last executing test programs:

2m43.858057137s ago: executing program 4 (id=827):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000000c0)={&(0x7f00000001c0)=[{0x3e, 0x2800, 0x0, 0x0}, {0x3c, 0x6e10, 0x0, 0x0}], 0x2})

2m40.52343823s ago: executing program 4 (id=836):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x8, &(0x7f0000000000)="a8", 0x1)
getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f0000000180))
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r2 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
socket(0x10, 0x80002, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000000)='\x00', &(0x7f0000000440)="21cb", 0x2)
readv(r1, &(0x7f0000000080)=[{&(0x7f0000000100)=""/161, 0xd8}], 0x1)
tkill(r2, 0xb)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000480)=ANY=[@ANYRES8=r2], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r3}, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000200), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='signal_generate\x00', r4}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r6=>0xffffffffffffffff, {0x1}}, './file0\x00'})
sendmmsg$inet6(r6, &(0x7f0000001280)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0xd, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7ff}, 0x1c, &(0x7f0000000740), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000002900000039000000060002060000000018000000000000002900000036000000b10000000000000024000000000000002900000032000000fe80000000000000000000000000002d", @ANYRES32=0x0, @ANYRESOCT=r6], 0x80}}, {{0x0, 0x25, 0x0}}, {{0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000001040)}], 0x1}}, {{&(0x7f0000001180)={0xa, 0x4e22, 0xfffffbff, @private0, 0x9}, 0x1c, &(0x7f0000001200)=[{&(0x7f0000000380)="e2409384c8b3493cb454966cf1038a873fd6aec121b2037f74759afe06a8610ee80e3dc055d4e5598e2f515cec5aa1a47055", 0x32}, {&(0x7f0000001380)="54a354839e79660d3ec3c2fd3727303efd279295b3c9817103445c8df8c01a837d4494b5bc9b160a56b0c02bbc3fd546f354777f895f6fd7fbca88ce24dd419d0c662e7c96de80361d09426a4faeb552c8d9d071e59331fd86c6a471eb23d08b0428a3941703d4917f0e4bfc8f0fb96567d6ebcfe3501be837aff568b7809c3c9dbce48cfc6e4c98012849b5a50320dead857b8338dba094ab3d521f9fae58828db65f61974beb6034112c3c34bff10c3ffea2f95704c5bba8f026dfab821b4fcd2ed4ae27d28e1207b8917d359578be913b71c25c75fdd8b9c420cc2066e3fcf415436d888749eeb0e50d0ca9ea593c212b2359d01b62c90e80127783cd6c50f3ca1da51d42b72332cf3af7cd07b241e2e31f0b9e710e316385560f9c2979ea22fe3b2580601efa8b0aaf35b9c0939c61cf37cdda5221a2528b0194e72834973c0049a88b5e16a9de3a79db7047be1a886a23294270bf92c5b36f9704a868b35caf77a00bb2e6c640ed7d33be2b74170cb42a6f44041b27ee34a06bcc503aa7f54c547c4547263fcb4f3317cf59e263e05ca2830240fddac0af8ef27e8bd6f4f7bf0007f61dbbca2b8bec00b5c01ad3035d36d8e128a9fe7771bda1a6b810316ff6b7052e30cf5203b587e5db1dc247299e7a3c3ee434769b4889e128b15d683f17ec56f1c32286da0456afd1e1ad1b18a9400a892bbd889160cdf64c3270b92faa963a57785a1f19949324acae84338c4d5d61ee4fdebfe41010579a842600758bc84174e48bb960d9f9db7096d53bbd8e2624b8738967cffebb02d39b4d2c0cef2e06d518ddb0054382950ffb066cd3027a304ecb4ddd7193a9cd7fc4ca5c93ef7762ed056ef7b9f6f16cbe963d1c7dde207be5683fdf875a71fa7753e130b223bf81200530d867c47a94bf43d0c30765235047cd154a1d0dec3f7efed578426093c08d45aa4d89760156cc4efdbb8728bc86ce9a8ea7eefb17f129585432d7d7eeb6e72d24380d31d624779288f3818adfeeb4249986d3a0f125a1bfaabeb675377c648899da79bb273767a3349643dfab989443e3c1353387e36631434467040a741cb568f147836d0df4ee2cc8bdf4653e2b7d5806a134e46152815dab061b60651980cd14555ccfa2920c4783767364820694b0ab2043d5eef0b3045ec3077dd70ac6803252293adc2ef6f41d476fb93c87e88f617efd479c167b4bfa37f0a7977306ef80adab8b76d53106ad40b2fa16d4fb36d27c10058e963881601bb804a1dc0362cae9368f2aba0bf042ffe9f199d341a78264685861bdf4da0cc4510daeae5d77f48596e95d863c185de3668ad5314cd77000f80d06fe35025a6affc9c839b461ce946b2ed61c9d6f61e7014632bb0255136dae9da275b13a7e3fd6072435db6365d506b8c17e84238b1b58f83abc62635a8908aea5c33d982b5643e7a1b5500d0e4c21343ca4810546a19eddec9dc6b4df63052414c6041f9cbf74fa946ffad05cbb281abf7e14c8864a80579f494ef6695dde3ef753f074869a62c95545281b8bb076f3a7d09dcf1c0703120602c84e1193201f870e9faf23c8dda910b5e207a8f61122f34b9aafd747955295e752c5d390bd0226fafb327b3809f46efa5fb597ab76eb75246b733eef41ddbc15656b32c8a43962c50837fd312df0c6b2b1f2acc6e6fd675dc460ae0e3e825b7afc3ae8882e6368215199ab4c5bc877daa0439166f165cc9c3c517f388b7baf317893e9280566a529fdcd2184a7826638ebdbbcd8e7435ce6457542e362264ef24b268173c24636bf53fd65ebae19857f67afecd08a5e7af3c1f9205412cab53c43f7fc0a64135e94f9b3dc1d9054c419c2ffc1103a299ca64ef8a1279e62aeb90980a3fcac4ebc7e29d37e0783fcbc28e32870248416a69b8786b76645fb5e9829e950bf375a59d93a676c172e1cd48e0ee8a8ddda727474a846b5f2a8fa6c16b5661a305f5f9532427ea8ee9c8bfb03aa0bd5da8164dc2928ca37456c18e8829597be5b03806858b9267e6cea6a78ae411370aa0e8314e3a8be979fb5d6f561697ce79414a4399927ffd95e46719d731172c0a16b7ffc041d9d6d383c2d57b393437c1fb82f21b11a40cd0b764056a8df6e3f2531490051c1523993f011d4ac6940ab175c1fcd72d7b1e0cb76844ad257d7b0e5dd915daff61b64201edb036a9d128b67383a2ffb045a9bde64c30fc66ed66c70addc9f4ee1cd38772ec398891c6f56aab46dcc40a1b4eed7f3bcb91e8b3db178d229d9e434b3dcfb4ee7b0aea6383672f374fedade5a84d4fefd16f5704a1d9ab914f31895d626e011c38bcf5f6aa3d1f899f1893d2f90354a4844ba0c1ec3f96e57b385a6c8190ab8f1d1231e36bc4cce29347af845d13a58721ab0d0a72ade7a8a8e0707ddee5c16fb205ab5ea0982cd01ceae9280062df14bbe47273c0ca5963a9f35cca337e253b56bfd28a81e368de1a468775c8cae15f842bc1fc50c20591af52ae81772fbfb3df2089a8c35262399a6c4b2706077154c8bd0e652c9d97bc4401e0c82fe3b93ed5feb15e83da24aaa2d9a017553ef9bce0c7cfd863a91cede642dc926df4260cbfbfaa22bae53b30ac3e5c323b09b9e7db5e4af9ee318f0ea2c1f3d07a09cf1793b20ce780e3cd74d1d9add5508efc50323f4a5a2429a855108f78dba771429c216d8f4325b57c456bb421137fdc543c07c95500366501fb4181b5cbc2a1332067027e37d43481015f33a0b5e2f5f05168afa0d6ff5f4a62702485c2f67e3b3872f856a663c2b0b8e00c96e74f51c78eb896e425ec8e3f5427677f44773af275e6173ae426d6c052b6de1b37491d46e4eb81609fe83a09b6a0bcd32aea2f8c7fe7bd754dd200fa1c173af5067835d6673ec341b0b3743a9377c4f82490f164e0aadf54ccee6de7eb45e681ee5e144ad3060705ed68aa92246ae4b376fae911cf382a0bf7aa6f2c1f08f7e6e97315582b773da69e150df9db35b8537fcb6a1ac72291f255bb53f38be5d04d11ed216203c4b92f87f5deccd34fd13b6417527cbc96dc107310a7ad5b54d0d522898dcd7388985af60a2083464a49c0f49af2c88dc4a9905a6ad1abdecf4bacf4a941ecfec25fc6595f61671e9f927eee8597d47b6c4313243e2e868a501e1a2e00465e0c97c9fcf8801f640ffa695a0955407e004bae898e62fc07ce7cbb4a6857dbdf76b196e91723bdcc3b8b113a9cd7e4ac63f71d74cc54a51cad0e4041303e9fa6be2ae4b7e7fbb9b9a30c87a8c3ec4995886cea11f258d044578e50ed0897601610c52d43259747d191de92a0b55c834fa192d89197c0c188bc7af26a8c41dc4885fb0a165cb9b000db61a7895e0922d9275bf0e669e08737843780df59874cced38431071ee34310479dd6987cf5965037f27617b3621a896fbcffe89093111f5d7456b4841c2d85939e31733316bf9a7d2332bb05db35513f84968c0c0e44da93ec1fa37e8bf9e05ea0c32c170e785970b0cf47473d1cd638f84d77cf6d71f806aab6ad374de673a719d8f9b1af42d28f7a270d22ae0c54cfb42b8cd9e5a98c75c9a0aebfe364e7595022870d098b0c46793fcebd4ba4bf1b7f2bc72d92c8460503a7e4742baf179cc1840337ae79c819a6719b2bbaac6299af937ef825b3c85e1b41100e8098246bcefda5644389e5fc37f01179fc579a886fe9d9f9d2a3683b22f37879c1da8829794e1d54abce5c20437057e86db3cc180666ae0183df8a17eaadb199de2b2abf493fb5704afc2d69b2d8fdf58cdb3e563e1fb4f6814069664f0853705e044ef4447066d38994e04787705e5ee3483c8e9b751ae6487eeb01bad9c0d003c50096f7d8164776291bfd25de655ec27f75c62eedd50938608c1e39e0573d2609f0260a23a19f21da2e8ee2cb29cddefb31d887eefb834f6cc66b27d51d07433142af09851017ccae37412f59fb19919f43a694fd17304ef689ce964f991e2ea2c35ebc8e0a5cb56733b25816dc2292b23977aaebb2138e0c7662f4687aa0a91976609ff369e9d9e75d616cec2d8a64507781211fdfc94198cdb7d3e27f595bd7ad740182305579275a7503019d333410e30718b6aee71899c35a84bf2ec73e2b129351397f8612694611a63baf504800c38f4f984be5cd7a4235e1f75a250d0e75d6d2e22eff2f811adce0a05000000000000000000000000000000007e8f035b1102c8ede4f8618e82f10f20492c6c6e4f976d8fe88063bd6c5a95b247542397d31436097816ae392740355d010cd02320f646f59a7f", 0xbdf}], 0x2, &(0x7f0000000740)=[@rthdr={{0x28, 0x29, 0x39, {0x4, 0x2, 0x1, 0x3, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02']}}}, @dstopts={{0x18, 0x29, 0x37, {0x3c}}}], 0x40}}], 0x4, 0x4800)
connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x3, @remote, 0x3}, 0x1c)
syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x801}, &(0x7f00000003c0), &(0x7f0000000300))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)

2m39.184948765s ago: executing program 4 (id=838):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000300), 0x2000, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000380)={0x18, 0x1, 0x0, 0x0, 0x0, 0x13d})

2m36.821574759s ago: executing program 4 (id=847):
munmap(&(0x7f0000001000/0x1000)=nil, 0x1000)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000001e005da5ac14a945413fe340bc202f6091b7000000020000000007000000207a77eb00a6db7ec8de71977553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'batadv_slave_1\x00', {0x2, 0x480, @loopback}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}})
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
fcntl$getflags(r6, 0x40a)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TIOCGSID(r6, 0x5429, &(0x7f0000000000))
ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000040))
nanosleep(&(0x7f00000000c0)={0x0, 0xfffffffffffffff7}, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x73)
sendmsg$inet(r8, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000340)='+', 0x34000}], 0x1}, 0x900000000000000)

2m34.539340354s ago: executing program 4 (id=851):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = getpid()
setpriority(0x2, r1, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0)
write$sequencer(r5, &(0x7f00000001c0)=[@raw={0xc, 0x2, "edc839543536"}], 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000001fc0)={0x2020}, 0x2020)
r8 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f00000003c0)})
syz_kvm_setup_cpu$x86(r7, r8, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000340)="170f01d10f219ff21f660f0137660f3830d4baf80c66b8d4bd618166efbafc0ced66b9800000c00f326635008000000f30dec7660f5c2d", 0x37}], 0x1, 0xd, &(0x7f0000000240)=[@cstype0={0x4, 0x9}, @dstype3={0x7, 0x6}], 0x2)
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000140)={0x1f, 0x7fd, @none}, 0xe)
r10 = socket$kcm(0xa, 0x5, 0x0)
setsockopt$sock_attach_bpf(r10, 0x29, 0x1a, 0x0, 0x0)
sendmsg$kcm(r10, &(0x7f00000003c0)={&(0x7f0000000040)=@ax25={{0x3, @null, 0x2}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000280)="bb7e6d4c21e1ec35d8e3433aa0fa785c32dac477b524b82da7704119f02ceaacd088543005a20609b5361dc488e77eee6cfbaccece67c23643d5c9605cfeaf6cdc80800f699470eb696ebb144146f29740a3637b0eb4f26f590914435fe63e7c113380196cb218c0e7b67e4d6b33687f936ef3c3773c4e29d46f21d4e8e8e84ee2eb6a561279507b2af6e32d66edd54b3054279cc36bae7561071c9d43f38582b99784a5bddb99194826b5067d7f48d9a1f8c7bd2d445f7cfbdfd810", 0xbc}], 0x2}, 0x40040)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TCSETS(r0, 0x89f2, 0x0)

2m33.625865634s ago: executing program 4 (id=852):
r0 = socket$kcm(0x11, 0x2, 0x0)
r1 = socket$inet(0xa, 0x801, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000001680)=@mangle={'mangle\x00', 0x44, 0x6, 0xc28, 0x98, 0x98, 0x0, 0x228, 0x98, 0xb90, 0xb90, 0xb90, 0xb90, 0xb90, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xac8}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0xe}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28}}, {{@ip={@private, @multicast2, 0x0, 0x0, 'veth0\x00', 'bond0\x00'}, 0x0, 0x878, 0x8a0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@u32={{0x7e0}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xc88)
setsockopt$sock_attach_bpf(r0, 0x107, 0x9, 0x0, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000000)=""/54, 0xfdb6}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r3, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180))
close(r3)
syz_io_uring_setup(0x519e, &(0x7f00000000c0)={0x0, 0x30f8, 0x800, 0x2, 0x1f}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140))
syz_io_uring_setup(0x1725, &(0x7f0000000100)={0x0, 0x1452, 0x800, 0x80400002, 0x2d4}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000240)=0xfffffc04, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x84, 0x0, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x72d6e6ed, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)
syz_io_uring_submit(r4, r6, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x9, 0x4004, @fd_index=0x1, 0xfffffffffffffff8, &(0x7f0000000180)="84f6fb", 0x3, 0x1, 0x1})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

2m18.592600936s ago: executing program 32 (id=852):
r0 = socket$kcm(0x11, 0x2, 0x0)
r1 = socket$inet(0xa, 0x801, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000001680)=@mangle={'mangle\x00', 0x44, 0x6, 0xc28, 0x98, 0x98, 0x0, 0x228, 0x98, 0xb90, 0xb90, 0xb90, 0xb90, 0xb90, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xac8}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@unspec=@devgroup={{0x38}, {0xe}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @ECN={0x28}}, {{@ip={@private, @multicast2, 0x0, 0x0, 'veth0\x00', 'bond0\x00'}, 0x0, 0x878, 0x8a0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@u32={{0x7e0}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xc88)
setsockopt$sock_attach_bpf(r0, 0x107, 0x9, 0x0, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000000)=""/54, 0xfdb6}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r3, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r3, 0x0)
mount$9p_unix(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040), 0x0, &(0x7f0000000180))
close(r3)
syz_io_uring_setup(0x519e, &(0x7f00000000c0)={0x0, 0x30f8, 0x800, 0x2, 0x1f}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140))
syz_io_uring_setup(0x1725, &(0x7f0000000100)={0x0, 0x1452, 0x800, 0x80400002, 0x2d4}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000240)=0xfffffc04, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000180)=@IORING_OP_MKDIRAT={0x25, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x84, 0x0, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x72d6e6ed, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48)
syz_io_uring_submit(r4, r6, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x9, 0x4004, @fd_index=0x1, 0xfffffffffffffff8, &(0x7f0000000180)="84f6fb", 0x3, 0x1, 0x1})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

8.443116289s ago: executing program 2 (id=1391):
r0 = getpid()
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x3, 0x0, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffb}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r4 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmat(r4, &(0x7f0000ffd000/0x1000)=nil, 0x7000)
shmctl$SHM_INFO(r4, 0xe, &(0x7f0000000500)=""/149)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r6 = socket(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0xfd, [0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x2]}})
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
syz_open_procfs$namespace(r0, &(0x7f00000001c0)='ns/cgroup\x00')
connect$inet(0xffffffffffffffff, 0x0, 0x0)

7.347676156s ago: executing program 3 (id=1393):
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$khugepaged_scan(0xffffffffffffff9c, 0x0, 0x1, 0x0)
write$khugepaged_scan(r0, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x2)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$alg(0x26, 0x5, 0x0)
r4 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
r5 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r5, 0x89ef, 0x0)
fsconfig$FSCONFIG_SET_FD(r4, 0x5, 0x0, 0x0, 0xffffffffffffffff)
chdir(&(0x7f0000000540)='./cgroup\x00')
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r6, 0x7fffffff, 0x2)
getdents64(r6, 0x0, 0x0)
close(r4)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f00000000c0))
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r8)

6.754096385s ago: executing program 1 (id=1395):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38}, 0x94)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x400)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
lseek(r4, 0x9, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
timer_delete(0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000380)={0x7, 0x0, 0x8, 0x9, 0x8f, 0x40})
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r6, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200940000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff1100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001011404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57)
r8 = socket$netlink(0x10, 0x3, 0x4)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000240)={'batadv_slave_1\x00', &(0x7f0000000140)=@ethtool_eeprom={0xc, 0x1, 0x9}})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000002c0)={0xe98, 0x8000000, 0x2, 0xffffffffffffffff, 0x8})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.752862652s ago: executing program 2 (id=1396):
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f00000001c0)=ANY=[@ANYBLOB="8704040000000000fc02000000619cc069610000000000000003"], 0x28)
faccessat2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, 0x0, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

6.367175226s ago: executing program 2 (id=1398):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = syz_open_dev$rtc(&(0x7f0000000200), 0x0, 0x400)
fcntl$setstatus(r2, 0x4, 0x2000)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000004200)={0x2020, 0x0, <r4=>0x0}, 0x1542)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0xe0000000, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa}}, 0x50)
r5 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48)
ftruncate(r0, 0xffffffffffffffff)
syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x105)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x0, 0x7fff7ff9}]})
close_range(r6, 0xffffffffffffffff, 0x0)

