last executing test programs:

13m26.327275038s ago: executing program 2 (id=628):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00', <r2=>0x0})
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
connect$can_bcm(r1, &(0x7f0000000140)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(r4, &(0x7f0000000100)={0x1d, r5, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x8}, {0x7, 0xf}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x44060}, 0x98)

13m26.148600385s ago: executing program 2 (id=634):
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x98, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0xb6}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x3}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x9}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x281}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x40}, @ETHTOOL_A_COALESCE_RX_USECS={0x8, 0x2, 0x7}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0xe}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0x7fff}, @ETHTOOL_A_COALESCE_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x24000080}, 0x10)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0)
syz_clone(0xd0c0080, 0x0, 0x11, 0x0, 0x0, 0x0)
sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x36, 0x830, &(0x7f0000000440)={0x11, 0x0, r2, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)

13m25.94751474s ago: executing program 2 (id=636):
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, 0x0)

13m25.947252787s ago: executing program 2 (id=637):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='devpts\x00', 0x1010401, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x100)

13m25.873775028s ago: executing program 2 (id=639):
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001480)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r0}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

13m25.677342123s ago: executing program 2 (id=643):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000000c0)="0fdabcca67b800038ee00f92e10f0683dbf5baf80c66b8dc56538766efbafc0c66ed66b98e0900000f320f01c3f26e670f01d1", 0x33}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

13m25.584907527s ago: executing program 32 (id=643):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000600)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = getpgrp(0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x1, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000000c0)="0fdabcca67b800038ee00f92e10f0683dbf5baf80c66b8dc56538766efbafc0c66ed66b98e0900000f320f01c3f26e670f01d1", 0x33}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

5m21.645433044s ago: executing program 4 (id=3335):
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a000007090001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00006bd000/0x3000)=nil, 0x3000, 0xb)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$int_out(r2, 0x0, &(0x7f0000000040))
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0)
sendfile(r4, r4, 0x0, 0x200900)
syz_extract_tcp_res(&(0x7f0000000580), 0x8147, 0x200)
syz_extract_tcp_res(&(0x7f00000005c0)={<r5=>0x41424344}, 0xff, 0x1)
syz_emit_ethernet(0x52, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x1, 0x8, 0x44, 0x65, 0x0, 0x3, 0x6, 0x0, @private=0xa010102, @private=0xa010102, {[@rr={0x7, 0xb, 0x35, [@broadcast, @empty]}]}}, {{0x4e22, 0x4e23, r5, 0x41424344, 0x1, 0x0, 0x9, 0xc2, 0x5, 0x0, 0x9, {[@window={0x3, 0x3}, @generic={0x1, 0xa, "ff9a30062b66ab5f"}]}}}}}}}, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

5m20.679868512s ago: executing program 4 (id=3336):
r0 = socket$inet(0x2, 0x4, 0xffdfffff)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000042c0)=[{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000700)="868218df5178d1efca6153edab4680ec6072354de694819ae33756a37a523faa4cf110db391ffe45c8f05298bd321ef486470bcb9cf85d8424f042dd67797362fdef1149e49585a88d48c9f7093d114142e558450542153b02712f07c73822582787c96c34294479758dd589d5d11e6e27d9b697ae76d923980a222e7e043de0f763a5d23e5728f132eea2c786ad088cda2d196930e1b2d0e003cc43da221a678b2ebef8c826027eeda1f541ed01947cd0083b717ff63925a31115e678e6bb1ae342599173cacfa86c7dfdece7c9e2c19b0868bfd5fa7b0dd4466641fd37b0f354e024d159b3e076241da53fa733b8cb556dbd529f47259fbaf09ae4677509c2df1d34c4138e4875da3e1db518f06d4a3cbb996c2a8b47b458d2b4b5b6d023342573a2bf285adbcd3e5531b7bf8aa3d8697cab66ddc1093e6d206bca464b8e4819b461a4402b24ee135d4ea6", 0x14c}], 0x1, 0x0, 0x0, 0x4010}], 0x1, 0x20040)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000002060108000000000000000000004000050005000a000000050001000700000005000400000000000900020073797a310000000016000300686173683a6e65742c706f72742c6e65740000000c0007800800124000"], 0x5c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0xc000)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
ioctl$TCSETS(r5, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf10002000000a0c2000100000000002000"})
dup3(r5, 0xffffffffffffffff, 0x80000)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x2, 0x5f, 0x0, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x19040)
pipe2$9p(&(0x7f0000000180)={<r7=>0xffffffffffffffff}, 0x0)
tee(r7, 0xffffffffffffffff, 0x9, 0x8)

5m15.355653668s ago: executing program 4 (id=3358):
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, &(0x7f0000000040)={@host, 0x5})
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x0)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000"], 0x48)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000000c0)="e82c0e93bf29dba97925ce77cc9c63e0a608a9b549ddecfabab1ee14e78e7e3b46714c87827817c31d1940bae1a199ca11a1eb65995ade5e4c831839e81ba5b458aa141a18db15d1dbf3", 0x4a}, {&(0x7f0000000140)="14186d6285c6fecbcca8a293acefd9ce4117ad02e1d23bc858bbc7a5874877e1fb5397539e59ea4c24765558fc8c7e189e401d40ddfa051346c2c62895d353186f69e85f53de789916f3ebf725e5007e760f3ea3eb4095ae3f6f28b97f218d7d4bca039ebd11c2f636d44962416b2aae65dc8ef0e937176ef852b69a", 0x7c}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0xc, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close(0x4)
r5 = syz_io_uring_setup(0x4f90, &(0x7f0000000f80)={0x0, 0xd8e, 0x3180, 0x7ffc, 0x40024e}, 0x0, &(0x7f0000000080))
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r6 = syz_open_dev$video(&(0x7f0000000440), 0x3ff, 0x0)
ioctl$VIDIOC_STREAMOFF(r6, 0x40045613, &(0x7f0000000200)=0x1)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_SETWSUBD(r7, 0x6411)

5m14.465690531s ago: executing program 4 (id=3362):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r3, 0x8008330e, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x404, 0x9}, 0x50)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

5m13.8858281s ago: executing program 4 (id=3365):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x5, 0x7, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x0}]}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x20044454)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40482, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
r1 = openat$snapshot(0xffffff9c, &(0x7f0000000080), 0x40, 0x0)
pwritev(r1, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd06000040", 0x6}], 0x1, 0x2, 0x4)
r2 = openat$sw_sync_info(0xffffff9c, &(0x7f00000000c0), 0x101280, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG(r2, 0x4008af74, &(0x7f0000000100)={0x3, 0x16, "0085ce2917bcae5dd25bc9dd47a46611109cf1d780c7"})
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x100)
fcntl$notify(r4, 0x402, 0x8000000b)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)=0x20)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f00000001c0)={0x0, 'vlan1\x00', {0x1}, 0x7f})

5m12.960014871s ago: executing program 4 (id=3368):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB="2489f2ff4c07e09fa28aaf455d08a155c648b11556baff00fadda8159f18b6e4e7a72114573fc922b29302bbb534ce2e14f88c00fbf1c8d7068da0bbaa4d2073fcedfab24736f8aa1b52caa9dc7e8fc210c8c61aef60dc0b6c9bde9285aab16d91f8e551fe8636dcfa2dfdeb1a19c297dc1c9e4f1a2ba4c0607082da9e4dda7c6e70034c12891fe5163a6b9cfa6f62f012b28115f42049ddbd38b7597b28f3", @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x10, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b707000014000000b7030000000000008500000005000000bf09000000000000350901000000000095000000000000008520000004000000bf9100000000000056070076000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000100)={'team0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x2, r5}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200ce8c4)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=<r6=>r5], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000000906010200000000000000e1020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRES16, @ANYRES8, @ANYBLOB="f7b23a56f5ed4ced3b3267f6d8a671c76150cbe63ebb805f15c6bbbaf0a775a5ca4faa9faa67fedf398edef74b412ce99931562e35a57bcdc4c33ff5e55fbc06024562d9e28b55060904a6ac4a9356f3a71c8fe99dc08b0aa248cc77a980bf70caddd8fed63b846183a9b64d5fcdcd3d991a92c3ac86315d0655f71398d2415cb7a992ed83968d71479800f2a1f743a73cc7ea9c06bc22b11b8a50d4c1b6e642dfa5227eb451e159076b22c09cb2eff7a94e9570dd46eb5d14c6fdd4c0c8e6ab3beda09e72cc301a548df76a25a4239c687c5ad137999143086d0a272afc59bb1882f7230f3971313428b138b254c19dcc", @ANYBLOB="b9009a6e1df19ab7dc4eededb7c21f89fb6341b3b9d45c4d1731a9d52ae2047ebd1cae4aa0b687cf78ba44bec69993c662e911d5443b8eabdc797d49229d2fa88d1927f0180f3d578c2b5aecb854a6c5064fcc83be21f73875d551fedaffc412b40ca276ada84010732045d04970010da2537e3c00fb4326b86f2d3c565b4661d9265312ddb202df471353c85b1901532f4e8d066ae7992f050ac680b7167e50b56691daecd9601e169d51c8c214e97651f08ab41ea27041d86c52c0771c54683cffecd92351ee0caf31d6e8b94edd98b4b93316a4e6d790afb6fbd882079cb2", @ANYRESOCT=r6], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0)

4m57.803629644s ago: executing program 33 (id=3368):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB="2489f2ff4c07e09fa28aaf455d08a155c648b11556baff00fadda8159f18b6e4e7a72114573fc922b29302bbb534ce2e14f88c00fbf1c8d7068da0bbaa4d2073fcedfab24736f8aa1b52caa9dc7e8fc210c8c61aef60dc0b6c9bde9285aab16d91f8e551fe8636dcfa2dfdeb1a19c297dc1c9e4f1a2ba4c0607082da9e4dda7c6e70034c12891fe5163a6b9cfa6f62f012b28115f42049ddbd38b7597b28f3", @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280))
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x10, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b707000014000000b7030000000000008500000005000000bf09000000000000350901000000000095000000000000008520000004000000bf9100000000000056070076000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000100)={'team0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x68, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x6, 0xff, 0x4, 0x6, 0x6}, 0x2, r5}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x200ce8c4)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=<r6=>r5], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000000906010200000000000000e1020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00148008000140ac1414bb0c0002800800014064"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRES16, @ANYRES8, @ANYBLOB="f7b23a56f5ed4ced3b3267f6d8a671c76150cbe63ebb805f15c6bbbaf0a775a5ca4faa9faa67fedf398edef74b412ce99931562e35a57bcdc4c33ff5e55fbc06024562d9e28b55060904a6ac4a9356f3a71c8fe99dc08b0aa248cc77a980bf70caddd8fed63b846183a9b64d5fcdcd3d991a92c3ac86315d0655f71398d2415cb7a992ed83968d71479800f2a1f743a73cc7ea9c06bc22b11b8a50d4c1b6e642dfa5227eb451e159076b22c09cb2eff7a94e9570dd46eb5d14c6fdd4c0c8e6ab3beda09e72cc301a548df76a25a4239c687c5ad137999143086d0a272afc59bb1882f7230f3971313428b138b254c19dcc", @ANYBLOB="b9009a6e1df19ab7dc4eededb7c21f89fb6341b3b9d45c4d1731a9d52ae2047ebd1cae4aa0b687cf78ba44bec69993c662e911d5443b8eabdc797d49229d2fa88d1927f0180f3d578c2b5aecb854a6c5064fcc83be21f73875d551fedaffc412b40ca276ada84010732045d04970010da2537e3c00fb4326b86f2d3c565b4661d9265312ddb202df471353c85b1901532f4e8d066ae7992f050ac680b7167e50b56691daecd9601e169d51c8c214e97651f08ab41ea27041d86c52c0771c54683cffecd92351ee0caf31d6e8b94edd98b4b93316a4e6d790afb6fbd882079cb2", @ANYRESOCT=r6], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x0)

3m26.501462975s ago: executing program 3 (id=3727):
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x4, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
clock_gettime(0x0, &(0x7f0000000900))
ppoll(&(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000080)=[{0x0}], 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)

3m25.512886369s ago: executing program 3 (id=3731):
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a000007090001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000810)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00006bd000/0x3000)=nil, 0x3000, 0xb)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
ioctl$int_out(r2, 0x0, &(0x7f0000000040))
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r4, r4, 0x0, 0x200900)
syz_extract_tcp_res(&(0x7f0000000580), 0x8147, 0x200)
syz_extract_tcp_res(&(0x7f00000005c0)={<r5=>0x41424344}, 0xff, 0x1)
syz_emit_ethernet(0x4e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x1, 0x8, 0x40, 0x65, 0x0, 0x3, 0x6, 0x0, @private=0xa010102, @private=0xa010102, {[@rr={0x7, 0xb, 0x35, [@broadcast, @empty]}]}}, {{0x4e22, 0x4e23, r5, 0x41424344, 0x1, 0x0, 0x8, 0xc2, 0x5, 0x0, 0x9, {[@generic={0x1, 0xa, "ff9a30062b66ab5f"}]}}}}}}}, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

3m23.524994286s ago: executing program 3 (id=3735):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
socket$packet(0x11, 0x3, 0x300)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setrlimit(0x7, &(0x7f0000000180)={0xfffffffe, 0x6})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc", 0xe)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x100800)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x2001, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz1\x00', {0x0, 0x0, 0x0, 0x9}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x4000, 0x0, 0x0, 0x8, 0x0, 0x2000001, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffffc, 0x4, 0xfffffefe, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x1, 0x9, 0x0, 0x0, 0x80001ff, 0x4, 0x0, 0x1, 0x7fffffff, 0x2, 0x0, 0xfffffffd, 0x5, 0x0, 0xfdfffffd, 0x4, 0x1, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x7b67], [0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x9b05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffff8, 0xfffffffc, 0x2, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0xc0000, 0xffffffff, 0x1a0d, 0x39, 0xaecd, 0x0, 0x0, 0x3, 0x4], [0x1, 0x0, 0x567, 0x4, 0x0, 0x0, 0x208, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffd, 0x0, 0x3, 0x4000000d, 0xffffffff, 0x0, 0x9, 0x3, 0x0, 0x14, 0x1, 0x0, 0xa, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x1d, 0x400, 0x0, 0xed0, 0x4000002], [0x0, 0x1ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xf7b, 0x0, 0x0, 0x0, 0x4080, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x3e8, 0xfffffffd, 0x10000001, 0x0, 0x0, 0x5861, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffe, 0x0, 0x8949, 0x0, 0x2]}, 0x45c)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a2000000202000000000000240009801c00000008000000140005"], 0x40}], 0x1}, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
r4 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x24001, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x3, 0x2e, &(0x7f0000000040)="e4fc481d446b0bad51069ec0dc7f2a5f77e2e15e9ce98224bfcdd68b7fcd07cd99211328e0682f8fa694bd061d5d", 0x5})
openat$ppp(0xffffff9c, 0x0, 0x4340, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f000000fa00))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000001880))
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

3m22.589485177s ago: executing program 3 (id=3739):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0/../file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125499, 0x0)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3047c4a, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x200000000)
r1 = dup2(r0, r0)
socket$packet(0x11, 0x2, 0x300)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000300)=""/107, 0x0, 0xeeef0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x6)
read$FUSE(r1, &(0x7f00000016c0)={0x2020}, 0x2020)
r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000100), r1)
sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x20, r2, 0x20, 0x70bd27, 0x25dfdbff, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x20008000)
write$vhost_msg_v2(r1, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000280)=""/119, 0x77, 0x0, 0x1, 0x2}}, 0x48)

3m22.492095082s ago: executing program 3 (id=3740):
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000b40)={0xa, 0x8b}, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x5, 0x2, 0x0, 0x0, 0x616e9570)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000040))
r6 = openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0x4112, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r6, 0x800c5012, &(0x7f0000000080))

3m22.151893188s ago: executing program 3 (id=3742):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f0000000600)="9e"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

3m21.926839545s ago: executing program 34 (id=3742):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f0000000600)="9e"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

8.279284763s ago: executing program 5 (id=4439):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000440)="0e68a6de084ad610d5d740a2d332bbc52c8a2ccd43178636e471983c5b9f5adef1e5f14eae249575a8c12785eb855b1911962bc6f1eb", 0x36, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x2}, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xfffffffffffffea1, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
pipe(&(0x7f00000001c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000000080)='D', 0x1, 0x4014, 0x0, 0x0)
shutdown(r4, 0x1)
r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0)
close(r5)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.520301097s ago: executing program 5 (id=4449):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
socket$packet(0x11, 0x3, 0x300)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setrlimit(0x7, &(0x7f0000000180)={0xfffffffe, 0x6})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100", 0x7)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x100800)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x2001, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz1\x00', {0x0, 0x0, 0x0, 0x9}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x4000, 0x0, 0x0, 0x8, 0x0, 0x2000001, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffffc, 0x4, 0xfffffefe, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x1, 0x9, 0x0, 0x0, 0x80001ff, 0x4, 0x0, 0x1, 0x7fffffff, 0x2, 0x0, 0xfffffffd, 0x5, 0x0, 0xfdfffffd, 0x4, 0x1, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x7b67], [0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x9b05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffff8, 0xfffffffc, 0x2, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0xc0000, 0xffffffff, 0x1a0d, 0x39, 0xaecd, 0x0, 0x0, 0x3, 0x4], [0x1, 0x0, 0x567, 0x4, 0x0, 0x0, 0x208, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffd, 0x0, 0x3, 0x4000000d, 0xffffffff, 0x0, 0x9, 0x3, 0x0, 0x14, 0x1, 0x0, 0xa, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x1d, 0x400, 0x0, 0xed0, 0x4000002], [0x0, 0x1ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xf7b, 0x0, 0x0, 0x0, 0x4080, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x3e8, 0xfffffffd, 0x10000001, 0x0, 0x0, 0x5861, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffe, 0x0, 0x8949, 0x0, 0x2]}, 0x45c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a2000000202000000000000240009801c00000008000000140005"], 0x40}], 0x1}, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x24001, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r5, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x3, 0x2e, &(0x7f0000000040)="e4fc481d446b0bad51069ec0dc7f2a5f77e2e15e9ce98224bfcdd68b7fcd07cd99211328e0682f8fa694bd061d5d", 0x5})
openat$ppp(0xffffff9c, 0x0, 0x4340, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f000000fa00))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000001880))
syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x6d9b, 0x2000, 0xfffffffe}, 0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

6.093997421s ago: executing program 1 (id=4454):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0xe, {"a2e3ad21ed0d52f90b9b6e0987f70e06d038e7ff7fc6e5539b3248298b089b0708346d090890e0878f0e1ac6e7049b334a959bfc9a240d2567f3988f7ef319520100ffe8d1780700523c921b1b9b31070d075d0936cd3b78130daa61f94b61404d64aec1b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c088215ec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6f44ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d208001349b41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2a15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee53259289d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c1980778efa5ea567b7b7430acc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a0700d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8440daaa69bf5c8f4350aeae9ca1207e76061b28f27da19acc7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211c7847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7beddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e781171e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b906ce2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf3f2aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7ae288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289d8523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c78e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e7c7b2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df06720ba2b26bbfcc807c8aabb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db38b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1040}}, 0x1006)
read$FUSE(0xffffffffffffffff, &(0x7f0000000600)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000002640)={0x50, 0x0, r2, {0x7, 0x2d, 0x8, 0x20, 0xffff, 0x3ff, 0x1, 0x1, 0x0, 0x0, 0x40, 0x5}}, 0x50)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x2d6}, 0x10)
write(r3, &(0x7f0000000000)="240000001a005f0400f9f407000904018000200000000010000000000800010000000000", 0x24)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r5, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x2}, 0xe)
listen(r7, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f00000005c0)={0x1, 0x0, [{0x2, 0x2, 0x0, 0x0, @msi={0x4, 0x3, 0x6}}]})
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, 0x0, 0x0)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
listen(r10, 0x2)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0))
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x2, 0x80, 0x1, 0x9}, 0x0, &(0x7f00000002c0)={0x3ff, 0xfffffffffffffffe, 0x8, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), 0xffffffffffffffff)
write$bt_hci(0xffffffffffffffff, 0x0, 0x6)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x3, 0xfd}, 0x8)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000100)=0x3)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"})

5.300680007s ago: executing program 5 (id=4455):
syz_io_uring_setup(0x118da, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r0, &(0x7f00000bd000), 0x0, 0x2000c091)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x22)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x2, 0x4, 0x0, 0x2, 0xa, 0x0, 0x0, 0x0, [@sadb_x_nat_t_port={0x1, 0x15, 0x4e24}, @sadb_x_sa2={0x2, 0x13, 0x0, 0x0, 0x0, 0x70bd2b, 0x3506}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}]}, 0x50}}, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, 0x0)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
unshare(0x62040200)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r3, 0x4018f50b, &(0x7f0000000100)={0xfffffffb, 0x9, 0x40})
r4 = syz_usb_connect(0x0, 0x4a, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x4000000)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
unshare(0x2000000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYRESHEX=r4, @ANYRESDEC=r5, @ANYRES64=r6], 0x60}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000040)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00cd050007008800000006000540"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000005c0)={0x2c, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="00036c0000006c031da481014956e55cfd6f9711a68e8a7234e89878b704f6bb9e0ac3b8e68ff593698efd2539d923a400be54b7451ca4f8e0453d1ef962dacf869e09eb66bcc9df41a898430450cc5dcc1d1f76add480ac97e012b1fc8e547e03ff63a01fb11c2f129109bb16491d7ba86fb18b5c03148ddb2d373e5d9b30a3e708ab6dbdc61ca4ff50358535bd0c25c019f0a2d0b50fc44920e97fbb1e6072d9cf8b649aa04bc9c39316bb9876"], 0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000200)={0x2, 0x2, 0x3000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})

