last executing test programs:

5m48.982401279s ago: executing program 0 (id=63):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000005c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b51f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r2 = socket(0xa, 0x2, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
recvmsg$kcm(r0, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x20040084)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETSTATE(r7, 0x5603, &(0x7f00000000c0)={0x1, 0x4, 0x6})
recvmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)

5m44.187096287s ago: executing program 0 (id=77):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='btrfs\x00', 0x5, 0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x2, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144})
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, <r7=>0xffffffffffffffff}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x16, 0x1d, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x100}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$OSF_MSG_ADD(r7, &(0x7f00000005c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0xc0}, 0xc, &(0x7f0000000580)={&(0x7f0000000740)={0x4bc, 0x0, 0x5, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [{{0x254, 0x1, {{0x2, 0xd}, 0x5, 0x8, 0x675, 0x6, 0x26, 'syz0\x00', "765003ddfef61e3ca8dede08ac3a620209ce57cefc36bd5c8e66593eb78ba155", "ceb02fd7a040bd4037ad999efd4bdd433f5296e9560856d04c883a2f3e5086a8", [{0x80, 0x8, {0x1, 0x5}}, {0x7, 0x7, {0x0, 0x1}}, {0x1, 0x8, {0x2, 0x1}}, {0x5, 0x101, {0x2, 0x3}}, {0xfff, 0x3, {0x3, 0x4}}, {0x8, 0xf19, {0x3, 0x401}}, {0x9, 0x9, {0x1, 0x1}}, {0x0, 0x7, {0x0, 0xfff}}, {0x7fff, 0xc, {0x2, 0x4}}, {0xfff8, 0xfb30, {0x0, 0x7}}, {0x3, 0x8, {0x2}}, {0x7, 0x4, {0x2, 0x100}}, {0x5, 0x7, {0x0, 0x7}}, {0x6, 0x81, {0x0, 0x9}}, {0x8, 0x4fc, {0x1, 0x7}}, {0x8, 0x7ff, {0x0, 0x7}}, {0xf407, 0x4, {0x3, 0xfffffffe}}, {0x7f, 0x4, {0x3, 0x10001}}, {0xb, 0xff, {0x0, 0x6}}, {0x101, 0x8, {0x2, 0x400}}, {0x101, 0x1, {0x1, 0x2}}, {0xe3, 0x5, {0x1, 0x3}}, {0x3807, 0x6, {0x0, 0x7}}, {0x0, 0x8, {0x3, 0x4}}, {0x8, 0x6, {0x0, 0x2}}, {0x9, 0x8, {0x1, 0xd64}}, {0x800, 0x9, {0x2, 0xea}}, {0x3, 0x5}, {0xa, 0xe, {0x0, 0x2}}, {0x9, 0x5, {0x0, 0x3}}, {0xa, 0x9, {0x2, 0x8}}, {0x6, 0xfc00, {0x2, 0x1}}, {0x4, 0x4, {0x3, 0x101}}, {0x1, 0x7e, {0x1, 0x3ff}}, {0x7f, 0x4, {0x1, 0x7}}, {0x1, 0x2, {0xbab29abe5daeb111, 0x5}}, {0xfffd, 0x5, {0x1, 0x8}}, {0xff, 0x2, {0x0, 0x2}}, {0x6, 0x9, {0x0, 0x100}}, {0x80, 0x4, {0x1, 0xfff}}]}}}, {{0x254, 0x1, {{0x1, 0x3}, 0x8, 0x7, 0x68, 0x2, 0x14, 'syz0\x00', "c2e7017e8fbb606fc06286cdb54f2938c227d2a8481afb3181a97c55c8df9883", "6620867d57b3903761ef09827b324b3a14fa9b52eddfb38f626d4bf93ba6bab6", [{0x400, 0x2, {0x0, 0x9}}, {0x0, 0x8, {0x1, 0xfce}}, {0x6, 0xd25d, {0x3, 0x8000}}, {0x7, 0x54b9, {0x0, 0x9}}, {0x2, 0x0, {0x2, 0x7ff}}, {0x3, 0x0, {0x1, 0x9}}, {0x2d1, 0x3400, {0x2, 0x9}}, {0xf, 0x8001, {0x2, 0x9}}, {0x7, 0x86c, {0x2, 0x3ff}}, {0xd, 0x2, {0x0, 0xeb7}}, {0xfffd, 0x0, {0x2, 0x6}}, {0x3, 0xd88, {0x0, 0x5}}, {0x0, 0x1, {0x0, 0x4}}, {0x4, 0x4, {0x0, 0x9}}, {0x100, 0x1, {0x3, 0x2}}, {0x8001, 0x80, {0x2, 0x8}}, {0x892, 0xc, {0x0, 0x80}}, {0x9, 0x3, {0x0, 0xb}}, {0x5, 0x10, {0x3, 0x9}}, {0xe4, 0x3, {0x1, 0x2f}}, {0x9e, 0x7b, {0x0, 0x8000}}, {0x7, 0x6, {0x1, 0x2}}, {0x2, 0x3e7, {0x0, 0x8}}, {0x3, 0xb, {0x3, 0xf}}, {0x1, 0x4, {0x0, 0x8}}, {0x4f, 0xb67f, {0x1, 0x6}}, {0x0, 0x9, {0x2, 0xf000000}}, {0x1, 0x6, {0x2, 0x800}}, {0x8, 0x0, {0x1, 0x7634}}, {0x7, 0x7, {0x2, 0x9}}, {0x5, 0xe, {0x2, 0x8f7}}, {0xfcf, 0x1ff8, {0x1, 0x200}}, {0x8686, 0x8, {0x1, 0x8}}, {0x7, 0x6, {0x1, 0x8}}, {0x6, 0x3df6, {0x1, 0x3}}, {0x9, 0x1800, {0x2}}, {0x8, 0x6, {0x0, 0xfc}}, {0x3, 0x5, {0x1, 0x1}}, {0xb, 0x101, {0x1}}, {0x6de5, 0x40, {0x1, 0x72c2}}]}}}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x81}, 0x800)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r8, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$selinux_user(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, 0x0, 0x0)

5m43.076717535s ago: executing program 0 (id=79):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r1, 0x407, 0x80000000)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000140)={0x1e0, r2, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x24}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xe}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5d}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1e6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xe47}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9508}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK={0x50, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xb7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xd}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfc18483}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x60}]}, @TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x2, @loopback, 0x1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffb}]}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x2004c804}, 0x10)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000000)={0x1, 0x0, 0x5, &(0x7f00000000c0)={0x9f, "06c4ce00000000006eb5e52829e7cb839300000400"}})

5m42.865196096s ago: executing program 0 (id=81):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x0, 0x0)

5m42.757940416s ago: executing program 0 (id=82):
r0 = socket$netlink(0x10, 0x3, 0x0) (async)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000440)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000480)=0x14) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) (async)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f00000001c0)=0x2001) (async)
r6 = fcntl$dupfd(r5, 0x0, r5)
readv(r6, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1) (async)
r7 = fspick(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f00000002c0)='^{/.\x00', &(0x7f0000000300)='#]/]&+\x00', 0x0)
r8 = dup3(r4, r3, 0x0) (async)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r9, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) (async)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f00000005c0)={@ptr={0x77682a85, 0x0, 0x0, 0x0, 0x1, 0x25}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @fda={0x66646185, 0x5, 0x1, 0xc8}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) (async)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x62000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000001}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x48}, 0x1, 0x0, 0x0, 0x48890}, 0x0)

5m41.825246775s ago: executing program 0 (id=85):
recvmmsg(0xffffffffffffffff, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/86, 0x56}], 0x1}, 0x8}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x18, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}], {0x95, 0x0, 0x0, 0x20}}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r3, 0x1, 0x0, 0x0, {0x54}, [{{@nsim={{0xe, 0x2}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r5=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", 0xffffffffffffffff, <r6=>0xffffffffffffffff})
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
close_range(r2, r6, 0x0)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)

5m40.910443311s ago: executing program 32 (id=85):
recvmmsg(0xffffffffffffffff, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/86, 0x56}], 0x1}, 0x8}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x18, 0x5, &(0x7f00000001c0)=@framed={{}, [@ldst={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a7fbb}, @ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}], {0x95, 0x0, 0x0, 0x20}}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xf4240, &(0x7f0000000100)=""/147}, 0x80)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r3, 0x1, 0x0, 0x0, {0x54}, [{{@nsim={{0xe, 0x2}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r5=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", 0xffffffffffffffff, <r6=>0xffffffffffffffff})
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
close_range(r2, r6, 0x0)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0)

15.902554818s ago: executing program 1 (id=1058):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}}, 0x1c}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)

15.710128452s ago: executing program 1 (id=1060):
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f00000018c0)=""/102400, 0x19000)
socket(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x18, 0x30, 0x1, 0x0, 0x25dfdbf9, {}, [{0x4}]}, 0x18}}, 0x4c000)
landlock_create_ruleset(&(0x7f0000000040)={0x8201, 0x3}, 0x18, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="5773e20510916ec5b62c0dd93991d20d8d9d64ab16d80c52e17103b67fb8dbe0e68d6bf1b7afb8b30f06cb104e20ea46c2dc3bc70f02d8110acc293b6d66ca643f08792acd7ece98b8dc5b67caf7fc50d5e1c02628a7edc5205c614bbe36c5ed7839578a83dfb4bf86f6830ecb6d99915a9eff74710c809467cd659f40f45ba06895135ae3a4ab615a0b35d06cf2951bfe44666993edca0249be03368d57af236c5bed637fbab960f6c3207ffec6ab5f592d0abfdf58"])
r2 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x101800, 0x0)
quotactl_fd$Q_GETQUOTA(r2, 0xffffffff80000701, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000010000000000009500000000000000"], &(0x7f0000000300)='GPL\x00'}, 0x94)
r3 = syz_usb_connect(0x5, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x32, 0xf4, 0x49, 0x10, 0x9c0, 0x201, 0xaa4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe5, 0xa5, 0xc8}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f00000020c0)={0x34, &(0x7f00000006c0)={0x20, 0x12, 0x1, 'P'}, 0x0, 0x0, 0x0, 0x0, 0x0})
lstat(0x0, &(0x7f00000002c0))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xf7be51c58132ffa2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$USBDEVFS_DISCSIGNAL(0xffffffffffffffff, 0x8010550e, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)

11.026304865s ago: executing program 1 (id=1074):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x304)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

9.485312005s ago: executing program 1 (id=1078):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
readlink(0x0, &(0x7f0000000300)=""/244, 0xf4)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x409240, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r2 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0x449f, 0xb000, 0x80000000, 0x316})
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r2, 0x21, 0x0, 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000340)={0x0, <r3=>0x0}, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x44802, &(0x7f00000004c0)={[{@redirect_dir_nofollow}, {@userxattr}, {@uuid_off}, {@xino_auto}, {@uuid_null}, {@metacopy_off}], [{@flag='dirsync'}, {@subj_user={'subj_user', 0x3d, 'uuid=off'}}, {@uid_eq={'uid', 0x3d, r3}}, {@uid_eq={'uid', 0x3d, r3}}, {@euid_lt={'euid<', r3}}, {@fowner_eq={'fowner', 0x3d, r3}}]})
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
socket$inet6(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

9.440991834s ago: executing program 4 (id=1080):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f00000000c0))
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000530000/0x3000)=nil)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x800, 0x0)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0xfffffffe, 0x0, 0x0, 0xfff, 0xa, "0062ba7d82000000160000000000f738096304"})
r3 = syz_open_pts(0xffffffffffffffff, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x15, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="dbaa00fe1001000071100000"], &(0x7f0000000480)='syzkaller\x00', 0x5}, 0x94)
dup3(r3, 0xffffffffffffffff, 0x80000)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
open$dir(0x0, 0x0, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000400)=<r5=>0x0)
r6 = syz_open_procfs(r5, &(0x7f0000000440)='oom_adj\x00')
read$FUSE(r6, &(0x7f0000000e00)={0x2020}, 0x2020)
inotify_add_watch(r6, &(0x7f0000000000)='./file0\x00', 0x2000020)
write$tun(0xffffffffffffffff, &(0x7f0000000700)=ANY=[@ANYBLOB="0000880902b690a305d17434c9008002b9e31af1932e707d6df237b2a1482dc7b682b9430d874965aee98ab894a0556ddea28af26e5abdcefc3cff80ceb07782ec41bfa0576d7c69f5f7a4196042aafd6a58d70d69f75b9a4a448746b733b44dc2a0075e3283b6785d0b5b9045264e1146969ae17e4e640ddf891e328390e57dd07a28c78721ecd2c838d235bab268ae96fd6da9a80e6bb90e"], 0x11)
getdents64(r4, &(0x7f0000000300)=""/152, 0x98)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})

8.001734963s ago: executing program 1 (id=1082):
syz_usb_connect(0x5, 0x3ce, &(0x7f0000000580)=ANY=[@ANYBLOB="12011001e439b010ac0514021435010203010902bc03020000000109045e570a03e502080b24060001499c1b76089305240000040d240f0100000000aa0000100d06241a81001807240a0185f86705240103081524120800a317a88b045e4f01a607c0ffcb7e392a052415018009050700fe070d090609050708080004ff0309050903"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
shutdown(r0, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x0)
setresuid(0xee01, r2, r2)
ioctl$SIOCX25SSUBSCRIP(r1, 0x89e1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)

7.374222337s ago: executing program 4 (id=1083):
socket$kcm(0x10, 0x2, 0x0)
getxattr(0x0, &(0x7f00000000c0)=@known='system.posix_acl_access\x00', 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000010140), 0x48c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x48000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000004300)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b0000000000000000000000000000d35fb97c2d7a9374294dcec3da3df9a13c4fc63b00426682534d894caee0b963a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0xa0002, 0x0)
ioctl$SIOCGSKNS(r2, 0x894c, 0x0)
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
fcntl$setstatus(r3, 0x4, 0x42c00)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002000)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048851}, 0x490)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000010440)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r0, 0x400454d1, &(0x7f00000000c0)={0x0, 0x0})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
ioctl$KVM_TRANSLATE(r5, 0xc018ae85, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2c}}, @time_exceeded={0x5, 0xea452954ff7d0934, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0xd, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x9a}, @empty}, "001863714ab99043"}}}}}, 0x0)

6.571135779s ago: executing program 2 (id=1086):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00008864bbbbbbbbbbbbaaaaaaaaaaaa8100040008004519001400e720"], 0x2a) (fail_nth: 2)

6.524800145s ago: executing program 3 (id=1087):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x40, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f00000000c0)='%pi6   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000ff0500000000000000000000b7080000000000007b8af8ff00000000b7080000ff0100007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$BLKPG(r3, 0x1269, &(0x7f0000000040)={0x3, 0x0, 0x98, &(0x7f00000000c0)={0x8, 0xffffffffffffff44, 0x5}})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$alg(0x26, 0x5, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000380)={'vxcan0\x00', <r6=>0x0})
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, 0x0, 0x0)
sendmmsg$unix(r9, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r9, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000200)="3f03fe7f0302140006001e0089e9aaa911d7ec16e7dbf34f99c3584e8c65024d574c580501fe9598df48faf495b8acc673f706bd2a8882d3", 0x12, 0x20000000, 0x0, 0xfffffffffffffff2)
bind$can_j1939(r7, &(0x7f0000000000)={0x1d, r6, 0x0, {}, 0xfe}, 0x37)
sendmsg$can_j1939(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r6, 0x0, {}, 0x2}, 0x18, &(0x7f0000000180)={&(0x7f00000003c0)="08030005c7373d5b04", 0x9}}, 0xee)
close(r7)
mknod(0x0, 0x1ffa, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x111, 0x70bd27, 0x100000, {0x0, 0x0, 0x74, r6, {0x6, 0x8}, {0x5, 0xffff}, {0xfff1, 0xe}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4010}, 0xc4)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
listen(r10, 0x6)
prctl$PR_SET_IO_FLUSHER(0x4a, 0x2)

5.838231134s ago: executing program 2 (id=1088):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)={0x5, 0x802, 0x0, {0x0, 0x2710}, {0x0, 0xea60}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x27, 0x0, 0x0, 0x0, "f33d8e7b847ec8b36f1107e036dd98fc469107485e371bcf5c6b77db54f3d984795c49eca9b92241dc9fc39f976ad52e581942d9fc2178681e6866aa6ef10d06"}}, 0x80}, 0x1, 0x0, 0x0, 0x40084}, 0x20000000)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x182, 0x9, {0x77359400}, {}, {0x2, 0x0, 0x1}, 0x1, @can={{0x4, 0x1, 0x1, 0x1}, 0x5, 0x1, 0x0, 0x0, "c251541693f8cfd1"}}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4004844)
syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b36"], 0x0)
close(0x4)

5.801497449s ago: executing program 4 (id=1089):
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0600000004"], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000740)={0x5, 0x8e, 0xf, 0x3, 0x9})
syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090264000201000000090400000102020000052406000105240000000d240f0100000000000000000006241a00000008241c0000007a0b090581030002000000090401"], 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
r2 = syz_open_dev$vim2m(&(0x7f0000000440), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000140)={0x0, 0x34324142, 0x2, @discrete={0x1, 0x401}})
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r1, 0x0, 0x0, 0x800)
r4 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}, @IFA_FLAGS={0x8, 0x8, 0x702}]}, 0x34}}, 0x0)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
ioctl$sock_SIOCOUTQ(r1, 0x5411, &(0x7f00000000c0))
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0), 0x2, 0x0, 0xfffffffffffffe69}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

5.406152051s ago: executing program 3 (id=1092):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
bind$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x103, @rand_addr=' \x01\x00', 0xc, 0xffffffff}, 0xfffffffffffffe3d)
sendmsg$inet(r1, &(0x7f0000000500)={&(0x7f0000000200)={0x2, 0x4e23, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000580)=ANY=[], 0x20}, 0x8000)

5.22739318s ago: executing program 3 (id=1093):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001800090000000000000000001c140000fe0000010000ddff070001"], 0x24}}, 0x0)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000380)={<r1=>0x0, 0x1, 0x87, 0x1})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000000780)={{r0}, 0x0, 0x14, @unused=[0x5, 0x100000001, 0x3, 0x6], @devid=r1})

5.124442383s ago: executing program 3 (id=1095):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB="80000004", @ANYRES16=r1, @ANYBLOB="01012abd7000000008002b00000008000300", @ANYRES64=0x0, @ANYBLOB="0401993a8a24fc4c0400020222edaebd5947110200003733fbc7"], 0x80}, 0x1, 0x0, 0x0, 0x4084}, 0x4804)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = syz_io_uring_setup(0x7a28, &(0x7f00000003c0)={0x0, 0x334e, 0x0, 0xfffffffd, 0x312}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000300)=<r5=>0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x3})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="14"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = socket(0x40000000015, 0x5, 0x0)
recvmmsg(r8, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}, 0x80000000}], 0x1, 0x60010002, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000032680)=""/102392, 0x18ff8)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FILES_UPDATE={0x14, 0x10, 0x0, 0x0, 0xfff, 0x0})
io_uring_enter(r3, 0x7277, 0x0, 0x28, 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
syz_fuse_handle_req(r2, 0x0, 0x0, 0x0)
creat(&(0x7f00000016c0)='./file0\x00', 0x40)

