last executing test programs:

49.360449851s ago: executing program 0 (id=279):
r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="ec000000f585c38f94a33dbad67f3f79a6d16d63bb55c5715d9ff86dba99ce09916ae4c7af1ac819f4451d5daae7e32127256c362c1a5b6d1d41d4922a3b71a2f8c342f3ddaed139", @ANYRES16=0x0], 0xec}, 0x1, 0x0, 0x0, 0x40004}, 0x800)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r2, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r3, r3, 0x0, 0x2000fb)
write$uinput_user_dev(r0, &(0x7f0000000e80)={'syz0\x00', {0x6, 0x9, 0x2, 0x7fff}, 0x3b, [0xea48, 0x6, 0x0, 0x6, 0x0, 0xd57, 0x4, 0x4, 0x96e9, 0x4, 0xa0c5, 0x1, 0x9, 0x1, 0x10000, 0x8000, 0x8fe2, 0x401, 0x9, 0x4, 0x8, 0xf, 0x9, 0x300, 0x9, 0x801, 0x4, 0x5, 0x100, 0x2, 0x0, 0x4, 0xc9, 0x80, 0x1, 0xff800000, 0x3, 0x1, 0x57d, 0x3, 0x5, 0x3, 0x80, 0x5, 0x0, 0xffffffa5, 0x2, 0x3, 0x0, 0x7, 0x7718, 0xff, 0x6, 0x7, 0x0, 0x9, 0x0, 0x8b2, 0x0, 0x1000, 0x4f, 0x1, 0x7ff, 0x6], [0x9, 0x7, 0x5a36, 0x75, 0x9, 0x3, 0x4, 0x8, 0x7, 0x0, 0x1000, 0x519, 0x10000, 0x80, 0x3, 0x0, 0x10, 0x2, 0x100, 0x8001, 0x2, 0x4, 0xfffffffa, 0x81, 0x4581b4e7, 0x800, 0x0, 0x30000000, 0x3, 0x40000000, 0x7fffffff, 0x5, 0x9d7, 0x6, 0x5, 0x10001, 0x9, 0x0, 0x5, 0x7, 0x2, 0x8, 0xffffff9d, 0xd6, 0x2f, 0x0, 0x5, 0x8, 0x9, 0x6, 0x400, 0x401, 0x4800, 0x2, 0x1, 0x1, 0x5, 0x1000, 0x10001, 0x400, 0x8d7, 0x4, 0x400, 0x7], [0xbe3, 0x0, 0xfa1a, 0x10000, 0x7, 0x6, 0x9, 0x5, 0xd, 0x1, 0x7, 0xb3, 0x0, 0x7ff, 0x8, 0x9, 0x81, 0x0, 0x6, 0x90, 0x0, 0x1, 0xd, 0x400, 0xffff605e, 0xe, 0x2, 0x1, 0x0, 0xb2, 0x9, 0xffffff60, 0x1, 0xfffffe01, 0x79, 0x1b27, 0x0, 0x1, 0xb, 0xc0, 0x5, 0xe557, 0xd, 0x9, 0x6, 0x5, 0x5, 0xf255, 0x6, 0x7, 0x3, 0x8, 0xa, 0x8000, 0x2, 0xd25, 0x12f, 0x5, 0x0, 0x271, 0x8, 0x5, 0x4, 0x8244], [0x7ff, 0x1, 0x1ff, 0xffffffff, 0x3, 0x3, 0x7, 0x6, 0x10, 0x8, 0x3323, 0x3, 0xfff, 0x1, 0x400, 0x5, 0x2, 0xfffffffd, 0x2, 0x8, 0xfff, 0x4, 0x2, 0x7a, 0x800, 0x2, 0x8000, 0x8, 0x6, 0xa6c, 0x0, 0xd, 0x7fffffff, 0x3760, 0x0, 0x101, 0x0, 0x14000000, 0x3, 0x89, 0x9, 0x401, 0xbdb1, 0x40, 0x7, 0x0, 0x6, 0x1, 0x7, 0x4, 0x5, 0x3, 0x3, 0xff, 0x6, 0x7, 0x4, 0x3ff, 0x463, 0x9, 0x7, 0x20000000, 0x7, 0x51]}, 0x45c)
write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x5, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x8ef7, 0x8, 0x0, 0x6, 0xf5, 0x5, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x5, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0x8, 0x4, 0x2, 0x0, 0x8, 0x1009, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x27, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0xffffffff, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0xb, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0x34711b8a, 0xcd4, 0xffff, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x1, 0x1000, 0x2, 0xe, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x7, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0xb, 0x47, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x40, 0x2, 0x763, 0xb, 0x402, 0x800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x8e8, 0x5, 0x9, 0x4, 0xe47, 0x4, 0x0, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x401, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x4, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000340)={{0x1, 0x1, 0x10000}})
ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0)
io_setup(0x7, &(0x7f0000000280)=<r5=>0x0)
r6 = openat$sysfs(0xffffff9c, &(0x7f00000001c0)='/sys/power/pm_trace', 0x42, 0x0)
io_submit(r5, 0x1, &(0x7f0000000500)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r6, &(0x7f0000000000), 0xfffffc98}])
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x1, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000180)=@gcm_256={{0x303}, "0200", "ab02a1a449283e8a3bc95815ece487ebcc5bb6a8d8a744e4b7edb45c7e7336ab", 'vb q', "9900000100"}, 0x38)
shutdown(r7, 0x1)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000000), 0xffffff6a)
sendfile(r7, r8, 0x0, 0xffffffff004)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r9, 0xffffffffffffffff, 0x0)
write$binfmt_script(r8, &(0x7f0000000400)={'#! ', './file0', [{0x20, '!('}, {0x20, '\x00'}, {0x20, '){{$)#'}, {0x20, 'syz0\x00'}, {0x20, '--'}, {0x20, ')/*'}, {0x20, '}\x10['}], 0xa, "de3ebbe6377d84b29ae065c25db25156b155e8355b4c9eca661ffb2351d22b9ccd58f348e395e07ef2c67351c29ce9fe55b8a12252589c2bebda24a9eebcf0"}, 0x67)

48.751705155s ago: executing program 0 (id=284):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(r0, 0x0)

48.375484746s ago: executing program 0 (id=291):
r0 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$MRT(r0, 0x0, 0xce, 0x0, &(0x7f0000000080)) (fail_nth: 2)

48.190743364s ago: executing program 0 (id=292):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = syz_open_dev$I2C(&(0x7f0000000280), 0x0, 0x149000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x14, 0x3f, 0x4, 0x70bd28, 0x25dfdbff, {0x16}}, 0x14}, 0x1, 0x0, 0x0, 0x2002c841}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
sendmsg$NL80211_CMD_START_AP(r1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(r0, 0x0, 0x20000004)
setpgid(r2, 0x0)
setpgid(0x0, r2)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000001c0), 0x508d48d4, 0x40902)
ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000005000000a30c03"])
copy_file_range(r3, &(0x7f0000000000)=0x9, r0, 0x0, 0x10001, 0x0)
ptrace$ARCH_MAP_VDSO_32(0x1e, r2, 0x1, 0x2002)
ioctl$AUTOFS_IOC_READY(r3, 0x9360, 0x800000000000001)
ioctl$I2C_SMBUS(r0, 0x720, 0x0)

48.031464587s ago: executing program 0 (id=293):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000008000000000000000fdffffff850000000f000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018030000", @ANYRES32, @ANYBLOB="0000000000000100b705000008000000850000006900000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)
setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)

47.901436034s ago: executing program 0 (id=294):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x82, 0x87, 0xffffffff, 0x44})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x20000000)

47.850812149s ago: executing program 32 (id=294):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x82, 0x87, 0xffffffff, 0x44})
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x20000000)

9.020266795s ago: executing program 1 (id=470):
connect$inet6(0xffffffffffffffff, &(0x7f00000005c0)={0xa, 0x4e22, 0xe1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$inet(0x2, 0x3, 0x11)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, 0x0, &(0x7f0000000080))
getpid() (async)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fsopen(0x0, 0x1) (async)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) (async)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x137, 0x6, 0x4, 0xb, 0x7, 0xb, 0x2000000, 0xfffffffffffffffc, 0x9657, 0x9, 0x7fffffff, 0x0, 0x8, 0xb, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x5, 0x0, 0xfffffffffffffffa, 0x5, 0x4})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) (async)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) (async)
bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0x9, 0x16, 0x100, 0x7f}, 0x50)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000340)='illinois', 0x8)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
ioctl$CDROMREADAUDIO(0xffffffffffffffff, 0x309, &(0x7f0000000140)={@lba=0xc, 0x3, 0x0, 0x0})
recvfrom$inet(r4, &(0x7f0000000080)=""/5, 0x5, 0x10620, 0x0, 0x0) (async)
recvfrom$inet(r4, &(0x7f0000000080)=""/5, 0x5, 0x10620, 0x0, 0x0)
unshare(0x6a040000)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000680)="800037bbfa9ba1ce7f5a22ea52cb182bb081fa35890471500fb65612b0fa9c2ea157c185743334e2767705494bd24a345305f95174e238fe3a00bf0000000000000042388d27531c158740779a63c4170be52c18855d6c765502c6e9455f421414998522b7c622e3975b0f0d1628eefa4e86f39b909f2fb50ab1ca5495df0e17bc475c3464e44023501b728747539d7f8ac4e7debf070bea797b049569ea07231c46a2930a062f171d7a339035a889b0b3be082b6f8b5a1ef15c182bac3170c25b7429d7730c014efa3e2f26e114", 0xce, 0x4000000, 0x0, 0x0) (async)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000680)="800037bbfa9ba1ce7f5a22ea52cb182bb081fa35890471500fb65612b0fa9c2ea157c185743334e2767705494bd24a345305f95174e238fe3a00bf0000000000000042388d27531c158740779a63c4170be52c18855d6c765502c6e9455f421414998522b7c622e3975b0f0d1628eefa4e86f39b909f2fb50ab1ca5495df0e17bc475c3464e44023501b728747539d7f8ac4e7debf070bea797b049569ea07231c46a2930a062f171d7a339035a889b0b3be082b6f8b5a1ef15c182bac3170c25b7429d7730c014efa3e2f26e114", 0xce, 0x4000000, 0x0, 0x0)

8.719083789s ago: executing program 1 (id=472):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
unshare(0x62040200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r2, @ANYBLOB="0600eb000100000006009800090000006c002d800b000000250e8aefc3c2230005000000320000000a00000002020202020200000a00000002020202020200000a00000001010101010100000a00000001010101010100000a00000002020202020200000a00000001010101010100000a00000001010101010100000600f70008080000"], 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x0, 0x6, 0x321, 0x1, 0x0, 0x101, 0x0})
r6 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0x7b, &(0x7f0000000000), 0x8)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB='a *:* w#('], 0x9)
r8 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$sock(r8, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x10, 0x1, 0x4f, 0x1}}], 0x10}, 0x4044880)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r4, &(0x7f0000000740)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f0000000b40)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRESOCT=r0, @ANYBLOB="18001088cc287e0180140002ac3000000000000000000000004000018008000100fe7be59787e41de64c238d8662708406bd083df4c78d585fd86e22ae39e83a3548cecf4392daa86eed09938ea8d6018a45cba5413b89e19a608acf7d365ba32b6b751d64a06f2e605c4e9e5d69db909ce6f48591bb37ed712094d3011f2bdee8ee01af5155e6e0c4da3c3607da1035d260dcea196353eab6dbdc662e630d36dc701e2570168f562723ca542873f03e4e0ecd2968cd080e0a7e77fac26f58995f", @ANYRES32=r1, @ANYBLOB="080003000200000014000200776c616e31000000000000000000000008000100", @ANYBLOB="017f5b6c3209ee3c283d7b7db55978b4a0d4378e557af0472f86972248c0680e1040b36155bb15d70ec663e9fe24e18d616d7cbefd2d541b7859feb53c87369eaa4555f2362f4ab9762bdc4183d2c8c1c8f21ba07168b39b9e5f725a73b78a0b6d921674def68212ca278d5cdfb83690afcae24cbad2b237e5492eefe7af6133d23d0bbd84ad1ed87c081d42d1c8508dccf2f831d5199b24fcab27e0def3dc7a5d23ce4189e4ba2ddebfc0c8ec0dca0029f12ee4e0f0c1d2d2284c5349560cc13bf298213af6388e0ff80e971a586b5a91bd43f6b80c766c5c44b1c3747c99569f96b0eee0b967", @ANYBLOB="08000100e5add7c549456b6e2e3fa569ae7e9903e2f02017105f9130bd413f05d183df500677310b2d73440ee924483c1d06ca51c991d25aee8a9f0b3cbce839a69240cce9b39815c06f0000000000000000", @ANYRES32=r6, @ANYBLOB="0800030001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x64094)
r10 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(r10, 0x401054d5, &(0x7f0000000040)={0x0, 0x0})
write$bt_hci(r11, &(0x7f0000000380)=ANY=[@ANYRESHEX=r3, @ANYBLOB="ef941ced34146655675e01d738d07e5d82945a8d1974bb371f9e10d78d7f8103d57cd4ea932ced195845daf6688705122617fdb03e2f7e4f3a78224af0a2bf71c0d4a0a9ab1be5d77d61b86f39ce374feb6d7e627fc9e8aa3c1acfe249f329cde2f48399338812d731f4fceb6007e4bbc15366317d35cfab33b58db1327ccbac7a64da07000000000000007b863c8bab0a97253e1f6748dcdc6eab7d78a1"], 0x33)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000)
r12 = socket$kcm(0xa, 0x2, 0x0)
r13 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r4)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0x7, &(0x7f0000000680)={&(0x7f0000000480)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r13, @ANYBLOB="000326bd7000fcdbdf25060000001c000280080009000100000006000e004e24000005000d000000000008000400090000003c00038014000600000000000000000000000000000000001400020070696d72656700000000000000000000a2029f1eb762ff29970b0976d1b20600"], 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x4040030)
sendmsg$kcm(r12, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x4e27, 0x0, @mcast1, 0x3}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="08000000000000000000008013b1ccbc1a68ad094e5ef100"], 0xc}, 0x0)

8.388405267s ago: executing program 1 (id=474):
socket$inet_smc(0x2b, 0x1, 0x0)
syz_emit_ethernet(0x5b, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd607428dd00c62cfffe8000006a07ffff00000000000000bbff0200000000000000000000000000018900907800000000000000000000000000000000000000010001122b472e41e24b11f34b60"], 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x4, 0x6}, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000300)="189a55d9", 0x4}], 0x1}}], 0x2, 0x20040040)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socket$packet(0x11, 0x2, 0x300)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
write$P9_RMKDIR(0xffffffffffffffff, &(0x7f0000000200)={0x14, 0x49, 0x2, {0x1, 0x1, 0x6}}, 0x14)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/zoneinfo\x00', 0x0, 0x0)
ioctl$DVB_DVR_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000100)={0xe26, 0x0, <r2=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x2, 0x7, @mcast1, 0x5}}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x7, [@enum={0x5, 0x1, 0x0, 0x6, 0x4, [{0x10, 0x1}]}]}, {0x0, [0x0, 0x0, 0x61, 0x0, 0x61]}}, 0x0, 0x33, 0x0, 0x1}, 0x28)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000000)={0x4, <r6=>0xffffffffffffffff})
ioctl$KVM_HAS_DEVICE_ATTR(r6, 0x4018aee3, &(0x7f0000000080)=@attr_other={0x0, 0x1, 0x3, 0x0})
bind$inet6(r3, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c)

7.084523573s ago: executing program 1 (id=479):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0xffffffffffffffff, 0x2, 0x80000001, 0x0, 0x0, 0x10000004, {0x40, 0xd08, 0x0, 0xfe, 0x0, 0x0, 0x7, 0x0, 0x122, 0x6000, 0x10000, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50)
mmap$snddsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x4000010, 0xffffffffffffffff, 0x10000)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xe, 0x4, 0x8, 0x481, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
ioctl$TIOCGPTPEER(r2, 0x40140921, 0x200080000005)
r3 = socket$packet(0x11, 0x2, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000200)=[{0x6, 0x22, 0x3, 0x50000}]})
sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x24000001}, 0x800)
io_setup(0x3, &(0x7f0000000000)=<r4=>0x0)
openat$ubi_ctrl(0xffffff9c, &(0x7f0000000140), 0x280e00, 0x0)
syz_clone3(&(0x7f0000000080)={0x21800080, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_submit(r4, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCSETS2(r5, 0x402c542b, &(0x7f0000000040)={0x0, 0x73, 0x0, 0x5, 0x0, "5ee691000200000017e0054200", 0x1000, 0x4})
pipe2(&(0x7f0000001440)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
splice(r5, 0x0, r6, 0x0, 0xa, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r7=>0x0})
sendto$packet(r3, 0x0, 0x0, 0x8b91, &(0x7f00000004c0)={0x11, 0x8100, r7}, 0x14)

6.730337342s ago: executing program 1 (id=480):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
r0 = openat$ttyS3(0xffffff9c, &(0x7f0000000080), 0x8000, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x67)

6.450905603s ago: executing program 1 (id=483):
mkdir(&(0x7f00000001c0)='./file1\x00', 0xb)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x808400, 0x43)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(r0, &(0x7f0000000340)='./file0\x00', 0xf3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="1e0000003a0b0000ff7f00000400000000c40000", @ANYRES32=r0, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="fdffffff00000000060000000100000000000000", @ANYBLOB="8d499a5ab4a06707067030caf73cc22f5024afe84a4805a3bba0888e55282d3ac8c3fb5ab77555ad74c5b38c297e5a81a6c29b4b21e575183cd2aba3837497e8199ed0d9a3128d3c2c88f579f1891aef9cb2c25815680a717c638f3fbdcd0a10f0d1d56e5fbe3ee78180310c5305cda7d4fd7c793ba3fd963ebd8b356854b485038cf53f496fef5864e9e4bdb64826a1efb0d6849a301b203b8664bd53149f370f39a140d0cd5948d9657263a8021a04d19b1cbf23889899c890368956e57f38ebe6d94b0cf9b03ae5edd4d70d56797de8901b357c870a82601f392cc065cf83a0410e5e618e79364893d1021173dc3575f5f1e244f44f7b701eb772910ffc869cf02c19b3ce70caa2d75634dafc558c99c7d1e082d6db94426e228ce5e5274cb867ce6971716f1b17d3239e420e308a9e1f11c3391dd10b921c78483c5980c9f873a1c786e62ea5a34725ff1cde4f1ba39117e6cb089e52bdf72f43ca6aac44e2a89a40dc5c4c4568dca434dff11e3cdd5cf3ddaeb5d270849ef9e2a828dda0c512fa670fda22ef463809d23f44a0b2e1bc55cb22a271d00bf40b1bf13a98532e1a5222fa4fcee1910437c8331f6ff3d484e9d8e43c83f052d82416c6c4cf142abd6e630b27589ed15d3357d31ccef9bafed4c34b13232509c9818654bde312c08bf6ad44a7b81b544ff357dc34f3c9ed427b3be28a0dc76885ddbe52fc69dc0b9eb0d77443baad9f509f9b777fdb87f5380ea30e22f5da580b2deec7e73427a2730f989b1ef1e90f5b8af03bc83e1f8d9b713ddd9aa11303b9824bc0ef904e0c05c467ecd78bb0fd0898364f909748cc11ac990fbbbd7232faffaa68833bdd643deccc86330fa4c2eec2277f8c9afd699290e589e10007e5f16afa5c0c2be600d8b6ab5303634635382a226102aa8463605d1b4d85f35fc2f1db8d46d62cba51b295f8deb0df9d59006dfda40b2a3406f072688a05c14b452144f4963e305fc5a9f349972324057184e4771c936ca412a736aa0609bd975b5c929bab88a2d286af3d1e333b6b870eed8637ce7b5ed3c3961091de60c8f4a1b90d466c7b6b02028e834b093cd3e62cdbe886c16d003a77285dd35f0cdc833ed6daf680f6b8c66ece841a9dbe5ddac72ce33a4540651db7bea98c1fa6a1510849884b550b4bde619bfad2cc56d1e9a6d4bb93bf9d240543fee7085c3c53fcceb57b29464b173438f82a5f6780856049882edaa6bd0fd5a4351e6fa362c85213e57aa80ca6d9536537fb0256f8fd18da098fac088c97ca06129bf0c8240ff663ae80677ce2cca2f80428e3017c2b97a7e7f1f76b96f1cf4c699860017c039c948844386850500cdca0314fc5d64b2a27e95523e6b47b0dbbb887a1fe6993a8a36a668da0fa3431b60c0f468528f804cf652ed1e04c3b848edb7a60c0a40c777b1a08777267cf8ced16b80ae1ad415af9d9824166db6e3f87ec6767888c2d25be51f1ae4b91822af7e68b69fbb8abade0712dad134fef72c54291cf2ec0e366a349b338f8285325a9ae6ced33d8c2f6a1fca0647f49d43921dcd7dd5dd91e396e84930e8f287930a3f4d55c4b17e9f34d6e50f2a921d30c6d479b38825d5bdd6b7776f6c2dbe4b248b4cdb98d944bd7ae9ed5b6704bc666eed675d99df80c00d15d55509c99dba4cfca7a88c854d50cfefbe5d0f8142a98b3a49e379ebeee5d91a691597aa773560d39351f941121c68a56afc3c5024eb99e6d86bb30c6dd311b92e3b130129a7be67263daa562b0c9e1ce8dc8904a7e979213275ccb7888baf5abf275a80c068c3623d45911a0416578e917ad839c9bd57d607f4210a3f8877b3dce187f963b33e97a35fe8aac919ea9a3c80d42b73594d22e909172b8500609720cd835b52176210360c40b9a48f2542a8182b356fb16bcb9404a4dfccd63afae430ce0ea4cd7c7a428e01930bf4b14570a557b9062f15901c73568289a27c92764d0e861e841dbf16138f7df38230a4eb2bb3627f89c70f140ed602fe6542037e92bc1bc292702e8a942306ee1b2d58df114eec19e1fa2b7d3d6c41b51a4c17a252b1c0f486390dd0306b8241f38e6c0813817897c188b2ba8d9815c6434ab04ffbc6a9e55b3f19a70ddb42ddeb83aab3fec3ec8dda18e82632cffb4581477623609aa5cec769cbaf628d8f60f2fa2e7a25e0c9adc53f5cf84d6d5143cd5eebc217ffdd3a87876afaf44195bcd2070d060b5ccfaa4f7ec701c34671e5535091030690776e9eba1e17415ba6abc1f6c3844ec247039b0529c6321691711c30c5da2f3e983e3e92c75c322f78f56c63c31efa9e74f2ad3c42e0cb06c46567e9c050655e6febb5ad7e56ac2ee14d57a98f6d57820d8d4ad836cc190f9db45dc6cbe86aae4894da14bdddf74c523258751c09b687495f54b03dac5061b4ea75036689c813d67f1421378131fedae0e9e12126ccf4def1cb5aa2c16856413018aaf5db64313fb3cc5cc59e5356ecd3312d281bb6f073005448a67730dd5c02db01590fcdb85196cad6b080a2b81d4c1570f5c322e1ed5f4a01a3af295e7c654a1d634411d057ff0e98c2bee18e8f6dbc72c9e80e6824b8d47e6fd6ae00af68ce8b2548191c867768b69504bc19717e8360496d9c1b3860e7cffc83d408e4225b2ca5faeedf92bfd70d427f575c1aa7c8aad240a258f8559614aabb7d4c5f016d1030b496f402282144ef92c975dfee400216513480c1b928d886877dd7b3e1bdfeda5cf0a2d414ff5b0e331cc2a41cd9907ed403a00e0a0095a8b272d719286d43694cc7c53c06dbdef2cbadf37db99bca841bd17119f594a44daad7c4787d5d8c677e255313530f7a70c640d649c370cd96219ec6b0c98acb70d46466554225449bbac7c2b3158082d33a9a37cb773023e06a5ea9c24380f643fdfcf47d27883d135874e3e6739857e1e40abb906ff3a61576c58a782977c15340470754c2a86cc2b5aeb85d8ff7fe157da1e0de9afc794f141bf59a508050ecc7d4a75ef2b5f993aa0841d9ffdaa36f6f116379e72c8996dbdba88d67ef23f58fdca8afd806a46cea307f938fed010faf0d130921187a264c01669e5196f856a2e94b5b233ed1152ce1bbff607336efd7e3148375d87183292f47b67f2a19214049ae33c05d9f6a9e12abee4cacd7f1ead1fbdc759c306263db3cb7d9331ecfcdd27258d5936c1ae96a416ccfa3030af9d9b901d026ece9bef032d05e3b364689d5ee8aa79a3ca600cfe76b8ade38996810c698bdc7314e5242012217c5ce2f23ac5f22307aa6bda88e2528d674b87775ecd7d55718b953e05d43e5b1ce4b194a4a4bebb91ae98179b8054e34764d6fa6a723ea85ffd08879b621b8a1c89e75564afdf3a99c45890cdc7d9c552740d19f8fe1f37473bbccc68be59123f18e4298bd9dc8b3f48fcda8ac33a78c00a1e2e71e5c165c5ac09c6b526538780e5cd7bdafbc7bd7bc4dc24f5887de07183bfd02bc5ab9ee93784ea1381a2cd7207fcac3d0c746ee928e6c61f8c1f78d7c6c8878ac54560c6b2fd01cf71b01746147937f37210d4995dcf4f957ed64e91e12b19933a250a8e7b9bd5f7a3c0a9598299a78c18d9abfcef139ea61d457cfb94979634c89fb64480910b9b0dde16c2086eb1c4f29fef601207e16277e17fde6c889dd171a18ce0afeb29f29982abd8ac2635f4a655532e38027893370a6e52c3f116a20941f5c86b11b104068cec90fe711c40cfc760fda8b8b403c793749349bd90f9e166523cd8cbfd7a69eb11d4b6b3ede83fd198ba1871441aa7259297be3625d445dfdcc6a1a069333245d2f5d53e229ee632ecec91d863b13afe5306623ca79ae7e476850fb51de44f2d86e57f4f3c1ba1b5d7fd8272256e30219f78a9fdedc274abe7368395a481a7639d6b171fc65214c3c5cb0d81a108c9a9afe7560e69082305215b3cc18f66ff63efbd174b5aad49ed59f89fcd6af1b79ac7ddc88017d9d55037321421a6922185371e8ea99c311804a4903b2a723559f2a8e342271cd182baf8b3663845952df575b1cb6866c4f7fffac2a15e82cd08657cdc085bc4d084c357c1fcd3f17bc03ded22b72c8e748bb3ba9992cb1daf7abf3acf1a95f329a95ba3d3118edcd515e810d0753cf756eb056efca8b253dfccf7535d5c2e12ba669542234f577619590242774952dbc99301718b5eb83bea87158c36cbd0a895dc8f91e9f41874c6cdc51bddedb7a15779227e3bdda083e4bd1480faf398473b3ad8fc12ba4fdbe3c84361b85cd289c79f00ea2f335e2067bb2023a8894590ac14798972d4d436c85c502994b4d2e965cfe181e53860b717e3dfd4727de7771f59e7d6917c89e0eb93850cced975bd244d433a6019db4132b19a5dfde71633627679cb568e3cfae3e57138bc5c791a8fe156545582b6cec36b7b8657dde4fba0ea018d755e7756258db1bffe75b0e8ddaa2fbf47d49b7a0fc03d3882ba4e60561341f83b2b9d672b8d9182433ecb59e5c899bbb5dbf3f153b695c77c58130e69f778e51ee8d1a4ed6278d0ff839122b810b9c37a25c8eaad23c75506685ff5e40b89c9dc9c0fbd417673a68aa8e810785d3d8c3aa1a81c3b594158649a7eb082becc5e5607db1bedd0cfe937aee080870cd2931583fe6a82095ada1fef82a7cea67bc68ccf9d9153ac8d16f9e6ace476de00651a4a388670c6b0568cd15c6cd04a4666909b554506456ac453c2b90218d530e55904a1f7100c33fdb5ccc73832cf3579bdf5bd5ce9954f05741dae6947263c45d8d82f45c38d95588ecbc6813e9402b29017121ccd275a399ea33791458d44f92c42c8690dbf558e887f8d89bd2de262d4687a2d9b94f75bc72b567f795ab8d233669ed3c11d3674c46a5a9cdba0c14d21ee20881e482b4792e4bed80568f23b877c6a9eac53de55d95b4761a77c677bc04e1743aaea11ea0c32f6d38097c6225ca8b9bf3700b043c0209b11bad300119dc87e7e32246912cea092d59c882cc807095bbbe8e5232c4565c19be71c4ff5e36cfa17c3844cd12472ca4c3ad0180625440a87196839c3e1c98f42c1056fe95933bffe5335e18d444373b3e5f2c98244311e3a021bc665b8eb0af53df1d2439fa8df85bf536eeb5a88558ed733ba64ad1b16241809b8f88fbaad5a7dc0afae19ac0ef8a214b7290d61b42b511f15e8eaf0ce2a00adfccdb6851a57eb2c64d676b623b4fc92cc2368fd3db2d70067427cb0aaaddf36f1f543dd5eb9f6f2260e60706181b93255f3d13d85ea7d32f416cfd8bce4f39acf822577e05fc307f6689afed2902c5e13ddca8943240cd73caf505bc82604e82393a45b934ce7c290024df910e44dc983f4818b7a80da538eb6ec91b9d234c8ece66ae1affbcc156d4ab1d8ad481d60b523afd6887aaca1dfc91bab57a83b8ad952398367ae57c399f4a335024cfd8c0fc46bcada089ffe92a98b024ffa58958d4628c3f4f571b15120891f4c0b0ad204fd13986c91011084e8c79d12618f1a2e8ddadc2f243553fa47344aad69d1a51fb2de3b9e24387d26c9f952327ebe526b43fb69cd85769786a6833f36d56f6a724f8f7088332c1c12beda17ae33c1309082ef30356f820c7a2538390d93422f3b6512f146a5df3237fee690b5250f4e8be4bf98bec47f80e4842ee1f58a0b4ed36d255c0926ed080023ab6367e04f81ec9b5c58120152ee391017ca8864bafb44eabefbdb0da79f94c368ebcdd101833d475edc2856209ba0b0a40c19d81a60107ecb29bab564bf50f4c71b775a9cfbb58f7ef7", @ANYBLOB='\x00\x00\x00\x00'], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840), 0xc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r3, r2, 0x0, 0x578410eb)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
chdir(&(0x7f0000000200)='./file0\x00')