4.98678851s ago: executing program 1 (id=4456):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
socket$packet(0x11, 0x3, 0x300)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setrlimit(0x7, &(0x7f0000000180)={0xfffffffe, 0x6})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140), 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x100800)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x2001, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz1\x00', {0x0, 0x0, 0x0, 0x9}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x4000, 0x0, 0x0, 0x8, 0x0, 0x2000001, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffffc, 0x4, 0xfffffefe, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x1, 0x9, 0x0, 0x0, 0x80001ff, 0x4, 0x0, 0x1, 0x7fffffff, 0x2, 0x0, 0xfffffffd, 0x5, 0x0, 0xfdfffffd, 0x4, 0x1, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x7b67], [0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x9b05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffff8, 0xfffffffc, 0x2, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0xc0000, 0xffffffff, 0x1a0d, 0x39, 0xaecd, 0x0, 0x0, 0x3, 0x4], [0x1, 0x0, 0x567, 0x4, 0x0, 0x0, 0x208, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffd, 0x0, 0x3, 0x4000000d, 0xffffffff, 0x0, 0x9, 0x3, 0x0, 0x14, 0x1, 0x0, 0xa, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x1d, 0x400, 0x0, 0xed0, 0x4000002], [0x0, 0x1ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xf7b, 0x0, 0x0, 0x0, 0x4080, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x3e8, 0xfffffffd, 0x10000001, 0x0, 0x0, 0x5861, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffe, 0x0, 0x8949, 0x0, 0x2]}, 0x45c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a2000000202000000000000240009801c00000008000000140005"], 0x40}], 0x1}, 0x0)
r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4)
r5 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x24001, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r5, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x3, 0x2e, &(0x7f0000000040)="e4fc481d446b0bad51069ec0dc7f2a5f77e2e15e9ce98224bfcdd68b7fcd07cd99211328e0682f8fa694bd061d5d", 0x5})
openat$ppp(0xffffff9c, 0x0, 0x4340, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f000000fa00))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000001880))
syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x6d9b, 0x2000, 0xfffffffe}, 0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

4.580556592s ago: executing program 0 (id=4457):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002640)=@newtaction={0xe68, 0x30, 0x3f, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0xfffffffc, 0x0, 0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x5943}, {0x0, 0x800000, 0x0, 0xfffffffc}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {0x0, 0xa2}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x1cbe}, {0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x8}, {}, {0x0, 0xfffffffe, 0x400000}, {0x0, 0xfffffffc}, {}, {}, {}, {0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x0, 0x4, 0xffffff6a}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x800000}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x7fffffff}, {0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x27a}, {0x0, 0x0, 0xffffffff}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {0x0, 0x4}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0xfffffffc, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x2}, {}, {}, {}, {0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0xc}, {}, {0x0, 0x0, 0x2b7f}, {0x3ff, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0xcfc, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0xfffffffd, 0x0, 0x0, 0x0, 0xa92}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x40000000, 0x1, 0x0, 0x10001}, {0x0, 0x0, 0x20}, {}, {0x80000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {0xfffffffc}, {}, {}, {}, {0x0, 0xa, 0xfffffffc}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x40, 0x0, 0x0, 0x3}, {}, {}, {}, {0x0, 0x0, 0x0, 0x1, 0x2}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x2}, {0x5}, {}, {}, {}, {}, {}, {0x7, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
mount$9p_virtio(0x0, 0x0, &(0x7f00000004c0), 0x8c, 0x0)
r5 = openat$sndseq(0xffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a45352, &(0x7f0000000600)={{0x80}, 'port1\x00', 0xc1, 0x10, 0x1, 0xffffe801, 0x3efc, 0x15, 0xff, 0x0, 0x4, 0xf})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
socket(0x2d, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)

2.956705166s ago: executing program 1 (id=4459):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r0, &(0x7f0000000000)='2\x00', 0x2)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r3, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500090000001400040073"], 0x58}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2508007a0000000000030700000008000300", @ANYRES32=r6, @ANYBLOB="1400060064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0) (fail_nth: 1)

2.749983042s ago: executing program 6 (id=4460):
r0 = socket$kcm(0x10, 0x2, 0x0) (async)
ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, &(0x7f0000000140)) (async, rerun: 32)
r1 = socket(0xa, 0x3, 0xff) (async, rerun: 32)
r2 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_G_STD(r2, 0x80085617, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2f, &(0x7f0000000780)={0x9, {{0xa, 0x4e24, 0x2, @mcast1, 0x8}}, {{0xa, 0x4e25, 0x3, @loopback, 0x9}}}, 0x104) (async, rerun: 64)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000280)={0x9, {{0xa, 0x4e21, 0xd66, @mcast1, 0x401}}, 0x1}, 0x8c) (rerun: 64)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4) (async, rerun: 32)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}}) (async, rerun: 32)
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x1) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async, rerun: 64)
r5 = socket(0x10, 0x803, 0x0) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async)
r7 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 32)
r8 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x20018010) (async, rerun: 32)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (rerun: 32)
close(r10) (async, rerun: 64)
socket$unix(0x1, 0x2, 0x0) (async, rerun: 64)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@broadcast, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "7f00ef", 0x4, 0x2f, 0x0, @empty, @mcast2, {[], {0x0, 0x88be, 0x8}}}}}}, 0x0)
r11 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r11, 0x107, 0xf, &(0x7f0000000600), 0x56) (async)
sendmsg$kcm(r11, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r9, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4)
ioctl$SIOCAX25DELFWD(r3, 0x89eb, &(0x7f0000000080)={@null, @null}) (async)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

2.749655296s ago: executing program 1 (id=4461):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_ife={0xffffffffffffff6c, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x2}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000070200"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
accept4$rose(0xffffffffffffffff, &(0x7f0000000300)=@short={0xb, @remote, @remote, 0x1, @bcast}, &(0x7f0000000340)=0x1c, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r3, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r3, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) (fail_nth: 1)

2.610487021s ago: executing program 6 (id=4462):
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
eventfd2(0xff, 0x80801)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="9fe0f59c000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/21], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0x2, 0x10, 0x1, 0xfffffffc}, 0x50)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0xa0280, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f00000005c0)={'tunl0\x00', &(0x7f00000007c0)={'ip_vti0\x00', 0x0, 0x40, 0x1, 0xf66, 0x7, {{0xe, 0x4, 0x0, 0x7, 0x38, 0x68, 0x0, 0x3, 0x29, 0x0, @remote, @multicast1, {[@lsrr={0x83, 0x13, 0x4b, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @empty]}, @rr={0x7, 0x3, 0xc5}, @rr={0x7, 0x3, 0xfa}, @end, @rr={0x7, 0x7, 0xe, [@broadcast]}]}}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000880)=@mpls_getnetconf={0x14, 0x52, 0x300, 0x70bd2d, 0x25dfdbfc}, 0x14}}, 0x24000010)
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40a80800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x2c, r2, 0x20, 0x70bd23, 0x25dfdbff, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x407fff}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24044041}, 0x40000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
r3 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000000)=r5, 0x4)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_REJECT(r6, &(0x7f00000000c0)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x4, "2397e4", "d11a0f5e2f02bfc3b3ed2bef4749f4ba61fa4ef8ccdf431286d6c94716c0de65a9b4eb4d4edbf0e005673e65dcfe8b733361421c758b2fa4c39394e701c2e1e84e5d693131e9451f01ad26d23207a34b19418afee292d04e63f23c03481d2267a6a84c071adac2347d73eb5b79c0dd0d39c5ab707f6934d7441cc5778da87413341fc6063ea2a2f06e9c95d69f2bf74485f64667781ee1eef5e158f272eab8e8afbb5b93d477ae7398afef8c5656678d36bbe17bad2f4725c7f649b5e1bacb877da127ff5e0e4892d9e1e8b0ccfc0043d35b9db752d25c5712ec952a252ac4b1690e88ce4d2e67b7e3bf597bf1f42405b80fdeca525bf49b84ff82a7ec1eb7f0"}}, 0x110)
sendmsg$IPCTNL_MSG_CT_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, 0x1, 0x1, 0x201, 0x0, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0xc044)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)

2.290039631s ago: executing program 0 (id=4463):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
readv(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/218, 0xda}, {0x0, 0x20}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001a05000000bd7000ffdbdf2500000010ea5e127175df4f74ae4557f1a0840e7e019b359eccceab115cd72b9acec3208781e206a4c84bb2844c2c37d494af90a00813e34fe37ad3ae590e30a46bd21fb443704cc63b36ff23030e60ab4f1769c881adccc6af2889259f8eef933c1e50b736acd71eb76f9df0cd911034c04583648623c81799944cec6d759170810d807a38a07526eb49c892d52f8a5ec9519bce33c8dad1a5f34231acb5e0f4984de5a138ce9ed07f5e5e1241d62b206a0e04f3e0717f826b5362a5ededf77673fc29"], 0x14}}, 0x20000020)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x2d}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x14, 0x2}})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
r5 = syz_io_uring_setup(0x487, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r5})
io_uring_enter(r5, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

2.098172214s ago: executing program 6 (id=4464):
r0 = openat$vim2m(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x0, 0x1, 0x1, 0x0, 0x4})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

2.09763396s ago: executing program 6 (id=4465):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setrlimit(0x7, &(0x7f0000000180)={0xfffffffe, 0x6})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc", 0xe)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x100800)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x2001, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz1\x00', {0x0, 0x0, 0x0, 0x9}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x4000, 0x0, 0x0, 0x8, 0x0, 0x2000001, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffffc, 0x4, 0xfffffefe, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x1, 0x9, 0x0, 0x0, 0x80001ff, 0x4, 0x0, 0x1, 0x7fffffff, 0x2, 0x0, 0xfffffffd, 0x5, 0x0, 0xfdfffffd, 0x4, 0x1, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x7b67], [0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x9b05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffff8, 0xfffffffc, 0x2, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0xc0000, 0xffffffff, 0x1a0d, 0x39, 0xaecd, 0x0, 0x0, 0x3, 0x4], [0x1, 0x0, 0x567, 0x4, 0x0, 0x0, 0x208, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffd, 0x0, 0x3, 0x4000000d, 0xffffffff, 0x0, 0x9, 0x3, 0x0, 0x14, 0x1, 0x0, 0xa, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x1d, 0x400, 0x0, 0xed0, 0x4000002], [0x0, 0x1ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xf7b, 0x0, 0x0, 0x0, 0x4080, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x3e8, 0xfffffffd, 0x10000001, 0x0, 0x0, 0x5861, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffe, 0x0, 0x8949, 0x0, 0x2]}, 0x45c)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a2000000202000000000000240009801c00000008000000140005"], 0x40}], 0x1}, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
r4 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x24001, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x3, 0x2e, &(0x7f0000000040)="e4fc481d446b0bad51069ec0dc7f2a5f77e2e15e9ce98224bfcdd68b7fcd07cd99211328e0682f8fa694bd061d5d", 0x5})
openat$ppp(0xffffff9c, 0x0, 0x4340, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f000000fa00))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000001880))
syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x6d9b, 0x2000, 0xfffffffe}, 0x0, &(0x7f0000000280)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

2.028491593s ago: executing program 5 (id=4466):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r0, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0xa, @remote}, 0x1c)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x2, 0x0, 0x3}, 0x10)
openat$ppp(0xffffffffffffff9c, 0x0, 0x1453c1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000002c00)={<r1=>0xffffffffffffffff})
getsockname$tipc(r1, 0x0, &(0x7f0000002c80))
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet(0x2, 0x1, 0x100)
mremap(&(0x7f0000231000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000231000/0x2000)=nil)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = msgget$private(0x0, 0x0)
msgrcv(r5, 0x0, 0x0, 0x3, 0x0)
msgsnd(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="03020000c1763a4f4dbb09dbd8b67a184d8d9e039e5914a7c943bf01b498d3802325dc5e8d3692ba5c14b5ce96c602f8ad3eec273bec9ff6d1b8bf548d324e882826e859a2f5d006a958486c15c06135ebf62197a7ce30dcfc361bf637f3225a1b65c3cd032fd0c722b8aac5133820d6f4174a84f650ddaadb8a09202c8269b5ead64d51d2d96c878e9ce3d4c93ade4c4572f55d38c8df634ce6550925fcc2f7834fa93061729a6bd78348ac6d7ba53ff8279d43fde3e5fe45c6013d16434bd0929e58ebbdd7fec9c999e45365edd8175f7ce6f49524d4e90323ea9e745399b8cf15228fc5ea3483764ade0df793366e45717e845d2e54edf92971b229d6607231ea03960f706abf900ab315e540f643aeb1ff212db946047f9d69dfd05dac37eb1aad1029f21f4f43bfd9de48f108ed33a118ec7ed5351f95a4e7bc9af3767941", @ANYRES8=r4], 0x8, 0x800)
msgctl$MSG_STAT(r5, 0xb, &(0x7f0000000100)=""/151)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x7, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002, 0x2}, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_open_procfs(0xffffffffffffffff, 0x0)

1.389313095s ago: executing program 1 (id=4467):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x20)
ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000000300)={0x1, 0x0, @ioapic={0x2, 0x80000000, 0x5, 0x7, 0x0, [{0x2, 0xf1, 0x3, '\x00', 0xfa}, {0x7f, 0xff, 0x3, '\x00', 0x4}, {0x0, 0x7, 0x69, '\x00', 0x4}, {0xa2, 0x1, 0x5, '\x00', 0x7}, {0x3, 0x2, 0xf, '\x00', 0x4}, {0x2, 0x6, 0x0, '\x00', 0x5}, {0x2e, 0xf3, 0x1, '\x00', 0x2}, {0x1, 0x9, 0x2, '\x00', 0x7f}, {0xbc, 0x4, 0x8, '\x00', 0xa}, {0x8d, 0x9, 0xca, '\x00', 0x9}, {0x6, 0x6, 0x7, '\x00', 0x7}, {0xfa, 0x1, 0x5, '\x00', 0xee}, {0xd, 0x9f, 0x4, '\x00', 0x4}, {0x5, 0x6, 0xbd, '\x00', 0x84}, {0xf5, 0x5, 0xa4, '\x00', 0x3}, {0x8, 0x9, 0x10, '\x00', 0xcc}, {0x3, 0x2, 0x3}, {0x4b, 0x3, 0x8, '\x00', 0x3}, {0x27, 0x4, 0x5, '\x00', 0x3}, {0x4, 0x2, 0xc0}, {0xd7, 0x9, 0x6, '\x00', 0x9}, {0x9, 0x9, 0x6, '\x00', 0x5}, {0x0, 0x26, 0xf, '\x00', 0x1}, {0x2, 0x6, 0x5, '\x00', 0x5}]}})
r1 = socket$inet(0xa, 0x801, 0x84)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x2, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="01000000000d00000000008000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x40000)
sendmsg$can_bcm(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[], 0x48}}, 0x10)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200002})
listen(r2, 0xfffffffd)
listen(r1, 0x8)
r5 = socket$inet(0xa, 0x801, 0x84)
listen(r5, 0x8)
r6 = socket$inet(0xa, 0x801, 0x84)
listen(r6, 0x8)
syz_init_net_socket$bt_hci(0x1f, 0x2, 0x1)
r7 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r7, 0x7)
r8 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r8)
writev(r8, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)

1.270761086s ago: executing program 0 (id=4468):
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x800, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, &(0x7f0000000040)={@host, 0x5})
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
r1 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040), 0x10)
listen(r1, 0x0)
r2 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080), 0x10)
r3 = socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000"], 0x48)
writev(r3, &(0x7f0000000280)=[{&(0x7f00000000c0)="e82c0e93bf29dba97925ce77cc9c63e0a608a9b549ddecfabab1ee14e78e7e3b46714c87827817c31d1940bae1a199ca11a1eb65995ade5e4c831839e81ba5b458aa141a18db15d1dbf3", 0x4a}, {&(0x7f0000000140)="14186d6285c6fecbcca8a293acefd9ce4117ad02e1d23bc858bbc7a5874877e1fb5397539e59ea4c24765558fc8c7e189e401d40ddfa051346c2c62895d353186f69e85f53de789916f3ebf725e5007e760f3ea3eb4095ae3f6f28b97f218d7d4bca039ebd11c2f636d44962416b2aae65dc8ef0e937176ef852b69a", 0x7c}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0xc, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
close(0x4)
r4 = syz_io_uring_setup(0x4f90, &(0x7f0000000f80)={0x0, 0xd8e, 0x3180, 0x7ffc, 0x40024e}, 0x0, &(0x7f0000000080))
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000440), 0x3ff, 0x0)
ioctl$VIDIOC_STREAMOFF(r5, 0x40045613, &(0x7f0000000200)=0x1)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_SETWSUBD(r6, 0x6411)

1.035171521s ago: executing program 5 (id=4469):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
readv(r0, &(0x7f0000000680)=[{&(0x7f0000000140)=""/147, 0x93}], 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000003780), r1)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000000340), 0x0, 0x0)
ioctl$CEC_DQEVENT(r5, 0xc0506107, 0x0)
ioctl$CEC_DQEVENT(r5, 0xc0506107, &(0x7f0000000080))

1.015693056s ago: executing program 1 (id=4470):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(r1)
r3 = open(&(0x7f0000000300)='./file0\x00', 0x400, 0x0)
fcntl$setlease(r3, 0x400, 0x1)
r4 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r4, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r6, 0x5b02, 0x0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x48240, 0x0)
read$char_usb(r5, 0x0, 0x62)

896.507942ms ago: executing program 6 (id=4471):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
socket$packet(0x11, 0x3, 0x300)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setrlimit(0x7, &(0x7f0000000180)={0xfffffffe, 0x6})
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc", 0xe)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x100800)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x2001, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000700)={'syz1\x00', {0x0, 0x0, 0x0, 0x9}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x4000, 0x0, 0x0, 0x8, 0x0, 0x2000001, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0xfffffffc, 0x4, 0xfffffefe, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x1, 0x9, 0x0, 0x0, 0x80001ff, 0x4, 0x0, 0x1, 0x7fffffff, 0x2, 0x0, 0xfffffffd, 0x5, 0x0, 0xfdfffffd, 0x4, 0x1, 0x0, 0x0, 0x0, 0x5, 0xfffffffe, 0xffffffff, 0x7b67], [0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x9b05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0xfffffff8, 0xfffffffc, 0x2, 0x0, 0x5, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x6, 0x0, 0xffffffff, 0xfffffffc, 0x0, 0x0, 0xc0000, 0xffffffff, 0x1a0d, 0x39, 0xaecd, 0x0, 0x0, 0x3, 0x4], [0x1, 0x0, 0x567, 0x4, 0x0, 0x0, 0x208, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000005, 0x0, 0x0, 0x0, 0x0, 0x8, 0x10000000, 0x0, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xfffffffd, 0x0, 0x3, 0x4000000d, 0xffffffff, 0x0, 0x9, 0x3, 0x0, 0x14, 0x1, 0x0, 0xa, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x1d, 0x400, 0x0, 0xed0, 0x4000002], [0x0, 0x1ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe, 0xf7b, 0x0, 0x0, 0x0, 0x4080, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x3e8, 0xfffffffd, 0x10000001, 0x0, 0x0, 0x5861, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x101, 0xfffffffe, 0x0, 0x8949, 0x0, 0x2]}, 0x45c)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB="400000001800150000000000ffffffff0a2000000202000000000000240009801c00000008000000140005"], 0x40}], 0x1}, 0x0)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3)
r4 = openat$iommufd(0xffffff9c, &(0x7f0000000000), 0x24001, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x3, 0x2e, &(0x7f0000000040)="e4fc481d446b0bad51069ec0dc7f2a5f77e2e15e9ce98224bfcdd68b7fcd07cd99211328e0682f8fa694bd061d5d", 0x5})
openat$ppp(0xffffff9c, 0x0, 0x4340, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000001880))
syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x6d9b, 0x2000, 0xfffffffe}, 0x0, &(0x7f0000000280)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

425.915165ms ago: executing program 0 (id=4472):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
readv(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)=""/218, 0xda}, {0x0, 0x20}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000600)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001a05000000bd7000ffdbdf2500000010ea5e127175df4f74ae4557f1a0840e7e019b359eccceab115cd72b9acec3208781e206a4c84bb2844c2c37d494af90a00813e34fe37ad3ae590e30a46bd21fb443704cc63b36ff23030e60ab4f1769c881adccc6af2889259f8eef933c1e50b736acd71eb76f9df0cd911034c04583648623c81799944cec6d759170810d807a38a07526eb49c892d52f8a5ec9519bce33c8dad1a5f34231acb5e0f4984de5a138ce9ed07f5e5e1241d62b206a0e04f3e0717f826b5362a5ededf77673fc29"], 0x14}}, 0x20000020)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x2d}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x14, 0x2}})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
r4 = syz_io_uring_setup(0x487, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000001180)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x80, 0x80}, [@RTA_DST={0x8, 0x1, @broadcast}]}, 0x24}}, 0x20000050)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r4})
io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