4.257078304s ago: executing program 1 (id=1096):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x12, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
membarrier(0x2, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
mlock2(&(0x7f0000549000/0x1000)=nil, 0x1000, 0x0)
munlockall()
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
socketpair(0x1, 0x100000005, 0x0, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14)
syz_open_procfs(0xffffffffffffffff, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f00000002c0)={'wg2\x00', <r5=>0x0})
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="bc010000", @ANYRES16=r4, @ANYBLOB="05002abd7000fddbdf2501000000a00108807400008024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696b240001000000000000000000000000000000000000000000000000000000000000000000200004000a004e2000000001ff010000000000000000000000000001020000000800030007000000e800008024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc000098058000080060001000200000008000200ac1e00010500030001000000060001000a00000014000200000000000000000000000000000000010500030000000000060001000200000008000200ffffffff050003000100000064000080060001000a00000014000200000000000000000000000000000000010500030002000000060001000200000008000200ac1414bb0500030002000000060001000a0000001400020000000000000000000000000000000001050003000200000040000080080003000000000008000a000100000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922080003000300000008000100", @ANYRES32=r5, @ANYBLOB="cefed22ea79f7b96abb5e0757fca384d4b90bc5d0d5b47d1307c36cb9da3181e732cdce4471fcc9b59ae35404fb15851c28218c5548eaff6142e75e5b877a01bde4308fd8a2d3088dd75f510cd50bea2d527a8eeb2e4ee949c875da787ec2b74fc8ed54a8526e3fe407448bb31395b8dc0c49f442a11127c895bb1437f0f0ed19ec19bdfb145447b5419bc4c0b6569cc52ec383c"], 0x1bc}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000040), 0x10)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000001000010800000000fbdbdf2500a5c500", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x4)

4.228221588s ago: executing program 2 (id=1098):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
readlink(0x0, &(0x7f0000000300)=""/244, 0xf4)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x409240, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r2 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0x449f, 0xb000, 0x80000000, 0x316})
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r2, 0x21, 0x0, 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000340)={0x0, <r3=>0x0}, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x44802, &(0x7f00000004c0)={[{@redirect_dir_nofollow}, {@userxattr}, {@uuid_off}, {@xino_auto}, {@uuid_null}, {@metacopy_off}], [{@flag='dirsync'}, {@subj_user={'subj_user', 0x3d, 'uuid=off'}}, {@uid_eq={'uid', 0x3d, r3}}, {@uid_eq={'uid', 0x3d, r3}}, {@euid_lt={'euid<', r3}}, {@fowner_eq={'fowner', 0x3d, r3}}]})
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
socket$inet6(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

4.202421888s ago: executing program 3 (id=1099):
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r4, &(0x7f0000001200)={'#! ', './file0', [{0x20, '\x98\xe1Cvg\x9cO\x16\xc0TC\xe8\xb8\x91W\xb8\x84\xdf\xbe\xbd\x8f\x81!\xf2V[\x03V\xba/\xb9+\xd2\x95\xe0t\x0f<}T\v\x0f\xe8\xae\x89\xfa^\xce\xae[t/\x12\x1f\x02\x85\xbd\xbc\r(\xfd\xf2\xeeB\x12\xdc\x06\x1d\xd8\x86g\xcf\xb6\xde\xeb\xfc\xfc~A\x95\x8a6'}, {0x20, '5\xed\xe9\xe8\f\xcb\x82;\xc5\x98\"\x1c\x8d\xbb,X}\xec\x9f\xe5\xf0\x1f\x02\a\x0e\xe09\x17\xa9\xdbXP\x94}L\x17WT\xc0Rc\xe5\xd3\x9a\xcfGr3\xbaf\x8aS\xc6Q\x16\xf4\x9f\x02u.\xaf\xf3\xb8\x0e\x85a8\x03\x02\xf4\xf1\\b\x1ew\xd4F\xf1\xf9I\xe4\xca\xb1\xa51Sk\xdf\xc7\xd2\x87.b\xb9|+\x9f3@\xdfs\xa0\x01\x8fV/0\x8bo\xccQ\x9c\x9e\xae!b\xa0 \xea\xa4(C\n\x96\xdf\xd2\xd6\x91\x90\x83 \xb2\xb4\xac{\x02\xde,Ff\x98\x84\x16\x1b\x96\xac\x9e\x17\xf0\x13\xfa\xd1+\xcc\x19\x81ZZ\xa0\xde\xeb\xf3`\x0e\x87:` \x1b\xec\xc81\xb7\x91\xfdcL\xdcH/<w\x83\xd4B\x1cd\x8e\x98\xabd\xbc\f#\x92\xaf\xe5/|\x15\xaf\x81\x81\xe2l\x91'}]}, 0x12d)
close(r4)
execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000002200)={[&(0x7f0000000340)='^-%-\\x\\$})\'!&}*', &(0x7f0000000440)='syz0']}, 0x0)
r5 = dup(r1)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000440)={{0xffbe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53})
ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x12)
ioctl$UI_SET_SNDBIT(r6, 0x4004556a, 0x1)
ioctl$UI_DEV_CREATE(r6, 0x5501)
write$uinput_user_dev(r5, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5d, 0x3, 0x6, 0x5, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0x4, 0x2, 0x6, 0x3, 0x103, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x9, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x9, 0x4, 0x2, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x8, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x100, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0x5, 0xa3, 0x3, 0x2, 0x0, 0x3, 0x1, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x1, 0xfff, 0x6, 0x100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x6, 0x7, 0x7, 0x0, 0x11, 0x3, 0xffd, 0x7, 0x7, 0x8000, 0x12, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x3, 0x71d], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x40, 0xfffffff3, 0x497, 0x800004, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x40, 0x9, 0x6, 0xc41f, 0x80000001, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x9, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xe, 0x9, 0x8000007, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0xb65, 0x7, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x10001, 0x0, 0x4, 0x0, 0xa5, 0x6cb9, 0xaa, 0x200])
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0)
writev(r7, &(0x7f0000000040), 0x0)

3.759962754s ago: executing program 4 (id=1100):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, 0x0, 0x20040814)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x1, @ANYBLOB="09000000000000000000000000000000000000002f54d4d7326c9a5cee2506b31dec1c532db3540150e7292c3347236b560ea7a4739f1dbe7f05d956bcc971", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000070000000200"/28], 0x50)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(0x0, r2)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x402, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000080)='connect aa:aa:aa:aa:aa:10 0', 0x1b)
sendmsg$TEAM_CMD_PORT_LIST_GET(r2, 0x0, 0x80)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f000001b700)=""/102400, 0x19000)
socket$kcm(0x10, 0x2, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)

3.432825628s ago: executing program 5 (id=1101):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
accept4(r0, 0x0, 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getsig(0x4202, r2, 0x2, &(0x7f0000000080))
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendmsg$alg(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@assoc={0x12, 0x117, 0x4, 0x4}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x0, 0x117, 0x4, 0x7ff}], 0x30}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x80, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120020000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa000000000000000000000000000000000400"], 0xa8}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@setneightbl={0x14, 0x43, 0x1, 0xffff7ffe, 0x0, {0xa}}, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r8, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c00000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="000000000002000014001280090001007663616e000000000400028008000a00", @ANYRES32=r8, @ANYBLOB="03f69741d9bdd44f094932a1ea0079a61975"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000080)='./file0\x00')
symlink(&(0x7f0000002080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

3.431710026s ago: executing program 2 (id=1102):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x6)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100)={0x27, 0x0, 0x1, 0x1, 0x0, 0xde, "c14d1dedaa1bde1a3299b7e0f741ef51772aba1135698eba8372f303d6cdbfc141f8b9600cce9cb5628c07ceb1d7cfe97e8ab6bbcd8c29f5f782d5fd6a6e81", 0x10}, 0x60)
bind$nfc_llcp(0xffffffffffffffff, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000001200)={0x18, 0xef9, 0x1})
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x1000f0000)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x7, 0x0, 0xa0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0))
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x1800)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000100)=<r3=>0x0)
stat(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@func={'func', 0x3d, 'CREDS_CHECK'}}, {@euid_eq={'euid', 0x3d, r3}}, {@appraise_type}, {@seclabel}, {@smackfsroot={'smackfsroot', 0x3d, '.}@#@\xe1:\\*,.'}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@uid_eq={'uid', 0x3d, r3}}, {@smackfsfloor}, {@uid_lt={'uid<', r4}}, {@uid_lt={'uid<', r3}}]})
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@hyper})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r5, 0x7a6, &(0x7f0000000040)={0x4, 0x100000, 0x1a0, 0xfffffffffffffffd})

2.815103107s ago: executing program 4 (id=1103):
getpid()
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$kcm(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r4, &(0x7f0000001200)={'#! ', './file0', [{0x20, '\x98\xe1Cvg\x9cO\x16\xc0TC\xe8\xb8\x91W\xb8\x84\xdf\xbe\xbd\x8f\x81!\xf2V[\x03V\xba/\xb9+\xd2\x95\xe0t\x0f<}T\v\x0f\xe8\xae\x89\xfa^\xce\xae[t/\x12\x1f\x02\x85\xbd\xbc\r(\xfd\xf2\xeeB\x12\xdc\x06\x1d\xd8\x86g\xcf\xb6\xde\xeb\xfc\xfc~A\x95\x8a6'}, {0x20, '5\xed\xe9\xe8\f\xcb\x82;\xc5\x98\"\x1c\x8d\xbb,X}\xec\x9f\xe5\xf0\x1f\x02\a\x0e\xe09\x17\xa9\xdbXP\x94}L\x17WT\xc0Rc\xe5\xd3\x9a\xcfGr3\xbaf\x8aS\xc6Q\x16\xf4\x9f\x02u.\xaf\xf3\xb8\x0e\x85a8\x03\x02\xf4\xf1\\b\x1ew\xd4F\xf1\xf9I\xe4\xca\xb1\xa51Sk\xdf\xc7\xd2\x87.b\xb9|+\x9f3@\xdfs\xa0\x01\x8fV/0\x8bo\xccQ\x9c\x9e\xae!b\xa0 \xea\xa4(C\n\x96\xdf\xd2\xd6\x91\x90\x83 \xb2\xb4\xac{\x02\xde,Ff\x98\x84\x16\x1b\x96\xac\x9e\x17\xf0\x13\xfa\xd1+\xcc\x19\x81ZZ\xa0\xde\xeb\xf3`\x0e\x87:` \x1b\xec\xc81\xb7\x91\xfdcL\xdcH/<w\x83\xd4B\x1cd\x8e\x98\xabd\xbc\f#\x92\xaf\xe5/|\x15\xaf\x81\x81\xe2l\x91'}]}, 0x12d)
close(r4)
execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000002200)={[&(0x7f0000000340)='^-%-\\x\\$})\'!&}*', &(0x7f0000000440)='syz0']}, 0x0)
r5 = dup(r1)
r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000440)={{0xffbe, 0x5, 0x2, 0x5}, 'syz1\x00', 0x53})
ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x12)
ioctl$UI_SET_SNDBIT(r6, 0x4004556a, 0x1)
ioctl$UI_DEV_CREATE(r6, 0x5501)
write$uinput_user_dev(r5, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5d, 0x3, 0x6, 0x5, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0x4, 0x2, 0x6, 0x3, 0x103, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x9, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x9, 0x4, 0x2, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x8, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x100, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0x5, 0xa3, 0x3, 0x2, 0x0, 0x3, 0x1, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x1, 0xfff, 0x6, 0x100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x6, 0x7, 0x7, 0x0, 0x11, 0x3, 0xffd, 0x7, 0x7, 0x8000, 0x12, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x3, 0x71d], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x40, 0xfffffff3, 0x497, 0x800004, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x40, 0x9, 0x6, 0xc41f, 0x80000001, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x9, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xe, 0x9, 0x8000007, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0xb65, 0x7, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c)
ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x10001, 0x0, 0x4, 0x0, 0xa5, 0x6cb9, 0xaa, 0x200])
io_uring_enter(r5, 0x6ed8, 0x276b, 0x3a, &(0x7f0000000040)={[0x8335]}, 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000040), 0x0)

2.088652701s ago: executing program 2 (id=1104):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a6c000000060a010400000000000000000a0003ff400004803c0001800b00010065787468647200002c000280080006400000000108000740000000140500020083"], 0x94}, 0x1, 0x0, 0x0, 0x4000015}, 0x24000000)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x20, 0x6, 0x7e, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x8, 0xa}]}}}}}}}}, 0x0) (fail_nth: 3)

1.904697069s ago: executing program 5 (id=1105):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
personality(0x40000)
ioctl$SNDCTL_FM_4OP_ENABLE(r0, 0x4004510f, &(0x7f0000000040)=0xfffffffd)
close(r0)

1.904249711s ago: executing program 2 (id=1106):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000580)=0xe)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000040)='P')
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x6)
read$dsp(r0, &(0x7f00000011c0)=""/4117, 0x200021d5)

1.727598486s ago: executing program 5 (id=1107):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1)

1.442050011s ago: executing program 5 (id=1108):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000240)='|')
ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000080)) (fail_nth: 3)

1.038096229s ago: executing program 5 (id=1109):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x2aa120b163be4acf, 0x0)
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000000)=0x2)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000580)=0xe)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x6)
r1 = getpid()
ptrace$ARCH_GET_CPUID(0x1e, r1, 0x0, 0x1011)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0))
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
r3 = socket(0x15, 0x5, 0x5)
bind$unix(r3, &(0x7f0000000000)=@abs, 0x6e)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
r6 = socket$inet6(0xa, 0x1, 0x0)
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x2, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket$key(0xf, 0x3, 0x2)
r8 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r8, 0xae03, 0xe2b)

999.217325ms ago: executing program 5 (id=1110):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
clock_gettime(0x0, &(0x7f0000000100)={<r1=>0x0, <r2=>0x0})
sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000000000), 0x10, &(0x7f00000001c0)={&(0x7f0000000140)={0x6, 0x840, 0xfa2, {r1, r2/1000+10000}, {}, {0x3, 0x0, 0x1}, 0x1, @canfd={{0x1, 0x1}, 0x1a, 0x3, 0x0, 0x0, "ab044577b754b18074106d0517470fd60adea87d4140bc4738039ccdf36db7a80f9a4c27ce44a304f4df74afcf5065dc543ea8259baa3677921d1f7b60df14c7"}}, 0x80}, 0x1, 0x0, 0x0, 0x40040}, 0x4008080)
syz_open_dev$vbi(&(0x7f00000000c0), 0x3, 0x2)
shutdown(0xffffffffffffffff, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff)
socket$inet_udp(0x2, 0x2, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001300)=@newtfilter={0x38, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0xfff3, 0xffe0}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x5, 0x6}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
times(0xfffffffffffffffe)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200000001000007000000000000000000000053000000850000005000000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r10, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

18.548082ms ago: executing program 4 (id=1111):
socket$igmp6(0xa, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
read$FUSE(r1, &(0x7f00000005c0)={0x2020}, 0x2020)
ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f0000000380)={0x3, 0x2})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/uevent_helper', 0x149882, 0x60)
syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfd', @ANYRESHEX=r4])
setrlimit(0x9, &(0x7f0000000400)={0x80000001, 0x96f})
socket$kcm(0x29, 0x2, 0x0)
set_mempolicy(0x2, &(0x7f0000000080)=0x4716, 0x3)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r6 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
fsetxattr$security_ima(r6, &(0x7f0000000480), 0x0, 0x0, 0x3)
fcntl$getownex(r2, 0x10, &(0x7f0000000040)={0x0, <r7=>0x0})
get_robust_list(r7, &(0x7f0000000300)=&(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)}, &(0x7f0000000340)=0x18)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_ACTIVATE(r8, 0x4bfa, 0x10000000000004)
ioctl$sock_FIOSETOWN(r2, 0x8901, &(0x7f0000000440)=r7)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, 0x0, 0x0)

0s ago: executing program 3 (id=1112):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
readlink(0x0, &(0x7f0000000300)=""/244, 0xf4)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000080), 0x409240, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r2 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0x449f, 0xb000, 0x80000000, 0x316})
io_uring_register$IORING_REGISTER_RESIZE_RINGS(r2, 0x21, 0x0, 0x1)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000340)={0x0, <r3=>0x0}, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x44802, &(0x7f00000004c0)={[{@redirect_dir_nofollow}, {@userxattr}, {@uuid_off}, {@xino_auto}, {@uuid_null}, {@metacopy_off}], [{@flag='dirsync'}, {@subj_user={'subj_user', 0x3d, 'uuid=off'}}, {@uid_eq={'uid', 0x3d, r3}}, {@uid_eq={'uid', 0x3d, r3}}, {@euid_lt={'euid<', r3}}, {@fowner_eq={'fowner', 0x3d, r3}}]})
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
socket$inet6(0x10, 0x3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000d40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=0x2000000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r6}, 0x10)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

kernel console output (not intermixed with test programs):