6.399485644s ago: executing program 33 (id=483):
mkdir(&(0x7f00000001c0)='./file1\x00', 0xb)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x808400, 0x43)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(r0, &(0x7f0000000340)='./file0\x00', 0xf3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x7f, 0x584e4f53, 0x3, 0x2, 0x7, 0x7, 0x5, 0x1, 0x4, 0x2, 0x7}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="1e0000003a0b0000ff7f00000400000000c40000", @ANYRES32=r0, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="fdffffff00000000060000000100000000000000", @ANYBLOB="8d499a5ab4a06707067030caf73cc22f5024afe84a4805a3bba0888e55282d3ac8c3fb5ab77555ad74c5b38c297e5a81a6c29b4b21e575183cd2aba3837497e8199ed0d9a3128d3c2c88f579f1891aef9cb2c25815680a717c638f3fbdcd0a10f0d1d56e5fbe3ee78180310c5305cda7d4fd7c793ba3fd963ebd8b356854b485038cf53f496fef5864e9e4bdb64826a1efb0d6849a301b203b8664bd53149f370f39a140d0cd5948d9657263a8021a04d19b1cbf23889899c890368956e57f38ebe6d94b0cf9b03ae5edd4d70d56797de8901b357c870a82601f392cc065cf83a0410e5e618e79364893d1021173dc3575f5f1e244f44f7b701eb772910ffc869cf02c19b3ce70caa2d75634dafc558c99c7d1e082d6db94426e228ce5e5274cb867ce6971716f1b17d3239e420e308a9e1f11c3391dd10b921c78483c5980c9f873a1c786e62ea5a34725ff1cde4f1ba39117e6cb089e52bdf72f43ca6aac44e2a89a40dc5c4c4568dca434dff11e3cdd5cf3ddaeb5d270849ef9e2a828dda0c512fa670fda22ef463809d23f44a0b2e1bc55cb22a271d00bf40b1bf13a98532e1a5222fa4fcee1910437c8331f6ff3d484e9d8e43c83f052d82416c6c4cf142abd6e630b27589ed15d3357d31ccef9bafed4c34b13232509c9818654bde312c08bf6ad44a7b81b544ff357dc34f3c9ed427b3be28a0dc76885ddbe52fc69dc0b9eb0d77443baad9f509f9b777fdb87f5380ea30e22f5da580b2deec7e73427a2730f989b1ef1e90f5b8af03bc83e1f8d9b713ddd9aa11303b9824bc0ef904e0c05c467ecd78bb0fd0898364f909748cc11ac990fbbbd7232faffaa68833bdd643deccc86330fa4c2eec2277f8c9afd699290e589e10007e5f16afa5c0c2be600d8b6ab5303634635382a226102aa8463605d1b4d85f35fc2f1db8d46d62cba51b295f8deb0df9d59006dfda40b2a3406f072688a05c14b452144f4963e305fc5a9f349972324057184e4771c936ca412a736aa0609bd975b5c929bab88a2d286af3d1e333b6b870eed8637ce7b5ed3c3961091de60c8f4a1b90d466c7b6b02028e834b093cd3e62cdbe886c16d003a77285dd35f0cdc833ed6daf680f6b8c66ece841a9dbe5ddac72ce33a4540651db7bea98c1fa6a1510849884b550b4bde619bfad2cc56d1e9a6d4bb93bf9d240543fee7085c3c53fcceb57b29464b173438f82a5f6780856049882edaa6bd0fd5a4351e6fa362c85213e57aa80ca6d9536537fb0256f8fd18da098fac088c97ca06129bf0c8240ff663ae80677ce2cca2f80428e3017c2b97a7e7f1f76b96f1cf4c699860017c039c948844386850500cdca0314fc5d64b2a27e95523e6b47b0dbbb887a1fe6993a8a36a668da0fa3431b60c0f468528f804cf652ed1e04c3b848edb7a60c0a40c777b1a08777267cf8ced16b80ae1ad415af9d9824166db6e3f87ec6767888c2d25be51f1ae4b91822af7e68b69fbb8abade0712dad134fef72c54291cf2ec0e366a349b338f8285325a9ae6ced33d8c2f6a1fca0647f49d43921dcd7dd5dd91e396e84930e8f287930a3f4d55c4b17e9f34d6e50f2a921d30c6d479b38825d5bdd6b7776f6c2dbe4b248b4cdb98d944bd7ae9ed5b6704bc666eed675d99df80c00d15d55509c99dba4cfca7a88c854d50cfefbe5d0f8142a98b3a49e379ebeee5d91a691597aa773560d39351f941121c68a56afc3c5024eb99e6d86bb30c6dd311b92e3b130129a7be67263daa562b0c9e1ce8dc8904a7e979213275ccb7888baf5abf275a80c068c3623d45911a0416578e917ad839c9bd57d607f4210a3f8877b3dce187f963b33e97a35fe8aac919ea9a3c80d42b73594d22e909172b8500609720cd835b52176210360c40b9a48f2542a8182b356fb16bcb9404a4dfccd63afae430ce0ea4cd7c7a428e01930bf4b14570a557b9062f15901c73568289a27c92764d0e861e841dbf16138f7df38230a4eb2bb3627f89c70f140ed602fe6542037e92bc1bc292702e8a942306ee1b2d58df114eec19e1fa2b7d3d6c41b51a4c17a252b1c0f486390dd0306b8241f38e6c0813817897c188b2ba8d9815c6434ab04ffbc6a9e55b3f19a70ddb42ddeb83aab3fec3ec8dda18e82632cffb4581477623609aa5cec769cbaf628d8f60f2fa2e7a25e0c9adc53f5cf84d6d5143cd5eebc217ffdd3a87876afaf44195bcd2070d060b5ccfaa4f7ec701c34671e5535091030690776e9eba1e17415ba6abc1f6c3844ec247039b0529c6321691711c30c5da2f3e983e3e92c75c322f78f56c63c31efa9e74f2ad3c42e0cb06c46567e9c050655e6febb5ad7e56ac2ee14d57a98f6d57820d8d4ad836cc190f9db45dc6cbe86aae4894da14bdddf74c523258751c09b687495f54b03dac5061b4ea75036689c813d67f1421378131fedae0e9e12126ccf4def1cb5aa2c16856413018aaf5db64313fb3cc5cc59e5356ecd3312d281bb6f073005448a67730dd5c02db01590fcdb85196cad6b080a2b81d4c1570f5c322e1ed5f4a01a3af295e7c654a1d634411d057ff0e98c2bee18e8f6dbc72c9e80e6824b8d47e6fd6ae00af68ce8b2548191c867768b69504bc19717e8360496d9c1b3860e7cffc83d408e4225b2ca5faeedf92bfd70d427f575c1aa7c8aad240a258f8559614aabb7d4c5f016d1030b496f402282144ef92c975dfee400216513480c1b928d886877dd7b3e1bdfeda5cf0a2d414ff5b0e331cc2a41cd9907ed403a00e0a0095a8b272d719286d43694cc7c53c06dbdef2cbadf37db99bca841bd17119f594a44daad7c4787d5d8c677e255313530f7a70c640d649c370cd96219ec6b0c98acb70d46466554225449bbac7c2b3158082d33a9a37cb773023e06a5ea9c24380f643fdfcf47d27883d135874e3e6739857e1e40abb906ff3a61576c58a782977c15340470754c2a86cc2b5aeb85d8ff7fe157da1e0de9afc794f141bf59a508050ecc7d4a75ef2b5f993aa0841d9ffdaa36f6f116379e72c8996dbdba88d67ef23f58fdca8afd806a46cea307f938fed010faf0d130921187a264c01669e5196f856a2e94b5b233ed1152ce1bbff607336efd7e3148375d87183292f47b67f2a19214049ae33c05d9f6a9e12abee4cacd7f1ead1fbdc759c306263db3cb7d9331ecfcdd27258d5936c1ae96a416ccfa3030af9d9b901d026ece9bef032d05e3b364689d5ee8aa79a3ca600cfe76b8ade38996810c698bdc7314e5242012217c5ce2f23ac5f22307aa6bda88e2528d674b87775ecd7d55718b953e05d43e5b1ce4b194a4a4bebb91ae98179b8054e34764d6fa6a723ea85ffd08879b621b8a1c89e75564afdf3a99c45890cdc7d9c552740d19f8fe1f37473bbccc68be59123f18e4298bd9dc8b3f48fcda8ac33a78c00a1e2e71e5c165c5ac09c6b526538780e5cd7bdafbc7bd7bc4dc24f5887de07183bfd02bc5ab9ee93784ea1381a2cd7207fcac3d0c746ee928e6c61f8c1f78d7c6c8878ac54560c6b2fd01cf71b01746147937f37210d4995dcf4f957ed64e91e12b19933a250a8e7b9bd5f7a3c0a9598299a78c18d9abfcef139ea61d457cfb94979634c89fb64480910b9b0dde16c2086eb1c4f29fef601207e16277e17fde6c889dd171a18ce0afeb29f29982abd8ac2635f4a655532e38027893370a6e52c3f116a20941f5c86b11b104068cec90fe711c40cfc760fda8b8b403c793749349bd90f9e166523cd8cbfd7a69eb11d4b6b3ede83fd198ba1871441aa7259297be3625d445dfdcc6a1a069333245d2f5d53e229ee632ecec91d863b13afe5306623ca79ae7e476850fb51de44f2d86e57f4f3c1ba1b5d7fd8272256e30219f78a9fdedc274abe7368395a481a7639d6b171fc65214c3c5cb0d81a108c9a9afe7560e69082305215b3cc18f66ff63efbd174b5aad49ed59f89fcd6af1b79ac7ddc88017d9d55037321421a6922185371e8ea99c311804a4903b2a723559f2a8e342271cd182baf8b3663845952df575b1cb6866c4f7fffac2a15e82cd08657cdc085bc4d084c357c1fcd3f17bc03ded22b72c8e748bb3ba9992cb1daf7abf3acf1a95f329a95ba3d3118edcd515e810d0753cf756eb056efca8b253dfccf7535d5c2e12ba669542234f577619590242774952dbc99301718b5eb83bea87158c36cbd0a895dc8f91e9f41874c6cdc51bddedb7a15779227e3bdda083e4bd1480faf398473b3ad8fc12ba4fdbe3c84361b85cd289c79f00ea2f335e2067bb2023a8894590ac14798972d4d436c85c502994b4d2e965cfe181e53860b717e3dfd4727de7771f59e7d6917c89e0eb93850cced975bd244d433a6019db4132b19a5dfde71633627679cb568e3cfae3e57138bc5c791a8fe156545582b6cec36b7b8657dde4fba0ea018d755e7756258db1bffe75b0e8ddaa2fbf47d49b7a0fc03d3882ba4e60561341f83b2b9d672b8d9182433ecb59e5c899bbb5dbf3f153b695c77c58130e69f778e51ee8d1a4ed6278d0ff839122b810b9c37a25c8eaad23c75506685ff5e40b89c9dc9c0fbd417673a68aa8e810785d3d8c3aa1a81c3b594158649a7eb082becc5e5607db1bedd0cfe937aee080870cd2931583fe6a82095ada1fef82a7cea67bc68ccf9d9153ac8d16f9e6ace476de00651a4a388670c6b0568cd15c6cd04a4666909b554506456ac453c2b90218d530e55904a1f7100c33fdb5ccc73832cf3579bdf5bd5ce9954f05741dae6947263c45d8d82f45c38d95588ecbc6813e9402b29017121ccd275a399ea33791458d44f92c42c8690dbf558e887f8d89bd2de262d4687a2d9b94f75bc72b567f795ab8d233669ed3c11d3674c46a5a9cdba0c14d21ee20881e482b4792e4bed80568f23b877c6a9eac53de55d95b4761a77c677bc04e1743aaea11ea0c32f6d38097c6225ca8b9bf3700b043c0209b11bad300119dc87e7e32246912cea092d59c882cc807095bbbe8e5232c4565c19be71c4ff5e36cfa17c3844cd12472ca4c3ad0180625440a87196839c3e1c98f42c1056fe95933bffe5335e18d444373b3e5f2c98244311e3a021bc665b8eb0af53df1d2439fa8df85bf536eeb5a88558ed733ba64ad1b16241809b8f88fbaad5a7dc0afae19ac0ef8a214b7290d61b42b511f15e8eaf0ce2a00adfccdb6851a57eb2c64d676b623b4fc92cc2368fd3db2d70067427cb0aaaddf36f1f543dd5eb9f6f2260e60706181b93255f3d13d85ea7d32f416cfd8bce4f39acf822577e05fc307f6689afed2902c5e13ddca8943240cd73caf505bc82604e82393a45b934ce7c290024df910e44dc983f4818b7a80da538eb6ec91b9d234c8ece66ae1affbcc156d4ab1d8ad481d60b523afd6887aaca1dfc91bab57a83b8ad952398367ae57c399f4a335024cfd8c0fc46bcada089ffe92a98b024ffa58958d4628c3f4f571b15120891f4c0b0ad204fd13986c91011084e8c79d12618f1a2e8ddadc2f243553fa47344aad69d1a51fb2de3b9e24387d26c9f952327ebe526b43fb69cd85769786a6833f36d56f6a724f8f7088332c1c12beda17ae33c1309082ef30356f820c7a2538390d93422f3b6512f146a5df3237fee690b5250f4e8be4bf98bec47f80e4842ee1f58a0b4ed36d255c0926ed080023ab6367e04f81ec9b5c58120152ee391017ca8864bafb44eabefbdb0da79f94c368ebcdd101833d475edc2856209ba0b0a40c19d81a60107ecb29bab564bf50f4c71b775a9cfbb58f7ef7", @ANYBLOB='\x00\x00\x00\x00'], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840), 0xc)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
ftruncate(r2, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
recvmmsg(r4, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r3, r2, 0x0, 0x578410eb)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
chdir(&(0x7f0000000200)='./file0\x00')

3.280637989s ago: executing program 3 (id=501):
r0 = syz_open_dev$ndb(&(0x7f0000000200), 0x0, 0x100)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000280), 0x0, 0x0, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$inet(r4, &(0x7f0000001a80)={&(0x7f0000000040)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f00000019c0)=ANY=[@ANYBLOB="100000000000000007400000"], 0x10}, 0x44844)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000580)={r5, r2, 0x25, 0x0, @val=@netkit}, 0x1c)
syz_emit_ethernet(0xd81, &(0x7f0000001c00)=ANY=[], 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xa}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xc, 0x9}, {}, {0x7, 0x12}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1ff50}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20041090}, 0x240068c4)
syz_open_dev$tty1(0xc, 0x4, 0x1)
setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000180)=0x1, 0x4)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {0x87, 0x3, 0x1, 0x9}, 0xb, [0x0, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x4, 0x5, 0x10004, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x0, 0x3, 0x9, 0xfff, 0x8a1, 0x6, 0x18001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x4, 0x80, 0x401, 0x5, 0x9, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x7, 0x80000000, 0x1, 0xa, 0x7, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x80007, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0xb, 0x80000001, 0x7, 0x0, 0x4, 0x4, 0x7, 0x8, 0x10d, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x1, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0xfffffffd, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x200, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xa9, 0x7, 0x49, 0x6, 0x4, 0x5, 0xa3, 0x40003, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x4, 0xd21e, 0x9, 0x12, 0x0, 0x2, 0xfff, 0x926, 0x800100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x81, 0x47, 0x7, 0x0, 0x11, 0x2, 0xffd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x9, 0x10001, 0x8000001, 0x10001, 0x6, 0x71c], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x7, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x4, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x2, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0x9, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c)
r8 = syz_open_dev$vcsa(&(0x7f00000001c0), 0xf, 0x189800)
ioctl$CDROMSEEK(r8, 0x5316, &(0x7f0000000240)={0x7, 0x5, 0xd5, 0x0, 0x7, 0x4})
ioctl$EVIOCSFF(0xffffffffffffffff, 0x402c4580, &(0x7f0000000080)={0x52, 0x401, 0x7, {0x7, 0x10}, {0xdb, 0x8001}, @period={0x59, 0x2, 0x842d, 0xc4, 0x8001, {0x8, 0x9, 0x0, 0x9}, 0x7, &(0x7f0000000000)=[0x401, 0x3, 0x4, 0x6, 0x4, 0x0, 0x3]}})

3.242985153s ago: executing program 5 (id=502):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x30, r1, 0x1, 0x0, 0x3, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x19c}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (fail_nth: 3)

3.071418652s ago: executing program 5 (id=503):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ASSERT(r1, 0x0, 0xcf, &(0x7f0000000080)=0x1, 0x4)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f003, 0x6})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0)
r3 = syz_io_uring_setup(0x32d9, &(0x7f0000000200)={0x0, 0x6273, 0x8, 0xffffffff, 0x400000, 0x0, 0x0}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_io_uring_submit(r4, r5, r6, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x8, 0x0})
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000940), 0x2, 0x0)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000006b8a00fe00000000c7080000010000007b8af0ff00000000bda100000000000007000000f8ffffffbfa400000000000007040000f0ffffffb7020000080000fa18230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b704000008000000850000001a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(r7, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)
io_uring_enter(r3, 0x7ec5, 0x9f84, 0x24, 0x0, 0x0)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r9, &(0x7f00000001c0), 0x71)
ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000100)={0xffffffffffffffff})