5.371216469s ago: executing program 3 (id=1400):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@ipmr_delroute={0x1c, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20, 0x80, 0x0, 0x0, 0x3, 0x0, 0x5}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04f20b20"], 0x7)

5.103422204s ago: executing program 3 (id=1401):
syz_open_dev$sndpcmc(&(0x7f0000000140), 0x1, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfffff030}, {0x6}]}, 0x10)
r1 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$CEC_ADAP_S_LOG_ADDRS(r2, 0xc05c6104, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x0, 'syz_tun\x00', 0x4}, 0x18)
gettid()
cachestat(r3, &(0x7f0000000080)={0x2, 0x4}, &(0x7f0000000200), 0x0)
syz_usb_connect$uac1(0x0, 0x90, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7e, 0x3, 0x1, 0x0, 0x10, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@processing_unit={0xa, 0x24, 0x7, 0x0, 0x0, 0x0, "8e781f"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0xfe}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x0, 0x3, 0xf3, 0x0, '\x00\x00\x00\x00\x00\x00'}, @as_header={0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="80000000020605000000000000000000000000000c0640000000000500210006000000340007800800134000001000080008400000801008000b4000000000080017400000000608000640fffffffc080012400000000605000400000000000900020073797a31000000000d0003006861730000000000000200000000000000"], 0x80}}, 0x0)

5.037762274s ago: executing program 2 (id=1402):
dup(0xffffffffffffffff)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_open_dev$dri(0x0, 0x8, 0x2c2080)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB=':syt 00N004093\x00'], 0x2a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
r1 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$read(0xb, r1, 0x0, 0x0)
keyctl$read(0xb, r1, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r2, 0xc1485544, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r3, 0x8b2a, &(0x7f0000000040))
syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000000)={0xfffffc64, 0x0})

4.843513122s ago: executing program 1 (id=1403):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="050000000400000008"], 0x48)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x8000000, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

4.357078326s ago: executing program 0 (id=1404):
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x0, "ae6657f5dd0865151bcb5b0fba5523cb7427b6b5b7fac843b6ff9841e4823715"})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b15, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000040))

4.303543831s ago: executing program 0 (id=1406):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x6ea, 0x7, 0x0, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket(0x40000000015, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab15"], 0x0}, 0x94)
r2 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)}, {&(0x7f0000000440)="63f805d7649496db7295983288a869edc7b7d050139bf7ada33cc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b3178c965c0e0d3333ce2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb0000000000000000", 0x87}, {0x0}, {&(0x7f0000000180)="6fe4dd9eeba3271dc700b581440284", 0xf}], 0x4}, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8004}, 0x0)

4.002473054s ago: executing program 5 (id=1407):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x40000118, 0x0, 0x7}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x486, 0x0, 0x7fffffffffffffff}]})
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000080)={0x3, 0x0, [{0x80000019, 0x3f2e, 0x3, 0x9, 0x61, 0x4, 0xeb3a}, {0x0, 0x6, 0x1, 0x9, 0x0, 0x80000001, 0x4}, {0x7, 0x7, 0x0, 0x7, 0x9, 0xaf, 0xf17}]})
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_INSN(r6, 0x8028640c, &(0x7f0000000040)={0x4000000, 0x92, 0x0, 0x0, 0x4})
r7 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x84281, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r7, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x1, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x4, 0x27ff, 0x2800, 0x2, 0xbb6, 0x1, 0x8, {0x8, 0xffffffff}, 0xe, 0x9}})
mount(&(0x7f00000000c0)=@nullb, 0x0, 0x0, 0x0, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r8)
syz_usb_connect(0x6, 0x24, &(0x7f0000000200)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r8, 0xc0085508, &(0x7f00000000c0)=0x18)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2800001, 0x11, r9, 0x0)
getpid()
r10 = socket$rxrpc(0x21, 0x2, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r12 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r12)
sendmmsg$unix(r11, &(0x7f0000000d40)=[{{&(0x7f0000000080)=@abs={0x1, 0x30, 0x4e21}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000880}}], 0x1, 0x0)
setsockopt$RXRPC_SECURITY_KEYRING(r10, 0x110, 0x2, &(0x7f0000000540)='string\x00\xa2\xb5\xbf4\x04`P\xfb\b}\xd6\xe1\"\xf9\xae\xa4N\x10\x13!\x04\x00\x97\xb6\x94\xc2\x0f8\x997Vg\xa2\xeb\xb4RU|\x99t\xe0N\x1c\xf4-\t\x80?\x10\xf7J\',\xd1Bxq\x16R\xe4\x88\x02\xfd\x81q<5n^.izR*\xcfL\xb7Q\xb8\xf2e\xbb\xd3r>\x86\x14\x963\xc0N\x18\x1cm%\x01w\xba*\xd1\xfa\xf8\xa3\xfabP\xaf\x9a\x0e\x9fjZ\xcaX\xdaV\x88<A\r\xe6\xe5\xb8u\x10Q\x13\xef\xfe>`\xac\xe4\x86(\xfd\x0f\x96\xffd9;\xb5\xdd?\xbcc#\x17\xea\\\xc1\x12\xa2\xdcb\fB\xddk\xb3\x14=T\xcb\xe0\v\xeb\x18!_\xa6\x06\xb5*_^ns\xd7\xfe\xc1t\'\x1bJ4V\rV\xf0\xabP]\x18\x8c\xe3\xb0@\xe0A:', 0xca)

3.903357429s ago: executing program 1 (id=1408):
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe"], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f00000001c0)=ANY=[@ANYBLOB="8704040000000000fc02000000619cc069610000000000000003"], 0x28)
faccessat2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, 0x0, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

3.80738903s ago: executing program 2 (id=1409):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={0x0, &(0x7f00000004c0), 0x0, 0x0, 0x1, 0x1}, 0x28)
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000240)=0xc)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000200)=0x1, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x8c, 0x30, 0x80d, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x800}, @TCA_CT_LABELS_MASK={0x14, 0x8, "37a55358cbfec0e9d412939d8317fcdc"}, @TCA_CT_PARMS={0x18, 0x1, {0x2, 0x8, 0xffffffffffffffff, 0x4, 0x8}}, @TCA_CT_LABELS={0x14, 0x7, "a31a5744c98714e0c10894427408df27"}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x4004885)
sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000001180)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000004c00)=""/102392, 0x18ff8)
socket(0x23, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_route(r2, 0x0, 0x4044004)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000600)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000007c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000680)={0xcc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @ETHTOOL_A_STRSET_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x1, 0x20, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4, 0x400, 0x0, 0x9, 0x4, 0x0, @multicast1, @empty}}}})

3.41951029s ago: executing program 1 (id=1410):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000350000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4318123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000900)={0x0, 0x2, 0x1, [0xffff, 0x10, 0x1, 0x88, 0x5], [0xffffffffffffff63, 0x8, 0xffffffffffffff4a, 0x80000001, 0x10000, 0x9, 0x2d9, 0x4, 0x40000003, 0xc5, 0x8001, 0x9, 0x4, 0x7e, 0x7d, 0x3ae7, 0x8, 0x101, 0x80, 0xffffffffffff8000, 0x3, 0x9, 0x7f, 0x6, 0x1, 0xc, 0x5, 0xff800000000000, 0x401, 0x7fffffff, 0xc333, 0x9, 0x6, 0x8001, 0x1, 0xd5d, 0x8, 0x1, 0x7, 0x5, 0x6cf2, 0x2, 0x9, 0xa, 0x0, 0xffffffff00000001, 0x7fffffffffffffff, 0x2, 0x5, 0x4cc2, 0xfffffffffffffff7, 0x6, 0x0, 0x3a67, 0x7f, 0x1aac, 0xfff, 0xffffffffffffffff, 0x8, 0x3, 0x706, 0x4002, 0x5b4, 0x8, 0xfffffffffffffffb, 0xb, 0xb88a, 0x6, 0x3, 0x6, 0x2, 0x77, 0x8, 0x346, 0x7, 0xfffffffffffffff9, 0x8, 0xffff800000000000, 0x7, 0xc67d, 0x7, 0xffffffffffffff92, 0x100000001, 0x5, 0xe39, 0x3, 0x9, 0x5, 0x8, 0x6, 0x40000000000000, 0x6, 0x684, 0x2, 0x401, 0x5, 0x6fc, 0xc90, 0xfff, 0xfffffffffffffeff, 0x72, 0x3, 0x6, 0x28, 0x3, 0x1, 0x8d45, 0x100000000, 0x3ff, 0xf2, 0x800, 0x8, 0x8, 0x8001, 0x5, 0x9, 0xa, 0x1ff, 0x2, 0x6b, 0x334]})
chdir(&(0x7f0000000140)='./bus\x00')
epoll_create1(0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140))

2.814058437s ago: executing program 0 (id=1411):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000200)={0x2, @vbi={0x9, 0x7, 0x80000000, 0x32314d56, [0x1001, 0x7], [0x9, 0xfff], 0x108}})
socket$unix(0x1, 0x2, 0x0)
socket(0x10, 0x3, 0x0)
r2 = socket$kcm(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x10, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0xa5}, {}, {}, [@ldst={0x0, 0x1, 0x4, 0xa, 0x8, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000004c0)={r5, &(0x7f0000000300), 0x0}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000616000/0x4000)=nil, 0x4000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xa7eb8000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, &(0x7f00000002c0)='cache=no%e')
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000300)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
close(r2)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

2.736895487s ago: executing program 1 (id=1412):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x1}}, './file0\x00'})
syz_open_dev$video(&(0x7f0000000040), 0x9, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001b00)=""/102392, 0x18ff8)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/stat\x00', 0x0, 0x0)
pread64(r3, &(0x7f0000002780)=""/59, 0x3b, 0xf27b)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x80, 0x2, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x2}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x60}, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x10}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x70}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}]}, 0x80}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000080)={0xf0f041})
finit_module(r0, &(0x7f00000000c0)='/dev/nullb0\x00', 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
open(0x0, 0x2002, 0x100)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x8400, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x200040, 0x0, 0x0, 0x0, 0xc49, 0x0, 0x0, 0x0, 0x1}}, 0x50)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xa4c81, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fallocate(r7, 0x10, 0x6, 0x3)
close_range(r4, 0xffffffffffffffff, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x264a0f81f8e75c0a, 0x0)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0x1)

2.489786821s ago: executing program 2 (id=1413):
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
sendfile(r2, r1, &(0x7f00000002c0)=0xb, 0x8)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="180000003c000bab956cb26f8c7d94f90324fc602f000000", 0x18}], 0x1}, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x4)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r5, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @multicast1}}, 0xa, 0x0, 0xdd3, 0x7ff, 0x38fa8b00d923ddd5}, 0x9c)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000001b00000000000000000a140000001100010000000000000000000000000a8fdcb93338dc9309a3b7e87a56ad8b66344d8e80bb55226162c7341c40537e9745856214aa9e4aa530b20bafc4a028d1d928750a45d4f65c9a2db2d24bdbad455e5644416bd404919a8d1062b5c3d7f4968ed212cb16b1a1eb9c832df505cfa76cbfbc787da1485c636cfbddde99ba03beed2f10be08e77f748c6ff2613c3ebac06bc640a25ba6205a601bd61c8498231560612bb9c2e9170966c17eb9c31ab8e155ecfc945a20f57fb75a13a62ad868546d0b74ab8e637c8c487811bd37e72de6"], 0x28}}, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r6, 0x80284504, &(0x7f0000000040)=""/185)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x1bc, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_STAB={0xf4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x61, 0x9, 0x3, 0x1, 0x800, 0x4, 0x4}}, {0xc, 0x2, [0x800, 0x2, 0x4, 0x588f]}}, {{0x1c, 0x1, {0x8, 0x94, 0x3, 0x5, 0x2, 0x5, 0x6, 0x2}}, {0x8, 0x2, [0x5, 0x4]}}, {{0x1c, 0x1, {0xc4, 0x8, 0xc445, 0x7ff, 0x2, 0x5c, 0x9f2, 0x8}}, {0x14, 0x2, [0xabe4, 0xffff, 0x9, 0xfffc, 0x4, 0xbc5a, 0x4, 0x3]}}, {{0x1c, 0x1, {0x3, 0x40, 0xfffe, 0xb, 0x0, 0x400, 0x5a7, 0x1}}, {0x6, 0x2, [0xfffb]}}, {{0x1c, 0x1, {0x1, 0xd, 0x7, 0x100, 0x1, 0x7, 0x8, 0x5}}, {0xe, 0x2, [0x0, 0x369, 0x6, 0x9c, 0xfffb]}}, {{0x1c, 0x1, {0x4a, 0x75, 0x7, 0x1010, 0x0, 0x2, 0x3, 0x2}}, {0x8, 0x2, [0x2, 0xfff]}}]}, @qdisc_kind_options=@q_htb={{0x8}, {0x9c, 0x2, [@TCA_HTB_DIRECT_QLEN={0x8}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8000, 0x1}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fff, 0x2}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x65}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x48, 0x2564227f}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x10001}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x9, 0x4}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1000, 0x99}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x4}]}}]}, 0x1bc}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)

2.319545293s ago: executing program 3 (id=1414):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x21182, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x9, 0x6576, 0x9, 0x0, <r1=>0x0})
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYRES16=r1], 0x88}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x8800)

2.315579217s ago: executing program 5 (id=1415):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @local}, 0x10)
ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000140)) (fail_nth: 2)

2.069572223s ago: executing program 5 (id=1416):
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x0, "ae6657f5dd0865151bcb5b0fba5523cb7427b6b5b7fac843b6ff9841e4823715"})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b15, 0x0)
ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, &(0x7f0000000040))

2.067088376s ago: executing program 1 (id=1417):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000100)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e22, 0x9, @loopback, 0x3}}, 0x24)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r2, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000002200), 0x80002, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0)
r3 = signalfd4(r0, &(0x7f0000000080)={[0xc658]}, 0x8, 0x800)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x2b})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r4, 0x0)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000001c0))
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x40000, &(0x7f0000000080)={&(0x7f0000001440)={0x1c, 0x0, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000)
sendmsg$NL80211_CMD_DEL_TX_TS(r2, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x78, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x401, 0x9}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xf}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x2}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xc}]}, 0x78}}, 0x4004004)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
cachestat(r4, &(0x7f0000000040), 0x0, 0x0)

2.010394003s ago: executing program 3 (id=1418):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000a40)={0xa, 0x4e02, 0x6, @remote, 0x9}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1.945307015s ago: executing program 0 (id=1419):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000001080)='net/sockstat\x00')
preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000002380)=""/169, 0xa9}], 0x1, 0x0, 0x0)

1.919676894s ago: executing program 5 (id=1420):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
creat(&(0x7f0000000000)='./file0\x00', 0x108)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, 0x0)

1.660630227s ago: executing program 3 (id=1421):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0x3}, 0x6)
writev(r3, &(0x7f0000000640)=[{&(0x7f00000003c0)="6c43b3ee", 0x4}], 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6(0xa, 0x1, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x4c}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0)
r7 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$SO_J1939_SEND_PRIO(r7, 0x6b, 0x3, &(0x7f0000000040), 0x0)
socket$inet(0x2, 0x3, 0x1)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000640)=0x10)

893.59795ms ago: executing program 5 (id=1422):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000350000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4318123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000900)={0x0, 0x2, 0x1, [0xffff, 0x10, 0x1, 0x88, 0x5], [0xffffffffffffff63, 0x8, 0xffffffffffffff4a, 0x80000001, 0x10000, 0x9, 0x2d9, 0x4, 0x40000003, 0xc5, 0x8001, 0x9, 0x4, 0x7e, 0x7d, 0x3ae7, 0x8, 0x101, 0x80, 0xffffffffffff8000, 0x3, 0x9, 0x7f, 0x6, 0x1, 0xc, 0x5, 0xff800000000000, 0x401, 0x7fffffff, 0xc333, 0x9, 0x6, 0x8001, 0x1, 0xd5d, 0x8, 0x1, 0x7, 0x5, 0x6cf2, 0x2, 0x9, 0xa, 0x0, 0xffffffff00000001, 0x7fffffffffffffff, 0x2, 0x5, 0x4cc2, 0xfffffffffffffff7, 0x6, 0x0, 0x3a67, 0x7f, 0x1aac, 0xfff, 0xffffffffffffffff, 0x8, 0x3, 0x706, 0x4002, 0x5b4, 0x8, 0xfffffffffffffffb, 0xb, 0xb88a, 0x6, 0x3, 0x6, 0x2, 0x77, 0x8, 0x346, 0x7, 0xfffffffffffffff9, 0x8, 0xffff800000000000, 0x7, 0xc67d, 0x7, 0xffffffffffffff92, 0x100000001, 0x5, 0xe39, 0x3, 0x9, 0x5, 0x8, 0x6, 0x40000000000000, 0x6, 0x684, 0x2, 0x401, 0x5, 0x6fc, 0xc90, 0xfff, 0xfffffffffffffeff, 0x72, 0x3, 0x6, 0x28, 0x3, 0x1, 0x8d45, 0x100000000, 0x3ff, 0xf2, 0x800, 0x8, 0x8, 0x8001, 0x5, 0x9, 0xa, 0x1ff, 0x2, 0x6b, 0x334]})
chdir(&(0x7f0000000140)='./bus\x00')
epoll_create1(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140))

825.58387ms ago: executing program 0 (id=1423):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={0x0, &(0x7f00000004c0), 0x0, 0x0, 0x1, 0x1}, 0x28)
socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00'}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080), &(0x7f0000000240)=0xc)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000200)=0x1, 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x8c, 0x30, 0x80d, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x800}, @TCA_CT_LABELS_MASK={0x14, 0x8, "37a55358cbfec0e9d412939d8317fcdc"}, @TCA_CT_PARMS={0x18, 0x1, {0x2, 0x8, 0xffffffffffffffff, 0x4, 0x8}}, @TCA_CT_LABELS={0x14, 0x7, "a31a5744c98714e0c10894427408df27"}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x4004885)
sendmsg$SEG6_CMD_GET_TUNSRC(r4, &(0x7f0000001180)={&(0x7f0000001040)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000004c00)=""/102392, 0x18ff8)
socket(0x23, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x4)
sendmsg$nl_route(r2, 0x0, 0x4044004)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000600)={'batadv_slave_1\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000007c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000680)={0xcc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x80, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @ETHTOOL_A_STRSET_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x1, 0x20, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x4, 0x400, 0x0, 0x9, 0x4, 0x0, @multicast1, @empty}}}})

149.292808ms ago: executing program 0 (id=1424):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @local}, 0x10)
ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000140))

0s ago: executing program 5 (id=1425):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_BIND_IP(r3, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, 0x0, 0x0)
open$dir(0x0, 0x800, 0x100)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000002080)={0x0, &(0x7f0000002080)})
r4 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300)
poll(&(0x7f00000020c0)=[{r4, 0x9012}], 0x1, 0x0)
read$FUSE(r4, &(0x7f0000000040)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{0x0}], 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000200))
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0xfffffffffffffdfb, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x11}, @NFCTH_TUPLE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0xc0)

kernel console output (not intermixed with test programs):

