no altsetting 0
[  201.189015][ T5933] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  201.204222][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.212639][ T5933] usb 1-1: Product: syz
[  201.217559][ T5933] usb 1-1: Manufacturer: syz
[  201.224289][ T5933] usb 1-1: SerialNumber: syz
[  201.240413][ T5933] usb 1-1: config 0 descriptor??
[  201.539646][ T7568] 9pnet_virtio: no channels available for device syz
[  201.550343][ T7567] syzkaller0: entered promiscuous mode
[  201.555846][ T7567] syzkaller0: entered allmulticast mode
[  202.296804][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  202.440210][ T7571] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  202.663169][ T7584] netlink: 28 bytes leftover after parsing attributes in process `syz.2.419'.
[  202.837099][ T5885] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  202.967065][ T5886] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  203.117368][ T5885] usb 2-1: Using ep0 maxpacket: 16
[  203.267347][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  203.379010][ T5886] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  203.445715][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  203.509692][ T5886] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.635006][ T5885] usb 2-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  203.655895][ T5886] usb 3-1: Product: syz
[  203.682869][   T30] audit: type=1400 audit(1776976238.370:412): avc:  denied  { read } for  pid=7585 comm="syz.4.420" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  203.734265][ T5886] usb 3-1: Manufacturer: syz
[  203.790793][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.801920][ T5886] usb 3-1: SerialNumber: syz
[  204.013614][   T30] audit: type=1400 audit(1776976238.410:413): avc:  denied  { open } for  pid=7585 comm="syz.4.420" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  204.038947][ T5885] usb 2-1: config 0 descriptor??
[  204.091103][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  204.172632][ T7588] syz.4.420 uses obsolete (PF_INET,SOCK_PACKET)
[  204.221750][ T5886] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  204.518411][   T30] audit: type=1400 audit(1776976238.430:414): avc:  denied  { ioctl } for  pid=7585 comm="syz.4.420" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  204.585408][ T5933] hub 1-1:0.0: bad descriptor, ignoring hub
[  204.622809][   T10] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  204.634059][ T5933] hub 1-1:0.0: probe with driver hub failed with error -5
[  204.721078][ T5933] usb 1-1: USB disconnect, device number 7
[  204.831841][ T7594] netlink: 120 bytes leftover after parsing attributes in process `syz.0.421'.
[  204.856707][ T7594] netlink: 48 bytes leftover after parsing attributes in process `syz.0.421'.
[  204.885766][ T7595] netlink: 120 bytes leftover after parsing attributes in process `syz.0.421'.
[  204.896597][ T7595] netlink: 48 bytes leftover after parsing attributes in process `syz.0.421'.
[  205.100351][ T5952] usb 3-1: USB disconnect, device number 7
[  205.375203][ T5885] usbhid 2-1:0.0: can't add hid device: -71
[  205.383404][ T5885] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  205.814628][   T10] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  205.823180][ T5885] usb 2-1: USB disconnect, device number 7
[  205.836497][   T10] ath9k_htc: Failed to initialize the device
[  205.866173][ T5952] usb 3-1: ath9k_htc: USB layer deinitialized
[  207.270523][ T7628] FAULT_INJECTION: forcing a failure.
[  207.270523][ T7628] name failslab, interval 1, probability 0, space 0, times 0
[  207.290462][ T7628] CPU: 0 UID: 0 PID: 7628 Comm: syz.3.432 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  207.290489][ T7628] Tainted: [L]=SOFTLOCKUP
[  207.290494][ T7628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  207.290504][ T7628] Call Trace:
[  207.290509][ T7628]  <TASK>
[  207.290515][ T7628]  dump_stack_lvl+0x100/0x190
[  207.290542][ T7628]  should_fail_ex.cold+0x5/0xa
[  207.290566][ T7628]  should_failslab+0xc2/0x120
[  207.290584][ T7628]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  207.290606][ T7628]  ? skb_clone+0x190/0x400
[  207.290638][ T7628]  skb_clone+0x190/0x400
[  207.290664][ T7628]  netlink_deliver_tap+0xaed/0xcc0
[  207.290687][ T7628]  netlink_unicast+0x62b/0x850
[  207.290711][ T7628]  ? __pfx_netlink_unicast+0x10/0x10
[  207.290738][ T7628]  netlink_sendmsg+0x8b0/0xda0
[  207.290761][ T7628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.290779][ T7628]  ? __might_fault+0x30/0x140
[  207.290808][ T7628]  ____sys_sendmsg+0x9e1/0xb70
[  207.290828][ T7628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  207.290850][ T7628]  ? __pfx_____sys_sendmsg+0x10/0x10
[  207.290880][ T7628]  ___sys_sendmsg+0x190/0x1e0
[  207.290903][ T7628]  ? __pfx____sys_sendmsg+0x10/0x10
[  207.290951][ T7628]  __sys_sendmsg+0x170/0x220
[  207.290977][ T7628]  ? __pfx___sys_sendmsg+0x10/0x10
[  207.291012][ T7628]  ? rcu_is_watching+0x12/0xc0
[  207.291040][ T7628]  do_syscall_64+0x10b/0xf80
[  207.291073][ T7628]  ? clear_bhb_loop+0x40/0x90
[  207.291095][ T7628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.291111][ T7628] RIP: 0033:0x7f21d239c819
[  207.291125][ T7628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  207.291140][ T7628] RSP: 002b:00007f21d3337028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  207.291156][ T7628] RAX: ffffffffffffffda RBX: 00007f21d2615fa0 RCX: 00007f21d239c819
[  207.291167][ T7628] RDX: 0000000024004800 RSI: 0000200000000000 RDI: 0000000000000003
[  207.291178][ T7628] RBP: 00007f21d3337090 R08: 0000000000000000 R09: 0000000000000000
[  207.291187][ T7628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.291196][ T7628] R13: 00007f21d2616038 R14: 00007f21d2615fa0 R15: 00007ffd280877c8
[  207.291219][ T7628]  </TASK>
[  207.579070][ T5885] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  207.779186][ T5885] usb 1-1: device descriptor read/64, error -71
[  207.796522][ T7622] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  207.902474][ T7627] Bluetooth: MGMT ver 1.23
[  208.027423][ T5885] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  208.124527][ T7647] nbd: must specify at least one socket
[  208.178500][ T5885] usb 1-1: device descriptor read/64, error -71
[  208.246484][ T7651] netlink: 40 bytes leftover after parsing attributes in process `syz.3.440'.
[  208.343126][ T5885] usb usb1-port1: attempt power cycle
[  208.415719][   T30] audit: type=1400 audit(1776976243.040:415): avc:  denied  { connect } for  pid=7648 comm="syz.3.440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  208.448419][   T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  208.640098][   T10] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  208.656964][   T10] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  208.677161][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.697263][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  208.708521][   T10] gspca_main: stv0680-2.14.0 probing 041e:4007
[  208.736882][ T5885] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  208.757675][ T5885] usb 1-1: device descriptor read/8, error -71
[  209.036904][ T5825] Bluetooth: hci0: command 0x0401 tx timeout
[  209.049583][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.062719][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.075129][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01
[  209.090177][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.107133][    T9] usb 5-1: config 0 descriptor??
[  209.186857][ T5885] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  209.207214][ T5885] usb 1-1: device descriptor read/8, error -71
[  209.319167][ T5885] usb usb1-port1: unable to enumerate USB device
[  209.602501][    T9] arvo 0003:1E7D:30D4.0001: item fetching failed at offset 3/7
[  209.717779][    T9] arvo 0003:1E7D:30D4.0001: parse failed
[  209.729743][ T7650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.758570][    T9] arvo 0003:1E7D:30D4.0001: probe with driver arvo failed with error -22
[  209.775151][ T7650] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.906786][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  210.208191][ T7668] gfs2: path_lookup on ceph returned error -2
[  210.278314][   T10] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110
[  211.067715][   T10] stv0680 2-1:4.0: STV(e): camera ping failed!!
[  211.085345][ T7670] process 'syz.0.445' launched './file2' with NULL argv: empty string added
[  211.101707][   T10] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32
[  211.102186][   T30] audit: type=1400 audit(1776976245.800:416): avc:  denied  { create } for  pid=7669 comm="syz.0.445" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  211.135752][   T10] stv0680 2-1:4.0: last error: 0,  command = 0x0
[  211.161547][ T5906] usb 5-1: USB disconnect, device number 9
[  211.397030][ T5933] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  211.796837][ T5933] usb 1-1: Using ep0 maxpacket: 8
[  211.807248][ T5933] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  211.815453][ T5933] usb 1-1: config 0 has no interface number 0
[  211.829886][ T5933] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  211.856316][ T5933] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  211.886061][ T5933] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  211.905585][ T5933] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  211.919421][ T5933] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  211.930592][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.941490][ T5933] usb 1-1: config 0 descriptor??
[  211.948482][ T7689] nbd: must specify at least one socket
[  211.970972][ T5933] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  212.020581][ T7678] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  212.099222][ T5885] usb 2-1: USB disconnect, device number 8
[  212.189144][   T30] audit: type=1400 audit(1776976246.890:417): avc:  denied  { ioctl } for  pid=7695 comm="syz.1.453" path="/dev/binderfs/binder0" dev="binder" ino=7 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  212.266292][ T7699] QAT: failed to copy from user cfg_data.
[  212.276863][ T5906] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  212.411345][   T30] audit: type=1400 audit(1776976246.890:418): avc:  denied  { set_context_mgr } for  pid=7695 comm="syz.1.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  212.431527][   T30] audit: type=1400 audit(1776976246.920:419): avc:  denied  { map } for  pid=7695 comm="syz.1.453" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  212.456972][   T30] audit: type=1400 audit(1776976246.920:420): avc:  denied  { call } for  pid=7695 comm="syz.1.453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  212.475835][ T5906] usb 5-1: Using ep0 maxpacket: 16
[  212.480545][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  212.876880][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  213.357145][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  213.469159][ T5906] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  213.478364][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.501814][   T30] audit: type=1400 audit(1776976248.200:421): avc:  denied  { bind } for  pid=7686 comm="syz.2.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  214.028706][ T5906] usb 5-1: config 0 descriptor??