3.070967781s ago: executing program 3 (id=504):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1, 0x34})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000940)={0x0, 0x0, r1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f00000004c0)={r2, 0x0, 0x3, 0x0, 0x2, [<r3=>0x0], [0x0, 0x0, 0x0, 0x10000], [0x4, 0x0, 0xffffffff], [0x1, 0x0, 0x90, 0x8]})
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x4, 0x4000, 0x1, 0x14, 0xf8, &(0x7f0000000440)="387ed7626d850509a2d6c1aa38f15cd0c234cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88731b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d461d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a750ecb3421143c5c4ded0f06affc524dcf3418272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955582efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8ddbf5e20d604413ed2ddf9bcbf881caf811852806175d638909f6234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284a3e90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def9122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a7e58b4f8c6a1c6b9b5ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef72c5d42cece59181fcb5bad8c24bd9f8f78dd85b82831325501e80d899e9252f99d3a266639438ac5252d9bccff4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2b046c6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd600000013139929cefec965c0c761785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829ed0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe8597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1aa1ab704782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c413923167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29a814bd8fed1ab6d2846c73345962895d289ac718aacac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811350200"})
openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000a00), 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000480)='fd/3\x00')
read$FUSE(r4, &(0x7f0000002040)={0x2020}, 0x2020)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002140)=ANY=[@ANYRESDEC], &(0x7f00000009c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000900)={0x0, 0x2, 0x0, 0xffff}, 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r5, 0xc0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaa97c4864ef7a308004f00003c0064000000879078ac1414bbac14140c8907efe000006a862000000000010ac94e853acbb708249e6006f0af617307a295549dfc1034070c"], 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={r3, 0x80000})
r6 = fsopen(0x0, 0x0)
r7 = fsmount(r6, 0x0, 0xf)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000880)={&(0x7f00000009c0), &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x0, 0x6, 0xa, 0x3})
r9 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r10=>0x0], &(0x7f0000000340)=[<r11=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r11, r10], 0x2, 0x80000})
r12 = syz_open_dev$dri(&(0x7f0000000080), 0x7, 0x42000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r12, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r13=>0x0], 0x0, 0x5e, 0x0, 0x1})
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r15 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r15, 0xae60)
r16 = ioctl$KVM_CREATE_VCPU(r15, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r16, 0x4008ae8a, &(0x7f0000000000)={0x1, 0x0, [{0x1, 0x3e158d1e, 0x688, 0xfffffff8, 0x7}]})
ioctl$KVM_SET_LAPIC(r16, 0x4400ae8f, &(0x7f0000000c80)={"4a492d366658c009c18e566981ca015ae75918960e31d61ffadb10976f9f98801879ee262c619b0a28a073009b9599c0daaf63434a9aeef4a13758d9fcfc7cfa69bb4c5563cd7aa675acb6baec0dbe5be47536e8266d416353404aae04751fb5f9d5964d72c7e2824553dff1193e70585d7473077ecc301377bef8046a3493420f103b67319bb977cf7e312c8259edcffed96b1556df0ff8349c47dca9e1c821fc5734b60574e4ce0f1733703c6cf922667bc06c65a6ee68e42772b355f4e066421f4ef586501ba9048c2fefe8aa4a043e1553aff167ea87ef572be54621587c4b10fd958e244b641b01f42c52fb7efb4918a049520fbd3fc7b1dfb5340938b5f40ac0cd395bdd56ba0c1807947eece7555e79b5f30b8929efb9d78fcd93ea2a6b942b7b9f788cace884dd58c2d9420f8e1810f05184d91f044d1b8ea34a1c35b49e9352a1e216f67b79adf8190ed9cb7eaf3325f0682c494d20b7538ac8ddce3ea83dc2de450ba4c20695c6087ecde66e6bf1237fb31793738d7f80145a44e7648e5eeee92bc436223c7673b319a1fa500830c389d639b01f819b93a1e203ad366f38e84861b47dd88b1f6ee638ca01f44f46b7ef37fb4ac385ec4f2ad82ecd7cbd026403bd14c314f83f23249265c8b23abd9e033f132ed0d5dcdb855302ab066d0bf64a9d499a7f853660e3ed9209bb57485b5ab1457bea124d97e9537cd49bcdf5756fb557c29575cd03ce269b8687d70ffe9047b9bcea8776d7ada2f5f64b7ae07df2af1732fa5886d3d52e379bd1bec1bc9a8cb13578456a8795b8c5f2e4a928a005b4f3b9ed18b6634226e4d45289504ea8c2042414abe6997eb072edd8a38a391d8b23c43834036dc7345dd8a94e40ad6176c6231db12dc128a388f687e16b8cb91873f243d6d0ca1a034fe61fbd685aeb65262ef26e91da412dbf17a606c21cd148311e255669c200e24656ed811e3d5d6816ad536ed89135c9ba0f54d44160f65f8f59be378c6a1b5beba5a475c26c99970023d4506071bfde093547e3673ff8f00e12073ceb32bb944c37484d4ab4d812be46f2b33b3cd5c7bba220efc884c854d3abf7aa7eb23dd8bb60fc0d814b6a4f1c9ae1e36b5454ead0a013b7c7f7a8db4bf7d23d36673e9829e54e765f279e4a2c6343f8ee14f82192529dc6ea14b71988fa4d198fbc9653f78da4c35f5da93d6ae8c4ade5efbe207d9fe16a91e5cd95a959828e61daa507da62a6af3358cc07b68e5964b0a3e653e0455c87a70287a386553c2da17f4501c28c44a3700ed6d64e2890d72971ac31facb5fcdb68168c531a4dd259481436d770c385d594ce4ae284e8b84ebc700deb184fe2b43fc82680cd8b4e835e00f03b0297b45f8c0140df303e63eb8a1c55f4250340363ab975ece22604bc4148a61d85a3d77a6f11532a02e00"})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r12, 0xc05064a7, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000340)=[0x0], &(0x7f0000001f40), 0x0, 0x1, 0x0, 0x0, r13})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000440)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, <r17=>0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0], 0x8, 0x8, 0x5, 0x2})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000540)={&(0x7f0000000200)=[r8, r11, 0x0, r13, r17], 0x5, r1, r2, 0x6, 0x3, 0x6817, 0xffff, {0x1, 0x8, 0x76, 0xbe, 0xf, 0xfff7, 0x8, 0x7, 0x1000, 0x6, 0x400, 0x8, 0x7, 0xfff, "7dc0da4de6653276d1484d54a7e1fa242341c76605f26ef2ab9568320417be48"}})
fchdir(r7)

2.185242087s ago: executing program 4 (id=513):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)={0x2, 0x0, [{0x40000000, 0x0, 0x6}, {0x40000001, 0x0, 0x9}]})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080), 0xc)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, 0x0, 0x0)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x2, 0x4)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_SET_LEDBIT(r5, 0x40045569, 0x1)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x11)
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000100)={{0x100, 0xdfe7}, 'syz1\x00', 0x19})
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$UI_DEV_DESTROY(r5, 0x5502)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0301, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x6, 0x0, 0x800201, 0x7d, 0x0, 0x8000, 0xae05, 0x1}, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f00000003c0)={'pcl812\x00', [0x4f33, 0x2, 0x2, 0x4000, 0x1, 0x1, 0x8, 0x1000d28a, 0xa, 0xfd, 0xffeffffd, 0x22, 0xa2, 0x1, 0x8, 0x12a3cfde, 0xf7fffffd, 0x6d, 0x2, 0x1, 0x8, 0x7, 0xeb96, 0x0, 0x40b, 0xe69, 0x6, 0x10008, 0x0, 0x1cdc, 0xfbfffff8]})
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20040, 0x0)

2.133758017s ago: executing program 3 (id=515):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000400)={@void, @void, @eth={@broadcast, @link_local, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @multicast1}, {0x0, 0x17c1, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x0, "f9c9947f249117809a19230ba42ee7655c5188cbd6fe4ec1f45fb122dd77ce67", "b04c24c79d03330886c9e2d33ca1fd12", {"42187bb4490c391927e19a4014821700", "47004f52b0196de62a3c759e8cd73acb"}}}}}}}}, 0x8a) (fail_nth: 3)

1.831158444s ago: executing program 3 (id=517):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x20}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, 0x0, 0x3e}, 0x28)

1.830599153s ago: executing program 3 (id=518):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=<r3=>r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=ANY=[@ANYRES8=r3, @ANYRES32=r2, @ANYBLOB="12030000000000000a00010085"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x42)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x1000810, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0xb0821, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}, [@ldst={0x5, 0x3, 0x3, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x8108}, {r1, 0x441}], 0x2, 0x0, 0x0, 0x2c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r5)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syz_tun\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000002c0)={0x34, r6, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000080}, 0x40804)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0xe)
r10 = syz_io_uring_setup(0x5c7e, &(0x7f0000000240)={0x0, 0x92f7, 0x40, 0x3, 0x271}, &(0x7f00000002c0), &(0x7f00000003c0), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r10, 0x10, &(0x7f0000001fc0)={0x1, 0x0, &(0x7f0000001f40)=[{&(0x7f0000000440)=""/3, 0x3}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/57, 0x39}, {&(0x7f0000001d00)=""/243, 0xf3}, {&(0x7f0000001e00)=""/127, 0x7f}, {&(0x7f0000001e80)=""/131, 0x83}], &(0x7f0000001f80)=[0xf2b7, 0x7, 0x5, 0x7, 0x2, 0x3, 0x800], 0x6}, 0x20)
read$char_usb(r9, &(0x7f00000000c0)=""/179, 0xffffffffffffff75)
mkdir(&(0x7f0000000080)='./file1\x00', 0x8)
mount(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)

1.69040922s ago: executing program 5 (id=519):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=<r3=>r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=ANY=[@ANYRES8=r3, @ANYRES32=r2, @ANYBLOB="12030000000000000a00010085"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x42)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x1000810, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0xb0821, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}, [@ldst={0x5, 0x3, 0x3, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x8108}, {r1, 0x441}], 0x2, 0x0, 0x0, 0x2c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r5)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syz_tun\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000002c0)={0x34, r6, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000080}, 0x40804)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0xe)
r10 = syz_io_uring_setup(0x5c7e, &(0x7f0000000240)={0x0, 0x92f7, 0x40, 0x3, 0x271}, &(0x7f00000002c0), &(0x7f00000003c0), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r10, 0x10, &(0x7f0000001fc0)={0x1, 0x0, &(0x7f0000001f40)=[{&(0x7f0000000440)=""/3, 0x3}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/57, 0x39}, {&(0x7f0000001d00)=""/243, 0xf3}, {&(0x7f0000001e00)=""/127, 0x7f}, {&(0x7f0000001e80)=""/131, 0x83}], &(0x7f0000001f80)=[0xf2b7, 0x7, 0x5, 0x7, 0x2, 0x3, 0x800], 0x6}, 0x20)
read$char_usb(r9, &(0x7f00000000c0)=""/179, 0xffffffffffffff75)
mkdir(&(0x7f0000000080)='./file1\x00', 0x8)
chdir(&(0x7f0000000140)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)

1.381232084s ago: executing program 2 (id=521):
r0 = userfaultfd(0x80801)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x100)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0xec, 0x1b, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x6c, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@ipv4={'\x00', '\xff\xff', @remote}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0x0, 0x2}, 0x70bd2c, 0x3500, 0x2, 0x4, 0x0, 0x50}}, 0xec}, 0x1, 0x0, 0x0, 0x880}, 0x0)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
syz_io_uring_setup(0xeff, &(0x7f0000000080)={0x0, 0x3, 0xc00, 0x3}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140), &(0x7f0000000040))
syz_io_uring_submit(r3, r1, 0x0, 0x0)

1.231496155s ago: executing program 4 (id=522):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2d)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r2, 0xf)
wait4(r2, 0x0, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r3, 0x107, 0x1, &(0x7f0000000880)={0x0, 0x1, 0x2e, @remote}, 0x10)
tkill(r2, 0x3)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @random="97c4864ef7a3", @void, {@ipv4={0x800, @generic={{0x9, 0x4, 0x0, 0x0, 0x24, 0x64, 0x0, 0x0, 0xc84cf8fe4733a687, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xc}, {[@ssrr={0x89, 0x7, 0xef, [@multicast1]}, @cipso={0x86, 0x6}]}}}}}}, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r4, 0x4048ae9b, &(0x7f0000000080)={0x70003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x2, 0xffffffffefffff15, 0x3, 0x20000004, 0x1, 0x4]}})
socket$packet(0x11, 0x3, 0x300)
r5 = socket$netlink(0x10, 0x3, 0x4)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f0000000040)="05000000010000", 0x7)
setuid(0xee01)
write(r5, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="000000000000abf9125b820ddb5442f6a656c4e0481e3c020bdb9dad05260f664fd2b9ed957cc617e1e17c5158a49bd5fd48ea6c5bc9f4f0992ad6d3d2d9dbecb06b8002c64ab3f2c9cabca488514c28013cad594383262975d4d554e863b75746790394a4b0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0xd, &(0x7f0000000100)=ANY=[@ANYBLOB="18000004020700000000000080000200000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000020000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a60000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x7)
r9 = epoll_create(0x7)
r10 = epoll_create1(0x0)
r11 = epoll_create(0x7)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r10, &(0x7f00000000c0))

1.141060629s ago: executing program 4 (id=523):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet(0x2, 0x1, 0x100)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
openat$fuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000280)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r6 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x14c, 0x18, 0x1, 0x70bd29, 0x25dfdbfd, {0x1d, 0x1, 0x4}, [@CGW_CS_CRC8={0x11e, 0x6, {0x1, 0xe, 0x3, 0x0, 0xff, "71ec6d721744cd5200080000f8cfcad4c4ec6511ec028c5028564abce83afe14c93e15e556c2baed7f897fe841c155a2b2a4b9f3052995cdf66a9c7922ff0300005b6c67281f1519cd7c32c2bf7563b9452575505da99ea128d37616896be8764a2c78edbad5bde7a5e405bdc893770338925f824bd24689c0d11a5568fc3aaa9ad0d7766d8ea8d3bf1006e3df494e2f373148ecb4adafdd39874e9808b118301f1e76054a64c6d243523f5de7b347f3b740e105d0ed18fae7289635301ebd8949268090b3bcd4cbed5f1cfe93cff41a9630802f96defe9e8ea850529827c5e301953a8abaafa1f121e590f74e28233f4129d4587eee87ec5d42c3ef0619022c", 0x0, "5c8d586b2a88d818b56d2a5e15c8a95d29e5b2ea"}}, @CGW_MOD_SET={0x15, 0x4, {{{0x3, 0x1, 0x0, 0x1}, 0x0, 0x5, 0x0, 0x0, '\t\x00'}, 0x1}}]}, 0x14c}}, 0x4c0c8)
tkill(r6, 0xb)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r7, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x66, 0x0, 0x132, 0x3})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x55fdb4595c3d8036)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="312000000000000014002b8008000100", @ANYRES32, @ANYBLOB="080020004cba4cc3ef79d5a2bcbeda2a3d7e6700000008001b0000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
r8 = io_uring_setup(0xf08, &(0x7f0000000540)={0x0, 0x62d5, 0x38c1, 0x4, 0xa2})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_FILES(r8, 0x20, &(0x7f0000000000)=[r8], 0x1)

576.70656ms ago: executing program 3 (id=524):
r0 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x7, 0x1, 0x3, 0x40, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xfb, 0xb0, 0xc, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x20}}}}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x10, 0x4, 0x8, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020705200000000002020207b0ae8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000001800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
write$char_usb(r1, &(0x7f00000007c0)="0bcd", 0x2)
syz_usb_disconnect(r0)

511.360357ms ago: executing program 2 (id=525):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd70100400000005000000080009000200000008000c00a80a000008000b00000000000600010005"], 0x34}}, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x4, @empty}, 0x1c)
syz_emit_ethernet(0x5d, &(0x7f00000004c0)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x23, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x23, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e79b9215b11d56560fb11d88eee8e"}}}}}}}, 0x0) (fail_nth: 3)

510.546035ms ago: executing program 5 (id=526):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x20}]}, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x3e}, 0x28)

451.576458ms ago: executing program 2 (id=527):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000040)={0x0, 0x80, 0x1, 'queue1\x00', 0x85})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000300)={0xa, 0x4e20, 0xd19, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2f}}, 0x4}, 0x1c)
connect$inet6(r4, &(0x7f0000001d40)={0xa, 0x4e1d, 0x3, @empty, 0x8}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0xfffd, 0x0, 0x0, 0x11, 0x0, @multicast1, @empty=0xe0000001}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000)

450.963145ms ago: executing program 5 (id=528):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
unshare(0x62040200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r2, @ANYBLOB="0600eb000100000006009800090000006c002d800b000000250e8aefc3c2230005000000320000000a00000002020202020200000a00000002020202020200000a00000001010101010100000a00000001010101010100000a00000002020202020200000a00000001010101010100000a00000001010101010100000600f70008080000"], 0xa0}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x0, 0x6, 0x321, 0x1, 0x0, 0x101, 0x0})
r6 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0x7b, &(0x7f0000000000), 0x8)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB='a *:* w#('], 0x9)
r7 = socket$inet6(0xa, 0x1, 0x0)
sendmsg$sock(r7, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x10, 0x1, 0x4f, 0x1}}], 0x10}, 0x4044880)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00'})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r4, &(0x7f0000000740)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000700)={&(0x7f0000000b40)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRESOCT=r0, @ANYBLOB="18001088cc287e0180140002ac3000000000000000000000004000018008000100fe7be59787e41de64c238d8662708406bd083df4c78d585fd86e22ae39e83a3548cecf4392daa86eed09938ea8d6018a45cba5413b89e19a608acf7d365ba32b6b751d64a06f2e605c4e9e5d69db909ce6f48591bb37ed712094d3011f2bdee8ee01af5155e6e0c4da3c3607da1035d260dcea196353eab6dbdc662e630d36dc701e2570168f562723ca542873f03e4e0ecd2968cd080e0a7e77fac26f58995f", @ANYRES32=r1, @ANYBLOB="080003000200000014000200776c616e31000000000000000000000008000100", @ANYBLOB="017f5b6c3209ee3c283d7b7db55978b4a0d4378e557af0472f86972248c0680e1040b36155bb15d70ec663e9fe24e18d616d7cbefd2d541b7859feb53c87369eaa4555f2362f4ab9762bdc4183d2c8c1c8f21ba07168b39b9e5f725a73b78a0b6d921674def68212ca278d5cdfb83690afcae24cbad2b237e5492eefe7af6133d23d0bbd84ad1ed87c081d42d1c8508dccf2f831d5199b24fcab27e0def3dc7a5d23ce4189e4ba2ddebfc0c8ec0dca0029f12ee4e0f0c1d2d2284c5349560cc13bf298213af6388e0ff80e971a586b5a91bd43f6b80c766c5c44b1c3747c99569f96b0eee0b967", @ANYBLOB="08000100e5add7c549456b6e2e3fa569ae7e9903e2f02017105f9130bd413f05d183df500677310b2d73440ee924483c1d06ca51c991d25aee8a9f0b3cbce839a69240cce9b39815c06f0000000000000000", @ANYRES32=r6, @ANYBLOB="0800030001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x64094)
r9 = bpf$ITER_CREATE(0x21, 0x0, 0x0)
r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000000040)={0x0, 0x0})
write$bt_hci(r10, &(0x7f0000000380)=ANY=[@ANYRESHEX=r3, @ANYBLOB="ef941ced34146655675e01d738d07e5d82945a8d1974bb371f9e10d78d7f8103d57cd4ea932ced195845daf6688705122617fdb03e2f7e4f3a78224af0a2bf71c0d4a0a9ab1be5d77d61b86f39ce374feb6d7e627fc9e8aa3c1acfe249f329cde2f48399338812d731f4fceb6007e4bbc15366317d35cfab33b58db1327ccbac7a64da07000000000000007b863c8bab0a97253e1f6748dcdc6eab7d78a1"], 0x33)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000)
r11 = socket$kcm(0xa, 0x2, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r4)
sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0x7, &(0x7f0000000680)={&(0x7f0000000480)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="000326bd7000fcdbdf25060000001c000280080009000100000006000e004e24000005000d000000000008000400090000003c00038014000600000000000000000000000000000000001400020070696d72656700000000000000000000a2029f1eb762ff29970b0976d1b20600"], 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x4040030)
sendmsg$kcm(r11, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x4e27, 0x0, @mcast1, 0x3}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="08000000000000000000008013b1ccbc1a68ad094e5ef100"], 0xc}, 0x0)

450.824704ms ago: executing program 2 (id=529):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000007c0), 0x40800, 0x0) (async)
ioperm(0x0, 0x2, 0x7e) (async)
r1 = gettid() (async)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @local}, 0x10)
listen(r2, 0x0) (async)
accept4(r2, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) (async)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='fd\x00') (async)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r6, 0x0) (async)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="3000000000000000290000000b0000000002"], 0x60}, 0x4000000) (async)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x1000005, 0x7fffffff, 0x0, 0x1, 0x0, 0x7fffffffff7fffff, 0xffffffffffffff70, 0xa, 0x7f, 0x0, 0x80, 0x3, 0x4, 0x1, 0x1], 0xeeee0000, 0x300})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x1) (async)
writev(r0, &(0x7f0000000780)=[{&(0x7f0000000080)="9dc8618120450539ef126aab46b107", 0xf}, {0x0, 0xffffffffffffff48}], 0x2)

317.179557ms ago: executing program 2 (id=530):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xca, r3, 0x18}, 0x38)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0x58000, 0x2000, &(0x7f0000fa3000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r4, 0xc018aec0, &(0x7f0000000100)={0x1})
write$UHID_INPUT(r1, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b34383a6d1a0890e0878f0e1ac6e7049b073c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b33340d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

241.255226ms ago: executing program 4 (id=531):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b34383a261a0890e0878f0e1ac6e7049b073c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b33340d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

178.981823ms ago: executing program 4 (id=532):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f000001b000)={0x0, 0x8, 0x8000, 0x0, 0x1, [], [0x4, 0x4], [0x0, 0x0, 0x0, 0x4], [0x8, 0x0, 0x3, 0xf]})
r2 = fsmount(r0, 0x0, 0x0)
r3 = socket$inet(0x2, 0x2, 0x1)
r4 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="09000000040000000400000007"], 0x48)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000200)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x8001, '\x00', 0x0, r5, 0x0, 0x3, 0x5}, 0x50)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r7, 0x541b, 0x0)
r8 = fsmount(r4, 0x1, 0x2)
fchdir(r8)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r6}, 0x18)
close_range(r3, 0xffffffffffffffff, 0x0)
fchdir(r2)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f000001b000)={0x0, 0x8, 0x8000, 0x0, 0x1, [], [0x4, 0x4], [0x0, 0x0, 0x0, 0x4], [0x8, 0x0, 0x3, 0xf]}) (async)
fsmount(r0, 0x0, 0x0) (async)
socket$inet(0x2, 0x2, 0x1) (async)
fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) (async)
quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=ANY=[@ANYBLOB="09000000040000000400000007"], 0x48) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async)
syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') (async)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000200)={0x3, 0x4, 0x4, 0xa, 0x0, r2, 0x8001, '\x00', 0x0, r5, 0x0, 0x3, 0x5}, 0x50) (async)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r7, 0x541b, 0x0) (async)
fsmount(r4, 0x1, 0x2) (async)
fchdir(r8) (async)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', r6}, 0x18) (async)
close_range(r3, 0xffffffffffffffff, 0x0) (async)
fchdir(r2) (async)

175.468208ms ago: executing program 2 (id=533):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r0, &(0x7f000001f000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000000)="b842068ec80f79c666b9800000c00f326635008000000f30658b9299ebf000bfaa80260fc731baf80c66efbafc0c66b8f5ee91dd66efbaf80c66b8c076cd8066efbafc0c66b80000000066ef0f22666466f30f09", 0x54}], 0x1, 0x41, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r2, r2, 0x200000000000000)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071101800000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000"], 0x3c}}, 0x10)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r7, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r7, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x40000000000018c, 0x2, 0x0)
sendmmsg(r7, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r8 = socket$netlink(0x10, 0x3, 0x4)
writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x187)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
umount2(&(0x7f0000000340)='./file0\x00', 0x1)