6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  355.865161][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  355.865172][ T9930] Call Trace:
[  355.865178][ T9930]  <TASK>
[  355.865185][ T9930]  dump_stack_lvl+0x16c/0x1f0
[  355.865217][ T9930]  should_fail_ex+0x512/0x640
[  355.865243][ T9930]  ? fs_reclaim_acquire+0xae/0x150
[  355.865264][ T9930]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  355.865290][ T9930]  should_failslab+0xc2/0x120
[  355.865316][ T9930]  __kmalloc_noprof+0xd2/0x510
[  355.865344][ T9930]  tomoyo_realpath_from_path+0xc2/0x6e0
[  355.865371][ T9930]  ? tomoyo_profile+0x47/0x60
[  355.865400][ T9930]  tomoyo_path_number_perm+0x245/0x580
[  355.865420][ T9930]  ? tomoyo_path_number_perm+0x237/0x580
[  355.865443][ T9930]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  355.865466][ T9930]  ? find_held_lock+0x2b/0x80
[  355.865512][ T9930]  ? find_held_lock+0x2b/0x80
[  355.865533][ T9930]  ? hook_file_ioctl_common+0x145/0x410
[  355.865555][ T9930]  ? __fget_files+0x20e/0x3c0
[  355.865585][ T9930]  security_file_ioctl+0x9b/0x240
[  355.865610][ T9930]  __x64_sys_ioctl+0xb7/0x210
[  355.865632][ T9930]  do_syscall_64+0xcd/0x4c0
[  355.865659][ T9930]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.865677][ T9930] RIP: 0033:0x7f0da1d8e929
[  355.865692][ T9930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.865709][ T9930] RSP: 002b:00007f0da2b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.865726][ T9930] RAX: ffffffffffffffda RBX: 00007f0da1fb5fa0 RCX: 00007f0da1d8e929
[  355.865737][ T9930] RDX: 0000200000000280 RSI: 00000000c0405602 RDI: 0000000000000003
[  355.865748][ T9930] RBP: 00007f0da2b4a090 R08: 0000000000000000 R09: 0000000000000000
[  355.865758][ T9930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.865768][ T9930] R13: 0000000000000000 R14: 00007f0da1fb5fa0 R15: 00007ffff06d7f18
[  355.865798][ T9930]  </TASK>
[  355.865830][ T9930] ERROR: Out of memory at tomoyo_realpath_from_path.
[  356.204695][   T30] audit: type=1400 audit(1752534506.947:508): avc:  denied  { unlink } for  pid=9388 comm="syz-executor" name="file0" dev="tmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  356.208627][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  356.904627][ T1204] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  356.984615][   T30] audit: type=1400 audit(1752534507.677:509): avc:  denied  { read } for  pid=9950 comm="syz.1.1039" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  357.032527][ T9960] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  357.330390][   T30] audit: type=1400 audit(1752534507.677:510): avc:  denied  { open } for  pid=9950 comm="syz.1.1039" path="/216/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  357.455793][ T9958] block device autoloading is deprecated and will be removed.
[  357.767703][ T9967] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1041'.
[  357.776809][ T1204] usb 3-1: Using ep0 maxpacket: 16
[  357.811038][ T9972] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  357.828321][ T1204] usb 3-1: config 0 has an invalid interface number: 53 but max is 0
[  357.864076][ T1204] usb 3-1: config 0 has no interface number 0
[  357.907270][ T1204] usb 3-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2
[  357.924670][ T1204] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.932890][ T1204] usb 3-1: Product: syz
[  357.944625][ T1204] usb 3-1: Manufacturer: syz
[  357.949347][ T1204] usb 3-1: SerialNumber: syz
[  358.008618][ T1204] usb 3-1: config 0 descriptor??
[  359.132808][ T9996] FAULT_INJECTION: forcing a failure.
[  359.132808][ T9996] name failslab, interval 1, probability 0, space 0, times 0
[  359.166416][ T9996] CPU: 1 UID: 0 PID: 9996 Comm: syz.1.1048 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  359.166459][ T9996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.166470][ T9996] Call Trace:
[  359.166477][ T9996]  <TASK>
[  359.166484][ T9996]  dump_stack_lvl+0x16c/0x1f0
[  359.166524][ T9996]  should_fail_ex+0x512/0x640
[  359.166549][ T9996]  ? fs_reclaim_acquire+0xae/0x150
[  359.166570][ T9996]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  359.166593][ T9996]  should_failslab+0xc2/0x120
[  359.166618][ T9996]  __kmalloc_noprof+0xd2/0x510
[  359.166643][ T9996]  tomoyo_realpath_from_path+0xc2/0x6e0
[  359.166669][ T9996]  ? tomoyo_profile+0x47/0x60
[  359.166698][ T9996]  tomoyo_path_number_perm+0x245/0x580
[  359.166718][ T9996]  ? tomoyo_path_number_perm+0x237/0x580
[  359.166740][ T9996]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  359.166762][ T9996]  ? find_held_lock+0x2b/0x80
[  359.166810][ T9996]  ? find_held_lock+0x2b/0x80
[  359.166831][ T9996]  ? hook_file_ioctl_common+0x145/0x410
[  359.166853][ T9996]  ? __fget_files+0x20e/0x3c0
[  359.166879][ T9996]  security_file_ioctl+0x9b/0x240
[  359.166907][ T9996]  __x64_sys_ioctl+0xb7/0x210
[  359.166930][ T9996]  do_syscall_64+0xcd/0x4c0
[  359.166958][ T9996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.166976][ T9996] RIP: 0033:0x7fdc4418e929
[  359.166992][ T9996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.167009][ T9996] RSP: 002b:00007fdc41ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  359.167029][ T9996] RAX: ffffffffffffffda RBX: 00007fdc443b5fa0 RCX: 00007fdc4418e929
[  359.167041][ T9996] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  359.167050][ T9996] RBP: 00007fdc41ff6090 R08: 0000000000000000 R09: 0000000000000000
[  359.167059][ T9996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.167068][ T9996] R13: 0000000000000000 R14: 00007fdc443b5fa0 R15: 00007ffce928b6b8
[  359.167089][ T9996]  </TASK>
[  359.167095][ T9996] ERROR: Out of memory at tomoyo_realpath_from_path.
[  359.167377][ T5915] usb 3-1: USB disconnect, device number 23
[  359.515147][T10007] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1053'.
[  359.839001][ T5837] Bluetooth: hci0: command tx timeout
[  359.936573][T10012] sp0: Synchronizing with TNC
[  360.241955][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  360.325056][ T5915] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  360.406851][T10034] vivid-000: disconnect
[  360.744660][ T5915] usb 6-1: Using ep0 maxpacket: 32
[  360.762691][ T5915] usb 6-1: config 0 has an invalid interface number: 219 but max is 0
[  360.785563][ T5915] usb 6-1: config 0 has no interface number 0
[  360.908822][ T5915] usb 6-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  360.923148][ T5915] usb 6-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  360.935620][ T5915] usb 6-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  360.938208][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  360.972580][ T5915] usb 6-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  360.983785][ T5915] usb 6-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[  361.001356][ T5915] usb 6-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  361.034671][ T5915] usb 6-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  361.049159][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.057825][ T5915] usb 6-1: Product: syz
[  361.062012][ T5915] usb 6-1: Manufacturer: syz
[  361.067129][ T5915] usb 6-1: SerialNumber: syz
[  361.092670][ T5915] usb 6-1: config 0 descriptor??
[  361.122989][T10022] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  361.132422][T10023] vivid-000: reconnect
[  361.139574][T10022] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  361.324682][ T1204] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  361.327596][T10054] 9pnet_fd: Insufficient options for proto=fd
[  361.495792][T10059] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  361.508398][ T1204] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  361.605707][ T5915] etas_es58x 6-1:0.219: Starting syz syz (Serial Number syz)
[  361.626922][ T5837] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  361.626984][ T1204] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.710006][ T5915] etas_es58x 6-1:0.219: could not retrieve the product info string
[  361.898217][T10069] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1069'.
[  361.929320][ T1204] usb 3-1: Product: syz
[  361.933602][ T1204] usb 3-1: Manufacturer: syz
[  361.952845][ T1204] usb 3-1: SerialNumber: syz
[  361.961326][ T5915] usb 6-1: USB disconnect, device number 3
[  361.984000][ T1204] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  361.994547][ T5915] etas_es58x 6-1:0.219: Disconnecting syz syz
[  362.051144][T10071] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1070'.
[  362.100907][   T30] audit: type=1400 audit(1752534512.867:511): avc:  denied  { firmware_load } for  pid=5883 comm="kworker/0:3" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  362.138232][ T5883] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  362.191753][   T30] audit: type=1400 audit(1752534512.867:512): avc:  denied  { map } for  pid=10070 comm="syz.1.1070" path="socket:[23466]" dev="sockfs" ino=23466 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  362.273899][   T30] audit: type=1400 audit(1752534512.867:513): avc:  denied  { read } for  pid=10070 comm="syz.1.1070" path="socket:[23466]" dev="sockfs" ino=23466 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  362.378855][T10080] FAULT_INJECTION: forcing a failure.
[  362.378855][T10080] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.449860][T10080] CPU: 1 UID: 0 PID: 10080 Comm: syz.3.1073 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  362.449889][T10080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  362.449900][T10080] Call Trace:
[  362.449907][T10080]  <TASK>
[  362.449914][T10080]  dump_stack_lvl+0x16c/0x1f0
[  362.449947][T10080]  should_fail_ex+0x512/0x640
[  362.449976][T10080]  _copy_to_user+0x32/0xd0
[  362.450004][T10080]  simple_read_from_buffer+0xcb/0x170
[  362.450031][T10080]  proc_fail_nth_read+0x197/0x270
[  362.450057][T10080]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  362.450081][T10080]  ? rw_verify_area+0xcf/0x680
[  362.450103][T10080]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  362.450125][T10080]  vfs_read+0x1e1/0xc60
[  362.450151][T10080]  ? __pfx___mutex_lock+0x10/0x10
[  362.450176][T10080]  ? __pfx_vfs_read+0x10/0x10
[  362.450205][T10080]  ? __fget_files+0x20e/0x3c0
[  362.450238][T10080]  ksys_read+0x12a/0x250
[  362.450259][T10080]  ? __pfx_ksys_read+0x10/0x10
[  362.450281][T10080]  ? fdget+0x187/0x210
[  362.450308][T10080]  do_syscall_64+0xcd/0x4c0
[  362.450335][T10080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.450354][T10080] RIP: 0033:0x7f0da1d8d33c
[  362.450371][T10080] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  362.450389][T10080] RSP: 002b:00007f0da2b29030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  362.450408][T10080] RAX: ffffffffffffffda RBX: 00007f0da1fb6080 RCX: 00007f0da1d8d33c
[  362.450420][T10080] RDX: 000000000000000f RSI: 00007f0da2b290a0 RDI: 0000000000000005
[  362.450431][T10080] RBP: 00007f0da2b29090 R08: 0000000000000000 R09: 0000000000000000
[  362.450442][T10080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  362.450451][T10080] R13: 0000000000000000 R14: 00007f0da1fb6080 R15: 00007ffff06d7f18
[  362.450481][T10080]  </TASK>
[  362.883083][T10081] vivid-000: disconnect
[  363.272298][ T5883] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  363.280315][ T5883] ath9k_htc: Failed to initialize the device
[  363.318214][ T5883] usb 3-1: ath9k_htc: USB layer deinitialized
[  363.674716][T10076] vivid-000: reconnect
[  364.050876][ T1204] usb 3-1: USB disconnect, device number 24
[  364.219030][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  364.859957][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  365.045973][T10112] overlay: ./file0 is not a directory
[  365.052007][T10113] overlay: ./file0 is not a directory
[  365.439276][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  365.606829][T10128] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1086'.
[  365.677222][T10127] 9pnet: Could not find request transport: rd
[  365.711745][   T30] audit: type=1400 audit(1752534516.477:514): avc:  denied  { read } for  pid=10125 comm="syz.2.1085" name="file0" dev="tmpfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  365.736331][   T30] audit: type=1400 audit(1752534516.477:515): avc:  denied  { open } for  pid=10125 comm="syz.2.1085" path="/215/file0" dev="tmpfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  365.804816][ T5915] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  366.066576][ T5915] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  366.233364][T10136] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1087'.
[  366.290116][   T30] audit: type=1400 audit(1752534517.037:516): avc:  denied  { bind } for  pid=10134 comm="syz.5.1087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  366.344377][   T30] audit: type=1400 audit(1752534517.047:517): avc:  denied  { connect } for  pid=10134 comm="syz.5.1087" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  366.486879][   T30] audit: type=1400 audit(1752534517.167:518): avc:  denied  { mounton } for  pid=10134 comm="syz.5.1087" path="/syzcgroup/unified/syz5" dev="cgroup2" ino=250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  366.843464][ T5915] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  366.852914][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.864088][ T5915] usb 2-1: config 0 descriptor??
[  366.888160][ T5915] pwc: Askey VC010 type 2 USB webcam detected.
[  366.903378][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  366.981481][T10143] FAULT_INJECTION: forcing a failure.
[  366.981481][T10143] name failslab, interval 1, probability 0, space 0, times 0
[  367.019434][T10143] CPU: 0 UID: 0 PID: 10143 Comm: syz.2.1089 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  367.019469][T10143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  367.019479][T10143] Call Trace:
[  367.019484][T10143]  <TASK>
[  367.019491][T10143]  dump_stack_lvl+0x16c/0x1f0
[  367.019522][T10143]  should_fail_ex+0x512/0x640
[  367.019543][T10143]  ? fs_reclaim_acquire+0xae/0x150
[  367.019560][T10143]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  367.019583][T10143]  should_failslab+0xc2/0x120
[  367.019606][T10143]  __kmalloc_noprof+0xd2/0x510
[  367.019631][T10143]  tomoyo_realpath_from_path+0xc2/0x6e0
[  367.019661][T10143]  ? tomoyo_profile+0x47/0x60
[  367.019686][T10143]  tomoyo_path_number_perm+0x245/0x580
[  367.019703][T10143]  ? tomoyo_path_number_perm+0x237/0x580
[  367.019722][T10143]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  367.019742][T10143]  ? find_held_lock+0x2b/0x80
[  367.019783][T10143]  ? find_held_lock+0x2b/0x80
[  367.019802][T10143]  ? hook_file_ioctl_common+0x145/0x410
[  367.019821][T10143]  ? __fget_files+0x20e/0x3c0
[  367.019845][T10143]  security_file_ioctl+0x9b/0x240
[  367.019869][T10143]  __x64_sys_ioctl+0xb7/0x210
[  367.019893][T10143]  do_syscall_64+0xcd/0x4c0
[  367.019916][T10143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.019933][T10143] RIP: 0033:0x7f1d87d8e929
[  367.019948][T10143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.019963][T10143] RSP: 002b:00007f1d88cdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  367.019979][T10143] RAX: ffffffffffffffda RBX: 00007f1d87fb5fa0 RCX: 00007f1d87d8e929
[  367.019989][T10143] RDX: 0000200000000000 RSI: 000000004008ae89 RDI: 0000000000000005
[  367.019999][T10143] RBP: 00007f1d88cdf090 R08: 0000000000000000 R09: 0000000000000000
[  367.020008][T10143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.020018][T10143] R13: 0000000000000000 R14: 00007f1d87fb5fa0 R15: 00007fff8967e4d8
[  367.020037][T10143]  </TASK>
[  367.218230][    C0] vkms_vblank_simulate: vblank timer overrun
[  367.241187][T10143] ERROR: Out of memory at tomoyo_realpath_from_path.
[  367.303416][T10152] FAULT_INJECTION: forcing a failure.
[  367.303416][T10152] name failslab, interval 1, probability 0, space 0, times 0
[  367.319989][T10152] CPU: 0 UID: 0 PID: 10152 Comm: syz.3.1090 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  367.320020][T10152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  367.320030][T10152] Call Trace:
[  367.320039][T10152]  <TASK>
[  367.320046][T10152]  dump_stack_lvl+0x16c/0x1f0
[  367.320083][T10152]  should_fail_ex+0x512/0x640
[  367.320111][T10152]  ? fs_reclaim_acquire+0xae/0x150
[  367.320132][T10152]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  367.320159][T10152]  should_failslab+0xc2/0x120
[  367.320186][T10152]  __kmalloc_noprof+0xd2/0x510
[  367.320218][T10152]  tomoyo_realpath_from_path+0xc2/0x6e0
[  367.320244][T10152]  ? tomoyo_profile+0x47/0x60
[  367.320274][T10152]  tomoyo_path_number_perm+0x245/0x580
[  367.320294][T10152]  ? tomoyo_path_number_perm+0x237/0x580
[  367.320316][T10152]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  367.320337][T10152]  ? find_held_lock+0x2b/0x80
[  367.320388][T10152]  ? find_held_lock+0x2b/0x80
[  367.320408][T10152]  ? hook_file_ioctl_common+0x145/0x410
[  367.320437][T10152]  ? __fget_files+0x20e/0x3c0
[  367.320463][T10152]  security_file_ioctl+0x9b/0x240
[  367.320489][T10152]  __x64_sys_ioctl+0xb7/0x210
[  367.320511][T10152]  do_syscall_64+0xcd/0x4c0
[  367.320536][T10152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.320553][T10152] RIP: 0033:0x7f0da1d8e929
[  367.320566][T10152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  367.320582][T10152] RSP: 002b:00007f0da2b29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  367.320598][T10152] RAX: ffffffffffffffda RBX: 00007f0da1fb6080 RCX: 00007f0da1d8e929
[  367.320608][T10152] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000003
[  367.320617][T10152] RBP: 00007f0da2b29090 R08: 0000000000000000 R09: 0000000000000000
[  367.320626][T10152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.320635][T10152] R13: 0000000000000001 R14: 00007f0da1fb6080 R15: 00007ffff06d7f18
[  367.320655][T10152]  </TASK>
[  367.320679][T10152] ERROR: Out of memory at tomoyo_realpath_from_path.
[  367.739641][ T5915] pwc: recv_control_msg error -32 req 02 val 2b00
[  367.758785][ T5915] pwc: recv_control_msg error -32 req 02 val 2700
[  367.775371][ T5915] pwc: recv_control_msg error -32 req 02 val 2c00
[  367.840801][ T5915] pwc: recv_control_msg error -32 req 04 val 1000
[  368.210726][ T5915] pwc: recv_control_msg error -32 req 04 val 1400
[  368.326783][ T5915] pwc: recv_control_msg error -32 req 02 val 2000
[  368.339445][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  368.386663][T10166] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1094'.
[  368.440320][T10167] vivid-000: disconnect
[  368.619458][ T5915] pwc: recv_control_msg error -71 req 04 val 1500
[  368.683799][ T5915] pwc: recv_control_msg error -71 req 02 val 2500
[  368.702888][ T5915] pwc: recv_control_msg error -71 req 02 val 2400
[  368.713163][ T5915] pwc: recv_control_msg error -71 req 02 val 2600
[  368.836557][   T30] audit: type=1400 audit(1752534519.607:519): avc:  denied  { lock } for  pid=10165 comm="syz.2.1094" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  369.009484][T10162] vivid-000: reconnect
[  369.057773][ T5915] pwc: recv_control_msg error -71 req 02 val 2900
[  369.073569][ T5915] pwc: recv_control_msg error -71 req 02 val 2800
[  369.079964][T10173] FAULT_INJECTION: forcing a failure.
[  369.079964][T10173] name failslab, interval 1, probability 0, space 0, times 0
[  369.100175][ T5915] pwc: recv_control_msg error -71 req 04 val 1100
[  369.120469][T10173] CPU: 1 UID: 0 PID: 10173 Comm: syz.3.1096 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  369.120501][T10173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  369.120512][T10173] Call Trace:
[  369.120519][T10173]  <TASK>
[  369.120527][T10173]  dump_stack_lvl+0x16c/0x1f0
[  369.120565][T10173]  should_fail_ex+0x512/0x640
[  369.120589][T10173]  ? fs_reclaim_acquire+0xae/0x150
[  369.120609][T10173]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  369.120635][T10173]  should_failslab+0xc2/0x120
[  369.120660][T10173]  __kmalloc_noprof+0xd2/0x510
[  369.120688][T10173]  tomoyo_realpath_from_path+0xc2/0x6e0
[  369.120714][T10173]  ? tomoyo_profile+0x47/0x60
[  369.120744][T10173]  tomoyo_path_number_perm+0x245/0x580
[  369.120764][T10173]  ? tomoyo_path_number_perm+0x237/0x580
[  369.120787][T10173]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  369.120808][T10173]  ? find_held_lock+0x2b/0x80
[  369.120855][T10173]  ? find_held_lock+0x2b/0x80
[  369.120876][T10173]  ? hook_file_ioctl_common+0x145/0x410
[  369.120898][T10173]  ? __fget_files+0x20e/0x3c0