[  214.079235][   T30] audit: type=1400 audit(1776976248.720:422): avc:  denied  { node_bind } for  pid=7686 comm="syz.2.448" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  214.190899][ T7710] netlink: 24 bytes leftover after parsing attributes in process `syz.1.455'.
[  214.240331][   T30] audit: type=1400 audit(1776976248.940:423): avc:  denied  { transfer } for  pid=7711 comm="syz.3.456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  214.974290][ T5906] usbhid 5-1:0.0: can't add hid device: -71
[  214.995126][ T5906] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  215.056783][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  215.097708][ T5951] usb 1-1: USB disconnect, device number 12
[  215.253742][ T5906] usb 5-1: USB disconnect, device number 10
[  215.304591][ T5951] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  215.313155][   T30] audit: type=1400 audit(1776976250.010:424): avc:  denied  { mount } for  pid=7724 comm="syz.0.460" name="/" dev="configfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  215.428492][   T30] audit: type=1400 audit(1776976250.010:425): avc:  denied  { search } for  pid=7724 comm="syz.0.460" name="/" dev="configfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  215.526356][   T30] audit: type=1400 audit(1776976250.010:426): avc:  denied  { search } for  pid=7724 comm="syz.0.460" name="/" dev="configfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  215.826831][   T30] audit: type=1400 audit(1776976250.010:427): avc:  denied  { read open } for  pid=7724 comm="syz.0.460" path="/" dev="configfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  215.853462][   T30] audit: type=1400 audit(1776976250.010:428): avc:  denied  { search } for  pid=7724 comm="syz.0.460" name="/" dev="configfs" ino=134 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  215.985318][   T30] audit: type=1400 audit(1776976250.680:429): avc:  denied  { write } for  pid=7739 comm="syz.1.466" name="sg0" dev="devtmpfs" ino=817 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  216.137245][ T7746] netlink: 40 bytes leftover after parsing attributes in process `syz.4.464'.
[  216.324642][ T7733] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  216.344837][ T7749] netlink: 8 bytes leftover after parsing attributes in process `syz.1.467'.
[  216.420522][   T30] audit: type=1400 audit(1776976251.120:430): avc:  denied  { read write } for  pid=7741 comm="syz.0.465" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  216.800926][ T5933] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  217.157025][ T5933] usb 3-1: Using ep0 maxpacket: 32
[  217.168180][ T5933] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  217.186447][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.208575][ T5933] usb 3-1: Product: syz
[  217.218333][ T5933] usb 3-1: Manufacturer: syz
[  217.229681][ T5933] usb 3-1: SerialNumber: syz
[  217.243481][ T5933] usb 3-1: config 0 descriptor??
[  217.348797][ T5951] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  217.518288][ T5951] usb 2-1: Using ep0 maxpacket: 16
[  217.546000][ T5951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.563668][ T5951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.574861][ T5951] usb 2-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  217.584789][ T5951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.599842][ T5951] usb 2-1: config 0 descriptor??
[  217.648936][ T7770] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  217.836805][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  218.065154][ T5933] peak_usb 3-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  218.228757][ T7753] binder: 7750:7753 ioctl 4018620d 0 returned -22
[  218.446315][ T5933] peak_usb 3-1:0.0 can0: sending command failure: -22
[  218.453324][ T5933] peak_usb 3-1:0.0 can0: sending command failure: -22
[  218.559868][ T5933] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -22
[  218.574297][ T5933] usb 3-1: USB disconnect, device number 8
[  218.723112][ T7782] netlink: 24 bytes leftover after parsing attributes in process `syz.4.474'.
[  218.725481][ T7783] Invalid logical block size (7)
[  218.955047][ T5951] usbhid 2-1:0.0: can't add hid device: -71
[  219.020463][ T5951] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  219.214151][ T5951] usb 2-1: USB disconnect, device number 9
[  220.425159][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  220.425177][   T30] audit: type=1400 audit(1776976255.090:434): avc:  denied  { getopt } for  pid=7781 comm="syz.3.477" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  221.965912][ T7793] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  223.757222][ T5831] Bluetooth: hci0: command 0x0401 tx timeout
[  227.293646][   T30] audit: type=1400 audit(1776976261.990:435): avc:  denied  { create } for  pid=7798 comm="syz.1.481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  227.877084][ T5906] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  228.546837][ T5906] usb 1-1: Using ep0 maxpacket: 16
[  228.829458][ T7810] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  228.964811][ T5831] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  229.296518][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.573274][ T7799] Cannot find del_set index 2 as target
[  229.833278][   T30] audit: type=1400 audit(1776976264.530:436): avc:  denied  { setopt } for  pid=7798 comm="syz.1.481" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  229.886962][ T5906] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.131379][ T5906] usb 1-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  230.179148][   T30] audit: type=1400 audit(1776976264.620:437): avc:  denied  { ioctl } for  pid=7798 comm="syz.1.481" path="socket:[15900]" dev="sockfs" ino=15900 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  230.206841][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.350515][ T5906] usb 1-1: config 0 descriptor??
[  230.478816][ T5952] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  230.489081][ T5906] usb 1-1: can't set config #0, error -71
[  230.524926][ T5906] usb 1-1: USB disconnect, device number 13
[  230.641849][ T7824] netlink: 'syz.1.486': attribute type 2 has an invalid length.
[  230.724430][ T7824] netlink: 'syz.1.486': attribute type 1 has an invalid length.
[  230.741250][ T5952] usb 4-1: unable to get BOS descriptor or descriptor too short
[  230.741678][ T5952] usb 4-1: not running at top speed; connect to a high speed hub
[  230.742557][ T5952] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 4
[  230.745302][ T5952] usb 4-1: string descriptor 0 read error: -22
[  232.101336][ T5952] usb 4-1: New USB device found, idVendor=041e, idProduct=3042, bcdDevice= 0.40
[  232.115283][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.134060][ T7824] netlink: 'syz.1.486': attribute type 1 has an invalid length.
[  232.256083][ T5952] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  232.466920][ T5906] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  232.746839][ T5951] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  232.776876][ T5906] usb 3-1: Using ep0 maxpacket: 16
[  233.044393][ T5906] usb 3-1: config 3 has an invalid interface number: 155 but max is 0
[  233.083395][ T5906] usb 3-1: config 3 has an invalid interface association descriptor of length 3, skipping
[  233.127460][ T5951] usb 1-1: Using ep0 maxpacket: 32
[  233.140488][ T5906] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  233.164753][ T5951] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  233.185063][ T5906] usb 3-1: config 3 has no interface number 0
[  233.196070][ T5951] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  233.212763][ T5906] usb 3-1: config 3 interface 155 has no altsetting 0
[  233.270588][ T5951] usb 1-1: config 0 interface 0 has no altsetting 0
[  233.305285][ T5951] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  233.394333][ T5906] usb 3-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c
[  233.573754][ T5951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.715401][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.741043][ T7840] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  233.786057][ T5951] usb 1-1: Product: syz
[  233.817428][ T5906] usb 3-1: Product: syz
[  233.835798][ T5951] usb 1-1: Manufacturer: syz
[  233.844355][ T5906] usb 3-1: Manufacturer: syz
[  233.864545][ T5951] usb 1-1: SerialNumber: syz
[  233.881144][ T5906] usb 3-1: SerialNumber: syz
[  233.893652][ T5951] usb 1-1: config 0 descriptor??
[  234.195628][ T5831] Bluetooth: hci4: Unable to find connection with handle 0x00c8
[  234.226116][ T5952] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  234.403969][ T7834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  234.558988][ T7834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.379211][ T5951] gs_usb 1-1:0.0: Couldn't send data format (err=-110)
[  235.909690][ T5951] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -110
[  238.214343][ T5952] usb 4-1: USB disconnect, device number 7
[  239.653346][ T5906] uvcvideo 3-1:3.155: probe with driver uvcvideo failed with error -22
[  239.892269][ T5951] usb 1-1: USB disconnect, device number 14
[  240.000034][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  240.012425][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  240.022274][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  240.033781][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  240.049778][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  240.557035][ T5878] usb 3-1: USB disconnect, device number 9
[  242.083811][ T5825] Bluetooth: hci5: command tx timeout
[  242.537307][   T30] audit: type=1400 audit(1776976277.230:438): avc:  denied  { watch } for  pid=7854 comm="syz.0.493" path="/109/file1" dev="tmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  242.933340][   T30] audit: type=1400 audit(1776976277.230:439): avc:  denied  { watch_sb } for  pid=7854 comm="syz.0.493" path="/109/file1" dev="tmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  243.668498][   T30] audit: type=1400 audit(1776976278.370:440): avc:  denied  { read } for  pid=7867 comm="syz.3.497" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  243.991424][ T5878] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  244.192922][ T5825] Bluetooth: hci5: command tx timeout
[  244.717807][ T5878] usb 4-1: not running at top speed; connect to a high speed hub
[  244.770653][ T5878] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  244.876628][ T5878] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 66, changing to 4
[  244.981095][ T5878] usb 4-1: string descriptor 0 read error: -22
[  245.001025][ T5878] usb 4-1: New USB device found, idVendor=18d1, idProduct=2d05, bcdDevice= 0.40
[  245.036231][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.298537][ T5878] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  246.236881][ T5825] Bluetooth: hci5: command tx timeout
[  246.267889][ T5878] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  246.410723][ T5878] usb 4-1: USB disconnect, device number 8
[  246.684335][ T7876] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7876 comm=syz.2.500
[  246.945583][ T7880] netlink: 'syz.2.500': attribute type 1 has an invalid length.