140.227452ms ago: executing program 5 (id=534):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=<r3=>r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=ANY=[@ANYRES8=r3, @ANYRES32=r2, @ANYBLOB="12030000000000000a00010085"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x42)
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$binder(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x1000810, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0xb0821, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}, [@ldst={0x5, 0x3, 0x3, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ppoll(&(0x7f0000000080)=[{0xffffffffffffffff, 0x8108}, {r1, 0x441}], 0x2, 0x0, 0x0, 0x2c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r5)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syz_tun\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000002c0)={0x34, r6, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24000080}, 0x40804)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10)
r9 = syz_open_dev$char_usb(0xc, 0xb4, 0xe)
r10 = syz_io_uring_setup(0x5c7e, &(0x7f0000000240)={0x0, 0x92f7, 0x40, 0x3, 0x271}, &(0x7f00000002c0), &(0x7f00000003c0), &(0x7f0000000400))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r10, 0x10, &(0x7f0000001fc0)={0x1, 0x0, &(0x7f0000001f40)=[{&(0x7f0000000440)=""/3, 0x3}, {&(0x7f0000000cc0)=""/4096, 0x1000}, {&(0x7f0000001cc0)=""/57, 0x39}, {&(0x7f0000001d00)=""/243, 0xf3}, {&(0x7f0000001e00)=""/127, 0x7f}, {&(0x7f0000001e80)=""/131, 0x83}], &(0x7f0000001f80)=[0xf2b7, 0x7, 0x5, 0x7, 0x2, 0x3, 0x800], 0x6}, 0x20)
read$char_usb(r9, &(0x7f00000000c0)=""/179, 0xffffffffffffff75)
mkdir(&(0x7f0000000080)='./file1\x00', 0x8)
chdir(&(0x7f0000000140)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)

0s ago: executing program 4 (id=535):
socket$igmp6(0xa, 0x3, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
msgctl$MSG_INFO(0x0, 0xc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x4349, 0x8, 0x55595659, 0x4, 0xc, 0x7, 0x7, 0x40000005, 0x1, 0x4, 0x2}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000480)=0x45)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(streebog256-generic,pcbc(fcrypt-generic))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000880)="00773691", 0x4)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
socket(0x18, 0x3, 0x3ff)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffbffffc, 0x0, 0x0, 0x0, 0x40}, [@call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f00000003c0)="6f11ba816056a1827a33ae059cf3", 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)=""/73, 0x0, &(0x7f0000000500)=""/4082})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f00000002c0)={@host})

kernel console output (not intermixed with test programs):