274.537881ms ago: executing program 0 (id=4473):
r0 = openat$vim2m(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x0, 0x1, 0x1, 0x0, 0x4})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={0x0}, 0x1, 0x0, 0x0, 0x4000800}, 0x0)

230.384877ms ago: executing program 0 (id=4474):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f0000000600)="9e"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0)

46.432585ms ago: executing program 6 (id=4475):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1c42, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500280600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a0e18eb27d5b5116d9e05f1c6fca4c92d29badaed6406c915d85b16800a76cac3a6b9f8d37e20518d87704498206fc4aceb9e3a05769af03815c786a51f5a803b41ea71c1050ae44cb10fcf34c6dcfe14376f93d57033bca9998ed0260"], 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'gretap0\x00'})
socket(0xa, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x358, 0x800000000000)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f00000000c0)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

0s ago: executing program 5 (id=4476):
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x46, &(0x7f00000003c0)=ANY=[], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00'}, 0x94)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000000)={0x1}, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000640)={'macvtap0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x80)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@setlink={0x2c, 0x13, 0x1, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, 0x1ee86, 0x409}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r3}]}]}, 0x2c}}, 0x24008844)
dup3(r1, r3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@dellink={0x20, 0x11, 0x1, 0x70bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r2, 0xc0a742c700a80d57, 0x25aa6}}, 0x20}}, 0x2000e844)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x512, &(0x7f0000000280)={0x0, 0xc65f, 0x0, 0x9, 0x240}, &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000040)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r5, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x0, 0x2121, 0x0, {0x3}})

kernel console output (not intermixed with test programs):