[  247.326596][   T30] audit: type=1400 audit(1776976282.020:441): avc:  denied  { cmd } for  pid=7879 comm="syz.0.501" path="socket:[16298]" dev="sockfs" ino=16298 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  247.659767][ T7851] chnl_net:caif_netlink_parms(): no params data found
[  247.711449][   T30] audit: type=1400 audit(1776976282.050:442): avc:  denied  { wake_alarm } for  pid=7879 comm="syz.0.501" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  248.175343][ T7882] bond1: (slave bridge1): making interface the new active one
[  248.316926][ T5825] Bluetooth: hci5: command tx timeout
[  249.426360][ T7882] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  249.438642][ T7886] Bluetooth: hci0: Opcode 0x0401 failed: -22
[  249.854679][ T7881] netlink: 28 bytes leftover after parsing attributes in process `syz.0.501'.
[  249.866457][ T7881] netlink: 28 bytes leftover after parsing attributes in process `syz.0.501'.
[  250.273302][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  250.282154][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  250.497079][ T7901] netlink: 156 bytes leftover after parsing attributes in process `syz.0.506'.
[  251.195542][ T7907] team0 (unregistering): Port device team_slave_0 removed
[  251.275325][ T7907] team0 (unregistering): Port device team_slave_1 removed
[  254.058240][ T7920] FAULT_INJECTION: forcing a failure.
[  254.058240][ T7920] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  254.139026][ T7920] CPU: 1 UID: 0 PID: 7920 Comm: syz.0.508 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  254.139055][ T7920] Tainted: [L]=SOFTLOCKUP
[  254.139061][ T7920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  254.139070][ T7920] Call Trace:
[  254.139076][ T7920]  <TASK>
[  254.139083][ T7920]  dump_stack_lvl+0x100/0x190
[  254.139110][ T7920]  should_fail_ex.cold+0x5/0xa
[  254.139129][ T7920]  _copy_from_iter+0x1f4/0x1690
[  254.139145][ T7920]  ? __asan_memset+0x23/0x50
[  254.139161][ T7920]  ? __pfx__copy_from_iter+0x10/0x10
[  254.139175][ T7920]  ? __pfx___alloc_skb+0x10/0x10
[  254.139195][ T7920]  netlink_sendmsg+0x808/0xda0
[  254.139211][ T7920]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.139222][ T7920]  ? __might_fault+0x30/0x140
[  254.139242][ T7920]  ____sys_sendmsg+0x9e1/0xb70
[  254.139254][ T7920]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.139268][ T7920]  ? __pfx_____sys_sendmsg+0x10/0x10
[  254.139286][ T7920]  ___sys_sendmsg+0x190/0x1e0
[  254.139300][ T7920]  ? __pfx____sys_sendmsg+0x10/0x10
[  254.139329][ T7920]  __sys_sendmsg+0x170/0x220
[  254.139345][ T7920]  ? __pfx___sys_sendmsg+0x10/0x10
[  254.139367][ T7920]  ? rcu_is_watching+0x12/0xc0
[  254.139385][ T7920]  do_syscall_64+0x10b/0xf80
[  254.139401][ T7920]  ? clear_bhb_loop+0x40/0x90
[  254.139413][ T7920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.139424][ T7920] RIP: 0033:0x7f8f2559c819
[  254.139434][ T7920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  254.139444][ T7920] RSP: 002b:00007f8f2646e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  254.139455][ T7920] RAX: ffffffffffffffda RBX: 00007f8f25816180 RCX: 00007f8f2559c819
[  254.139462][ T7920] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[  254.139468][ T7920] RBP: 00007f8f2646e090 R08: 0000000000000000 R09: 0000000000000000
[  254.139474][ T7920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  254.139480][ T7920] R13: 00007f8f25816218 R14: 00007f8f25816180 R15: 00007ffe732a96d8
[  254.139493][ T7920]  </TASK>
[  255.139024][ T7851] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.209635][ T7851] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.253222][ T7851] bridge_slave_0: entered allmulticast mode
[  258.456992][ T7851] bridge_slave_0: entered promiscuous mode
[  258.611777][ T7851] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.641154][ T7851] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.774211][ T7851] bridge_slave_1: entered allmulticast mode
[  259.409319][ T7851] bridge_slave_1: entered promiscuous mode
[  260.088052][ T7851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.258587][ T7851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.267952][ T5952] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  261.178649][ T5952] usb 3-1: Using ep0 maxpacket: 32
[  261.338186][ T7851] team0: Port device team_slave_0 added
[  261.345908][ T5952] usb 3-1: config 0 has an invalid interface number: 86 but max is 0
[  261.354102][ T5952] usb 3-1: config 0 has no interface number 0
[  261.372803][ T5952] usb 3-1: config 0 interface 86 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  261.390113][ T7851] team0: Port device team_slave_1 added
[  261.402264][ T5952] usb 3-1: config 0 interface 86 altsetting 16 endpoint 0x82 has invalid maxpacket 30768, setting to 1024
[  261.793881][ T5952] usb 3-1: config 0 interface 86 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 1024
[  261.835214][ T5952] usb 3-1: config 0 interface 86 has no altsetting 0
[  262.039062][ T5952] usb 3-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=6a.32
[  262.113424][ T5952] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.709486][ T7936] netlink: 'syz.3.512': attribute type 4 has an invalid length.
[  262.732198][ T5952] usb 3-1: Product: syz
[  262.737414][ T7851] batman_adv: batadv0: Adding interface: batadv_slave_0
[  263.774148][ T7851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  263.774178][ T7851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  263.972022][ T7851] batman_adv: batadv0: Adding interface: batadv_slave_1
[  263.972040][ T7851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  263.972065][ T7851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  263.978462][ T5952] usb 3-1: Manufacturer: syz
[  263.978484][ T5952] usb 3-1: SerialNumber: syz
[  264.045853][ T5952] usb 3-1: config 0 descriptor??
[  264.121144][ T5952] usb 3-1: can't set config #0, error -71
[  264.143891][ T5952] usb 3-1: USB disconnect, device number 10
[  265.683288][ T7851] hsr_slave_0: entered promiscuous mode
[  265.684105][ T7851] hsr_slave_1: entered promiscuous mode
[  265.689280][ T7851] debugfs: 'hsr0' already exists in 'hsr'
[  265.689301][ T7851] Cannot create hsr debugfs directory
[  267.609212][   T30] audit: type=1400 audit(1776976302.200:443): avc:  denied  { read append } for  pid=7940 comm="syz.2.514" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  269.701962][ T5825] Bluetooth: hci4: Unable to find connection with handle 0x00c8
[  271.170359][ T7962] netlink: 'syz.3.519': attribute type 4 has an invalid length.
[  271.235478][ T7962] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2306 sclass=netlink_route_socket pid=7962 comm=syz.3.519
[  272.083544][   T30] audit: type=1400 audit(1776976306.770:444): avc:  denied  { listen } for  pid=7969 comm="syz.1.523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  273.745988][ T7978] delete_channel: no stack
[  278.142329][ T7977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.524'.
[  279.571566][ T7851] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  279.607640][   T30] audit: type=1400 audit(1776976314.310:445): avc:  denied  { read write } for  pid=7980 comm="syz.0.525" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  279.689617][ T7851] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  279.743826][ T7851] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  279.793754][ T5951] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  279.812999][   T30] audit: type=1400 audit(1776976314.310:446): avc:  denied  { open } for  pid=7980 comm="syz.0.525" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  279.901807][ T7851] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  279.947068][ T7986] netlink: 8 bytes leftover after parsing attributes in process `syz.2.527'.
[  279.971908][ T5951] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  279.984224][ T7851] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  282.635639][ T7851] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  282.686636][ T7851] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  282.724429][ T7851] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  283.612135][    C1] sched: DL replenish lagged too much
[  286.529480][ T7989] fido_id[7989]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  287.883391][ T5831] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  294.489201][ T7851] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.072380][   T29] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  296.197530][ T8029] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  296.936892][   T29] usb 2-1: Using ep0 maxpacket: 8
[  296.948356][   T29] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  297.487984][ T5831] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  297.533366][   T29] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  297.805579][   T29] usb 2-1: string descriptor 0 read error: -71
[  297.860782][   T29] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[  297.889179][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  297.905522][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  297.916470][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  297.925877][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  297.933527][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  297.973812][   T29] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.998854][   T29] usb 2-1: config 0 descriptor??
[  298.014316][   T29] usb 2-1: can't set config #0, error -71
[  298.042838][   T29] usb 2-1: USB disconnect, device number 10
[  298.055214][ T8034] ceph: No mds server is up or the cluster is laggy
[  298.076283][ T5906] libceph: connect (1)[c::]:6789 error -101
[  298.098460][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  298.105156][ T8039] netlink: 156 bytes leftover after parsing attributes in process `syz.2.535'.
[  299.675797][ T5951] libceph: connect (1)[c::]:6789 error -101
[  299.750108][ T5951] libceph: mon0 (1)[c::]:6789 connect error
[  300.009349][ T5825] Bluetooth: hci0: command tx timeout
[  301.259045][ T8049] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  301.376979][ T5825] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  302.076819][ T5825] Bluetooth: hci0: command tx timeout
[  302.811980][ T8058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.540'.
[  302.843919][ T8058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.540'.
[  304.236842][ T5825] Bluetooth: hci0: command tx timeout
[  309.496258][ T5825] Bluetooth: hci0: command tx timeout
[  312.195126][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  312.218427][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  313.364580][ T8063] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  313.523860][   T30] audit: type=1400 audit(1776976348.220:447): avc:  denied  { setopt } for  pid=8071 comm="syz.1.543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  313.777989][ T8077] syz.1.543 (8077): /proc/8071/oom_adj is deprecated, please use /proc/8071/oom_score_adj instead.
[  317.923769][ T8082] Cannot find set identified by id 0 to match
[  318.362591][   T30] audit: type=1400 audit(1776976353.060:448): avc:  denied  { mounton } for  pid=8081 comm="syz.3.546" path="/105/file0" dev="tmpfs" ino=612 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  318.720167][ T8082] netlink: 20 bytes leftover after parsing attributes in process `syz.3.546'.