[  369.120927][T10173]  security_file_ioctl+0x9b/0x240
[  369.120953][T10173]  __x64_sys_ioctl+0xb7/0x210
[  369.120975][T10173]  do_syscall_64+0xcd/0x4c0
[  369.121002][T10173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  369.121020][T10173] RIP: 0033:0x7f0da1d8e929
[  369.121034][T10173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  369.121051][T10173] RSP: 002b:00007f0da2b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  369.121069][T10173] RAX: ffffffffffffffda RBX: 00007f0da1fb5fa0 RCX: 00007f0da1d8e929
[  369.121079][T10173] RDX: 0000200000000000 RSI: 00000000000089e3 RDI: 0000000000000004
[  369.121090][T10173] RBP: 00007f0da2b4a090 R08: 0000000000000000 R09: 0000000000000000
[  369.121100][T10173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.121110][T10173] R13: 0000000000000000 R14: 00007f0da1fb5fa0 R15: 00007ffff06d7f18
[  369.121133][T10173]  </TASK>
[  369.121484][T10173] ERROR: Out of memory at tomoyo_realpath_from_path.
[  369.128509][ T5915] pwc: recv_control_msg error -71 req 04 val 1200
[  369.269864][    C0] vkms_vblank_simulate: vblank timer overrun
[  369.349873][T10165] delete_channel: no stack
[  369.469527][ T5915] pwc: Registered as video103.
[  369.545331][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  369.558260][ T5915] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input30
[  369.682137][ T5915] usb 2-1: USB disconnect, device number 35
[  370.114705][ T5915] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  370.565003][ T5915] usb 2-1: Using ep0 maxpacket: 8
[  370.985623][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.000284][ T5915] usb 2-1: unable to get BOS descriptor or descriptor too short
[  371.050785][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.063689][T10215] vivid-000: disconnect
[  371.114804][ T5883] IPVS: starting estimator thread 0...
[  371.133912][ T5915] usb 2-1: config 4 has an invalid interface number: 255 but max is 0
[  371.191465][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.352740][ T5915] usb 2-1: config 4 has no interface number 0
[  371.361222][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.369241][T10216] IPVS: using max 51 ests per chain, 122400 per kthread
[  371.380624][ T5915] usb 2-1: too many endpoints for config 4 interface 255 altsetting 255: 255, using maximum allowed: 30
[  371.400117][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.426289][ T5915] usb 2-1: config 4 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  371.453851][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.490750][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.510722][ T5915] usb 2-1: config 4 interface 255 has no altsetting 0
[  371.523323][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.537688][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.546525][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.556700][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.564752][ T5915] usb 2-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice= e.87
[  371.574469][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.582889][ T5915] usb 2-1: Product: syz
[  371.589523][T10211] vivid-000: reconnect
[  371.596341][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.604466][ T5915] usb 2-1: Manufacturer: syz
[  371.609663][ T5915] usb 2-1: SerialNumber: syz
[  371.614336][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.641139][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.650193][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.659317][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.702676][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.714255][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.722749][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.764854][   T48] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  371.833932][T10193] Bluetooth: MGMT ver 1.23
[  371.861753][T10193] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[  371.874955][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.886351][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  371.928165][   T48] usb 4-1: Using ep0 maxpacket: 8
[  371.935494][ T5915] usb 2-1: USB disconnect, device number 36
[  371.942453][   T48] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  371.989036][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.030011][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.047976][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.064350][   T48] usb 4-1: Product: syz
[  372.071590][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.074725][   T48] usb 4-1: Manufacturer: syz
[  372.096675][   T48] usb 4-1: SerialNumber: syz
[  372.106264][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.117721][   T48] usb 4-1: config 0 descriptor??
[  372.153771][T10229] FAULT_INJECTION: forcing a failure.
[  372.153771][T10229] name failslab, interval 1, probability 0, space 0, times 0
[  372.168888][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.192544][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.214167][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.234100][T10229] CPU: 0 UID: 0 PID: 10229 Comm: syz.5.1108 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  372.234130][T10229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  372.234141][T10229] Call Trace:
[  372.234147][T10229]  <TASK>
[  372.234154][T10229]  dump_stack_lvl+0x16c/0x1f0
[  372.234187][T10229]  should_fail_ex+0x512/0x640
[  372.234211][T10229]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  372.234238][T10229]  should_failslab+0xc2/0x120
[  372.234265][T10229]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  372.234287][T10229]  ? getname_flags.part.0+0x4c/0x550
[  372.234310][T10229]  getname_flags.part.0+0x4c/0x550
[  372.234331][T10229]  getname_flags+0x93/0xf0
[  372.234352][T10229]  __x64_sys_rename+0x58/0xa0
[  372.234376][T10229]  do_syscall_64+0xcd/0x4c0
[  372.234402][T10229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  372.234421][T10229] RIP: 0033:0x7f399bf8e929
[  372.234435][T10229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  372.234452][T10229] RSP: 002b:00007f399cdba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  372.234470][T10229] RAX: ffffffffffffffda RBX: 00007f399c1b5fa0 RCX: 00007f399bf8e929
[  372.234481][T10229] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000100
[  372.234494][T10229] RBP: 00007f399cdba090 R08: 0000000000000000 R09: 0000000000000000
[  372.234503][T10229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  372.234512][T10229] R13: 0000000000000000 R14: 00007f399c1b5fa0 R15: 00007ffcc0f1a748
[  372.234532][T10229]  </TASK>
[  372.390978][    C0] vkms_vblank_simulate: vblank timer overrun
[  372.414940][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.423312][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.435017][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.443004][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.450850][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.451159][   T48] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  372.458687][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.473997][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.481887][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.489756][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.497704][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.506249][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.514057][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.521976][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.529783][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.537604][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: unknown main item tag 0x0
[  372.552622][ T1204] hid-generic 0000:007F:FFFFFFFE.000F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  372.917991][T10235] fido_id[10235]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  372.997005][ T5915] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  373.139609][ T1204] kernel read not supported for file inotify (pid: 1204 comm: kworker/0:2)
[  373.156508][   T48] usb write operation failed. (-71)
[  373.172364][   T48] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  373.172563][ T5915] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  373.194737][   T48] dvbdev: DVB: registering new adapter (Terratec H7)
[  373.209348][   T48] usb 4-1: media controller created
[  373.218256][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.229447][   T48] usb read operation failed. (-71)
[  373.236886][ T5915] usb 2-1: config 0 descriptor??
[  373.250767][ T5915] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  373.254186][   T48] usb write operation failed. (-71)
[  373.291834][   T48] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  373.338159][   T48] usb 4-1: USB disconnect, device number 18
[  373.389121][   T30] audit: type=1400 audit(1752534524.157:520): avc:  denied  { ioctl } for  pid=10257 comm="syz.0.1114" path="socket:[24265]" dev="sockfs" ino=24265 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  373.449251][ T5915] gp8psk: usb in 128 operation failed.
[  373.668987][ T5915] gp8psk: usb in 146 operation failed.
[  373.670639][T10241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  373.683273][ T5915] gp8psk: failed to get FW version
[  373.696462][T10241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  373.814202][ T5915] gp8psk: FPGA Version = 119
[  373.876180][T10268] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1116'.
[  374.091545][ T5915] gp8psk: usb in 138 operation failed.
[  374.103479][ T5915] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  374.184702][T10271] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  374.225751][T10271] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  374.458055][ T5915] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  374.520368][ T5915] usb 2-1: USB disconnect, device number 37
[  374.593496][   T30] audit: type=1400 audit(1752534525.357:521): avc:  denied  { create } for  pid=10273 comm="syz.2.1119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  374.619366][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  374.684690][   T30] audit: type=1400 audit(1752534525.367:522): avc:  denied  { write } for  pid=10273 comm="syz.2.1119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  374.844668][ T5883] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  375.142081][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  375.925472][ T5883] usb 6-1: Using ep0 maxpacket: 16
[  375.939074][ T5883] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  375.952179][ T5883] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  376.077032][ T5883] usb 6-1: config 0 interface 0 has no altsetting 0
[  376.083871][ T5883] usb 6-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  376.095321][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.726129][T10306] futex_wake_op: syz.0.1125 tries to shift op by -1; fix this program
[  377.090471][ T5883] usb 6-1: config 0 descriptor??
[  377.180681][T10304] veth0_to_team: entered promiscuous mode
[  377.186601][T10304] veth0_to_team: entered allmulticast mode
[  377.229459][T10306] xt_hashlimit: size too large, truncated to 1048576
[  377.767063][ T5883] usbhid 6-1:0.0: can't add hid device: -71
[  377.895663][ T5883] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  377.918815][ T5883] usb 6-1: USB disconnect, device number 4
[  378.498486][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  378.542302][T10327] FAULT_INJECTION: forcing a failure.
[  378.542302][T10327] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.571732][T10327] CPU: 1 UID: 0 PID: 10327 Comm: syz.2.1132 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  378.571771][T10327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  378.571781][T10327] Call Trace:
[  378.571787][T10327]  <TASK>
[  378.571793][T10327]  dump_stack_lvl+0x16c/0x1f0
[  378.571828][T10327]  should_fail_ex+0x512/0x640
[  378.571854][T10327]  _copy_from_user+0x2e/0xd0
[  378.571880][T10327]  do_sock_getsockopt+0x5f4/0x800
[  378.571899][T10327]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  378.571913][T10327]  ? __fget_files+0x204/0x3c0
[  378.571950][T10327]  __sys_getsockopt+0x12f/0x260
[  378.571978][T10327]  __x64_sys_getsockopt+0xbd/0x160
[  378.571997][T10327]  ? do_syscall_64+0x91/0x4c0
[  378.572019][T10327]  ? lockdep_hardirqs_on+0x7c/0x110
[  378.572040][T10327]  do_syscall_64+0xcd/0x4c0
[  378.572064][T10327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.572084][T10327] RIP: 0033:0x7f1d87d8e929
[  378.572099][T10327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.572117][T10327] RSP: 002b:00007f1d88cdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  378.572137][T10327] RAX: ffffffffffffffda RBX: 00007f1d87fb5fa0 RCX: 00007f1d87d8e929
[  378.572150][T10327] RDX: 0000000000000003 RSI: 000000000000010c RDI: 0000000000000004
[  378.572160][T10327] RBP: 00007f1d88cdf090 R08: 00002000000002c0 R09: 0000000000000000
[  378.572170][T10327] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  378.572180][T10327] R13: 0000000000000000 R14: 00007f1d87fb5fa0 R15: 00007fff8967e4d8
[  378.572204][T10327]  </TASK>
[  378.584653][ T5883] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  378.655211][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  378.714854][    T9] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  378.744776][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  378.775484][ T4802] sl0: compressed packet ignored
[  378.780544][ T4802] sl1: compressed packet ignored
[  378.795350][   T13] sl2: compressed packet ignored
[  378.804234][   T36] sl3: compressed packet ignored
[  378.809906][   T13] sl4: compressed packet ignored
[  378.815275][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  378.815538][   T36] sl5: compressed packet ignored
[  378.834649][ T3464] sl6: compressed packet ignored
[  378.837165][ T4802] sl7: compressed packet ignored
[  379.088588][ T5883] usb 4-1: Using ep0 maxpacket: 8
[  379.095216][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  379.106848][    T9] usb 6-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.00
[  379.116350][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.126251][ T5883] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  379.145919][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  379.154057][ T5883] usb 4-1: Product: syz
[  379.187020][    T9] usb 6-1: config 0 descriptor??
[  379.198483][ T5883] usb 4-1: Manufacturer: syz
[  379.222377][ T5883] usb 4-1: SerialNumber: syz
[  379.257419][ T5883] usb 4-1: config 0 descriptor??
[  379.303664][ T5883] usbtest 4-1:0.0: FX2 device
[  379.395283][ T5883] usbtest 4-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  379.419262][T10321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.432069][T10321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.626975][T10339] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1134'.
[  379.655875][    T9] usbhid 6-1:0.0: can't add hid device: -71
[  379.661859][    T9] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  379.787717][    T9] usb 6-1: USB disconnect, device number 5
[  379.813651][ T5852] usb 4-1: USB disconnect, device number 19
[  380.962030][T10377] FAULT_INJECTION: forcing a failure.
[  380.962030][T10377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  380.993350][T10377] CPU: 0 UID: 0 PID: 10377 Comm: syz.5.1142 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  380.993371][T10377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  380.993378][T10377] Call Trace:
[  380.993383][T10377]  <TASK>
[  380.993390][T10377]  dump_stack_lvl+0x16c/0x1f0
[  380.993413][T10377]  should_fail_ex+0x512/0x640
[  380.993431][T10377]  _copy_from_user+0x2e/0xd0
[  380.993449][T10377]  copy_msghdr_from_user+0x98/0x160
[  380.993467][T10377]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  380.993489][T10377]  ___sys_sendmsg+0xfe/0x1d0
[  380.993504][T10377]  ? __pfx____sys_sendmsg+0x10/0x10
[  380.993518][T10377]  ? __lock_acquire+0x622/0x1c90
[  380.993545][T10377]  __sys_sendmsg+0x16d/0x220
[  380.993560][T10377]  ? __pfx___sys_sendmsg+0x10/0x10
[  380.993584][T10377]  do_syscall_64+0xcd/0x4c0
[  380.993607][T10377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.993619][T10377] RIP: 0033:0x7f399bf8e929
[  380.993629][T10377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.993640][T10377] RSP: 002b:00007f399cdba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  380.993652][T10377] RAX: ffffffffffffffda RBX: 00007f399c1b5fa0 RCX: 00007f399bf8e929
[  380.993659][T10377] RDX: 0000000000000004 RSI: 00002000000001c0 RDI: 0000000000000004
[  380.993665][T10377] RBP: 00007f399cdba090 R08: 0000000000000000 R09: 0000000000000000
[  380.993672][T10377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.993678][T10377] R13: 0000000000000000 R14: 00007f399c1b5fa0 R15: 00007ffcc0f1a748
[  380.993691][T10377]  </TASK>
[  381.155594][    C0] vkms_vblank_simulate: vblank timer overrun
[  381.556882][T10385] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1144'.
[  381.681657][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  381.866874][   T30] audit: type=1400 audit(1752534532.637:523): avc:  denied  { create } for  pid=10391 comm="syz.1.1146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  381.914968][ T5915] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  382.027351][   T30] audit: type=1400 audit(1752534532.667:524): avc:  denied  { sys_admin } for  pid=10391 comm="syz.1.1146" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  382.179808][ T5915] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.194219][ T5915] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  382.217306][ T5915] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  382.305286][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.328260][ T5915] usb 3-1: config 0 descriptor??
[  382.336238][ T5915] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  382.343644][ T5915] dvb-usb: bulk message failed: -22 (3/0)
[  382.358888][ T5915] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  382.370792][ T5915] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  382.418653][ T5915] usb 3-1: media controller created
[  382.466060][ T5915] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  382.518380][ T5915] dvb-usb: bulk message failed: -22 (6/0)
[  382.524289][ T5915] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  382.575130][ T5915] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input31
[  382.638311][ T5915] dvb-usb: schedule remote query interval to 150 msecs.
[  382.654553][ T5915] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  382.825194][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  382.831067][ T5915] dvb-usb: error while querying for an remote control event.
[  382.961890][T10405] vivid-000: disconnect
[  383.324677][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  383.333147][ T5915] dvb-usb: error while querying for an remote control event.
[  383.379308][T10401] vivid-000: reconnect
[  383.390482][T10411] FAULT_INJECTION: forcing a failure.
[  383.390482][T10411] name failslab, interval 1, probability 0, space 0, times 0
[  383.494922][T10411] CPU: 0 UID: 0 PID: 10411 Comm: syz.1.1152 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  383.494951][T10411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  383.494962][T10411] Call Trace:
[  383.494968][T10411]  <TASK>
[  383.494976][T10411]  dump_stack_lvl+0x16c/0x1f0
[  383.495008][T10411]  should_fail_ex+0x512/0x640
[  383.495031][T10411]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  383.495058][T10411]  should_failslab+0xc2/0x120
[  383.495084][T10411]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  383.495106][T10411]  ? getname_flags.part.0+0x4c/0x550
[  383.495130][T10411]  getname_flags.part.0+0x4c/0x550
[  383.495152][T10411]  getname_flags+0x93/0xf0
[  383.495174][T10411]  do_sys_openat2+0xb8/0x1d0
[  383.495191][T10411]  ? __pfx_do_sys_openat2+0x10/0x10
[  383.495210][T10411]  ? __fget_files+0x20e/0x3c0
[  383.495237][T10411]  __x64_sys_openat+0x174/0x210
[  383.495254][T10411]  ? __pfx___x64_sys_openat+0x10/0x10
[  383.495268][T10411]  ? ksys_write+0x1ac/0x250
[  383.495296][T10411]  do_syscall_64+0xcd/0x4c0
[  383.495326][T10411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.495342][T10411] RIP: 0033:0x7fdc4418d290
[  383.495357][T10411] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  383.495373][T10411] RSP: 002b:00007fdc41fd4f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  383.495392][T10411] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdc4418d290