.243353][T20388] CPU: 1 UID: 0 PID: 20388 Comm: syz.5.4163 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  845.243376][T20388] Tainted: [L]=SOFTLOCKUP
[  845.243380][T20388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  845.243386][T20388] Call Trace:
[  845.243391][T20388]  <TASK>
[  845.243396][T20388]  dump_stack_lvl+0x100/0x190
[  845.243413][T20388]  should_fail_ex.cold+0x5/0xa
[  845.243431][T20388]  should_failslab+0xc2/0x120
[  845.243447][T20388]  ? tomoyo_realpath_from_path+0xb6/0x690
[  845.243471][T20388]  __kmalloc_noprof+0xf6/0x9c0
[  845.243487][T20388]  ? tomoyo_realpath_from_path+0xb6/0x690
[  845.243498][T20388]  tomoyo_realpath_from_path+0xb6/0x690
[  845.243513][T20388]  tomoyo_path_number_perm+0x23c/0x580
[  845.243528][T20388]  ? tomoyo_path_number_perm+0x22e/0x580
[  845.243546][T20388]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  845.243576][T20388]  ? find_held_lock+0x2b/0x80
[  845.243587][T20388]  ? hook_file_ioctl_common+0x146/0x410
[  845.243604][T20388]  ? __fget_files+0x215/0x3d0
[  845.243618][T20388]  ? __fget_files+0x21f/0x3d0
[  845.243632][T20388]  security_file_ioctl_compat+0xd3/0x230
[  845.243651][T20388]  __ia32_compat_sys_ioctl+0xc2/0x360
[  845.243671][T20388]  __do_fast_syscall_32+0xde/0x660
[  845.243687][T20388]  do_fast_syscall_32+0x32/0x70
[  845.243702][T20388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  845.243716][T20388] RIP: 0023:0xf743d579
[  845.243725][T20388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  845.243736][T20388] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  845.243747][T20388] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0845657
[  845.243754][T20388] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[  845.243761][T20388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  845.243767][T20388] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  845.243774][T20388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  845.243788][T20388]  </TASK>
[  845.319591][T20388] ERROR: Out of memory at tomoyo_realpath_from_path.
[  845.331810][T20390] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  845.333783][T15274] usb 5-1: USB disconnect, device number 33
[  846.031080][T20408] FAULT_INJECTION: forcing a failure.
[  846.031080][T20408] name failslab, interval 1, probability 0, space 0, times 0
[  846.035244][T20408] CPU: 3 UID: 0 PID: 20408 Comm: syz.6.4168 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  846.035264][T20408] Tainted: [L]=SOFTLOCKUP
[  846.035268][T20408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  846.035274][T20408] Call Trace:
[  846.035279][T20408]  <TASK>
[  846.035283][T20408]  dump_stack_lvl+0x100/0x190
[  846.035301][T20408]  should_fail_ex.cold+0x5/0xa
[  846.035319][T20408]  should_failslab+0xc2/0x120
[  846.035336][T20408]  ? tomoyo_realpath_from_path+0xb6/0x690
[  846.035347][T20408]  __kmalloc_noprof+0xf6/0x9c0
[  846.035362][T20408]  ? tomoyo_realpath_from_path+0xb6/0x690
[  846.035373][T20408]  tomoyo_realpath_from_path+0xb6/0x690
[  846.035388][T20408]  tomoyo_path_number_perm+0x23c/0x580
[  846.035409][T20408]  ? tomoyo_path_number_perm+0x22e/0x580
[  846.035427][T20408]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  846.035457][T20408]  ? find_held_lock+0x2b/0x80
[  846.035468][T20408]  ? hook_file_ioctl_common+0x146/0x410
[  846.035484][T20408]  ? __fget_files+0x215/0x3d0
[  846.035499][T20408]  ? __fget_files+0x21f/0x3d0
[  846.035513][T20408]  security_file_ioctl_compat+0xd3/0x230
[  846.035531][T20408]  __ia32_compat_sys_ioctl+0xc2/0x360
[  846.035552][T20408]  __do_fast_syscall_32+0xde/0x660
[  846.035568][T20408]  do_fast_syscall_32+0x32/0x70
[  846.035583][T20408]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  846.035597][T20408] RIP: 0023:0xf73fd579
[  846.035607][T20408] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  846.035618][T20408] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  846.035629][T20408] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  846.035636][T20408] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  846.035643][T20408] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  846.035649][T20408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  846.035656][T20408] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  846.035670][T20408]  </TASK>
[  846.035675][T20408] ERROR: Out of memory at tomoyo_realpath_from_path.
[  846.127527][T20408] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  846.160131][T20406] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  846.270169][T20413] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  846.433633][ T5941] Bluetooth: hci0: command 0x0406 tx timeout
[  846.451118][T20427] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4174'.
[  846.922978][  T843] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  847.074054][  T843] usb 11-1: Using ep0 maxpacket: 32
[  847.079668][  T843] usb 11-1: config 0 has an invalid interface number: 67 but max is 0
[  847.083129][  T843] usb 11-1: config 0 has no interface number 0
[  847.169423][   T34] usb 38-1: device descriptor read/8, error -110
[  847.465862][  T843] usb 11-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  847.469488][  T843] usb 11-1: New USB device strings: Mfr=1, Product=235, SerialNumber=2
[  847.472364][  T843] usb 11-1: Product: syz
[  847.473942][  T843] usb 11-1: Manufacturer: syz
[  847.475489][  T843] usb 11-1: SerialNumber: syz
[  847.481272][  T843] usb 11-1: config 0 descriptor??
[  847.487562][  T843] smsc95xx v2.0.0
[  847.488813][  T843] smsc95xx 11-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  847.492292][  T843] smsc95xx 11-1:0.67: probe with driver smsc95xx failed with error -22
[  847.729004][ T6441] usb 11-1: USB disconnect, device number 3
[  847.732995][   T34] usb usb38-port1: attempt power cycle
[  848.027087][T19262] udevd[19262]: setting owner of /dev/loop0 to uid=0, gid=6 failed: No such file or directory
[  848.054842][T19262] udevd[19262]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  848.360145][   T34] usb usb38-port1: unable to enumerate USB device
[  848.616129][T20456] FAULT_INJECTION: forcing a failure.
[  848.616129][T20456] name failslab, interval 1, probability 0, space 0, times 0
[  848.620464][T20456] CPU: 2 UID: 0 PID: 20456 Comm: syz.0.4184 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  848.620484][T20456] Tainted: [L]=SOFTLOCKUP
[  848.620488][T20456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  848.620495][T20456] Call Trace:
[  848.620500][T20456]  <TASK>
[  848.620505][T20456]  dump_stack_lvl+0x100/0x190
[  848.620538][T20456]  should_fail_ex.cold+0x5/0xa
[  848.620557][T20456]  should_failslab+0xc2/0x120
[  848.620573][T20456]  kmem_cache_alloc_noprof+0x83/0x780
[  848.620588][T20456]  ? mas_data_end+0x162/0x280
[  848.620610][T20456]  ? vm_area_dup+0x27/0x8e0
[  848.620624][T20456]  ? vm_area_dup+0x27/0x8e0
[  848.620635][T20456]  vm_area_dup+0x27/0x8e0
[  848.620647][T20456]  __split_vma+0x18c/0xe30
[  848.620662][T20456]  ? __pfx___split_vma+0x10/0x10
[  848.620677][T20456]  ? __pfx_mas_prev+0x10/0x10
[  848.620695][T20456]  vms_gather_munmap_vmas+0x3aa/0x1320
[  848.620710][T20456]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  848.620726][T20456]  ? mas_walk+0x6ef/0x9b0
[  848.620742][T20456]  __mmap_region+0x46e/0x2820
[  848.620756][T20456]  ? __lock_acquire+0x4a5/0x2630
[  848.620771][T20456]  ? __pfx___mmap_region+0x10/0x10
[  848.620790][T20456]  ? find_held_lock+0x2b/0x80
[  848.620804][T20456]  ? is_bpf_text_address+0x8a/0x1a0
[  848.620825][T20456]  ? is_bpf_text_address+0x8a/0x1a0
[  848.620843][T20456]  ? bpf_ksym_find+0x124/0x1c0
[  848.620857][T20456]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  848.620871][T20456]  ? is_bpf_text_address+0x94/0x1a0
[  848.620889][T20456]  ? kernel_text_address+0x8d/0x100
[  848.620931][T20456]  ? mm_get_unmapped_area_vmflags+0xd7/0x130
[  848.620953][T20456]  mmap_region+0x180/0x3e0
[  848.620969][T20456]  do_mmap+0xc63/0x12f0
[  848.620988][T20456]  ? __pfx_do_mmap+0x10/0x10
[  848.621004][T20456]  ? __pfx_down_write_killable+0x10/0x10
[  848.621023][T20456]  vm_mmap_pgoff+0x29e/0x470
[  848.621043][T20456]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  848.621060][T20456]  ? __fget_files+0x21f/0x3d0
[  848.621075][T20456]  ? fput+0x79/0x100
[  848.621091][T20456]  ksys_mmap_pgoff+0x7d/0x5b0
[  848.621108][T20456]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  848.621125][T20456]  __do_fast_syscall_32+0xde/0x660
[  848.621142][T20456]  do_fast_syscall_32+0x32/0x70
[  848.621156][T20456]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  848.621170][T20456] RIP: 0023:0xf7fb7579
[  848.621179][T20456] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  848.621190][T20456] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  848.621201][T20456] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000
[  848.621208][T20456] RDX: 0000000006ebbeee RSI: 0000000000008031 RDI: 00000000ffffffff
[  848.621215][T20456] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  848.621221][T20456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  848.621228][T20456] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  848.621241][T20456]  </TASK>
[  848.850787][T20457] netlink: 'syz.6.4182': attribute type 21 has an invalid length.
[  849.424914][T20469] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  849.427272][T20469] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  849.439096][T20469] vhci_hcd vhci_hcd.0: Device attached
[  849.705202][T20206] usb 48-1: SetAddress Request (34) to port 0
[  849.707979][T20206] usb 48-1: new SuperSpeed USB device number 34 using vhci_hcd
[  849.900244][T20482] FAULT_INJECTION: forcing a failure.
[  849.900244][T20482] name failslab, interval 1, probability 0, space 0, times 0
[  849.906302][T20482] CPU: 3 UID: 0 PID: 20482 Comm: syz.6.4188 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  849.906331][T20482] Tainted: [L]=SOFTLOCKUP
[  849.906337][T20482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  849.906346][T20482] Call Trace:
[  849.906352][T20482]  <TASK>
[  849.906359][T20482]  dump_stack_lvl+0x100/0x190
[  849.906384][T20482]  should_fail_ex.cold+0x5/0xa
[  849.906410][T20482]  should_failslab+0xc2/0x120
[  849.906432][T20482]  ? tomoyo_realpath_from_path+0xb6/0x690
[  849.906459][T20482]  __kmalloc_noprof+0xf6/0x9c0
[  849.906483][T20482]  ? tomoyo_realpath_from_path+0xb6/0x690
[  849.906498][T20482]  tomoyo_realpath_from_path+0xb6/0x690
[  849.906520][T20482]  tomoyo_path_number_perm+0x23c/0x580
[  849.906542][T20482]  ? tomoyo_path_number_perm+0x22e/0x580
[  849.906566][T20482]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  849.906613][T20482]  ? find_held_lock+0x2b/0x80
[  849.906629][T20482]  ? hook_file_ioctl_common+0x146/0x410
[  849.906651][T20482]  ? __fget_files+0x215/0x3d0
[  849.906673][T20482]  ? __fget_files+0x21f/0x3d0
[  849.906694][T20482]  security_file_ioctl_compat+0xd3/0x230
[  849.906718][T20482]  __ia32_compat_sys_ioctl+0xc2/0x360
[  849.906746][T20482]  __do_fast_syscall_32+0xde/0x660
[  849.906770][T20482]  do_fast_syscall_32+0x32/0x70
[  849.906790][T20482]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  849.906810][T20482] RIP: 0023:0xf73fd579
[  849.906823][T20482] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  849.906839][T20482] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  849.906856][T20482] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040104d14
[  849.906867][T20482] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  849.906877][T20482] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  849.906886][T20482] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  849.906896][T20482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  849.906921][T20482]  </TASK>
[  849.906929][T20482] ERROR: Out of memory at tomoyo_realpath_from_path.
[  850.035852][T20470] vhci_hcd: connection reset by peer
[  850.037931][   T12] vhci_hcd vhci_hcd.5: stop threads
[  850.039710][   T12] vhci_hcd vhci_hcd.5: release socket
[  850.041711][   T12] vhci_hcd vhci_hcd.5: disconnect device
[  850.056137][   T34] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  850.064098][T20485] FAULT_INJECTION: forcing a failure.
[  850.064098][T20485] name failslab, interval 1, probability 0, space 0, times 0
[  850.070658][T20485] CPU: 3 UID: 0 PID: 20485 Comm: syz.6.4191 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  850.070685][T20485] Tainted: [L]=SOFTLOCKUP
[  850.070690][T20485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  850.070700][T20485] Call Trace:
[  850.070706][T20485]  <TASK>
[  850.070712][T20485]  dump_stack_lvl+0x100/0x190
[  850.070736][T20485]  should_fail_ex.cold+0x5/0xa
[  850.070762][T20485]  should_failslab+0xc2/0x120
[  850.070784][T20485]  ? tomoyo_realpath_from_path+0xb6/0x690
[  850.070800][T20485]  __kmalloc_noprof+0xf6/0x9c0
[  850.070825][T20485]  ? tomoyo_realpath_from_path+0xb6/0x690
[  850.070840][T20485]  tomoyo_realpath_from_path+0xb6/0x690
[  850.070862][T20485]  tomoyo_path_number_perm+0x23c/0x580
[  850.070885][T20485]  ? tomoyo_path_number_perm+0x22e/0x580
[  850.070909][T20485]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  850.070956][T20485]  ? find_held_lock+0x2b/0x80
[  850.070992][T20485]  ? hook_file_ioctl_common+0x146/0x410
[  850.071016][T20485]  ? __fget_files+0x215/0x3d0
[  850.071037][T20485]  ? __fget_files+0x21f/0x3d0
[  850.071058][T20485]  security_file_ioctl_compat+0xd3/0x230
[  850.071098][T20485]  __ia32_compat_sys_ioctl+0xc2/0x360
[  850.071126][T20485]  __do_fast_syscall_32+0xde/0x660
[  850.071149][T20485]  do_fast_syscall_32+0x32/0x70
[  850.071169][T20485]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  850.071190][T20485] RIP: 0023:0xf73fd579
[  850.071203][T20485] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  850.071218][T20485] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  850.071234][T20485] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004068aea3
[  850.071244][T20485] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  850.071254][T20485] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  850.071263][T20485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  850.071273][T20485] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  850.071297][T20485]  </TASK>
[  850.071414][T20485] ERROR: Out of memory at tomoyo_realpath_from_path.
[  850.233523][   T34] usb 6-1: Using ep0 maxpacket: 32
[  850.240865][   T34] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  850.244173][   T34] usb 6-1: config 0 has no interface number 0
[  850.251774][   T34] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  850.259011][   T34] usb 6-1: New USB device strings: Mfr=1, Product=235, SerialNumber=2
[  850.262388][   T34] usb 6-1: Product: syz
[  850.264653][   T34] usb 6-1: Manufacturer: syz
[  850.266619][   T34] usb 6-1: SerialNumber: syz
[  850.271224][   T34] usb 6-1: config 0 descriptor??
[  850.275663][   T34] smsc95xx v2.0.0
[  850.277094][   T34] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  850.281470][   T34] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -22
[  850.516210][   T24] usb 6-1: USB disconnect, device number 45
[  850.813517][ T5941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  850.819042][ T5941] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  850.824339][ T5941] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  850.833327][ T5941] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  850.843855][ T5941] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  850.853912][T15274] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  851.017899][T15274] usb 11-1: too many configurations: 9, using maximum allowed: 8
[  851.024566][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.028335][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.033890][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.045870][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.050108][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.054240][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.070014][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.090258][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.100373][T20498] chnl_net:caif_netlink_parms(): no params data found
[  851.107467][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.126959][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.138976][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.144666][T20498] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.147047][T20498] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.149471][T20498] bridge_slave_0: entered allmulticast mode
[  851.152179][T20498] bridge_slave_0: entered promiscuous mode
[  851.157381][T20498] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.159761][T20498] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.162116][T20498] bridge_slave_1: entered allmulticast mode
[  851.163642][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.164822][T20498] bridge_slave_1: entered promiscuous mode
[  851.179226][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.182783][T20498] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  851.182977][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.187857][T20498] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  851.204984][T20498] team0: Port device team_slave_0 added
[  851.208135][T20498] team0: Port device team_slave_1 added
[  851.208960][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.221417][T20498] batman_adv: batadv0: Adding interface: batadv_slave_0
[  851.223627][T20498] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  851.228461][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.231418][T20498] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  851.232741][T20498] batman_adv: batadv0: Adding interface: batadv_slave_1
[  851.239933][T20498] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  851.248019][T20498] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  851.252126][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.266160][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.270446][T20498] hsr_slave_0: entered promiscuous mode
[  851.272870][T20498] hsr_slave_1: entered promiscuous mode
[  851.275100][T20498] debugfs: 'hsr0' already exists in 'hsr'
[  851.276983][T20498] Cannot create hsr debugfs directory
[  851.289040][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.304093][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.317836][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.333808][T15274] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.338003][T15274] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.341873][T15274] usb 11-1: config 0 interface 0 has no altsetting 0
[  851.354647][T15274] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  851.358069][T15274] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  851.361819][T15274] usb 11-1: Product: syz
[  851.369022][T15274] usb 11-1: Manufacturer: syz
[  851.371155][T15274] usb 11-1: SerialNumber: syz
[  851.377194][T20498] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  851.395284][T15274] usb 11-1: config 0 descriptor??
[  851.517153][T15274] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0
[  851.526025][T20498] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  851.584043][   T24] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  851.597839][T20498] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  851.649756][   T61] smc: removing ib device syz1
[  851.710398][T20498] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0
[  851.736654][    C0] usb 11-1: yurex_control_callback - control failed: -71
[  851.736880][   T60] usb 11-1: USB disconnect, device number 4
[  851.746006][   T60] yurex 11-1:0.0: USB YUREX #0 now disconnected
[  851.754286][   T24] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  851.758091][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.761690][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.766505][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.770166][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.774345][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.781022][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.785031][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.788717][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.792674][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.799454][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.803090][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.807804][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.811380][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.815367][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.819798][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.834336][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.837940][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.842008][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.854494][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.857998][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.862154][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.885666][   T24] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  851.889183][   T24] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  851.893391][   T24] usb 6-1: config 0 interface 0 has no altsetting 0
[  851.907198][   T24] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  851.910918][   T24] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  851.922022][   T24] usb 6-1: Product: syz
[  851.924184][   T24] usb 6-1: Manufacturer: syz
[  851.926094][   T24] usb 6-1: SerialNumber: syz
[  851.933092][   T24] usb 6-1: config 0 descriptor??
[  851.977413][   T24] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  852.100567][T20498] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  852.109506][T20498] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  852.125486][T20498] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  852.132575][T20498] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  852.139124][T20507] FAULT_INJECTION: forcing a failure.
[  852.139124][T20507] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  852.153644][T20507] CPU: 2 UID: 0 PID: 20507 Comm: syz.1.4198 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  852.153673][T20507] Tainted: [L]=SOFTLOCKUP
[  852.153679][T20507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  852.153689][T20507] Call Trace:
[  852.153696][T20507]  <TASK>
[  852.153703][T20507]  dump_stack_lvl+0x100/0x190
[  852.153743][T20507]  should_fail_ex.cold+0x5/0xa
[  852.153771][T20507]  _copy_from_user+0x2e/0xd0
[  852.153797][T20507]  yurex_write+0x20b/0x910
[  852.153822][T20507]  ? __pfx_yurex_write+0x10/0x10
[  852.153845][T20507]  ? __pfx_autoremove_wake_function+0x10/0x10
[  852.153866][T20507]  ? common_file_perm+0x1ab/0x4f0
[  852.153893][T20507]  ? bpf_lsm_file_permission+0x9/0x10
[  852.153936][T20507]  ? security_file_permission+0x76/0x210
[  852.153962][T20507]  ? rw_verify_area+0xce/0x6d0
[  852.153986][T20507]  vfs_write+0x2aa/0x1070
[  852.154004][T20507]  ? __pfx_yurex_write+0x10/0x10
[  852.154025][T20507]  ? __pfx_vfs_write+0x10/0x10
[  852.154045][T20507]  ? find_held_lock+0x2b/0x80
[  852.154060][T20507]  ? __fget_files+0x215/0x3d0
[  852.154110][T20507]  ? __fget_files+0x215/0x3d0
[  852.154130][T20507]  ? __fget_files+0x21f/0x3d0
[  852.154154][T20507]  ksys_write+0x12a/0x250
[  852.154171][T20507]  ? __pfx_ksys_write+0x10/0x10
[  852.154189][T20507]  ? __pfx_ksys_write+0x10/0x10
[  852.154212][T20507]  __do_fast_syscall_32+0xde/0x660
[  852.154236][T20507]  do_fast_syscall_32+0x32/0x70
[  852.154257][T20507]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  852.154277][T20507] RIP: 0023:0xf746d579
[  852.154291][T20507] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  852.154307][T20507] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  852.154324][T20507] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0
[  852.154334][T20507] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  852.154343][T20507] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  852.154352][T20507] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  852.154362][T20507] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  852.154385][T20507]  </TASK>
[  852.194219][T20498] 8021q: adding VLAN 0 to HW filter on device bond0
[  852.195677][   T24] usb 6-1: USB disconnect, device number 46
[  852.208858][T20498] 8021q: adding VLAN 0 to HW filter on device team0