[  319.251247][ T8085] xt_TCPMSS: Only works on TCP SYN packets
[  319.469734][ T8094] ceph: No mds server is up or the cluster is laggy
[  319.490544][ T5951] libceph: connect (1)[c::]:6789 error -101
[  319.595693][ T5951] libceph: mon0 (1)[c::]:6789 connect error
[  325.968127][ T8122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.554'.
[  328.169197][ T5906] libceph: connect (1)[c::]:6789 error -101
[  328.550697][ T8122] ceph: No mds server is up or the cluster is laggy
[  328.557656][ T5906] libceph: mon0 (1)[c::]:6789 connect error
[  328.598673][ T8032] chnl_net:caif_netlink_parms(): no params data found
[  328.629169][ T8129] netlink: 'syz.2.556': attribute type 4 has an invalid length.
[  330.728740][ T8149] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  331.432119][ T5825] Bluetooth: hci3: Unable to find connection with handle 0x00c8
[  331.680107][ T8139] ceph: No mds server is up or the cluster is laggy
[  331.776276][ T5951] libceph: mon0 (1)[c::]:6789 socket closed (con state V1_BANNER)
[  335.269115][ T8032] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.335695][ T8032] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.426515][ T8032] bridge_slave_0: entered allmulticast mode
[  335.470489][ T8032] bridge_slave_0: entered promiscuous mode
[  335.793595][ T8168] Cannot find set identified by id 0 to match
[  336.120331][ T8175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.563'.
[  336.224070][ T8168] xt_TCPMSS: Only works on TCP SYN packets
[  337.564187][ T8032] bridge0: port 2(bridge_slave_1) entered blocking state
[  337.571688][ T8032] bridge0: port 2(bridge_slave_1) entered disabled state
[  337.583097][ T8032] bridge_slave_1: entered allmulticast mode
[  337.590916][ T8032] bridge_slave_1: entered promiscuous mode
[  337.655218][ T8176] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[  337.659655][ T8178] netlink: 8 bytes leftover after parsing attributes in process `syz.1.563'.
[  337.730798][ T8176] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[  337.785263][ T8032] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  337.802172][ T8176] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  338.052350][ T8032] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  338.126019][   T30] audit: type=1400 audit(1776976372.820:449): avc:  denied  { connect } for  pid=8184 comm="syz.3.564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  339.562610][ T8187] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  339.569311][ T8187] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  339.608749][ T8187] vhci_hcd vhci_hcd.0: Device attached
[  340.043592][   T30] audit: type=1400 audit(1776976374.740:450): avc:  denied  { open } for  pid=8184 comm="syz.3.564" path="/dev/ptyqa" dev="devtmpfs" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  340.527732][ T5951] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  341.480677][ T8175] ceph: No mds server is up or the cluster is laggy
[  341.510603][ T5906] libceph: mon0 (1)[c::]:6789 socket closed (con state V1_BANNER)
[  341.649532][ T3545] bridge_slave_1: left allmulticast mode
[  341.664240][ T8188] vhci_hcd: connection reset by peer
[  341.820546][ T3545] bridge_slave_1: left promiscuous mode
[  341.839714][ T1118] vhci_hcd vhci_hcd.3: stop threads
[  341.867830][ T3545] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.904105][ T1118] vhci_hcd vhci_hcd.3: release socket
[  341.998627][ T1118] vhci_hcd vhci_hcd.3: disconnect device
[  343.695184][ T3545] bridge_slave_0: left allmulticast mode
[  343.733809][ T3545] bridge_slave_0: left promiscuous mode
[  343.766918][ T3545] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.703459][ T5951] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  351.093973][ T8220] netlink: 8 bytes leftover after parsing attributes in process `syz.3.570'.
[  351.317357][ T8220] netlink: 8 bytes leftover after parsing attributes in process `syz.3.570'.
[  351.478869][ T5831] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  351.522328][ T5831] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  351.593736][ T5831] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  351.603958][ T5831] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  351.612990][ T5831] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  351.758944][ T5906] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  352.285640][ T5951] libceph: connect (1)[c::]:6789 error -101
[  352.311512][ T5951] libceph: mon0 (1)[c::]:6789 connect error
[  352.319143][ T3545] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.450832][ T5906] usb 2-1: config 128 has an invalid interface number: 148 but max is 0
[  352.525874][ T5906] usb 2-1: config 128 has no interface number 0
[  352.545836][ T3545] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.561286][ T5906] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0
[  352.597732][ T5951] libceph: connect (1)[c::]:6789 error -101
[  352.615915][ T5906] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  352.616284][ T5951] libceph: mon0 (1)[c::]:6789 connect error
[  352.636067][ T5906] usb 2-1: config 128 interface 148 has no altsetting 0
[  352.652144][ T3545] bond0 (unregistering): Released all slaves
[  352.685588][ T5906] usb 2-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f
[  352.717217][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.895743][ T5906] usb 2-1: Product: syz
[  352.910476][ T5906] usb 2-1: Manufacturer: syz
[  352.924564][ T5906] usb 2-1: SerialNumber: syz
[  353.206945][ T8032] team0: Port device team_slave_0 added
[  353.215970][ T5906] usb 2-1: USB disconnect, device number 11
[  353.239150][ T5952] libceph: connect (1)[c::]:6789 error -101
[  353.252286][ T5952] libceph: mon0 (1)[c::]:6789 connect error
[  353.574834][ T8221] ceph: No mds server is up or the cluster is laggy
[  354.130054][ T5906] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  354.288492][ T5906] usb 2-1: Using ep0 maxpacket: 8
[  354.310827][ T8032] team0: Port device team_slave_1 added
[  354.326780][ T5906] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  354.493495][ T5906] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  354.528217][ T5831] Bluetooth: hci5: command tx timeout
[  354.586031][ T8242] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  354.723365][ T5906] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  354.737111][ T5493] 8021q: adding VLAN 0 to HW filter on device eth1
[  354.787639][ T5831] Bluetooth: hci1: Unable to find connection with handle 0x00c8
[  354.901992][ T5906] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 16
[  355.027045][ T5906] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  355.510247][ T5906] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  355.601617][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.665049][ T5906] usb 2-1: can't set config #16, error -71
[  355.701419][   T30] audit: type=1400 audit(1776976390.400:451): avc:  denied  { append } for  pid=8248 comm="syz.1.575" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  355.800320][ T5906] usb 2-1: USB disconnect, device number 12
[  356.334366][ T8249] netlink: 16 bytes leftover after parsing attributes in process `syz.1.575'.
[  356.654000][ T5831] Bluetooth: hci5: command tx timeout
[  357.642699][ T5825] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  357.867686][ T5825] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  357.877824][ T5825] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  358.716848][ T5825] Bluetooth: hci5: command tx timeout
[  358.888390][ T5825] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  358.912985][ T5825] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  360.392134][ T3545] hsr_slave_0: left promiscuous mode
[  360.488406][ T3545] hsr_slave_1: left promiscuous mode
[  360.532438][ T3545] batman_adv: batadv0: Removing interface: batadv_slave_0
[  360.896870][ T5825] Bluetooth: hci5: command tx timeout
[  360.957654][ T5825] Bluetooth: hci6: command tx timeout
[  360.969854][ T3545] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.002743][ T8261] netlink: 24 bytes leftover after parsing attributes in process `syz.0.577'.
[  362.128176][ T8265] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8265 comm=syz.0.577
[  363.036905][ T5825] Bluetooth: hci6: command tx timeout
[  363.426766][ T5951] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  363.511269][ T3545] team0 (unregistering): Port device team_slave_1 removed
[  363.555113][ T3545] team0 (unregistering): Port device team_slave_0 removed
[  363.612490][ T5951] usb 2-1: unable to get BOS descriptor or descriptor too short
[  363.638569][ T5951] usb 2-1: not running at top speed; connect to a high speed hub
[  363.677452][ T5951] usb 2-1: config 17 has an invalid interface number: 8 but max is 1
[  363.720782][ T5951] usb 2-1: config 17 has 1 interface, different from the descriptor's value: 2
[  363.751789][ T5951] usb 2-1: config 17 has no interface number 0
[  363.768785][ T5951] usb 2-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0
[  363.788594][ T5951] usb 2-1: config 17 interface 8 has no altsetting 0
[  363.815314][ T5951] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff
[  363.848635][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.874311][ T5951] usb 2-1: Product: syz
[  364.037230][ T5951] usb 2-1: Manufacturer: syz
[  364.047263][ T5951] usb 2-1: SerialNumber: syz
[  364.190526][ T8278] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  364.284181][ T5951] usb 2-1: selecting invalid altsetting 0
[  364.361646][ T5951] usb 2-1: USB disconnect, device number 13
[  364.455337][ T8238] udevd[8238]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  365.035380][ T8280] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  365.241372][ T5825] Bluetooth: hci6: command tx timeout
[  365.246883][ T5831] Bluetooth: hci4: Unable to find connection with handle 0x00c8
[  366.979573][ T8288] FAULT_INJECTION: forcing a failure.