[  383.495402][T10411] RDX: 0000000000000002 RSI: 00007fdc41fd4fa0 RDI: 00000000ffffff9c
[  383.495413][T10411] RBP: 00007fdc41fd4fa0 R08: 0000000000000000 R09: 00007fdc41fd4cd5
[  383.495421][T10411] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  383.495429][T10411] R13: 0000000000000000 R14: 00007fdc443b6080 R15: 00007ffce928b6b8
[  383.495448][T10411]  </TASK>
[  383.528035][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  383.528073][ T5915] dvb-usb: error while querying for an remote control event.
[  383.696502][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  383.696733][ T5915] dvb-usb: error while querying for an remote control event.
[  383.855259][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  383.859696][ T5915] dvb-usb: error while querying for an remote control event.
[  384.025076][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  384.029847][ T5915] dvb-usb: error while querying for an remote control event.
[  384.099355][   T30] audit: type=1400 audit(1752534534.867:525): avc:  denied  { read } for  pid=10418 comm="syz.0.1154" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  384.099896][   T30] audit: type=1400 audit(1752534534.867:526): avc:  denied  { open } for  pid=10418 comm="syz.0.1154" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  384.184963][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  384.184997][ T5915] dvb-usb: error while querying for an remote control event.
[  384.344777][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  384.344814][ T5915] dvb-usb: error while querying for an remote control event.
[  384.514620][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  384.708926][ T5915] dvb-usb: error while querying for an remote control event.
[  384.884618][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  384.890470][ T5915] dvb-usb: error while querying for an remote control event.
[  385.865461][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  385.871253][ T5883] dvb-usb: error while querying for an remote control event.
[  385.884990][ T5915] usb 3-1: USB disconnect, device number 25
[  385.927435][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  385.984464][ T5915] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  386.134365][T10447] vivid-000: disconnect
[  386.375627][ T5883] usb 1-1: new full-speed USB device number 28 using dummy_hcd
[  386.383355][    T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  386.442170][T10444] vivid-000: reconnect
[  386.534661][    T9] usb 2-1: Using ep0 maxpacket: 8
[  386.559236][    T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  386.571179][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.579606][T10451] netlink: 272 bytes leftover after parsing attributes in process `syz.5.1164'.
[  386.579974][   T30] audit: type=1400 audit(1752534537.337:527): avc:  denied  { nlmsg_read } for  pid=10450 comm="syz.5.1164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  386.610418][    T9] usb 2-1: Product: syz
[  386.614055][T10451] FAULT_INJECTION: forcing a failure.
[  386.614055][T10451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.614892][    T9] usb 2-1: Manufacturer: syz
[  386.637242][    T9] usb 2-1: SerialNumber: syz
[  386.648145][ T5883] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  386.658681][ T5883] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  386.669769][ T5883] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  386.681482][T10451] CPU: 1 UID: 0 PID: 10451 Comm: syz.5.1164 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  386.681513][T10451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.681524][T10451] Call Trace:
[  386.681530][T10451]  <TASK>
[  386.681537][T10451]  dump_stack_lvl+0x16c/0x1f0
[  386.681572][T10451]  should_fail_ex+0x512/0x640
[  386.681605][T10451]  _copy_from_user+0x2e/0xd0
[  386.681631][T10451]  copy_msghdr_from_user+0x98/0x160
[  386.681660][T10451]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  386.681685][T10451]  ? __lock_acquire+0x622/0x1c90
[  386.681707][T10451]  ___sys_recvmsg+0xdb/0x1a0
[  386.681729][T10451]  ? __pfx____sys_recvmsg+0x10/0x10
[  386.681752][T10451]  ? find_held_lock+0x2b/0x80
[  386.681788][T10451]  do_recvmmsg+0x2fe/0x750
[  386.681812][T10451]  ? __pfx_do_recvmmsg+0x10/0x10
[  386.681835][T10451]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  386.681872][T10451]  ? __fget_files+0x20e/0x3c0
[  386.681901][T10451]  __x64_sys_recvmmsg+0x22a/0x280
[  386.681925][T10451]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  386.681953][T10451]  do_syscall_64+0xcd/0x4c0
[  386.681983][T10451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.682001][T10451] RIP: 0033:0x7f399bf8e929
[  386.682017][T10451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.682033][T10451] RSP: 002b:00007f399cdba038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  386.682052][T10451] RAX: ffffffffffffffda RBX: 00007f399c1b5fa0 RCX: 00007f399bf8e929
[  386.682063][T10451] RDX: 0000000000000001 RSI: 0000200000003900 RDI: 0000000000000003
[  386.682072][T10451] RBP: 00007f399cdba090 R08: 0000000000000000 R09: 0000000000000000
[  386.682082][T10451] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  386.682091][T10451] R13: 0000000000000000 R14: 00007f399c1b5fa0 R15: 00007ffcc0f1a748
[  386.682111][T10451]  </TASK>
[  386.685485][    T9] usb 2-1: config 0 descriptor??
[  386.877608][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.000282][ T5883] usb 1-1: config 0 descriptor??
[  387.070852][ T5883] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  387.085360][ T5883] dvb-usb: bulk message failed: -22 (3/0)
[  387.120384][ T5883] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  387.140815][ T5883] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  387.246241][ T5883] usb 1-1: media controller created
[  387.254098][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  387.559942][    T9] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  387.654251][T10440] netlink: 'syz.0.1159': attribute type 13 has an invalid length.
[  387.663824][T10440] netlink: 396 bytes leftover after parsing attributes in process `syz.0.1159'.
[  387.703433][ T5883] dvb-usb: bulk message failed: -22 (6/0)
[  387.734716][ T5883] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  387.753209][ T5883] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input32
[  387.771706][ T5883] dvb-usb: schedule remote query interval to 150 msecs.
[  387.779282][ T5883] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  387.850912][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  387.875724][T10459] FAULT_INJECTION: forcing a failure.
[  387.875724][T10459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  387.901644][T10459] CPU: 0 UID: 0 PID: 10459 Comm: syz.2.1166 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  387.901664][T10459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  387.901671][T10459] Call Trace:
[  387.901675][T10459]  <TASK>
[  387.901680][T10459]  dump_stack_lvl+0x16c/0x1f0
[  387.901709][T10459]  should_fail_ex+0x512/0x640
[  387.901734][T10459]  _copy_from_user+0x2e/0xd0
[  387.901754][T10459]  __sys_bpf+0x21d/0x4d80
[  387.901777][T10459]  ? __pfx___sys_bpf+0x10/0x10
[  387.901793][T10459]  ? ksys_write+0x190/0x250
[  387.901813][T10459]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  387.901840][T10459]  ? fput+0x70/0xf0
[  387.901851][T10459]  ? ksys_write+0x1ac/0x250
[  387.901870][T10459]  ? __pfx_ksys_write+0x10/0x10
[  387.901894][T10459]  __x64_sys_bpf+0x78/0xc0
[  387.901915][T10459]  ? lockdep_hardirqs_on+0x7c/0x110
[  387.901938][T10459]  do_syscall_64+0xcd/0x4c0
[  387.901956][T10459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.901970][T10459] RIP: 0033:0x7f1d87d8e929
[  387.901981][T10459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.901993][T10459] RSP: 002b:00007f1d88cdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  387.902006][T10459] RAX: ffffffffffffffda RBX: 00007f1d87fb5fa0 RCX: 00007f1d87d8e929
[  387.902012][T10459] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  387.902019][T10459] RBP: 00007f1d88cdf090 R08: 0000000000000000 R09: 0000000000000000
[  387.902026][T10459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  387.902033][T10459] R13: 0000000000000000 R14: 00007f1d87fb5fa0 R15: 00007fff8967e4d8
[  387.902047][T10459]  </TASK>
[  388.112298][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  388.118346][ T5883] dvb-usb: error while querying for an remote control event.
[  388.183911][T10466] FAULT_INJECTION: forcing a failure.
[  388.183911][T10466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.200277][T10466] CPU: 0 UID: 0 PID: 10466 Comm: syz.3.1169 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  388.200308][T10466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  388.200322][T10466] Call Trace:
[  388.200327][T10466]  <TASK>
[  388.200334][T10466]  dump_stack_lvl+0x16c/0x1f0
[  388.200366][T10466]  should_fail_ex+0x512/0x640
[  388.200390][T10466]  _copy_from_user+0x2e/0xd0
[  388.200415][T10466]  copy_msghdr_from_user+0x98/0x160
[  388.200438][T10466]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  388.200471][T10466]  ___sys_sendmsg+0xfe/0x1d0
[  388.200495][T10466]  ? __pfx____sys_sendmsg+0x10/0x10
[  388.200516][T10466]  ? __lock_acquire+0x622/0x1c90
[  388.200564][T10466]  __sys_sendmsg+0x16d/0x220
[  388.200587][T10466]  ? __pfx___sys_sendmsg+0x10/0x10
[  388.200628][T10466]  do_syscall_64+0xcd/0x4c0
[  388.200658][T10466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.200676][T10466] RIP: 0033:0x7f0da1d8e929
[  388.200691][T10466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.200708][T10466] RSP: 002b:00007f0da2b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  388.200727][T10466] RAX: ffffffffffffffda RBX: 00007f0da1fb5fa0 RCX: 00007f0da1d8e929
[  388.200738][T10466] RDX: 0000000000008018 RSI: 00002000000005c0 RDI: 0000000000000004
[  388.200750][T10466] RBP: 00007f0da2b4a090 R08: 0000000000000000 R09: 0000000000000000
[  388.200760][T10466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.200770][T10466] R13: 0000000000000000 R14: 00007f0da1fb5fa0 R15: 00007ffff06d7f18
[  388.200796][T10466]  </TASK>
[  388.220105][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  388.294819][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  388.401966][ T5883] dvb-usb: error while querying for an remote control event.
[  388.506844][T10472] vivid-000: disconnect
[  388.720897][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  388.726932][ T5883] dvb-usb: error while querying for an remote control event.
[  388.785682][ T5915] kernel read not supported for file inotify (pid: 5915 comm: kworker/0:6)
[  388.802624][    T9] usb write operation failed. (-71)
[  388.817717][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  388.896176][ T5915] dvb-usb: bulk message failed: -22 (1/0)
[  388.955195][ T5915] dvb-usb: error while querying for an remote control event.
[  389.136341][    T9] dvbdev: DVB: registering new adapter (Terratec H7)
[  389.143143][    T9] usb 2-1: media controller created
[  389.144607][   T30] audit: type=1326 audit(1752534539.777:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  389.178218][ T5915] usb 1-1: USB disconnect, device number 28
[  389.180570][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  389.218592][ T5915] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  389.241890][T10470] vivid-000: reconnect
[  389.259549][    T9] usb read operation failed. (-71)
[  389.271073][   T30] audit: type=1326 audit(1752534539.777:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  389.273417][    T9] usb write operation failed. (-71)
[  389.645496][    T9] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  389.745237][T10485] vivid-000: disconnect
[  389.990151][   T30] audit: type=1326 audit(1752534539.787:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.051264][   T30] audit: type=1326 audit(1752534539.787:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.078384][    T9] usb 2-1: USB disconnect, device number 38
[  390.089636][   T30] audit: type=1326 audit(1752534539.787:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.122491][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  390.165207][   T30] audit: type=1326 audit(1752534539.787:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.193858][   T30] audit: type=1326 audit(1752534539.787:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.253544][   T30] audit: type=1326 audit(1752534539.797:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.293641][   T30] audit: type=1326 audit(1752534539.797:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.329947][   T30] audit: type=1326 audit(1752534539.797:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10475 comm="syz.2.1173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f1d87d8e929 code=0x7ffc0000
[  390.436722][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  390.470747][T10483] vivid-000: reconnect
[  390.504050][T10504] netlink: 'syz.2.1181': attribute type 7 has an invalid length.
[  390.529286][T10504] : entered promiscuous mode
[  390.554773][ T5913] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  390.602176][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  390.651991][T10510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1182'.
[  390.700000][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  390.731643][T10512] FAULT_INJECTION: forcing a failure.
[  390.731643][T10512] name failslab, interval 1, probability 0, space 0, times 0
[  390.744768][T10512] CPU: 0 UID: 0 PID: 10512 Comm: syz.2.1184 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  390.744795][T10512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  390.744805][T10512] Call Trace:
[  390.744811][T10512]  <TASK>
[  390.744818][T10512]  dump_stack_lvl+0x16c/0x1f0
[  390.744859][T10512]  should_fail_ex+0x512/0x640
[  390.744883][T10512]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  390.744910][T10512]  should_failslab+0xc2/0x120
[  390.744935][T10512]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  390.744958][T10512]  ? __alloc_skb+0x2b2/0x380
[  390.744986][T10512]  __alloc_skb+0x2b2/0x380
[  390.745006][T10512]  ? __pfx___alloc_skb+0x10/0x10
[  390.745028][T10512]  ? __import_iovec+0x1dd/0x650
[  390.745051][T10512]  ? avc_has_perm+0x170/0x1c0
[  390.745068][T10512]  ? selinux_file_permission+0x126/0x660
[  390.745099][T10512]  ? __pfx_virtual_ncidev_write+0x10/0x10
[  390.745119][T10512]  virtual_ncidev_write+0x50/0x210
[  390.745137][T10512]  vfs_writev+0x5df/0xde0
[  390.745163][T10512]  ? __pfx_vfs_writev+0x10/0x10
[  390.745193][T10512]  ? __fget_files+0x20e/0x3c0
[  390.745213][T10512]  ? __fget_files+0x180/0x3c0
[  390.745240][T10512]  ? do_writev+0x132/0x340
[  390.745258][T10512]  do_writev+0x132/0x340
[  390.745275][T10512]  ? __pfx_do_writev+0x10/0x10
[  390.745300][T10512]  do_syscall_64+0xcd/0x4c0
[  390.745326][T10512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.745343][T10512] RIP: 0033:0x7f1d87d8e929
[  390.745358][T10512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.745375][T10512] RSP: 002b:00007f1d88cdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  390.745393][T10512] RAX: ffffffffffffffda RBX: 00007f1d87fb5fa0 RCX: 00007f1d87d8e929
[  390.745405][T10512] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000003
[  390.745415][T10512] RBP: 00007f1d88cdf090 R08: 0000000000000000 R09: 0000000000000000
[  390.745425][T10512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.745435][T10512] R13: 0000000000000000 R14: 00007f1d87fb5fa0 R15: 00007fff8967e4d8
[  390.745457][T10512]  </TASK>
[  390.815344][   T48] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  390.888386][ T5913] usb 1-1: unable to get BOS descriptor or descriptor too short
[  390.999177][ T5913] usb 1-1: unable to read config index 0 descriptor/start: -71
[  391.035105][ T5913] usb 1-1: can't read configurations, error -71
[  391.048499][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  391.076511][T10519] FAULT_INJECTION: forcing a failure.
[  391.076511][T10519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.097003][T10519] CPU: 0 UID: 0 PID: 10519 Comm: syz.5.1186 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  391.097042][T10519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  391.097052][T10519] Call Trace:
[  391.097058][T10519]  <TASK>
[  391.097066][T10519]  dump_stack_lvl+0x16c/0x1f0
[  391.097100][T10519]  should_fail_ex+0x512/0x640
[  391.097125][T10519]  _copy_from_user+0x2e/0xd0
[  391.097150][T10519]  __sys_bpf+0x21d/0x4d80
[  391.097179][T10519]  ? __pfx___sys_bpf+0x10/0x10
[  391.097202][T10519]  ? ksys_write+0x190/0x250
[  391.097227][T10519]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  391.097264][T10519]  ? fput+0x70/0xf0
[  391.097279][T10519]  ? ksys_write+0x1ac/0x250
[  391.097298][T10519]  ? __pfx_ksys_write+0x10/0x10
[  391.097319][T10519]  __x64_sys_bpf+0x78/0xc0
[  391.097341][T10519]  ? lockdep_hardirqs_on+0x7c/0x110
[  391.097364][T10519]  do_syscall_64+0xcd/0x4c0
[  391.097388][T10519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.097406][T10519] RIP: 0033:0x7f399bf8e929
[  391.097421][T10519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.097436][T10519] RSP: 002b:00007f399cdba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  391.097455][T10519] RAX: ffffffffffffffda RBX: 00007f399c1b5fa0 RCX: 00007f399bf8e929
[  391.097466][T10519] RDX: 000000000000008f RSI: 00002000000003c0 RDI: 000000000000000a
[  391.097475][T10519] RBP: 00007f399cdba090 R08: 0000000000000000 R09: 0000000000000000
[  391.097484][T10519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.097492][T10519] R13: 0000000000000000 R14: 00007f399c1b5fa0 R15: 00007ffcc0f1a748
[  391.097512][T10519]  </TASK>
[  391.326030][   T48] usb 2-1: unable to get BOS descriptor or descriptor too short
[  391.340654][   T48] usb 2-1: unable to read config index 0 descriptor/start: -71
[  391.348955][   T48] usb 2-1: can't read configurations, error -71
[  391.427420][    T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  391.706112][ T5897] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  391.739206][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  391.749343][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7
[  391.787549][    T9] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  391.804842][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.812920][    T9] usb 3-1: Product: syz
[  391.832085][    T9] usb 3-1: Manufacturer: syz
[  391.836921][    T9] usb 3-1: SerialNumber: syz
[  391.854816][    T9] usb 3-1: config 0 descriptor??
[  391.887300][ T5897] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 2046, setting to 1024
[  391.899451][ T5897] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[  391.913430][ T5897] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  391.923674][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.932184][ T5897] usb 6-1: Product: syz
[  391.936988][ T5897] usb 6-1: Manufacturer: syz
[  391.941852][ T5897] usb 6-1: SerialNumber: syz
[  392.217187][    T9] usb 3-1: USB disconnect, device number 26
[  392.223883][T10521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.253268][T10521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.287495][ T5897] cdc_ncm 6-1:1.0: bind() failure
[  392.300383][ T5897] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  392.328725][ T5897] cdc_ncm 6-1:1.1: bind() failure
[  392.360609][ T5897] usb 6-1: USB disconnect, device number 6
[  393.648391][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  393.736810][T10560] FAULT_INJECTION: forcing a failure.
[  393.736810][T10560] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.762915][T10560] CPU: 1 UID: 0 PID: 10560 Comm: syz.1.1198 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  393.762951][T10560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  393.762962][T10560] Call Trace:
[  393.762969][T10560]  <TASK>
[  393.762977][T10560]  dump_stack_lvl+0x16c/0x1f0
[  393.763021][T10560]  should_fail_ex+0x512/0x640
[  393.763051][T10560]  _copy_from_user+0x2e/0xd0
[  393.763078][T10560]  copy_msghdr_from_user+0x98/0x160
[  393.763107][T10560]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  393.763140][T10560]  ___sys_sendmsg+0xfe/0x1d0
[  393.763164][T10560]  ? __pfx____sys_sendmsg+0x10/0x10
[  393.763185][T10560]  ? __lock_acquire+0x622/0x1c90
[  393.763236][T10560]  __sys_sendmsg+0x16d/0x220