7][ T9091]  __sys_recvmsg+0x16a/0x220
[  333.836805][ T9091]  ? __pfx___sys_recvmsg+0x10/0x10
[  333.836833][ T9091]  ? rcu_is_watching+0x12/0xc0
[  333.836855][ T9091]  do_syscall_64+0xcd/0x4c0
[  333.836875][ T9091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.836891][ T9091] RIP: 0033:0x7f8c8f78ebe9
[  333.836904][ T9091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.836920][ T9091] RSP: 002b:00007f8c906d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  333.836935][ T9091] RAX: ffffffffffffffda RBX: 00007f8c8f9c5fa0 RCX: 00007f8c8f78ebe9
[  333.836945][ T9091] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[  333.836955][ T9091] RBP: 00007f8c906d6090 R08: 0000000000000000 R09: 0000000000000000
[  333.836964][ T9091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.836973][ T9091] R13: 00007f8c8f9c6038 R14: 00007f8c8f9c5fa0 R15: 00007ffcc7e08268
[  333.836995][ T9091]  </TASK>
[  334.058060][ T5903] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  334.058089][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.058109][ T5903] usb 4-1: Product: syz
[  334.058144][ T5903] usb 4-1: Manufacturer: syz
[  334.058160][ T5903] usb 4-1: SerialNumber: syz
[  334.060890][ T5903] usb 4-1: config 0 descriptor??
[  334.092072][ T7094] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  334.115315][ T5917] asix 5-1:128.251: probe with driver asix failed with error -22
[  334.194746][ T5917] usb 5-1: USB disconnect, device number 28
[  334.420081][ T7094] gp8psk: usb in 128 operation failed.
[  334.427800][ T7094] gp8psk: usb in 137 operation failed.
[  334.433357][    T9] vhci_hcd: vhci_device speed not set
[  334.980605][ T7094] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  335.175322][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -110
[  335.187685][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -32
[  335.197987][ T7094] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  335.474581][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -32
[  335.483985][ T7094] usb 3-1: media controller created
[  335.492857][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -32
[  335.633657][ T7094] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  335.682064][ T9112] vcan0: tx drop: invalid da for name 0x0000000000000004
[  336.259211][ T7094] gp8psk_fe: Frontend revision 1 attached
[  336.397947][ T7094] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  336.431644][ T7094] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  336.625157][ T9119] vcan0: tx drop: invalid da for name 0x0000000000000004
[  336.699471][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.076276][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.082800][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.089157][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.114948][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.122678][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.130879][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.138294][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.145155][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.153524][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.159891][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.177259][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.187110][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.195664][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.202738][ T5903] iforce 4-1:0.0: usb_submit_urb failed: -71
[  337.208829][ T5903] input input29: Timeout waiting for response from device.
[  337.218846][ T7094] gp8psk: usb in 137 operation failed.
[  337.224915][ T7094] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  337.341998][ T5903] usb 4-1: USB disconnect, device number 23
[  337.363819][ T7094] gp8psk: found Genpix USB device pID = 201 (hex)
[  337.390799][ T7094] usb 3-1: USB disconnect, device number 28
[  337.504393][ T7094] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  337.624003][ T9124] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  337.638118][ T9124] loop6: detected capacity change from 0 to 63
[  337.670780][ T5866] buffer_io_error: 295 callbacks suppressed
[  337.670791][ T5866] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.695770][ T5866] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.705640][ T5866] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.714435][ T5866] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.722883][ T5866] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.808172][ T9122] Buffer I/O error on dev loop6, logical block 2, async page read
[  337.810077][ T9124] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.817046][ T9122] Buffer I/O error on dev loop6, logical block 2, async page read
[  337.824546][ T9124] Buffer I/O error on dev loop6, logical block 0, async page read
[  337.983844][ T9130] netlink: 12 bytes leftover after parsing attributes in process `syz.4.794'.
[  338.001030][ T9124] Buffer I/O error on dev loop6, logical block 0, async page read
[  338.053745][ T9130] netlink: 'syz.4.794': attribute type 6 has an invalid length.
[  338.064261][ T9130] netlink: 'syz.4.794': attribute type 5 has an invalid length.
[  338.133100][ T9134] exFAT-fs (md0): unable to read boot sector
[  338.139190][ T9134] exFAT-fs (md0): failed to read boot sector
[  338.189028][ T9134] exFAT-fs (md0): failed to recognize exfat type
[  338.656080][   T30] audit: type=1400 audit(1756687197.937:698): avc:  denied  { getopt } for  pid=9142 comm="syz.2.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  339.028253][ T9154] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  339.042554][ T9154] loop6: detected capacity change from 0 to 63
[  339.430312][ T5903] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  340.042736][ T5903] usb 4-1: Using ep0 maxpacket: 16
[  340.064718][ T5903] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  340.080610][ T7094] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  340.097766][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.125984][ T5903] usb 4-1: Product: syz
[  340.139156][ T5903] usb 4-1: Manufacturer: syz
[  340.156272][ T5903] usb 4-1: SerialNumber: syz
[  340.215783][ T5903] usb 4-1: config 0 descriptor??
[  340.260010][ T5903] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  340.296779][ T7094] usb 3-1: Using ep0 maxpacket: 16
[  340.330364][ T7094] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  340.350457][ T7094] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.368661][ T7094] usb 3-1: Product: syz
[  340.626221][ T5903] gp8psk: usb in 128 operation failed.
[  340.646801][ T7094] usb 3-1: Manufacturer: syz
[  340.656595][ T7094] usb 3-1: SerialNumber: syz
[  340.666479][ T5903] gp8psk: usb in 137 operation failed.
[  340.675097][ T5903] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  340.687263][ T7094] usb 3-1: config 0 descriptor??
[  340.696907][ T9167] 9pnet_fd: Insufficient options for proto=fd
[  340.721562][ T7094] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  340.745652][ T5903] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  340.802082][ T5903] usb 4-1: media controller created
[  340.837574][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  340.861066][    T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  341.667995][ T5903] gp8psk_fe: Frontend revision 1 attached
[  341.674150][ T5903] usb 4-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  341.684316][ T5903] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  341.761802][    T9] usb 2-1: Using ep0 maxpacket: 16
[  341.851154][    T9] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  341.879634][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.900670][    T9] usb 2-1: Product: syz
[  341.905479][    T9] usb 2-1: Manufacturer: syz
[  341.910944][    T9] usb 2-1: SerialNumber: syz
[  341.921781][    T9] usb 2-1: config 0 descriptor??
[  341.937757][    T9] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  342.107971][ T5903] gp8psk: usb in 137 operation failed.
[  342.126370][ T5903] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  342.143507][ T9174] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  342.164690][ T5903] gp8psk: found Genpix USB device pID = 201 (hex)
[  342.191070][ T5903] usb 4-1: USB disconnect, device number 24
[  342.242733][    T9] gp8psk: usb in 128 operation failed.
[  342.292745][    T9] gp8psk: usb in 137 operation failed.
[  342.320272][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  342.329588][ T7094] gp8psk: usb in 128 operation failed.
[  342.361457][ T7094] gp8psk: usb in 137 operation failed.
[  342.366938][ T7094] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  342.388212][    T9] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  342.441579][    T9] usb 2-1: media controller created
[  342.452448][ T7094] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  342.471906][ T9177] netlink: 40 bytes leftover after parsing attributes in process `syz.5.808'.
[  342.487229][ T7094] usb 3-1: media controller created
[  342.512938][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  342.531576][ T5903] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  342.573380][ T7094] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  342.582089][    T9] gp8psk_fe: Frontend revision 1 attached
[  342.626595][ T9189] netlink: 40 bytes leftover after parsing attributes in process `syz.4.811'.
[  342.661980][    T9] usb 2-1: DVB: registering adapter 2 frontend 0 (Genpix DVB-S)...
[  342.849453][ T9194] 9pnet_fd: Insufficient options for proto=fd
[  342.938396][ T7094] gp8psk_fe: Frontend revision 1 attached
[  342.944257][    T9] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  342.972944][ T7094] usb 3-1: DVB: registering adapter 3 frontend 0 (Genpix DVB-S)...
[  343.028477][ T7094] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  343.116097][ T7094] gp8psk: usb in 138 operation failed.
[  343.125753][ T7094] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  343.139482][ T7094] gp8psk: found Genpix USB device pID = 201 (hex)
[  343.168266][ T7094] usb 3-1: USB disconnect, device number 29
[  343.268515][ T7094] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  343.823196][ T9209] netlink: 28 bytes leftover after parsing attributes in process `syz.2.816'.
[  343.869314][ T9209] netlink: 8 bytes leftover after parsing attributes in process `syz.2.816'.
[  344.252763][ T9224] netlink: 24 bytes leftover after parsing attributes in process `syz.3.821'.
[  344.317876][    T9] gp8psk: usb in 137 operation failed.
[  344.570301][ T5917] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  344.670319][ T6009] usb 6-1: new low-speed USB device number 27 using dummy_hcd
[  344.813340][    T9] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  344.823497][    T9] gp8psk: found Genpix USB device pID = 201 (hex)
[  344.837709][    T9] usb 2-1: USB disconnect, device number 28
[  344.852807][ T6009] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  344.877793][ T6009] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  344.897866][ T6009] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  344.919765][   T30] audit: type=1400 audit(1756687204.197:699): avc:  denied  { call } for  pid=9220 comm="syz.3.821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  344.974293][ T6009] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  345.010319][ T6009] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.044984][    T9] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  345.052384][ T5917] usb 3-1: Using ep0 maxpacket: 16
[  345.116828][ T5917] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  345.126420][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.137050][ T5917] usb 3-1: Product: syz
[  345.143056][ T6009] hub 6-1:1.0: bad descriptor, ignoring hub
[  345.149287][ T6009] hub 6-1:1.0: probe with driver hub failed with error -5
[  345.184115][ T5917] usb 3-1: Manufacturer: syz
[  345.189135][ T6009] cdc_wdm 6-1:1.0: skipping garbage
[  345.196774][ T5917] usb 3-1: SerialNumber: syz
[  345.214816][ T6009] cdc_wdm 6-1:1.0: skipping garbage
[  345.227052][ T6009] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  345.251350][ T5917] usb 3-1: config 0 descriptor??
[  345.273669][ T5917] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  345.375037][ T9239] netlink: 4 bytes leftover after parsing attributes in process `syz.1.823'.
[  345.469621][ T9239] veth0_macvtap: left promiscuous mode
[  345.478649][ T5917] gp8psk: usb in 128 operation failed.
[  345.496960][ T5917] gp8psk: usb in 137 operation failed.
[  345.516682][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  345.542189][ T5917] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  345.557522][ T5917] usb 3-1: media controller created
[  345.609992][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  345.673884][ T5917] gp8psk_fe: Frontend revision 1 attached
[  345.683080][ T5917] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  345.692406][ T5917] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  345.840396][    T9] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  345.974675][ T5917] gp8psk: usb in 137 operation failed.
[  345.980192][ T5917] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  345.998427][ T5917] gp8psk: found Genpix USB device pID = 201 (hex)
[  346.014487][    T9] usb 4-1: Using ep0 maxpacket: 8
[  346.026153][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  346.041886][ T7094] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  346.066909][ T5917] usb 3-1: USB disconnect, device number 30
[  346.081082][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  346.147107][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  346.171520][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  346.217212][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  346.227460][ T7094] usb 5-1: Using ep0 maxpacket: 16
[  346.263106][ T7094] usb 5-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  346.282083][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.319505][ T7094] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.349578][ T7094] usb 5-1: Product: syz
[  346.357790][ T5917] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  346.364999][ T7094] usb 5-1: Manufacturer: syz
[  346.388681][ T7094] usb 5-1: SerialNumber: syz
[  346.454974][ T7094] usb 5-1: config 0 descriptor??
[  346.549509][    T9] usb 4-1: GET_CAPABILITIES returned 0
[  346.555679][ T7094] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  346.571789][    T9] usbtmc 4-1:16.0: can't read capabilities
[  347.183804][    T9] usb 4-1: USB disconnect, device number 25
[  347.193124][ T7094] gp8psk: usb in 128 operation failed.
[  347.211994][ T7094] gp8psk: usb in 137 operation failed.
[  347.219211][ T7094] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  347.229638][ T7094] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  347.239277][ T7094] usb 5-1: media controller created
[  347.254632][ T7094] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  347.272078][ T7094] gp8psk_fe: Frontend revision 1 attached
[  347.273776][  T976] usb 6-1: USB disconnect, device number 27
[  347.277818][ T7094] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  347.350207][ T7094] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  347.596056][   T30] audit: type=1400 audit(1756687206.877:700): avc:  denied  { setopt } for  pid=9275 comm="syz.1.827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  348.350749][ T7094] gp8psk: usb in 137 operation failed.
[  348.443926][ T7094] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  348.459865][ T7094] gp8psk: found Genpix USB device pID = 201 (hex)
[  348.497676][   T30] audit: type=1326 audit(1756687207.767:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f2b38ebe9 code=0x7ffc0000
[  348.559339][ T7094] usb 5-1: USB disconnect, device number 29
[  348.608024][   T30] audit: type=1326 audit(1756687207.767:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f0f2b38ebe9 code=0x7ffc0000
[  348.675072][ T7094] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  348.685570][   T30] audit: type=1326 audit(1756687207.767:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f2b38ebe9 code=0x7ffc0000
[  348.780170][ T9304] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048)
[  348.815064][   T30] audit: type=1326 audit(1756687207.767:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f0f2b38ebe9 code=0x7ffc0000
[  348.899590][   T30] audit: type=1326 audit(1756687207.767:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f2b38ebe9 code=0x7ffc0000
[  349.004255][   T30] audit: type=1326 audit(1756687207.777:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0f2b38d550 code=0x7ffc0000
[  349.143300][ T9319] input: syz1 as /devices/virtual/input/input30
[  349.246520][   T30] audit: type=1326 audit(1756687207.777:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f0f2b390417 code=0x7ffc0000
[  349.246565][   T30] audit: type=1326 audit(1756687207.777:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9295 comm="syz.3.830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0f2b38ebe9 code=0x7ffc0000
[  349.247387][ T9303] pim6reg: entered allmulticast mode
[  349.271888][    C1] vkms_vblank_simulate: vblank timer overrun
[  349.338665][ T9311] pim6reg: left allmulticast mode
[  349.375670][    C1] vkms_vblank_simulate: vblank timer overrun
[  351.173877][  T976] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  351.357712][ T5917] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  351.452047][  T976] usb 2-1: Using ep0 maxpacket: 8
[  351.581882][  T976] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  351.590388][ T5917] usb 4-1: Using ep0 maxpacket: 16
[  351.646955][ T5917] usb 4-1: config 72 has an invalid interface number: 12 but max is 1
[  351.660368][  T976] usb 2-1: config 179 has no interface number 0
[  351.667801][  T976] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  351.690159][ T5917] usb 4-1: config 72 has an invalid interface number: 2 but max is 1
[  351.699023][ T5917] usb 4-1: config 72 contains an unexpected descriptor of type 0x2, skipping
[  351.707895][  T976] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  351.721865][ T5917] usb 4-1: config 72 has an invalid interface number: 215 but max is 1
[  351.730173][  T976] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 102, changing to 10
[  351.751497][ T5917] usb 4-1: config 72 has an invalid descriptor of length 196, skipping remainder of the config
[  351.959601][  T976] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 24624, setting to 1024
[  352.080422][ T5917] usb 4-1: config 72 has 3 interfaces, different from the descriptor's value: 2
[  352.100275][ T5917] usb 4-1: config 72 has no interface number 0
[  352.106508][  T976] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  352.408867][ T5917] usb 4-1: config 72 has no interface number 1
[  352.426172][ T5917] usb 4-1: config 72 interface 12 altsetting 1 endpoint 0xD has invalid maxpacket 1024, setting to 64
[  352.441802][  T976] usb 2-1: config 179 interface 65 has no altsetting 0
[  352.451245][  T976] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  352.462634][ T5917] usb 4-1: config 72 interface 12 altsetting 1 has a duplicate endpoint with address 0x6, skipping
[  352.483788][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.520416][ T5917] usb 4-1: config 72 interface 12 altsetting 1 has a duplicate endpoint with address 0x8, skipping
[  352.598825][ T9377] fuse: blksize only supported for fuseblk
[  352.889537][  T976] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input31
[  352.901140][ T5917] usb 4-1: config 72 interface 12 altsetting 1 endpoint 0x4 has invalid maxpacket 1024, setting to 64
[  352.941174][ T5917] usb 4-1: config 72 interface 12 altsetting 1 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  352.974062][ T5917] usb 4-1: config 72 interface 12 altsetting 1 has a duplicate endpoint with address 0xD, skipping
[  353.002840][ T5207] input input31: unable to receive magic message: -110
[  353.022474][ T5917] usb 4-1: config 72 interface 12 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  353.044700][ T5207] input input31: unable to receive magic message: -32
[  353.063087][ T5207] input input31: unable to receive magic message: -32
[  353.078379][ T5917] usb 4-1: config 72 interface 12 altsetting 1 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  353.096411][ T5207] input input31: unable to receive magic message: -32
[  353.119543][ T5917] usb 4-1: config 72 interface 2 altsetting 1 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  353.144705][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has a duplicate endpoint with address 0xF, skipping
[  353.158334][ T5917] usb 4-1: config 72 interface 2 altsetting 1 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  353.186575][ T5207] input input31: unable to receive magic message: -32
[  353.212737][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  353.225157][ T5207] input input31: unable to receive magic message: -32
[  353.276580][ T5903] usb 2-1: USB disconnect, device number 29