[  366.979573][ T8288] name failslab, interval 1, probability 0, space 0, times 0
[  366.979616][ T8288] CPU: 1 UID: 0 PID: 8288 Comm: syz.1.585 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  366.979641][ T8288] Tainted: [L]=SOFTLOCKUP
[  366.979647][ T8288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  366.979657][ T8288] Call Trace:
[  366.979663][ T8288]  <TASK>
[  366.979669][ T8288]  dump_stack_lvl+0x100/0x190
[  366.979696][ T8288]  should_fail_ex.cold+0x5/0xa
[  366.979721][ T8288]  ? tomoyo_realpath_from_path+0xb6/0x690
[  366.979744][ T8288]  should_failslab+0xc2/0x120
[  366.979764][ T8288]  __kmalloc_noprof+0xe0/0x850
[  366.979788][ T8288]  ? kfree+0x1dd/0x6c0
[  366.979815][ T8288]  tomoyo_realpath_from_path+0xb6/0x690
[  366.979847][ T8288]  tomoyo_path_number_perm+0x23c/0x580
[  366.979865][ T8288]  ? tomoyo_path_number_perm+0x22e/0x580
[  366.979886][ T8288]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  366.979930][ T8288]  ? find_held_lock+0x2b/0x80
[  366.979953][ T8288]  ? __fget_files+0x215/0x3d0
[  366.979973][ T8288]  ? hook_file_ioctl_common+0x149/0x410
[  366.979996][ T8288]  ? __fget_files+0x215/0x3d0
[  366.980022][ T8288]  ? __fget_files+0x21f/0x3d0
[  366.980047][ T8288]  security_file_ioctl+0xd3/0x230
[  366.980068][ T8288]  __x64_sys_ioctl+0xb7/0x210
[  366.980088][ T8288]  do_syscall_64+0x10b/0xf80
[  366.980112][ T8288]  ? clear_bhb_loop+0x40/0x90
[  366.980134][ T8288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  366.980152][ T8288] RIP: 0033:0x7ff3b199c819
[  366.980168][ T8288] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  366.980185][ T8288] RSP: 002b:00007ff3b2814028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  366.980201][ T8288] RAX: ffffffffffffffda RBX: 00007ff3b1c16090 RCX: 00007ff3b199c819
[  366.980213][ T8288] RDX: 0000200000000180 RSI: 0000000000005412 RDI: 0000000000000003
[  366.980223][ T8288] RBP: 00007ff3b2814090 R08: 0000000000000000 R09: 0000000000000000
[  366.980232][ T8288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  366.980242][ T8288] R13: 00007ff3b1c16128 R14: 00007ff3b1c16090 R15: 00007fff103a38c8
[  366.980267][ T8288]  </TASK>
[  367.057223][ T8288] ERROR: Out of memory at tomoyo_realpath_from_path.
[  367.283184][ T5825] Bluetooth: hci6: command tx timeout
[  370.435677][ T5825] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[  374.643142][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  374.653717][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  434.601784][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  434.607681][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  526.644672][   T31] INFO: task syz.2.559:8162 blocked for more than 155 seconds.
[  526.644701][   T31]       Tainted: G             L      syzkaller #0
[  526.644713][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  526.644721][   T31] task:syz.2.559       state:D stack:25368 pid:8162  tgid:8152  ppid:5827   task_flags:0x400140 flags:0x00080002
[  526.644777][   T31] Call Trace:
[  526.644784][   T31]  <TASK>
[  526.644795][   T31]  __schedule+0x10e9/0x6820
[  526.644842][   T31]  ? __pfx___schedule+0x10/0x10
[  526.644864][   T31]  ? find_held_lock+0x2b/0x80
[  526.644884][   T31]  ? schedule+0x2bf/0x390
[  526.644912][   T31]  schedule+0xdd/0x390
[  526.644936][   T31]  schedule_preempt_disabled+0x13/0x30
[  526.644961][   T31]  rwsem_down_write_slowpath+0x4c2/0x12c0
[  526.645007][   T31]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  526.645052][   T31]  ? __pfx___might_resched+0x10/0x10
[  526.645086][   T31]  down_write+0x1c7/0x1f0
[  526.645114][   T31]  ? __pfx_down_write+0x10/0x10
[  526.645148][   T31]  rdma_dev_exit_net+0x177/0x590
[  526.645173][   T31]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  526.645195][   T31]  ? __pfx___might_resched+0x10/0x10
[  526.645221][   T31]  ? __pfx_cfg80211_pernet_exit+0x10/0x10
[  526.645242][   T31]  ? mutex_is_locked+0x17/0x60
[  526.645267][   T31]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  526.645289][   T31]  ops_undo_list+0x2ee/0xab0
[  526.645314][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[  526.645335][   T31]  ? ops_init+0x2fa/0x5f0
[  526.645357][   T31]  setup_net+0x1fa/0x3a0
[  526.645376][   T31]  ? __pfx_setup_net+0x10/0x10
[  526.645395][   T31]  ? mutex_init_lockdep+0xf1/0x120
[  526.645425][   T31]  copy_net_ns+0x46f/0x7c0
[  526.645449][   T31]  create_new_namespaces+0x3ea/0xac0
[  526.645485][   T31]  unshare_nsproxy_namespaces+0xf2/0x220
[  526.645517][   T31]  ksys_unshare+0x438/0xab0
[  526.645536][   T31]  ? kcov_ioctl+0x16a/0x720
[  526.645556][   T31]  ? kfree+0x1dd/0x6c0
[  526.645580][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  526.645601][   T31]  ? kcov_ioctl+0x16a/0x720
[  526.645627][   T31]  __x64_sys_unshare+0x31/0x40
[  526.645646][   T31]  do_syscall_64+0x10b/0xf80
[  526.645672][   T31]  ? clear_bhb_loop+0x40/0x90
[  526.645696][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  526.645716][   T31] RIP: 0033:0x7f4da2d9c819
[  526.645732][   T31] RSP: 002b:00007f4da3c01028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  526.645751][   T31] RAX: ffffffffffffffda RBX: 00007f4da3016180 RCX: 00007f4da2d9c819
[  526.645763][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000062040200
[  526.645775][   T31] RBP: 00007f4da2e32c91 R08: 0000000000000000 R09: 0000000000000000
[  526.645786][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  526.645797][   T31] R13: 00007f4da3016218 R14: 00007f4da3016180 R15: 00007ffd5af4d468
[  526.645824][   T31]  </TASK>
[  526.645836][   T31] INFO: task syz-executor:8253 blocked for more than 155 seconds.
[  526.645851][   T31]       Tainted: G             L      syzkaller #0
[  526.645861][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  526.645869][   T31] task:syz-executor    state:D stack:26968 pid:8253  tgid:8253  ppid:8244   task_flags:0x400140 flags:0x00080000
[  526.645925][   T31] Call Trace:
[  526.645931][   T31]  <TASK>
[  526.645942][   T31]  __schedule+0x10e9/0x6820
[  526.645983][   T31]  ? __pfx___schedule+0x10/0x10
[  526.646011][   T31]  ? find_held_lock+0x2b/0x80
[  526.646030][   T31]  ? schedule+0x2bf/0x390
[  526.646057][   T31]  schedule+0xdd/0x390
[  526.646081][   T31]  schedule_preempt_disabled+0x13/0x30
[  526.646105][   T31]  rwsem_down_read_slowpath+0x5af/0xb40
[  526.646129][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  526.646157][   T31]  ? __pfx___might_resched+0x10/0x10
[  526.646189][   T31]  down_read+0xed/0x450
[  526.646207][   T31]  ? __pfx_down_read+0x10/0x10
[  526.646223][   T31]  ? rdma_dev_init_net+0x26a/0x590
[  526.646243][   T31]  ? rdma_dev_init_net+0x26a/0x590
[  526.646269][   T31]  rdma_dev_init_net+0x2ff/0x590
[  526.646289][   T31]  ? __pfx_rdma_dev_init_net+0x10/0x10
[  526.646310][   T31]  ? __kmalloc_noprof+0x320/0x850
[  526.646341][   T31]  ? __pfx_rdma_dev_init_net+0x10/0x10
[  526.646361][   T31]  ops_init+0x1e2/0x5f0
[  526.646383][   T31]  setup_net+0x118/0x3a0
[  526.646402][   T31]  ? __pfx_setup_net+0x10/0x10
[  526.646421][   T31]  ? mutex_init_lockdep+0xf1/0x120
[  526.646451][   T31]  copy_net_ns+0x46f/0x7c0
[  526.646474][   T31]  create_new_namespaces+0x3ea/0xac0
[  526.646510][   T31]  unshare_nsproxy_namespaces+0xf2/0x220
[  526.646542][   T31]  ksys_unshare+0x438/0xab0
[  526.646562][   T31]  ? __pfx_ksys_unshare+0x10/0x10
[  526.646582][   T31]  ? __pfx_fput_close_sync+0x10/0x10
[  526.646617][   T31]  __x64_sys_unshare+0x31/0x40
[  526.646636][   T31]  do_syscall_64+0x10b/0xf80
[  570.126639][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  570.126657][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P8287/1:b..l
[  570.127137][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=29349, q=1370961 ncpus=2)
[  570.127155][    C1] task:syz.1.585       state:R  running task     stack:26264 pid:8287  tgid:8286  ppid:5835   task_flags:0x40054c flags:0x00080001
[  570.127213][    C1] Call Trace:
[  570.127219][    C1]  <TASK>
[  570.127232][    C1]  __schedule+0x10e9/0x6820
[  570.127275][    C1]  ? __pfx___schedule+0x10/0x10
[  570.127298][    C1]  ? find_held_lock+0x2b/0x80
[  570.127318][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  570.127338][    C1]  preempt_schedule_common+0x42/0xc0
[  570.127361][    C1]  preempt_schedule_thunk+0x16/0x30
[  570.127384][    C1]  _raw_spin_unlock+0x3e/0x50
[  570.127404][    C1]  __zap_vma_range+0x1791/0x4bf0
[  570.127446][    C1]  ? __pfx___zap_vma_range+0x10/0x10
[  570.127471][    C1]  ? find_held_lock+0x2b/0x80
[  570.127503][    C1]  unmap_vmas+0x299/0x5f0
[  570.127528][    C1]  ? __pfx_unmap_vmas+0x10/0x10
[  570.127549][    C1]  ? mas_next_slot+0x10a3/0x1960
[  570.127589][    C1]  exit_mmap+0x1ef/0xa10
[  570.127611][    C1]  ? __pfx_exit_mmap+0x10/0x10
[  570.127629][    C1]  ? rcu_is_watching+0x12/0xc0