[  393.763261][T10560]  ? __pfx___sys_sendmsg+0x10/0x10
[  393.763302][T10560]  do_syscall_64+0xcd/0x4c0
[  393.763331][T10560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.763356][T10560] RIP: 0033:0x7fdc4418e929
[  393.763373][T10560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  393.763391][T10560] RSP: 002b:00007fdc41ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  393.763412][T10560] RAX: ffffffffffffffda RBX: 00007fdc443b5fa0 RCX: 00007fdc4418e929
[  393.763423][T10560] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  393.763434][T10560] RBP: 00007fdc41ff6090 R08: 0000000000000000 R09: 0000000000000000
[  393.763444][T10560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.763455][T10560] R13: 0000000000000000 R14: 00007fdc443b5fa0 R15: 00007ffce928b6b8
[  393.763479][T10560]  </TASK>
[  394.017015][T10568] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  394.056440][T10568] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  394.678076][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  394.678093][   T30] audit: type=1400 audit(1752534545.437:563): avc:  denied  { ioctl } for  pid=10569 comm="syz.1.1203" path="socket:[26052]" dev="sockfs" ino=26052 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  394.726612][   T30] audit: type=1400 audit(1752534545.447:564): avc:  denied  { write } for  pid=10569 comm="syz.1.1203" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  394.756881][   T30] audit: type=1400 audit(1752534545.447:565): avc:  denied  { read } for  pid=10569 comm="syz.1.1203" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  395.152936][T10579] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1206'.
[  395.162423][T10579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1206'.
[  395.516271][T10576] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1204'.
[  395.828865][T10587] input: syz1 as /devices/virtual/input/input33
[  397.877701][T10613] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.012410][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  398.029946][T10613] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.139427][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  398.163858][T10613] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.332129][T10613] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.398389][ T5837] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  398.512476][T10613] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.546906][T10613] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.587935][T10613] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.665535][T10613] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  398.893006][T10632] sctp: [Deprecated]: syz.3.1221 (pid 10632) Use of struct sctp_assoc_value in delayed_ack socket option.
[  398.893006][T10632] Use struct sctp_sack_info instead
[  398.911941][T10632] FAULT_INJECTION: forcing a failure.
[  398.911941][T10632] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.928771][T10632] CPU: 1 UID: 0 PID: 10632 Comm: syz.3.1221 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  398.928795][T10632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.928802][T10632] Call Trace:
[  398.928808][T10632]  <TASK>
[  398.928813][T10632]  dump_stack_lvl+0x16c/0x1f0
[  398.928841][T10632]  should_fail_ex+0x512/0x640
[  398.928860][T10632]  _copy_from_user+0x2e/0xd0
[  398.928878][T10632]  do_sock_getsockopt+0x5f4/0x800
[  398.928893][T10632]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  398.928902][T10632]  ? __fget_files+0x204/0x3c0
[  398.928926][T10632]  __sys_getsockopt+0x12f/0x260
[  398.928945][T10632]  __x64_sys_getsockopt+0xbd/0x160
[  398.928959][T10632]  ? do_syscall_64+0x91/0x4c0
[  398.928976][T10632]  ? lockdep_hardirqs_on+0x7c/0x110
[  398.928992][T10632]  do_syscall_64+0xcd/0x4c0
[  398.929009][T10632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.929021][T10632] RIP: 0033:0x7f0da1d8e929
[  398.929031][T10632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.929042][T10632] RSP: 002b:00007f0da2b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  398.929053][T10632] RAX: ffffffffffffffda RBX: 00007f0da1fb5fa0 RCX: 00007f0da1d8e929
[  398.929060][T10632] RDX: 0000000000000010 RSI: 0000000000000084 RDI: 0000000000000003
[  398.929066][T10632] RBP: 00007f0da2b4a090 R08: 00002000000003c0 R09: 0000000000000000
[  398.929072][T10632] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001
[  398.929079][T10632] R13: 0000000000000000 R14: 00007f0da1fb5fa0 R15: 00007ffff06d7f18
[  398.929093][T10632]  </TASK>
[  399.104550][    C1] sl7: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 20340 ms
[  399.104589][    C0] sl5: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20340 ms
[  399.104615][    C0] sl5: transmit timed out, driver error?
[  399.112624][    C1] sl7: transmit timed out, driver error?
[  399.120628][    C0] sl0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20350 ms
[  399.126331][    C1] sl4: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 20360 ms
[  399.131926][    C0] sl0: transmit timed out, driver error?
[  399.139893][    C1] sl4: transmit timed out, driver error?
[  399.147871][    C0] sl6: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20380 ms
[  399.153470][    C1] sl3: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 20380 ms
[  399.159078][    C0] sl6: transmit timed out, driver error?
[  399.167044][    C1] sl3: transmit timed out, driver error?
[  399.175014][    C0] sl1: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 20410 ms
[  399.180639][    C1] sl2: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 20410 ms
[  399.186251][    C0] sl1: transmit timed out, driver error?
[  399.194216][    C1] sl2: transmit timed out, driver error?
[  399.957529][T10644] FAULT_INJECTION: forcing a failure.
[  399.957529][T10644] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.970959][T10644] CPU: 0 UID: 0 PID: 10644 Comm: syz.5.1225 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  399.970985][T10644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  399.970996][T10644] Call Trace:
[  399.971003][T10644]  <TASK>
[  399.971010][T10644]  dump_stack_lvl+0x16c/0x1f0
[  399.971043][T10644]  should_fail_ex+0x512/0x640
[  399.971070][T10644]  _copy_from_user+0x2e/0xd0
[  399.971097][T10644]  copy_msghdr_from_user+0x98/0x160
[  399.971125][T10644]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  399.971162][T10644]  ___sys_sendmsg+0xfe/0x1d0
[  399.971186][T10644]  ? __pfx____sys_sendmsg+0x10/0x10
[  399.971206][T10644]  ? __lock_acquire+0x622/0x1c90
[  399.971255][T10644]  __sys_sendmsg+0x16d/0x220
[  399.971278][T10644]  ? __pfx___sys_sendmsg+0x10/0x10
[  399.971318][T10644]  do_syscall_64+0xcd/0x4c0
[  399.971344][T10644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.971363][T10644] RIP: 0033:0x7f399bf8e929
[  399.971380][T10644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.971397][T10644] RSP: 002b:00007f399cdba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  399.971416][T10644] RAX: ffffffffffffffda RBX: 00007f399c1b5fa0 RCX: 00007f399bf8e929
[  399.971427][T10644] RDX: 0000000000000080 RSI: 0000200000000b80 RDI: 0000000000000003
[  399.971438][T10644] RBP: 00007f399cdba090 R08: 0000000000000000 R09: 0000000000000000
[  399.971448][T10644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.971457][T10644] R13: 0000000000000000 R14: 00007f399c1b5fa0 R15: 00007ffcc0f1a748
[  399.971487][T10644]  </TASK>
[  400.434720][T10642] netlink: 'syz.3.1223': attribute type 10 has an invalid length.
[  400.442635][T10642] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1223'.
[  401.025261][    T9] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  401.796952][    T9] usb 2-1: Using ep0 maxpacket: 8
[  401.901077][    T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  401.988314][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.085460][    T9] usb 2-1: Product: syz
[  402.114899][    T9] usb 2-1: Manufacturer: syz
[  402.119569][    T9] usb 2-1: SerialNumber: syz
[  402.171566][    T9] usb 2-1: config 0 descriptor??
[  402.342078][   T30] audit: type=1400 audit(1752534553.037:566): avc:  denied  { remount } for  pid=10668 comm="syz.0.1233" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  403.221387][    T9] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  403.271538][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  403.426638][ T1052] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  404.036162][ T1052] usb 4-1: config 0 has an invalid interface number: 133 but max is 0
[  404.084196][ T1052] usb 4-1: config 0 has no interface number 0
[  404.098804][ T1052] usb 4-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  404.110804][ T5913] kernel read not supported for file inotify (pid: 5913 comm: kworker/0:5)
[  404.116958][ T1052] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  404.146572][    T9] usb write operation failed. (-71)
[  404.149572][ T1052] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.163454][    T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  404.239401][    T9] dvbdev: DVB: registering new adapter (Terratec H7)
[  404.244036][ T1052] usb 4-1: Product: syz
[  404.257537][ T1052] usb 4-1: Manufacturer: syz
[  404.260290][T10670] syz.0.1233 (10670): drop_caches: 2
[  404.274655][ T1052] usb 4-1: SerialNumber: syz
[  404.279641][    T9] usb 2-1: media controller created
[  404.295383][    T9] usb read operation failed. (-71)
[  404.308113][ T1052] usb 4-1: config 0 descriptor??
[  404.367526][    T9] usb write operation failed. (-71)
[  404.397422][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  404.437244][    T9] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  404.503965][    T9] usb 2-1: USB disconnect, device number 41
[  404.675349][T10689] FAULT_INJECTION: forcing a failure.
[  404.675349][T10689] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  404.688783][T10689] CPU: 0 UID: 0 PID: 10689 Comm: syz.5.1236 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  404.688809][T10689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  404.688821][T10689] Call Trace:
[  404.688830][T10689]  <TASK>
[  404.688838][T10689]  dump_stack_lvl+0x16c/0x1f0
[  404.688873][T10689]  should_fail_ex+0x512/0x640
[  404.688897][T10689]  _copy_from_user+0x2e/0xd0
[  404.688915][T10689]  copy_msghdr_from_user+0x98/0x160
[  404.688933][T10689]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  404.688951][T10689]  ? __lock_acquire+0xb8a/0x1c90
[  404.688975][T10689]  ___sys_sendmsg+0xfe/0x1d0
[  404.688998][T10689]  ? __pfx____sys_sendmsg+0x10/0x10
[  404.689043][T10689]  __sys_sendmsg+0x16d/0x220
[  404.689059][T10689]  ? __pfx___sys_sendmsg+0x10/0x10
[  404.689073][T10689]  ? __pfx___schedule+0x10/0x10
[  404.689097][T10689]  do_syscall_64+0xcd/0x4c0
[  404.689123][T10689]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.689141][T10689] RIP: 0033:0x7f399bf8e929
[  404.689155][T10689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.689171][T10689] RSP: 002b:00007f399cd99038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  404.689184][T10689] RAX: ffffffffffffffda RBX: 00007f399c1b6080 RCX: 00007f399bf8e929
[  404.689191][T10689] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  404.689197][T10689] RBP: 00007f399cd99090 R08: 0000000000000000 R09: 0000000000000000
[  404.689204][T10689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.689210][T10689] R13: 0000000000000000 R14: 00007f399c1b6080 R15: 00007ffcc0f1a748
[  404.689224][T10689]  </TASK>
[  405.119856][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  405.334743][   T30] audit: type=1400 audit(1752534556.087:567): avc:  denied  { append } for  pid=10672 comm="syz.3.1234" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  405.362416][ T5837] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  405.464125][   T30] audit: type=1400 audit(1752534556.157:568): avc:  denied  { map } for  pid=10672 comm="syz.3.1234" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  405.680804][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  405.725263][ T1052] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected
[  405.735558][   T30] audit: type=1400 audit(1752534556.157:569): avc:  denied  { execute } for  pid=10672 comm="syz.3.1234" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  405.777796][ T1052] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81
[  405.798396][ T1052] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1
[  405.807213][ T1052] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2
[  405.866448][ T1052] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  405.950241][ T1052] usb 4-1: USB disconnect, device number 20
[  406.008947][ T1052] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  406.070204][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  406.139900][ T1052] keyspan 4-1:0.133: device disconnected
[  406.236854][T10729] FAULT_INJECTION: forcing a failure.
[  406.236854][T10729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.264614][T10729] CPU: 1 UID: 0 PID: 10729 Comm: syz.5.1246 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  406.264646][T10729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  406.264655][T10729] Call Trace:
[  406.264661][T10729]  <TASK>
[  406.264668][T10729]  dump_stack_lvl+0x16c/0x1f0
[  406.264700][T10729]  should_fail_ex+0x512/0x640
[  406.264728][T10729]  _copy_from_user+0x2e/0xd0
[  406.264754][T10729]  copy_msghdr_from_user+0x98/0x160
[  406.264781][T10729]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  406.264815][T10729]  ___sys_sendmsg+0xfe/0x1d0
[  406.264838][T10729]  ? __pfx____sys_sendmsg+0x10/0x10
[  406.264858][T10729]  ? __lock_acquire+0x622/0x1c90
[  406.264905][T10729]  __sys_sendmsg+0x16d/0x220
[  406.264927][T10729]  ? __pfx___sys_sendmsg+0x10/0x10
[  406.264965][T10729]  do_syscall_64+0xcd/0x4c0
[  406.264993][T10729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.265011][T10729] RIP: 0033:0x7f399bf8e929
[  406.265027][T10729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.265043][T10729] RSP: 002b:00007f399cdba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  406.265063][T10729] RAX: ffffffffffffffda RBX: 00007f399c1b5fa0 RCX: 00007f399bf8e929
[  406.265075][T10729] RDX: 0000000000000080 RSI: 0000200000000b80 RDI: 0000000000000003
[  406.265084][T10729] RBP: 00007f399cdba090 R08: 0000000000000000 R09: 0000000000000000
[  406.265094][T10729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.265105][T10729] R13: 0000000000000000 R14: 00007f399c1b5fa0 R15: 00007ffcc0f1a748
[  406.265127][T10729]  </TASK>
[  406.575832][T10738] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1248'.
[  407.028666][T10746] syzkaller0: entered promiscuous mode
[  407.034421][T10746] syzkaller0: entered allmulticast mode
[  407.453805][T10761] FAULT_INJECTION: forcing a failure.
[  407.453805][T10761] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  407.505820][T10761] CPU: 0 UID: 0 PID: 10761 Comm: syz.3.1252 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  407.505850][T10761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  407.505859][T10761] Call Trace:
[  407.505865][T10761]  <TASK>
[  407.505873][T10761]  dump_stack_lvl+0x16c/0x1f0
[  407.505908][T10761]  should_fail_ex+0x512/0x640
[  407.505936][T10761]  _copy_from_user+0x2e/0xd0
[  407.505966][T10761]  copy_msghdr_from_user+0x98/0x160
[  407.505995][T10761]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  407.506017][T10761]  ? trace_sched_exit_tp+0xde/0x130
[  407.506059][T10761]  ___sys_sendmsg+0xfe/0x1d0
[  407.506084][T10761]  ? __pfx____sys_sendmsg+0x10/0x10
[  407.506147][T10761]  __sys_sendmsg+0x16d/0x220
[  407.506172][T10761]  ? __pfx___sys_sendmsg+0x10/0x10
[  407.506194][T10761]  ? rcu_is_watching+0x12/0xc0
[  407.506230][T10761]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  407.506258][T10761]  do_syscall_64+0xcd/0x4c0
[  407.506290][T10761]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.506308][T10761] RIP: 0033:0x7f0da1d8e929
[  407.506323][T10761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.506339][T10761] RSP: 002b:00007f0da2b29038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  407.506359][T10761] RAX: ffffffffffffffda RBX: 00007f0da1fb6080 RCX: 00007f0da1d8e929
[  407.506371][T10761] RDX: 0000000000000b10 RSI: 0000200000000080 RDI: 0000000000000006
[  407.506381][T10761] RBP: 00007f0da2b29090 R08: 0000000000000000 R09: 0000000000000000
[  407.506392][T10761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  407.506401][T10761] R13: 0000000000000001 R14: 00007f0da1fb6080 R15: 00007ffff06d7f18
[  407.506425][T10761]  </TASK>
[  407.686627][    C0] vkms_vblank_simulate: vblank timer overrun
[  409.306791][T10783] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  409.327880][T10783] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  409.664088][T10789] vivid-000: disconnect
[  410.171685][T10784] vivid-000: reconnect
[  410.337134][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  410.666993][   T30] audit: type=1400 audit(1752534561.427:570): avc:  denied  { unmount } for  pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  410.834717][ T5913] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  411.042095][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  411.129216][T10797] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  411.449714][ T5913] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  411.494150][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.550050][ T5913] usb 4-1: Product: syz
[  411.576948][ T5913] usb 4-1: Manufacturer: syz
[  411.581636][ T5913] usb 4-1: SerialNumber: syz
[  411.617467][ T5913] usb 4-1: config 0 descriptor??
[  411.804596][ T5852] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  411.883914][ T5913] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  412.495624][ T5852] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 41
[  412.504941][ T5852] usb 6-1: can't read configurations, error -22
[  412.665721][ T5852] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  412.742501][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  412.883634][T10836] netlink: 9280 bytes leftover after parsing attributes in process `syz.1.1271'.
[  413.415440][ T5852] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 41
[  413.424073][ T5852] usb 6-1: can't read configurations, error -22
[  413.444337][ T5852] usb usb6-port1: attempt power cycle
[  413.489312][T10845] FAULT_INJECTION: forcing a failure.
[  413.489312][T10845] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  413.513439][    T9] kernel read not supported for file inotify (pid: 9 comm: kworker/0:0)
[  413.559275][T10845] CPU: 1 UID: 0 PID: 10845 Comm: syz.1.1272 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  413.559308][T10845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  413.559318][T10845] Call Trace:
[  413.559325][T10845]  <TASK>
[  413.559333][T10845]  dump_stack_lvl+0x16c/0x1f0
[  413.559368][T10845]  should_fail_ex+0x512/0x640
[  413.559398][T10845]  _copy_from_user+0x2e/0xd0
[  413.559424][T10845]  copy_msghdr_from_user+0x98/0x160
[  413.559451][T10845]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  413.559486][T10845]  ___sys_sendmsg+0xfe/0x1d0
[  413.559511][T10845]  ? __pfx____sys_sendmsg+0x10/0x10
[  413.559531][T10845]  ? __lock_acquire+0x622/0x1c90
[  413.559581][T10845]  __sys_sendmsg+0x16d/0x220
[  413.559609][T10845]  ? __pfx___sys_sendmsg+0x10/0x10
[  413.559648][T10845]  do_syscall_64+0xcd/0x4c0
[  413.559675][T10845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.559694][T10845] RIP: 0033:0x7fdc4418e929
[  413.559711][T10845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.559728][T10845] RSP: 002b:00007fdc41ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  413.559748][T10845] RAX: ffffffffffffffda RBX: 00007fdc443b5fa0 RCX: 00007fdc4418e929
[  413.559759][T10845] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  413.559769][T10845] RBP: 00007fdc41ff6090 R08: 0000000000000000 R09: 0000000000000000
[  413.559780][T10845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.559789][T10845] R13: 0000000000000000 R14: 00007fdc443b5fa0 R15: 00007ffce928b6b8
[  413.559813][T10845]  </TASK>
[  413.561058][ T5913] usb write operation failed. (-71)
[  413.817998][ T5852] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  413.852364][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  413.884714][ T5852] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 41
[  413.902791][ T5852] usb 6-1: can't read configurations, error -22
[  413.985698][T10851] vivid-000: disconnect