[  353.276597][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  353.300300][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  353.354891][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has a duplicate endpoint with address 0x6, skipping
[  353.398144][ T5917] usb 4-1: config 72 interface 2 altsetting 1 endpoint 0xC has invalid wMaxPacketSize 0
[  353.437313][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has a duplicate endpoint with address 0x6, skipping
[  353.507561][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has a duplicate endpoint with address 0x6, skipping
[  353.526705][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  353.593244][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  353.838289][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has a duplicate endpoint with address 0x8, skipping
[  353.910308][ T5917] usb 4-1: config 72 interface 2 altsetting 1 has 14 endpoint descriptors, different from the interface descriptor's value: 15
[  354.208498][ T5917] usb 4-1: too many endpoints for config 72 interface 215 altsetting 233: 60, using maximum allowed: 30
[  354.298322][ T5917] usb 4-1: config 72 interface 215 altsetting 233 has 0 endpoint descriptors, different from the interface descriptor's value: 60
[  354.368713][ T5917] usb 4-1: config 72 interface 12 has no altsetting 0
[  354.421472][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  354.421491][   T30] audit: type=1400 audit(1756687213.657:719): avc:  denied  { read write } for  pid=9394 comm="syz.5.846" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  354.494177][   T30] audit: type=1400 audit(1756687213.657:720): avc:  denied  { open } for  pid=9394 comm="syz.5.846" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  354.574370][ T9405] FAULT_INJECTION: forcing a failure.
[  354.574370][ T9405] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  354.587500][ T9405] CPU: 0 UID: 0 PID: 9405 Comm: syz.2.847 Not tainted syzkaller #0 PREEMPT(full) 
[  354.587524][ T9405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  354.587535][ T9405] Call Trace:
[  354.587541][ T9405]  <TASK>
[  354.587548][ T9405]  dump_stack_lvl+0x16c/0x1f0
[  354.587573][ T9405]  should_fail_ex+0x512/0x640
[  354.587597][ T9405]  _copy_from_user+0x2e/0xd0
[  354.587621][ T9405]  memdup_user+0x6b/0xe0
[  354.587642][ T9405]  strndup_user+0x78/0xe0
[  354.587662][ T9405]  __x64_sys_mount+0x137/0x310
[  354.587686][ T9405]  ? __pfx___x64_sys_mount+0x10/0x10
[  354.587717][ T9405]  do_syscall_64+0xcd/0x4c0
[  354.587740][ T9405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.587758][ T9405] RIP: 0033:0x7f973218ebe9
[  354.587772][ T9405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.587790][ T9405] RSP: 002b:00007f9732f7e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  354.587808][ T9405] RAX: ffffffffffffffda RBX: 00007f97323c6180 RCX: 00007f973218ebe9
[  354.587819][ T9405] RDX: 00002000000002c0 RSI: 0000200000000280 RDI: 0000200000000100
[  354.587830][ T9405] RBP: 00007f9732f7e090 R08: 0000200000000300 R09: 0000000000000000
[  354.587842][ T9405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.587852][ T9405] R13: 00007f97323c6218 R14: 00007f97323c6180 R15: 00007ffd93c87198
[  354.587877][ T9405]  </TASK>
[  354.775232][ T5917] usb 4-1: config 72 interface 2 has no altsetting 0
[  354.794710][ T5917] usb 4-1: config 72 interface 215 has no altsetting 0
[  354.843567][   T30] audit: type=1400 audit(1756687214.097:721): avc:  denied  { ioctl } for  pid=9400 comm="syz.1.845" path="socket:[24516]" dev="sockfs" ino=24516 ioctlcmd=0x9362 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  354.851219][ T5917] usb 4-1: string descriptor 0 read error: -71
[  354.900832][ T5850] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  355.090952][ T5917] usb 4-1: New USB device found, idVendor=2100, idProduct=9e58, bcdDevice=fd.fb
[  355.127207][ T5850] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.185276][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.208802][ T5850] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.259261][ T5850] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  355.292624][ T5917] usb 4-1: can't set config #72, error -71
[  355.338171][ T5917] usb 4-1: USB disconnect, device number 26
[  355.352049][ T5850] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  355.368766][   T30] audit: type=1400 audit(1756687214.647:722): avc:  denied  { connect } for  pid=9420 comm="syz.3.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  355.408438][ T9423] IPv6: addrconf: prefix option has invalid lifetime
[  355.409939][ T5850] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.481459][ T5850] usb 6-1: config 0 descriptor??
[  356.702463][ T9417] input: syz1 as /devices/virtual/input/input32
[  357.400104][ T5850] usbhid 6-1:0.0: can't add hid device: -71
[  357.413828][ T5850] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  357.523662][ T5850] usb 6-1: USB disconnect, device number 28
[  357.715549][   T30] audit: type=1400 audit(1756687216.977:723): avc:  denied  { ioctl } for  pid=9456 comm="syz.2.856" path="socket:[23375]" dev="sockfs" ino=23375 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  357.747564][ T9468] input: syz0 as /devices/virtual/input/input33
[  357.943275][ T9472] FAULT_INJECTION: forcing a failure.
[  357.943275][ T9472] name failslab, interval 1, probability 0, space 0, times 0
[  357.973730][ T9472] CPU: 0 UID: 0 PID: 9472 Comm: syz.3.858 Not tainted syzkaller #0 PREEMPT(full) 
[  357.973746][ T9472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  357.973753][ T9472] Call Trace:
[  357.973758][ T9472]  <TASK>
[  357.973762][ T9472]  dump_stack_lvl+0x16c/0x1f0
[  357.973779][ T9472]  should_fail_ex+0x512/0x640
[  357.973792][ T9472]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  357.973806][ T9472]  should_failslab+0xc2/0x120
[  357.973819][ T9472]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  357.973831][ T9472]  ? __alloc_skb+0x2b2/0x380
[  357.973843][ T9472]  ? avc_has_perm+0x144/0x1f0
[  357.973855][ T9472]  __alloc_skb+0x2b2/0x380
[  357.973866][ T9472]  ? __pfx___alloc_skb+0x10/0x10
[  357.973876][ T9472]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  357.973891][ T9472]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  357.973910][ T9472]  netlink_alloc_large_skb+0x69/0x130
[  357.973931][ T9472]  netlink_sendmsg+0x6a1/0xdd0
[  357.973946][ T9472]  ? __pfx_netlink_sendmsg+0x10/0x10
[  357.973964][ T9472]  ____sys_sendmsg+0xa98/0xc70
[  357.973980][ T9472]  ? copy_msghdr_from_user+0x10a/0x160
[  357.973993][ T9472]  ? __pfx_____sys_sendmsg+0x10/0x10
[  357.974014][ T9472]  ___sys_sendmsg+0x134/0x1d0
[  357.974027][ T9472]  ? __pfx____sys_sendmsg+0x10/0x10
[  357.974055][ T9472]  __sys_sendmsg+0x16d/0x220
[  357.974067][ T9472]  ? __pfx___sys_sendmsg+0x10/0x10
[  357.974088][ T9472]  do_syscall_64+0xcd/0x4c0
[  357.974102][ T9472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.974113][ T9472] RIP: 0033:0x7f0f2b38ebe9
[  357.974123][ T9472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.974134][ T9472] RSP: 002b:00007f0f2c204038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  357.974145][ T9472] RAX: ffffffffffffffda RBX: 00007f0f2b5c5fa0 RCX: 00007f0f2b38ebe9
[  357.974152][ T9472] RDX: 0000000000000004 RSI: 0000200000000300 RDI: 0000000000000004
[  357.974159][ T9472] RBP: 00007f0f2c204090 R08: 0000000000000000 R09: 0000000000000000
[  357.974166][ T9472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.974172][ T9472] R13: 00007f0f2b5c6038 R14: 00007f0f2b5c5fa0 R15: 00007fffa5c604c8
[  357.974186][ T9472]  </TASK>
[  359.424603][ T9487] netlink: 'syz.1.865': attribute type 1 has an invalid length.
[  359.572396][ T9495] FAULT_INJECTION: forcing a failure.
[  359.572396][ T9495] name failslab, interval 1, probability 0, space 0, times 0
[  359.845029][ T9495] CPU: 1 UID: 0 PID: 9495 Comm: syz.1.865 Not tainted syzkaller #0 PREEMPT(full) 
[  359.845055][ T9495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  359.845065][ T9495] Call Trace:
[  359.845071][ T9495]  <TASK>
[  359.845079][ T9495]  dump_stack_lvl+0x16c/0x1f0
[  359.845103][ T9495]  should_fail_ex+0x512/0x640
[  359.845123][ T9495]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  359.845146][ T9495]  should_failslab+0xc2/0x120
[  359.845174][ T9495]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  359.845192][ T9495]  ? __alloc_skb+0x2b2/0x380
[  359.845214][ T9495]  __alloc_skb+0x2b2/0x380
[  359.845232][ T9495]  ? __pfx___alloc_skb+0x10/0x10
[  359.845252][ T9495]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  359.845278][ T9495]  netlink_alloc_large_skb+0x69/0x130
[  359.845300][ T9495]  netlink_sendmsg+0x6a1/0xdd0
[  359.845325][ T9495]  ? __pfx_netlink_sendmsg+0x10/0x10
[  359.845347][ T9495]  ? ____sys_sendmsg+0x871/0xc70
[  359.845374][ T9495]  ____sys_sendmsg+0xa98/0xc70
[  359.845398][ T9495]  ? copy_msghdr_from_user+0x10a/0x160
[  359.845418][ T9495]  ? __pfx_____sys_sendmsg+0x10/0x10
[  359.845445][ T9495]  ? rcu_is_watching+0x12/0xc0
[  359.845467][ T9495]  ? finish_task_switch.isra.0+0x221/0xc10
[  359.845489][ T9495]  ? lockdep_hardirqs_on+0x7c/0x110
[  359.845512][ T9495]  ___sys_sendmsg+0x134/0x1d0
[  359.845534][ T9495]  ? __pfx____sys_sendmsg+0x10/0x10
[  359.845580][ T9495]  __sys_sendmsg+0x16d/0x220
[  359.845600][ T9495]  ? __pfx___sys_sendmsg+0x10/0x10
[  359.845618][ T9495]  ? fput+0x88/0xd0
[  359.845651][ T9495]  do_syscall_64+0xcd/0x4c0
[  359.845672][ T9495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.845689][ T9495] RIP: 0033:0x7fa5b138ebe9
[  359.845704][ T9495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.845718][ T9495] RSP: 002b:00007fa5b214c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  359.845730][ T9495] RAX: ffffffffffffffda RBX: 00007fa5b15c6180 RCX: 00007fa5b138ebe9
[  359.845737][ T9495] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000005
[  359.845744][ T9495] RBP: 00007fa5b214c090 R08: 0000000000000000 R09: 0000000000000000
[  359.845751][ T9495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.845757][ T9495] R13: 00007fa5b15c6218 R14: 00007fa5b15c6180 R15: 00007fff27ac7788
[  359.845771][ T9495]  </TASK>
[  360.080910][    C1] vkms_vblank_simulate: vblank timer overrun
[  360.102368][ T5917] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  360.144569][ T9487] 8021q: adding VLAN 0 to HW filter on device bond1
[  360.207856][ T9492] bond1: (slave geneve2): making interface the new active one
[  360.220006][ T9492] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  360.310694][ T5917] usb 3-1: Using ep0 maxpacket: 16
[  360.319739][ T5917] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  360.328818][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.336896][ T5917] usb 3-1: Product: syz
[  360.341061][ T5917] usb 3-1: Manufacturer: syz
[  360.345622][ T5917] usb 3-1: SerialNumber: syz
[  360.352756][ T5917] usb 3-1: config 0 descriptor??
[  360.359417][ T5917] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  360.570624][ T5917] gp8psk: usb in 128 operation failed.
[  360.594298][ T5917] gp8psk: usb in 137 operation failed.
[  360.734610][ T9507] netlink: 52 bytes leftover after parsing attributes in process `syz.1.867'.
[  361.024663][ T5850] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  361.038837][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  361.049907][ T5917] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  361.059211][ T5917] usb 3-1: media controller created
[  361.094721][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  361.180288][ T5850] usb 5-1: Using ep0 maxpacket: 16
[  361.374985][ T5850] usb 5-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  361.403433][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.414606][ T5917] gp8psk_fe: Frontend revision 1 attached
[  361.522119][ T5850] usb 5-1: Product: syz
[  361.530614][ T5917] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  361.540553][ T5850] usb 5-1: Manufacturer: syz
[  361.554431][ T5917] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  361.571659][ T5850] usb 5-1: SerialNumber: syz
[  361.590849][ T5850] usb 5-1: config 0 descriptor??
[  361.620136][ T5850] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  361.900792][ T5850] gp8psk: usb in 128 operation failed.
[  361.909932][ T5917] gp8psk: usb in 137 operation failed.
[  361.917618][ T5917] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  361.938048][ T5917] gp8psk: found Genpix USB device pID = 201 (hex)
[  361.947463][ T5850] gp8psk: usb in 137 operation failed.
[  361.955213][ T5850] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  361.989017][ T5850] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  362.014757][ T5917] usb 3-1: USB disconnect, device number 31
[  362.017107][ T5903] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  362.046234][ T9523] input: syz1 as /devices/virtual/input/input34
[  362.129694][ T5850] usb 5-1: media controller created
[  362.282077][ T5903] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  362.292563][ T5903] usb 2-1: config 0 has no interfaces?
[  362.298018][ T5903] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  362.309940][ T5903] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.339673][ T5903] usb 2-1: config 0 descriptor??
[  362.358575][ T5850] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  362.392872][   T30] audit: type=1400 audit(1756687221.677:724): avc:  denied  { read write } for  pid=9526 comm="syz.5.872" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  362.398279][ T5917] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  362.426654][ T5850] gp8psk_fe: Frontend revision 1 attached
[  362.443233][ T5850] usb 5-1: DVB: registering adapter 2 frontend 0 (Genpix DVB-S)...
[  362.457602][ T5850] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  362.466312][   T30] audit: type=1400 audit(1756687221.677:725): avc:  denied  { open } for  pid=9526 comm="syz.5.872" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  362.516912][   T30] audit: type=1400 audit(1756687221.707:726): avc:  denied  { ioctl } for  pid=9526 comm="syz.5.872" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  362.580121][ T9519] loop2: detected capacity change from 0 to 7
[  362.592105][    C0] blk_print_req_error: 25 callbacks suppressed
[  362.592122][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.607399][    C0] buffer_io_error: 274 callbacks suppressed
[  362.607408][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.625332][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.634489][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.645395][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.654559][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.747085][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.756273][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.772273][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.772303][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.781748][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.781777][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.782357][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.782378][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.782459][ T9519] ldm_validate_partition_table(): Disk read failed.
[  362.782565][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.782579][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.782812][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.782825][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.790961][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  362.790977][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  362.792317][ T9519] Dev loop2: unable to read RDB block 0
[  362.792928][ T9519]  loop2: unable to read partition table
[  362.793038][ T9519] loop2: partition table beyond EOD, truncated
[  362.793056][ T9519] loop_reread_partitions: partition scan of loop2 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  364.387743][ T5850] gp8psk: usb in 137 operation failed.
[  364.403686][ T5850] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  364.406624][ T5222] ldm_validate_partition_table(): Disk read failed.
[  364.459465][ T5222] Dev loop2: unable to read RDB block 0
[  364.487812][ T5222]  loop2: unable to read partition table
[  364.489811][ T5850] gp8psk: found Genpix USB device pID = 201 (hex)
[  364.526723][ T5222] loop2: partition table beyond EOD, truncated
[  364.536512][ T5850] usb 5-1: USB disconnect, device number 30
[  365.243602][ T5850] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  365.690841][ T9562] netlink: 5 bytes leftover after parsing attributes in process `syz.4.877'.
[  365.699864][ T9562] 0ªX¹¦D: renamed from macvtap0 (while UP)
[  365.782101][ T9565] FAULT_INJECTION: forcing a failure.
[  365.782101][ T9565] name failslab, interval 1, probability 0, space 0, times 0
[  365.806872][ T9562] 0ªX¹¦D: entered allmulticast mode
[  365.849113][ T9562] veth0_macvtap: entered allmulticast mode
[  365.872299][ T9565] CPU: 1 UID: 0 PID: 9565 Comm: syz.5.880 Not tainted syzkaller #0 PREEMPT(full) 
[  365.872316][ T9565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  365.872322][ T9565] Call Trace:
[  365.872326][ T9565]  <TASK>
[  365.872331][ T9565]  dump_stack_lvl+0x16c/0x1f0
[  365.872348][ T9565]  should_fail_ex+0x512/0x640
[  365.872360][ T9565]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  365.872374][ T9565]  should_failslab+0xc2/0x120
[  365.872387][ T9565]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  365.872399][ T9565]  ? __alloc_skb+0x2b2/0x380
[  365.872413][ T9565]  __alloc_skb+0x2b2/0x380
[  365.872423][ T9565]  ? __pfx___alloc_skb+0x10/0x10
[  365.872436][ T9565]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  365.872452][ T9565]  netlink_alloc_large_skb+0x69/0x130
[  365.872466][ T9565]  netlink_sendmsg+0x6a1/0xdd0
[  365.872481][ T9565]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.872499][ T9565]  ____sys_sendmsg+0xa98/0xc70
[  365.872515][ T9565]  ? copy_msghdr_from_user+0x10a/0x160
[  365.872527][ T9565]  ? __pfx_____sys_sendmsg+0x10/0x10
[  365.872548][ T9565]  ___sys_sendmsg+0x134/0x1d0
[  365.872561][ T9565]  ? __pfx____sys_sendmsg+0x10/0x10
[  365.872589][ T9565]  __sys_sendmsg+0x16d/0x220
[  365.872601][ T9565]  ? __pfx___sys_sendmsg+0x10/0x10
[  365.872622][ T9565]  do_syscall_64+0xcd/0x4c0
[  365.872636][ T9565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.872647][ T9565] RIP: 0033:0x7f8c8f78ebe9
[  365.872656][ T9565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.872667][ T9565] RSP: 002b:00007f8c906d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.872678][ T9565] RAX: ffffffffffffffda RBX: 00007f8c8f9c5fa0 RCX: 00007f8c8f78ebe9
[  365.872685][ T9565] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  365.872691][ T9565] RBP: 00007f8c906d6090 R08: 0000000000000000 R09: 0000000000000000
[  365.872709][ T9565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.872716][ T9565] R13: 00007f8c8f9c6038 R14: 00007f8c8f9c5fa0 R15: 00007ffcc7e08268
[  365.872729][ T9565]  </TASK>
[  366.078866][    C1] vkms_vblank_simulate: vblank timer overrun
[  366.095128][   T30] audit: type=1400 audit(1756687225.137:727): avc:  denied  { read } for  pid=9540 comm="syz.2.874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  366.152602][ T9562] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  366.757662][ T5222] ldm_validate_partition_table(): Disk read failed.
[  366.771761][ T5222] Dev loop2: unable to read RDB block 0
[  366.777704][ T5222]  loop2: unable to read partition table
[  366.793932][ T5222] loop2: partition table beyond EOD, truncated
[  366.825002][ T5917] usb 2-1: USB disconnect, device number 30
[  367.403603][ T9582] loop6: detected capacity change from 0 to 524288000
[  367.411529][ T9582] ldm_validate_partition_table(): Disk read failed.
[  367.437886][ T9582] Dev loop6: unable to read RDB block 0
[  367.531712][ T9582]  loop6: unable to read partition table
[  367.537682][   T30] audit: type=1400 audit(1756687226.807:728): avc:  denied  { ioctl } for  pid=9579 comm="syz.1.884" path="socket:[25722]" dev="sockfs" ino=25722 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  367.663907][ T9582] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜C) failed (rc=-5)
[  367.721784][ T9589] FAULT_INJECTION: forcing a failure.
[  367.721784][ T9589] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.735963][ T9589] CPU: 0 UID: 0 PID: 9589 Comm: syz.4.885 Not tainted syzkaller #0 PREEMPT(full) 
[  367.735978][ T9589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  367.735985][ T9589] Call Trace:
[  367.735989][ T9589]  <TASK>
[  367.735994][ T9589]  dump_stack_lvl+0x16c/0x1f0
[  367.736011][ T9589]  should_fail_ex+0x512/0x640
[  367.736025][ T9589]  _copy_from_user+0x2e/0xd0
[  367.736041][ T9589]  kstrtouint_from_user+0xd6/0x1d0
[  367.736051][ T9589]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  367.736063][ T9589]  ? __lock_acquire+0xb97/0x1ce0
[  367.736087][ T9589]  proc_fail_nth_write+0x83/0x220
[  367.736102][ T9589]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  367.736118][ T9589]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  367.736130][ T9589]  vfs_write+0x29d/0x11d0
[  367.736145][ T9589]  ? __pfx___mutex_lock+0x10/0x10