[  570.127659][    C1]  ? uprobe_clear_state+0x5f/0x260
[  570.127683][    C1]  ? uprobe_clear_state+0x5f/0x260
[  570.127714][    C1]  ? __lock_acquire+0x4a5/0x2630
[  570.127745][    C1]  ? arch_uprobe_clear_state+0x107/0x150
[  570.127774][    C1]  __mmput+0x12a/0x410
[  570.127799][    C1]  mmput+0x67/0x80
[  570.127822][    C1]  do_exit+0x833/0x2a60
[  570.127839][    C1]  ? __pfx___might_resched+0x10/0x10
[  570.127868][    C1]  ? __pfx_do_exit+0x10/0x10
[  570.127886][    C1]  ? do_raw_spin_lock+0x128/0x260
[  570.127910][    C1]  ? find_held_lock+0x2b/0x80
[  570.127926][    C1]  ? get_signal+0x7e0/0x21e0
[  570.127953][    C1]  do_group_exit+0xd5/0x2a0
[  570.127974][    C1]  get_signal+0x1ec7/0x21e0
[  570.128008][    C1]  ? __pfx_get_signal+0x10/0x10
[  570.128032][    C1]  ? task_work_add+0x201/0x3b0
[  570.128059][    C1]  arch_do_signal_or_restart+0x91/0x7a0
[  570.128088][    C1]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  570.128121][    C1]  ? selinux_file_ioctl+0x13b/0x290
[  570.128143][    C1]  ? rcu_is_watching+0x12/0xc0
[  570.128171][    C1]  exit_to_user_mode_loop+0x86/0x4a0
[  570.128193][    C1]  ? do_syscall_64+0x52d/0xf80
[  570.128218][    C1]  do_syscall_64+0x706/0xf80
[  570.128240][    C1]  ? clear_bhb_loop+0x40/0x90
[  570.128261][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  570.128279][    C1] RIP: 0033:0x7ff3b199c819
[  570.128295][    C1] RSP: 002b:00007ff3b2835028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  570.128312][    C1] RAX: 0000000000000000 RBX: 00007ff3b1c15fa0 RCX: 00007ff3b199c819
[  570.128323][    C1] RDX: 0000000000000009 RSI: 00000000400455c8 RDI: 0000000000000003
[  570.128334][    C1] RBP: 00007ff3b1a32c91 R08: 0000000000000000 R09: 0000000000000000
[  570.128345][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  570.128356][    C1] R13: 00007ff3b1c16038 R14: 00007ff3b1c15fa0 R15: 00007fff103a38c8
[  570.128381][    C1]  </TASK>
[  570.128388][    C1] rcu: rcu_preempt kthread starved for 10022 jiffies! g29349 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  570.128407][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  570.128415][    C1] rcu: RCU grace-period kthread stack dump:
[  570.128421][    C1] task:rcu_preempt     state:R  running task     stack:28216 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  570.128482][    C1] Call Trace:
[  570.128488][    C1]  <TASK>
[  570.128498][    C1]  __schedule+0x10e9/0x6820
[  570.128535][    C1]  ? __pfx___schedule+0x10/0x10
[  570.128555][    C1]  ? find_held_lock+0x2b/0x80
[  570.128573][    C1]  ? schedule+0x2bf/0x390
[  570.128598][    C1]  schedule+0xdd/0x390
[  570.128618][    C1]  schedule_timeout+0x127/0x280
[  570.128638][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  570.128658][    C1]  ? __pfx_process_timeout+0x10/0x10
[  570.128681][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  570.128703][    C1]  ? prepare_to_swait_event+0xdf/0x4a0
[  570.128728][    C1]  rcu_gp_fqs_loop+0x1a9/0x900
[  570.128750][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  570.128773][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  570.128796][    C1]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[  570.128821][    C1]  rcu_gp_kthread+0x179/0x230
[  570.128841][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  570.128859][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  570.128884][    C1]  ? __kthread_parkme+0x18c/0x230
[  570.128904][    C1]  ? kthread+0x13a/0x450
[  570.128924][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  570.128942][    C1]  kthread+0x370/0x450
[  570.128960][    C1]  ? __pfx_kthread+0x10/0x10
[  570.128982][    C1]  ret_from_fork+0x72b/0xd50
[  570.129005][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  570.129028][    C1]  ? __switch_to+0x800/0x1100
[  570.129053][    C1]  ? __pfx_kthread+0x10/0x10
[  570.129074][    C1]  ret_from_fork_asm+0x1a/0x30
[  570.129109][    C1]  </TASK>
[  570.129115][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  570.129127][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  570.129150][    C1] Tainted: [L]=SOFTLOCKUP
[  570.129157][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  570.129166][    C1] RIP: 0010:ip_vs_conn_in_get_proto+0x7a/0x400
[  570.129191][    C1] Code: 44 24 30 80 18 ed 89 c7 00 f1 f1 f1 f1 c7 40 08 00 00 00 f2 c7 40 0c f2 f2 f2 f2 c7 40 10 04 f3 f3 f3 65 4c 8b 3d 0e 37 27 0a <4c> 89 bc 24 d8 00 00 00 45 31 ff e8 d6 61 1c f8 b9 07 00 00 00 c7
[  570.129207][    C1] RSP: 0018:ffffc90000a08050 EFLAGS: 00000a02
[  570.129221][    C1] RAX: fffff5200014100e RBX: ffffc90000a08298 RCX: ffffc90000a08298
[  570.129232][    C1] RDX: ffff8881c82bbdc0 RSI: 0000000000000002 RDI: ffff888021394000
[  570.129243][    C1] RBP: 1ffff9200014100e R08: 0000000000000002 R09: 0000000000000006
[  570.129254][    C1] R10: 0000000000000006 R11: 0000000000000000 R12: ffff888021394000
[  570.129264][    C1] R13: ffff8881c82bbdc0 R14: dffffc0000000000 R15: 662ac0ce2101b600
[  570.129276][    C1] FS:  0000000000000000(0000) GS:ffff8881243db000(0000) knlGS:0000000000000000
[  570.129293][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  570.129304][    C1] CR2: 0000557131066f70 CR3: 0000000038217000 CR4: 00000000003526f0
[  570.129316][    C1] Call Trace:
[  570.129321][    C1]  <IRQ>
[  570.129327][    C1]  ? ip_vs_conn_out_get_proto+0x2db/0x400
[  570.129354][    C1]  ? __pfx_ip_vs_conn_in_get_proto+0x10/0x10
[  570.129377][    C1]  ? __pfx_ip_vs_conn_out_get_proto+0x10/0x10
[  570.129405][    C1]  ? rcu_is_watching+0x12/0xc0
[  570.129429][    C1]  ? __local_bh_enable_ip+0x9e/0x120
[  570.129452][    C1]  ? lockdep_hardirqs_on+0x78/0x100
[  570.129480][    C1]  ? ipt_do_table+0xd4f/0x1b00
[  570.129500][    C1]  ? __local_bh_enable_ip+0x9e/0x120
[  570.129526][    C1]  ? __pfx_ip_vs_conn_in_get_proto+0x10/0x10
[  570.129549][    C1]  ip_vs_in_hook+0x72b/0x2b40
[  570.129572][    C1]  ? __pfx_ip_vs_in_hook+0x10/0x10
[  570.129587][    C1]  ? __pfx_ip_vs_out_hook+0x10/0x10
[  570.129612][    C1]  ? __pfx_ipt_do_table+0x10/0x10
[  570.129634][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  570.129668][    C1]  nf_hook_slow+0xbf/0x220
[  570.129691][    C1]  __ip_local_out+0x541/0xb80
[  570.129713][    C1]  ? __pfx___ip_local_out+0x10/0x10
[  570.129731][    C1]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  570.129759][    C1]  ? __pfx_dst_output+0x10/0x10
[  570.129785][    C1]  ip_local_out+0x2a/0x1f0
[  570.129805][    C1]  synproxy_send_tcp.isra.0+0x481/0x680
[  570.129830][    C1]  synproxy_send_client_synack+0x6ea/0x970
[  570.129855][    C1]  ? find_held_lock+0x2b/0x80
[  570.129871][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  570.129891][    C1]  ? net_generic+0xea/0x2a0
[  570.129919][    C1]  nft_synproxy_do_eval+0xa6a/0xd50
[  570.129943][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  570.129964][    C1]  ? ip_vs_conn_in_get+0x85/0x270
[  570.129993][    C1]  ? ip_vs_service_find+0x154/0x390
[  570.130017][    C1]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  570.130040][    C1]  nft_do_chain+0x2e5/0x1950
[  570.130070][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  570.130090][    C1]  ? rcu_is_watching+0x12/0xc0
[  570.130122][    C1]  ? ip_vs_in_hook+0x9e3/0x2b40
[  570.130137][    C1]  ? ip_vs_in_hook+0xa60/0x2b40
[  570.130169][    C1]  nft_do_chain_inet+0xf3/0x400
[  570.130189][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  570.130216][    C1]  ? nf_nat_ipv4_local_in+0x181/0x730
[  570.130247][    C1]  nf_hook_slow+0xbf/0x220
[  570.130268][    C1]  nf_hook.constprop.0+0x2a6/0x750
[  570.130293][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  570.130320][    C1]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  570.130344][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  570.130364][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  570.130390][    C1]  ? ip_rcv_finish_core+0x7ec/0x2c30
[  570.130420][    C1]  ip_local_deliver+0x163/0x1f0
[  570.130436][    C1]  ? __pfx_ip_local_deliver+0x10/0x10
[  570.130452][    C1]  ip_rcv+0x33a/0x3c0
[  570.130468][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  570.130490][    C1]  __netif_receive_skb_one_core+0x197/0x1e0
[  570.130514][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  570.130538][    C1]  ? lock_acquire+0x1b1/0x370
[  570.130560][    C1]  ? process_backlog+0x32a/0x1580
[  570.130584][    C1]  ? process_backlog+0x32a/0x1580
[  570.130604][    C1]  __netif_receive_skb+0x1f/0x120
[  570.130627][    C1]  process_backlog+0x37a/0x1580
[  570.130655][    C1]  __napi_poll.constprop.0+0xaf/0x450
[  570.130680][    C1]  net_rx_action+0xa40/0xf20
[  570.130709][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  570.130730][    C1]  ? find_held_lock+0x2b/0x80
[  570.130746][    C1]  ? clockevents_program_event+0x23e/0x820