[  852.211739][   T24] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  852.233620][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  852.251410][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  852.285558][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.288532][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  852.454446][   T61] bridge_slave_1: left allmulticast mode
[  852.456809][   T61] bridge_slave_1: left promiscuous mode
[  852.459291][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.463756][   T61] bridge_slave_0: left allmulticast mode
[  852.465996][   T61] bridge_slave_0: left promiscuous mode
[  852.468536][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.913791][T18285] Bluetooth: hci3: command tx timeout
[  852.997526][T20534] FAULT_INJECTION: forcing a failure.
[  852.997526][T20534] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  853.003224][T20534] CPU: 3 UID: 0 PID: 20534 Comm: syz.1.4202 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  853.003255][T20534] Tainted: [L]=SOFTLOCKUP
[  853.003262][T20534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  853.003272][T20534] Call Trace:
[  853.003280][T20534]  <TASK>
[  853.003287][T20534]  dump_stack_lvl+0x100/0x190
[  853.003315][T20534]  should_fail_ex.cold+0x5/0xa
[  853.003345][T20534]  _copy_from_user+0x2e/0xd0
[  853.003378][T20534]  get_compat_msghdr+0xb3/0x4b0
[  853.003406][T20534]  ? __pfx_get_compat_msghdr+0x10/0x10
[  853.003441][T20534]  ___sys_sendmsg+0x1b6/0x1e0
[  853.003479][T20534]  ? __pfx____sys_sendmsg+0x10/0x10
[  853.003526][T20534]  __sys_sendmsg+0x170/0x220
[  853.003552][T20534]  ? __pfx___sys_sendmsg+0x10/0x10
[  853.003586][T20534]  ? __pfx_ksys_write+0x10/0x10
[  853.003612][T20534]  __do_fast_syscall_32+0xde/0x660
[  853.003638][T20534]  do_fast_syscall_32+0x32/0x70
[  853.003660][T20534]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  853.003682][T20534] RIP: 0023:0xf746d579
[  853.003696][T20534] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  853.003714][T20534] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  853.003732][T20534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001d00
[  853.003744][T20534] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  853.003754][T20534] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  853.003764][T20534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  853.003775][T20534] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  853.003798][T20534]  </TASK>
[  853.204650][   T61] bond1 (unregistering): (slave bond0): Releasing active interface
[  853.211305][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  853.217573][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  853.222179][   T61] bond0 (unregistering): Released all slaves
[  853.312669][   T61] bond1 (unregistering): Released all slaves
[  853.507417][T20498] 8021q: adding VLAN 0 to HW filter on device batadv0
[  853.532589][T20498] veth0_vlan: entered promiscuous mode
[  853.538166][T20498] veth1_vlan: entered promiscuous mode
[  853.609132][T20498] veth0_macvtap: entered promiscuous mode
[  853.618811][T20498] veth1_macvtap: entered promiscuous mode
[  853.629842][T20498] batman_adv: batadv0: Interface activated: batadv_slave_0
[  853.637275][T20498] batman_adv: batadv0: Interface activated: batadv_slave_1
[  853.648290][   T46] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  853.653694][   T46] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  853.658032][   T46] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  853.660911][   T46] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  853.747263][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  853.750212][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  853.801685][T20547] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  853.806567][   T61] hsr_slave_0: left promiscuous mode
[  853.815452][   T61] hsr_slave_1: left promiscuous mode
[  853.821518][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  853.835008][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  853.887907][ T5981] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  854.043586][ T5981] usb 11-1: Using ep0 maxpacket: 32
[  854.047394][ T5981] usb 11-1: config 0 has an invalid interface number: 67 but max is 0
[  854.050124][ T5981] usb 11-1: config 0 has no interface number 0
[  854.054490][ T5981] usb 11-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  854.057504][ T5981] usb 11-1: New USB device strings: Mfr=1, Product=235, SerialNumber=2
[  854.060171][ T5981] usb 11-1: Product: syz
[  854.061925][ T5981] usb 11-1: Manufacturer: syz
[  854.064006][ T5981] usb 11-1: SerialNumber: syz
[  854.067771][ T5981] usb 11-1: config 0 descriptor??
[  854.077173][ T5981] smsc95xx v2.0.0
[  854.078734][ T5981] smsc95xx 11-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  854.082592][ T5981] smsc95xx 11-1:0.67: probe with driver smsc95xx failed with error -22
[  854.449921][   T34] usb 11-1: USB disconnect, device number 5
[  854.994754][T18285] Bluetooth: hci3: command tx timeout
[  855.211275][T20206] usb 48-1: device descriptor read/8, error -110
[  855.424756][T20561] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4209'.
[  855.553787][T17929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  855.556828][T17929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  855.603980][T20206] usb usb48-port1: attempt power cycle
[  855.609464][T20565] cgroup: Invalid name
[  855.764839][T20572] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4212'.
[  855.768759][T20572] IPv6: NLM_F_CREATE should be specified when creating new route
[  856.130339][T20580] FAULT_INJECTION: forcing a failure.
[  856.130339][T20580] name failslab, interval 1, probability 0, space 0, times 0
[  856.134790][T20580] CPU: 2 UID: 0 PID: 20580 Comm: syz.5.4215 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  856.134809][T20580] Tainted: [L]=SOFTLOCKUP
[  856.134813][T20580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  856.134820][T20580] Call Trace:
[  856.134824][T20580]  <TASK>
[  856.134829][T20580]  dump_stack_lvl+0x100/0x190
[  856.134846][T20580]  should_fail_ex.cold+0x5/0xa
[  856.134865][T20580]  should_failslab+0xc2/0x120
[  856.134881][T20580]  ? tomoyo_realpath_from_path+0xb6/0x690
[  856.134892][T20580]  __kmalloc_noprof+0xf6/0x9c0
[  856.134908][T20580]  ? tomoyo_realpath_from_path+0xb6/0x690
[  856.134919][T20580]  tomoyo_realpath_from_path+0xb6/0x690
[  856.134933][T20580]  tomoyo_path_number_perm+0x23c/0x580
[  856.134949][T20580]  ? tomoyo_path_number_perm+0x22e/0x580
[  856.134966][T20580]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  856.134997][T20580]  ? find_held_lock+0x2b/0x80
[  856.135008][T20580]  ? hook_file_ioctl_common+0x146/0x410
[  856.135024][T20580]  ? __fget_files+0x215/0x3d0
[  856.135039][T20580]  ? __fget_files+0x21f/0x3d0
[  856.135053][T20580]  security_file_ioctl_compat+0xd3/0x230
[  856.135071][T20580]  __ia32_compat_sys_ioctl+0xc2/0x360
[  856.135096][T20580]  __do_fast_syscall_32+0xde/0x660
[  856.135113][T20580]  do_fast_syscall_32+0x32/0x70
[  856.135127][T20580]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  856.135141][T20580] RIP: 0023:0xf743d579
[  856.135150][T20580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  856.135161][T20580] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  856.135172][T20580] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  856.135179][T20580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  856.135186][T20580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  856.135192][T20580] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  856.135199][T20580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  856.135212][T20580]  </TASK>
[  856.135218][T20580] ERROR: Out of memory at tomoyo_realpath_from_path.
[  856.484115][T20206] usb usb48-port1: unable to enumerate USB device
[  856.706881][T20589] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  856.709180][T20589] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  856.711930][T20589] vhci_hcd vhci_hcd.0: Device attached
[  856.879647][T20600] FAULT_INJECTION: forcing a failure.
[  856.879647][T20600] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  856.885760][T20600] CPU: 3 UID: 0 PID: 20600 Comm: syz.6.4220 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  856.885779][T20600] Tainted: [L]=SOFTLOCKUP
[  856.885783][T20600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  856.885790][T20600] Call Trace:
[  856.885794][T20600]  <TASK>
[  856.885799][T20600]  dump_stack_lvl+0x100/0x190
[  856.885816][T20600]  should_fail_ex.cold+0x5/0xa
[  856.885850][T20600]  _copy_from_user+0x2e/0xd0
[  856.885870][T20600]  get_compat_msghdr+0xb3/0x4b0
[  856.885888][T20600]  ? __pfx_get_compat_msghdr+0x10/0x10
[  856.885905][T20600]  ? __pfx_do_swap_page+0x10/0x10
[  856.885921][T20600]  ___sys_sendmsg+0x1b6/0x1e0
[  856.885935][T20600]  ? __pfx____sys_sendmsg+0x10/0x10
[  856.885948][T20600]  ? ___pte_offset_map+0x179/0x310
[  856.885979][T20600]  __sys_sendmsg+0x170/0x220
[  856.885997][T20600]  ? __pfx___sys_sendmsg+0x10/0x10
[  856.886044][T20600]  __do_fast_syscall_32+0xde/0x660
[  856.886069][T20600]  do_fast_syscall_32+0x32/0x70
[  856.886088][T20600]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  856.886103][T20600] RIP: 0023:0xf73fd579
[  856.886112][T20600] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  856.886123][T20600] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  856.886135][T20600] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  856.886142][T20600] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  856.886148][T20600] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  856.886155][T20600] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  856.886161][T20600] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  856.886175][T20600]  </TASK>
[  857.014989][   T34] usb 48-1: SetAddress Request (38) to port 0
[  857.017928][   T34] usb 48-1: new SuperSpeed USB device number 38 using vhci_hcd
[  857.073795][T18285] Bluetooth: hci3: command tx timeout
[  858.649969][T20591] vhci_hcd: connection reset by peer
[  858.652149][T17929] vhci_hcd vhci_hcd.5: stop threads
[  858.654120][T17929] vhci_hcd vhci_hcd.5: release socket
[  858.657412][T17929] vhci_hcd vhci_hcd.5: disconnect device
[  859.163729][T18285] Bluetooth: hci3: command tx timeout
[  859.851367][T20639] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  859.946173][T20643] FAULT_INJECTION: forcing a failure.
[  859.946173][T20643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  859.952102][T20643] CPU: 0 UID: 0 PID: 20643 Comm: syz.5.4233 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  859.952144][T20643] Tainted: [L]=SOFTLOCKUP
[  859.952151][T20643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  859.952161][T20643] Call Trace:
[  859.952170][T20643]  <TASK>
[  859.952177][T20643]  dump_stack_lvl+0x100/0x190
[  859.952203][T20643]  should_fail_ex.cold+0x5/0xa
[  859.952230][T20643]  _copy_from_user+0x2e/0xd0
[  859.952258][T20643]  get_compat_msghdr+0xb3/0x4b0
[  859.952286][T20643]  ? __pfx_get_compat_msghdr+0x10/0x10
[  859.952323][T20643]  ___sys_sendmsg+0x1b6/0x1e0
[  859.952346][T20643]  ? __pfx____sys_sendmsg+0x10/0x10
[  859.952391][T20643]  __sys_sendmsg+0x170/0x220
[  859.952418][T20643]  ? __pfx___sys_sendmsg+0x10/0x10
[  859.952452][T20643]  ? __pfx_ksys_write+0x10/0x10
[  859.952555][T20643]  __do_fast_syscall_32+0xde/0x660
[  859.952584][T20643]  do_fast_syscall_32+0x32/0x70
[  859.952606][T20643]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  859.952627][T20643] RIP: 0023:0xf743d579
[  859.952640][T20643] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  859.952658][T20643] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  859.952675][T20643] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  859.952686][T20643] RDX: 00000000200040c0 RSI: 0000000000000000 RDI: 0000000000000000
[  859.952697][T20643] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  859.952707][T20643] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  859.952717][T20643] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  859.952738][T20643]  </TASK>
[  861.836673][T20676] netlink: 'syz.1.4239': attribute type 21 has an invalid length.
[  862.114190][   T34] usb 48-1: device descriptor read/8, error -110
[  862.503978][   T34] usb usb48-port1: attempt power cycle
[  862.508164][T20697] binder: BINDER_SET_CONTEXT_MGR already set
[  862.511477][T20697] binder: 20696:20697 ioctl 4018620d 80004a80 returned -16
[  862.515555][T20697] binder: 20696:20697 ioctl c0306201 80000280 returned -14
[  862.522980][T20683] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4240'.
[  862.755079][T20706] netlink: 'syz.0.4243': attribute type 21 has an invalid length.
[  863.065018][   T34] usb usb48-port1: unable to enumerate USB device
[  865.191230][T20725] netlink: 'syz.0.4247': attribute type 21 has an invalid length.
[  865.920293][ T5941] Bluetooth: hci2: command 0x0406 tx timeout
[  867.390250][T20750] FAULT_INJECTION: forcing a failure.
[  867.390250][T20750] name failslab, interval 1, probability 0, space 0, times 0
[  867.395193][T20750] CPU: 0 UID: 0 PID: 20750 Comm: syz.5.4253 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  867.395212][T20750] Tainted: [L]=SOFTLOCKUP
[  867.395216][T20750] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  867.395223][T20750] Call Trace:
[  867.395227][T20750]  <TASK>
[  867.395231][T20750]  dump_stack_lvl+0x100/0x190
[  867.395249][T20750]  should_fail_ex.cold+0x5/0xa
[  867.395268][T20750]  should_failslab+0xc2/0x120
[  867.395298][T20750]  ? tomoyo_realpath_from_path+0xb6/0x690
[  867.395309][T20750]  __kmalloc_noprof+0xf6/0x9c0
[  867.395325][T20750]  ? tomoyo_realpath_from_path+0xb6/0x690
[  867.395336][T20750]  tomoyo_realpath_from_path+0xb6/0x690
[  867.395351][T20750]  tomoyo_path_number_perm+0x23c/0x580
[  867.395367][T20750]  ? tomoyo_path_number_perm+0x22e/0x580
[  867.395384][T20750]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  867.395415][T20750]  ? find_held_lock+0x2b/0x80
[  867.395426][T20750]  ? hook_file_ioctl_common+0x146/0x410
[  867.395444][T20750]  ? __fget_files+0x215/0x3d0
[  867.395459][T20750]  ? __fget_files+0x21f/0x3d0
[  867.395473][T20750]  security_file_ioctl_compat+0xd3/0x230
[  867.395491][T20750]  __ia32_compat_sys_ioctl+0xc2/0x360
[  867.395512][T20750]  __do_fast_syscall_32+0xde/0x660
[  867.395528][T20750]  do_fast_syscall_32+0x32/0x70
[  867.395543][T20750]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  867.395557][T20750] RIP: 0023:0xf743d579
[  867.395566][T20750] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  867.395577][T20750] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  867.395588][T20750] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af83
[  867.395596][T20750] RDX: 00000000800016c0 RSI: 0000000000000000 RDI: 0000000000000000
[  867.395602][T20750] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  867.395609][T20750] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  867.395615][T20750] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  867.395629][T20750]  </TASK>
[  867.395666][T20750] ERROR: Out of memory at tomoyo_realpath_from_path.
[  867.500017][T20752] FAULT_INJECTION: forcing a failure.
[  867.500017][T20752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  867.505453][T20752] CPU: 3 UID: 0 PID: 20752 Comm: syz.5.4255 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  867.505481][T20752] Tainted: [L]=SOFTLOCKUP
[  867.505488][T20752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  867.505498][T20752] Call Trace:
[  867.505505][T20752]  <TASK>
[  867.505512][T20752]  dump_stack_lvl+0x100/0x190
[  867.505538][T20752]  should_fail_ex.cold+0x5/0xa
[  867.505568][T20752]  _copy_from_user+0x2e/0xd0
[  867.505596][T20752]  get_old_timespec32+0x82/0x130
[  867.505619][T20752]  ? __pfx_get_old_timespec32+0x10/0x10
[  867.505642][T20752]  ? __pfx_vfs_write+0x10/0x10
[  867.505662][T20752]  ? do_sys_openat2+0x186/0x220
[  867.505689][T20752]  do_compat_pselect+0x1be/0x2b0
[  867.505711][T20752]  ? __pfx_do_compat_pselect+0x10/0x10
[  867.505728][T20752]  ? __ia32_sys_futex_time32+0x2f4/0x470
[  867.505763][T20752]  __ia32_compat_sys_pselect6_time32+0x16c/0x1e0
[  867.505791][T20752]  __do_fast_syscall_32+0xde/0x660
[  867.505817][T20752]  do_fast_syscall_32+0x32/0x70
[  867.505839][T20752]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  867.505861][T20752] RIP: 0023:0xf743d579
[  867.505875][T20752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  867.505892][T20752] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  867.505909][T20752] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000080000500
[  867.505921][T20752] RDX: 0000000000000000 RSI: 0000000080000240 RDI: 0000000080000280
[  867.505954][T20752] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  867.505964][T20752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  867.505974][T20752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  867.506004][T20752]  </TASK>
[  867.587614][T20742] binder: 20741:20742 ioctl c0306201 80000280 returned -14
[  867.692526][T20765] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4256'.
[  867.781834][T20770] FAULT_INJECTION: forcing a failure.
[  867.781834][T20770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  867.794752][T20770] CPU: 2 UID: 0 PID: 20770 Comm: syz.1.4259 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  867.794781][T20770] Tainted: [L]=SOFTLOCKUP
[  867.794787][T20770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  867.794798][T20770] Call Trace:
[  867.794804][T20770]  <TASK>
[  867.794812][T20770]  dump_stack_lvl+0x100/0x190
[  867.794840][T20770]  should_fail_ex.cold+0x5/0xa
[  867.794869][T20770]  _copy_from_user+0x2e/0xd0
[  867.794896][T20770]  do_ipv6_setsockopt+0x74d/0x4400
[  867.794921][T20770]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  867.794937][T20770]  ? aa_label_sk_perm+0x194/0x5f0
[  867.794968][T20770]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  867.795002][T20770]  ? find_held_lock+0x2b/0x80
[  867.795019][T20770]  ? get_pid_task+0xfc/0x250
[  867.795041][T20770]  ? get_pid_task+0xfc/0x250
[  867.795070][T20770]  ? __pfx___might_resched+0x10/0x10
[  867.795097][T20770]  ? __lock_acquire+0x4a5/0x2630
[  867.795122][T20770]  ? aa_sk_perm+0x2de/0xb40
[  867.795149][T20770]  ? ipv6_setsockopt+0xcb/0x170
[  867.795165][T20770]  ipv6_setsockopt+0xcb/0x170
[  867.795184][T20770]  rawv6_setsockopt+0xee/0x5a0
[  867.795210][T20770]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  867.795243][T20770]  ? aa_sock_opt_perm+0xfe/0x1b0
[  867.795262][T20770]  ? sock_common_setsockopt+0x2e/0xf0
[  867.795281][T20770]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  867.795301][T20770]  do_sock_setsockopt+0xf3/0x1d0
[  867.795323][T20770]  __sys_setsockopt+0x119/0x190
[  867.795352][T20770]  __ia32_sys_setsockopt+0xbc/0x160
[  867.795376][T20770]  ? __do_fast_syscall_32+0x97/0x660
[  867.795398][T20770]  ? lockdep_hardirqs_on+0x78/0x100
[  867.795417][T20770]  __do_fast_syscall_32+0xde/0x660
[  867.795441][T20770]  do_fast_syscall_32+0x32/0x70
[  867.795463][T20770]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  867.795485][T20770] RIP: 0023:0xf746d579
[  867.795499][T20770] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  867.795516][T20770] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  867.795533][T20770] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029
[  867.795544][T20770] RDX: 00000000000000cc RSI: 0000000080000100 RDI: 000000000000005c
[  867.795555][T20770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  867.795564][T20770] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  867.795574][T20770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  867.795597][T20770]  </TASK>
[  868.600487][T20779] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  868.603974][T20779] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  868.626620][T20779] vhci_hcd vhci_hcd.0: Device attached
[  868.893878][T18452] usb 38-1: SetAddress Request (38) to port 0
[  868.898772][T18452] usb 38-1: new SuperSpeed USB device number 38 using vhci_hcd
[  868.943015][T20789] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  869.504244][ T5941] Bluetooth: hci2: SCO packet for unknown connection handle 201
[  869.892900][T20780] vhci_hcd: connection reset by peer
[  869.903660][   T73] vhci_hcd vhci_hcd.0: stop threads
[  869.905942][   T73] vhci_hcd vhci_hcd.0: release socket
[  869.909338][   T73] vhci_hcd vhci_hcd.0: disconnect device
[  870.151886][T20802] FAULT_INJECTION: forcing a failure.
[  870.151886][T20802] name failslab, interval 1, probability 0, space 0, times 0
[  870.158922][T20802] CPU: 3 UID: 0 PID: 20802 Comm: syz.6.4267 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  870.158942][T20802] Tainted: [L]=SOFTLOCKUP
[  870.158946][T20802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  870.158953][T20802] Call Trace:
[  870.158957][T20802]  <TASK>
[  870.158961][T20802]  dump_stack_lvl+0x100/0x190
[  870.158984][T20802]  should_fail_ex.cold+0x5/0xa
[  870.159003][T20802]  should_failslab+0xc2/0x120
[  870.159020][T20802]  ? tomoyo_realpath_from_path+0xb6/0x690
[  870.159032][T20802]  __kmalloc_noprof+0xf6/0x9c0
[  870.159048][T20802]  ? tomoyo_realpath_from_path+0xb6/0x690
[  870.159058][T20802]  tomoyo_realpath_from_path+0xb6/0x690
[  870.159073][T20802]  tomoyo_path_number_perm+0x23c/0x580
[  870.159089][T20802]  ? tomoyo_path_number_perm+0x22e/0x580
[  870.159106][T20802]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  870.159137][T20802]  ? find_held_lock+0x2b/0x80
[  870.159148][T20802]  ? hook_file_ioctl_common+0x146/0x410
[  870.159165][T20802]  ? __fget_files+0x215/0x3d0
[  870.159179][T20802]  ? __fget_files+0x21f/0x3d0
[  870.159194][T20802]  security_file_ioctl_compat+0xd3/0x230
[  870.159212][T20802]  __ia32_compat_sys_ioctl+0xc2/0x360
[  870.159233][T20802]  __do_fast_syscall_32+0xde/0x660
[  870.159255][T20802]  do_fast_syscall_32+0x32/0x70
[  870.159273][T20802]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  870.159292][T20802] RIP: 0023:0xf73fd579
[  870.159305][T20802] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  870.159321][T20802] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  870.159339][T20802] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004008ae89
[  870.159350][T20802] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000
[  870.159360][T20802] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  870.159371][T20802] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  870.159381][T20802] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  870.159405][T20802]  </TASK>
[  870.159413][T20802] ERROR: Out of memory at tomoyo_realpath_from_path.
[  870.178020][T20804] futex_wake_op: syz.1.4268 tries to shift op by 32; fix this program
[  873.011920][T20830] FAULT_INJECTION: forcing a failure.
[  873.011920][T20830] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  873.017672][T20830] CPU: 3 UID: 0 PID: 20830 Comm: syz.5.4276 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  873.017700][T20830] Tainted: [L]=SOFTLOCKUP
[  873.017707][T20830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  873.017717][T20830] Call Trace:
[  873.017723][T20830]  <TASK>
[  873.017730][T20830]  dump_stack_lvl+0x100/0x190
[  873.017756][T20830]  should_fail_ex.cold+0x5/0xa
[  873.017784][T20830]  _copy_from_user+0x2e/0xd0
[  873.017811][T20830]  get_compat_msghdr+0xb3/0x4b0
[  873.017838][T20830]  ? __pfx_get_compat_msghdr+0x10/0x10
[  873.017863][T20830]  ? __pfx_do_swap_page+0x10/0x10
[  873.017912][T20830]  ___sys_sendmsg+0x1b6/0x1e0
[  873.017935][T20830]  ? __pfx____sys_sendmsg+0x10/0x10
[  873.017955][T20830]  ? ___pte_offset_map+0x179/0x310
[  873.018005][T20830]  __sys_sendmsg+0x170/0x220
[  873.018031][T20830]  ? __pfx___sys_sendmsg+0x10/0x10
[  873.018071][T20830]  __do_fast_syscall_32+0xde/0x660
[  873.018096][T20830]  do_fast_syscall_32+0x32/0x70
[  873.018118][T20830]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  873.018139][T20830] RIP: 0023:0xf743d579
[  873.018154][T20830] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  873.018171][T20830] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  873.018194][T20830] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  873.018206][T20830] RDX: 0000000000048000 RSI: 0000000000000000 RDI: 0000000000000000
[  873.018216][T20830] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  873.018226][T20830] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  873.018236][T20830] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  873.018260][T20830]  </TASK>
[  873.174226][T20837] binder: 20836:20837 ioctl 4018620d 0 returned -22
[  873.177094][T20837] FAULT_INJECTION: forcing a failure.