0000000000000 R11: 0000000000000292 R12: 0000000000000000
[  221.814557][ T7021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  221.814571][ T7021]  </TASK>
[  221.934566][ T7028] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  221.936898][ T7028] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  221.965333][ T7028] vhci_hcd vhci_hcd.0: Device attached
[  222.149419][ T5759] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  222.209417][ T5759] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[  222.358377][ T7046] netlink: 12 bytes leftover after parsing attributes in process `syz.3.227'.
[  222.751428][ T7030] vhci_hcd: connection reset by peer
[  222.763072][   T85] vhci_hcd vhci_hcd.1: stop threads
[  222.765859][   T85] vhci_hcd vhci_hcd.1: release socket
[  222.773408][   T85] vhci_hcd vhci_hcd.1: disconnect device
[  223.536132][ T7061] FAULT_INJECTION: forcing a failure.
[  223.536132][ T7061] name failslab, interval 1, probability 0, space 0, times 0
[  223.543432][ T7061] CPU: 0 UID: 0 PID: 7061 Comm: syz.1.230 Not tainted syzkaller #0 PREEMPT(full) 
[  223.543459][ T7061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  223.543469][ T7061] Call Trace:
[  223.543478][ T7061]  <TASK>
[  223.543486][ T7061]  dump_stack_lvl+0x100/0x190
[  223.543511][ T7061]  should_fail_ex.cold+0x5/0xa
[  223.543532][ T7061]  should_failslab+0xc2/0x120
[  223.543551][ T7061]  __kmalloc_cache_noprof+0x7a/0x6f0
[  223.543573][ T7061]  ? binder_get_thread+0x201/0x850
[  223.543599][ T7061]  binder_get_thread+0x201/0x850
[  223.543623][ T7061]  binder_poll+0x3f/0x430
[  223.543642][ T7061]  ? __pfx_binder_poll+0x10/0x10
[  223.543661][ T7061]  do_select+0xd54/0x1850
[  223.543697][ T7061]  ? __pfx_do_select+0x10/0x10
[  223.543714][ T7061]  ? __lock_acquire+0x4a5/0x2630
[  223.543742][ T7061]  ? __pfx___pollwait+0x10/0x10
[  223.543761][ T7061]  ? __pfx_pollwake+0x10/0x10
[  223.543779][ T7061]  ? __pfx_pollwake+0x10/0x10
[  223.543796][ T7061]  ? __pfx_pollwake+0x10/0x10
[  223.543856][ T7061]  ? _kstrtoull+0x13c/0x1f0
[  223.543889][ T7061]  ? find_held_lock+0x2b/0x80
[  223.543923][ T7061]  ? compat_core_sys_select+0x1e6/0x8b0
[  223.543940][ T7061]  ? compat_core_sys_select+0x1e6/0x8b0
[  223.543959][ T7061]  ? compat_core_sys_select+0x68a/0x8b0
[  223.543975][ T7061]  compat_core_sys_select+0x68a/0x8b0
[  223.543998][ T7061]  ? __pfx_compat_core_sys_select+0x10/0x10
[  223.544019][ T7061]  ? get_pid_task+0xfc/0x250
[  223.544060][ T7061]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  223.544080][ T7061]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  223.544099][ T7061]  ? kernel_write+0x5f3/0x6c0
[  223.544120][ T7061]  do_compat_pselect+0x27a/0x2b0
[  223.544139][ T7061]  ? __pfx_do_compat_pselect+0x10/0x10
[  223.544163][ T7061]  ? fput+0x79/0x100
[  223.544186][ T7061]  __ia32_compat_sys_pselect6_time32+0x152/0x1c0
[  223.544211][ T7061]  __do_fast_syscall_32+0xe7/0x950
[  223.544230][ T7061]  ? lockdep_hardirqs_on+0x78/0x100
[  223.544248][ T7061]  do_fast_syscall_32+0x32/0x70
[  223.544384][ T7061]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  223.544406][ T7061] RIP: 0023:0xf7f86fcc
[  223.544421][ T7061] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  223.544436][ T7061] RSP: 002b:00000000f542550c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  223.544455][ T7061] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000080000240
[  223.544466][ T7061] RDX: 0000000000000000 RSI: 00000000800002c0 RDI: 0000000000000000
[  223.544475][ T7061] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  223.544484][ T7061] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  223.544494][ T7061] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  223.544516][ T7061]  </TASK>
[  223.702395][ T7063] netlink: 20 bytes leftover after parsing attributes in process `syz.2.231'.
[  224.800176][ T7074] FAULT_INJECTION: forcing a failure.
[  224.800176][ T7074] name failslab, interval 1, probability 0, space 0, times 0
[  224.806876][ T7074] CPU: 3 UID: 0 PID: 7074 Comm: syz.0.233 Not tainted syzkaller #0 PREEMPT(full) 
[  224.806903][ T7074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.806914][ T7074] Call Trace:
[  224.806921][ T7074]  <TASK>
[  224.806929][ T7074]  dump_stack_lvl+0x100/0x190
[  224.806956][ T7074]  should_fail_ex.cold+0x5/0xa
[  224.806980][ T7074]  should_failslab+0xc2/0x120
[  224.807001][ T7074]  __kmalloc_cache_noprof+0x7a/0x6f0
[  224.807024][ T7074]  ? drm_atomic_state_alloc+0xb8/0x120
[  224.807054][ T7074]  drm_atomic_state_alloc+0xb8/0x120
[  224.807075][ T7074]  drm_client_modeset_commit_atomic+0xcc/0x7e0
[  224.807106][ T7074]  ? trace_contention_end+0x122/0x170
[  224.807128][ T7074]  ? drm_client_modeset_commit_locked+0x4c/0x580
[  224.807152][ T7074]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  224.807175][ T7074]  ? __pfx___schedule+0x10/0x10
[  224.807227][ T7074]  drm_client_modeset_commit_locked+0x14d/0x580
[  224.807254][ T7074]  drm_client_modeset_commit+0x4f/0x80
[  224.807276][ T7074]  __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160
[  224.807303][ T7074]  drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0
[  224.807328][ T7074]  drm_fbdev_client_restore+0x1b/0x30
[  224.807347][ T7074]  ? __pfx_drm_fbdev_client_restore+0x10/0x10
[  224.807363][ T7074]  drm_client_dev_restore+0x205/0x2a0
[  224.807392][ T7074]  drm_release+0x2c6/0x360
[  224.807414][ T7074]  ? __pfx_drm_release+0x10/0x10
[  224.807435][ T7074]  __fput+0x3ff/0xb50
[  224.807466][ T7074]  fput_close_sync+0x118/0x250
[  224.807491][ T7074]  ? __pfx_fput_close_sync+0x10/0x10
[  224.807523][ T7074]  __ia32_sys_close+0x8b/0x120
[  224.807550][ T7074]  __do_fast_syscall_32+0xe7/0x950
[  224.807569][ T7074]  ? lockdep_hardirqs_on+0x78/0x100
[  224.807589][ T7074]  do_fast_syscall_32+0x32/0x70
[  224.807609][ T7074]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.807631][ T7074] RIP: 0023:0xf705efcc
[  224.807648][ T7074] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  224.807663][ T7074] RSP: 002b:00000000f542c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000006
[  224.807683][ T7074] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000000000000
[  224.807693][ T7074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  224.807702][ T7074] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.807712][ T7074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.807722][ T7074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.807747][ T7074]  </TASK>
[  225.880640][ T7093] kAFS: unable to lookup cell '(,c��L'
[  227.100468][ T7090] input: syz1 as /devices/virtual/input/input31
[  227.437244][ T5759] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  228.053716][ T7121] FAULT_INJECTION: forcing a failure.
[  228.053716][ T7121] name failslab, interval 1, probability 0, space 0, times 0
[  228.085651][ T7121] CPU: 2 UID: 0 PID: 7121 Comm: syz.1.245 Not tainted syzkaller #0 PREEMPT(full) 
[  228.085678][ T7121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  228.085689][ T7121] Call Trace:
[  228.085696][ T7121]  <TASK>
[  228.085702][ T7121]  dump_stack_lvl+0x100/0x190
[  228.085727][ T7121]  should_fail_ex.cold+0x5/0xa
[  228.085750][ T7121]  should_failslab+0xc2/0x120
[  228.085768][ T7121]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  228.085795][ T7121]  ? __alloc_skb+0x140/0x710
[  228.085813][ T7121]  ? __alloc_skb+0x5b7/0x710
[  228.085834][ T7121]  __alloc_skb+0x140/0x710
[  228.085850][ T7121]  ? __alloc_skb+0x5b7/0x710
[  228.085867][ T7121]  ? __pfx___alloc_skb+0x10/0x10
[  228.085890][ T7121]  netlink_alloc_large_skb+0x69/0x150
[  228.085917][ T7121]  netlink_sendmsg+0x680/0xda0
[  228.085946][ T7121]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.085973][ T7121]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  228.085999][ T7121]  ____sys_sendmsg+0x9e1/0xb70
[  228.086022][ T7121]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.086048][ T7121]  ? __pfx_____sys_sendmsg+0x10/0x10
[  228.086084][ T7121]  ___sys_sendmsg+0x190/0x1e0
[  228.086117][ T7121]  ? __pfx____sys_sendmsg+0x10/0x10
[  228.086154][ T7121]  ? find_held_lock+0x2b/0x80
[  228.086189][ T7121]  __sys_sendmsg+0x170/0x220
[  228.086209][ T7121]  ? __pfx___sys_sendmsg+0x10/0x10
[  228.086227][ T7121]  ? __fget_files+0x21f/0x3d0
[  228.086253][ T7121]  ? ksys_write+0x1ac/0x250
[  228.086273][ T7121]  ? rcu_is_watching+0x12/0xc0
[  228.086296][ T7121]  __do_fast_syscall_32+0xe7/0x950
[  228.086315][ T7121]  ? lockdep_hardirqs_on+0x78/0x100
[  228.086334][ T7121]  do_fast_syscall_32+0x32/0x70
[  228.086352][ T7121]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  228.086373][ T7121] RIP: 0023:0xf7f86fcc
[  228.086388][ T7121] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  228.086403][ T7121] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  228.086422][ T7121] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003700
[  228.086432][ T7121] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  228.086441][ T7121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  228.086450][ T7121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  228.086460][ T7121] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  228.086508][ T7121]  </TASK>
[  228.233041][ T7125] FAULT_INJECTION: forcing a failure.
[  228.233041][ T7125] name failslab, interval 1, probability 0, space 0, times 0
[  228.266714][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  228.266735][   T40] audit: type=1326 audit(1776660987.011:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.281605][   T40] audit: type=1326 audit(1776660987.011:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.296134][   T40] audit: type=1326 audit(1776660987.011:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.305423][ T7125] CPU: 2 UID: 0 PID: 7125 Comm: syz.3.246 Not tainted syzkaller #0 PREEMPT(full) 
[  228.305448][ T7125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  228.305459][ T7125] Call Trace:
[  228.305466][ T7125]  <TASK>
[  228.305473][ T7125]  dump_stack_lvl+0x100/0x190
[  228.305499][ T7125]  should_fail_ex.cold+0x5/0xa
[  228.305523][ T7125]  should_failslab+0xc2/0x120
[  228.305544][ T7125]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  228.305573][ T7125]  ? __alloc_skb+0x140/0x710
[  228.305593][ T7125]  ? __alloc_skb+0x5b7/0x710
[  228.305616][ T7125]  __alloc_skb+0x140/0x710
[  228.305634][ T7125]  ? __alloc_skb+0x5b7/0x710
[  228.305653][ T7125]  ? __pfx___alloc_skb+0x10/0x10
[  228.305680][ T7125]  netlink_alloc_large_skb+0x69/0x150
[  228.305709][ T7125]  netlink_sendmsg+0x680/0xda0
[  228.305738][ T7125]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.305765][ T7125]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  228.305790][ T7125]  ____sys_sendmsg+0x9e1/0xb70
[  228.305814][ T7125]  ? __pfx_netlink_sendmsg+0x10/0x10
[  228.305840][ T7125]  ? __pfx_____sys_sendmsg+0x10/0x10
[  228.305875][ T7125]  ___sys_sendmsg+0x190/0x1e0
[  228.305904][ T7125]  ? __pfx____sys_sendmsg+0x10/0x10
[  228.305940][ T7125]  ? find_held_lock+0x2b/0x80
[  228.305974][ T7125]  __sys_sendmsg+0x170/0x220
[  228.305995][ T7125]  ? __pfx___sys_sendmsg+0x10/0x10
[  228.306012][ T7125]  ? __fget_files+0x21f/0x3d0
[  228.306036][ T7125]  ? ksys_write+0x1ac/0x250
[  228.306054][ T7125]  ? rcu_is_watching+0x12/0xc0
[  228.306075][ T7125]  __do_fast_syscall_32+0xe7/0x950
[  228.306094][ T7125]  ? lockdep_hardirqs_on+0x78/0x100
[  228.306119][ T7125]  do_fast_syscall_32+0x32/0x70
[  228.306138][ T7125]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  228.306160][ T7125] RIP: 0023:0xf703efcc
[  228.306176][ T7125] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  228.306192][ T7125] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  228.306316][ T7125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  228.306326][ T7125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  228.306335][ T7125] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  228.306343][ T7125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  228.306353][ T7125] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  228.306374][ T7125]  </TASK>
[  228.306593][   T40] audit: type=1326 audit(1776660987.011:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.505610][   T40] audit: type=1326 audit(1776660987.011:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.517014][   T40] audit: type=1326 audit(1776660987.011:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.534918][   T40] audit: type=1326 audit(1776660987.011:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.560341][   T40] audit: type=1326 audit(1776660987.011:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.567158][   T40] audit: type=1326 audit(1776660987.011:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  228.574522][   T40] audit: type=1326 audit(1776660987.011:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7126 comm="syz.1.247" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7185cab code=0x7ffc0000
[  228.758708][ T7144] netlink: 'syz.2.253': attribute type 25 has an invalid length.
[  228.761356][ T7144] netlink: 40 bytes leftover after parsing attributes in process `syz.2.253'.
[  228.886601][ T7152] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  229.520509][ T7156] netlink: 20 bytes leftover after parsing attributes in process `syz.1.249'.
[  229.524452][ T7156] openvswitch: netlink: Flow actions attr not present in new flow.
[  229.722529][ T7136] kAFS: unable to lookup cell '(,c��L'
[  229.972982][ T6065] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  230.160096][ T6065] usb 7-1: Using ep0 maxpacket: 8
[  230.164273][ T6065] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  230.168840][ T6065] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  230.173189][ T6065] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  230.177508][ T6065] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  230.182952][ T6065] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  230.186756][ T6065] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.335460][ T7171] FAULT_INJECTION: forcing a failure.
[  230.335460][ T7171] name failslab, interval 1, probability 0, space 0, times 0
[  230.340414][ T7171] CPU: 0 UID: 0 PID: 7171 Comm: syz.3.257 Not tainted syzkaller #0 PREEMPT(full) 
[  230.340430][ T7171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  230.340436][ T7171] Call Trace:
[  230.340441][ T7171]  <TASK>
[  230.340445][ T7171]  dump_stack_lvl+0x100/0x190
[  230.340462][ T7171]  should_fail_ex.cold+0x5/0xa
[  230.340477][ T7171]  ? tomoyo_encode2+0xfb/0x3c0
[  230.340487][ T7171]  should_failslab+0xc2/0x120
[  230.340500][ T7171]  __kmalloc_noprof+0xe0/0x850
[  230.340516][ T7171]  ? d_absolute_path+0x136/0x1b0
[  230.340536][ T7171]  tomoyo_encode2+0xfb/0x3c0
[  230.340547][ T7171]  tomoyo_encode+0x29/0x50
[  230.340557][ T7171]  tomoyo_realpath_from_path+0x18c/0x690
[  230.340570][ T7171]  tomoyo_path_number_perm+0x23c/0x580
[  230.340586][ T7171]  ? tomoyo_path_number_perm+0x22e/0x580
[  230.340602][ T7171]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  230.340619][ T7171]  ? get_pid_task+0x106/0x250
[  230.340647][ T7171]  ? find_held_lock+0x2b/0x80
[  230.340660][ T7171]  ? __fget_files+0x215/0x3d0
[  230.340672][ T7171]  ? hook_file_ioctl_common+0x149/0x410
[  230.340688][ T7171]  ? __fget_files+0x215/0x3d0
[  230.340702][ T7171]  ? __fget_files+0x21f/0x3d0
[  230.340716][ T7171]  security_file_ioctl_compat+0xd3/0x230
[  230.340733][ T7171]  __ia32_compat_sys_ioctl+0xc2/0x360
[  230.340753][ T7171]  __do_fast_syscall_32+0xe7/0x950
[  230.340766][ T7171]  ? lockdep_hardirqs_on+0x78/0x100
[  230.340778][ T7171]  do_fast_syscall_32+0x32/0x70
[  230.340790][ T7171]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  230.340804][ T7171] RIP: 0023:0xf703efcc
[  230.340813][ T7171] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  230.340823][ T7171] RSP: 002b:00000000f540c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  230.340835][ T7171] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000006f2d
[  230.340841][ T7171] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[  230.340847][ T7171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  230.340853][ T7171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.340859][ T7171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  230.340873][ T7171]  </TASK>
[  230.340918][ T7171] ERROR: Out of memory at tomoyo_realpath_from_path.
[  230.479388][ T6065] usb 7-1: usb_control_msg returned -71
[  230.489161][ T6065] usbtmc 7-1:16.0: can't read capabilities
[  230.513070][ T6065] usb 7-1: USB disconnect, device number 4
[  230.658437][ T7183] FAULT_INJECTION: forcing a failure.
[  230.658437][ T7183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  230.662667][ T7183] CPU: 0 UID: 0 PID: 7183 Comm: syz.2.262 Not tainted syzkaller #0 PREEMPT(full) 
[  230.662682][ T7183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  230.662689][ T7183] Call Trace:
[  230.662693][ T7183]  <TASK>
[  230.662697][ T7183]  dump_stack_lvl+0x100/0x190
[  230.662714][ T7183]  should_fail_ex.cold+0x5/0xa
[  230.662728][ T7183]  _copy_from_iter+0x1f4/0x1690
[  230.662746][ T7183]  ? __lock_acquire+0x4a5/0x2630
[  230.662764][ T7183]  ? __lock_acquire+0x4a5/0x2630
[  230.662780][ T7183]  ? __pfx__copy_from_iter+0x10/0x10
[  230.662795][ T7183]  ? _parse_integer_limit+0x17f/0x1d0
[  230.662818][ T7183]  tun_get_user+0x3ba/0x3c20
[  230.662838][ T7183]  ? __pfx_tun_get_user+0x10/0x10
[  230.662850][ T7183]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  230.662873][ T7183]  ? find_held_lock+0x2b/0x80
[  230.662887][ T7183]  ? tun_get+0x191/0x370
[  230.662895][ T7183]  ? tun_get+0x191/0x370
[  230.662908][ T7183]  tun_chr_write_iter+0xdc/0x200
[  230.662920][ T7183]  vfs_write+0x6ac/0x1070
[  230.662934][ T7183]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  230.662946][ T7183]  ? __pfx_vfs_write+0x10/0x10
[  230.662957][ T7183]  ? find_held_lock+0x2b/0x80
[  230.662978][ T7183]  ksys_write+0x12a/0x250
[  230.662989][ T7183]  ? __pfx_ksys_write+0x10/0x10
[  230.663000][ T7183]  ? ksys_write+0x1ac/0x250
[  230.663012][ T7183]  ? rcu_is_watching+0x12/0xc0
[  230.663026][ T7183]  __do_fast_syscall_32+0xe7/0x950
[  230.663039][ T7183]  ? lockdep_hardirqs_on+0x78/0x100
[  230.663056][ T7183]  do_fast_syscall_32+0x32/0x70
[  230.663068][ T7183]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  230.663083][ T7183] RIP: 0023:0xf7f37fcc
[  230.663092][ T7183] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  230.663102][ T7183] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  230.663115][ T7183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  230.663121][ T7183] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000
[  230.663127][ T7183] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  230.663133][ T7183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.663139][ T7183] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  230.663152][ T7183]  </TASK>
[  230.886762][ T7189] FAULT_INJECTION: forcing a failure.
[  230.886762][ T7189] name failslab, interval 1, probability 0, space 0, times 0
[  230.897769][ T7189] CPU: 2 UID: 0 PID: 7189 Comm: syz.0.264 Not tainted syzkaller #0 PREEMPT(full) 
[  230.897802][ T7189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  230.897813][ T7189] Call Trace:
[  230.897819][ T7189]  <TASK>
[  230.897827][ T7189]  dump_stack_lvl+0x100/0x190
[  230.897852][ T7189]  should_fail_ex.cold+0x5/0xa
[  230.897876][ T7189]  should_failslab+0xc2/0x120
[  230.897894][ T7189]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  230.897921][ T7189]  ? security_inode_alloc+0x3b/0x2c0
[  230.897944][ T7189]  ? lockdep_init_map_type+0x5c/0x250
[  230.897976][ T7189]  security_inode_alloc+0x3b/0x2c0
[  230.897998][ T7189]  inode_init_always_gfp+0xcc0/0x1000
[  230.898023][ T7189]  alloc_inode+0x8e/0x250
[  230.898048][ T7189]  sock_alloc+0x44/0x280
[  230.898073][ T7189]  do_accept+0xf9/0x530
[  230.898090][ T7189]  ? do_raw_spin_lock+0x128/0x260
[  230.898109][ T7189]  ? __pfx_do_accept+0x10/0x10
[  230.898140][ T7189]  __sys_accept4+0x108/0x200
[  230.898158][ T7189]  ? __pfx___sys_accept4+0x10/0x10
[  230.898178][ T7189]  ? ksys_write+0x1ac/0x250
[  230.898200][ T7189]  __ia32_sys_accept4+0x94/0x100
[  230.898218][ T7189]  ? lockdep_hardirqs_on+0x78/0x100
[  230.898237][ T7189]  __do_fast_syscall_32+0xe7/0x950
[  230.898255][ T7189]  ? lockdep_hardirqs_on+0x78/0x100
[  230.898275][ T7189]  do_fast_syscall_32+0x32/0x70
[  230.898294][ T7189]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  230.898316][ T7189] RIP: 0023:0xf705efcc
[  230.898331][ T7189] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  230.898347][ T7189] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016c
[  230.898366][ T7189] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000000000
[  230.898376][ T7189] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000
[  230.898386][ T7189] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  230.898395][ T7189] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  230.898405][ T7189] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  230.898425][ T7189]  </TASK>
[  230.922408][ T7190] siw: device registration error -23
[  231.115322][ T7192] netlink: 48 bytes leftover after parsing attributes in process `syz.2.265'.
[  231.397339][ T7207] kAFS: unable to lookup cell '(,c��L'
[  233.093485][ T7216] netlink: 20 bytes leftover after parsing attributes in process `syz.0.266'.
[  233.097019][ T7216] openvswitch: netlink: Flow actions attr not present in new flow.
[  233.184996][ T6276] block nbd0: Possible stuck request ffff888027c15080: control (read@0,1024B). Runtime 30 seconds
[  233.191099][ T6276] block nbd0: Possible stuck request ffff888027c15240: control (read@1024,1024B). Runtime 30 seconds
[  233.195473][ T6276] block nbd0: Possible stuck request ffff888027c15400: control (read@2048,1024B). Runtime 30 seconds
[  233.199468][ T6276] block nbd0: Possible stuck request ffff888027c155c0: control (read@3072,1024B). Runtime 30 seconds
[  233.205234][ T1518] block nbd1: Possible stuck request ffff888027c57000: control (read@0,1024B). Runtime 30 seconds
[  233.209350][ T1518] block nbd1: Possible stuck request ffff888027c571c0: control (read@1024,1024B). Runtime 30 seconds
[  233.213408][ T1518] block nbd1: Possible stuck request ffff888027c57380: control (read@2048,1024B). Runtime 30 seconds
[  233.217693][ T1518] block nbd1: Possible stuck request ffff888027c57540: control (read@3072,1024B). Runtime 30 seconds
[  233.539828][ T7222] FAULT_INJECTION: forcing a failure.
[  233.539828][ T7222] name failslab, interval 1, probability 0, space 0, times 0
[  233.543851][ T7222] CPU: 0 UID: 0 PID: 7222 Comm: syz.2.274 Not tainted syzkaller #0 PREEMPT(full) 
[  233.543867][ T7222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  233.543874][ T7222] Call Trace:
[  233.543878][ T7222]  <TASK>
[  233.543883][ T7222]  dump_stack_lvl+0x100/0x190
[  233.543901][ T7222]  should_fail_ex.cold+0x5/0xa
[  233.543915][ T7222]  should_failslab+0xc2/0x120
[  233.543928][ T7222]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  233.543946][ T7222]  ? do_getname+0x35/0x390
[  233.543960][ T7222]  ? apparmor_capable+0x1d7/0x4d0
[  233.543978][ T7222]  do_getname+0x35/0x390
[  233.543994][ T7222]  vfs_open_tree+0x286/0xae0
[  233.544008][ T7222]  ? _raw_spin_unlock+0x28/0x50
[  233.544027][ T7222]  ? __pfx_vfs_open_tree+0x10/0x10
[  233.544044][ T7222]  __ia32_sys_open_tree+0xa3/0x150
[  233.544059][ T7222]  __do_fast_syscall_32+0xe7/0x950
[  233.544071][ T7222]  ? lockdep_hardirqs_on+0x78/0x100
[  233.544083][ T7222]  do_fast_syscall_32+0x32/0x70
[  233.544096][ T7222]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.544110][ T7222] RIP: 0023:0xf7f37fcc
[  233.544133][ T7222] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  233.544143][ T7222] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 00000000000001ac
[  233.544155][ T7222] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000640
[  233.544161][ T7222] RDX: 0000000000089901 RSI: 0000000000000000 RDI: 0000000000000000
[  233.544167][ T7222] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.544173][ T7222] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  233.544179][ T7222] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.544193][ T7222]  </TASK>
[  233.654702][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  233.654722][   T40] audit: type=1326 audit(1776660992.401:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.670907][   T40] audit: type=1326 audit(1776660992.401:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.680867][   T40] audit: type=1326 audit(1776660992.401:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.699349][   T40] audit: type=1326 audit(1776660992.401:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.709222][   T40] audit: type=1326 audit(1776660992.401:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.719654][   T40] audit: type=1326 audit(1776660992.401:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.735789][   T40] audit: type=1326 audit(1776660992.401:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.745388][   T40] audit: type=1326 audit(1776660992.401:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.753070][   T40] audit: type=1326 audit(1776660992.411:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7225 comm="syz.1.275" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  233.895087][ T7238] FAULT_INJECTION: forcing a failure.
[  233.895087][ T7238] name failslab, interval 1, probability 0, space 0, times 0
[  233.930148][ T7238] CPU: 0 UID: 0 PID: 7238 Comm: syz.3.278 Not tainted syzkaller #0 PREEMPT(full) 
[  233.930176][ T7238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  233.930186][ T7238] Call Trace:
[  233.930194][ T7238]  <TASK>
[  233.930200][ T7238]  dump_stack_lvl+0x100/0x190
[  233.930223][ T7238]  should_fail_ex.cold+0x5/0xa
[  233.930243][ T7238]  ? alloc_pipe_info+0x1ec/0x590
[  233.930261][ T7238]  should_failslab+0xc2/0x120
[  233.930279][ T7238]  __kmalloc_noprof+0xe0/0x850
[  233.930365][ T7238]  alloc_pipe_info+0x1ec/0x590
[  233.930385][ T7238]  splice_direct_to_actor+0x78f/0xa30
[  233.930406][ T7238]  ? __lock_acquire+0x4a5/0x2630
[  233.930428][ T7238]  ? __pfx_direct_splice_actor+0x10/0x10
[  233.930473][ T7238]  ? __pfx_aa_file_perm+0x10/0x10
[  233.930490][ T7238]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  233.930516][ T7238]  do_splice_direct+0x174/0x240
[  233.930535][ T7238]  ? __pfx_do_splice_direct+0x10/0x10
[  233.930554][ T7238]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  233.930572][ T7238]  ? bpf_lsm_file_permission+0x9/0x10
[  233.930597][ T7238]  ? security_file_permission+0x76/0x210
[  233.930636][ T7238]  ? rw_verify_area+0xce/0x6d0
[  233.930661][ T7238]  do_sendfile+0xadc/0xe20
[  233.930682][ T7238]  ? __pfx_do_sendfile+0x10/0x10
[  233.930696][ T7238]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  233.930717][ T7238]  ? __fget_files+0x21f/0x3d0
[  233.930738][ T7238]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  233.930758][ T7238]  ? fput+0x79/0x100
[  233.930777][ T7238]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  233.930796][ T7238]  ? ksys_write+0x1ac/0x250
[  233.930813][ T7238]  ? rcu_is_watching+0x12/0xc0
[  233.930834][ T7238]  __do_fast_syscall_32+0xe7/0x950
[  233.930852][ T7238]  ? lockdep_hardirqs_on+0x78/0x100
[  233.930869][ T7238]  do_fast_syscall_32+0x32/0x70
[  233.930886][ T7238]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  233.930907][ T7238] RIP: 0023:0xf703efcc
[  233.930921][ T7238] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  233.930942][ T7238] RSP: 002b:00000000f53eb50c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb
[  233.930960][ T7238] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000009
[  233.930970][ T7238] RDX: 0000000000000000 RSI: 00000000fffff004 RDI: 0000000000000000
[  233.930979][ T7238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  233.930988][ T7238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  233.931002][ T7238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  233.931022][ T7238]  </TASK>
[  234.078873][ T7235] random: crng reseeded on system resumption
[  234.488841][   T40] audit: type=1326 audit(1776660993.231:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7244 comm="syz.1.281" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  234.722431][ T7263] gretap1: entered allmulticast mode
[  234.788092][ T7266] bond0: entered promiscuous mode
[  234.792116][ T7266] bond_slave_0: entered promiscuous mode
[  234.794176][ T7266] bond_slave_1: entered promiscuous mode
[  234.800362][ T7266] batadv_slave_0: entered promiscuous mode
[  234.802633][ T7266] batadv_slave_0: left promiscuous mode
[  234.804739][ T7266] bond0: left promiscuous mode
[  234.806565][ T7266] bond_slave_0: left promiscuous mode
[  234.819597][ T7266] bond_slave_1: left promiscuous mode
[  235.014129][ T7279] FAULT_INJECTION: forcing a failure.
[  235.014129][ T7279] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  235.018429][ T7279] CPU: 1 UID: 0 PID: 7279 Comm: syz.0.291 Not tainted syzkaller #0 PREEMPT(full) 
[  235.018462][ T7279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  235.018469][ T7279] Call Trace:
[  235.018474][ T7279]  <TASK>
[  235.018479][ T7279]  dump_stack_lvl+0x100/0x190
[  235.018496][ T7279]  should_fail_ex.cold+0x5/0xa
[  235.018511][ T7279]  _copy_to_user+0x32/0xd0
[  235.018529][ T7279]  ip_mroute_getsockopt+0x436/0x540
[  235.018547][ T7279]  ? __pfx_ip_mroute_getsockopt+0x10/0x10
[  235.018564][ T7279]  ? find_held_lock+0x2b/0x80
[  235.018578][ T7279]  ? is_bpf_text_address+0x8a/0x1a0
[  235.018595][ T7279]  do_ip_getsockopt+0x1e9/0x2400
[  235.018609][ T7279]  ? __pfx_do_ip_getsockopt+0x10/0x10
[  235.018619][ T7279]  ? __kernel_text_address+0xd/0x30
[  235.018634][ T7279]  ? __lock_acquire+0x4a5/0x2630
[  235.018653][ T7279]  ? _parse_integer_limit+0x17f/0x1d0
[  235.018676][ T7279]  ? __pfx___might_resched+0x10/0x10
[  235.018691][ T7279]  ? aa_sk_perm+0x309/0xaa0
[  235.018709][ T7279]  ip_getsockopt+0xa1/0x1e0