[  570.130772][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  570.130793][    C1]  ? sched_clock+0x38/0x60
[  570.130811][    C1]  ? sched_clock_cpu+0x6c/0x570
[  570.130842][    C1]  ? rcu_is_watching+0x12/0xc0
[  570.130869][    C1]  handle_softirqs+0x1ea/0xa00
[  570.130897][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  570.130921][    C1]  ? _raw_spin_unlock+0x28/0x50
[  570.130940][    C1]  ? __hrtimer_rearm_deferred+0x9b/0x740
[  570.130959][    C1]  __irq_exit_rcu+0x162/0x210
[  570.130983][    C1]  irq_exit_rcu+0x9/0x30
[  570.131005][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  570.131027][    C1]  </IRQ>
[  570.131033][    C1]  <TASK>
[  570.131040][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  570.131058][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  570.131080][    C1] Code: 56 86 02 e9 83 42 03 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 c0 10 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  570.131096][    C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246
[  570.131110][    C1] RAX: 000000000379a881 RBX: ffff88801e2ca500 RCX: ffffffff8b9ad045
[  570.131121][    C1] RDX: 0000000000000000 RSI: ffffffff8df5a4c4 RDI: ffffffff8c1c2200
[  570.131132][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10170a67b5
[  570.131142][    C1] R10: ffff8880b8533dab R11: 0000000000000000 R12: 0000000000000001
[  570.131153][    C1] R13: ffffed1003c594a0 R14: 0000000000000001 R15: ffffffff90dc2350
[  570.131171][    C1]  ? ct_kernel_exit+0x125/0x180
[  570.131198][    C1]  default_idle+0x9/0x10
[  570.131212][    C1]  default_idle_call+0x6c/0xb0
[  570.131228][    C1]  do_idle+0x464/0x590
[  570.131245][    C1]  ? __pfx_do_idle+0x10/0x10
[  570.131260][    C1]  ? finish_task_switch.isra.0+0x152/0x1010
[  570.131284][    C1]  cpu_startup_entry+0x4f/0x60
[  570.131301][    C1]  start_secondary+0x21d/0x2d0
[  570.131321][    C1]  ? __pfx_start_secondary+0x10/0x10
[  570.131345][    C1]  common_startup_64+0x13e/0x148
[  570.131381][    C1]  </TASK>
[  582.602522][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  582.609163][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  583.781793][ T1310] ieee802154 phy0 wpan0: encryption failed: -22
[  583.790331][ T1310] ieee802154 phy1 wpan1: encryption failed: -22
[  589.064979][   T31]  ? clear_bhb_loop+0x40/0x90
[  589.065018][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.065039][   T31] RIP: 0033:0x7f117fb9dae7
[  589.065056][   T31] RSP: 002b:00007fffdf031038 EFLAGS: 00000202 ORIG_RAX: 0000000000000110
[  589.065076][   T31] RAX: ffffffffffffffda RBX: 00007f117fe15f40 RCX: 00007f117fb9dae7
[  589.065090][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  589.065103][   T31] RBP: 00007f117fe167b8 R08: 0000000000000000 R09: 0000000000000000
[  589.065114][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[  589.065125][   T31] R13: 0000000000000003 R14: 00007fffdf031278 R15: 0000000000000000
[  589.065151][   T31]  </TASK>
[  589.065164][   T31] 
[  589.065164][   T31] Showing all locks held in the system:
[  589.065172][   T31] 1 lock held by kthreadd/2:
[  589.065183][   T31] 4 locks held by kworker/u8:0/12:
[  589.065195][   T31] 3 locks held by kworker/u8:1/13:
[  589.065208][   T31] 1 lock held by khungtaskd/31:
[  589.065218][   T31]  #0: ffffffff8e7e5460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[  589.065275][   T31] 3 locks held by kworker/u8:2/36:
[  589.065287][   T31] 4 locks held by kworker/u8:3/47:
[  589.065298][   T31] 3 locks held by kworker/u8:4/65:
[  589.065309][   T31] 2 locks held by kswapd0/84:
[  589.065323][   T31] 3 locks held by kworker/u8:5/133:
[  589.065334][   T31] 3 locks held by kworker/u8:6/142:
[  589.065344][   T31] 3 locks held by kworker/u8:7/160:
[  589.065359][   T31] 3 locks held by kworker/u8:8/1118:
[  589.065370][   T31] 3 locks held by kworker/u8:9/1120:
[  589.065382][   T31] 3 locks held by kworker/u8:10/1344:
[  589.065405][   T31] 6 locks held by kworker/R-bat_e/3424:
[  589.065417][   T31] 5 locks held by kworker/u8:11/3545:
[  589.065427][   T31]  #0: ffff88801c6d8940 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980
[  589.065477][   T31]  #1: ffffc9000ef3fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980
[  589.065534][   T31]  #2: ffffffff90616e48 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920
[  589.065582][   T31]  #3: ffff88805209d550 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_destruct+0x151/0x3f0
[  589.065634][   T31]  #4: ffffffff8e7f0e78 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0
[  589.065683][   T31] 2 locks held by jbd2/sda1-8/5159:
[  589.065695][   T31] 2 locks held by udevd/5198:
[  589.065706][   T31] 2 locks held by crond/5567:
[  589.065717][   T31] 2 locks held by getty/5587:
[  589.065726][   T31]  #0: ffff8880392060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  589.065771][   T31]  #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0
[  589.065825][   T31] 2 locks held by syz-executor/5811:
[  589.065837][   T31] 1 lock held by syz-executor/5824:
[  589.065847][   T31]  #0: ffffffff8e7f0fa8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  589.065895][   T31] 5 locks held by kworker/u9:2/5825:
[  589.065906][   T31]  #0: ffff8880530d9940 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980
[  589.065956][   T31]  #1: ffffc90002fd7d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980
[  589.066007][   T31]  #2: ffff8880272acea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470
[  589.066054][   T31]  #3: ffff8880272ac0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20
[  589.066101][   T31]  #4: ffffffff908c6e40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360
[  589.066146][   T31] 7 locks held by kworker/u9:4/5831:
[  589.066156][   T31]  #0: ffff88802c657140 ((wq_completion)hci5){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980
[  589.066206][   T31]  #1: ffffc90004597d08 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980
[  589.066257][   T31]  #2: ffff888045114ea0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470
[  589.066301][   T31]  #3: ffff8880451140b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x141/0xb20
[  589.066348][   T31]  #4: ffffffff908c6e40 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x119/0x360
[  589.066391][   T31]  #5: ffff888074cbbaf8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x95/0x710
[  589.066445][   T31]  #6: ffffffff8e7f0fa8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0
[  589.066492][   T31] 2 locks held by syz-executor/5835:
[  589.066514][   T31] 2 locks held by kworker/1:3/5878:
[  589.066527][   T31] 4 locks held by kworker/1:6/5951:
[  589.066539][   T31] 3 locks held by kworker/u8:12/7773:
[  589.066550][   T31] 3 locks held by kworker/u8:13/8009:
[  589.066561][   T31] 2 locks held by syz.2.559/8162:
[  589.066570][   T31]  #0: ffffffff90616e48 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[  589.066615][   T31]  #1: ffffffff90246488 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_exit_net+0x177/0x590
[  589.080688][   T31] 5 locks held by syz-executor/8227:
[  589.080701][   T31] 3 locks held by syz-executor/8253:
[  589.080712][   T31]  #0: ffffffff90616e48 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[  589.080759][   T31]  #1: ffffffff90246708 (devices_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x28c/0x590
[  589.080806][   T31]  #2: ffffffff90246488 (rdma_nets_rwsem){++++}-{4:4}, at: rdma_dev_init_net+0x2ff/0x590
[  589.080853][   T31] 4 locks held by dhcpcd-run-hook/8296:
[  589.080864][   T31] 3 locks held by kworker/u8:14/8297:
[  589.080875][   T31] 
[  589.080881][   T31] =============================================
[  589.080881][   T31] 
[  589.080889][   T31] NMI backtrace for cpu 0
[  589.080903][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  589.080927][   T31] Tainted: [L]=SOFTLOCKUP
[  589.080933][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  589.080943][   T31] Call Trace:
[  589.080948][   T31]  <TASK>
[  589.080955][   T31]  dump_stack_lvl+0x100/0x190
[  589.080978][   T31]  nmi_cpu_backtrace.cold+0x12d/0x151
[  589.081002][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  589.081025][   T31]  nmi_trigger_cpumask_backtrace+0x1d7/0x230
[  589.081049][   T31]  sys_info+0x141/0x190
[  589.081065][   T31]  watchdog+0xcb1/0x1030
[  589.081091][   T31]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  589.081114][   T31]  ? __pfx_watchdog+0x10/0x10
[  589.081135][   T31]  ? __kthread_parkme+0x18c/0x230
[  589.081155][   T31]  ? kthread+0x13a/0x450
[  589.081173][   T31]  ? __pfx_watchdog+0x10/0x10
[  589.081191][   T31]  kthread+0x370/0x450
[  589.081211][   T31]  ? __pfx_kthread+0x10/0x10
[  589.081233][   T31]  ret_from_fork+0x72b/0xd50
[  589.081256][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  589.081278][   T31]  ? __switch_to+0x800/0x1100