[  367.736158][ T9589]  ? __pfx_vfs_write+0x10/0x10
[  367.736173][ T9589]  ? __fget_files+0x20e/0x3c0
[  367.736190][ T9589]  ksys_write+0x12a/0x250
[  367.736201][ T9589]  ? __pfx_ksys_write+0x10/0x10
[  367.736216][ T9589]  do_syscall_64+0xcd/0x4c0
[  367.736230][ T9589]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.736241][ T9589] RIP: 0033:0x7fdb9f18d69f
[  367.736251][ T9589] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  367.736263][ T9589] RSP: 002b:00007fdb9ff6b030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  367.736273][ T9589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb9f18d69f
[  367.736280][ T9589] RDX: 0000000000000001 RSI: 00007fdb9ff6b0a0 RDI: 0000000000000006
[  367.736287][ T9589] RBP: 00007fdb9ff6b090 R08: 0000000000000000 R09: 0000000000000000
[  367.736293][ T9589] R10: 0000000000000016 R11: 0000000000000293 R12: 0000000000000001
[  367.736299][ T9589] R13: 00007fdb9f3c6128 R14: 00007fdb9f3c6090 R15: 00007fff54266638
[  367.736314][ T9589]  </TASK>
[  367.943784][ T9585] loop6: detected capacity change from 524288000 to 0
[  368.309878][ T9601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.889'.
[  369.485063][ T5903] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  371.356695][ T5903] usb 4-1: Using ep0 maxpacket: 32
[  371.380797][    T9] usb 6-1: new low-speed USB device number 29 using dummy_hcd
[  371.418792][ T5903] usb 4-1: device descriptor read/all, error -71
[  372.062540][    C0] raw-gadget.1 gadget.5: ignoring, device is not running
[  372.069787][    C0] raw-gadget.1 gadget.5: ignoring, device is not running
[  372.077018][    C0] raw-gadget.1 gadget.5: ignoring, device is not running
[  372.084338][    T9] usb 6-1: device descriptor read/all, error -32
[  372.130433][   T30] audit: type=1326 audit(1756687231.387:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.445548][   T30] audit: type=1326 audit(1756687231.387:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.470699][   T30] audit: type=1326 audit(1756687231.387:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.495163][   T30] audit: type=1326 audit(1756687231.387:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.519370][   T30] audit: type=1326 audit(1756687231.387:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.594396][   T30] audit: type=1326 audit(1756687231.397:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.619928][   T30] audit: type=1326 audit(1756687231.397:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.691007][   T30] audit: type=1326 audit(1756687231.397:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.780288][ T5903] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  372.802733][   T30] audit: type=1326 audit(1756687231.397:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.827537][   T30] audit: type=1326 audit(1756687231.397:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.867671][   T30] audit: type=1326 audit(1756687231.397:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.869716][   T30] audit: type=1326 audit(1756687231.397:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.869747][   T30] audit: type=1326 audit(1756687231.397:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.869771][   T30] audit: type=1326 audit(1756687231.397:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  372.869793][   T30] audit: type=1326 audit(1756687231.397:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9622 comm="syz.2.892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f973218ebe9 code=0x7ffc0000
[  373.039494][    C1] vkms_vblank_simulate: vblank timer overrun
[  373.094368][ T5903] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  373.094387][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.112069][ T5903] usb 4-1: config 0 descriptor??
[  373.319148][ T9637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.375331][ T9637] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.575946][ T9645] netlink: 20 bytes leftover after parsing attributes in process `syz.2.897'.
[  373.643847][ T5903] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  373.655335][ T5903] [drm:udl_init] *ERROR* Selecting channel failed
[  374.017092][ T5903] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  374.026012][ T5903] [drm] Initialized udl on minor 2
[  374.058108][ T5903] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  374.103001][ T5903] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  374.113379][    T9] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  374.134084][    T9] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  374.151808][ T5903] usb 4-1: USB disconnect, device number 28
[  374.566575][ T9660] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  374.980297][   T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  375.651344][   T10] usb 3-1: Using ep0 maxpacket: 16
[  375.767011][   T10] usb 3-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  375.776427][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.794384][   T10] usb 3-1: Product: syz
[  375.798559][   T10] usb 3-1: Manufacturer: syz
[  375.804003][   T10] usb 3-1: SerialNumber: syz
[  376.990994][   T10] usb 3-1: config 0 descriptor??
[  376.999622][   T10] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  377.620394][    T9] usb 5-1: new low-speed USB device number 31 using dummy_hcd
[  377.802149][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  377.848499][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  377.885792][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  377.885809][   T30] audit: type=1400 audit(1756687237.147:763): avc:  denied  { create } for  pid=9679 comm="syz.3.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  377.920825][   T10] gp8psk: usb in 128 operation failed.
[  378.320384][  T976] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  378.392479][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.397902][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  378.403221][ T9687] overlayfs: failed to resolve './file1': -2
[  378.409511][    T9] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  378.424736][   T10] gp8psk: usb in 137 operation failed.
[  378.430167][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  378.439720][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.451695][   T10] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  378.463691][   T30] audit: type=1400 audit(1756687237.207:764): avc:  denied  { sys_admin } for  pid=9679 comm="syz.3.905" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  378.502468][    T9] hub 5-1:1.0: bad descriptor, ignoring hub
[  378.508381][    T9] hub 5-1:1.0: probe with driver hub failed with error -5
[  378.522237][   T10] usb 3-1: media controller created
[  378.535505][ T9701] FAULT_INJECTION: forcing a failure.
[  378.535505][ T9701] name failslab, interval 1, probability 0, space 0, times 0
[  378.543782][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  378.560156][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  378.563765][ T9701] CPU: 1 UID: 0 PID: 9701 Comm: syz.2.909 Not tainted syzkaller #0 PREEMPT(full) 
[  378.563786][ T9701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  378.563795][ T9701] Call Trace:
[  378.563800][ T9701]  <TASK>
[  378.563807][ T9701]  dump_stack_lvl+0x16c/0x1f0
[  378.563828][ T9701]  should_fail_ex+0x512/0x640
[  378.563846][ T9701]  ? __kvmalloc_node_noprof+0x124/0x620
[  378.563864][ T9701]  should_failslab+0xc2/0x120
[  378.563883][ T9701]  __kvmalloc_node_noprof+0x137/0x620
[  378.563897][ T9701]  ? __fget_files+0x20e/0x3c0
[  378.563915][ T9701]  ? __sys_bpf+0x26e6/0x4de0
[  378.563944][ T9701]  ? __sys_bpf+0x26e6/0x4de0
[  378.563963][ T9701]  __sys_bpf+0x26e6/0x4de0
[  378.563986][ T9701]  ? __pfx___sys_bpf+0x10/0x10
[  378.564006][ T9701]  ? ksys_write+0x190/0x250
[  378.564026][ T9701]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  378.564057][ T9701]  ? fput+0x9b/0xd0
[  378.564077][ T9701]  ? ksys_write+0x1ac/0x250
[  378.564093][ T9701]  ? __pfx_ksys_write+0x10/0x10
[  378.564113][ T9701]  __x64_sys_bpf+0x78/0xc0
[  378.564133][ T9701]  ? lockdep_hardirqs_on+0x7c/0x110
[  378.564150][ T9701]  do_syscall_64+0xcd/0x4c0
[  378.564170][ T9701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.564185][ T9701] RIP: 0033:0x7f973218ebe9
[  378.564199][ T9701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.564215][ T9701] RSP: 002b:00007f9732fc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  378.564231][ T9701] RAX: ffffffffffffffda RBX: 00007f97323c5fa0 RCX: 00007f973218ebe9
[  378.564241][ T9701] RDX: 0000000000000020 RSI: 0000200000000540 RDI: 0000000000000004
[  378.564250][ T9701] RBP: 00007f9732fc0090 R08: 0000000000000000 R09: 0000000000000000
[  378.564259][ T9701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  378.564269][ T9701] R13: 00007f97323c6038 R14: 00007f97323c5fa0 R15: 00007ffd93c87198
[  378.564290][ T9701]  </TASK>
[  378.613535][  T976] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  378.615323][    T9] cdc_wdm 5-1:1.0: skipping garbage
[  378.646856][  T976] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  378.670937][    T9] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  378.751256][  T976] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  378.823800][   T10] gp8psk_fe: Frontend revision 1 attached
[  378.860091][   T10] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  378.892529][   T10] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  378.911884][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  378.928244][  T976] usb 2-1: SerialNumber: syz
[  378.954610][   T10] gp8psk: usb in 138 operation failed.
[  378.960142][   T10] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  378.964729][  T976] usb 2-1: 0:2 : does not exist
[  378.977042][   T10] gp8psk: found Genpix USB device pID = 201 (hex)
[  379.000535][   T10] usb 3-1: USB disconnect, device number 32
[  379.120407][ T5903] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  379.162797][   T10] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  379.812016][ T5903] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  379.873149][ T5903] usb 6-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  379.887075][ T5903] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  379.916985][ T5903] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  379.928539][ T5903] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[  379.943784][ T5903] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  379.954198][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  379.970796][ T5903] usb 6-1: Product: syz
[  379.975003][ T5903] usb 6-1: Manufacturer: syz
[  379.989659][ T5903] cdc_wdm 6-1:1.0: skipping garbage
[  379.997002][ T5903] cdc_wdm 6-1:1.0: skipping garbage
[  380.005100][ T5903] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  380.019378][ T5903] cdc_wdm 6-1:1.0: Unknown control protocol
[  380.020196][ T9703] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  380.031368][ T9703] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  380.201463][   T10] usb 5-1: USB disconnect, device number 31
[  380.931105][  T976] usb 2-1: USB disconnect, device number 31
[  380.954570][ T9705] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(13)
[  380.961383][ T9705] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  380.993444][ T6185] udevd[6185]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.037673][ T9728] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  381.076016][ T9732] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  381.108292][ T9705] vhci_hcd vhci_hcd.0: Device attached
[  381.128111][ T9732] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  381.902499][ T9735] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  381.957892][ T6009] vhci_hcd: vhci_device speed not set
[  381.969555][ T9705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.135754][ T9705] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.274651][ T6009] usb 43-1: new full-speed USB device number 2 using vhci_hcd
[  382.310666][ T9705] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  382.396951][ T9728] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  382.456549][ T9705] vhci_hcd vhci_hcd.0: pdev(5) rhport(6) sockfd(30)
[  382.463139][ T9705] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  382.510929][ T9745] FAULT_INJECTION: forcing a failure.
[  382.510929][ T9745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  382.569781][ T9705] vhci_hcd vhci_hcd.0: Device attached
[  382.580847][ T9745] CPU: 0 UID: 0 PID: 9745 Comm: syz.1.917 Not tainted syzkaller #0 PREEMPT(full) 
[  382.580871][ T9745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  382.580880][ T9745] Call Trace:
[  382.580885][ T9745]  <TASK>
[  382.580891][ T9745]  dump_stack_lvl+0x16c/0x1f0
[  382.580911][ T9745]  should_fail_ex+0x512/0x640
[  382.580932][ T9745]  _copy_from_user+0x2e/0xd0
[  382.580951][ T9745]  core_sys_select+0x35b/0xc10
[  382.580972][ T9745]  ? __pfx_core_sys_select+0x10/0x10
[  382.581008][ T9745]  ? set_user_sigmask+0x21b/0x2b0
[  382.581025][ T9745]  ? __pfx_set_user_sigmask+0x10/0x10
[  382.581046][ T9745]  do_pselect.constprop.0+0x19f/0x1e0
[  382.581063][ T9745]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  382.581086][ T9745]  __x64_sys_pselect6+0x182/0x240
[  382.581102][ T9745]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  382.581124][ T9745]  do_syscall_64+0xcd/0x4c0
[  382.581142][ T9745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.581156][ T9745] RIP: 0033:0x7fa5b138ebe9
[  382.581168][ T9745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  382.581183][ T9745] RSP: 002b:00007fa5b216d038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  382.581197][ T9745] RAX: ffffffffffffffda RBX: 00007fa5b15c6090 RCX: 00007fa5b138ebe9
[  382.581206][ T9745] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  382.581215][ T9745] RBP: 00007fa5b216d090 R08: 0000000000000000 R09: 0000000000000000
[  382.581224][ T9745] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  382.581233][ T9745] R13: 00007fa5b15c6128 R14: 00007fa5b15c6090 R15: 00007fff27ac7788
[  382.581253][ T9745]  </TASK>
[  382.760810][ T9726] vhci_hcd: connection reset by peer
[  382.766482][  T976] usb 6-1: USB disconnect, device number 31
[  382.804364][ T2935] vhci_hcd: stop threads
[  382.808683][ T2935] vhci_hcd: release socket
[  382.935444][ T2935] vhci_hcd: disconnect device
[  382.945959][ T9750] FAULT_INJECTION: forcing a failure.
[  382.945959][ T9750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  383.023985][ T9750] CPU: 1 UID: 0 PID: 9750 Comm: syz.4.918 Not tainted syzkaller #0 PREEMPT(full) 
[  383.024002][ T9750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  383.024009][ T9750] Call Trace:
[  383.024013][ T9750]  <TASK>
[  383.024018][ T9750]  dump_stack_lvl+0x16c/0x1f0
[  383.024034][ T9750]  should_fail_ex+0x512/0x640
[  383.024049][ T9750]  _copy_from_user+0x2e/0xd0
[  383.024064][ T9750]  ____sys_sendmsg+0x607/0xc70
[  383.024082][ T9750]  ? __pfx_____sys_sendmsg+0x10/0x10
[  383.024095][ T9750]  ? srso_alias_return_thunk+0x1e5c4/0xfbef5
[  383.024112][ T9750]  ? __pfx__kstrtoull+0x10/0x10
[  383.024125][ T9750]  ___sys_sendmsg+0x134/0x1d0
[  383.024139][ T9750]  ? __pfx____sys_sendmsg+0x10/0x10
[  383.024158][ T9750]  ? find_held_lock+0x2b/0x80
[  383.024180][ T9750]  __sys_sendmmsg+0x200/0x420
[  383.024194][ T9750]  ? __pfx___sys_sendmmsg+0x10/0x10
[  383.024210][ T9750]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  383.024229][ T9750]  ? fput+0x9b/0xd0
[  383.024244][ T9750]  ? ksys_write+0x1ac/0x250
[  383.024255][ T9750]  ? __pfx_ksys_write+0x10/0x10
[  383.024269][ T9750]  __x64_sys_sendmmsg+0x9c/0x100
[  383.024281][ T9750]  ? lockdep_hardirqs_on+0x7c/0x110
[  383.024293][ T9750]  do_syscall_64+0xcd/0x4c0
[  383.024306][ T9750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.024317][ T9750] RIP: 0033:0x7fdb9f18ebe9
[  383.024327][ T9750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.024338][ T9750] RSP: 002b:00007fdb9ff8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  383.024349][ T9750] RAX: ffffffffffffffda RBX: 00007fdb9f3c5fa0 RCX: 00007fdb9f18ebe9
[  383.024357][ T9750] RDX: 0000000000000001 RSI: 0000200000001b00 RDI: 0000000000000004
[  383.024363][ T9750] RBP: 00007fdb9ff8c090 R08: 0000000000000000 R09: 0000000000000000
[  383.024370][ T9750] R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000001
[  383.024377][ T9750] R13: 00007fdb9f3c6038 R14: 00007fdb9f3c5fa0 R15: 00007fff54266638
[  383.024390][ T9750]  </TASK>
[  383.223086][    C1] vkms_vblank_simulate: vblank timer overrun
[  383.467071][ T9755] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  383.496832][ T9754] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  383.539657][   T30] audit: type=1400 audit(1756687242.817:765): avc:  denied  { create } for  pid=9758 comm="syz.2.922" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  383.641464][ T9746] vhci_hcd: connection closed
[  383.641732][   T12] vhci_hcd: stop threads
[  383.682393][   T12] vhci_hcd: release socket
[  383.705746][   T12] vhci_hcd: disconnect device
[  383.758998][ T9759] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=12059 sclass=netlink_xfrm_socket pid=9759 comm=syz.2.922
[  383.771693][   T30] audit: type=1400 audit(1756687243.007:766): avc:  denied  { write } for  pid=9758 comm="syz.2.922" path="socket:[25165]" dev="sockfs" ino=25165 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  383.970405][ T5850] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  384.069235][ T9769] ceph: No mds server is up or the cluster is laggy
[  384.099545][   T30] audit: type=1400 audit(1756687243.377:767): avc:  denied  { getopt } for  pid=9765 comm="syz.2.925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  384.152343][ T5850] usb 6-1: Using ep0 maxpacket: 16
[  384.161191][   T30] audit: type=1400 audit(1756687243.407:768): avc:  denied  { write } for  pid=9772 comm="syz.3.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  384.173257][ T5850] usb 6-1: config index 0 descriptor too short (expected 55844, got 36)
[  384.224836][ T5850] usb 6-1: config 128 has too many interfaces: 245, using maximum allowed: 32
[  384.239669][   T30] audit: type=1400 audit(1756687243.417:769): avc:  denied  { read } for  pid=9772 comm="syz.3.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  384.292596][ T9776] input: syz1 as /devices/virtual/input/input35
[  384.306290][ T5850] usb 6-1: config 128 has an invalid interface number: 251 but max is 244
[  384.350715][ T5850] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  384.350741][ T5850] usb 6-1: config 128 has 1 interface, different from the descriptor's value: 245
[  384.350762][ T5850] usb 6-1: config 128 has no interface number 0
[  384.367640][ T5850] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  384.367668][ T5850] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.367688][ T5850] usb 6-1: Product: syz
[  384.367703][ T5850] usb 6-1: Manufacturer: syz
[  384.367717][ T5850] usb 6-1: SerialNumber: syz
[  384.576092][ T9762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  384.576447][ T9762] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  385.685985][ T9797] 9pnet_fd: Insufficient options for proto=fd
[  385.718545][ T5850] asix 6-1:128.251: probe with driver asix failed with error -22
[  385.737112][ T5850] usb 6-1: USB disconnect, device number 32
[  386.320686][   T30] audit: type=1400 audit(1756687245.587:770): avc:  denied  { mount } for  pid=9763 comm="syz.1.924" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  386.979366][ T9804] FAULT_INJECTION: forcing a failure.
[  386.979366][ T9804] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.992756][ T9804] CPU: 0 UID: 0 PID: 9804 Comm: syz.4.930 Not tainted syzkaller #0 PREEMPT(full) 
[  386.992772][ T9804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  386.992779][ T9804] Call Trace:
[  386.992783][ T9804]  <TASK>
[  386.992787][ T9804]  dump_stack_lvl+0x16c/0x1f0
[  386.992803][ T9804]  should_fail_ex+0x512/0x640
[  386.992818][ T9804]  _copy_to_user+0x32/0xd0
[  386.992834][ T9804]  simple_read_from_buffer+0xcb/0x170
[  386.992846][ T9804]  proc_fail_nth_read+0x197/0x240
[  386.992866][ T9804]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  386.992880][ T9804]  ? rw_verify_area+0xcf/0x6c0
[  386.992896][ T9804]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  386.992909][ T9804]  vfs_read+0x1e1/0xcf0
[  386.992922][ T9804]  ? __pfx___mutex_lock+0x10/0x10
[  386.992935][ T9804]  ? __pfx_vfs_read+0x10/0x10
[  386.992950][ T9804]  ? __fget_files+0x20e/0x3c0
[  386.992970][ T9804]  ksys_read+0x12a/0x250
[  386.992981][ T9804]  ? __pfx_ksys_read+0x10/0x10
[  386.992996][ T9804]  do_syscall_64+0xcd/0x4c0
[  386.993010][ T9804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.993022][ T9804] RIP: 0033:0x7fdb9f18d5fc
[  386.993031][ T9804] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  386.993042][ T9804] RSP: 002b:00007fdb9ff8c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  386.993053][ T9804] RAX: ffffffffffffffda RBX: 00007fdb9f3c5fa0 RCX: 00007fdb9f18d5fc
[  386.993060][ T9804] RDX: 000000000000000f RSI: 00007fdb9ff8c0a0 RDI: 0000000000000008