[  235.018721][ T7279]  ? __pfx_ip_getsockopt+0x10/0x10
[  235.018735][ T7279]  raw_getsockopt+0x4d/0x1f0
[  235.018746][ T7279]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  235.018763][ T7279]  do_sock_getsockopt+0x50a/0x6e0
[  235.018779][ T7279]  ? __lock_acquire+0x4a5/0x2630
[  235.018798][ T7279]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  235.018818][ T7279]  ? find_held_lock+0x2b/0x80
[  235.018835][ T7279]  ? __fget_files+0x21f/0x3d0
[  235.018850][ T7279]  __sys_getsockopt+0x133/0x1d0
[  235.018867][ T7279]  ? __ia32_sys_getsockopt+0xbc/0x160
[  235.018880][ T7279]  __ia32_sys_getsockopt+0xbc/0x160
[  235.018893][ T7279]  ? __do_fast_syscall_32+0x98/0x950
[  235.018906][ T7279]  ? lockdep_hardirqs_on+0x78/0x100
[  235.018917][ T7279]  __do_fast_syscall_32+0xe7/0x950
[  235.018929][ T7279]  ? lockdep_hardirqs_on+0x78/0x100
[  235.018941][ T7279]  do_fast_syscall_32+0x32/0x70
[  235.018953][ T7279]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  235.018967][ T7279] RIP: 0023:0xf705efcc
[  235.018977][ T7279] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  235.018988][ T7279] RSP: 002b:00000000f544d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016d
[  235.019000][ T7279] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  235.019007][ T7279] RDX: 00000000000000ce RSI: 0000000000000000 RDI: 0000000080000080
[  235.019013][ T7279] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  235.019019][ T7279] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  235.019026][ T7279] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  235.019043][ T7279]  </TASK>
[  235.252246][ T7286] program syz.0.292 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  235.603692][   T64] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  235.611126][   T64] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  235.616054][   T64] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  235.622633][   T64] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  235.626388][   T64] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  235.647669][ T5975] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  235.673096][ T5975] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  235.678224][ T5975] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  235.686677][ T5975] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  235.690513][ T5975] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  235.768439][ T7294] netlink: 8 bytes leftover after parsing attributes in process `syz.2.297'.
[  235.772980][ T7294] netlink: 12 bytes leftover after parsing attributes in process `syz.2.297'.
[  235.784475][ T7294] batadv_slave_0: entered promiscuous mode
[  235.792556][ T7293] batadv_slave_0: left promiscuous mode
[  235.852214][ T7300] FAULT_INJECTION: forcing a failure.
[  235.852214][ T7300] name failslab, interval 1, probability 0, space 0, times 0
[  235.858386][ T7288] chnl_net:caif_netlink_parms(): no params data found
[  235.860354][ T7300] CPU: 3 UID: 0 PID: 7300 Comm: syz.2.298 Not tainted syzkaller #0 PREEMPT(full) 
[  235.860377][ T7300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  235.860386][ T7300] Call Trace:
[  235.860393][ T7300]  <TASK>
[  235.860400][ T7300]  dump_stack_lvl+0x100/0x190
[  235.860424][ T7300]  should_fail_ex.cold+0x5/0xa
[  235.860445][ T7300]  should_failslab+0xc2/0x120
[  235.860464][ T7300]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  235.860489][ T7300]  ? __alloc_skb+0x140/0x710
[  235.860507][ T7300]  ? __alloc_skb+0x5b7/0x710
[  235.860527][ T7300]  __alloc_skb+0x140/0x710
[  235.860544][ T7300]  ? __alloc_skb+0x5b7/0x710
[  235.860562][ T7300]  ? __pfx___alloc_skb+0x10/0x10
[  235.860586][ T7300]  netlink_alloc_large_skb+0x69/0x150
[  235.860612][ T7300]  netlink_sendmsg+0x680/0xda0
[  235.860639][ T7300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  235.860665][ T7300]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  235.860689][ T7300]  ____sys_sendmsg+0x9e1/0xb70
[  235.860712][ T7300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  235.860737][ T7300]  ? __pfx_____sys_sendmsg+0x10/0x10
[  235.860771][ T7300]  ___sys_sendmsg+0x190/0x1e0
[  235.860797][ T7300]  ? __pfx____sys_sendmsg+0x10/0x10
[  235.860831][ T7300]  ? find_held_lock+0x2b/0x80
[  235.860868][ T7300]  __sys_sendmsg+0x170/0x220
[  235.860889][ T7300]  ? __pfx___sys_sendmsg+0x10/0x10
[  235.860906][ T7300]  ? __fget_files+0x21f/0x3d0
[  235.860930][ T7300]  ? ksys_write+0x1ac/0x250
[  235.860948][ T7300]  ? rcu_is_watching+0x12/0xc0
[  235.860969][ T7300]  __do_fast_syscall_32+0xe7/0x950
[  235.860987][ T7300]  ? lockdep_hardirqs_on+0x78/0x100
[  235.861005][ T7300]  do_fast_syscall_32+0x32/0x70
[  235.861023][ T7300]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  235.861043][ T7300] RIP: 0023:0xf7f37fcc
[  235.861056][ T7300] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  235.861072][ T7300] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  235.861088][ T7300] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002680
[  235.861099][ T7300] RDX: 000000004400d040 RSI: 0000000000000000 RDI: 0000000000000000
[  235.861108][ T7300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  235.861118][ T7300] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  235.861127][ T7300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  235.861161][ T7300]  </TASK>
[  236.086467][ T7288] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.089459][ T7288] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.092369][ T7288] bridge_slave_0: entered allmulticast mode
[  236.095980][ T7288] bridge_slave_0: entered promiscuous mode
[  236.131419][ T7288] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.134678][ T7288] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.138006][ T7288] bridge_slave_1: entered allmulticast mode
[  236.142848][ T7288] bridge_slave_1: entered promiscuous mode
[  236.173049][ T7288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  236.184214][ T7288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  236.243570][ T7288] team0: Port device team_slave_0 added
[  236.253522][ T7288] team0: Port device team_slave_1 added
[  236.276716][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.279949][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.290828][ T7288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  236.297263][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_1
[  236.300796][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  236.311763][ T7288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  236.378771][ T7288] hsr_slave_0: entered promiscuous mode
[  236.381366][ T7288] hsr_slave_1: entered promiscuous mode
[  236.383717][ T7288] debugfs: 'hsr0' already exists in 'hsr'
[  236.385726][ T7288] Cannot create hsr debugfs directory
[  236.434703][ T7326] syz.2.305 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  236.598970][ T7332] FAULT_INJECTION: forcing a failure.
[  236.598970][ T7332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.605666][ T7332] CPU: 1 UID: 0 PID: 7332 Comm: syz.2.308 Not tainted syzkaller #0 PREEMPT(full) 
[  236.605691][ T7332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  236.605700][ T7332] Call Trace:
[  236.605706][ T7332]  <TASK>
[  236.605713][ T7332]  dump_stack_lvl+0x100/0x190
[  236.605743][ T7332]  should_fail_ex.cold+0x5/0xa
[  236.605765][ T7332]  _copy_from_user+0x2e/0xd0
[  236.605788][ T7332]  move_addr_to_kernel+0x65/0x170
[  236.605814][ T7332]  get_compat_msghdr+0x3ee/0x4b0
[  236.605835][ T7332]  ? __pfx_get_compat_msghdr+0x10/0x10
[  236.605862][ T7332]  ___sys_sendmsg+0x1b6/0x1e0
[  236.605887][ T7332]  ? __pfx____sys_sendmsg+0x10/0x10
[  236.605920][ T7332]  ? find_held_lock+0x2b/0x80
[  236.605952][ T7332]  __sys_sendmsg+0x170/0x220
[  236.605972][ T7332]  ? __pfx___sys_sendmsg+0x10/0x10
[  236.605989][ T7332]  ? __fget_files+0x21f/0x3d0
[  236.606012][ T7332]  ? ksys_write+0x1ac/0x250
[  236.606030][ T7332]  ? rcu_is_watching+0x12/0xc0
[  236.606050][ T7332]  __do_fast_syscall_32+0xe7/0x950
[  236.606068][ T7332]  ? lockdep_hardirqs_on+0x78/0x100
[  236.606085][ T7332]  do_fast_syscall_32+0x32/0x70
[  236.606102][ T7332]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.606123][ T7332] RIP: 0023:0xf7f37fcc
[  236.606135][ T7332] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  236.606267][ T7332] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  236.606286][ T7332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  236.606296][ T7332] RDX: 0000000000040011 RSI: 0000000000000000 RDI: 0000000000000000
[  236.606305][ T7332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.606315][ T7332] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  236.606324][ T7332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.606344][ T7332]  </TASK>
[  236.631226][ T7288] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  236.685159][ T7288] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  236.692619][ T7288] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  236.704336][ T7288] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  236.707249][ T7288] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  236.711537][ T7288] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  236.719916][ T7288] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  236.726145][ T7337] FAULT_INJECTION: forcing a failure.
[  236.726145][ T7337] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  236.730084][ T7288] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  236.731284][ T7337] CPU: 0 UID: 0 PID: 7337 Comm: syz.2.310 Not tainted syzkaller #0 PREEMPT(full) 
[  236.731299][ T7337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  236.731305][ T7337] Call Trace:
[  236.731309][ T7337]  <TASK>
[  236.731314][ T7337]  dump_stack_lvl+0x100/0x190
[  236.731331][ T7337]  should_fail_ex.cold+0x5/0xa
[  236.731345][ T7337]  _copy_from_user+0x2e/0xd0
[  236.731361][ T7337]  __sys_bpf+0x243/0x4b90
[  236.731374][ T7337]  ? __pfx___sys_bpf+0x10/0x10
[  236.731383][ T7337]  ? get_pid_task+0x106/0x250
[  236.731400][ T7337]  ? proc_fail_nth_write+0x9f/0x220
[  236.731417][ T7337]  ? find_held_lock+0x2b/0x80
[  236.731433][ T7337]  ? find_held_lock+0x2b/0x80
[  236.731447][ T7337]  ? ksys_write+0x190/0x250
[  236.731461][ T7337]  ? __mutex_unlock_slowpath+0x15d/0x8a0
[  236.731474][ T7337]  ? kernel_write+0x5f3/0x6c0
[  236.731492][ T7337]  ? fput+0x79/0x100
[  236.731506][ T7337]  ? ksys_write+0x1ac/0x250
[  236.731519][ T7337]  __ia32_sys_bpf+0x79/0xf0
[  236.731529][ T7337]  ? lockdep_hardirqs_on+0x78/0x100
[  236.731541][ T7337]  __do_fast_syscall_32+0xe7/0x950
[  236.731552][ T7337]  ? lockdep_hardirqs_on+0x78/0x100
[  236.731564][ T7337]  do_fast_syscall_32+0x32/0x70
[  236.731576][ T7337]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  236.731590][ T7337] RIP: 0023:0xf7f37fcc
[  236.731600][ T7337] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  236.731611][ T7337] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  236.731622][ T7337] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080
[  236.731629][ T7337] RDX: 000000000000002c RSI: 0000000000000000 RDI: 0000000000000000
[  236.731635][ T7337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  236.731641][ T7337] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  236.731648][ T7337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  236.731661][ T7337]  </TASK>
[  237.207381][ T7359] netlink: 'syz.2.316': attribute type 1 has an invalid length.
[  237.260615][ T7359] 8021q: adding VLAN 0 to HW filter on device bond2
[  237.261685][ T7361] capability: warning: `syz.2.316' uses 32-bit capabilities (legacy support in use)
[  237.271282][ T7288] 8021q: adding VLAN 0 to HW filter on device bond0
[  237.300071][ T7288] 8021q: adding VLAN 0 to HW filter on device team0
[  237.308267][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.310682][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.327585][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.329905][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.408364][ T7364] FAULT_INJECTION: forcing a failure.
[  237.408364][ T7364] name failslab, interval 1, probability 0, space 0, times 0
[  237.414125][ T7364] CPU: 0 UID: 0 PID: 7364 Comm: syz.1.317 Not tainted syzkaller #0 PREEMPT(full) 
[  237.414149][ T7364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  237.414159][ T7364] Call Trace:
[  237.414165][ T7364]  <TASK>
[  237.414171][ T7364]  dump_stack_lvl+0x100/0x190
[  237.414194][ T7364]  should_fail_ex.cold+0x5/0xa
[  237.414215][ T7364]  should_failslab+0xc2/0x120
[  237.414232][ T7364]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  237.414256][ T7364]  ? __alloc_skb+0x140/0x710
[  237.414274][ T7364]  ? __alloc_skb+0x5b7/0x710
[  237.414293][ T7364]  __alloc_skb+0x140/0x710
[  237.414309][ T7364]  ? __alloc_skb+0x5b7/0x710
[  237.414326][ T7364]  ? __pfx___alloc_skb+0x10/0x10
[  237.414349][ T7364]  netlink_alloc_large_skb+0x69/0x150
[  237.414373][ T7364]  netlink_sendmsg+0x680/0xda0
[  237.414399][ T7364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.414446][ T7364]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  237.414473][ T7364]  ____sys_sendmsg+0x9e1/0xb70
[  237.414494][ T7364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.414518][ T7364]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.414550][ T7364]  ___sys_sendmsg+0x190/0x1e0
[  237.414576][ T7364]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.414610][ T7364]  ? find_held_lock+0x2b/0x80
[  237.414643][ T7364]  __sys_sendmsg+0x170/0x220
[  237.414662][ T7364]  ? __pfx___sys_sendmsg+0x10/0x10
[  237.414680][ T7364]  ? __fget_files+0x21f/0x3d0
[  237.414703][ T7364]  ? ksys_write+0x1ac/0x250
[  237.414721][ T7364]  ? rcu_is_watching+0x12/0xc0
[  237.414741][ T7364]  __do_fast_syscall_32+0xe7/0x950
[  237.414759][ T7364]  ? lockdep_hardirqs_on+0x78/0x100
[  237.414783][ T7364]  do_fast_syscall_32+0x32/0x70
[  237.414800][ T7364]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  237.414820][ T7364] RIP: 0023:0xf7f86fcc
[  237.414834][ T7364] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  237.414849][ T7364] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  237.414867][ T7364] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  237.414876][ T7364] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  237.414885][ T7364] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  237.414895][ T7364] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  237.414904][ T7364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  237.414925][ T7364]  </TASK>
[  237.531320][ T7288] 8021q: adding VLAN 0 to HW filter on device batadv0
[  237.650394][ T5362] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  237.714858][ T7288] veth0_vlan: entered promiscuous mode
[  237.717498][ T7379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.319'.
[  237.721497][ T7288] veth1_vlan: entered promiscuous mode
[  237.740006][   T64] Bluetooth: hci1: command tx timeout
[  237.787093][ T7380] bridge0: port 3(geneve1) entered blocking state
[  237.790521][ T7380] bridge0: port 3(geneve1) entered disabled state
[  237.795027][ T7380] geneve1: entered allmulticast mode
[  237.799425][ T5362] usb 7-1: Using ep0 maxpacket: 32
[  237.800858][ T7380] geneve1: entered promiscuous mode
[  237.802943][ T5362] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  237.808061][ T7288] veth0_macvtap: entered promiscuous mode
[  237.816105][ T5362] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  237.820600][ T7288] veth1_macvtap: entered promiscuous mode
[  237.821588][ T7379] netlink: 'syz.1.319': attribute type 10 has an invalid length.
[  237.822511][ T5362] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  237.829421][ T7379] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.829616][ T5362] usb 7-1: Product: syz
[  237.832973][ T7379] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.833658][ T5362] usb 7-1: Manufacturer: syz
[  237.837397][ T5362] usb 7-1: SerialNumber: syz
[  237.844353][ T5362] usb 7-1: config 0 descriptor??
[  237.846558][ T7359] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  237.846770][ T7379] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.850930][ T5362] hub 7-1:0.0: bad descriptor, ignoring hub
[  237.851194][ T7379] bridge0: port 2(bridge_slave_1) entered forwarding state
[  237.852954][ T5362] hub 7-1:0.0: probe with driver hub failed with error -5
[  237.856116][ T7379] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.860433][ T7379] bridge0: port 1(bridge_slave_0) entered forwarding state
[  237.869459][ T7379] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  237.885586][ T7288] batman_adv: batadv0: Interface activated: batadv_slave_0
[  237.895518][ T7288] batman_adv: batadv0: Interface activated: batadv_slave_1
[  237.903736][   T85] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  237.914050][   T85] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  237.926209][   T85] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  237.932938][   T85] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  237.991392][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  237.998286][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.024574][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  238.028219][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  238.079900][ T7359] tmpfs: Unknown parameter 'usrquotation time 675 usec
[  238.079900][ T7359] stack depth 0
[  238.079900][ T7359] processed 5 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 masyz_tun'
[  238.182709][ T7384] FAULT_INJECTION: forcing a failure.
[  238.182709][ T7384] name failslab, interval 1, probability 0, space 0, times 0
[  238.187929][ T7384] CPU: 1 UID: 0 PID: 7384 Comm: syz.4.295 Not tainted syzkaller #0 PREEMPT(full) 
[  238.187956][ T7384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  238.187966][ T7384] Call Trace:
[  238.187974][ T7384]  <TASK>
[  238.187984][ T7384]  dump_stack_lvl+0x100/0x190
[  238.188010][ T7384]  should_fail_ex.cold+0x5/0xa
[  238.188033][ T7384]  ? tomoyo_encode2+0xfb/0x3c0
[  238.188056][ T7384]  should_failslab+0xc2/0x120
[  238.188076][ T7384]  __kmalloc_noprof+0xe0/0x850
[  238.188103][ T7384]  ? rcu_is_watching+0x12/0xc0
[  238.188128][ T7384]  tomoyo_encode2+0xfb/0x3c0
[  238.188148][ T7384]  tomoyo_encode+0x29/0x50
[  238.188164][ T7384]  tomoyo_realpath_from_path+0x18c/0x690
[  238.188187][ T7384]  tomoyo_path_number_perm+0x23c/0x580
[  238.188211][ T7384]  ? tomoyo_path_number_perm+0x22e/0x580
[  238.188236][ T7384]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  238.188261][ T7384]  ? get_pid_task+0x106/0x250
[  238.188309][ T7384]  ? find_held_lock+0x2b/0x80
[  238.188330][ T7384]  ? __fget_files+0x215/0x3d0
[  238.188349][ T7384]  ? hook_file_ioctl_common+0x149/0x410
[  238.188373][ T7384]  ? __fget_files+0x215/0x3d0
[  238.188396][ T7384]  ? __fget_files+0x21f/0x3d0
[  238.188419][ T7384]  security_file_ioctl_compat+0xd3/0x230
[  238.188446][ T7384]  __ia32_compat_sys_ioctl+0xc2/0x360
[  238.188477][ T7384]  __do_fast_syscall_32+0xe7/0x950
[  238.188498][ T7384]  ? lockdep_hardirqs_on+0x78/0x100
[  238.188517][ T7384]  do_fast_syscall_32+0x32/0x70
[  238.188537][ T7384]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  238.188557][ T7384] RIP: 0023:0xf708efcc
[  238.188571][ T7384] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  238.188587][ T7384] RSP: 002b:00000000f545c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  238.188605][ T7384] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000009360
[  238.188616][ T7384] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  238.188625][ T7384] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  238.188635][ T7384] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  238.188645][ T7384] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  238.188668][ T7384]  </TASK>
[  238.188690][ T7384] ERROR: Out of memory at tomoyo_realpath_from_path.
[  238.199576][ T6065] usb 7-1: USB disconnect, device number 5
[  239.830750][   T64] Bluetooth: hci1: command tx timeout
[  240.244877][ T7407] FAULT_INJECTION: forcing a failure.
[  240.244877][ T7407] name failslab, interval 1, probability 0, space 0, times 0
[  240.249817][ T7407] CPU: 1 UID: 0 PID: 7407 Comm: syz.1.324 Not tainted syzkaller #0 PREEMPT(full) 
[  240.249835][ T7407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  240.249843][ T7407] Call Trace:
[  240.249847][ T7407]  <TASK>
[  240.249851][ T7407]  dump_stack_lvl+0x100/0x190
[  240.249869][ T7407]  should_fail_ex.cold+0x5/0xa
[  240.249884][ T7407]  should_failslab+0xc2/0x120
[  240.249897][ T7407]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  240.249915][ T7407]  ? __alloc_skb+0x140/0x710
[  240.249929][ T7407]  ? __alloc_skb+0x5b7/0x710
[  240.249942][ T7407]  __alloc_skb+0x140/0x710
[  240.249954][ T7407]  ? __alloc_skb+0x5b7/0x710
[  240.249965][ T7407]  ? __pfx___alloc_skb+0x10/0x10
[  240.249981][ T7407]  netlink_alloc_large_skb+0x69/0x150
[  240.249999][ T7407]  netlink_sendmsg+0x680/0xda0
[  240.250018][ T7407]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.250038][ T7407]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  240.250054][ T7407]  ____sys_sendmsg+0x9e1/0xb70
[  240.250071][ T7407]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.250088][ T7407]  ? __pfx_____sys_sendmsg+0x10/0x10
[  240.250110][ T7407]  ___sys_sendmsg+0x190/0x1e0
[  240.250129][ T7407]  ? __pfx____sys_sendmsg+0x10/0x10
[  240.250152][ T7407]  ? find_held_lock+0x2b/0x80
[  240.250174][ T7407]  __sys_sendmsg+0x170/0x220
[  240.250188][ T7407]  ? __pfx___sys_sendmsg+0x10/0x10
[  240.250201][ T7407]  ? __fget_files+0x21f/0x3d0
[  240.250217][ T7407]  ? ksys_write+0x1ac/0x250
[  240.250230][ T7407]  ? rcu_is_watching+0x12/0xc0
[  240.250244][ T7407]  __do_fast_syscall_32+0xe7/0x950
[  240.250258][ T7407]  ? lockdep_hardirqs_on+0x78/0x100
[  240.250270][ T7407]  do_fast_syscall_32+0x32/0x70
[  240.250282][ T7407]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  240.250297][ T7407] RIP: 0023:0xf7f86fcc
[  240.250306][ T7407] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  240.250317][ T7407] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  240.250330][ T7407] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  240.250336][ T7407] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  240.250343][ T7407] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  240.250349][ T7407] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  240.250355][ T7407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  240.250368][ T7407]  </TASK>
[  240.400834][   T40] kauditd_printk_skb: 37 callbacks suppressed
[  240.400849][   T40] audit: type=1326 audit(1776660999.151:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.413272][   T40] audit: type=1326 audit(1776660999.161:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.421542][   T40] audit: type=1326 audit(1776660999.171:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.428736][   T40] audit: type=1326 audit(1776660999.171:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.518818][   T40] audit: type=1326 audit(1776660999.171:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.526064][   T40] audit: type=1326 audit(1776660999.171:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=429 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.532805][   T40] audit: type=1326 audit(1776660999.171:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.539480][   T40] audit: type=1326 audit(1776660999.171:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.546070][   T40] audit: type=1326 audit(1776660999.171:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.553659][   T40] audit: type=1326 audit(1776660999.211:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7408 comm="syz.1.326" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f86fcc code=0x7ffc0000
[  240.840590][ T7423] netlink: 420 bytes leftover after parsing attributes in process `syz.4.327'.
[  240.930801][ T7424] 9p: Bad value for 'rfdno'
[  241.901259][   T64] Bluetooth: hci1: command tx timeout
[  243.079823][ T7434] kAFS: unable to lookup cell '(,c��L'
[  243.185586][ T7434] netlink: 20 bytes leftover after parsing attributes in process `syz.2.330'.
[  243.189613][ T7434] openvswitch: netlink: Flow actions attr not present in new flow.
[  243.469978][ T7455] netlink: 340 bytes leftover after parsing attributes in process `syz.4.338'.
[  243.577825][ T7457] FAULT_INJECTION: forcing a failure.
[  243.577825][ T7457] name failslab, interval 1, probability 0, space 0, times 0
[  243.673686][ T7457] CPU: 2 UID: 0 PID: 7457 Comm: syz.2.339 Not tainted syzkaller #0 PREEMPT(full) 
[  243.673705][ T7457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  243.673716][ T7457] Call Trace:
[  243.673720][ T7457]  <TASK>
[  243.673726][ T7457]  dump_stack_lvl+0x100/0x190
[  243.673745][ T7457]  should_fail_ex.cold+0x5/0xa
[  243.673760][ T7457]  ? tomoyo_realpath_from_path+0xb6/0x690
[  243.673771][ T7457]  should_failslab+0xc2/0x120
[  243.673784][ T7457]  __kmalloc_noprof+0xe0/0x850
[  243.673801][ T7457]  ? kfree+0x1dd/0x6c0
[  243.673817][ T7457]  tomoyo_realpath_from_path+0xb6/0x690
[  243.673831][ T7457]  tomoyo_path_number_perm+0x23c/0x580
[  243.673929][ T7457]  ? tomoyo_path_number_perm+0x22e/0x580
[  243.673946][ T7457]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  243.673963][ T7457]  ? get_pid_task+0x106/0x250
[  243.673990][ T7457]  ? find_held_lock+0x2b/0x80
[  243.674004][ T7457]  ? __fget_files+0x215/0x3d0
[  243.674015][ T7457]  ? hook_file_ioctl_common+0x149/0x410
[  243.674031][ T7457]  ? __fget_files+0x215/0x3d0
[  243.674045][ T7457]  ? __fget_files+0x21f/0x3d0
[  243.674059][ T7457]  security_file_ioctl_compat+0xd3/0x230
[  243.674076][ T7457]  __ia32_compat_sys_ioctl+0xc2/0x360
[  243.674097][ T7457]  __do_fast_syscall_32+0xe7/0x950
[  243.674110][ T7457]  ? lockdep_hardirqs_on+0x78/0x100
[  243.674122][ T7457]  do_fast_syscall_32+0x32/0x70
[  243.674135][ T7457]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  243.674150][ T7457] RIP: 0023:0xf7f37fcc
[  243.674160][ T7457] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  243.674172][ T7457] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  243.674185][ T7457] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  243.674192][ T7457] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  243.674198][ T7457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  243.674204][ T7457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  243.674210][ T7457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  243.674224][ T7457]  </TASK>
[  243.674229][ T7457] ERROR: Out of memory at tomoyo_realpath_from_path.
[  243.891594][ T7465] FAULT_INJECTION: forcing a failure.
[  243.891594][ T7465] name failslab, interval 1, probability 0, space 0, times 0
[  243.895926][ T7465] CPU: 1 UID: 0 PID: 7465 Comm: syz.1.341 Not tainted syzkaller #0 PREEMPT(full) 
[  243.895942][ T7465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  243.895949][ T7465] Call Trace:
[  243.895954][ T7465]  <TASK>
[  243.895960][ T7465]  dump_stack_lvl+0x100/0x190
[  243.895977][ T7465]  should_fail_ex.cold+0x5/0xa
[  243.895992][ T7465]  should_failslab+0xc2/0x120
[  243.896005][ T7465]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  243.896023][ T7465]  ? __alloc_skb+0x140/0x710
[  243.896036][ T7465]  ? __alloc_skb+0x5b7/0x710
[  243.896049][ T7465]  __alloc_skb+0x140/0x710
[  243.896061][ T7465]  ? __alloc_skb+0x5b7/0x710
[  243.896073][ T7465]  ? __pfx___alloc_skb+0x10/0x10
[  243.896085][ T7465]  ? __pfx___might_resched+0x10/0x10
[  243.896101][ T7465]  netlink_alloc_large_skb+0x69/0x150
[  243.896120][ T7465]  netlink_sendmsg+0x680/0xda0
[  243.896138][ T7465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.896156][ T7465]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  243.896173][ T7465]  ____sys_sendmsg+0x9e1/0xb70
[  243.896189][ T7465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  243.896207][ T7465]  ? __pfx_____sys_sendmsg+0x10/0x10
[  243.896229][ T7465]  ___sys_sendmsg+0x190/0x1e0
[  243.896248][ T7465]  ? __pfx____sys_sendmsg+0x10/0x10
[  243.896271][ T7465]  ? find_held_lock+0x2b/0x80
[  243.896293][ T7465]  __sys_sendmsg+0x170/0x220
[  243.896307][ T7465]  ? __pfx___sys_sendmsg+0x10/0x10
[  243.896320][ T7465]  ? __fget_files+0x21f/0x3d0
[  243.896336][ T7465]  ? ksys_write+0x1ac/0x250
[  243.896349][ T7465]  ? rcu_is_watching+0x12/0xc0
[  243.896363][ T7465]  __do_fast_syscall_32+0xe7/0x950
[  243.896376][ T7465]  ? lockdep_hardirqs_on+0x78/0x100
[  243.896389][ T7465]  do_fast_syscall_32+0x32/0x70
[  243.896401][ T7465]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  243.896415][ T7465] RIP: 0023:0xf7f86fcc
[  243.896425][ T7465] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  243.896437][ T7465] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  243.896449][ T7465] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001700
[  243.896455][ T7465] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  243.896462][ T7465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  243.896468][ T7465] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  243.896474][ T7465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  243.896488][ T7465]  </TASK>
[  243.980617][   T64] Bluetooth: hci1: command tx timeout
[  243.985167][   T34] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  244.066534][ T7467] Bluetooth: MGMT ver 1.23
[  244.162787][   T34] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  244.167408][   T34] usb 9-1: config 1 interface 0 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  244.171951][   T34] usb 9-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  244.245949][ T7483] bond0: (slave bridge0): Releasing backup interface
[  244.250875][ T7483] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.253452][ T7483] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.267665][ T7483] bridge_slave_0: left allmulticast mode
[  244.271304][ T7483] bridge_slave_0: left promiscuous mode