[  589.081305][   T31]  ? __pfx_kthread+0x10/0x10
[  589.081327][   T31]  ret_from_fork_asm+0x1a/0x30
[  589.081363][   T31]  </TASK>
[  589.081370][   T31] Sending NMI from CPU 0 to CPUs 1:
[  589.081392][    C1] NMI backtrace for cpu 1
[  589.081406][    C1] CPU: 1 UID: 0 PID: 3424 Comm: kworker/R-bat_e Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  589.081425][    C1] Tainted: [L]=SOFTLOCKUP
[  589.081430][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  589.081439][    C1] Workqueue: bat_events batadv_tt_purge
[  589.081454][    C1] RIP: 0010:__unwind_start+0x3dc/0x7f0
[  589.081474][    C1] Code: 00 00 00 00 00 fc ff df 49 c1 ed 03 49 89 c4 49 01 ed 49 01 ec eb 2a 4c 89 f7 e8 8f db ff ff 4c 89 f0 48 c1 e8 03 0f b6 04 28 <84> c0 74 08 3c 03 0f 8e c1 02 00 00 41 8b 06 85 c0 0f 84 e5 fe ff
[  589.081486][    C1] RSP: 0018:ffffc90000a07d08 EFLAGS: 00000a02
[  589.081497][    C1] RAX: 0000000000000000 RBX: ffffc90000a07de8 RCX: ffffc90000a07c5c
[  589.081505][    C1] RDX: 0000000000000000 RSI: ffffffff8df34f8f RDI: ffff888034b2cec4
[  589.081514][    C1] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000007
[  589.081522][    C1] R10: 0000000000000200 R11: 000000000000b8d1 R12: fffff52000140fad
[  589.081531][    C1] R13: fffff52000140fac R14: ffffc90000a07d58 R15: ffffc90000a07d60
[  589.081540][    C1] FS:  0000000000000000(0000) GS:ffff8881243db000(0000) knlGS:0000000000000000
[  589.081555][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  589.081564][    C1] CR2: 000055558b4f54e8 CR3: 0000000038217000 CR4: 00000000003526f0
[  589.081573][    C1] Call Trace:
[  589.081576][    C1]  <IRQ>
[  589.081583][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  589.081598][    C1]  arch_stack_walk+0x73/0xf0
[  589.081617][    C1]  ? arch_stack_walk+0x73/0xf0
[  589.081636][    C1]  stack_trace_save+0x8e/0xc0
[  589.081649][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  589.081664][    C1]  ? __lock_acquire+0x4a5/0x2630
[  589.081681][    C1]  kasan_save_stack+0x30/0x50
[  589.081716][    C1]  kasan_save_track+0x14/0x30
[  589.081735][    C1]  __kasan_slab_alloc+0x89/0x90
[  589.081747][    C1]  kmem_cache_alloc_noprof+0x241/0x6e0
[  589.081766][    C1]  ? dst_alloc+0x99/0x1a0
[  589.081784][    C1]  dst_alloc+0x99/0x1a0
[  589.081801][    C1]  rt_dst_alloc+0x35/0x3a0
[  589.081817][    C1]  ip_route_output_key_hash_rcu+0x87a/0x2870
[  589.081839][    C1]  ip_route_output_key_hash+0x118/0x2b0
[  589.081858][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  589.081878][    C1]  ? lock_acquire+0x1b1/0x370
[  589.081893][    C1]  ? find_held_lock+0x2b/0x80
[  589.081907][    C1]  ip_route_output_flow+0x27/0x150
[  589.081926][    C1]  ip_route_me_harder+0x562/0x1260
[  589.081942][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[  589.081955][    C1]  ? rcu_is_watching+0x12/0xc0
[  589.081979][    C1]  ? kmem_cache_alloc_node_noprof+0x2a9/0x6f0
[  589.081998][    C1]  ? kmalloc_reserve+0x148/0x350
[  589.082012][    C1]  ? __kasan_kfree_large+0x30/0x80
[  589.082027][    C1]  ? __pfx_cookie_hash+0x10/0x10
[  589.082045][    C1]  synproxy_send_tcp.isra.0+0x341/0x680
[  589.082064][    C1]  synproxy_send_client_synack+0x6ea/0x970
[  589.082082][    C1]  ? find_held_lock+0x2b/0x80
[  589.082094][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  589.082110][    C1]  ? net_generic+0xea/0x2a0
[  589.082127][    C1]  nft_synproxy_do_eval+0xa6a/0xd50
[  589.082145][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  589.082161][    C1]  ? ip_vs_conn_in_get+0x85/0x270
[  589.082181][    C1]  ? ip_vs_service_find+0x154/0x390
[  589.082199][    C1]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  589.082215][    C1]  nft_do_chain+0x2e5/0x1950
[  589.082235][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  589.082251][    C1]  ? mark_held_locks+0x40/0x70
[  589.082275][    C1]  ? ip_vs_in_hook+0x9e3/0x2b40
[  589.082287][    C1]  ? ip_vs_in_hook+0xa60/0x2b40
[  589.082306][    C1]  nft_do_chain_inet+0xf3/0x400
[  589.082322][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  589.082340][    C1]  ? nf_nat_ipv4_local_in+0x181/0x730
[  589.082362][    C1]  nf_hook_slow+0xbf/0x220
[  589.082377][    C1]  nf_hook.constprop.0+0x2a6/0x750
[  589.082396][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  589.082417][    C1]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  589.082436][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  589.082449][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  589.082469][    C1]  ? ip_rcv_finish_core+0x7ec/0x2c30
[  589.082490][    C1]  ip_local_deliver+0x163/0x1f0
[  589.082502][    C1]  ? __pfx_ip_local_deliver+0x10/0x10
[  589.082513][    C1]  ip_rcv+0x33a/0x3c0
[  589.082525][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  589.082536][    C1]  __netif_receive_skb_one_core+0x197/0x1e0
[  589.082554][    C1]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  589.082571][    C1]  ? lock_acquire+0x1b1/0x370
[  589.082588][    C1]  ? process_backlog+0x32a/0x1580
[  589.082605][    C1]  ? process_backlog+0x32a/0x1580
[  589.082620][    C1]  __netif_receive_skb+0x1f/0x120
[  589.082636][    C1]  process_backlog+0x37a/0x1580
[  589.082656][    C1]  __napi_poll.constprop.0+0xaf/0x450
[  589.082674][    C1]  net_rx_action+0xa40/0xf20
[  589.082693][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  589.082709][    C1]  ? __print_lock_name+0x60/0x80
[  589.082722][    C1]  ? try_to_wake_up+0x153/0x1900
[  589.082734][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  589.082750][    C1]  ? sched_clock+0x38/0x60
[  589.082763][    C1]  ? sched_clock_cpu+0x6c/0x570
[  589.082783][    C1]  ? mark_held_locks+0x40/0x70
[  589.082800][    C1]  handle_softirqs+0x1ea/0xa00
[  589.082821][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  589.082838][    C1]  ? __hrtimer_rearm_deferred+0x9b/0x740
[  589.082851][    C1]  ? batadv_tt_purge+0x25d/0xbd0
[  589.082864][    C1]  do_softirq+0xac/0xe0
[  589.082881][    C1]  </IRQ>
[  589.082885][    C1]  <TASK>
[  589.082890][    C1]  __local_bh_enable_ip+0xf8/0x120
[  589.082909][    C1]  batadv_tt_purge+0x25d/0xbd0
[  589.082924][    C1]  ? __pfx_batadv_tt_purge+0x10/0x10
[  589.082940][    C1]  ? rcu_is_watching+0x12/0xc0
[  589.082960][    C1]  process_one_work+0xa0e/0x1980
[  589.082981][    C1]  ? __pfx_process_one_work+0x10/0x10
[  589.083001][    C1]  ? __pfx_batadv_tt_purge+0x10/0x10
[  589.083015][    C1]  rescuer_thread+0x905/0x14a0
[  589.083035][    C1]  ? rescuer_thread+0x240/0x14a0
[  589.083052][    C1]  ? rescuer_thread+0x118/0x14a0
[  589.083067][    C1]  ? __pfx_rescuer_thread+0x10/0x10
[  589.083084][    C1]  ? __kthread_parkme+0x18c/0x230
[  589.083098][    C1]  ? kthread+0x13a/0x450
[  589.083111][    C1]  ? __pfx_rescuer_thread+0x10/0x10
[  589.083126][    C1]  kthread+0x370/0x450
[  589.083140][    C1]  ? __pfx_kthread+0x10/0x10
[  589.083155][    C1]  ret_from_fork+0x72b/0xd50
[  589.083171][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  589.083187][    C1]  ? __switch_to+0x800/0x1100
[  589.083206][    C1]  ? __pfx_kthread+0x10/0x10
[  589.083221][    C1]  ret_from_fork_asm+0x1a/0x30
[  589.083243][    C1]  </TASK>
[  589.083392][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  589.083405][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  589.083430][   T31] Tainted: [L]=SOFTLOCKUP
[  589.083436][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  589.083446][   T31] Call Trace:
[  589.083452][   T31]  <TASK>
[  589.083459][   T31]  dump_stack_lvl+0x100/0x190
[  589.083481][   T31]  vpanic+0x552/0x970
[  589.083499][   T31]  ? __pfx_vpanic+0x10/0x10
[  589.083521][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  589.083540][   T31]  ? rcu_is_watching+0x12/0xc0
[  589.083566][   T31]  ? nmi_trigger_cpumask_backtrace+0x182/0x230
[  589.083589][   T31]  panic+0xd1/0xe0
[  589.083605][   T31]  ? __pfx_panic+0x10/0x10
[  589.083623][   T31]  ? wq_watchdog_touch+0xec/0x1a0
[  589.083644][   T31]  ? nmi_trigger_cpumask_backtrace+0x1be/0x230
[  589.083664][   T31]  ? watchdog.cold+0x1ec/0x234
[  589.083683][   T31]  ? watchdog+0xcc1/0x1030
[  589.083703][   T31]  watchdog.cold+0x1fd/0x234
[  589.083728][   T31]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  589.083752][   T31]  ? __pfx_watchdog+0x10/0x10
[  589.083773][   T31]  ? __kthread_parkme+0x18c/0x230
[  589.083794][   T31]  ? kthread+0x13a/0x450
[  589.083813][   T31]  ? __pfx_watchdog+0x10/0x10
[  589.083832][   T31]  kthread+0x370/0x450
[  589.083852][   T31]  ? __pfx_kthread+0x10/0x10
[  589.083874][   T31]  ret_from_fork+0x72b/0xd50
[  589.083898][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  589.083922][   T31]  ? __switch_to+0x800/0x1100
[  589.083949][   T31]  ? __pfx_kthread+0x10/0x10
[  589.083971][   T31]  ret_from_fork_asm+0x1a/0x30
[  589.084008][   T31]  </TASK>
[  589.084288][   T31] Kernel Offset: disabled