[  873.177094][T20837] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  873.181573][T20837] CPU: 3 UID: 0 PID: 20837 Comm: syz.0.4279 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  873.181591][T20837] Tainted: [L]=SOFTLOCKUP
[  873.181595][T20837] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  873.181602][T20837] Call Trace:
[  873.181606][T20837]  <TASK>
[  873.181611][T20837]  dump_stack_lvl+0x100/0x190
[  873.181628][T20837]  should_fail_ex.cold+0x5/0xa
[  873.181648][T20837]  _copy_from_user+0x2e/0xd0
[  873.181666][T20837]  get_old_timespec32+0x82/0x130
[  873.181682][T20837]  ? __pfx_get_old_timespec32+0x10/0x10
[  873.181697][T20837]  ? __pfx_vfs_write+0x10/0x10
[  873.181709][T20837]  ? do_sys_openat2+0x186/0x220
[  873.181727][T20837]  do_compat_pselect+0x1be/0x2b0
[  873.181741][T20837]  ? __pfx_do_compat_pselect+0x10/0x10
[  873.181752][T20837]  ? __ia32_sys_futex_time32+0x2f4/0x470
[  873.181775][T20837]  __ia32_compat_sys_pselect6_time32+0x16c/0x1e0
[  873.181792][T20837]  __do_fast_syscall_32+0xde/0x660
[  873.181808][T20837]  do_fast_syscall_32+0x32/0x70
[  873.181822][T20837]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  873.181837][T20837] RIP: 0023:0xf747d579
[  873.181846][T20837] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  873.181857][T20837] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  873.181868][T20837] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000080000100
[  873.181896][T20837] RDX: 0000000000000000 RSI: 0000000080000240 RDI: 0000000080000280
[  873.181911][T20837] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  873.181922][T20837] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  873.181928][T20837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  873.181942][T20837]  </TASK>
[  873.386219][T20843] binder: 20842:20843 ioctl 4018620d 0 returned -22
[  873.555776][T20847] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  873.557954][T20847] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  873.561226][T20847] vhci_hcd vhci_hcd.0: Device attached
[  873.843725][ T6441] usb 40-1: SetAddress Request (22) to port 0
[  873.846497][ T6441] usb 40-1: new SuperSpeed USB device number 22 using vhci_hcd
[  873.965403][T20858] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4284'.
[  874.553158][T18452] usb 38-1: device descriptor read/8, error -110
[  874.954592][T18452] usb usb38-port1: attempt power cycle
[  875.094229][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  875.096821][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  875.365203][T20870] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4287'.
[  875.514482][T18452] usb usb38-port1: unable to enumerate USB device
[  875.548601][T20848] vhci_hcd: connection reset by peer
[  875.551094][   T73] vhci_hcd vhci_hcd.1: stop threads
[  875.553364][   T73] vhci_hcd vhci_hcd.1: release socket
[  875.557237][   T73] vhci_hcd vhci_hcd.1: disconnect device
[  875.695140][T20876] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  875.742761][T20877] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  875.745476][T20877] IPv6: NLM_F_CREATE should be set when creating new route
[  875.747779][T20877] IPv6: NLM_F_CREATE should be set when creating new route
[  876.736621][T20892] FAULT_INJECTION: forcing a failure.
[  876.736621][T20892] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  876.741879][T20892] CPU: 3 UID: 0 PID: 20892 Comm: syz.1.4295 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  876.741906][T20892] Tainted: [L]=SOFTLOCKUP
[  876.741912][T20892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  876.741923][T20892] Call Trace:
[  876.741929][T20892]  <TASK>
[  876.741936][T20892]  dump_stack_lvl+0x100/0x190
[  876.741962][T20892]  should_fail_ex.cold+0x5/0xa
[  876.741991][T20892]  _copy_from_user+0x2e/0xd0
[  876.742017][T20892]  get_compat_msghdr+0xb3/0x4b0
[  876.742042][T20892]  ? __pfx_get_compat_msghdr+0x10/0x10
[  876.742066][T20892]  ? __pfx_do_swap_page+0x10/0x10
[  876.742089][T20892]  ___sys_sendmsg+0x1b6/0x1e0
[  876.742111][T20892]  ? __pfx____sys_sendmsg+0x10/0x10
[  876.742131][T20892]  ? ___pte_offset_map+0x179/0x310
[  876.742186][T20892]  __sys_sendmsg+0x170/0x220
[  876.742212][T20892]  ? __pfx___sys_sendmsg+0x10/0x10
[  876.742251][T20892]  __do_fast_syscall_32+0xde/0x660
[  876.742276][T20892]  do_fast_syscall_32+0x32/0x70
[  876.742297][T20892]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  876.742317][T20892] RIP: 0023:0xf746d579
[  876.742331][T20892] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  876.742347][T20892] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  876.742363][T20892] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800008c0
[  876.742373][T20892] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  876.742383][T20892] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  876.742393][T20892] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  876.742403][T20892] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  876.742425][T20892]  </TASK>
[  876.918280][T20894] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4294'.
[  877.895758][T20920] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  878.913954][ T6441] usb 40-1: device descriptor read/8, error -110
[  879.311300][ T6441] usb usb40-port1: attempt power cycle
[  880.417698][T20944] FAULT_INJECTION: forcing a failure.
[  880.417698][T20944] name failslab, interval 1, probability 0, space 0, times 0
[  880.423155][T20944] CPU: 2 UID: 0 PID: 20944 Comm: syz.6.4309 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  880.423184][T20944] Tainted: [L]=SOFTLOCKUP
[  880.423191][T20944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  880.423205][T20944] Call Trace:
[  880.423212][T20944]  <TASK>
[  880.423220][T20944]  dump_stack_lvl+0x100/0x190
[  880.423257][T20944]  should_fail_ex.cold+0x5/0xa
[  880.423286][T20944]  should_failslab+0xc2/0x120
[  880.423312][T20944]  kmem_cache_alloc_noprof+0x83/0x780
[  880.423335][T20944]  ? vm_area_dup+0x27/0x8e0
[  880.423357][T20944]  ? vm_area_dup+0x27/0x8e0
[  880.423374][T20944]  vm_area_dup+0x27/0x8e0
[  880.423393][T20944]  __split_vma+0x18c/0xe30
[  880.423413][T20944]  ? __pfx___split_vma+0x10/0x10
[  880.423456][T20944]  vms_gather_munmap_vmas+0x3aa/0x1320
[  880.423480][T20944]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  880.423502][T20944]  ? mas_walk+0x6ef/0x9b0
[  880.423536][T20944]  __mmap_region+0x46e/0x2820
[  880.423558][T20944]  ? __lock_acquire+0x4a5/0x2630
[  880.423581][T20944]  ? __pfx___mmap_region+0x10/0x10
[  880.423612][T20944]  ? find_held_lock+0x2b/0x80
[  880.423628][T20944]  ? is_bpf_text_address+0x8a/0x1a0
[  880.423654][T20944]  ? is_bpf_text_address+0x8a/0x1a0
[  880.423680][T20944]  ? bpf_ksym_find+0x124/0x1c0
[  880.423702][T20944]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  880.423724][T20944]  ? is_bpf_text_address+0x94/0x1a0
[  880.423750][T20944]  ? kernel_text_address+0x8d/0x100
[  880.423820][T20944]  ? mm_get_unmapped_area_vmflags+0xd7/0x130
[  880.423856][T20944]  mmap_region+0x30a/0x3e0
[  880.423882][T20944]  do_mmap+0xc63/0x12f0
[  880.423914][T20944]  ? __pfx_do_mmap+0x10/0x10
[  880.423938][T20944]  ? __pfx_down_write_killable+0x10/0x10
[  880.423967][T20944]  vm_mmap_pgoff+0x29e/0x470
[  880.423996][T20944]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  880.424019][T20944]  ? __fget_files+0x215/0x3d0
[  880.424042][T20944]  ? __fget_files+0x21f/0x3d0
[  880.424081][T20944]  ksys_mmap_pgoff+0x328/0x5b0
[  880.424107][T20944]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  880.424134][T20944]  __do_fast_syscall_32+0xde/0x660
[  880.424157][T20944]  do_fast_syscall_32+0x32/0x70
[  880.424177][T20944]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  880.424198][T20944] RIP: 0023:0xf73fd579
[  880.424214][T20944] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  880.424231][T20944] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  880.424248][T20944] RAX: ffffffffffffffda RBX: 0000000080ffc000 RCX: 0000000000003000
[  880.424260][T20944] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004
[  880.424270][T20944] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  880.424281][T20944] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  880.424290][T20944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  880.424315][T20944]  </TASK>
[  880.554610][ T5941] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  880.559503][ T5941] CPU: 3 UID: 0 PID: 5941 Comm: kworker/u33:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  880.559540][ T5941] Tainted: [L]=SOFTLOCKUP
[  880.559548][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  880.559562][ T5941] Workqueue: hci1 hci_rx_work
[  880.559589][ T5941] Call Trace:
[  880.559596][ T5941]  <TASK>
[  880.559604][ T5941]  dump_stack_lvl+0x100/0x190
[  880.559632][ T5941]  sysfs_warn_dup.cold+0x1c/0x28
[  880.559658][ T5941]  sysfs_create_dir_ns+0x24b/0x2b0
[  880.559683][ T5941]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  880.559708][ T5941]  ? find_held_lock+0x2b/0x80
[  880.559729][ T5941]  ? kobject_add_internal+0x25f/0x930
[  880.559754][ T5941]  ? kobject_add_internal+0x25f/0x930
[  880.559782][ T5941]  ? do_raw_spin_unlock+0x145/0x1e0
[  880.559821][ T5941]  kobject_add_internal+0x2c8/0x930
[  880.559853][ T5941]  kobject_add+0x16a/0x1e0
[  880.559879][ T5941]  ? __pfx_kobject_add+0x10/0x10
[  880.559902][ T5941]  ? class_to_subsys+0x10f/0x150
[  880.559929][ T5941]  ? kobject_put+0xb9/0x640
[  880.559951][ T5941]  ? _raw_spin_unlock+0x28/0x50
[  880.559977][ T5941]  device_add+0x294/0x1950
[  880.560003][ T5941]  ? __pfx_dev_set_name+0x10/0x10
[  880.560033][ T5941]  ? __pfx_device_add+0x10/0x10
[  880.560059][ T5941]  ? mgmt_send_event_skb+0x2fb/0x460
[  880.560087][ T5941]  hci_conn_add_sysfs+0x1a3/0x260
[  880.560113][ T5941]  le_conn_complete_evt+0x11cb/0x1f40
[  880.560142][ T5941]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  880.560170][ T5941]  hci_le_conn_complete_evt+0x23c/0x3a0
[  880.560194][ T5941]  ? skb_pull_data+0x15f/0x1e0
[  880.560218][ T5941]  hci_le_meta_evt+0x34a/0x5f0
[  880.560240][ T5941]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  880.560265][ T5941]  hci_event_packet+0x682/0x11c0
[  880.560287][ T5941]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  880.560313][ T5941]  ? __pfx_hci_event_packet+0x10/0x10
[  880.560340][ T5941]  ? kcov_remote_start+0x374/0x660
[  880.560360][ T5941]  ? lockdep_hardirqs_on+0x78/0x100
[  880.560388][ T5941]  hci_rx_work+0x451/0xfc0
[  880.560417][ T5941]  process_one_work+0x9c2/0x1840
[  880.560458][ T5941]  ? __pfx_process_one_work+0x10/0x10
[  880.560493][ T5941]  ? assign_work+0x19c/0x250
[  880.560522][ T5941]  worker_thread+0x5da/0xe40
[  880.560560][ T5941]  ? kthread+0x17d/0x730
[  880.560584][ T5941]  ? __pfx_worker_thread+0x10/0x10
[  880.560610][ T5941]  kthread+0x3b3/0x730
[  880.560638][ T5941]  ? __pfx_kthread+0x10/0x10
[  880.560661][ T5941]  ? ret_from_fork+0x79/0xaf0
[  880.560678][ T5941]  ? ret_from_fork+0x79/0xaf0
[  880.560697][ T5941]  ? rcu_is_watching+0x12/0xc0
[  880.560716][ T5941]  ? __pfx_kthread+0x10/0x10
[  880.560739][ T5941]  ret_from_fork+0x754/0xaf0
[  880.560757][ T5941]  ? __pfx_ret_from_fork+0x10/0x10
[  880.560774][ T5941]  ? native_load_gs_index+0x1e/0xc0
[  880.560795][ T5941]  ? __switch_to+0x7b9/0x10c0
[  880.560826][ T5941]  ? __pfx_kthread+0x10/0x10
[  880.560853][ T5941]  ret_from_fork_asm+0x1a/0x30
[  880.560895][ T5941]  </TASK>
[  880.560921][ T5941] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  880.681864][ T6441] usb usb40-port1: unable to enumerate USB device
[  880.686106][ T5941] Bluetooth: hci1: failed to register connection device
[  882.842858][T20975] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4316'.
[  882.887341][T20976] FAULT_INJECTION: forcing a failure.
[  882.887341][T20976] name failslab, interval 1, probability 0, space 0, times 0
[  882.892717][T20976] CPU: 2 UID: 0 PID: 20976 Comm: syz.6.4317 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  882.892746][T20976] Tainted: [L]=SOFTLOCKUP
[  882.892754][T20976] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  882.892765][T20976] Call Trace:
[  882.892773][T20976]  <TASK>
[  882.892782][T20976]  dump_stack_lvl+0x100/0x190
[  882.892811][T20976]  should_fail_ex.cold+0x5/0xa
[  882.892842][T20976]  should_failslab+0xc2/0x120
[  882.892868][T20976]  ? tomoyo_realpath_from_path+0xb6/0x690
[  882.892887][T20976]  __kmalloc_noprof+0xf6/0x9c0
[  882.892914][T20976]  ? tomoyo_realpath_from_path+0xb6/0x690
[  882.892932][T20976]  tomoyo_realpath_from_path+0xb6/0x690
[  882.892969][T20976]  tomoyo_path_number_perm+0x23c/0x580
[  882.892996][T20976]  ? tomoyo_path_number_perm+0x22e/0x580
[  882.893029][T20976]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  882.893081][T20976]  ? find_held_lock+0x2b/0x80
[  882.893100][T20976]  ? hook_file_ioctl_common+0x146/0x410
[  882.893128][T20976]  ? __fget_files+0x215/0x3d0
[  882.893154][T20976]  ? __fget_files+0x21f/0x3d0
[  882.893179][T20976]  security_file_ioctl_compat+0xd3/0x230
[  882.893208][T20976]  __ia32_compat_sys_ioctl+0xc2/0x360
[  882.893241][T20976]  __do_fast_syscall_32+0xde/0x660
[  882.893268][T20976]  do_fast_syscall_32+0x32/0x70
[  882.893292][T20976]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  882.893315][T20976] RIP: 0023:0xf73fd579
[  882.893331][T20976] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  882.893349][T20976] RSP: 002b:00000000f53e450c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  882.893369][T20976] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000005402
[  882.893381][T20976] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  882.893393][T20976] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  882.893404][T20976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  882.893413][T20976] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  882.893451][T20976]  </TASK>
[  882.985880][T20976] ERROR: Out of memory at tomoyo_realpath_from_path.
[  884.862875][T20997] netlink: 'syz.1.4323': attribute type 21 has an invalid length.
[  885.543810][T21004] netlink: 'syz.5.4325': attribute type 13 has an invalid length.
[  885.548388][T21004] syzkaller0: entered promiscuous mode
[  885.550316][T21004] syzkaller0: entered allmulticast mode
[  886.356554][T21018] netlink: 'syz.5.4329': attribute type 21 has an invalid length.
[  886.833558][ T5941] Bluetooth: hci1: command 0x0406 tx timeout
[  887.422275][T21028] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4331'.
[  888.345414][T21040] FAULT_INJECTION: forcing a failure.
[  888.345414][T21040] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  888.360622][T21040] CPU: 0 UID: 0 PID: 21040 Comm: syz.0.4335 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  888.360644][T21040] Tainted: [L]=SOFTLOCKUP
[  888.360648][T21040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  888.360655][T21040] Call Trace:
[  888.360659][T21040]  <TASK>
[  888.360664][T21040]  dump_stack_lvl+0x100/0x190
[  888.360681][T21040]  should_fail_ex.cold+0x5/0xa
[  888.360700][T21040]  _copy_from_user+0x2e/0xd0
[  888.360724][T21040]  get_compat_msghdr+0xb3/0x4b0
[  888.360749][T21040]  ? __pfx_get_compat_msghdr+0x10/0x10
[  888.360774][T21040]  ? __pfx_do_swap_page+0x10/0x10
[  888.360801][T21040]  ___sys_sendmsg+0x1b6/0x1e0
[  888.360823][T21040]  ? __pfx____sys_sendmsg+0x10/0x10
[  888.360843][T21040]  ? ___pte_offset_map+0x179/0x310
[  888.360890][T21040]  __sys_sendmsg+0x170/0x220
[  888.360915][T21040]  ? __pfx___sys_sendmsg+0x10/0x10
[  888.360953][T21040]  __do_fast_syscall_32+0xde/0x660
[  888.360978][T21040]  do_fast_syscall_32+0x32/0x70
[  888.361001][T21040]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  888.361022][T21040] RIP: 0023:0xf747d579
[  888.361036][T21040] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  888.361053][T21040] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  888.361076][T21040] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[  888.361088][T21040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  888.361098][T21040] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  888.361108][T21040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  888.361117][T21040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  888.361142][T21040]  </TASK>
[  888.731728][T20017] udevd[20017]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  889.013784][  T843] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  889.165476][  T843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  889.169353][  T843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  889.173100][  T843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  889.178968][  T843] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  889.188135][  T843] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.197684][  T843] usb 5-1: config 0 descriptor??
[  889.453700][   T60] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  889.611990][   T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  889.620945][   T60] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  889.631038][   T60] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  889.643568][   T60] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  889.646557][   T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.664812][   T60] usb 6-1: config 0 descriptor??
[  889.673399][  T843] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  889.707522][T21059] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  889.710348][T21059] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  889.723685][T21059] vhci_hcd vhci_hcd.0: Device attached
[  889.982077][T21064] FAULT_INJECTION: forcing a failure.
[  889.982077][T21064] name failslab, interval 1, probability 0, space 0, times 0
[  889.987947][T21064] CPU: 1 UID: 0 PID: 21064 Comm: syz.0.4340 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  889.987976][T21064] Tainted: [L]=SOFTLOCKUP
[  889.987984][T21064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  889.987994][T21064] Call Trace:
[  889.988001][T21064]  <TASK>
[  889.988009][T21064]  dump_stack_lvl+0x100/0x190
[  889.988041][T21064]  should_fail_ex.cold+0x5/0xa
[  889.988070][T21064]  should_failslab+0xc2/0x120
[  889.988095][T21064]  ? tomoyo_realpath_from_path+0xb6/0x690
[  889.988114][T21064]  __kmalloc_noprof+0xf6/0x9c0
[  889.988141][T21064]  ? tomoyo_realpath_from_path+0xb6/0x690
[  889.988158][T21064]  tomoyo_realpath_from_path+0xb6/0x690
[  889.988182][T21064]  tomoyo_path_number_perm+0x23c/0x580
[  889.988206][T21064]  ? tomoyo_path_number_perm+0x22e/0x580
[  889.988234][T21064]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  889.988285][T21064]  ? find_held_lock+0x2b/0x80
[  889.988303][T21064]  ? hook_file_ioctl_common+0x146/0x410
[  889.988328][T21064]  ? __fget_files+0x215/0x3d0
[  889.988353][T21064]  ? __fget_files+0x21f/0x3d0
[  889.988377][T21064]  security_file_ioctl_compat+0xd3/0x230
[  889.988404][T21064]  __ia32_compat_sys_ioctl+0xc2/0x360
[  889.988436][T21064]  __do_fast_syscall_32+0xde/0x660
[  889.988461][T21064]  do_fast_syscall_32+0x32/0x70
[  889.988485][T21064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  889.988507][T21064] RIP: 0023:0xf747d579
[  889.988521][T21064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  889.988538][T21064] RSP: 002b:00000000f548550c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  889.988556][T21064] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000004805
[  889.988567][T21064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  889.988577][T21064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  889.988588][T21064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  889.988598][T21064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  889.988622][T21064]  </TASK>
[  889.988631][T21064] ERROR: Out of memory at tomoyo_realpath_from_path.
[  890.044105][T14079] usb 5-1: USB disconnect, device number 34
[  890.048530][  T843] usb 48-1: SetAddress Request (42) to port 0
[  890.075240][  T843] usb 48-1: new SuperSpeed USB device number 42 using vhci_hcd
[  890.086577][   T60] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  890.347200][T21061] vhci_hcd: connection reset by peer
[  890.349559][T14644] vhci_hcd vhci_hcd.5: stop threads
[  890.412476][T14644] vhci_hcd vhci_hcd.5: release socket
[  890.442281][ T6441] usb 6-1: USB disconnect, device number 47
[  890.442374][    C3] plantronics 0003:047F:FFFF.000D: usb_submit_urb(ctrl) failed: -19
[  890.553645][T14644] vhci_hcd vhci_hcd.5: disconnect device
[  890.607525][T21073] netlink: 'syz.6.4344': attribute type 21 has an invalid length.
[  891.196383][T21079] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  891.198846][T21079] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  891.201745][T21079] vhci_hcd vhci_hcd.0: Device attached
[  891.493828][   T60] usb 40-1: SetAddress Request (26) to port 0
[  891.496342][   T60] usb 40-1: new SuperSpeed USB device number 26 using vhci_hcd
[  891.913562][T21080] vhci_hcd: connection reset by peer
[  891.923769][   T73] vhci_hcd vhci_hcd.1: stop threads
[  891.925476][   T73] vhci_hcd vhci_hcd.1: release socket
[  891.927523][   T73] vhci_hcd vhci_hcd.1: disconnect device
[  892.130508][T18285] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  892.134982][T18285] CPU: 3 UID: 0 PID: 18285 Comm: kworker/u33:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  892.135018][T18285] Tainted: [L]=SOFTLOCKUP
[  892.135024][T18285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  892.135036][T18285] Workqueue: hci3 hci_rx_work
[  892.135062][T18285] Call Trace:
[  892.135069][T18285]  <TASK>
[  892.135076][T18285]  dump_stack_lvl+0x100/0x190
[  892.135100][T18285]  sysfs_warn_dup.cold+0x1c/0x28
[  892.135125][T18285]  sysfs_create_dir_ns+0x24b/0x2b0
[  892.135150][T18285]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  892.135172][T18285]  ? find_held_lock+0x2b/0x80
[  892.135189][T18285]  ? kobject_add_internal+0x25f/0x930
[  892.135215][T18285]  ? kobject_add_internal+0x25f/0x930
[  892.135241][T18285]  ? do_raw_spin_unlock+0x145/0x1e0
[  892.135269][T18285]  kobject_add_internal+0x2c8/0x930
[  892.135298][T18285]  kobject_add+0x16a/0x1e0
[  892.135321][T18285]  ? __pfx_kobject_add+0x10/0x10
[  892.135343][T18285]  ? class_to_subsys+0x10f/0x150
[  892.135373][T18285]  ? kobject_put+0xb9/0x640
[  892.135393][T18285]  ? _raw_spin_unlock+0x28/0x50
[  892.135417][T18285]  device_add+0x294/0x1950
[  892.135442][T18285]  ? __pfx_dev_set_name+0x10/0x10
[  892.135470][T18285]  ? __pfx_device_add+0x10/0x10
[  892.135495][T18285]  ? mgmt_send_event_skb+0x2fb/0x460
[  892.135523][T18285]  hci_conn_add_sysfs+0x1a3/0x260
[  892.135550][T18285]  le_conn_complete_evt+0x11cb/0x1f40
[  892.135579][T18285]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  892.135609][T18285]  hci_le_conn_complete_evt+0x23c/0x3a0
[  892.135632][T18285]  ? skb_pull_data+0x15f/0x1e0
[  892.135656][T18285]  hci_le_meta_evt+0x34a/0x5f0
[  892.135680][T18285]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  892.135705][T18285]  hci_event_packet+0x682/0x11c0
[  892.135727][T18285]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  892.135752][T18285]  ? __pfx_hci_event_packet+0x10/0x10
[  892.135775][T18285]  ? kcov_remote_start+0x374/0x660
[  892.135793][T18285]  ? lockdep_hardirqs_on+0x78/0x100
[  892.135819][T18285]  hci_rx_work+0x451/0xfc0
[  892.135846][T18285]  process_one_work+0x9c2/0x1840
[  892.135882][T18285]  ? __pfx_process_one_work+0x10/0x10
[  892.135917][T18285]  ? assign_work+0x19c/0x250
[  892.135945][T18285]  worker_thread+0x5da/0xe40
[  892.135978][T18285]  ? __pfx_worker_thread+0x10/0x10
[  892.136007][T18285]  ? kthread+0x17d/0x730
[  892.136037][T18285]  ? __pfx_worker_thread+0x10/0x10
[  892.136065][T18285]  kthread+0x3b3/0x730
[  892.136094][T18285]  ? __pfx_kthread+0x10/0x10
[  892.136119][T18285]  ? ret_from_fork+0x79/0xaf0
[  892.136137][T18285]  ? ret_from_fork+0x79/0xaf0
[  892.136155][T18285]  ? rcu_is_watching+0x12/0xc0
[  892.136174][T18285]  ? __pfx_kthread+0x10/0x10
[  892.136201][T18285]  ret_from_fork+0x754/0xaf0
[  892.136218][T18285]  ? __pfx_ret_from_fork+0x10/0x10
[  892.136238][T18285]  ? __switch_to+0x7b9/0x10c0
[  892.136261][T18285]  ? __pfx_kthread+0x10/0x10
[  892.136289][T18285]  ret_from_fork_asm+0x1a/0x30
[  892.136331][T18285]  </TASK>
[  892.136357][T18285] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  892.266197][T18285] Bluetooth: hci3: failed to register connection device
[  892.860635][T21114] FAULT_INJECTION: forcing a failure.
[  892.860635][T21114] name failslab, interval 1, probability 0, space 0, times 0
[  892.886242][T21114] CPU: 3 UID: 0 PID: 21114 Comm: syz.0.4355 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  892.886273][T21114] Tainted: [L]=SOFTLOCKUP