[  244.273346][ T7483] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.280708][ T7483] bridge_slave_1: left allmulticast mode
[  244.282561][ T7483] bridge_slave_1: left promiscuous mode
[  244.284838][ T7483] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.335223][ T7483] bond0: (slave bond_slave_0): Releasing backup interface
[  244.358590][ T7483] bond0: (slave bond_slave_1): Releasing backup interface
[  244.414248][ T7483] team0: Port device team_slave_0 removed
[  244.424180][ T7483] team0: Port device team_slave_1 removed
[  244.426971][ T7483] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.429733][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.433980][ T7483] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.436567][ T7483] batman_adv: batadv0: Removing interface: batadv_slave_1
[  244.440679][ T7483] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  245.564787][ T7500] netlink: 'syz.1.352': attribute type 1 has an invalid length.
[  246.253969][   T34] usb 9-1: New USB device found, idVendor=0b05, idProduct=17a0, bcdDevice= 0.40
[  246.258763][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.261582][   T34] usb 9-1: Product: ꚪ辏⠡阤崟呛鑾膗䳺ᐔ솰샖⻆Q齆샢䦢₅語献咡뎞宦
[  246.265138][   T34] usb 9-1: Manufacturer: й
[  246.273623][   T34] usb 9-1: can't set config #1, error -71
[  246.549151][   T34] usb 9-1: USB disconnect, device number 2
[  246.773488][ T7518] FAULT_INJECTION: forcing a failure.
[  246.773488][ T7518] name failslab, interval 1, probability 0, space 0, times 0
[  246.789334][ T7518] CPU: 3 UID: 0 PID: 7518 Comm: syz.3.358 Not tainted syzkaller #0 PREEMPT(full) 
[  246.789353][ T7518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  246.789360][ T7518] Call Trace:
[  246.789364][ T7518]  <TASK>
[  246.789369][ T7518]  dump_stack_lvl+0x100/0x190
[  246.789386][ T7518]  should_fail_ex.cold+0x5/0xa
[  246.789400][ T7518]  ? video_usercopy+0x145/0x1490
[  246.789417][ T7518]  should_failslab+0xc2/0x120
[  246.789430][ T7518]  __kmalloc_noprof+0xe0/0x850
[  246.789447][ T7518]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  246.789478][ T7518]  video_usercopy+0x145/0x1490
[  246.789498][ T7518]  ? __pfx___video_do_ioctl+0x10/0x10
[  246.789514][ T7518]  ? do_vfs_ioctl+0x226/0x13e0
[  246.789532][ T7518]  ? __pfx_video_usercopy+0x10/0x10
[  246.789553][ T7518]  ? __fget_files+0x215/0x3d0
[  246.789565][ T7518]  ? hook_file_ioctl_common+0x149/0x410
[  246.789585][ T7518]  v4l2_ioctl+0x1bd/0x250
[  246.789604][ T7518]  v4l2_compat_ioctl32+0x20f/0x2d0
[  246.789619][ T7518]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  246.789634][ T7518]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  246.789654][ T7518]  __do_fast_syscall_32+0xe7/0x950
[  246.789667][ T7518]  ? lockdep_hardirqs_on+0x78/0x100
[  246.789680][ T7518]  do_fast_syscall_32+0x32/0x70
[  246.789692][ T7518]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  246.789707][ T7518] RIP: 0023:0xf703efcc
[  246.789717][ T7518] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  246.789729][ T7518] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  246.789741][ T7518] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0d05605
[  246.789748][ T7518] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  246.789755][ T7518] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  246.789761][ T7518] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  246.789767][ T7518] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  246.789781][ T7518]  </TASK>
[  246.919634][ T7522] input: syz0 as /devices/virtual/input/input34
[  247.109980][ T7522] xt_CT: You must specify a L4 protocol and not use inversions on it
[  247.334242][ T7532] netlink: 'syz.1.362': attribute type 1 has an invalid length.
[  247.376070][ T7532] bond1: entered promiscuous mode
[  247.379214][ T7532] 8021q: adding VLAN 0 to HW filter on device bond1
[  248.075965][ T7542] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  248.078052][ T7542] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  248.089382][ T7542] vhci_hcd vhci_hcd.0: Device attached
[  248.184739][ T7548] FAULT_INJECTION: forcing a failure.
[  248.184739][ T7548] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  248.199384][ T7548] CPU: 3 UID: 0 PID: 7548 Comm: syz.1.366 Not tainted syzkaller #0 PREEMPT(full) 
[  248.199415][ T7548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  248.199425][ T7548] Call Trace:
[  248.199430][ T7548]  <TASK>
[  248.199435][ T7548]  dump_stack_lvl+0x100/0x190
[  248.199462][ T7548]  should_fail_ex.cold+0x5/0xa
[  248.199486][ T7548]  _copy_from_user+0x2e/0xd0
[  248.199508][ T7548]  snd_seq_oss_write+0x395/0x800
[  248.199532][ T7548]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  248.199554][ T7548]  ? apparmor_file_permission+0x13f/0x1c0
[  248.199581][ T7548]  ? bpf_lsm_file_permission+0x9/0x10
[  248.199611][ T7548]  ? __pfx_odev_write+0x10/0x10
[  248.199634][ T7548]  odev_write+0x51/0xa0
[  248.199658][ T7548]  vfs_writev+0x5ea/0xe10
[  248.199690][ T7548]  ? __pfx_vfs_writev+0x10/0x10
[  248.199724][ T7548]  ? __fget_files+0x21f/0x3d0
[  248.199749][ T7548]  ? do_writev+0x13e/0x340
[  248.199765][ T7548]  do_writev+0x13e/0x340
[  248.199783][ T7548]  ? __pfx_do_writev+0x10/0x10
[  248.199798][ T7548]  ? ksys_write+0x1ac/0x250
[  248.199818][ T7548]  ? rcu_is_watching+0x12/0xc0
[  248.199842][ T7548]  __do_fast_syscall_32+0xe7/0x950
[  248.199863][ T7548]  ? lockdep_hardirqs_on+0x78/0x100
[  248.199880][ T7548]  do_fast_syscall_32+0x32/0x70
[  248.199899][ T7548]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  248.199922][ T7548] RIP: 0023:0xf7f86fcc
[  248.199936][ T7548] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  248.199952][ T7548] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000092
[  248.199972][ T7548] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  248.199983][ T7548] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  248.199993][ T7548] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  248.200002][ T7548] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  248.200012][ T7548] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  248.200036][ T7548]  </TASK>
[  248.545997][ T7554] input: syz1 as /devices/virtual/input/input35
[  248.579016][ T7551] loop9: detected capacity change from 0 to 7
[  248.589049][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.593758][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.600994][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.604893][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.623762][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.627823][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.633091][    C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.637134][    C0] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.641156][    C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.644155][    C3] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.661313][  T843] usb 44-1: SetAddress Request (2) to port 0
[  248.666228][  T843] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  248.718789][    C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.721768][    C3] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.727305][    C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.730237][    C3] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.732725][ T7551] ldm_validate_partition_table(): Disk read failed.
[  248.740426][    C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.743727][    C3] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.746941][    C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.749808][    C3] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.755114][    C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  248.758415][    C3] Buffer I/O error on dev loop9, logical block 0, async page read
[  248.763358][ T7551] Dev loop9: unable to read RDB block 0
[  248.770719][ T7551]  loop9: unable to read partition table
[  248.773257][ T7551] loop9: partition table beyond EOD, truncated
[  248.775790][ T7551] loop_reread_partitions: partition scan of loop9 (��) failed (rc=-5)
[  248.931026][ T7543] vhci_hcd: connection reset by peer
[  248.936581][ T1182] vhci_hcd vhci_hcd.3: stop threads
[  248.938393][ T1182] vhci_hcd vhci_hcd.3: release socket
[  248.940333][ T1182] vhci_hcd vhci_hcd.3: disconnect device
[  249.245594][ T7565] netlink: 12 bytes leftover after parsing attributes in process `syz.2.370'.
[  249.666129][ T7579] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  249.802140][ T7582] kAFS: unable to lookup cell '(,c��L'
[  249.874558][ T7584] netlink: 20 bytes leftover after parsing attributes in process `syz.3.374'.
[  249.877634][ T7584] openvswitch: netlink: Flow actions attr not present in new flow.
[  250.351720][ T7589] input: syz1 as /devices/virtual/input/input36
[  250.378149][ T7586] 9p: Bad value for 'rfdno'
[  251.489853][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.3.378'.
[  251.554311][ T7602] input: syz1 as /devices/virtual/input/input37
[  252.688535][ T7627] input: syz1 as /devices/virtual/input/input38
[  252.703982][ T7628] kAFS: unable to lookup cell '(,c��L'
[  252.978193][ T7631] netlink: 20 bytes leftover after parsing attributes in process `syz.2.386'.
[  252.981980][ T7631] openvswitch: netlink: Flow actions attr not present in new flow.
[  253.739507][  T843] usb 44-1: device descriptor read/8, error -110
[  254.143598][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  254.616047][  T843] usb usb44-port1: attempt power cycle
[  255.099725][ T7659] netlink: 68 bytes leftover after parsing attributes in process `syz.3.394'.
[  255.102623][ T7659] netlink: 68 bytes leftover after parsing attributes in process `syz.3.394'.
[  255.369735][   T34] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  255.520830][   T34] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  255.524092][   T34] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  255.527486][   T34] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  255.533888][   T34] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  255.537065][   T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.540136][   T34] usb 8-1: Product: syz
[  255.541806][   T34] usb 8-1: Manufacturer: syz
[  255.543988][   T34] usb 8-1: SerialNumber: syz
[  255.552131][   T34] hub 8-1:1.0: bad descriptor, ignoring hub
[  255.557321][   T34] hub 8-1:1.0: probe with driver hub failed with error -5
[  255.762494][   T34] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  255.974733][  T843] usb usb44-port1: unable to enumerate USB device
[  256.392416][ T7659] usb 8-1: reset high-speed USB device number 8 using dummy_hcd
[  256.770662][   T34] usb 8-1: USB disconnect, device number 8
[  256.805581][   T34] usblp0: removed
[  256.999409][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  257.041584][ T7683] kAFS: unable to lookup cell '(,c��L'
[  257.151021][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  257.154245][   T10] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  257.157649][   T10] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  257.164499][   T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  257.167659][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.171620][   T10] usb 7-1: Product: syz
[  257.173165][   T10] usb 7-1: Manufacturer: syz
[  257.174824][   T10] usb 7-1: SerialNumber: syz
[  257.179399][   T10] hub 7-1:1.0: bad descriptor, ignoring hub
[  257.184292][   T10] hub 7-1:1.0: probe with driver hub failed with error -5
[  257.384674][   T10] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  257.574168][ T7686] netlink: 20 bytes leftover after parsing attributes in process `syz.1.399'.
[  257.577397][ T7686] openvswitch: netlink: Flow actions attr not present in new flow.
[  258.109371][   T34] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  258.239397][   T34] usb 8-1: device descriptor read/64, error -71
[  258.282160][ T7677] usb 7-1: reset high-speed USB device number 6 using dummy_hcd
[  258.479379][   T34] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  258.609392][   T34] usb 8-1: device descriptor read/64, error -71
[  258.673151][   T10] usb 7-1: USB disconnect, device number 6
[  258.677096][   T10] usblp0: removed
[  258.722087][   T34] usb usb8-port1: attempt power cycle
[  258.761051][ T7694] input: syz1 as /devices/virtual/input/input39
[  259.079549][   T34] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  259.101474][   T34] usb 8-1: device descriptor read/8, error -71
[  259.369628][   T34] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  259.394014][   T34] usb 8-1: device descriptor read/8, error -71
[  259.501295][   T34] usb usb8-port1: unable to enumerate USB device
[  259.519776][ T7697] netlink: 68 bytes leftover after parsing attributes in process `syz.2.403'.
[  259.525627][ T7697] netlink: 68 bytes leftover after parsing attributes in process `syz.2.403'.
[  259.779425][   T10] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  259.931043][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  259.935136][   T10] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  259.939034][   T10] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  259.951518][   T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  259.955420][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.958806][   T10] usb 7-1: Product: syz
[  259.969426][   T10] usb 7-1: Manufacturer: syz
[  259.971355][   T10] usb 7-1: SerialNumber: syz
[  259.987771][   T10] hub 7-1:1.0: bad descriptor, ignoring hub
[  259.993013][   T10] hub 7-1:1.0: probe with driver hub failed with error -5
[  260.194109][   T10] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  260.305434][ T7705] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  261.079961][ T7697] usb 7-1: reset high-speed USB device number 7 using dummy_hcd
[  261.111122][ T7712] input: syz0 as /devices/virtual/input/input40
[  261.123924][ T6727] udevd[6727]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory
[  261.128301][ T6727] udevd[6727]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  261.288680][ T7718] input: syz1 as /devices/virtual/input/input41
[  261.338051][ T7719] siw: device registration error -23
[  261.480682][  T857] usb 7-1: USB disconnect, device number 7
[  261.503109][  T857] usblp0: removed
[  262.499433][  T857] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  262.539705][ T7736] netlink: 56 bytes leftover after parsing attributes in process `syz.1.415'.
[  262.673676][  T857] usb 7-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  262.681897][  T857] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.689339][  T857] usb 7-1: Product: syz
[  262.691098][  T857] usb 7-1: Manufacturer: syz
[  262.699398][  T857] usb 7-1: SerialNumber: syz
[  263.153391][  T857] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202
[  263.213189][   T24] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  263.273941][ T6276] block nbd1: Possible stuck request ffff888027c57000: control (read@0,1024B). Runtime 60 seconds
[  263.279013][ T1518] block nbd0: Possible stuck request ffff888027c15080: control (read@0,1024B). Runtime 60 seconds
[  263.284439][ T6276] block nbd1: Possible stuck request ffff888027c571c0: control (read@1024,1024B). Runtime 60 seconds
[  263.285272][ T7753] overlayfs: missing 'lowerdir'
[  263.290767][ T1518] block nbd0: Possible stuck request ffff888027c15240: control (read@1024,1024B). Runtime 60 seconds
[  263.296245][ T6276] block nbd1: Possible stuck request ffff888027c57380: control (read@2048,1024B). Runtime 60 seconds
[  263.301274][ T1518] block nbd0: Possible stuck request ffff888027c15400: control (read@2048,1024B). Runtime 60 seconds
[  263.302354][ T7753] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  263.305960][ T6276] block nbd1: Possible stuck request ffff888027c57540: control (read@3072,1024B). Runtime 60 seconds
[  263.312973][ T1518] block nbd0: Possible stuck request ffff888027c155c0: control (read@3072,1024B). Runtime 60 seconds
[  263.374870][   T24] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  263.380250][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.383683][   T24] usb 6-1: Product: syz
[  263.385486][   T24] usb 6-1: Manufacturer: syz
[  263.387457][   T24] usb 6-1: SerialNumber: syz
[  263.626638][   T24] rtl8150 6-1:1.0: couldn't reset the device
[  263.631701][   T24] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  263.639797][   T24] usb 6-1: USB disconnect, device number 3
[  264.207739][ T7764] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  264.619415][  T843] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  264.655435][ T7768] netlink: 4 bytes leftover after parsing attributes in process `syz.3.424'.
[  264.769395][  T843] usb 9-1: Using ep0 maxpacket: 32
[  264.774529][  T843] usb 9-1: config 1 interface 0 has no altsetting 0
[  264.780277][  T843] usb 9-1: New USB device found, idVendor=1477, idProduct=100e, bcdDevice= 0.40
[  264.783870][  T843] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.786932][  T843] usb 9-1: Product: с
[  264.788495][  T843] usb 9-1: Manufacturer: з
[  264.790293][  T843] usb 9-1: SerialNumber: Ц
[  265.024918][    C3] usblp0: nonzero write bulk status received: -71
[  265.033321][   T34] usb 7-1: USB disconnect, device number 8
[  265.043116][   T34] usblp0: removed
[  265.349461][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  265.500994][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.505317][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  265.509188][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  265.514356][   T24] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  265.517864][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.522388][   T24] usb 6-1: config 0 descriptor??
[  265.721727][ T7783] FAULT_INJECTION: forcing a failure.
[  265.721727][ T7783] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.727286][ T7783] CPU: 0 UID: 0 PID: 7783 Comm: syz.3.431 Not tainted syzkaller #0 PREEMPT(full) 
[  265.727304][ T7783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  265.727311][ T7783] Call Trace:
[  265.727315][ T7783]  <TASK>
[  265.727320][ T7783]  dump_stack_lvl+0x100/0x190
[  265.727336][ T7783]  should_fail_ex.cold+0x5/0xa
[  265.727351][ T7783]  strncpy_from_user+0x3b/0x2d0
[  265.727369][ T7783]  do_getname+0x78/0x390
[  265.727387][ T7783]  do_sys_openat2+0xc5/0x1e0
[  265.727404][ T7783]  ? __pfx_do_sys_openat2+0x10/0x10
[  265.727424][ T7783]  __ia32_sys_openat2+0x244/0x380
[  265.727441][ T7783]  ? __pfx___ia32_sys_openat2+0x10/0x10
[  265.727458][ T7783]  ? fput+0x79/0x100
[  265.727472][ T7783]  ? ksys_write+0x1ac/0x250
[  265.727484][ T7783]  ? rcu_is_watching+0x12/0xc0
[  265.727498][ T7783]  __do_fast_syscall_32+0xe7/0x950
[  265.727511][ T7783]  ? lockdep_hardirqs_on+0x78/0x100
[  265.727524][ T7783]  do_fast_syscall_32+0x32/0x70
[  265.727536][ T7783]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  265.727551][ T7783] RIP: 0023:0xf703efcc
[  265.727560][ T7783] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  265.727571][ T7783] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 00000000000001b5
[  265.727583][ T7783] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000000
[  265.727590][ T7783] RDX: 0000000080000040 RSI: 0000000000000018 RDI: 0000000000000000
[  265.727596][ T7783] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  265.727602][ T7783] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  265.727608][ T7783] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  265.727622][ T7783]  </TASK>
[  265.890796][ T7787] input: syz1 as /devices/virtual/input/input43
[  265.965490][ T7789] netlink: 12 bytes leftover after parsing attributes in process `syz.3.432'.
[  265.971287][ T7789] netlink: 'syz.3.432': attribute type 1 has an invalid length.
[  266.514436][   T24] plantronics 0003:047F:FFFF.0002: item fetching failed at offset 6/15
[  266.519201][   T24] plantronics 0003:047F:FFFF.0002: parse failed
[  266.522041][   T24] plantronics 0003:047F:FFFF.0002: probe with driver plantronics failed with error -22
[  266.528435][   T24] usb 6-1: USB disconnect, device number 4
[  267.191471][ T7803] input: syz1 as /devices/virtual/input/input44
[  267.197130][  T843] usbhid 9-1:1.0: can't add hid device: -71
[  267.201886][  T843] usbhid 9-1:1.0: probe with driver usbhid failed with error -71
[  267.217663][  T843] usb 9-1: USB disconnect, device number 3
[  267.741769][ T7818] netlink: 20 bytes leftover after parsing attributes in process `syz.4.438'.
[  267.745010][ T7818] openvswitch: netlink: Flow actions attr not present in new flow.
[  267.878627][ T7816] kAFS: unable to lookup cell '(,c��L'
[  267.909661][  T843] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  268.429738][  T843] usb 8-1: Using ep0 maxpacket: 8
[  268.433606][  T843] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  268.437257][  T843] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  268.441788][  T843] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  268.445930][  T843] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  268.450707][  T843] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  268.456428][  T843] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  268.460502][  T843] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.802745][  T843] usb 8-1: usb_control_msg returned -32
[  268.806536][  T843] usbtmc 8-1:16.0: can't read capabilities
[  268.972917][ T7827] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  269.044756][ T7830] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  269.048074][ T7830] IPv6: NLM_F_CREATE should be set when creating new route
[  269.463993][ T7840] netlink: 'syz.4.446': attribute type 1 has an invalid length.
[  269.469178][ T7841] binder_alloc: 7836: binder_alloc_buf size 16777216 failed, no address space
[  269.475990][ T7841] binder_alloc: allocated: 8 (num: 1 largest: 8), free: 12280 (num: 1 largest: 12280)
[  269.502321][ T7828] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  269.505156][ T7828] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  269.536185][ T7828] vhci_hcd vhci_hcd.0: Device attached
[  269.747779][ T7846] netlink: 24 bytes leftover after parsing attributes in process `syz.1.448'.
[  269.774460][ T7847] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  269.777361][ T7847] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  269.792290][ T7847] vhci_hcd vhci_hcd.0: Device attached
[  269.906081][  T843] usb 42-1: SetAddress Request (2) to port 0
[  269.918605][  T843] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  270.099397][   T29] usb 44-1: SetAddress Request (6) to port 0
[  270.102952][   T29] usb 44-1: new SuperSpeed USB device number 6 using vhci_hcd
[  270.212025][ T7831] vhci_hcd: connection reset by peer
[  270.214022][   T85] vhci_hcd vhci_hcd.2: stop threads
[  270.216365][   T85] vhci_hcd vhci_hcd.2: release socket
[  270.218825][   T85] vhci_hcd vhci_hcd.2: disconnect device
[  271.049111][ T7872] bridge0: port 2(bridge_slave_1) entered disabled state
[  271.051790][ T7872] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.086633][ T7874] netlink: 'syz.2.455': attribute type 13 has an invalid length.
[  271.090085][ T7874] netlink: 'syz.2.455': attribute type 17 has an invalid length.
[  271.119794][   T10] usb 8-1: USB disconnect, device number 13
[  271.166669][ T7872] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  271.173674][ T7872] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  271.529989][ T7881] FAULT_INJECTION: forcing a failure.
[  271.529989][ T7881] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  271.541338][ T7881] CPU: 2 UID: 0 PID: 7881 Comm: syz.1.456 Not tainted syzkaller #0 PREEMPT(full) 
[  271.541357][ T7881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  271.541364][ T7881] Call Trace:
[  271.541368][ T7881]  <TASK>
[  271.541373][ T7881]  dump_stack_lvl+0x100/0x190
[  271.541389][ T7881]  should_fail_ex.cold+0x5/0xa
[  271.541404][ T7881]  _copy_to_user+0x32/0xd0
[  271.541422][ T7881]  simple_read_from_buffer+0xcb/0x170
[  271.541436][ T7881]  proc_fail_nth_read+0x1af/0x230
[  271.541454][ T7881]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  271.541471][ T7881]  ? rw_verify_area+0xce/0x6d0
[  271.541489][ T7881]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  271.541506][ T7881]  vfs_read+0x1e4/0xb30
[  271.541519][ T7881]  ? __pfx_vfs_read+0x10/0x10
[  271.541529][ T7881]  ? find_held_lock+0x2b/0x80
[  271.541544][ T7881]  ? __fget_files+0x215/0x3d0
[  271.541558][ T7881]  ? __fget_files+0x21f/0x3d0
[  271.541574][ T7881]  ksys_read+0x12a/0x250
[  271.541586][ T7881]  ? __pfx_ksys_read+0x10/0x10
[  271.541597][ T7881]  ? rcu_is_watching+0x12/0xc0
[  271.541611][ T7881]  ? rcu_is_watching+0x12/0xc0
[  271.541626][ T7881]  do_int80_emulation+0x141/0x700
[  271.541708][ T7881]  asm_int80_emulation+0x1a/0x20
[  271.541719][ T7881] RIP: 0023:0xf7185cab
[  271.541729][ T7881] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  271.541740][ T7881] RSP: 002b:00000000f54464bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  271.541752][ T7881] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54465d0
[  271.541759][ T7881] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  271.541765][ T7881] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  271.541771][ T7881] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  271.541777][ T7881] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  271.541791][ T7881]  </TASK>
[  271.740282][ T7874] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.743374][ T7874] 8021q: adding VLAN 0 to HW filter on device team0
[  271.751156][ T7874] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  271.767801][   T85] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.770937][   T85] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.773855][   T85] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.776792][   T85] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.781617][ T6059] syz0: Port: 1 Link DOWN
[  271.782132][   T85] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.791430][   T85] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.801494][   T85] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  271.805132][   T85] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  271.810860][ T7848] vhci_hcd: connection reset by peer
[  271.813724][   T85] vhci_hcd vhci_hcd.3: stop threads
[  271.818498][   T85] vhci_hcd vhci_hcd.3: release socket
[  271.826774][   T85] vhci_hcd vhci_hcd.3: disconnect device
[  271.896915][ T7884] input: syz1 as /devices/virtual/input/input45
[  272.880819][ T1429] ieee802154 phy0 wpan0: encryption failed: -22
[  272.882998][ T1429] ieee802154 phy1 wpan1: encryption failed: -22
[  273.067194][ T7893] netlink: 68 bytes leftover after parsing attributes in process `syz.4.461'.
[  273.070360][ T7893] netlink: 68 bytes leftover after parsing attributes in process `syz.4.461'.
[  273.150303][ T7911] bridge0: port 3(geneve1) entered blocking state
[  273.159423][ T7911] bridge0: port 3(geneve1) entered disabled state
[  273.161684][ T7911] geneve1: entered allmulticast mode
[  273.164404][ T7911] geneve1: entered promiscuous mode
[  273.173979][ T7911] netlink: 'syz.2.464': attribute type 10 has an invalid length.
[  273.190641][ T7911] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  273.322572][ T6041] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  273.481342][ T6041] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  273.485318][ T6041] usb 9-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  273.490794][ T6041] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  273.498694][ T6041] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  273.505164][ T6041] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.507891][ T6041] usb 9-1: Product: syz
[  273.509299][ T6041] usb 9-1: Manufacturer: syz
[  273.510848][ T6041] usb 9-1: SerialNumber: syz
[  273.522474][ T6041] hub 9-1:1.0: bad descriptor, ignoring hub
[  273.524726][ T6041] hub 9-1:1.0: probe with driver hub failed with error -5
[  273.726978][ T6041] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  273.938758][ T7903] siw: device registration error -23
[  274.108740][ T7915] dummy0: entered promiscuous mode
[  274.122085][ T7915] macvtap1: entered allmulticast mode
[  274.129066][ T7915] dummy0: entered allmulticast mode
[  274.175550][ T7915] dummy0: left allmulticast mode
[  274.179897][ T7915] dummy0: left promiscuous mode
[  274.581666][ T7933] netlink: 68 bytes leftover after parsing attributes in process `syz.3.471'.
[  274.585451][ T7933] netlink: 68 bytes leftover after parsing attributes in process `syz.3.471'.
[  274.621799][ T7893] usb 9-1: reset high-speed USB device number 4 using dummy_hcd
[  274.839948][   T10] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  275.019484][  T843] usb 42-1: device descriptor read/8, error -110
[  275.020915][   T10] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  275.054246][   T10] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  275.074794][   T10] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  275.137505][   T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  275.147028][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.159821][   T10] usb 8-1: Product: syz
[  275.165305][   T10] usb 8-1: Manufacturer: syz
[  275.173225][   T10] usb 8-1: SerialNumber: syz
[  275.254666][   T29] usb 44-1: device descriptor read/8, error -110
[  275.362409][  T857] usb 9-1: USB disconnect, device number 4
[  275.444231][   T10] hub 8-1:1.0: bad descriptor, ignoring hub
[  275.457266][   T10] hub 8-1:1.0: probe with driver hub failed with error -5
[  275.543131][  T857] usblp0: removed
[  275.725188][   T10] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  275.870018][  T843] usb usb42-port1: attempt power cycle
[  275.960771][ T7954] JFS: discard option not supported on device
[  275.980746][ T7954] Mount JFS Failure: -22
[  275.990691][ T7954] jfs_mount failed w/return code = -22
[  276.061095][   T29] usb usb44-port1: attempt power cycle