[  386.993067][ T9804] RBP: 00007fdb9ff8c090 R08: 0000000000000000 R09: 0000000000000000
[  386.993073][ T9804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.993080][ T9804] R13: 00007fdb9f3c6038 R14: 00007fdb9f3c5fa0 R15: 00007fff54266638
[  386.993094][ T9804]  </TASK>
[  387.456497][ T6009] vhci_hcd: vhci_device speed not set
[  388.839696][ T9825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.936'.
[  389.170281][ T6009] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  389.350266][ T6009] usb 5-1: Using ep0 maxpacket: 16
[  389.364853][ T6009] usb 5-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  389.374237][ T6009] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.382626][ T6009] usb 5-1: Product: syz
[  389.386854][ T6009] usb 5-1: Manufacturer: syz
[  389.392011][ T6009] usb 5-1: SerialNumber: syz
[  389.403678][ T6009] usb 5-1: config 0 descriptor??
[  389.412154][ T6009] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  389.625754][ T6009] gp8psk: usb in 128 operation failed.
[  389.631877][ T6009] gp8psk: usb in 137 operation failed.
[  389.637386][ T6009] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  389.659585][ T6009] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  389.686791][ T6009] usb 5-1: media controller created
[  389.709030][ T6009] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  389.813599][ T6009] gp8psk_fe: Frontend revision 1 attached
[  389.827653][ T6009] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  389.985890][    T9] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  390.072154][ T6009] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  390.489407][ T9850] netlink: 'syz.2.943': attribute type 21 has an invalid length.
[  390.497313][ T9850] netlink: 128 bytes leftover after parsing attributes in process `syz.2.943'.
[  390.650900][    T9] usb 6-1: Using ep0 maxpacket: 16
[  390.667769][    T9] usb 6-1: config index 0 descriptor too short (expected 55844, got 36)
[  390.676613][    T9] usb 6-1: config 128 has too many interfaces: 245, using maximum allowed: 32
[  390.686536][ T9850] netlink: 'syz.2.943': attribute type 4 has an invalid length.
[  390.694441][    T9] usb 6-1: config 128 has an invalid interface number: 251 but max is 244
[  390.694463][    T9] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  390.714272][ T9850] netlink: 'syz.2.943': attribute type 3 has an invalid length.
[  390.714290][ T9850] netlink: 3 bytes leftover after parsing attributes in process `syz.2.943'.
[  390.714997][    T9] usb 6-1: config 128 has 1 interface, different from the descriptor's value: 245
[  390.715023][    T9] usb 6-1: config 128 has no interface number 0
[  390.716962][    T9] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  390.834067][ T9852] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  390.834085][ T9852] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  390.843225][ T9852] vhci_hcd vhci_hcd.0: Device attached
[  390.875528][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.875555][    T9] usb 6-1: Product: syz
[  390.875571][    T9] usb 6-1: Manufacturer: syz
[  390.875587][    T9] usb 6-1: SerialNumber: syz
[  390.912321][ T6009] gp8psk: usb in 137 operation failed.
[  390.912339][ T6009] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  390.912352][ T6009] gp8psk: found Genpix USB device pID = 201 (hex)
[  390.919835][ T6009] usb 5-1: USB disconnect, device number 32
[  391.035620][ T6009] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  391.102377][ T9840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  391.102745][ T9840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  391.102751][  T976] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  391.214047][   T30] audit: type=1400 audit(1756687250.497:771): avc:  denied  { create } for  pid=9856 comm="syz.1.944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  391.260905][ T9858] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  391.312550][ T9854] vhci_hcd: connection reset by peer
[  391.333200][   T12] vhci_hcd: stop threads
[  391.337467][   T12] vhci_hcd: release socket
[  391.350827][   T12] vhci_hcd: disconnect device
[  391.394704][    T9] asix 6-1:128.251: probe with driver asix failed with error -22
[  391.419753][    T9] usb 6-1: USB disconnect, device number 33
[  391.744319][ T9877] hub 8-0:1.0: USB hub found
[  391.750119][ T9877] hub 8-0:1.0: 1 port detected
[  392.014982][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805670b800: rx timeout, send abort
[  392.023596][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805670b800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  393.467712][ T9101] Bluetooth: hci5: Frame reassembly failed (-84)
[  393.697967][ T9886] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 2
[  393.943701][ T9899] 9pnet_fd: Insufficient options for proto=fd
[  394.359197][ T9900] input: syz1 as /devices/virtual/input/input36
[  394.826898][ T9904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.955'.
[  395.768096][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  395.850631][ T6009] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  396.200493][  T976] vhci_hcd: vhci_device speed not set
[  396.489542][ T6009] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  396.498890][ T6009] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  396.509391][ T6009] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  396.520375][ T6009] usb 6-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice= e.8c
[  396.529649][ T6009] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.537713][ T6009] usb 6-1: Product: syz
[  396.541970][ T6009] usb 6-1: Manufacturer: syz
[  396.546604][ T6009] usb 6-1: SerialNumber: syz
[  396.580827][ T6009] usb 6-1: config 0 descriptor??
[  396.749419][ T5917] usb 5-1: new low-speed USB device number 33 using dummy_hcd
[  397.132493][ T9936] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65048 sclass=netlink_route_socket pid=9936 comm=syz.5.958
[  398.043544][ T5903] usb 6-1: USB disconnect, device number 34
[  398.130845][ T5917] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  398.265524][ T5917] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  398.291046][ T5917] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  398.331952][ T5917] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  398.347419][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.378888][ T5917] hub 5-1:1.0: bad descriptor, ignoring hub
[  398.407459][ T5917] hub 5-1:1.0: probe with driver hub failed with error -5
[  398.417909][ T5917] cdc_wdm 5-1:1.0: skipping garbage
[  398.490756][    T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  398.688566][    T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  398.709601][    T9] usb 2-1: config 0 has no interface number 0
[  398.732057][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  398.770915][ T5917] cdc_wdm 5-1:1.0: skipping garbage
[  398.776328][ T5917] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  398.794068][    T9] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.864786][    T9] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  398.891730][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.922428][    T9] usb 2-1: config 0 descriptor??
[  399.018195][ T9950] netlink: 'syz.2.967': attribute type 10 has an invalid length.
[  399.073906][ T9950] veth0_vlan: left promiscuous mode
[  399.089750][ T9950] veth0_vlan: entered promiscuous mode
[  399.124228][ T9950] team0: Device veth0_vlan failed to register rx_handler
[  399.200150][   T30] audit: type=1400 audit(1756687258.477:772): avc:  denied  { read } for  pid=9954 comm="syz.5.963" dev="sockfs" ino=25542 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  399.200998][ T9955] 9pnet_fd: Insufficient options for proto=fd
[  399.384346][   T30] audit: type=1400 audit(1756687258.667:773): avc:  denied  { accept } for  pid=9958 comm="syz.3.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  399.456657][    T9] prodikeys 0003:041E:2801.000A: unknown global tag 0xe
[  399.463983][    T9] prodikeys 0003:041E:2801.000A: item 0 1 1 14 parsing failed
[  399.472533][    T9] prodikeys 0003:041E:2801.000A: hid parse failed
[  399.479044][    T9] prodikeys 0003:041E:2801.000A: probe with driver prodikeys failed with error -22
[  399.490842][  T976] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  399.653822][  T976] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  399.679885][  T976] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 3840, setting to 64
[  399.680148][ T9940] cgroup: No subsys list or none specified
[  399.691244][  T976] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  399.691287][  T976] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  399.691308][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.696308][  T976] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  399.784696][ T5917] usb 5-1: USB disconnect, device number 33
[  399.789251][    T9] usb 2-1: USB disconnect, device number 32
[  399.803270][  T976] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -2
[  399.841308][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  399.898983][ T9966] 9pnet_fd: Insufficient options for proto=fd
[  400.035035][ T9973] fuse: Bad value for 'fd'
[  400.064902][  T976] usb 6-1: USB disconnect, device number 35
[  401.196403][   T30] audit: type=1400 audit(1756687260.477:774): avc:  denied  { getopt } for  pid=9983 comm="syz.5.975" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  402.555133][   T30] audit: type=1400 audit(1756687261.837:775): avc:  denied  { mount } for  pid=9991 comm="syz.3.976" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  402.735612][ T9999] loop6: detected capacity change from 0 to 63
[  402.860347][   T30] audit: type=1400 audit(1756687262.037:776): avc:  denied  { execmem } for  pid=9997 comm="syz.4.979" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  402.879474][    C0] vkms_vblank_simulate: vblank timer overrun
[  402.893004][ T9995] buffer_io_error: 61 callbacks suppressed
[  402.893015][ T9995] Buffer I/O error on dev loop6, logical block 1, async page read
[  402.906812][ T9995] Buffer I/O error on dev loop6, logical block 1, async page read
[  402.919231][ T6039] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.929727][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.937840][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.945780][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.953833][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.976564][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.984508][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  402.992634][ T9995] Buffer I/O error on dev loop6, logical block 0, async page read
[  403.278832][T10007] netlink: 24 bytes leftover after parsing attributes in process `syz.3.980'.
[  403.365449][T10009] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  403.648180][T10011] netlink: 28 bytes leftover after parsing attributes in process `syz.2.982'.
[  403.657141][T10011] netlink: 28 bytes leftover after parsing attributes in process `syz.2.982'.
[  403.687251][T10011] batadv0: entered promiscuous mode
[  403.715560][T10011] bond0: entered promiscuous mode
[  403.732741][T10014] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  403.752436][T10011] bond_slave_0: entered promiscuous mode
[  403.776297][T10011] bond_slave_1: entered promiscuous mode
[  403.810307][  T976] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  403.840540][T10011] 8021q: adding VLAN 0 to HW filter on device hsr1
[  404.010419][  T976] usb 6-1: Using ep0 maxpacket: 16
[  404.050026][  T976] usb 6-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  404.081501][  T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.089580][  T976] usb 6-1: Product: syz
[  404.100393][  T976] usb 6-1: Manufacturer: syz
[  404.110144][  T976] usb 6-1: SerialNumber: syz
[  404.131020][  T976] usb 6-1: config 0 descriptor??
[  404.156800][  T976] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  404.808718][  T976] gp8psk: usb in 128 operation failed.
[  404.839165][  T976] gp8psk: usb in 137 operation failed.
[  404.844761][  T976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  404.865526][  T976] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  404.879673][  T976] usb 6-1: media controller created
[  404.941352][  T976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  405.100730][  T976] gp8psk_fe: Frontend revision 1 attached
[  405.117282][  T976] usb 6-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  405.140395][  T976] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  406.082951][  T976] gp8psk: usb in 137 operation failed.
[  406.088435][  T976] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  406.118790][  T976] gp8psk: found Genpix USB device pID = 201 (hex)
[  406.142045][  T976] usb 6-1: USB disconnect, device number 36
[  406.267369][  T976] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  406.350884][ T5903] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  406.532311][ T5903] usb 5-1: too many configurations: 9, using maximum allowed: 8
[  406.544877][T10042] loop6: detected capacity change from 0 to 63
[  406.593627][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  406.645608][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  406.697059][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  406.734812][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  406.797998][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  406.840063][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  406.897552][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  406.948336][T10052] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  406.963232][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  406.985543][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.002007][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  407.013106][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  407.030519][  T976] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  407.032794][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.072936][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  407.083551][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  407.120781][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.133096][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  407.149717][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  407.182775][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.199919][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  407.230500][  T976] usb 6-1: Using ep0 maxpacket: 16
[  407.230778][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  407.272274][  T976] usb 6-1: config index 0 descriptor too short (expected 55844, got 36)
[  407.280491][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.298741][ T5903] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9
[  407.317258][   T30] audit: type=1400 audit(1756687266.597:777): avc:  denied  { read } for  pid=10055 comm="syz.3.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  407.337350][  T976] usb 6-1: config 128 has too many interfaces: 245, using maximum allowed: 32
[  407.349933][ T5903] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  407.353549][  T976] usb 6-1: config 128 has an invalid interface number: 251 but max is 244
[  407.380739][ T5903] usb 5-1: config 0 interface 0 has no altsetting 0
[  407.391931][  T976] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  407.393019][ T5903] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  407.433562][ T5903] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  407.434106][  T976] usb 6-1: config 128 has 1 interface, different from the descriptor's value: 245
[  407.459940][ T5903] usb 5-1: Product: syz
[  407.468230][  T976] usb 6-1: config 128 has no interface number 0
[  407.475841][ T5903] usb 5-1: Manufacturer: syz
[  407.476808][  T976] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  407.481385][ T5903] usb 5-1: SerialNumber: syz
[  407.496025][  T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.504612][  T976] usb 6-1: Product: syz
[  407.508602][ T5903] usb 5-1: config 0 descriptor??
[  407.508770][  T976] usb 6-1: Manufacturer: syz
[  407.518932][  T976] usb 6-1: SerialNumber: syz
[  407.534731][ T5903] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0
[  407.739283][T10049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.748051][T10049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.788619][    C0] usb 5-1: yurex_control_callback - control failed: -71
[  407.802401][ T5903] usb 5-1: USB disconnect, device number 34
[  407.813503][ T5903] yurex 5-1:0.0: USB YUREX #0 now disconnected
[  408.092591][  T976] asix 6-1:128.251: probe with driver asix failed with error -22
[  408.117632][  T976] usb 6-1: USB disconnect, device number 37
[  408.497995][   T30] audit: type=1400 audit(1756687267.777:778): avc:  denied  { create } for  pid=10076 comm="syz.5.1002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  408.674026][   T30] audit: type=1400 audit(1756687267.777:779): avc:  denied  { write } for  pid=10076 comm="syz.5.1002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  408.695270][   T30] audit: type=1400 audit(1756687267.777:780): avc:  denied  { nlmsg_write } for  pid=10076 comm="syz.5.1002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  409.069703][T10080] netlink: 'syz.3.1003': attribute type 10 has an invalid length.
[  409.137731][T10080] team0: left allmulticast mode
[  409.146767][T10080] 8021q: adding VLAN 0 to HW filter on device team0
[  409.155412][T10080] bond0: (slave team0): Enslaving as an active interface with an up link
[  409.287928][T10084] loop6: detected capacity change from 0 to 63
[  409.309575][ T6039] buffer_io_error: 276 callbacks suppressed
[  409.309584][ T6039] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.350141][ T6039] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.360668][ T6039] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.369081][ T6039] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.379449][ T6039] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.398553][T10083] Buffer I/O error on dev loop6, logical block 1, async page read
[  409.400622][T10084] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.406866][T10083] Buffer I/O error on dev loop6, logical block 1, async page read
[  409.414422][T10084] Buffer I/O error on dev loop6, logical block 0, async page read
[  409.493644][T10084] Buffer I/O error on dev loop6, logical block 0, async page read
[  410.860798][T10093] binder: 10091:10093 ioctl c0306201 0 returned -14
[  414.662746][T10144] hub 8-0:1.0: USB hub found
[  414.667500][T10144] hub 8-0:1.0: 1 port detected
[  415.441794][   T30] audit: type=1400 audit(1756687274.717:781): avc:  denied  { setopt } for  pid=10152 comm="syz.2.1021" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  416.006559][T10167] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  416.029260][   T30] audit: type=1400 audit(1756687275.307:782): avc:  denied  { bind } for  pid=10168 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  416.030654][T10169] netlink: 'syz.1.1026': attribute type 1 has an invalid length.
[  416.308496][T10169] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address
[  416.319613][T10169] bond2: (slave vxcan1): Error -95 calling set_mac_address
[  416.328859][   T30] audit: type=1400 audit(1756687275.307:783): avc:  denied  { write } for  pid=10168 comm="syz.1.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  416.359573][T10172] gretap1: entered promiscuous mode
[  416.366442][T10172] bond2: (slave gretap1): making interface the new active one
[  416.377402][T10172] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  416.751997][T10180] netlink: 'syz.2.1030': attribute type 1 has an invalid length.
[  416.767564][T10182] 9pnet_fd: Insufficient options for proto=fd
[  416.835342][T10180] bond1: (slave vxcan1): The slave device specified does not support setting the MAC address
[  416.859904][T10180] bond1: (slave vxcan1): Error -95 calling set_mac_address
[  416.893468][T10189] gretap1: entered promiscuous mode
[  416.903630][T10189] bond1: (slave gretap1): making interface the new active one
[  416.932446][T10189] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  416.967912][T10180] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10180 comm=syz.2.1030
[  418.788348][T10212] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1039'.
[  418.921915][  T976] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[  418.985578][   T30] audit: type=1400 audit(1756687278.267:784): avc:  denied  { setopt } for  pid=10211 comm="syz.2.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  419.461373][T10212] tmpfs: Bad value for 'mpol'
[  419.572982][  T976] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  419.592377][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.622246][  T976] usb 2-1: config 0 descriptor??
[  419.781509][T10221] FAULT_INJECTION: forcing a failure.
[  419.781509][T10221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.820938][T10221] CPU: 0 UID: 0 PID: 10221 Comm: syz.2.1041 Not tainted syzkaller #0 PREEMPT(full) 