[  414.155645][ T5852] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  414.224322][T10847] vivid-000: reconnect
[  414.252553][ T5913] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  414.263651][T10852] FAULT_INJECTION: forcing a failure.
[  414.263651][T10852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  414.281918][T10852] CPU: 0 UID: 0 PID: 10852 Comm: syz.0.1275 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  414.281942][T10852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  414.281950][T10852] Call Trace:
[  414.281954][T10852]  <TASK>
[  414.281960][T10852]  dump_stack_lvl+0x16c/0x1f0
[  414.281985][T10852]  should_fail_ex+0x512/0x640
[  414.282005][T10852]  _copy_from_user+0x2e/0xd0
[  414.282026][T10852]  copy_msghdr_from_user+0x98/0x160
[  414.282046][T10852]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  414.282068][T10852]  ___sys_sendmsg+0xfe/0x1d0
[  414.282084][T10852]  ? __pfx____sys_sendmsg+0x10/0x10
[  414.282097][T10852]  ? __lock_acquire+0x622/0x1c90
[  414.282127][T10852]  __sys_sendmsg+0x16d/0x220
[  414.282142][T10852]  ? __pfx___sys_sendmsg+0x10/0x10
[  414.282166][T10852]  do_syscall_64+0xcd/0x4c0
[  414.282185][T10852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.282200][T10852] RIP: 0033:0x7f8dc478e929
[  414.282210][T10852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.282222][T10852] RSP: 002b:00007f8dc5644038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  414.282234][T10852] RAX: ffffffffffffffda RBX: 00007f8dc49b5fa0 RCX: 00007f8dc478e929
[  414.282240][T10852] RDX: 0000000000000800 RSI: 0000200000000340 RDI: 0000000000000003
[  414.282247][T10852] RBP: 00007f8dc5644090 R08: 0000000000000000 R09: 0000000000000000
[  414.282253][T10852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  414.282259][T10852] R13: 0000000000000000 R14: 00007f8dc49b5fa0 R15: 00007ffec87d6d78
[  414.282273][T10852]  </TASK>
[  414.644901][ T5913] dvbdev: DVB: registering new adapter (Terratec H7)
[  414.651776][ T5913] usb 4-1: media controller created
[  414.698167][ T5852] usb 6-1: unable to read config index 0 descriptor/start: -71
[  414.716686][ T5852] usb 6-1: can't read configurations, error -71
[  414.721163][ T5913] usb read operation failed. (-71)
[  414.741959][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  414.747584][ T5913] usb write operation failed. (-71)
[  414.755201][ T5852] usb usb6-port1: unable to enumerate USB device
[  415.500192][   T30] audit: type=1400 audit(1752534566.117:571): avc:  denied  { mount } for  pid=10861 comm="syz.5.1278" name="/" dev="hugetlbfs" ino=27508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  415.501468][ T5913] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  415.598719][T10868] ptrace attach of "./syz-executor exec"[9388] was attempted by "./syz-executor exec"[10868]
[  415.707621][ T5913] usb 4-1: USB disconnect, device number 21
[  416.712064][   T30] audit: type=1400 audit(1752534567.477:572): avc:  denied  { unmount } for  pid=9388 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  416.819517][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  416.864430][T10885] autofs: Unknown parameter '!�'`����`-�'
[  417.080555][   T30] audit: type=1400 audit(1752534567.847:573): avc:  denied  { create } for  pid=10893 comm="syz.2.1283" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  417.204585][   T30] audit: type=1400 audit(1752534567.847:574): avc:  denied  { unlink } for  pid=10893 comm="syz.2.1283" name="file0" dev="ramfs" ino=26533 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  417.232287][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  417.299562][   T30] audit: type=1400 audit(1752534567.947:575): avc:  denied  { cmd } for  pid=10898 comm="syz.0.1284" path="socket:[27553]" dev="sockfs" ino=27553 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  417.394455][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  417.507356][T10914] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5135 sclass=netlink_route_socket pid=10914 comm=syz.2.1288
[  417.553451][T10914] macsec2: entered promiscuous mode
[  417.564747][T10914] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode
[  417.609040][T10914] macsec2: entered allmulticast mode
[  417.633861][T10914] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode
[  417.662126][   T30] audit: type=1400 audit(1752534568.427:576): avc:  denied  { write } for  pid=10891 comm="syz.5.1282" name="file0" dev="tmpfs" ino=429 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  418.154206][T10892] openvswitch: netlink: Key type 5136 is out of range max 32
[  418.178010][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  418.247075][T10892] lo speed is unknown, defaulting to 1000
[  418.267988][   T30] audit: type=1400 audit(1752534569.037:577): avc:  denied  { ioctl } for  pid=10891 comm="syz.5.1282" path="/74/file0" dev="tmpfs" ino=429 ioctlcmd=0x89f1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  418.678454][T10936] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1294'.
[  418.699472][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  418.722192][ T5831] Bluetooth: hci5: command 0x0405 tx timeout
[  418.828070][T10936] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1294'.
[  418.851368][T10941] overlayfs: missing 'workdir'
[  419.114631][   T48] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[  419.265384][T10955] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  419.360296][   T48] usb 3-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[  419.411412][   T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.511520][   T48] usb 3-1: config 0 descriptor??
[  419.809154][T10959] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1298'.
[  419.974011][T10958] xt_TCPMSS: Only works on TCP SYN packets
[  420.295437][T10965] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1299'.
[  420.320204][T10965] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1299'.
[  420.510253][   T48] usbhid 3-1:0.0: can't add hid device: -71
[  420.527303][   T48] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  420.563446][   T48] usb 3-1: USB disconnect, device number 27
[  420.647275][ T5913] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  420.824610][ T5913] usb 4-1: Using ep0 maxpacket: 16
[  420.832632][ T5913] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  420.864424][ T5913] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  420.908055][ T5913] usb 4-1: config 0 interface 0 has no altsetting 0
[  420.924614][ T5913] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  420.941563][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.470808][ T5913] usb 4-1: config 0 descriptor??
[  421.643503][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  421.683299][T10965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.745924][T10965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.997788][ T5913] hid (null): bogus close delimiter
[  422.005292][ T5913] hid (null): global environment stack overflow
[  422.011690][ T5913] hid (null): invalid report_count 18947
[  422.125333][T10997] netlink: 168 bytes leftover after parsing attributes in process `syz.5.1305'.
[  422.296647][ T5913] hid (null): report_id 0 is invalid
[  422.347809][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  422.494949][ T5913] usb 4-1: USB disconnect, device number 22
[  422.604580][ T5897] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  422.615105][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  422.937267][T11026] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1311'.
[  423.048098][ T5897] usb 2-1: Using ep0 maxpacket: 16
[  423.048897][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  423.075272][ T5897] usb 2-1: config 0 has an invalid interface number: 53 but max is 0
[  423.088766][T11033] fuse: Bad value for 'fd'
[  423.124216][ T5897] usb 2-1: config 0 has no interface number 0
[  423.957597][ T5897] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2
[  423.966957][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.979671][ T5897] usb 2-1: Product: syz
[  423.983890][ T5897] usb 2-1: Manufacturer: syz
[  423.989997][ T5897] usb 2-1: SerialNumber: syz
[  424.005522][ T5897] usb 2-1: config 0 descriptor??
[  424.066158][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  424.241899][ T5897] usb 2-1: USB disconnect, device number 42
[  424.275451][   T30] audit: type=1400 audit(1752534575.047:578): avc:  denied  { write } for  pid=11046 comm="syz.5.1317" name="mouse0" dev="devtmpfs" ino=923 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  424.334036][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  425.790894][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  426.155482][T11072] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1322'.
[  426.183057][T11072] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1322'.
[  426.297315][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  426.609830][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  427.319080][T11095] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  427.671585][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  428.402081][T11120] syzkaller1: entered promiscuous mode
[  428.418373][T11120] syzkaller1: entered allmulticast mode
[  428.687909][T11130] kernel profiling enabled (shift: 17)
[  428.717978][   T30] audit: type=1400 audit(1752534579.477:579): avc:  denied  { setopt } for  pid=11129 comm="syz.0.1336" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  428.829923][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  429.377855][T11128] netlink: 'syz.5.1335': attribute type 10 has an invalid length.
[  429.385877][T11128] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1335'.
[  429.689287][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  429.822509][T11149] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.830040][T11149] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.902786][T11149] bridge_slave_1: left allmulticast mode
[  429.909226][T11149] bridge_slave_1: left promiscuous mode
[  429.919444][T11149] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.456123][T11149] bridge_slave_0: left allmulticast mode
[  430.461959][T11149] bridge_slave_0: left promiscuous mode
[  430.470262][T11149] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.794976][    T9] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  430.853547][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  430.906119][T11149] bridge0 (unregistering): left promiscuous mode
[  430.934857][ T1204] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  431.020475][T11155] lo speed is unknown, defaulting to 1000
[  431.054019][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.098276][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.110751][ T1204] usb 4-1: Using ep0 maxpacket: 32
[  431.132361][    T9] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  431.148595][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.158147][ T1204] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  431.186868][ T1204] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.202098][    T9] usb 1-1: config 0 descriptor??
[  431.216694][ T1204] usb 4-1: Product: syz
[  431.222751][ T1204] usb 4-1: Manufacturer: syz
[  431.229895][T11175] FAULT_INJECTION: forcing a failure.
[  431.229895][T11175] name failslab, interval 1, probability 0, space 0, times 0
[  431.242024][ T1204] usb 4-1: SerialNumber: syz
[  431.261938][ T1204] usb 4-1: config 0 descriptor??
[  431.269882][T11175] CPU: 1 UID: 0 PID: 11175 Comm: syz.1.1345 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  431.269913][T11175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  431.269923][T11175] Call Trace:
[  431.269929][T11175]  <TASK>
[  431.269936][T11175]  dump_stack_lvl+0x16c/0x1f0
[  431.269968][T11175]  should_fail_ex+0x512/0x640
[  431.269989][T11175]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  431.270015][T11175]  should_failslab+0xc2/0x120
[  431.270041][T11175]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  431.270063][T11175]  ? __alloc_skb+0x2b2/0x380
[  431.270088][T11175]  __alloc_skb+0x2b2/0x380
[  431.270108][T11175]  ? __pfx___alloc_skb+0x10/0x10
[  431.270133][T11175]  ? is_bpf_text_address+0x8a/0x1a0
[  431.270158][T11175]  alloc_skb_with_frags+0xe0/0x860
[  431.270184][T11175]  ? __lock_acquire+0xb8a/0x1c90
[  431.270204][T11175]  sock_alloc_send_pskb+0x7fb/0x990
[  431.270232][T11175]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  431.270258][T11175]  ? __lock_acquire+0x622/0x1c90
[  431.270275][T11175]  __ip_append_data+0x21c6/0x4240
[  431.270297][T11175]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  431.270320][T11175]  ? ip_dst_mtu_maybe_forward.constprop.0+0x311/0x6e0
[  431.270342][T11175]  ? __pfx___ip_append_data+0x10/0x10
[  431.270357][T11175]  ? dst_alloc+0xc0/0x1a0
[  431.270387][T11175]  ip_make_skb+0x27f/0x300
[  431.270408][T11175]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  431.270427][T11175]  ? __pfx_ip_make_skb+0x10/0x10
[  431.270443][T11175]  ? ip_route_output_key_hash+0x16b/0x2e0
[  431.270477][T11175]  ? udp_sendmsg+0x18b4/0x29f0
[  431.270493][T11175]  udp_sendmsg+0x18b4/0x29f0
[  431.270514][T11175]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  431.270535][T11175]  ? __pfx_udp_sendmsg+0x10/0x10
[  431.270554][T11175]  ? __lock_acquire+0xb8a/0x1c90
[  431.270578][T11175]  ? reacquire_held_locks+0xcd/0x1f0
[  431.270593][T11175]  ? release_sock+0x21/0x220
[  431.270621][T11175]  ? find_held_lock+0x2b/0x80
[  431.270647][T11175]  ? inet_autobind+0x145/0x1a0
[  431.270665][T11175]  ? __local_bh_enable_ip+0xa4/0x120
[  431.270687][T11175]  ? inet_autobind+0x14a/0x1a0
[  431.270705][T11175]  ? __pfx_udp_sendmsg+0x10/0x10
[  431.270723][T11175]  inet_sendmsg+0x105/0x140
[  431.270746][T11175]  ____sys_sendmsg+0x973/0xc70
[  431.270766][T11175]  ? copy_msghdr_from_user+0x10a/0x160
[  431.270789][T11175]  ? __pfx_____sys_sendmsg+0x10/0x10
[  431.270811][T11175]  ? __pfx__kstrtoull+0x10/0x10
[  431.270836][T11175]  ___sys_sendmsg+0x134/0x1d0
[  431.270861][T11175]  ? __pfx____sys_sendmsg+0x10/0x10
[  431.270897][T11175]  ? find_held_lock+0x2b/0x80
[  431.270934][T11175]  __sys_sendmmsg+0x200/0x420
[  431.270959][T11175]  ? __pfx___sys_sendmmsg+0x10/0x10
[  431.270991][T11175]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  431.271027][T11175]  ? fput+0x70/0xf0
[  431.271044][T11175]  ? ksys_write+0x1ac/0x250
[  431.271065][T11175]  ? __pfx_ksys_write+0x10/0x10
[  431.271091][T11175]  __x64_sys_sendmmsg+0x9c/0x100
[  431.271114][T11175]  ? lockdep_hardirqs_on+0x7c/0x110
[  431.271140][T11175]  do_syscall_64+0xcd/0x4c0
[  431.271167][T11175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.271186][T11175] RIP: 0033:0x7fdc4418e929
[  431.271200][T11175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.271218][T11175] RSP: 002b:00007fdc41ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  431.271236][T11175] RAX: ffffffffffffffda RBX: 00007fdc443b5fa0 RCX: 00007fdc4418e929
[  431.271248][T11175] RDX: 0000000000000001 RSI: 0000200000003240 RDI: 0000000000000003
[  431.271259][T11175] RBP: 00007fdc41ff6090 R08: 0000000000000000 R09: 0000000000000000
[  431.271269][T11175] R10: 0000000004000800 R11: 0000000000000246 R12: 0000000000000001
[  431.271280][T11175] R13: 0000000000000000 R14: 00007fdc443b5fa0 R15: 00007ffce928b6b8
[  431.271304][T11175]  </TASK>
[  431.283134][ T1204] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  432.321179][T11197] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1348'.
[  432.330720][T11197] unsupported nlmsg_type 40
[  432.770574][    T9] input: HID 256c:006d as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0011/input/input36
[  432.988344][T11152] tmpfs: Bad value for 'mpol'
[  433.051844][T11152] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1340'.
[  433.205275][ T1204] gspca_topro: reg_r err -71
[  433.209981][ T1204] gspca_topro: Sensor soi763a
[  434.536040][ T5897] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  435.495554][ T5897] usb 2-1: device descriptor read/64, error -71
[  435.574744][T11226] netlink: 'syz.3.1353': attribute type 10 has an invalid length.
[  435.582702][T11226] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1353'.
[  435.827265][ T1204] usb 4-1: USB disconnect, device number 23
[  435.836548][    T9] uclogic 0003:256C:006D.0011: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0
[  435.852894][    T9] usb 1-1: USB disconnect, device number 31
[  436.077902][ T5897] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  436.275913][ T5897] usb 2-1: device descriptor read/64, error -71
[  436.354778][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  436.381026][T11232] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  436.411408][T11232] syzkaller0: entered promiscuous mode
[  436.425113][ T5897] usb usb2-port1: attempt power cycle
[  436.514835][T11232] syzkaller0: entered allmulticast mode
[  436.734740][ T1204] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  436.791597][T11233] fido_id[11233]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  437.676229][ T5897] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  437.707817][ T5897] usb 2-1: device descriptor read/8, error -71
[  437.738544][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  437.784662][ T1204] usb 4-1: Using ep0 maxpacket: 16
[  437.809665][T11250] FAULT_INJECTION: forcing a failure.
[  437.809665][T11250] name failslab, interval 1, probability 0, space 0, times 0
[  437.816617][ T1204] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.835207][   T30] audit: type=1400 audit(1752534588.597:580): avc:  denied  { append } for  pid=11249 comm="syz.1.1359" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  437.853311][ T1204] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  437.883056][ T1204] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  437.932192][T11250] CPU: 1 UID: 0 PID: 11250 Comm: syz.2.1357 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  437.932221][T11250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  437.932231][T11250] Call Trace:
[  437.932236][T11250]  <TASK>
[  437.932243][T11250]  dump_stack_lvl+0x16c/0x1f0
[  437.932273][T11250]  should_fail_ex+0x512/0x640
[  437.932293][T11250]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  437.932319][T11250]  should_failslab+0xc2/0x120
[  437.932344][T11250]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  437.932364][T11250]  ? __sys_sendto+0x4a0/0x520
[  437.932384][T11250]  ? __x64_sys_sendto+0xe0/0x1c0
[  437.932402][T11250]  ? __alloc_skb+0x2b2/0x380
[  437.932427][T11250]  __alloc_skb+0x2b2/0x380
[  437.932447][T11250]  ? __pfx___alloc_skb+0x10/0x10
[  437.932476][T11250]  netlink_dump+0x192/0xd00
[  437.932504][T11250]  ? __pfx_netlink_dump+0x10/0x10
[  437.932537][T11250]  ? __inet_diag_dump_start+0x434/0x7f0
[  437.932562][T11250]  __netlink_dump_start+0x6d6/0x990
[  437.932592][T11250]  inet_diag_rcv_msg_compat+0x275/0x2d0
[  437.932610][T11250]  ? __pfx_inet_diag_rcv_msg_compat+0x10/0x10
[  437.932625][T11250]  ? __pfx_inet_diag_dump_start_compat+0x10/0x10
[  437.932641][T11250]  ? __pfx_inet_diag_dump_compat+0x10/0x10
[  437.932655][T11250]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  437.932672][T11250]  ? sock_diag_rcv_msg+0x315/0x790
[  437.932693][T11250]  sock_diag_rcv_msg+0x34a/0x790
[  437.932714][T11250]  netlink_rcv_skb+0x158/0x420
[  437.932728][T11250]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  437.932747][T11250]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  437.932767][T11250]  ? netlink_deliver_tap+0x1ae/0xd30
[  437.932794][T11250]  netlink_unicast+0x58a/0x850
[  437.932813][T11250]  ? __pfx_netlink_unicast+0x10/0x10
[  437.932833][T11250]  netlink_sendmsg+0x8d1/0xdd0
[  437.932854][T11250]  ? __pfx_netlink_sendmsg+0x10/0x10
[  437.932880][T11250]  __sys_sendto+0x4a0/0x520
[  437.932901][T11250]  ? __pfx___sys_sendto+0x10/0x10
[  437.932941][T11250]  ? ksys_write+0x1ac/0x250
[  437.932962][T11250]  ? __pfx_ksys_write+0x10/0x10
[  437.932984][T11250]  __x64_sys_sendto+0xe0/0x1c0
[  437.933003][T11250]  ? do_syscall_64+0x91/0x4c0
[  437.933025][T11250]  ? lockdep_hardirqs_on+0x7c/0x110
[  437.933048][T11250]  do_syscall_64+0xcd/0x4c0
[  437.933079][T11250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.933096][T11250] RIP: 0033:0x7f1d87d8e929
[  437.933110][T11250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.933125][T11250] RSP: 002b:00007f1d88cbe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  437.933141][T11250] RAX: ffffffffffffffda RBX: 00007f1d87fb6080 RCX: 00007f1d87d8e929