[  276.255031][ T7962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.478'.
[  276.319601][ T6052] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  276.369416][ T7933] usb 8-1: reset high-speed USB device number 14 using dummy_hcd
[  276.415365][ T7965] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  276.421796][ T7965] block device autoloading is deprecated and will be removed.
[  276.439982][  T843] usb usb42-port1: unable to enumerate USB device
[  276.449570][ T6052] usb 9-1: device descriptor read/64, error -71
[  276.559748][ T7964] md: could not open device unknown-block(0,0).
[  276.564907][ T7964] md: md_import_device returned -6
[  276.620598][   T29] usb usb44-port1: unable to enumerate USB device
[  276.712255][ T6052] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  276.826366][ T6057] usb 8-1: USB disconnect, device number 14
[  276.830812][ T6057] usblp0: removed
[  276.880011][ T6052] usb 9-1: device descriptor read/64, error -71
[  276.991202][ T6052] usb usb9-port1: attempt power cycle
[  277.040766][ T7974] ceph: No mds server is up or the cluster is laggy
[  277.077033][ T5975] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  277.079534][ T5975] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  277.080322][ T5975] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  277.083399][ T5975] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  277.084018][ T5975] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  277.138584][ T6057] libceph: connect (1)[c::]:6789 error -101
[  277.141028][ T6057] libceph: mon0 (1)[c::]:6789 connect error
[  277.143357][ T7973] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  277.245337][ T7979] chnl_net:caif_netlink_parms(): no params data found
[  277.339969][ T7979] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.343141][ T7979] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.346324][ T7979] bridge_slave_0: entered allmulticast mode
[  277.350709][ T7979] bridge_slave_0: entered promiscuous mode
[  277.355835][ T7979] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.358867][ T7979] bridge0: port 2(bridge_slave_1) entered disabled state
[  277.361605][ T7979] bridge_slave_1: entered allmulticast mode
[  277.365313][ T7979] bridge_slave_1: entered promiscuous mode
[  277.369605][ T6052] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  277.391964][ T7979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.398296][ T7979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  277.399866][ T6052] usb 9-1: device descriptor read/8, error -71
[  277.421501][ T7979] team0: Port device team_slave_0 added
[  277.427486][ T7979] team0: Port device team_slave_1 added
[  277.448582][ T7979] batman_adv: batadv0: Adding interface: batadv_slave_0
[  277.451969][ T7979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.462960][ T7979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  277.469015][ T7979] batman_adv: batadv0: Adding interface: batadv_slave_1
[  277.472164][ T7979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  277.482763][ T7979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  277.523140][ T7979] hsr_slave_0: entered promiscuous mode
[  277.526484][ T7979] hsr_slave_1: entered promiscuous mode
[  277.529525][ T7979] debugfs: 'hsr0' already exists in 'hsr'
[  277.531878][ T7979] Cannot create hsr debugfs directory
[  277.701876][ T7979] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  277.738201][ T7979] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  277.749571][ T6052] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  277.750004][ T7979] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  277.760378][ T7979] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  277.763878][ T7979] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  277.773011][ T7979] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  277.777514][ T7979] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  277.780115][ T6052] usb 9-1: device descriptor read/8, error -71
[  277.790349][ T7979] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  277.890140][ T6052] usb usb9-port1: unable to enumerate USB device
[  277.977174][ T7979] 8021q: adding VLAN 0 to HW filter on device bond0
[  278.003651][ T7979] 8021q: adding VLAN 0 to HW filter on device team0
[  278.016781][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  278.019322][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  278.028850][   T85] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.031213][   T85] bridge0: port 2(bridge_slave_1) entered forwarding state
[  278.205880][ T7979] 8021q: adding VLAN 0 to HW filter on device batadv0
[  278.416891][ T7979] veth0_vlan: entered promiscuous mode
[  278.466150][ T7979] veth1_vlan: entered promiscuous mode
[  278.512076][ T7979] veth0_macvtap: entered promiscuous mode
[  278.522099][ T7979] veth1_macvtap: entered promiscuous mode
[  278.533475][ T7979] batman_adv: batadv0: Interface activated: batadv_slave_0
[  278.542787][ T7979] batman_adv: batadv0: Interface activated: batadv_slave_1
[  278.549814][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.553737][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.558825][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.566025][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  278.609063][   T85] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.617892][   T85] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.639742][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.643070][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.099869][ T5975] Bluetooth: hci2: command tx timeout
[  279.430512][ T8035] FAULT_INJECTION: forcing a failure.
[  279.430512][ T8035] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.445285][ T8035] CPU: 3 UID: 0 PID: 8035 Comm: syz.3.493 Not tainted syzkaller #0 PREEMPT(full) 
[  279.445303][ T8035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  279.445310][ T8035] Call Trace:
[  279.445315][ T8035]  <TASK>
[  279.445320][ T8035]  dump_stack_lvl+0x100/0x190
[  279.445338][ T8035]  should_fail_ex.cold+0x5/0xa
[  279.445354][ T8035]  __kvm_read_guest_page+0x186/0x250
[  279.445382][ T8035]  kvm_fetch_guest_virt+0x128/0x1a0
[  279.445408][ T8035]  __do_insn_fetch_bytes+0x5ef/0x7c0
[  279.445425][ T8035]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  279.445443][ T8035]  ? __pfx_kvm_tdp_mmu_map+0x10/0x10
[  279.445477][ T8035]  x86_decode_insn+0x3ca/0x6d80
[  279.445500][ T8035]  ? kvm_tdp_page_fault+0x295/0x3d0
[  279.445514][ T8035]  ? kvm_tdp_page_fault+0x295/0x3d0
[  279.445529][ T8035]  ? __pfx_x86_decode_insn+0x10/0x10
[  279.445546][ T8035]  ? vmx_cache_reg+0x54f/0x7b0
[  279.445569][ T8035]  ? init_decode_cache+0xd/0x2a0
[  279.445585][ T8035]  ? init_emulate_ctxt+0x415/0x6d0
[  279.445602][ T8035]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  279.445621][ T8035]  ? vmx_get_segment+0x1d0/0x770
[  279.445633][ T8035]  x86_emulate_instruction+0x1dcc/0x1f80
[  279.445648][ T8035]  ? kvm_mmu_page_fault+0x289/0x1a70
[  279.445663][ T8035]  ? is_bpf_text_address+0x94/0x1a0
[  279.445681][ T8035]  handle_ud+0x103/0x5a0
[  279.445694][ T8035]  ? __pfx_handle_ud+0x10/0x10
[  279.445708][ T8035]  ? rcu_is_watching+0x12/0xc0
[  279.445721][ T8035]  ? __vmx_complete_interrupts+0x129/0x570
[  279.445736][ T8035]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  279.445755][ T8035]  handle_exception_nmi+0xd0c/0x1bb0
[  279.445770][ T8035]  ? __pfx_handle_exception_nmi+0x10/0x10
[  279.445784][ T8035]  vmx_handle_exit+0x84c/0x1f30
[  279.445800][ T8035]  vcpu_run+0x34cf/0x5ca0
[  279.445819][ T8035]  ? x86_emulate_instruction+0x27e/0x1f80
[  279.445833][ T8035]  ? __pfx_vcpu_run+0x10/0x10
[  279.445850][ T8035]  ? complete_emulated_mmio+0x102/0x710
[  279.445867][ T8035]  ? kvm_arch_vcpu_ioctl_run+0x5b6/0x1890
[  279.445881][ T8035]  kvm_arch_vcpu_ioctl_run+0x5b6/0x1890
[  279.445900][ T8035]  kvm_vcpu_ioctl+0x730/0x1720
[  279.445919][ T8035]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  279.445937][ T8035]  ? tomoyo_path_number_perm+0x188/0x580
[  279.445955][ T8035]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  279.445971][ T8035]  ? get_pid_task+0x106/0x250
[  279.445990][ T8035]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  279.446006][ T8035]  ? do_vfs_ioctl+0x226/0x13e0
[  279.446025][ T8035]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  279.446048][ T8035]  kvm_vcpu_compat_ioctl+0x20f/0x3c0
[  279.446067][ T8035]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  279.446085][ T8035]  ? __fget_files+0x21f/0x3d0
[  279.446100][ T8035]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  279.446118][ T8035]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  279.446138][ T8035]  __do_fast_syscall_32+0xe7/0x950
[  279.446151][ T8035]  ? lockdep_hardirqs_on+0x78/0x100
[  279.446163][ T8035]  do_fast_syscall_32+0x32/0x70
[  279.446176][ T8035]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  279.446191][ T8035] RIP: 0023:0xf703efcc
[  279.446201][ T8035] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  279.446211][ T8035] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  279.446223][ T8035] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  279.446254][ T8035] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  279.446263][ T8035] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  279.446269][ T8035] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  279.446276][ T8035] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  279.446290][ T8035]  </TASK>
[  279.590295][ T8038] input: syz1 as /devices/virtual/input/input46
[  279.794944][ T8046] pimreg: tun_chr_ioctl cmd 3223083114
[  279.802629][ T8046] pimreg: tun_chr_ioctl cmd 1074025678
[  279.804605][ T8046] pimreg: group set to 768
[  280.172573][ T8062] FAULT_INJECTION: forcing a failure.
[  280.172573][ T8062] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  280.177122][ T8062] CPU: 2 UID: 0 PID: 8062 Comm: syz.5.502 Not tainted syzkaller #0 PREEMPT(full) 
[  280.177139][ T8062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  280.177146][ T8062] Call Trace:
[  280.177150][ T8062]  <TASK>
[  280.177155][ T8062]  dump_stack_lvl+0x100/0x190
[  280.177171][ T8062]  should_fail_ex.cold+0x5/0xa
[  280.177200][ T8062]  _copy_from_iter+0x1f4/0x1690
[  280.177219][ T8062]  ? __asan_memset+0x23/0x50
[  280.177237][ T8062]  ? __pfx__copy_from_iter+0x10/0x10
[  280.177252][ T8062]  ? __pfx___alloc_skb+0x10/0x10
[  280.177272][ T8062]  netlink_sendmsg+0x808/0xda0
[  280.177292][ T8062]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.177310][ T8062]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  280.177328][ T8062]  ____sys_sendmsg+0x9e1/0xb70
[  280.177344][ T8062]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.177361][ T8062]  ? __pfx_____sys_sendmsg+0x10/0x10
[  280.177384][ T8062]  ___sys_sendmsg+0x190/0x1e0
[  280.177403][ T8062]  ? __pfx____sys_sendmsg+0x10/0x10
[  280.177426][ T8062]  ? find_held_lock+0x2b/0x80
[  280.177449][ T8062]  __sys_sendmsg+0x170/0x220
[  280.177463][ T8062]  ? __pfx___sys_sendmsg+0x10/0x10
[  280.177476][ T8062]  ? __fget_files+0x21f/0x3d0
[  280.177492][ T8062]  ? ksys_write+0x1ac/0x250
[  280.177504][ T8062]  ? rcu_is_watching+0x12/0xc0
[  280.177519][ T8062]  __do_fast_syscall_32+0xe7/0x950
[  280.177533][ T8062]  ? lockdep_hardirqs_on+0x78/0x100
[  280.177545][ T8062]  do_fast_syscall_32+0x32/0x70
[  280.177558][ T8062]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  280.177572][ T8062] RIP: 0023:0xf7f86fcc
[  280.177582][ T8062] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  280.177593][ T8062] RSP: 002b:00000000f544650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  280.177605][ T8062] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  280.177613][ T8062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  280.177619][ T8062] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  280.177626][ T8062] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  280.177632][ T8062] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  280.177646][ T8062]  </TASK>
[  280.400043][ T8068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  280.410687][ T8068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  280.549363][ T2256] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  280.711344][ T2256] usb 10-1: too many configurations: 9, using maximum allowed: 8
[  280.719207][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.726828][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.732205][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.741196][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.748892][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.755541][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.762858][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.768873][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.774995][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.780579][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.785691][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.791991][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.797035][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.802358][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.808259][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.815463][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.820714][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.826537][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.831881][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.836313][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.842284][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.847527][ T2256] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 9
[  280.853439][ T2256] usb 10-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  280.861673][ T2256] usb 10-1: config 0 interface 0 has no altsetting 0
[  280.868581][ T2256] usb 10-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  280.873635][ T2256] usb 10-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  280.878127][ T2256] usb 10-1: Product: syz
[  280.880368][ T2256] usb 10-1: Manufacturer: syz
[  280.882983][ T2256] usb 10-1: SerialNumber: syz
[  280.892711][ T2256] usb 10-1: config 0 descriptor??
[  280.903695][ T2256] yurex 10-1:0.0: USB YUREX device now attached to Yurex #0
[  280.904088][ T8088] bond0: (slave bridge0): Releasing backup interface
[  280.914991][ T8088] bridge_slave_0: left allmulticast mode
[  280.916865][ T8088] bridge_slave_0: left promiscuous mode
[  280.918740][ T8088] bridge0: port 1(bridge_slave_0) entered disabled state
[  280.926176][ T8088] bridge_slave_1: left allmulticast mode
[  280.928056][ T8088] bridge_slave_1: left promiscuous mode
[  280.931031][ T8088] bridge0: port 2(bridge_slave_1) entered disabled state
[  280.937509][ T8088] bond0: (slave bond_slave_0): Releasing backup interface
[  280.941792][ T8088] bond0: (slave bond_slave_1): Releasing backup interface
[  280.948646][ T8088] team0: Port device team_slave_0 removed
[  280.951855][ T8088] team0: Port device team_slave_1 removed
[  280.954450][ T8088] batman_adv: batadv0: Removing interface: batadv_slave_0
[  280.957951][ T8088] batman_adv: batadv0: Removing interface: batadv_slave_1
[  280.964399][ T8088] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  281.134149][ T8095] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  281.154394][ T8095] team0: Mode changed to "loadbalance"
[  281.154588][ T2256] usb 10-1: USB disconnect, device number 2
[  281.171256][ T2256] yurex 10-1:0.0: USB YUREX #0 now disconnected
[  281.181424][ T5975] Bluetooth: hci2: command tx timeout
[  281.283256][ T8105] FAULT_INJECTION: forcing a failure.
[  281.283256][ T8105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.295341][ T8105] CPU: 2 UID: 0 PID: 8105 Comm: syz.3.515 Not tainted syzkaller #0 PREEMPT(full) 
[  281.295370][ T8105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  281.295380][ T8105] Call Trace:
[  281.295386][ T8105]  <TASK>
[  281.295392][ T8105]  dump_stack_lvl+0x100/0x190
[  281.295429][ T8105]  should_fail_ex.cold+0x5/0xa
[  281.295452][ T8105]  _copy_from_iter+0x1f4/0x1690
[  281.295478][ T8105]  ? __pfx__copy_from_iter+0x10/0x10
[  281.295497][ T8105]  ? __asan_memset+0x23/0x50
[  281.295518][ T8105]  ? __alloc_skb+0x4e9/0x710
[  281.295535][ T8105]  ? __pfx___alloc_skb+0x10/0x10
[  281.295552][ T8105]  ? __pfx__copy_from_iter+0x10/0x10
[  281.295573][ T8105]  skb_copy_datagram_from_iter+0x11f/0x720
[  281.295595][ T8105]  tun_get_user+0x1889/0x3c20
[  281.295624][ T8105]  ? __pfx_tun_get_user+0x10/0x10
[  281.295640][ T8105]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  281.295671][ T8105]  ? find_held_lock+0x2b/0x80
[  281.295688][ T8105]  ? tun_get+0x191/0x370
[  281.295701][ T8105]  ? tun_get+0x191/0x370
[  281.295719][ T8105]  tun_chr_write_iter+0xdc/0x200
[  281.295737][ T8105]  vfs_write+0x6ac/0x1070
[  281.295754][ T8105]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  281.295771][ T8105]  ? __pfx_vfs_write+0x10/0x10
[  281.295784][ T8105]  ? find_held_lock+0x2b/0x80
[  281.295815][ T8105]  ksys_write+0x12a/0x250
[  281.295830][ T8105]  ? __pfx_ksys_write+0x10/0x10
[  281.295844][ T8105]  ? ksys_write+0x1ac/0x250
[  281.295865][ T8105]  ? rcu_is_watching+0x12/0xc0
[  281.295883][ T8105]  __do_fast_syscall_32+0xe7/0x950
[  281.295900][ T8105]  ? lockdep_hardirqs_on+0x78/0x100
[  281.295917][ T8105]  do_fast_syscall_32+0x32/0x70
[  281.295933][ T8105]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  281.295952][ T8105] RIP: 0023:0xf703efcc
[  281.295965][ T8105] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  281.295980][ T8105] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  281.295997][ T8105] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000400
[  281.296006][ T8105] RDX: 000000000000008a RSI: 0000000000000000 RDI: 0000000000000000
[  281.296015][ T8105] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  281.296023][ T8105] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  281.296103][ T8105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  281.296123][ T8105]  </TASK>
[  281.335975][ T8102] input: syz1 as /devices/virtual/input/input50
[  281.557180][ T8114] netlink: 'syz.3.518': attribute type 1 has an invalid length.
[  281.572132][ T8114] 8021q: adding VLAN 0 to HW filter on device bond1
[  281.709130][ T8118] netlink: 'syz.5.519': attribute type 1 has an invalid length.
[  281.829487][   T10] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  281.950644][ T6026] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  281.979454][   T10] usb 8-1: Using ep0 maxpacket: 32
[  281.979799][ T8123] mmap: syz.2.521 (8123) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  281.982769][   T10] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  281.992710][   T10] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  281.996069][   T10] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  282.000989][   T10] usb 8-1: Product: syz
[  282.002313][ T8123] netlink: 52 bytes leftover after parsing attributes in process `syz.2.521'.
[  282.002834][   T10] usb 8-1: Manufacturer: syz
[  282.008255][   T10] usb 8-1: SerialNumber: syz
[  282.012891][   T10] usb 8-1: config 0 descriptor??
[  282.015400][ T8114] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  282.019187][   T10] hub 8-1:0.0: bad descriptor, ignoring hub
[  282.022170][   T10] hub 8-1:0.0: probe with driver hub failed with error -5
[  282.099443][ T6026] usb 10-1: Using ep0 maxpacket: 32
[  282.103522][ T6026] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  282.109813][ T6026] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  282.113963][ T6026] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  282.117571][ T6026] usb 10-1: Product: syz
[  282.119828][ T6026] usb 10-1: Manufacturer: syz
[  282.122049][ T6026] usb 10-1: SerialNumber: syz
[  282.127625][ T6026] usb 10-1: config 0 descriptor??
[  282.130903][ T8118] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  282.135485][ T6026] hub 10-1:0.0: bad descriptor, ignoring hub
[  282.138420][ T6026] hub 10-1:0.0: probe with driver hub failed with error -5
[  282.147766][ T6026] chaoskey 10-1:0.0: Unable to register with hwrng
[  282.379707][ T6041] usb 8-1: USB disconnect, device number 15
[  282.469749][   T34] usb 10-1: USB disconnect, device number 3
[  282.530569][ T8132] netlink: 8 bytes leftover after parsing attributes in process `syz.4.523'.
[  283.049393][ T2256] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  283.213129][ T2256] usb 8-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  283.217315][ T2256] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.227876][ T2256] usb 8-1: Product: syz
[  283.234158][ T2256] usb 8-1: Manufacturer: syz
[  283.243178][ T2256] usb 8-1: SerialNumber: syz
[  283.259360][ T5975] Bluetooth: hci2: command tx timeout
[  283.266100][ T8161] netlink: 'syz.5.534': attribute type 1 has an invalid length.
[  283.576691][ T7437] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  283.696219][ T2256] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x04B8 pid 0x0202
[  283.749535][ T7437] usb 10-1: Using ep0 maxpacket: 32
[  283.757178][ T7437] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  283.767747][ T7437] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  283.773543][ T7437] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  283.787359][ T7437] usb 10-1: Product: syz
[  283.789966][ T7437] usb 10-1: Manufacturer: syz
[  283.792193][ T7437] usb 10-1: SerialNumber: syz
[  283.806561][ T7437] usb 10-1: config 0 descriptor??
[  283.814075][ T8161] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  283.828566][ T7437] hub 10-1:0.0: bad descriptor, ignoring hub
[  283.832590][ T7437] hub 10-1:0.0: probe with driver hub failed with error -5
[  284.159765][ T6026] ------------[ cut here ]------------
[  284.161928][ T6026] [CRTC:37:crtc-0] vblank wait timed out
[  284.163776][ T6026] WARNING: drivers/gpu/drm/drm_atomic_helper.c:1921 at drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0, CPU#0: kworker/0:4/6026
[  284.169972][ T6026] Modules linked in:
[  284.171826][ T6026] CPU: 0 UID: 0 PID: 6026 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) 
[  284.174942][ T6026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  284.178398][ T6026] Workqueue: events drm_fb_helper_damage_work
[  284.180561][ T6026] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  284.183102][ T6026] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d b8 dd 41 0b 8b b3 d0 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 03 4e 63 fc e9 7c fe ff ff e8 09
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  284.189362][ T6026] RSP: 0000:ffffc90006cff6e8 EFLAGS: 00010246
[  284.191405][ T6026] RAX: 0000000000000000 RBX: ffff8880269092e0 RCX: 1ffff11004d21276
[  284.193970][ T6026] RDX: ffff8880245b09e0 RSI: 0000000000000025 RDI: ffffffff90e75520
[  284.196558][ T6026] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  284.199110][ T6026] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  284.201830][ T6026] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888050b14a00
[  284.204424][ T6026] FS:  0000000000000000(0000) GS:ffff8880970ee000(0000) knlGS:0000000000000000
[  284.207297][ T6026] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  284.209521][ T6026] CR2: 00000000f540cda4 CR3: 0000000060aff000 CR4: 0000000000352ef0
[  284.212107][ T6026] Call Trace:
[  284.213228][ T6026]  <TASK>
[  284.214246][ T6026]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  284.216708][ T6026]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  284.218660][ T6026]  ? lockdep_hardirqs_on+0x78/0x100
[  284.220570][ T6026]  ? __pfx_autoremove_wake_function+0x10/0x10
[  284.222585][ T6026]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  284.225141][ T6026]  drm_atomic_helper_commit_tail+0xff/0x130
[  284.227835][ T6026]  commit_tail+0x338/0x430
[  284.229840][ T6026]  drm_atomic_helper_commit+0x303/0x380
[  284.231655][ T6026]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  284.233683][ T6026]  drm_atomic_commit+0x230/0x300
[  284.235307][ T6026]  ? __pfx_drm_atomic_commit+0x10/0x10
[  284.237080][ T6026]  ? __pfx___drm_printfn_info+0x10/0x10
[  284.238890][ T6026]  ? drm_mode_object_get+0x108/0x170
[  284.240778][ T6026]  drm_atomic_helper_dirtyfb+0x603/0x790
[  284.242594][ T6026]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  284.244619][ T6026]  ? preempt_schedule_thunk+0x16/0x30
[  284.246410][ T6026]  ? preempt_schedule_common+0x42/0xc0
[  284.248201][ T6026]  ? preempt_schedule_thunk+0x16/0x30
[  284.250226][ T6026]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  284.252268][ T6026]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  284.254315][ T6026]  drm_fb_helper_damage_work+0x348/0x640
[  284.256163][ T6026]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  284.258178][ T6026]  ? rcu_is_watching+0x12/0xc0
[  284.261542][ T6026]  process_one_work+0xa0e/0x1980
[  284.263144][ T6026]  ? __pfx_process_one_work+0x10/0x10
[  284.264879][ T6026]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  284.266889][ T6026]  worker_thread+0x5ef/0xe50
[  284.268430][ T6026]  ? kthread+0x13a/0x450
[  284.270051][ T6026]  ? __pfx_worker_thread+0x10/0x10
[  284.271789][ T6026]  kthread+0x370/0x450
[  284.273133][ T6026]  ? __pfx_kthread+0x10/0x10
[  284.274668][ T6026]  ret_from_fork+0x72b/0xd50
[  284.276203][ T6026]  ? __pfx_ret_from_fork+0x10/0x10
[  284.277822][ T6026]  ? __switch_to+0x800/0x1100
[  284.279440][ T6026]  ? __pfx_kthread+0x10/0x10
[  284.280970][ T6026]  ret_from_fork_asm+0x1a/0x30
[  284.282561][ T6026]  </TASK>
[  284.283568][ T6026] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  284.285751][ T6026] CPU: 0 UID: 0 PID: 6026 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT(full) 
[  284.288762][ T6026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  284.292012][ T6026] Workqueue: events drm_fb_helper_damage_work
[  284.293936][ T6026] Call Trace:
[  284.295008][ T6026]  <TASK>
[  284.295973][ T6026]  dump_stack_lvl+0x100/0x190
[  284.297535][ T6026]  vpanic+0x552/0x970
[  284.298840][ T6026]  ? __pfx_vpanic+0x10/0x10
[  284.300354][ T6026]  panic+0xd1/0xe0
[  284.301609][ T6026]  ? __pfx_panic+0x10/0x10
[  284.303045][ T6026]  ? check_panic_on_warn+0x1f/0x90
[  284.304726][ T6026]  check_panic_on_warn.cold+0x19/0x34
[  284.306733][ T6026]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  284.309503][ T6026]  __warn.cold+0x191/0x328
[  284.311319][ T6026]  __report_bug+0x296/0x3d0
[  284.313124][ T6026]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  284.315971][ T6026]  ? __pfx___report_bug+0x10/0x10
[  284.317986][ T6026]  ? report_bug_entry+0x9d/0x290
[  284.319969][ T6026]  report_bug_entry+0xe1/0x290
[  284.321873][ T6026]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  284.324641][ T6026]  handle_bug+0x1cd/0x2a0
[  284.326029][ T6026]  exc_invalid_op+0x17/0x50
[  284.327805][ T6026]  asm_exc_invalid_op+0x1a/0x20
[  284.329424][ T6026] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  284.332214][ T6026] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d b8 dd 41 0b 8b b3 d0 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 03 4e 63 fc e9 7c fe ff ff e8 09
[  284.338827][ T6026] RSP: 0000:ffffc90006cff6e8 EFLAGS: 00010246
[  284.340748][ T6026] RAX: 0000000000000000 RBX: ffff8880269092e0 RCX: 1ffff11004d21276
[  284.343228][ T6026] RDX: ffff8880245b09e0 RSI: 0000000000000025 RDI: ffffffff90e75520
[  284.345747][ T6026] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  284.348248][ T6026] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  284.350640][ T6026] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888050b14a00
[  284.353132][ T6026]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x6e6/0x8a0
[  284.355400][ T6026]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  284.358018][ T6026]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  284.359866][ T6026]  ? lockdep_hardirqs_on+0x78/0x100
[  284.361503][ T6026]  ? __pfx_autoremove_wake_function+0x10/0x10
[  284.363425][ T6026]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  284.365437][ T6026]  drm_atomic_helper_commit_tail+0xff/0x130
[  284.367347][ T6026]  commit_tail+0x338/0x430
[  284.368767][ T6026]  drm_atomic_helper_commit+0x303/0x380
[  284.370530][ T6026]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  284.372441][ T6026]  drm_atomic_commit+0x230/0x300
[  284.374104][ T6026]  ? __pfx_drm_atomic_commit+0x10/0x10
[  284.375746][ T6026]  ? __pfx___drm_printfn_info+0x10/0x10
[  284.377594][ T6026]  ? drm_mode_object_get+0x108/0x170
[  284.379317][ T6026]  drm_atomic_helper_dirtyfb+0x603/0x790
[  284.381121][ T6026]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  284.383092][ T6026]  ? preempt_schedule_thunk+0x16/0x30
[  284.384804][ T6026]  ? preempt_schedule_common+0x42/0xc0
[  284.386571][ T6026]  ? preempt_schedule_thunk+0x16/0x30
[  284.388323][ T6026]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  284.390282][ T6026]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  284.392244][ T6026]  drm_fb_helper_damage_work+0x348/0x640
[  284.394021][ T6026]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  284.396488][ T6026]  ? rcu_is_watching+0x12/0xc0
[  284.398441][ T6026]  process_one_work+0xa0e/0x1980
[  284.400436][ T6026]  ? __pfx_process_one_work+0x10/0x10
[  284.402612][ T6026]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  284.405064][ T6026]  worker_thread+0x5ef/0xe50
[  284.406895][ T6026]  ? kthread+0x13a/0x450
[  284.408318][ T6026]  ? __pfx_worker_thread+0x10/0x10
[  284.410322][ T6026]  kthread+0x370/0x450
[  284.411918][ T6026]  ? __pfx_kthread+0x10/0x10
[  284.413709][ T6026]  ret_from_fork+0x72b/0xd50
[  284.415229][ T6026]  ? __pfx_ret_from_fork+0x10/0x10
[  284.416872][ T6026]  ? __switch_to+0x800/0x1100
[  284.418374][ T6026]  ? __pfx_kthread+0x10/0x10
[  284.419851][ T6026]  ret_from_fork_asm+0x1a/0x30
[  284.421385][ T6026]  </TASK>
[  284.423216][ T6026] Kernel Offset: disabled
[  284.424585][ T6026] Rebooting in 86400 seconds..