[  419.820955][T10221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  419.820962][T10221] Call Trace:
[  419.820966][T10221]  <TASK>
[  419.820971][T10221]  dump_stack_lvl+0x16c/0x1f0
[  419.820990][T10221]  should_fail_ex+0x512/0x640
[  419.821014][T10221]  _copy_from_iter+0x29f/0x1720
[  419.821041][T10221]  ? __pfx__copy_from_iter+0x10/0x10
[  419.821061][T10221]  ? find_held_lock+0x2b/0x80
[  419.821079][T10221]  ? dev_get_by_index+0x17c/0x380
[  419.821095][T10221]  packet_sendmsg+0x1cef/0x5850
[  419.821110][T10221]  ? __lock_acquire+0xb97/0x1ce0
[  419.821130][T10221]  ? sock_has_perm+0x259/0x2f0
[  419.821150][T10221]  ? __pfx_sock_has_perm+0x10/0x10
[  419.821182][T10221]  ? __pfx_packet_sendmsg+0x10/0x10
[  419.821213][T10221]  __sys_sendto+0x4a0/0x520
[  419.821231][T10221]  ? __pfx___sys_sendto+0x10/0x10
[  419.821269][T10221]  ? ksys_write+0x1ac/0x250
[  419.821287][T10221]  ? __pfx_ksys_write+0x10/0x10
[  419.821308][T10221]  __x64_sys_sendto+0xe0/0x1c0
[  419.821325][T10221]  ? do_syscall_64+0x91/0x4c0
[  419.821345][T10221]  ? lockdep_hardirqs_on+0x7c/0x110
[  419.821365][T10221]  do_syscall_64+0xcd/0x4c0
[  419.821387][T10221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.821405][T10221] RIP: 0033:0x7f973218ebe9
[  419.821420][T10221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.821437][T10221] RSP: 002b:00007f9732fc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  419.821455][T10221] RAX: ffffffffffffffda RBX: 00007f97323c5fa0 RCX: 00007f973218ebe9
[  419.821466][T10221] RDX: 000000000000fd35 RSI: 00002000000002c0 RDI: 0000000000000003
[  419.821477][T10221] RBP: 00007f9732fc0090 R08: 0000200000000140 R09: 0000000000000014
[  419.821488][T10221] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  419.821498][T10221] R13: 00007f97323c6038 R14: 00007f97323c5fa0 R15: 00007ffd93c87198
[  419.821522][T10221]  </TASK>
[  419.840913][  T976] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  420.005975][T10224] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0)
[  420.095938][T10223] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1042'.
[  420.272615][T10233] 9pnet_fd: Insufficient options for proto=fd
[  420.410479][ T5917] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  420.534738][T10232] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  420.570470][ T5917] usb 6-1: Using ep0 maxpacket: 8
[  420.577267][ T5917] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  420.606824][T10237] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  420.667031][ T5917] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  420.686173][ T5917] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  420.734026][ T5917] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  420.755630][ T5917] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  420.766082][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.850354][ T6009] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  421.025741][ T6009] usb 5-1: Using ep0 maxpacket: 16
[  421.045390][ T5917] usb 6-1: GET_CAPABILITIES returned 0
[  421.354219][ T5917] usbtmc 6-1:16.0: can't read capabilities
[  421.365493][ T6009] usb 5-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  421.395209][ T5917] usb 6-1: USB disconnect, device number 38
[  421.401257][ T6009] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.425519][ T6009] usb 5-1: Product: syz
[  421.465537][ T6009] usb 5-1: Manufacturer: syz
[  421.470179][ T6009] usb 5-1: SerialNumber: syz
[  421.503789][ T6009] usb 5-1: config 0 descriptor??
[  421.545365][ T6009] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  421.726353][ T6009] gp8psk: usb in 128 operation failed.
[  421.729684][   T30] audit: type=1400 audit(1756687281.007:785): avc:  denied  { map } for  pid=10254 comm="syz.2.1052" path="/dev/video7" dev="devtmpfs" ino=949 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  421.759451][ T6009] gp8psk: usb in 137 operation failed.
[  421.759851][T10255] FAULT_INJECTION: forcing a failure.
[  421.759851][T10255] name failslab, interval 1, probability 0, space 0, times 0
[  421.767857][ T6009] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  421.778264][T10255] CPU: 0 UID: 0 PID: 10255 Comm: syz.2.1052 Not tainted syzkaller #0 PREEMPT(full) 
[  421.778286][T10255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  421.778295][T10255] Call Trace:
[  421.778301][T10255]  <TASK>
[  421.778307][T10255]  dump_stack_lvl+0x16c/0x1f0
[  421.778330][T10255]  should_fail_ex+0x512/0x640
[  421.778347][T10255]  ? fs_reclaim_acquire+0xae/0x150
[  421.778370][T10255]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  421.778393][T10255]  should_failslab+0xc2/0x120
[  421.778411][T10255]  __kmalloc_noprof+0xd2/0x510
[  421.778432][T10255]  tomoyo_realpath_from_path+0xc2/0x6e0
[  421.778457][T10255]  ? tomoyo_profile+0x47/0x60
[  421.778474][T10255]  tomoyo_path_number_perm+0x245/0x580
[  421.778493][T10255]  ? tomoyo_path_number_perm+0x237/0x580
[  421.778514][T10255]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  421.778535][T10255]  ? find_held_lock+0x2b/0x80
[  421.778575][T10255]  ? find_held_lock+0x2b/0x80
[  421.778593][T10255]  ? hook_file_ioctl_common+0x145/0x410
[  421.778614][T10255]  ? __fget_files+0x20e/0x3c0
[  421.778636][T10255]  security_file_ioctl+0x9b/0x240
[  421.778659][T10255]  __x64_sys_ioctl+0xb7/0x210
[  421.778684][T10255]  do_syscall_64+0xcd/0x4c0
[  421.778704][T10255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.778720][T10255] RIP: 0033:0x7f973218ebe9
[  421.778733][T10255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.778748][T10255] RSP: 002b:00007f9732fc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  421.778764][T10255] RAX: ffffffffffffffda RBX: 00007f97323c5fa0 RCX: 00007f973218ebe9
[  421.778774][T10255] RDX: 0000200000000980 RSI: 00000000c0d05605 RDI: 0000000000000003
[  421.778784][T10255] RBP: 00007f9732fc0090 R08: 0000000000000000 R09: 0000000000000000
[  421.778793][T10255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  421.778803][T10255] R13: 00007f97323c6038 R14: 00007f97323c5fa0 R15: 00007ffd93c87198
[  421.778825][T10255]  </TASK>
[  421.778832][T10255] ERROR: Out of memory at tomoyo_realpath_from_path.
[  422.081089][ T6009] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  422.117268][ T6009] usb 5-1: media controller created
[  422.164641][   T30] audit: type=1400 audit(1756687281.437:786): avc:  denied  { ioctl } for  pid=10259 comm="syz.5.1053" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  422.209366][  T976] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  422.326658][ T6009] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  422.347116][  T976] asix 2-1:0.0: probe with driver asix failed with error -71
[  422.367139][  T976] usb 2-1: USB disconnect, device number 33
[  422.400802][ T6009] gp8psk_fe: Frontend revision 1 attached
[  422.428858][ T6009] usb 5-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  422.443463][T10267] FAULT_INJECTION: forcing a failure.
[  422.443463][T10267] name failslab, interval 1, probability 0, space 0, times 0
[  422.451282][ T6009] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  422.514996][T10267] CPU: 0 UID: 0 PID: 10267 Comm: syz.2.1056 Not tainted syzkaller #0 PREEMPT(full) 
[  422.515025][T10267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  422.515035][T10267] Call Trace:
[  422.515042][T10267]  <TASK>
[  422.515050][T10267]  dump_stack_lvl+0x16c/0x1f0
[  422.515075][T10267]  should_fail_ex+0x512/0x640
[  422.515096][T10267]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  422.515116][T10267]  should_failslab+0xc2/0x120
[  422.515142][T10267]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  422.515159][T10267]  ? __alloc_skb+0x2b2/0x380
[  422.515180][T10267]  __alloc_skb+0x2b2/0x380
[  422.515196][T10267]  ? __pfx___alloc_skb+0x10/0x10
[  422.515216][T10267]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  422.515242][T10267]  netlink_alloc_large_skb+0x69/0x130
[  422.515263][T10267]  netlink_sendmsg+0x6a1/0xdd0
[  422.515288][T10267]  ? __pfx_netlink_sendmsg+0x10/0x10
[  422.515316][T10267]  ____sys_sendmsg+0xa98/0xc70
[  422.515340][T10267]  ? copy_msghdr_from_user+0x10a/0x160
[  422.515358][T10267]  ? __pfx_____sys_sendmsg+0x10/0x10
[  422.515392][T10267]  ___sys_sendmsg+0x134/0x1d0
[  422.515412][T10267]  ? __pfx____sys_sendmsg+0x10/0x10
[  422.515458][T10267]  __sys_sendmsg+0x16d/0x220
[  422.515479][T10267]  ? __pfx___sys_sendmsg+0x10/0x10
[  422.515514][T10267]  do_syscall_64+0xcd/0x4c0
[  422.515537][T10267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.515555][T10267] RIP: 0033:0x7f973218ebe9
[  422.515570][T10267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.515589][T10267] RSP: 002b:00007f9732f7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  422.515607][T10267] RAX: ffffffffffffffda RBX: 00007f97323c6180 RCX: 00007f973218ebe9
[  422.515619][T10267] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[  422.515630][T10267] RBP: 00007f9732f7e090 R08: 0000000000000000 R09: 0000000000000000
[  422.515641][T10267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.515652][T10267] R13: 00007f97323c6218 R14: 00007f97323c6180 R15: 00007ffd93c87198
[  422.515676][T10267]  </TASK>
[  422.729576][ T6009] gp8psk: usb in 137 operation failed.
[  422.735088][ T6009] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  423.300297][ T6009] gp8psk: found Genpix USB device pID = 201 (hex)
[  423.391050][ T6009] usb 5-1: USB disconnect, device number 35
[  423.591128][ T6009] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  423.638774][T10269] syz.5.1053 (10269): drop_caches: 2
[  423.754024][T10287] tmpfs: Unknown parameter 'Wsâ‘nŶ'
[  424.220480][ T5976] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  424.366165][   T30] audit: type=1400 audit(1756687283.647:787): avc:  denied  { connect } for  pid=10297 comm="syz.5.1065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  424.510277][ T5976] usb 2-1: Using ep0 maxpacket: 16
[  424.603158][ T5976] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  424.620375][ T6009] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  424.628045][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.646208][ T5976] usb 2-1: Product: syz
[  424.658576][ T5976] usb 2-1: Manufacturer: syz
[  424.672579][ T5976] usb 2-1: SerialNumber: syz
[  424.688307][ T5976] usb 2-1: config 0 descriptor??
[  424.695925][ T5976] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  424.770360][ T6009] usb 5-1: Using ep0 maxpacket: 8
[  424.915962][ T5976] gp8psk: usb in 128 operation failed.
[  424.927811][ T5976] gp8psk: usb in 137 operation failed.
[  424.927829][ T6009] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  424.947946][ T5976] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  424.963312][ T5976] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  424.978419][ T5976] usb 2-1: media controller created
[  425.004606][ T6009] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  425.015281][ T6009] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  425.152566][T10309] hub 8-0:1.0: USB hub found
[  425.157988][T10309] hub 8-0:1.0: 1 port detected
[  426.009263][ T6009] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  426.034310][ T6009] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  426.374440][ T6009] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.496177][ T5976] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  426.599649][ T5976] gp8psk_fe: Frontend revision 1 attached
[  426.606841][ T6009] usb 5-1: GET_CAPABILITIES returned 0
[  426.617239][ T5976] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  426.642184][ T6009] usbtmc 5-1:16.0: can't read capabilities
[  426.690344][ T5976] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  426.819687][ T6009] usb 5-1: USB disconnect, device number 36
[  427.048027][ T5976] gp8psk: usb in 137 operation failed.
[  427.057966][ T5976] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  427.075034][ T5976] gp8psk: found Genpix USB device pID = 201 (hex)
[  427.091445][ T5976] usb 2-1: USB disconnect, device number 34
[  427.184087][T10320] syz_tun: entered allmulticast mode
[  427.458621][T10311] syz_tun: left allmulticast mode
[  427.673407][T10324] 9pnet_fd: Insufficient options for proto=fd
[  427.860888][ T5976] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  427.964501][T10328] FAULT_INJECTION: forcing a failure.
[  427.964501][T10328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.977621][T10328] CPU: 1 UID: 0 PID: 10328 Comm: syz.4.1072 Not tainted syzkaller #0 PREEMPT(full) 
[  427.977645][T10328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  427.977656][T10328] Call Trace:
[  427.977662][T10328]  <TASK>
[  427.977670][T10328]  dump_stack_lvl+0x16c/0x1f0
[  427.977695][T10328]  should_fail_ex+0x512/0x640
[  427.977721][T10328]  _copy_to_user+0x32/0xd0
[  427.977746][T10328]  simple_read_from_buffer+0xcb/0x170
[  427.977768][T10328]  proc_fail_nth_read+0x197/0x240
[  427.977791][T10328]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  427.977814][T10328]  ? rw_verify_area+0xcf/0x6c0
[  427.977841][T10328]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  427.977863][T10328]  vfs_read+0x1e1/0xcf0
[  427.977885][T10328]  ? __pfx___mutex_lock+0x10/0x10
[  427.977906][T10328]  ? __pfx_vfs_read+0x10/0x10
[  427.977932][T10328]  ? __fget_files+0x20e/0x3c0
[  427.977965][T10328]  ksys_read+0x12a/0x250
[  427.977984][T10328]  ? __pfx_ksys_read+0x10/0x10
[  427.978011][T10328]  do_syscall_64+0xcd/0x4c0
[  427.978035][T10328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.978053][T10328] RIP: 0033:0x7fdb9f18d5fc
[  427.978067][T10328] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  427.978084][T10328] RSP: 002b:00007fdb9ff6b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  427.978101][T10328] RAX: ffffffffffffffda RBX: 00007fdb9f3c6090 RCX: 00007fdb9f18d5fc
[  427.978113][T10328] RDX: 000000000000000f RSI: 00007fdb9ff6b0a0 RDI: 0000000000000006
[  427.978124][T10328] RBP: 00007fdb9ff6b090 R08: 0000000000000000 R09: 0000000000000000
[  427.978135][T10328] R10: 0000000000000045 R11: 0000000000000246 R12: 0000000000000001
[  427.978146][T10328] R13: 00007fdb9f3c6128 R14: 00007fdb9f3c6090 R15: 00007fff54266638
[  427.978171][T10328]  </TASK>
[  428.158038][    C1] vkms_vblank_simulate: vblank timer overrun
[  428.339203][   T30] audit: type=1400 audit(1756687287.617:788): avc:  denied  { create } for  pid=10336 comm="syz.2.1076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  428.441346][T10342] hub 8-0:1.0: USB hub found
[  428.446772][T10342] hub 8-0:1.0: 1 port detected
[  430.115881][   T30] audit: type=1400 audit(1756687289.257:789): avc:  denied  { append } for  pid=10344 comm="syz.5.1079" name="001" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  430.138749][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.493042][   T30] audit: type=1400 audit(1756687289.637:790): avc:  denied  { mount } for  pid=10346 comm="syz.4.1080" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  430.932908][   T30] audit: type=1400 audit(1756687289.637:791): avc:  denied  { mounton } for  pid=10346 comm="syz.4.1080" path="/213/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  430.955488][    C1] vkms_vblank_simulate: vblank timer overrun
[  431.141134][T10360] block nbd0: Attempted send on invalid socket
[  431.180344][T10360] blk_print_req_error: 45 callbacks suppressed
[  431.180387][T10360] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  431.586065][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  431.800330][    T9] usb 2-1: Using ep0 maxpacket: 16
[  431.800610][   T30] audit: type=1400 audit(1756687291.087:792): avc:  denied  { unmount } for  pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  431.972401][    T9] usb 2-1: config 0 has an invalid interface number: 94 but max is 1
[  431.980889][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.005752][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  432.032685][    T9] usb 2-1: config 0 has no interface number 0
[  432.280677][    T9] usb 2-1: config 0 interface 94 altsetting 87 endpoint 0x7 has invalid maxpacket 2046, setting to 64
[  432.292390][    T9] usb 2-1: config 0 interface 94 altsetting 87 has a duplicate endpoint with address 0x7, skipping
[  432.342359][    T9] usb 2-1: config 0 interface 94 altsetting 87 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  432.386833][    T9] usb 2-1: config 0 interface 94 altsetting 87 endpoint 0x9 has invalid wMaxPacketSize 0
[  432.398282][    T9] usb 2-1: config 0 interface 94 altsetting 87 has 3 endpoint descriptors, different from the interface descriptor's value: 10
[  432.436766][    T9] usb 2-1: config 0 interface 94 has no altsetting 0
[  432.464236][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0214, bcdDevice=35.14
[  432.473761][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.488490][    T9] usb 2-1: Product: syz
[  432.498630][    T9] usb 2-1: Manufacturer: syz
[  432.528969][    T9] usb 2-1: SerialNumber: syz
[  432.541366][    T9] usb 2-1: config 0 descriptor??
[  432.662035][T10375] 9pnet_fd: Insufficient options for proto=fd
[  432.854026][   T30] audit: type=1400 audit(1756687292.137:793): avc:  denied  { ioctl } for  pid=10364 comm="syz.1.1082" path="socket:[27241]" dev="sockfs" ino=27241 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  433.419961][T10387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1087'.
[  433.660764][   T10] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  433.690654][ T5903] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  433.862451][ T5903] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  433.873965][ T5903] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.886502][   T10] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  433.898602][   T10] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64
[  433.938985][   T10] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 16921, setting to 64
[  433.939148][ T5903] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  433.961193][   T10] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  433.971015][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.979338][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.989354][T10398] netlink: 'syz.3.1093': attribute type 1 has an invalid length.
[  433.992586][ T5903] usb 5-1: Product: syz
[  434.007614][T10386] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  434.012214][ T5903] usb 5-1: Manufacturer: syz
[  434.015073][T10386] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  434.026725][ T5903] usb 5-1: SerialNumber: syz
[  434.080090][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  434.114695][ T5903] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[  434.193691][   T30] audit: type=1400 audit(1756687293.477:794): avc:  denied  { read } for  pid=10401 comm="syz.3.1095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  434.388865][ T6009] usb 3-1: USB disconnect, device number 33
[  434.443559][   T30] audit: type=1400 audit(1756687293.727:795): avc:  denied  { ioctl } for  pid=10388 comm="syz.4.1089" path="socket:[27281]" dev="sockfs" ino=27281 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  434.479302][ T7094] usb 5-1: USB disconnect, device number 37
[  434.837020][    T9] appletouch 2-1:0.94: Could not find int-in endpoint
[  434.848961][    T9] appletouch 2-1:0.94: probe with driver appletouch failed with error -5
[  434.861284][    T9] usbhid 2-1:0.94: couldn't find an input interrupt endpoint
[  434.874729][    T9] usb 2-1: USB disconnect, device number 35
[  435.426476][T10407] 9pnet_fd: Insufficient options for proto=fd
[  436.171264][   T30] audit: type=1400 audit(1756687295.447:796): avc:  denied  { listen } for  pid=10418 comm="syz.5.1101" lport=34139 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  436.217661][T10422] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  436.317491][   T30] audit: type=1400 audit(1756687295.527:797): avc:  denied  { accept } for  pid=10418 comm="syz.5.1101" lport=34139 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  436.386752][T10424] netlink: 'syz.5.1101': attribute type 1 has an invalid length.
[  436.636740][T10424] bond1: entered promiscuous mode
[  436.646236][T10424] 8021q: adding VLAN 0 to HW filter on device bond1
[  436.765522][T10419] 8021q: adding VLAN 0 to HW filter on device bond1
[  436.780090][T10419] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  436.793159][T10419] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  437.073707][T10435] input: syz1 as /devices/virtual/input/input37
[  437.113993][T10419] bond1: (slave vcan1): making interface the new active one
[  437.184893][T10440] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  437.206632][T10419] vcan1: entered promiscuous mode
[  437.218513][T10419] bond1: (slave vcan1): Enslaving as an active interface with an up link
[  437.540355][T10437] bridge_slave_0: left allmulticast mode
[  437.546760][T10437] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.572990][T10437] bridge_slave_1: left allmulticast mode
[  437.578817][T10437] bridge_slave_1: left promiscuous mode