[  892.886279][T21114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  892.886289][T21114] Call Trace:
[  892.886296][T21114]  <TASK>
[  892.886304][T21114]  dump_stack_lvl+0x100/0x190
[  892.886331][T21114]  should_fail_ex.cold+0x5/0xa
[  892.886360][T21114]  should_failslab+0xc2/0x120
[  892.886384][T21114]  ? tomoyo_realpath_from_path+0xb6/0x690
[  892.886401][T21114]  __kmalloc_noprof+0xf6/0x9c0
[  892.886426][T21114]  ? tomoyo_realpath_from_path+0xb6/0x690
[  892.886444][T21114]  tomoyo_realpath_from_path+0xb6/0x690
[  892.886465][T21114]  tomoyo_path_number_perm+0x23c/0x580
[  892.886489][T21114]  ? tomoyo_path_number_perm+0x22e/0x580
[  892.886515][T21114]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  892.886564][T21114]  ? find_held_lock+0x2b/0x80
[  892.886581][T21114]  ? hook_file_ioctl_common+0x146/0x410
[  892.886605][T21114]  ? __fget_files+0x215/0x3d0
[  892.886629][T21114]  ? __fget_files+0x21f/0x3d0
[  892.886651][T21114]  security_file_ioctl_compat+0xd3/0x230
[  892.886678][T21114]  __ia32_compat_sys_ioctl+0xc2/0x360
[  892.886707][T21114]  __do_fast_syscall_32+0xde/0x660
[  892.886730][T21114]  do_fast_syscall_32+0x32/0x70
[  892.886752][T21114]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  892.886773][T21114] RIP: 0023:0xf747d579
[  892.886787][T21114] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  892.886804][T21114] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  892.886820][T21114] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c03864bc
[  892.886832][T21114] RDX: 0000000080000580 RSI: 0000000000000000 RDI: 0000000000000000
[  892.886841][T21114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  892.886852][T21114] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  892.886862][T21114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  892.886885][T21114]  </TASK>
[  892.886893][T21114] ERROR: Out of memory at tomoyo_realpath_from_path.
[  894.631526][T21128] FAULT_INJECTION: forcing a failure.
[  894.631526][T21128] name failslab, interval 1, probability 0, space 0, times 0
[  894.637595][T21128] CPU: 0 UID: 0 PID: 21128 Comm: syz.6.4360 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  894.637635][T21128] Tainted: [L]=SOFTLOCKUP
[  894.637639][T21128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  894.637646][T21128] Call Trace:
[  894.637651][T21128]  <TASK>
[  894.637657][T21128]  dump_stack_lvl+0x100/0x190
[  894.637710][T21128]  should_fail_ex.cold+0x5/0xa
[  894.637741][T21128]  should_failslab+0xc2/0x120
[  894.637763][T21128]  kmem_cache_alloc_node_noprof+0x8c/0x880
[  894.637779][T21128]  ? __alloc_skb+0x156/0x410
[  894.637797][T21128]  ? __alloc_skb+0x156/0x410
[  894.637811][T21128]  __alloc_skb+0x156/0x410
[  894.637825][T21128]  ? __alloc_skb+0x35d/0x410
[  894.637840][T21128]  ? __pfx___alloc_skb+0x10/0x10
[  894.637854][T21128]  ? __schedule+0xff6/0x5e10
[  894.637865][T21128]  ? aa_label_sk_perm+0xd0/0x5f0
[  894.637887][T21128]  alloc_skb_with_frags+0xe0/0x810
[  894.637901][T21128]  sock_alloc_send_pskb+0x801/0x980
[  894.637917][T21128]  ? rcu_is_watching+0x12/0xc0
[  894.637933][T21128]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  894.637959][T21128]  ? hci_sock_sendmsg+0x118/0x2620
[  894.637985][T21128]  hci_sock_sendmsg+0x1c7/0x2620
[  894.638012][T21128]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  894.638036][T21128]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  894.638064][T21128]  sock_write_iter+0x566/0x610
[  894.638084][T21128]  ? __pfx_sock_write_iter+0x10/0x10
[  894.638103][T21128]  ? bpf_lsm_file_permission+0x9/0x10
[  894.638119][T21128]  ? security_file_permission+0x76/0x210
[  894.638137][T21128]  ? rw_verify_area+0xce/0x6d0
[  894.638150][T21128]  vfs_write+0x6ac/0x1070
[  894.638163][T21128]  ? __pfx_sock_write_iter+0x10/0x10
[  894.638176][T21128]  ? __pfx_vfs_write+0x10/0x10
[  894.638187][T21128]  ? find_held_lock+0x2b/0x80
[  894.638207][T21128]  ksys_write+0x1f8/0x250
[  894.638219][T21128]  ? __pfx_ksys_write+0x10/0x10
[  894.638232][T21128]  ? __pfx_ksys_write+0x10/0x10
[  894.638247][T21128]  __do_fast_syscall_32+0xde/0x660
[  894.638263][T21128]  do_fast_syscall_32+0x32/0x70
[  894.638277][T21128]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  894.638292][T21128] RIP: 0023:0xf73fd579
[  894.638301][T21128] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  894.638311][T21128] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  894.638323][T21128] RAX: ffffffffffffffda RBX: 0000000000000014 RCX: 0000000080000000
[  894.638330][T21128] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[  894.638336][T21128] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  894.638343][T21128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  894.638349][T21128] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  894.638363][T21128]  </TASK>
[  894.960720][T21123] binder: 21122:21123 ioctl c0306201 80000280 returned -14
[  895.067285][T21130] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  895.153583][  T843] usb 48-1: device descriptor read/8, error -110
[  895.326158][T21145] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  895.442122][T21150] FAULT_INJECTION: forcing a failure.
[  895.442122][T21150] name failslab, interval 1, probability 0, space 0, times 0
[  895.446430][T21150] CPU: 3 UID: 0 PID: 21150 Comm: syz.1.4365 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  895.446449][T21150] Tainted: [L]=SOFTLOCKUP
[  895.446453][T21150] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  895.446460][T21150] Call Trace:
[  895.446465][T21150]  <TASK>
[  895.446470][T21150]  dump_stack_lvl+0x100/0x190
[  895.446488][T21150]  should_fail_ex.cold+0x5/0xa
[  895.446507][T21150]  should_failslab+0xc2/0x120
[  895.446524][T21150]  ? tomoyo_realpath_from_path+0xb6/0x690
[  895.446536][T21150]  __kmalloc_noprof+0xf6/0x9c0
[  895.446551][T21150]  ? tomoyo_realpath_from_path+0xb6/0x690
[  895.446562][T21150]  tomoyo_realpath_from_path+0xb6/0x690
[  895.446577][T21150]  tomoyo_path_number_perm+0x23c/0x580
[  895.446593][T21150]  ? tomoyo_path_number_perm+0x22e/0x580
[  895.446610][T21150]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  895.446641][T21150]  ? find_held_lock+0x2b/0x80
[  895.446651][T21150]  ? hook_file_ioctl_common+0x146/0x410
[  895.446668][T21150]  ? __fget_files+0x215/0x3d0
[  895.446682][T21150]  ? __fget_files+0x21f/0x3d0
[  895.446696][T21150]  security_file_ioctl_compat+0xd3/0x230
[  895.446715][T21150]  __ia32_compat_sys_ioctl+0xc2/0x360
[  895.446736][T21150]  __do_fast_syscall_32+0xde/0x660
[  895.446753][T21150]  do_fast_syscall_32+0x32/0x70
[  895.446767][T21150]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  895.446781][T21150] RIP: 0023:0xf746d579
[  895.446791][T21150] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  895.446802][T21150] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  895.446813][T21150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c06864a2
[  895.446820][T21150] RDX: 0000000080000580 RSI: 0000000000000000 RDI: 0000000000000000
[  895.446827][T21150] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  895.446834][T21150] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  895.446840][T21150] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  895.446854][T21150]  </TASK>
[  895.446859][T21150] ERROR: Out of memory at tomoyo_realpath_from_path.
[  895.681018][  T843] usb usb48-port1: attempt power cycle
[  895.869267][T21157] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  895.871845][T21157] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  895.879358][T21157] vhci_hcd vhci_hcd.0: Device attached
[  895.991936][T21157] smc: net device ip6_vti0 applied user defined pnetid SYZ1
[  896.326464][  T843] usb usb48-port1: unable to enumerate USB device
[  896.353894][T14079] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  896.568650][T14079] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  896.572181][T14079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  896.577008][T14079] usb 5-1: Product: syz
[  896.580462][T14079] usb 5-1: Manufacturer: syz
[  896.582912][T14079] usb 5-1: SerialNumber: syz
[  896.607048][T14079] usb 5-1: config 0 descriptor??
[  896.647156][T21158] vhci_hcd: connection reset by peer
[  896.650488][T14644] vhci_hcd vhci_hcd.1: stop threads
[  896.652759][T14644] vhci_hcd vhci_hcd.1: release socket
[  896.656038][T14644] vhci_hcd vhci_hcd.1: disconnect device
[  896.672362][   T60] usb 40-1: device descriptor read/8, error -110
[  896.954159][T18452] usb 5-1: USB disconnect, device number 35
[  897.026652][T19262] udevd[19262]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  897.094272][   T60] usb usb40-port1: attempt power cycle
[  897.339431][T21173] FAULT_INJECTION: forcing a failure.
[  897.339431][T21173] name failslab, interval 1, probability 0, space 0, times 0
[  897.347154][T21173] CPU: 0 UID: 0 PID: 21173 Comm: syz.1.4372 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  897.347181][T21173] Tainted: [L]=SOFTLOCKUP
[  897.347188][T21173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  897.347199][T21173] Call Trace:
[  897.347205][T21173]  <TASK>
[  897.347211][T21173]  dump_stack_lvl+0x100/0x190
[  897.347235][T21173]  should_fail_ex.cold+0x5/0xa
[  897.347264][T21173]  should_failslab+0xc2/0x120
[  897.347284][T21173]  ? tomoyo_realpath_from_path+0xb6/0x690
[  897.347300][T21173]  __kmalloc_noprof+0xf6/0x9c0
[  897.347326][T21173]  ? tomoyo_realpath_from_path+0xb6/0x690
[  897.347343][T21173]  tomoyo_realpath_from_path+0xb6/0x690
[  897.347366][T21173]  tomoyo_path_number_perm+0x23c/0x580
[  897.347390][T21173]  ? tomoyo_path_number_perm+0x22e/0x580
[  897.347414][T21173]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  897.347461][T21173]  ? find_held_lock+0x2b/0x80
[  897.347477][T21173]  ? hook_file_ioctl_common+0x146/0x410
[  897.347498][T21173]  ? __fget_files+0x215/0x3d0
[  897.347524][T21173]  ? __fget_files+0x21f/0x3d0
[  897.347548][T21173]  security_file_ioctl_compat+0xd3/0x230
[  897.347577][T21173]  __ia32_compat_sys_ioctl+0xc2/0x360
[  897.347609][T21173]  __do_fast_syscall_32+0xde/0x660
[  897.347635][T21173]  do_fast_syscall_32+0x32/0x70
[  897.347656][T21173]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  897.347678][T21173] RIP: 0023:0xf746d579
[  897.347694][T21173] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  897.347711][T21173] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  897.347730][T21173] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400c4d19
[  897.347741][T21173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  897.347752][T21173] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  897.347762][T21173] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  897.347770][T21173] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  897.347791][T21173]  </TASK>
[  897.347799][T21173] ERROR: Out of memory at tomoyo_realpath_from_path.
[  897.707591][   T60] usb usb40-port1: unable to enumerate USB device
[  898.308444][T19262] udevd[19262]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  898.443921][T18285] Bluetooth: hci3: command 0x0406 tx timeout
[  900.473915][T21201] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  900.483241][T21213] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4380'.
[  900.487037][T21201] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  900.613953][T21201] batman_adv: batadv0: Interface deactivated: gretap2
[  900.727381][T14104] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  900.736072][T14104] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  900.738930][T14104] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  900.742190][T14104] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.399954][T21225] FAULT_INJECTION: forcing a failure.
[  901.399954][T21225] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  901.406021][T21225] CPU: 1 UID: 0 PID: 21225 Comm: syz.5.4383 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  901.406041][T21225] Tainted: [L]=SOFTLOCKUP
[  901.406045][T21225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  901.406052][T21225] Call Trace:
[  901.406057][T21225]  <TASK>
[  901.406061][T21225]  dump_stack_lvl+0x100/0x190
[  901.406079][T21225]  should_fail_ex.cold+0x5/0xa
[  901.406098][T21225]  _copy_from_user+0x2e/0xd0
[  901.406116][T21225]  get_compat_msghdr+0xb3/0x4b0
[  901.406133][T21225]  ? __pfx_get_compat_msghdr+0x10/0x10
[  901.406150][T21225]  ? __pfx_do_swap_page+0x10/0x10
[  901.406166][T21225]  ___sys_sendmsg+0x1b6/0x1e0
[  901.406181][T21225]  ? __pfx____sys_sendmsg+0x10/0x10
[  901.406194][T21225]  ? ___pte_offset_map+0x179/0x310
[  901.406224][T21225]  __sys_sendmsg+0x170/0x220
[  901.406241][T21225]  ? __pfx___sys_sendmsg+0x10/0x10
[  901.406266][T21225]  __do_fast_syscall_32+0xde/0x660
[  901.406283][T21225]  do_fast_syscall_32+0x32/0x70
[  901.406297][T21225]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  901.406311][T21225] RIP: 0023:0xf743d579
[  901.406321][T21225] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  901.406332][T21225] RSP: 002b:00000000f546650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  901.406343][T21225] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  901.406351][T21225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  901.406357][T21225] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  901.406363][T21225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  901.406370][T21225] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  901.406383][T21225]  </TASK>
[  901.763606][ T6024] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[  902.029558][ T6024] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  902.034771][ T6024] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  902.040613][ T6024] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  902.044429][ T6024] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  902.069538][ T6024] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  902.073746][ T6024] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  902.077125][ T6024] usb 10-1: Product: syz
[  902.078981][ T6024] usb 10-1: Manufacturer: syz
[  902.081037][ T6024] usb 10-1: SerialNumber: syz
[  902.141170][T21227] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  903.413595][ T6024] cdc_mbim 10-1:1.0: skipping garbage
[  903.540966][T21227] tipc: Started in network mode
[  903.543080][T21227] tipc: Node identity ac14140f, cluster identity 4711
[  903.571027][T21227] tipc: New replicast peer: 255.255.255.255
[  903.583575][T21227] tipc: Enabled bearer <udp:syz2>, priority 10
[  903.591067][T21227] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  903.598913][T21227] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  904.217250][T21253] x_tables: duplicate underflow at hook 1
[  904.351307][T21227] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  904.358289][T21227] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  904.364282][ T6024] cdc_mbim 10-1:1.0: setting tx_max = 48
[  904.367453][ T6024] cdc_mbim 10-1:1.0: cdc-wdm0: USB WDM device
[  904.377590][ T6024] wwan wwan0: port wwan0mbim0 attached
[  904.401741][ T6024] cdc_mbim 10-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, 5a:39:e4:df:c6:86
[  904.591105][ T6024] usb 10-1: USB disconnect, device number 5
[  904.611814][ T6024] cdc_mbim 10-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM
[  904.712930][ T6441] tipc: Node number set to 2886997007
[  904.776554][ T6024] wwan wwan0: port wwan0mbim0 disconnected
[  904.990965][T21262] netlink: 'syz.6.4393': attribute type 21 has an invalid length.
[  905.931004][T21272] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  906.071441][T21274] sctp: [Deprecated]: syz.0.4399 (pid 21274) Use of int in max_burst socket option deprecated.
[  906.071441][T21274] Use struct sctp_assoc_value instead
[  906.091846][T21274] f2fs: Unknown parameter 'usrquotaq	'
[  906.540334][T21289] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4403'.
[  907.522963][T21305] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4408'.
[  907.527040][T21305] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4408'.
[  907.686431][T21307] FAULT_INJECTION: forcing a failure.
[  907.686431][T21307] name failslab, interval 1, probability 0, space 0, times 0
[  907.690903][T21307] CPU: 2 UID: 0 PID: 21307 Comm: syz.5.4407 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  907.690929][T21307] Tainted: [L]=SOFTLOCKUP
[  907.690933][T21307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  907.690939][T21307] Call Trace:
[  907.690944][T21307]  <TASK>
[  907.690950][T21307]  dump_stack_lvl+0x100/0x190
[  907.690967][T21307]  should_fail_ex.cold+0x5/0xa
[  907.690986][T21307]  should_failslab+0xc2/0x120
[  907.691003][T21307]  __kmalloc_cache_noprof+0x80/0x810
[  907.691015][T21307]  ? snd_pcm_oss_change_params_locked+0x1db/0x39f0
[  907.691033][T21307]  ? snd_pcm_oss_change_params_locked+0x1db/0x39f0
[  907.691047][T21307]  snd_pcm_oss_change_params_locked+0x1db/0x39f0
[  907.691065][T21307]  ? __mutex_lock+0x26a/0x1b90
[  907.691080][T21307]  ? snd_pcm_oss_write+0x49a/0xa30
[  907.691095][T21307]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  907.691111][T21307]  ? __pfx___mutex_lock+0x10/0x10
[  907.691130][T21307]  ? find_held_lock+0x2b/0x80
[  907.691141][T21307]  ? get_pid_task+0xfc/0x250
[  907.691157][T21307]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  907.691173][T21307]  snd_pcm_oss_write+0x4bb/0xa30
[  907.691187][T21307]  ? bpf_lsm_file_permission+0x9/0x10
[  907.691204][T21307]  ? security_file_permission+0x76/0x210
[  907.691225][T21307]  vfs_write+0x2aa/0x1070
[  907.691239][T21307]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  907.691255][T21307]  ? __pfx_vfs_write+0x10/0x10
[  907.691266][T21307]  ? find_held_lock+0x2b/0x80
[  907.691277][T21307]  ? __fget_files+0x215/0x3d0
[  907.691288][T21307]  ? __fget_files+0x215/0x3d0
[  907.691303][T21307]  ? __fget_files+0x21f/0x3d0
[  907.691318][T21307]  ksys_write+0x12a/0x250
[  907.691331][T21307]  ? __pfx_ksys_write+0x10/0x10
[  907.691343][T21307]  ? __pfx_ksys_write+0x10/0x10
[  907.691359][T21307]  __do_fast_syscall_32+0xde/0x660
[  907.691374][T21307]  do_fast_syscall_32+0x32/0x70
[  907.691389][T21307]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  907.691403][T21307] RIP: 0023:0xf743d579
[  907.691413][T21307] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  907.691424][T21307] RSP: 002b:00000000f530350c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  907.691435][T21307] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002000
[  907.691442][T21307] RDX: 0000000000088020 RSI: 0000000000000000 RDI: 0000000000000000
[  907.691449][T21307] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  907.691455][T21307] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  907.691462][T21307] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  907.691476][T21307]  </TASK>
[  909.197969][T21343] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  909.733584][ T5941] Bluetooth: hci3: command 0x0406 tx timeout
[  910.103106][T21349] fuse: Unknown parameter '0xffffffffffffffff'
[  911.121307][T21356] FAULT_INJECTION: forcing a failure.
[  911.121307][T21356] name failslab, interval 1, probability 0, space 0, times 0
[  911.126844][T21356] CPU: 2 UID: 0 PID: 21356 Comm: syz.6.4422 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  911.126871][T21356] Tainted: [L]=SOFTLOCKUP
[  911.126876][T21356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  911.126886][T21356] Call Trace:
[  911.126892][T21356]  <TASK>
[  911.126898][T21356]  dump_stack_lvl+0x100/0x190
[  911.126924][T21356]  should_fail_ex.cold+0x5/0xa
[  911.126953][T21356]  should_failslab+0xc2/0x120
[  911.126977][T21356]  ? tomoyo_realpath_from_path+0xb6/0x690
[  911.126994][T21356]  __kmalloc_noprof+0xf6/0x9c0
[  911.127018][T21356]  ? tomoyo_realpath_from_path+0xb6/0x690
[  911.127034][T21356]  tomoyo_realpath_from_path+0xb6/0x690
[  911.127056][T21356]  tomoyo_path_number_perm+0x23c/0x580
[  911.127079][T21356]  ? tomoyo_path_number_perm+0x22e/0x580
[  911.127104][T21356]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  911.127152][T21356]  ? find_held_lock+0x2b/0x80
[  911.127171][T21356]  ? hook_file_ioctl_common+0x146/0x410
[  911.127196][T21356]  ? __fget_files+0x215/0x3d0
[  911.127218][T21356]  ? __fget_files+0x21f/0x3d0
[  911.127240][T21356]  security_file_ioctl_compat+0xd3/0x230
[  911.127268][T21356]  __ia32_compat_sys_ioctl+0xc2/0x360
[  911.127298][T21356]  __do_fast_syscall_32+0xde/0x660
[  911.127323][T21356]  do_fast_syscall_32+0x32/0x70
[  911.127343][T21356]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  911.127364][T21356] RIP: 0023:0xf73fd579
[  911.127379][T21356] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  911.127395][T21356] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  911.127413][T21356] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[  911.127423][T21356] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  911.127433][T21356] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  911.127444][T21356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  911.127454][T21356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  911.127476][T21356]  </TASK>
[  911.127485][T21356] ERROR: Out of memory at tomoyo_realpath_from_path.
[  912.322199][T21378] FAULT_INJECTION: forcing a failure.
[  912.322199][T21378] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  912.328715][T21378] CPU: 1 UID: 0 PID: 21378 Comm: syz.1.4428 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  912.328745][T21378] Tainted: [L]=SOFTLOCKUP
[  912.328753][T21378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  912.328763][T21378] Call Trace:
[  912.328769][T21378]  <TASK>
[  912.328777][T21378]  dump_stack_lvl+0x100/0x190
[  912.328804][T21378]  should_fail_ex.cold+0x5/0xa
[  912.328833][T21378]  _copy_from_user+0x2e/0xd0
[  912.328860][T21378]  __sys_bpf+0x243/0x5050
[  912.328888][T21378]  ? __pfx___sys_bpf+0x10/0x10
[  912.328908][T21378]  ? proc_fail_nth_write+0x9f/0x220
[  912.328931][T21378]  ? find_held_lock+0x2b/0x80
[  912.328954][T21378]  ? find_held_lock+0x2b/0x80
[  912.328972][T21378]  ? ksys_write+0x190/0x250
[  912.328997][T21378]  ? __mutex_unlock_slowpath+0x15c/0x790
[  912.329033][T21378]  ? fput+0x79/0x100
[  912.329057][T21378]  ? ksys_write+0x1ac/0x250
[  912.329081][T21378]  __ia32_sys_bpf+0x79/0xf0
[  912.329101][T21378]  ? lockdep_hardirqs_on+0x78/0x100
[  912.329119][T21378]  __do_fast_syscall_32+0xde/0x660
[  912.329144][T21378]  do_fast_syscall_32+0x32/0x70
[  912.329165][T21378]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  912.329185][T21378] RIP: 0023:0xf746d579
[  912.329199][T21378] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  912.329290][T21378] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  912.329326][T21378] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000800002c0
[  912.329337][T21378] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  912.329349][T21378] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  912.329359][T21378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  912.329369][T21378] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  912.329389][T21378]  </TASK>
[  912.596333][T21381] AppArmor: change_hat: Invalid input, NULL hat and NULL magic
[  912.596709][T21382] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  912.601221][T21382] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  912.614449][T21382] vhci_hcd vhci_hcd.0: Device attached
[  913.000033][T18452] usb 40-1: SetAddress Request (30) to port 0
[  913.260165][T21383] vhci_hcd: connection closed
[  913.266167][T14104] vhci_hcd vhci_hcd.1: stop threads
[  913.271029][T14104] vhci_hcd vhci_hcd.1: release socket
[  913.276191][T14104] vhci_hcd vhci_hcd.1: disconnect device
[  913.374126][T21407] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  913.409613][T18452] usb 40-1: new SuperSpeed USB device number 30 using vhci_hcd
[  913.658804][T18452] usb 40-1: enqueue for inactive port 0
[  914.130888][T21420] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  914.786411][T18452] usb usb40-port1: attempt power cycle
[  914.961932][T21433] FAULT_INJECTION: forcing a failure.
[  914.961932][T21433] name failslab, interval 1, probability 0, space 0, times 0
[  914.971413][T21433] CPU: 3 UID: 0 PID: 21433 Comm: syz.6.4440 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  914.971444][T21433] Tainted: [L]=SOFTLOCKUP
[  914.971450][T21433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  914.971459][T21433] Call Trace:
[  914.971466][T21433]  <TASK>
[  914.971473][T21433]  dump_stack_lvl+0x100/0x190