[  437.933150][T11250] RDX: 000000000000004c RSI: 0000200000000080 RDI: 0000000000000004
[  437.933159][T11250] RBP: 00007f1d88cbe090 R08: 0000000000000000 R09: 0000000000000000
[  437.933167][T11250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.933180][T11250] R13: 0000000000000000 R14: 00007f1d87fb6080 R15: 00007fff8967e4d8
[  437.933203][T11250]  </TASK>
[  437.941473][ T1204] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.805014][ T1204] usb 4-1: config 0 descriptor??
[  438.835990][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  438.854592][    T9] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  438.869327][ T1204] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  439.026536][    T9] usb 6-1: Using ep0 maxpacket: 8
[  439.120334][    T9] usb 6-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  439.680829][T11272] vivid-000: disconnect
[  439.765889][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  439.875089][    T9] usb 6-1: Product: syz
[  439.894661][    T9] usb 6-1: Manufacturer: syz
[  439.943106][    T9] usb 6-1: SerialNumber: syz
[  439.971873][    T9] usb 6-1: config 0 descriptor??
[  439.988375][    T9] usbtest 6-1:0.0: FX2 device
[  440.002326][    T9] usbtest 6-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  440.070936][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  440.087447][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  440.134034][   T59] sl0: compressed packet ignored
[  440.139598][ T5973] sl1: compressed packet ignored
[  440.144985][ T1319] sl2: compressed packet ignored
[  440.154027][   T36] sl3: compressed packet ignored
[  440.159176][ T4802] sl4: compressed packet ignored
[  440.164605][ T4802] sl5: compressed packet ignored
[  440.164646][   T13] sl6: compressed packet ignored
[  440.169979][ T5973] sl7: compressed packet ignored
[  440.175052][ T3464] sl8: compressed packet ignored
[  440.184989][ T6465] sl9: compressed packet ignored
[  440.194907][ T6465] sl11: compressed packet ignored
[  440.194907][ T1319] sl10: compressed packet ignored
[  440.194933][ T6465] sl12: compressed packet ignored
[  440.204319][T11262] vivid-000: reconnect
[  440.217594][    T9] usb 6-1: USB disconnect, device number 11
[  440.518918][T11286] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  440.542292][T11286] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  440.901518][T11287] tipc: Enabling of bearer <eth:syzkaller> rejected, failed to enable media
[  440.960623][ T1204] usb 4-1: USB disconnect, device number 24
[  441.850155][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  442.144660][ T5831] Bluetooth: hci5: command 0x0405 tx timeout
[  442.545609][T11319] vivid-000: disconnect
[  443.095723][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  443.304989][T11312] vivid-000: reconnect
[  443.907756][T11335] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1373'.
[  444.545071][ T1204] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  444.592038][T11355] vivid-000: disconnect
[  444.822951][T11353] vivid-000: reconnect
[  444.960868][ T1204] usb 6-1: Using ep0 maxpacket: 8
[  444.976854][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  445.009613][ T1204] usb 6-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  445.045914][ T1204] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  445.069612][ T1204] usb 6-1: Product: syz
[  445.083436][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  445.094738][ T1204] usb 6-1: Manufacturer: syz
[  445.106646][ T1204] usb 6-1: SerialNumber: syz
[  445.158715][ T1204] usb 6-1: config 0 descriptor??
[  445.198790][T11365] syzkaller0: entered promiscuous mode
[  445.200326][ T1204] usbtest 6-1:0.0: FX2 device
[  445.204322][T11365] syzkaller0: entered allmulticast mode
[  445.577272][T11365] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487
[  445.611337][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  445.624714][ T1204] usbtest 6-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  445.646705][ T1204] usb 6-1: USB disconnect, device number 12
[  446.586420][T11381] vivid-000: disconnect
[  446.897774][T11378] vivid-000: reconnect
[  447.207039][T11395] netlink: 'syz.3.1389': attribute type 2 has an invalid length.
[  447.301211][ T6005] udevd[6005]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  448.520133][T11411] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  448.527465][T11411] IPv6: NLM_F_CREATE should be set when creating new route
[  448.534748][T11411] IPv6: NLM_F_CREATE should be set when creating new route
[  448.542046][T11411] IPv6: NLM_F_CREATE should be set when creating new route
[  448.700176][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  449.187121][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  449.263709][T11430] netlink: 'syz.5.1397': attribute type 10 has an invalid length.
[  449.271863][T11430] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1397'.
[  449.759024][T11436] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1395'.
[  450.410265][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  450.801152][T11452] netlink: 'syz.1.1403': attribute type 2 has an invalid length.
[  450.952514][T11453] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  451.004480][T11453] trusted_key: encrypted_key: master key parameter '00N004093' is invalid
[  451.004586][   T48] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  451.190476][   T48] usb 4-1: Using ep0 maxpacket: 8
[  451.253542][   T48] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  451.358935][   T48] usb 4-1: config 1 has no interface number 1
[  451.386984][   T48] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  451.502962][   T48] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  451.527124][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.587045][   T48] usb 4-1: Product: syz
[  451.596699][   T48] usb 4-1: Manufacturer: syz
[  451.601369][   T48] usb 4-1: SerialNumber: syz
[  451.969968][   T30] audit: type=1400 audit(1752534602.737:581): avc:  denied  { map } for  pid=11461 comm="syz.5.1407" path="socket:[29680]" dev="sockfs" ino=29680 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  451.993016][    C1] vkms_vblank_simulate: vblank timer overrun
[  452.020830][ T5843] udevd[5843]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  452.172846][T11472] netlink: 'syz.2.1409': attribute type 10 has an invalid length.
[  452.181310][T11472] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1409'.
[  452.470694][   T48] usb 4-1: 2:1 : format type 0 is detected, processed as PCM
[  452.479007][   T48] usb 4-1: 2:1 : sample bitwidth 243 in over sample bytes 3
[  452.488998][   T48] usb 4-1: 2:1 : invalid channels 0
[  452.511365][   T48] usb 4-1: USB disconnect, device number 25
[  452.550519][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  452.706907][T11476] bad cache= option: no%e
[  452.706907][T11476] 
[  452.713916][T11476] CIFS: VFS: bad cache= option: no%e
[  452.824565][T11479] vivid-000: disconnect
[  453.122561][ T5832] udevd[5832]: symlink '../../loop2' '/dev/disk/by-diskseq/72.tmp-b7:2' failed: Read-only file system
[  453.230536][   T30] audit: type=1400 audit(1752534603.987:582): avc:  denied  { ioctl } for  pid=11482 comm="syz.5.1415" path="socket:[28592]" dev="sockfs" ino=28592 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  453.255244][    C1] vkms_vblank_simulate: vblank timer overrun
[  453.422334][T11474] vivid-000: reconnect
[  454.521733][ T5883] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  454.765889][T11513] netlink: 'syz.0.1423': attribute type 10 has an invalid length.
[  454.773990][T11513] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1423'.
[  455.304567][ T5883] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  455.364686][ T5883] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  455.394149][ T5883] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  455.426757][   T31] INFO: task syz.4.852:9122 blocked for more than 143 seconds.
[  455.435171][   T31]       Not tainted 6.16.0-rc6-syzkaller #0
[  455.436381][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.441080][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  455.464532][   T31] task:syz.4.852       state:D stack:26808 pid:9122  tgid:9116  ppid:5835   task_flags:0x400640 flags:0x00004006
[  455.567486][ T5883] usb 3-1: config 0 descriptor??
[  455.608045][ T5883] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  455.680353][   T31] Call Trace:
[  455.683745][   T31]  <TASK>
[  455.685831][ T5883] dvb-usb: bulk message failed: -22 (3/0)
[  455.702108][   T31]  __schedule+0x116a/0x5de0
[  455.720897][   T31]  ? __lock_acquire+0x622/0x1c90
[  455.735799][ T5883] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  455.744411][   T31]  ? __pfx___schedule+0x10/0x10
[  455.757319][   T31]  ? find_held_lock+0x2b/0x80
[  455.761764][ T5883] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  455.772269][   T31]  ? schedule+0x2d7/0x3a0
[  455.784681][ T5883] usb 3-1: media controller created
[  455.790555][   T31]  schedule+0xe7/0x3a0
[  455.809819][ T5883] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  455.810680][   T31]  schedule_timeout+0x257/0x290
[  455.849373][ T5883] dvb-usb: bulk message failed: -22 (6/0)
[  455.869659][ T5883] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  455.875711][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  455.883393][   T31]  ? rcu_is_watching+0x12/0xc0
[  455.889118][ T5883] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input37
[  455.900427][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  455.928409][   T31]  __wait_for_common+0x2ff/0x4e0
[  455.935297][ T5883] dvb-usb: schedule remote query interval to 150 msecs.
[  455.946731][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  455.952212][   T31]  ? __pfx___wait_for_common+0x10/0x10
[  455.958176][ T5883] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  456.004573][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  456.030189][   T31]  wait_for_completion_state+0x1c/0x40
[  456.061644][   T31]  do_coredump+0x8fa/0x4f10
[  456.104552][   T31]  ? lock_acquire+0xf0/0x350
[  456.109268][   T31]  ? __pfx_do_coredump+0x10/0x10
[  456.114376][   T31]  ? find_held_lock+0x2b/0x80
[  456.114590][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  456.119289][   T31]  ? is_bpf_text_address+0x8a/0x1a0
[  456.134085][ T5883] dvb-usb: error while querying for an remote control event.
[  456.134804][   T31]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  456.151660][   T31]  ? is_bpf_text_address+0x94/0x1a0
[  456.160410][   T31]  ? kernel_text_address+0x8d/0x100
[  456.168326][   T31]  ? __kernel_text_address+0xd/0x40
[  456.173788][   T31]  ? unwind_get_return_address+0x59/0xa0
[  456.179585][   T31]  ? arch_stack_walk+0xa6/0x100
[  456.207184][   T31]  ? stack_depot_save_flags+0x28/0xa40
[  456.217290][   T31]  ? __lock_acquire+0xb8a/0x1c90
[  456.233993][   T31]  ? kasan_save_stack+0x42/0x60
[  456.243139][   T31]  ? kasan_save_stack+0x33/0x60
[  456.260761][   T31]  ? kasan_save_track+0x14/0x30
[  456.277060][   T31]  ? kasan_save_free_info+0x3b/0x60
[  456.286495][   T31]  ? __kasan_slab_free+0x51/0x70
[  456.299957][   T31]  ? kmem_cache_free+0x2d1/0x4d0
[  456.312853][   T31]  ? __sigqueue_free+0xba/0x2a0
[  456.414627][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  456.420445][ T5883] dvb-usb: error while querying for an remote control event.
[  456.420487][   T31]  ? get_signal+0xcba/0x26d0
[  456.439578][   T31]  ? arch_do_signal_or_restart+0x8f/0x7d0
[  456.445510][   T31]  ? proc_coredump_connector+0x2d1/0x4f0
[  456.462480][   T31]  ? __pfx_proc_coredump_connector+0x10/0x10
[  456.572735][   T31]  ? rcu_is_watching+0x12/0xc0
[  456.587857][T11503] netlink: 'syz.2.1413': attribute type 13 has an invalid length.
[  456.595926][T11503] netlink: 396 bytes leftover after parsing attributes in process `syz.2.1413'.
[  456.605106][ T5883] dvb-usb: bulk message failed: -22 (1/0)
[  456.611049][ T5883] dvb-usb: error while querying for an remote control event.
[  456.614728][   T31]  get_signal+0x22e3/0x26d0
[  456.630386][   T31]  ? __pfx_get_signal+0x10/0x10
[  456.636705][   T31]  ? fpu__clear_user_states+0xf4/0x1d0
[  456.642581][   T31]  ? rcu_is_watching+0x12/0xc0
[  456.652280][   T31]  ? __local_bh_enable_ip+0xa4/0x120
[  456.662937][   T31]  arch_do_signal_or_restart+0x8f/0x7d0
[  456.688076][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  456.701180][   T31]  ? xfd_validate_state+0x61/0x180
[  456.707027][   T31]  ? __task_pid_nr_ns+0x17c/0x500
[  456.712117][   T31]  exit_to_user_mode_loop+0x84/0x110
[  456.721243][   T31]  do_syscall_64+0x3f6/0x4c0
[  456.727130][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.733279][   T31] RIP: 0033:0x7f370c24f830
[  456.740940][   T31] RSP: 002b:00007f370d2783f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  456.751627][   T31] RAX: 0000000000000000 RBX: 00007f370c5b6088 RCX: 00007f370c38e929
[  456.759941][   T31] RDX: 00007f370d278400 RSI: 00007f370d278530 RDI: 000000000000000b
[  456.768073][   T31] RBP: 00007f370c5b6080 R08: 0000000000000000 R09: 0000000000000000
[  456.774763][ T1204] dvb-usb: bulk message failed: -22 (1/0)
[  456.776231][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f370c5b608c
[  456.781823][ T1204] dvb-usb: error while querying for an remote control event.
[  456.789996][   T31] R13: 0000000000000000 R14: 00007ffccae7fed0 R15: 00007ffccae7ffb8
[  456.790032][   T31]  </TASK>
[  456.804564][   T31] 
[  456.804564][   T31] Showing all locks held in the system:
[  456.837646][   T31] 1 lock held by ksoftirqd/0/15:
[  456.846924][   T31]  #0: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  456.859490][   T31] 1 lock held by khungtaskd/31:
[  456.864386][   T31]  #0: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  456.875351][   T31] 2 locks held by getty/5589:
[  456.880077][   T31]  #0: ffff888037a620a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  456.890220][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  456.900544][   T31] 
[  456.902888][   T31] =============================================
[  456.902888][   T31] 
[  456.912303][   T31] NMI backtrace for cpu 1
[  456.912322][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  456.912343][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  456.912352][   T31] Call Trace:
[  456.912358][   T31]  <TASK>
[  456.912365][   T31]  dump_stack_lvl+0x116/0x1f0
[  456.912400][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  456.912421][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  456.912446][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  456.912466][   T31]  watchdog+0xf70/0x12c0
[  456.912491][   T31]  ? __pfx_watchdog+0x10/0x10
[  456.912509][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  456.912536][   T31]  ? __kthread_parkme+0x19e/0x250
[  456.912564][   T31]  ? __pfx_watchdog+0x10/0x10
[  456.912582][   T31]  kthread+0x3c5/0x780
[  456.912600][   T31]  ? __pfx_kthread+0x10/0x10
[  456.912618][   T31]  ? rcu_is_watching+0x12/0xc0
[  456.912642][   T31]  ? __pfx_kthread+0x10/0x10
[  456.912660][   T31]  ret_from_fork+0x5d7/0x6f0
[  456.912686][   T31]  ? __pfx_kthread+0x10/0x10
[  456.912703][   T31]  ret_from_fork_asm+0x1a/0x30
[  456.912735][   T31]  </TASK>
[  456.912743][   T31] Sending NMI from CPU 1 to CPUs 0:
[  456.974565][ T1204] dvb-usb: bulk message failed: -22 (1/0)
[  456.979344][    C0] NMI backtrace for cpu 0
[  456.979366][    C0] CPU: 0 UID: 0 PID: 1204 Comm: kworker/0:2 Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  456.979383][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  456.979394][    C0] Workqueue: events legacy_dvb_usb_read_remote_control
[  456.979431][    C0] RIP: 0010:io_serial_out+0x8f/0xb0
[  456.979452][    C0] Code: 48 8d 7d 40 44 89 e1 48 b8 00 00 00 00 00 fc ff df 48 89 fa d3 e3 48 c1 ea 03 80 3c 02 00 75 1c 66 03 5d 40 44 89 e8 89 da ee <5b> 5d 41 5c 41 5d e9 56 74 2f 06 e8 01 fd c6 fc eb a0 e8 8a fd c6
[  456.979464][    C0] RSP: 0018:ffffc9000455f628 EFLAGS: 00000002
[  456.979474][    C0] RAX: 000000000000005b RBX: 00000000000003f8 RCX: 0000000000000000
[  456.979483][    C0] RDX: 00000000000003f8 RSI: ffffffff855bced5 RDI: ffffffff9b0c72a0
[  456.979491][    C0] RBP: ffffffff9b0c7260 R08: 0000000000000001 R09: 000000000000001f
[  456.979499][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[  456.979506][    C0] R13: 000000000000005b R14: ffffffff9b0c7260 R15: ffffffff855bce70
[  456.979515][    C0] FS:  0000000000000000(0000) GS:ffff888124713000(0000) knlGS:0000000000000000
[  456.979530][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  456.979539][    C0] CR2: 0000200000008030 CR3: 000000002ba69000 CR4: 00000000003526f0
[  456.979548][    C0] DR0: 0000000000000004 DR1: 0000000000000006 DR2: 0000000000000007
[  456.979555][    C0] DR3: 0000000000001000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  456.979563][    C0] Call Trace:
[  456.979569][    C0]  <TASK>
[  456.979576][    C0]  serial8250_console_write+0xfbf/0x1890
[  456.979595][    C0]  ? __pfx_serial8250_console_write+0x10/0x10
[  456.979608][    C0]  ? lock_acquire+0x179/0x350
[  456.979625][    C0]  console_flush_all+0x7fe/0xc60
[  456.979644][    C0]  ? __pfx_console_flush_all+0x10/0x10
[  456.979660][    C0]  ? __lock_acquire+0x622/0x1c90
[  456.979673][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[  456.979691][    C0]  console_unlock+0xd8/0x210
[  456.979705][    C0]  ? __pfx_console_unlock+0x10/0x10
[  456.979723][    C0]  vprintk_emit+0x418/0x6d0
[  456.979738][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  456.979754][    C0]  ? ret_from_fork+0x5d7/0x6f0
[  456.979774][    C0]  ? dvb_usb_generic_rw+0x116/0x490
[  456.979792][    C0]  _printk+0xc7/0x100
[  456.979804][    C0]  ? __pfx__printk+0x10/0x10
[  456.979818][    C0]  ? usb_bulk_msg+0x232/0x550
[  456.979834][    C0]  dvb_usb_generic_rw+0x270/0x490
[  456.979851][    C0]  ? __pfx_dvb_usb_generic_rw+0x10/0x10
[  456.979869][    C0]  dibusb_rc_query+0x9a/0x110
[  456.979885][    C0]  legacy_dvb_usb_read_remote_control+0x10c/0x4f0
[  456.979904][    C0]  ? __pfx_legacy_dvb_usb_read_remote_control+0x10/0x10
[  456.979923][    C0]  ? rcu_is_watching+0x12/0xc0
[  456.979941][    C0]  process_one_work+0x9cf/0x1b70
[  456.979959][    C0]  ? __pfx_process_one_work+0x10/0x10
[  456.979975][    C0]  ? assign_work+0x1a0/0x250
[  456.979988][    C0]  worker_thread+0x6c8/0xf10
[  456.980005][    C0]  ? __kthread_parkme+0x19e/0x250
[  456.980030][    C0]  ? __pfx_worker_thread+0x10/0x10
[  456.980043][    C0]  kthread+0x3c5/0x780
[  456.980056][    C0]  ? __pfx_kthread+0x10/0x10
[  456.980069][    C0]  ? rcu_is_watching+0x12/0xc0
[  456.980084][    C0]  ? __pfx_kthread+0x10/0x10
[  456.980097][    C0]  ret_from_fork+0x5d7/0x6f0
[  456.980113][    C0]  ? __pfx_kthread+0x10/0x10
[  456.980125][    C0]  ret_from_fork_asm+0x1a/0x30
[  456.980148][    C0]  </TASK>
[  457.365075][ T1204] dvb-usb: error while querying for an remote control event.
[  457.413359][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  457.420313][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-syzkaller #0 PREEMPT(full) 
[  457.430399][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  457.440464][   T31] Call Trace:
[  457.443730][   T31]  <TASK>
[  457.446646][   T31]  dump_stack_lvl+0x3d/0x1f0
[  457.451230][   T31]  panic+0x71c/0x800
[  457.455113][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  457.461006][   T31]  ? __pfx_panic+0x10/0x10
[  457.465407][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  457.470780][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  457.476744][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  457.482107][   T31]  ? watchdog+0xdda/0x12c0
[  457.486502][   T31]  ? watchdog+0xdcd/0x12c0
[  457.490921][   T31]  watchdog+0xdeb/0x12c0
[  457.495150][   T31]  ? __pfx_watchdog+0x10/0x10
[  457.499810][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  457.504994][   T31]  ? __kthread_parkme+0x19e/0x250
[  457.510011][   T31]  ? __pfx_watchdog+0x10/0x10
[  457.514683][   T31]  kthread+0x3c5/0x780
[  457.518732][   T31]  ? __pfx_kthread+0x10/0x10
[  457.523301][   T31]  ? rcu_is_watching+0x12/0xc0
[  457.528060][   T31]  ? __pfx_kthread+0x10/0x10
[  457.532628][   T31]  ret_from_fork+0x5d7/0x6f0
[  457.537204][   T31]  ? __pfx_kthread+0x10/0x10
[  457.541773][   T31]  ret_from_fork_asm+0x1a/0x30
[  457.546527][   T31]  </TASK>
[  457.549775][   T31] Kernel Offset: disabled
[  457.554085][   T31] Rebooting in 86400 seconds..