[  437.585571][T10437] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.608727][T10437] bond0: (slave bond_slave_0): Releasing backup interface
[  437.626077][T10437] bond0: (slave bond_slave_1): Releasing backup interface
[  437.662330][T10437] team0: Port device team_slave_0 removed
[  437.711876][T10437] team0: Port device team_slave_1 removed
[  437.722156][T10437] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  437.729673][T10437] batman_adv: batadv0: Removing interface: batadv_slave_0
[  437.760308][ T7094] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  437.836388][T10450] FAULT_INJECTION: forcing a failure.
[  437.836388][T10450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.855732][T10437] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  437.914328][T10450] CPU: 1 UID: 0 PID: 10450 Comm: syz.5.1108 Not tainted syzkaller #0 PREEMPT(full) 
[  437.914353][T10450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  437.914362][T10450] Call Trace:
[  437.914368][T10450]  <TASK>
[  437.914374][T10450]  dump_stack_lvl+0x16c/0x1f0
[  437.914397][T10450]  should_fail_ex+0x512/0x640
[  437.914418][T10450]  _copy_from_user+0x2e/0xd0
[  437.914439][T10450]  hci_sock_ioctl+0x6e0/0x7d0
[  437.914456][T10450]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  437.914477][T10450]  sock_do_ioctl+0x118/0x280
[  437.914500][T10450]  ? __pfx_sock_do_ioctl+0x10/0x10
[  437.914528][T10450]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  437.914555][T10450]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  437.914584][T10450]  sock_ioctl+0x227/0x6b0
[  437.914609][T10450]  ? __pfx_sock_ioctl+0x10/0x10
[  437.914632][T10450]  ? hook_file_ioctl_common+0x145/0x410
[  437.914655][T10450]  ? selinux_file_ioctl+0x180/0x270
[  437.914677][T10450]  ? selinux_file_ioctl+0xb4/0x270
[  437.914702][T10450]  ? __pfx_sock_ioctl+0x10/0x10
[  437.914726][T10450]  __x64_sys_ioctl+0x18b/0x210
[  437.914754][T10450]  do_syscall_64+0xcd/0x4c0
[  437.914776][T10450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.914795][T10450] RIP: 0033:0x7f8c8f78ebe9
[  437.914810][T10450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.914828][T10450] RSP: 002b:00007f8c906d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  437.914845][T10450] RAX: ffffffffffffffda RBX: 00007f8c8f9c5fa0 RCX: 00007f8c8f78ebe9
[  437.914855][T10450] RDX: 0000200000000080 RSI: 00000000400448e7 RDI: 0000000000000004
[  437.914866][T10450] RBP: 00007f8c906d6090 R08: 0000000000000000 R09: 0000000000000000
[  437.914877][T10450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.914888][T10450] R13: 00007f8c8f9c6038 R14: 00007f8c8f9c5fa0 R15: 00007ffcc7e08268
[  437.914913][T10450]  </TASK>
[  438.010668][ T7094] usb 3-1: Using ep0 maxpacket: 16
[  438.120274][T10437] batman_adv: batadv0: Removing interface: batadv_slave_1
[  438.195086][T10437] bond1: (slave geneve2): Releasing active interface
[  438.239329][ T7094] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  438.253226][ T7094] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  438.263918][ T7094] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.274973][ T7094] usb 3-1: config 0 descriptor??
[  438.470875][T10437] bond2: (slave gretap1): Releasing active interface
[  439.000374][ T5903] usb 6-1: new low-speed USB device number 39 using dummy_hcd
[  439.130599][ T5903] usb 6-1: device descriptor read/64, error -71
[  439.166888][ T7094] mcp2221 0003:04D8:00DD.000B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[  439.333051][T10464] 9pnet_fd: Insufficient options for proto=fd
[  439.372396][    C0] ==================================================================
[  439.380470][    C0] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x1070/0x10a0
[  439.388429][    C0] Read of size 1 at addr ffff8880515dbfff by task syz.4.1111/10464
[  439.396296][    C0] 
[  439.398600][    C0] CPU: 0 UID: 0 PID: 10464 Comm: syz.4.1111 Not tainted syzkaller #0 PREEMPT(full) 
[  439.398616][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  439.398623][    C0] Call Trace:
[  439.398628][    C0]  <IRQ>
[  439.398634][    C0]  dump_stack_lvl+0x116/0x1f0
[  439.398650][    C0]  print_report+0xcd/0x630
[  439.398664][    C0]  ? __virt_addr_valid+0x81/0x610
[  439.398680][    C0]  ? __phys_addr+0xe8/0x180
[  439.398695][    C0]  ? mcp2221_raw_event+0x1070/0x10a0
[  439.398711][    C0]  kasan_report+0xe0/0x110
[  439.398723][    C0]  ? mcp2221_raw_event+0x1070/0x10a0
[  439.398738][    C0]  mcp2221_raw_event+0x1070/0x10a0
[  439.398752][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  439.398765][    C0]  __hid_input_report.constprop.0+0x311/0x450
[  439.398776][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[  439.398791][    C0]  hid_irq_in+0x35e/0x870
[  439.398807][    C0]  __usb_hcd_giveback_urb+0x38b/0x610
[  439.398825][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  439.398842][    C0]  dummy_timer+0x1814/0x3a30
[  439.398857][    C0]  ? mark_held_locks+0x49/0x80
[  439.398877][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  439.398888][    C0]  ? __hrtimer_run_queues+0x58e/0xad0
[  439.398901][    C0]  ? __hrtimer_run_queues+0x890/0xad0
[  439.398914][    C0]  ? rcu_is_watching+0xd/0xc0
[  439.398928][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  439.398938][    C0]  __hrtimer_run_queues+0x1ff/0xad0
[  439.398952][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  439.398965][    C0]  ? read_tsc+0x9/0x20
[  439.398980][    C0]  hrtimer_run_softirq+0x17d/0x350
[  439.398994][    C0]  handle_softirqs+0x216/0x8e0
[  439.399009][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  439.399023][    C0]  __irq_exit_rcu+0x109/0x170
[  439.399037][    C0]  irq_exit_rcu+0x9/0x30
[  439.399049][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  439.399061][    C0]  </IRQ>
[  439.399065][    C0]  <TASK>
[  439.399069][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  439.399082][    C0] RIP: 0010:__schedule+0x1198/0x5de0
[  439.399093][    C0] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 83 43 00 00 49 89 5e 10 48 8b bd 10 ff ff ff 48 89 de e8 f0 3d 97 f5 48 89 c7 e8 38 36 f4 f5 <8b> bd 08 ff ff ff e8 ed f5 f3 f5 48 8b b5 90 fe ff ff 48 b8 00 00
[  439.399105][    C0] RSP: 0018:ffffc90004767490 EFLAGS: 00000206
[  439.399114][    C0] RAX: 0000000000002a05 RBX: ffff888032b8a440 RCX: 0000000000000007
[  439.399122][    C0] RDX: 0000000000000000 RSI: ffffffff8de50a40 RDI: ffffffff8c162a00
[  439.399129][    C0] RBP: ffffc90004767648 R08: 0000000000000001 R09: 0000000000000001
[  439.399135][    C0] R10: ffffffff90ab5297 R11: 0000000000000001 R12: 0000000000000000
[  439.399142][    C0] R13: 0000000000000000 R14: ffff8880b843a300 R15: ffff888032b8a440
[  439.399153][    C0]  ? sched_clock+0x38/0x60
[  439.399168][    C0]  ? sched_clock_cpu+0x6c/0x530
[  439.399187][    C0]  ? __pfx___schedule+0x10/0x10
[  439.399197][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  439.399219][    C0]  preempt_schedule_irq+0x51/0x90
[  439.399232][    C0]  irqentry_exit+0x36/0x90
[  439.399244][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  439.399256][    C0] RIP: 0010:its_return_thunk+0x0/0x10
[  439.399274][    C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 db 1e 95 f5 cc
[  439.399286][    C0] RSP: 0018:ffffc90004767720 EFLAGS: 00000246
[  439.399295][    C0] RAX: 0000000000000001 RBX: ffffc90004767888 RCX: ffffc90004768001
[  439.399303][    C0] RDX: ffffc90004767890 RSI: ffffc90004767878 RDI: ffffc900047677f8
[  439.399311][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  439.399319][    C0] R10: 0000000000000001 R11: 00000000000061ee R12: ffffc90004767838
[  439.399327][    C0] R13: ffffc900047677e8 R14: ffffc90004767888 R15: ffffc9000476781c
[  439.399339][    C0]  unwind_next_frame+0x3de/0x20a0
[  439.399352][    C0]  ? arch_stack_walk+0x73/0x100
[  439.399366][    C0]  __unwind_start+0x45f/0x7f0
[  439.399378][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  439.399389][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  439.399405][    C0]  arch_stack_walk+0x73/0x100
[  439.399419][    C0]  ? stack_trace_save+0x8e/0xc0
[  439.399434][    C0]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  439.399451][    C0]  stack_trace_save+0x8e/0xc0
[  439.399465][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  439.399480][    C0]  ? trace_sched_exit_tp+0xd1/0x120
[  439.399492][    C0]  ? __schedule+0x11a3/0x5de0
[  439.399502][    C0]  ? __schedule+0x3fef/0x5de0
[  439.399512][    C0]  kasan_save_stack+0x33/0x60
[  439.399533][    C0]  kasan_save_track+0x14/0x30
[  439.399544][    C0]  __kasan_kmalloc+0xaa/0xb0
[  439.399555][    C0]  __kmalloc_noprof+0x223/0x510
[  439.399567][    C0]  tomoyo_realpath_from_path+0xc2/0x6e0
[  439.399584][    C0]  ? tomoyo_profile+0x47/0x60
[  439.399596][    C0]  tomoyo_path_number_perm+0x245/0x580
[  439.399609][    C0]  ? tomoyo_path_number_perm+0x237/0x580
[  439.399624][    C0]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  439.399640][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  439.399660][    C0]  ? hook_file_ioctl_common+0x145/0x410
[  439.399672][    C0]  ? __rcu_read_unlock+0x2bc/0x550
[  439.399684][    C0]  ? __fget_files+0x20e/0x3c0
[  439.399697][    C0]  security_file_ioctl+0x9b/0x240
[  439.399714][    C0]  __x64_sys_ioctl+0xb7/0x210
[  439.399731][    C0]  do_syscall_64+0xcd/0x4c0
[  439.399744][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.399755][    C0] RIP: 0033:0x7fdb9f18ebe9
[  439.399765][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.399776][    C0] RSP: 002b:00007fdb9ff6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  439.399786][    C0] RAX: ffffffffffffffda RBX: 00007fdb9f3c6090 RCX: 00007fdb9f18ebe9
[  439.399794][    C0] RDX: 0000200000000000 RSI: 00000000c028aa03 RDI: 000000000000000a
[  439.399801][    C0] RBP: 00007fdb9f211e19 R08: 0000000000000000 R09: 0000000000000000
[  439.399808][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  439.399815][    C0] R13: 00007fdb9f3c6128 R14: 00007fdb9f3c6090 R15: 00007fff54266638
[  439.399825][    C0]  </TASK>
[  439.399829][    C0] 
[  439.990473][    C0] Allocated by task 5845:
[  439.994778][    C0]  kasan_save_stack+0x33/0x60
[  439.999438][    C0]  kasan_save_track+0x14/0x30
[  440.004091][    C0]  __kasan_kmalloc+0xaa/0xb0
[  440.008660][    C0]  __kmalloc_node_noprof+0x21e/0x500
[  440.013930][    C0]  alloc_slab_obj_exts+0x41/0xa0
[  440.018859][    C0]  __memcg_slab_post_alloc_hook+0x255/0x960
[  440.024737][    C0]  __kmalloc_noprof+0x3f9/0x510
[  440.029563][    C0]  lsm_blob_alloc+0x68/0x90
[  440.034044][    C0]  security_prepare_creds+0x30/0x270
[  440.039313][    C0]  prepare_creds+0x56f/0x7d0
[  440.043879][    C0]  copy_creds+0xa7/0xa50
[  440.048096][    C0]  copy_process+0xff6/0x7690
[  440.052667][    C0]  kernel_clone+0xfc/0x930
[  440.057065][    C0]  __do_sys_clone+0xce/0x120
[  440.061639][    C0]  do_syscall_64+0xcd/0x4c0
[  440.066121][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.071992][    C0] 
[  440.074290][    C0] The buggy address belongs to the object at ffff8880515dbf00
[  440.074290][    C0]  which belongs to the cache kmalloc-128 of size 128
[  440.088318][    C0] The buggy address is located 127 bytes to the right of
[  440.088318][    C0]  allocated 128-byte region [ffff8880515dbf00, ffff8880515dbf80)
[  440.102958][    C0] 
[  440.105256][    C0] The buggy address belongs to the physical page:
[  440.111638][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x515db
[  440.120371][    C0] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  440.127454][    C0] page_type: f5(slab)
[  440.131415][    C0] raw: 00fff00000000000 ffff88801b841a00 dead000000000100 dead000000000122
[  440.139983][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  440.148540][    C0] page dumped because: kasan: bad access detected
[  440.154922][    C0] page_owner tracks the page as allocated
[  440.160608][    C0] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6352, tgid 6352 (dhcpcd-run-hook), ts 104887827424, free_ts 103822123938
[  440.180297][    C0]  post_alloc_hook+0x1c0/0x230
[  440.185066][    C0]  get_page_from_freelist+0x132b/0x38e0
[  440.190593][    C0]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  440.196471][    C0]  alloc_pages_mpol+0x1fb/0x550
[  440.201310][    C0]  new_slab+0x247/0x330
[  440.205462][    C0]  ___slab_alloc+0xcf2/0x1740
[  440.210129][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[  440.215492][    C0]  __kmalloc_cache_noprof+0xfb/0x3e0
[  440.220766][    C0]  dummy_urb_enqueue+0xa3/0x920
[  440.225596][    C0]  usb_hcd_submit_urb+0x25b/0x1c60
[  440.230691][    C0]  usb_submit_urb+0x890/0x1770
[  440.235430][    C0]  ld_usb_interrupt_in_callback+0x459/0x730
[  440.241301][    C0]  __usb_hcd_giveback_urb+0x38b/0x610
[  440.246656][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  440.251837][    C0]  dummy_timer+0x1814/0x3a30
[  440.256403][    C0]  __hrtimer_run_queues+0x1ff/0xad0
[  440.261582][    C0] page last free pid 6330 tgid 6322 stack trace:
[  440.267883][    C0]  free_unref_folios+0xa61/0x16b0
[  440.272888][    C0]  folios_put_refs+0x56f/0x740
[  440.277641][    C0]  truncate_inode_pages_range+0x311/0xe50
[  440.283342][    C0]  evict+0x78c/0x920
[  440.287223][    C0]  iput+0x521/0x880
[  440.291013][    C0]  dentry_unlink_inode+0x29c/0x480
[  440.296105][    C0]  __dentry_kill+0x1d0/0x600
[  440.300677][    C0]  shrink_dentry_list+0x140/0x5d0
[  440.305684][    C0]  shrink_dcache_parent+0xe1/0x530
[  440.310778][    C0]  shrink_dcache_for_umount+0xa5/0x3e0
[  440.316223][    C0]  generic_shutdown_super+0x6c/0x390
[  440.321494][    C0]  kill_litter_super+0x70/0xa0
[  440.326243][    C0]  deactivate_locked_super+0xc1/0x1a0
[  440.331596][    C0]  deactivate_super+0xde/0x100
[  440.336336][    C0]  cleanup_mnt+0x225/0x450
[  440.340729][    C0]  task_work_run+0x14d/0x240
[  440.345298][    C0] 
[  440.347596][    C0] Memory state around the buggy address:
[  440.353200][    C0]  ffff8880515dbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  440.361236][    C0]  ffff8880515dbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  440.369274][    C0] >ffff8880515dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  440.377308][    C0]                                                                 ^
[  440.385255][    C0]  ffff8880515dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  440.393290][    C0]  ffff8880515dc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  440.401324][    C0] ==================================================================
[  440.409357][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  440.416816][    C0] CPU: 0 UID: 0 PID: 10464 Comm: syz.4.1111 Not tainted syzkaller #0 PREEMPT(full) 
[  440.426166][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  440.436286][    C0] Call Trace:
[  440.439544][    C0]  <IRQ>
[  440.442368][    C0]  dump_stack_lvl+0x3d/0x1f0
[  440.446943][    C0]  vpanic+0x6e8/0x7a0
[  440.450914][    C0]  ? __pfx_vpanic+0x10/0x10
[  440.455410][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  440.460418][    C0]  ? mcp2221_raw_event+0x1070/0x10a0
[  440.465687][    C0]  panic+0xca/0xd0
[  440.469392][    C0]  ? __pfx_panic+0x10/0x10
[  440.473794][    C0]  ? end_report+0x4c/0x170
[  440.478190][    C0]  ? rcu_is_watching+0x12/0xc0
[  440.482952][    C0]  ? lock_release+0x201/0x2f0
[  440.487619][    C0]  check_panic_on_warn+0xab/0xb0
[  440.492534][    C0]  end_report+0x107/0x170
[  440.496843][    C0]  kasan_report+0xee/0x110
[  440.501241][    C0]  ? mcp2221_raw_event+0x1070/0x10a0
[  440.506517][    C0]  mcp2221_raw_event+0x1070/0x10a0
[  440.511610][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  440.517397][    C0]  __hid_input_report.constprop.0+0x311/0x450
[  440.523445][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[  440.528888][    C0]  hid_irq_in+0x35e/0x870
[  440.533207][    C0]  __usb_hcd_giveback_urb+0x38b/0x610
[  440.538573][    C0]  usb_hcd_giveback_urb+0x39b/0x450
[  440.543757][    C0]  dummy_timer+0x1814/0x3a30
[  440.548339][    C0]  ? mark_held_locks+0x49/0x80
[  440.553097][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  440.558026][    C0]  ? __hrtimer_run_queues+0x58e/0xad0
[  440.563381][    C0]  ? __hrtimer_run_queues+0x890/0xad0
[  440.568733][    C0]  ? rcu_is_watching+0xd/0xc0
[  440.573393][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  440.578307][    C0]  __hrtimer_run_queues+0x1ff/0xad0
[  440.583489][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  440.589191][    C0]  ? read_tsc+0x9/0x20
[  440.593255][    C0]  hrtimer_run_softirq+0x17d/0x350
[  440.598348][    C0]  handle_softirqs+0x216/0x8e0
[  440.603095][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  440.608366][    C0]  __irq_exit_rcu+0x109/0x170
[  440.613025][    C0]  irq_exit_rcu+0x9/0x30
[  440.617278][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  440.622893][    C0]  </IRQ>
[  440.625808][    C0]  <TASK>
[  440.628717][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  440.634678][    C0] RIP: 0010:__schedule+0x1198/0x5de0
[  440.639944][    C0] Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 83 43 00 00 49 89 5e 10 48 8b bd 10 ff ff ff 48 89 de e8 f0 3d 97 f5 48 89 c7 e8 38 36 f4 f5 <8b> bd 08 ff ff ff e8 ed f5 f3 f5 48 8b b5 90 fe ff ff 48 b8 00 00
[  440.659537][    C0] RSP: 0018:ffffc90004767490 EFLAGS: 00000206
[  440.665583][    C0] RAX: 0000000000002a05 RBX: ffff888032b8a440 RCX: 0000000000000007
[  440.673535][    C0] RDX: 0000000000000000 RSI: ffffffff8de50a40 RDI: ffffffff8c162a00
[  440.681485][    C0] RBP: ffffc90004767648 R08: 0000000000000001 R09: 0000000000000001
[  440.689432][    C0] R10: ffffffff90ab5297 R11: 0000000000000001 R12: 0000000000000000
[  440.697382][    C0] R13: 0000000000000000 R14: ffff8880b843a300 R15: ffff888032b8a440
[  440.705346][    C0]  ? sched_clock+0x38/0x60
[  440.709758][    C0]  ? sched_clock_cpu+0x6c/0x530
[  440.714602][    C0]  ? __pfx___schedule+0x10/0x10
[  440.719431][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  440.724619][    C0]  preempt_schedule_irq+0x51/0x90
[  440.729627][    C0]  irqentry_exit+0x36/0x90
[  440.734027][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  440.739999][    C0] RIP: 0010:its_return_thunk+0x0/0x10
[  440.745367][    C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 db 1e 95 f5 cc
[  440.764957][    C0] RSP: 0018:ffffc90004767720 EFLAGS: 00000246
[  440.771007][    C0] RAX: 0000000000000001 RBX: ffffc90004767888 RCX: ffffc90004768001
[  440.778955][    C0] RDX: ffffc90004767890 RSI: ffffc90004767878 RDI: ffffc900047677f8
[  440.786904][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  440.794856][    C0] R10: 0000000000000001 R11: 00000000000061ee R12: ffffc90004767838
[  440.802807][    C0] R13: ffffc900047677e8 R14: ffffc90004767888 R15: ffffc9000476781c
[  440.810764][    C0]  unwind_next_frame+0x3de/0x20a0
[  440.815771][    C0]  ? arch_stack_walk+0x73/0x100
[  440.820611][    C0]  __unwind_start+0x45f/0x7f0
[  440.825280][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  440.830460][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  440.836604][    C0]  arch_stack_walk+0x73/0x100
[  440.841269][    C0]  ? stack_trace_save+0x8e/0xc0
[  440.846106][    C0]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  440.851819][    C0]  stack_trace_save+0x8e/0xc0
[  440.856484][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  440.861849][    C0]  ? trace_sched_exit_tp+0xd1/0x120
[  440.867032][    C0]  ? __schedule+0x11a3/0x5de0
[  440.871689][    C0]  ? __schedule+0x3fef/0x5de0
[  440.876345][    C0]  kasan_save_stack+0x33/0x60
[  440.881027][    C0]  kasan_save_track+0x14/0x30
[  440.885684][    C0]  __kasan_kmalloc+0xaa/0xb0
[  440.890254][    C0]  __kmalloc_noprof+0x223/0x510
[  440.895087][    C0]  tomoyo_realpath_from_path+0xc2/0x6e0
[  440.900620][    C0]  ? tomoyo_profile+0x47/0x60
[  440.905277][    C0]  tomoyo_path_number_perm+0x245/0x580
[  440.910718][    C0]  ? tomoyo_path_number_perm+0x237/0x580
[  440.916334][    C0]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  440.922299][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  440.927666][    C0]  ? hook_file_ioctl_common+0x145/0x410
[  440.933196][    C0]  ? __rcu_read_unlock+0x2bc/0x550
[  440.938286][    C0]  ? __fget_files+0x20e/0x3c0
[  440.943033][    C0]  security_file_ioctl+0x9b/0x240
[  440.948043][    C0]  __x64_sys_ioctl+0xb7/0x210
[  440.952706][    C0]  do_syscall_64+0xcd/0x4c0
[  440.957194][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.963066][    C0] RIP: 0033:0x7fdb9f18ebe9
[  440.967461][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.987049][    C0] RSP: 002b:00007fdb9ff6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  440.995441][    C0] RAX: ffffffffffffffda RBX: 00007fdb9f3c6090 RCX: 00007fdb9f18ebe9
[  441.003392][    C0] RDX: 0000200000000000 RSI: 00000000c028aa03 RDI: 000000000000000a
[  441.011347][    C0] RBP: 00007fdb9f211e19 R08: 0000000000000000 R09: 0000000000000000
[  441.019311][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  441.027273][    C0] R13: 00007fdb9f3c6128 R14: 00007fdb9f3c6090 R15: 00007fff54266638
[  441.035236][    C0]  </TASK>
[  441.038434][    C0] Kernel Offset: disabled
[  441.042731][    C0] Rebooting in 86400 seconds..