[  914.971498][T21433]  should_fail_ex.cold+0x5/0xa
[  914.971526][T21433]  should_failslab+0xc2/0x120
[  914.971552][T21433]  kmem_cache_alloc_noprof+0x83/0x780
[  914.971575][T21433]  ? getname_flags.part.0+0x4c/0x540
[  914.971605][T21433]  ? getname_flags.part.0+0x4c/0x540
[  914.971627][T21433]  ? ksys_write+0x1ac/0x250
[  914.971646][T21433]  getname_flags.part.0+0x4c/0x540
[  914.971674][T21433]  __ia32_sys_rename+0xe3/0x210
[  914.971701][T21433]  __do_fast_syscall_32+0xde/0x660
[  914.971726][T21433]  do_fast_syscall_32+0x32/0x70
[  914.971746][T21433]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  914.971769][T21433] RIP: 0023:0xf73fd579
[  914.971783][T21433] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  914.971801][T21433] RSP: 002b:00000000f53e450c EFLAGS: 00000292 ORIG_RAX: 0000000000000026
[  914.971818][T21433] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000080000140
[  914.971828][T21433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  914.971843][T21433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  914.971852][T21433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  914.971862][T21433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  914.971885][T21433]  </TASK>
[  915.440807][T21447] FAULT_INJECTION: forcing a failure.
[  915.440807][T21447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  915.446141][T21447] CPU: 2 UID: 0 PID: 21447 Comm: syz.1.4445 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  915.446160][T21447] Tainted: [L]=SOFTLOCKUP
[  915.446164][T21447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  915.446171][T21447] Call Trace:
[  915.446175][T21447]  <TASK>
[  915.446180][T21447]  dump_stack_lvl+0x100/0x190
[  915.446197][T21447]  should_fail_ex.cold+0x5/0xa
[  915.446216][T21447]  _copy_from_user+0x2e/0xd0
[  915.446235][T21447]  do_ipv6_setsockopt+0x74d/0x4400
[  915.446250][T21447]  ? __pfx_do_ipv6_setsockopt+0x10/0x10
[  915.446260][T21447]  ? aa_label_sk_perm+0x194/0x5f0
[  915.446280][T21447]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  915.446302][T21447]  ? find_held_lock+0x2b/0x80
[  915.446314][T21447]  ? get_pid_task+0xfc/0x250
[  915.446328][T21447]  ? get_pid_task+0xfc/0x250
[  915.446346][T21447]  ? __pfx___might_resched+0x10/0x10
[  915.446364][T21447]  ? __lock_acquire+0x4a5/0x2630
[  915.446380][T21447]  ? aa_sk_perm+0x2de/0xb40
[  915.446397][T21447]  ? ipv6_setsockopt+0xcb/0x170
[  915.446407][T21447]  ipv6_setsockopt+0xcb/0x170
[  915.446419][T21447]  rawv6_setsockopt+0xee/0x5a0
[  915.446436][T21447]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  915.446453][T21447]  ? aa_sock_opt_perm+0xfe/0x1b0
[  915.446466][T21447]  ? sock_common_setsockopt+0x2e/0xf0
[  915.446478][T21447]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  915.446490][T21447]  do_sock_setsockopt+0xf3/0x1d0
[  915.446504][T21447]  __sys_setsockopt+0x119/0x190
[  915.446524][T21447]  __ia32_sys_setsockopt+0xbc/0x160
[  915.446540][T21447]  ? __do_fast_syscall_32+0x97/0x660
[  915.446555][T21447]  ? lockdep_hardirqs_on+0x78/0x100
[  915.446568][T21447]  __do_fast_syscall_32+0xde/0x660
[  915.446583][T21447]  do_fast_syscall_32+0x32/0x70
[  915.446598][T21447]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  915.446612][T21447] RIP: 0023:0xf746d579
[  915.446621][T21447] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  915.446632][T21447] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  915.446645][T21447] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000029
[  915.446655][T21447] RDX: 00000000000000cc RSI: 0000000080000280 RDI: 000000000000005c
[  915.446665][T21447] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  915.446674][T21447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  915.446680][T21447] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  915.446694][T21447]  </TASK>
[  915.576495][T21441] netlink: 'syz.0.4442': attribute type 21 has an invalid length.
[  916.033719][T18452] usb usb40-port1: unable to enumerate USB device
[  916.140821][T21457] FAULT_INJECTION: forcing a failure.
[  916.140821][T21457] name failslab, interval 1, probability 0, space 0, times 0
[  916.147862][T21457] CPU: 3 UID: 0 PID: 21457 Comm: syz.6.4448 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  916.147890][T21457] Tainted: [L]=SOFTLOCKUP
[  916.147897][T21457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  916.147908][T21457] Call Trace:
[  916.147914][T21457]  <TASK>
[  916.147924][T21457]  dump_stack_lvl+0x100/0x190
[  916.147949][T21457]  should_fail_ex.cold+0x5/0xa
[  916.147978][T21457]  should_failslab+0xc2/0x120
[  916.148002][T21457]  ? tomoyo_realpath_from_path+0xb6/0x690
[  916.148020][T21457]  __kmalloc_noprof+0xf6/0x9c0
[  916.148064][T21457]  ? tomoyo_realpath_from_path+0xb6/0x690
[  916.148082][T21457]  tomoyo_realpath_from_path+0xb6/0x690
[  916.148106][T21457]  tomoyo_path_number_perm+0x23c/0x580
[  916.148130][T21457]  ? tomoyo_path_number_perm+0x22e/0x580
[  916.148157][T21457]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  916.148208][T21457]  ? find_held_lock+0x2b/0x80
[  916.148225][T21457]  ? hook_file_ioctl_common+0x146/0x410
[  916.148250][T21457]  ? __fget_files+0x215/0x3d0
[  916.148274][T21457]  ? __fget_files+0x21f/0x3d0
[  916.148296][T21457]  security_file_ioctl_compat+0xd3/0x230
[  916.148323][T21457]  __ia32_compat_sys_ioctl+0xc2/0x360
[  916.148355][T21457]  __do_fast_syscall_32+0xde/0x660
[  916.148382][T21457]  do_fast_syscall_32+0x32/0x70
[  916.148402][T21457]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  916.148423][T21457] RIP: 0023:0xf73fd579
[  916.148438][T21457] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  916.148454][T21457] RSP: 002b:00000000f542650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  916.148470][T21457] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0184d16
[  916.148481][T21457] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  916.148491][T21457] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  916.148501][T21457] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  916.148511][T21457] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  916.148536][T21457]  </TASK>
[  916.148700][T21457] ERROR: Out of memory at tomoyo_realpath_from_path.
[  916.462384][T21464] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  916.983670][T21481] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  917.015048][ T6441] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  917.203535][ T6441] usb 5-1: Using ep0 maxpacket: 32
[  917.207819][ T6441] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  917.213242][ T6441] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  917.220441][ T6441] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  917.230258][ T6441] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  917.237531][ T6441] usb 5-1: config 0 interface 0 has no altsetting 0
[  917.241681][ T6441] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  917.244965][ T6441] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  917.248392][ T6441] usb 5-1: Product: syz
[  917.250196][ T6441] usb 5-1: Manufacturer: syz
[  917.256652][ T6441] usb 5-1: SerialNumber: syz
[  917.262694][ T6441] usb 5-1: config 0 descriptor??
[  917.269626][ T6441] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  917.274131][ T6441] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  917.490992][ T6441] usb 5-1: USB disconnect, device number 36
[  917.499169][ T6441] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  919.769015][T21546] netlink: 'syz.1.4459': attribute type 11 has an invalid length.
[  919.786351][T21546] FAULT_INJECTION: forcing a failure.
[  919.786351][T21546] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.802715][T21546] CPU: 3 UID: 0 PID: 21546 Comm: syz.1.4459 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  919.802740][T21546] Tainted: [L]=SOFTLOCKUP
[  919.802744][T21546] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  919.802751][T21546] Call Trace:
[  919.802755][T21546]  <TASK>
[  919.802762][T21546]  dump_stack_lvl+0x100/0x190
[  919.802787][T21546]  should_fail_ex.cold+0x5/0xa
[  919.802811][T21546]  _copy_from_user+0x2e/0xd0
[  919.802837][T21546]  get_compat_msghdr+0xb3/0x4b0
[  919.802863][T21546]  ? __pfx_get_compat_msghdr+0x10/0x10
[  919.802895][T21546]  ___sys_sendmsg+0x1b6/0x1e0
[  919.802919][T21546]  ? __pfx____sys_sendmsg+0x10/0x10
[  919.802952][T21546]  __sys_sendmsg+0x170/0x220
[  919.802970][T21546]  ? __pfx___sys_sendmsg+0x10/0x10
[  919.802993][T21546]  ? __pfx_ksys_write+0x10/0x10
[  919.803016][T21546]  __do_fast_syscall_32+0xde/0x660
[  919.803042][T21546]  do_fast_syscall_32+0x32/0x70
[  919.803060][T21546]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  919.803080][T21546] RIP: 0023:0xf746d579
[  919.803097][T21546] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  919.803113][T21546] RSP: 002b:00000000f549650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  919.803132][T21546] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000e40
[  919.803141][T21546] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  919.803150][T21546] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  919.803160][T21546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  919.803172][T21546] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  919.803196][T21546]  </TASK>
[  920.170399][T21558] FAULT_INJECTION: forcing a failure.
[  920.170399][T21558] name failslab, interval 1, probability 0, space 0, times 0
[  920.175789][T21558] CPU: 1 UID: 0 PID: 21558 Comm: syz.1.4461 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  920.175830][T21558] Tainted: [L]=SOFTLOCKUP
[  920.175837][T21558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  920.175848][T21558] Call Trace:
[  920.175855][T21558]  <TASK>
[  920.175864][T21558]  dump_stack_lvl+0x100/0x190
[  920.175890][T21558]  should_fail_ex.cold+0x5/0xa
[  920.175918][T21558]  should_failslab+0xc2/0x120
[  920.175943][T21558]  ? tomoyo_realpath_from_path+0xb6/0x690
[  920.175960][T21558]  __kmalloc_noprof+0xf6/0x9c0
[  920.175984][T21558]  ? tomoyo_realpath_from_path+0xb6/0x690
[  920.176000][T21558]  tomoyo_realpath_from_path+0xb6/0x690
[  920.176024][T21558]  tomoyo_path_number_perm+0x23c/0x580
[  920.176048][T21558]  ? tomoyo_path_number_perm+0x22e/0x580
[  920.176075][T21558]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  920.176126][T21558]  ? find_held_lock+0x2b/0x80
[  920.176144][T21558]  ? hook_file_ioctl_common+0x146/0x410
[  920.176169][T21558]  ? __fget_files+0x215/0x3d0
[  920.176194][T21558]  ? __fget_files+0x21f/0x3d0
[  920.176217][T21558]  security_file_ioctl_compat+0xd3/0x230
[  920.176245][T21558]  __ia32_compat_sys_ioctl+0xc2/0x360
[  920.176276][T21558]  __do_fast_syscall_32+0xde/0x660
[  920.176302][T21558]  do_fast_syscall_32+0x32/0x70
[  920.176324][T21558]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  920.176345][T21558] RIP: 0023:0xf746d579
[  920.176359][T21558] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00
[  920.176376][T21558] RSP: 002b:00000000f545450c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  920.176394][T21558] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000000007a5
[  920.176405][T21558] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  920.176416][T21558] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  920.176426][T21558] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  920.176437][T21558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  920.176468][T21558]  </TASK>
[  920.176508][T21558] ERROR: Out of memory at tomoyo_realpath_from_path.
[  921.444984][T21258] udevd[21258]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  921.903669][T18452] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  922.026707][T21258] udevd[21258]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  922.093792][T18452] usb 6-1: Using ep0 maxpacket: 8
[  922.107580][T18452] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  922.112402][T18452] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  922.116689][T18452] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  922.120863][T18452] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  922.125409][T18452] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  922.131011][T18452] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  922.134998][T18452] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.522642][T18452] usb 6-1: usb_control_msg returned -32
[  922.528016][T18452] usbtmc 6-1:16.0: can't read capabilities
[  922.558202][T21598] binder: 21595:21598 ioctl c0306201 0 returned -14
[  922.558241][T18452] usb 6-1: USB disconnect, device number 48
[  922.689662][T18285] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  922.693427][T18285] CPU: 2 UID: 0 PID: 18285 Comm: kworker/u33:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  922.693499][T18285] Tainted: [L]=SOFTLOCKUP
[  922.693506][T18285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  922.693521][T18285] Workqueue: hci0 hci_rx_work
[  922.693546][T18285] Call Trace:
[  922.693553][T18285]  <TASK>
[  922.693561][T18285]  dump_stack_lvl+0x100/0x190
[  922.693586][T18285]  sysfs_warn_dup.cold+0x1c/0x28
[  922.693612][T18285]  sysfs_create_dir_ns+0x24b/0x2b0
[  922.693636][T18285]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  922.693660][T18285]  ? find_held_lock+0x2b/0x80
[  922.693676][T18285]  ? kobject_add_internal+0x25f/0x930
[  922.693699][T18285]  ? kobject_add_internal+0x25f/0x930
[  922.693725][T18285]  ? do_raw_spin_unlock+0x145/0x1e0
[  922.693752][T18285]  kobject_add_internal+0x2c8/0x930
[  922.693780][T18285]  kobject_add+0x16a/0x1e0
[  922.693803][T18285]  ? __pfx_kobject_add+0x10/0x10
[  922.693825][T18285]  ? class_to_subsys+0x10f/0x150
[  922.693854][T18285]  ? kobject_put+0xb9/0x640
[  922.693873][T18285]  ? _raw_spin_unlock+0x28/0x50
[  922.693897][T18285]  device_add+0x294/0x1950
[  922.693921][T18285]  ? __pfx_dev_set_name+0x10/0x10
[  922.693947][T18285]  ? __pfx_device_add+0x10/0x10
[  922.693970][T18285]  ? mgmt_send_event_skb+0x2fb/0x460
[  922.693998][T18285]  hci_conn_add_sysfs+0x1a3/0x260
[  922.694026][T18285]  le_conn_complete_evt+0x11cb/0x1f40
[  922.694054][T18285]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  922.694082][T18285]  hci_le_conn_complete_evt+0x23c/0x3a0
[  922.694105][T18285]  ? skb_pull_data+0x15f/0x1e0
[  922.694129][T18285]  hci_le_meta_evt+0x34a/0x5f0
[  922.694152][T18285]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  922.694177][T18285]  hci_event_packet+0x682/0x11c0
[  922.694200][T18285]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  922.694223][T18285]  ? __pfx_hci_event_packet+0x10/0x10
[  922.694247][T18285]  ? kcov_remote_start+0x374/0x660
[  922.694267][T18285]  ? lockdep_hardirqs_on+0x78/0x100
[  922.694295][T18285]  hci_rx_work+0x451/0xfc0
[  922.694341][T18285]  process_one_work+0x9c2/0x1840
[  922.694381][T18285]  ? __pfx_process_one_work+0x10/0x10
[  922.694416][T18285]  ? assign_work+0x19c/0x250
[  922.694444][T18285]  worker_thread+0x5da/0xe40
[  922.694484][T18285]  ? __pfx_worker_thread+0x10/0x10
[  922.694511][T18285]  ? kthread+0x17d/0x730
[  922.694532][T18285]  ? __pfx_worker_thread+0x10/0x10
[  922.694555][T18285]  kthread+0x3b3/0x730
[  922.694580][T18285]  ? __pfx_kthread+0x10/0x10
[  922.694602][T18285]  ? ret_from_fork+0x79/0xaf0
[  922.694619][T18285]  ? ret_from_fork+0x79/0xaf0
[  922.694637][T18285]  ? rcu_is_watching+0x12/0xc0
[  922.694655][T18285]  ? __pfx_kthread+0x10/0x10
[  922.694681][T18285]  ret_from_fork+0x754/0xaf0
[  922.694698][T18285]  ? __pfx_ret_from_fork+0x10/0x10
[  922.694717][T18285]  ? __switch_to+0x7b9/0x10c0
[  922.694739][T18285]  ? __pfx_kthread+0x10/0x10
[  922.694763][T18285]  ret_from_fork_asm+0x1a/0x30
[  922.694801][T18285]  </TASK>
[  922.783522][ T6441] ------------[ cut here ]------------
[  922.787454][T18285] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  922.788216][ T6441] [CRTC:35:crtc-0] vblank wait timed out
[  922.790210][T18285] Bluetooth: hci0: failed to register connection device
[  922.791855][ T6441] WARNING: drivers/gpu/drm/drm_atomic_helper.c:1920 at drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0, CPU#3: kworker/3:4/6441
[  922.812235][ T6441] Modules linked in:
[  922.814201][ T6441] CPU: 3 UID: 0 PID: 6441 Comm: kworker/3:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  922.818497][ T6441] Tainted: [L]=SOFTLOCKUP
[  922.819952][ T6441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  922.823116][ T6441] Workqueue: events drm_fb_helper_damage_work
[  922.825124][ T6441] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  922.827612][ T6441] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d 58 0b 32 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 93 df 75 fc e9 7c fe ff ff e8 19
[  922.833779][ T6441] RSP: 0000:ffffc90004e3f688 EFLAGS: 00010246
[  922.835711][ T6441] RAX: 0000000000000000 RBX: ffff888044019318 RCX: 1ffff1100880327e
[  922.838230][ T6441] RDX: ffff8880250e7480 RSI: 0000000000000023 RDI: ffffffff90c27630
[  922.840745][ T6441] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  922.843259][ T6441] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  922.845859][ T6441] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888023fbe500
[  922.848603][ T6441] FS:  0000000000000000(0000) GS:ffff8880976e3000(0000) knlGS:0000000000000000
[  922.851622][ T6441] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  922.853813][ T6441] CR2: 000000008001d000 CR3: 000000005b351000 CR4: 0000000000352ef0
[  922.856802][ T6441] Call Trace:
[  922.857895][ T6441]  <TASK>
[  922.858851][ T6441]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  922.861207][ T6441]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  922.863073][ T6441]  ? lockdep_hardirqs_on+0x78/0x100
[  922.865202][ T6441]  ? __pfx_autoremove_wake_function+0x10/0x10
[  922.867196][ T6441]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  922.869221][ T6441]  drm_atomic_helper_commit_tail+0xff/0x130
[  922.871112][ T6441]  commit_tail+0x338/0x430
[  922.872541][ T6441]  drm_atomic_helper_commit+0x303/0x380
[  922.874397][ T6441]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  922.876352][ T6441]  drm_atomic_commit+0x230/0x300
[  922.877954][ T6441]  ? __pfx_drm_atomic_commit+0x10/0x10
[  922.879683][ T6441]  ? __pfx___drm_printfn_info+0x10/0x10
[  922.881455][ T6441]  ? drm_mode_object_get+0x108/0x170
[  922.883163][ T6441]  drm_atomic_helper_dirtyfb+0x603/0x790
[  922.885070][ T6441]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  922.887096][ T6441]  ? do_raw_spin_lock+0x128/0x260
[  922.888684][ T6441]  ? find_held_lock+0x2b/0x80
[  922.890193][ T6441]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  922.892110][ T6441]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  922.894153][ T6441]  drm_fb_helper_damage_work+0x348/0x640
[  922.895877][ T6441]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  922.897836][ T6441]  ? process_one_work+0x80b/0x1840
[  922.899391][ T6441]  ? rcu_is_watching+0x12/0xc0
[  922.900873][ T6441]  process_one_work+0x9c2/0x1840
[  922.902571][ T6441]  ? __pfx_process_one_work+0x10/0x10
[  922.904376][ T6441]  ? assign_work+0x19c/0x250
[  922.905898][ T6441]  worker_thread+0x5da/0xe40
[  922.907358][ T6441]  ? __pfx_worker_thread+0x10/0x10
[  922.908955][ T6441]  ? kthread+0x17d/0x730
[  922.910324][ T6441]  ? __pfx_worker_thread+0x10/0x10
[  922.911936][ T6441]  kthread+0x3b3/0x730
[  922.913188][ T6441]  ? __pfx_kthread+0x10/0x10
[  922.914666][ T6441]  ? ret_from_fork+0x79/0xaf0
[  922.916162][ T6441]  ? ret_from_fork+0x79/0xaf0
[  922.917656][ T6441]  ? rcu_is_watching+0x12/0xc0
[  922.919140][ T6441]  ? __pfx_kthread+0x10/0x10
[  922.920582][ T6441]  ret_from_fork+0x754/0xaf0
[  922.922047][ T6441]  ? __pfx_ret_from_fork+0x10/0x10
[  922.923699][ T6441]  ? __switch_to+0x7b9/0x10c0
[  922.925166][ T6441]  ? __pfx_kthread+0x10/0x10
[  922.926646][ T6441]  ret_from_fork_asm+0x1a/0x30
[  922.928189][ T6441]  </TASK>
[  922.929184][ T6441] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  922.931483][ T6441] CPU: 3 UID: 0 PID: 6441 Comm: kworker/3:4 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  922.934887][ T6441] Tainted: [L]=SOFTLOCKUP
[  922.936284][ T6441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  922.939394][ T6441] Workqueue: events drm_fb_helper_damage_work
[  922.941225][ T6441] Call Trace:
[  922.942315][ T6441]  <TASK>
[  922.943231][ T6441]  dump_stack_lvl+0x100/0x190
[  922.944725][ T6441]  vpanic+0x20d/0x630
[  922.946013][ T6441]  panic+0xd1/0xd1
[  922.947200][ T6441]  ? __pfx_panic+0x10/0x10
[  922.948586][ T6441]  ? check_panic_on_warn+0x1f/0x90
[  922.950144][ T6441]  check_panic_on_warn.cold+0x19/0x34
[  922.951968][ T6441]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  922.954754][ T6441]  __warn.cold+0x191/0x2f8
[  922.956430][ T6441]  __report_bug+0x296/0x3d0
[  922.958144][ T6441]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x738/0x8a0
[  922.960635][ T6441]  ? __pfx___report_bug+0x10/0x10
[  922.962443][ T6441]  ? lockdep_hardirqs_on+0x78/0x100
[  922.964576][ T6441]  report_bug_entry+0xe1/0x290
[  922.966275][ T6441]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  922.968585][ T6441]  handle_bug+0x1c9/0x2a0
[  922.969974][ T6441]  exc_invalid_op+0x17/0x50
[  922.971456][ T6441]  asm_exc_invalid_op+0x1a/0x20
[  922.973042][ T6441] RIP: 0010:drm_atomic_helper_wait_for_vblanks.part.0+0x73e/0x8a0
[  922.975510][ T6441] Code: 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 0f b6 04 01 84 c0 74 08 3c 03 0f 8e 44 01 00 00 48 8d 3d 58 0b 32 0b 8b b3 d8 00 00 00 <67> 48 0f b9 3a e9 e1 fc ff ff e8 93 df 75 fc e9 7c fe ff ff e8 19
[  922.981547][ T6441] RSP: 0000:ffffc90004e3f688 EFLAGS: 00010246
[  922.983484][ T6441] RAX: 0000000000000000 RBX: ffff888044019318 RCX: 1ffff1100880327e
[  922.985783][ T6441] RDX: ffff8880250e7480 RSI: 0000000000000023 RDI: ffffffff90c27630
[  922.988286][ T6441] RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000
[  922.990781][ T6441] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  922.993235][ T6441] R13: 0000000000000000 R14: 0000000000000000 R15: ffff888023fbe500
[  922.995861][ T6441]  ? drm_atomic_helper_wait_for_vblanks.part.0+0x6e6/0x8a0
[  922.998271][ T6441]  ? __pfx_drm_atomic_helper_wait_for_vblanks.part.0+0x10/0x10
[  923.000682][ T6441]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  923.002609][ T6441]  ? lockdep_hardirqs_on+0x78/0x100
[  923.004305][ T6441]  ? __pfx_autoremove_wake_function+0x10/0x10
[  923.006363][ T6441]  ? drm_atomic_helper_commit_hw_done+0x36d/0x490
[  923.008462][ T6441]  drm_atomic_helper_commit_tail+0xff/0x130
[  923.010407][ T6441]  commit_tail+0x338/0x430
[  923.011894][ T6441]  drm_atomic_helper_commit+0x303/0x380
[  923.013747][ T6441]  ? __pfx_drm_atomic_helper_commit+0x10/0x10
[  923.015674][ T6441]  drm_atomic_commit+0x230/0x300
[  923.017187][ T6441]  ? __pfx_drm_atomic_commit+0x10/0x10
[  923.018971][ T6441]  ? __pfx___drm_printfn_info+0x10/0x10
[  923.020774][ T6441]  ? drm_mode_object_get+0x108/0x170
[  923.022543][ T6441]  drm_atomic_helper_dirtyfb+0x603/0x790
[  923.024345][ T6441]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  923.026551][ T6441]  ? do_raw_spin_lock+0x128/0x260
[  923.028097][ T6441]  ? find_held_lock+0x2b/0x80
[  923.029600][ T6441]  ? __pfx_drm_atomic_helper_dirtyfb+0x10/0x10
[  923.031609][ T6441]  drm_fbdev_shmem_helper_fb_dirty+0x1cc/0x310
[  923.033641][ T6441]  drm_fb_helper_damage_work+0x348/0x640
[  923.035724][ T6441]  ? __pfx_drm_fb_helper_damage_work+0x10/0x10
[  923.037803][ T6441]  ? process_one_work+0x80b/0x1840
[  923.039476][ T6441]  ? rcu_is_watching+0x12/0xc0
[  923.041067][ T6441]  process_one_work+0x9c2/0x1840
[  923.042784][ T6441]  ? __pfx_process_one_work+0x10/0x10
[  923.044544][ T6441]  ? assign_work+0x19c/0x250
[  923.046467][ T6441]  worker_thread+0x5da/0xe40
[  923.048075][ T6441]  ? __pfx_worker_thread+0x10/0x10
[  923.049826][ T6441]  ? kthread+0x17d/0x730
[  923.051421][ T6441]  ? __pfx_worker_thread+0x10/0x10
[  923.053291][ T6441]  kthread+0x3b3/0x730
[  923.054687][ T6441]  ? __pfx_kthread+0x10/0x10
[  923.056574][ T6441]  ? ret_from_fork+0x79/0xaf0
[  923.058293][ T6441]  ? ret_from_fork+0x79/0xaf0
[  923.059882][ T6441]  ? rcu_is_watching+0x12/0xc0
[  923.061527][ T6441]  ? __pfx_kthread+0x10/0x10
[  923.063116][ T6441]  ret_from_fork+0x754/0xaf0
[  923.064927][ T6441]  ? __pfx_ret_from_fork+0x10/0x10
[  923.067122][ T6441]  ? __switch_to+0x7b9/0x10c0
[  923.069117][ T6441]  ? __pfx_kthread+0x10/0x10
[  923.071158][ T6441]  ret_from_fork_asm+0x1a/0x30
[  923.073235][ T6441]  </TASK>
[  923.075378][ T6441] Kernel Offset: disabled
[  923.077259][ T6441] Rebooting in 86400 seconds..