last executing test programs:

14m50.875854092s ago: executing program 2 (id=3):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

14m35.622310977s ago: executing program 1 (id=21):
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000006c0)='\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000140)={{{0x1, 0x1}}, 0x3f00, 0x80000000, 0x0})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025747a31000000000900010073797a3000000000080005400000001c"], 0xe8}, 0x1, 0x0, 0x0, 0x40c0004}, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r7)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffffffffffff070007003a"], 0x44}, 0x1, 0x1000000}, 0x0)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r7, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r9, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r10 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r10, 0x112, 0x10, &(0x7f0000000040)=0xfffffffc, 0x4)

14m35.572315157s ago: executing program 32 (id=3):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

14m32.92738375s ago: executing program 1 (id=25):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x8c, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
socket(0xa, 0x3, 0x3a)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r5, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

14m30.925523857s ago: executing program 1 (id=28):
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000006c0)='\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000140)={{{0x1, 0x1}}, 0x3f00, 0x80000000, 0x0})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025747a31000000000900010073797a3000000000080005400000001c"], 0xe8}, 0x1, 0x0, 0x0, 0x40c0004}, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r7)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffffffffffff070007003a"], 0x44}, 0x1, 0x1000000}, 0x0)
syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r9, 0x112, 0x10, &(0x7f0000000040)=0xfffffffc, 0x4)
sendmsg$can_j1939(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x1d, r6, 0x1, {0x0, 0xff, 0x4}}, 0x18, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8021}, 0x20048805)

14m22.221481583s ago: executing program 1 (id=40):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r1 = gettid()
r2 = syz_io_uring_complete(0x0, 0x0)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r3, &(0x7f0000000000)={0x2, @long={0x3, 0x2}}, 0x14)
clock_gettime(0x0, &(0x7f0000000180)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r2, 0x8080}], 0x1, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000280)={[0x2, 0x5]}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0xc0405626, &(0x7f0000000040)=0x6)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, 0x0, 0x0)
bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbfe, 0x10}, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendfile64(r8, r8, 0x0, 0xb)
ioctl$NBD_CLEAR_QUE(r8, 0xab05)
sendmsg$NL80211_CMD_SET_MAC_ACL(r6, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="28000000ef494983b1dcaaac", @ANYRES16=0x0, @ANYBLOB="010028bd7000fedbdf255d00000008000300", @ANYRES32=0x0, @ANYBLOB="0800a500000000000400a680"], 0x28}, 0x1, 0x0, 0x0, 0x4044080}, 0x8001)
r9 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r9, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4b, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "95006900", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]})
ioctl$CEC_TRANSMIT(r9, 0xc0386105, &(0x7f00000000c0)={0x5, 0x3, 0x2, 0x10000, 0x3, 0x4063, "3f00166030590000000000e100", 0xfe, 0x0, 0x2, 0x2, 0x1, 0x0, 0x6})
r10 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r10, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x5, 0xab, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "cf4a06d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f53c41825a224d2a29edb7"]})
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))

14m21.631261157s ago: executing program 1 (id=43):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000380), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan0\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x40000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRES32], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0xc854}, 0x4084)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x401, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x1c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc011}, 0x800)
r8 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_SIOCINQ(r8, 0x541b, &(0x7f0000000680))
sendmsg$IEEE802154_LLSEC_SETPARAMS(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4094}, 0x20044000)

14m18.64992182s ago: executing program 1 (id=55):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

14m3.463063458s ago: executing program 33 (id=55):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

11m57.006830559s ago: executing program 5 (id=487):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00')

11m56.767270767s ago: executing program 5 (id=489):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040098}, 0x4000)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000480)="c1858aec1d0a21756f66b4805f3a", 0xe, 0x40000, &(0x7f0000000240)={0x11, 0xf8, r5, 0x1, 0x5, 0x6, @random="24f51e8e0a5a"}, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a5c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000300003801c0000800c00018006000100d10300000c000440000000002df31ab30c00008008000340000000020100000014000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
r10 = socket$packet(0x11, 0x2, 0x300)
setrlimit(0x5, &(0x7f0000000000)={0xd4, 0x3})
sendto$packet(r10, 0x0, 0x0, 0x4010040, &(0x7f00000001c0)={0x11, 0x8100, r9, 0x1, 0xd8, 0x6, @random="5800103cbc78"}, 0x14)

11m56.586613865s ago: executing program 5 (id=490):
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240), 0x2)
memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x32, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x7)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)

11m56.500574145s ago: executing program 5 (id=492):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00') (fail_nth: 1)

11m56.397854479s ago: executing program 5 (id=493):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000540)={0x1, 0x0, [{0xc0000080}]})
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r4=>0x0], &(0x7f0000000340)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r5, r4], 0x2})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]})
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r7, 0xf21, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0)

11m56.139790204s ago: executing program 5 (id=494):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

11m56.037609178s ago: executing program 34 (id=494):
r0 = socket$packet(0x11, 0x3, 0x300)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000080)=0x40000)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r6, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r7, 0x4)
socket$netlink(0x10, 0x3, 0x0)
epoll_create1(0x80000)
io_setup(0x2dd8, &(0x7f00000000c0))

15.890078061s ago: executing program 0 (id=3366):
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f000000ba00)={0x1, 0x7ff, {0xffffffffffffffff}, {0xee00}, 0x7c, 0x5})
getegid()

15.883743635s ago: executing program 0 (id=3368):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x4, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r3 = memfd_create(0x0, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mremap(&(0x7f00001f6000/0x4000)=nil, 0x4000, 0x1000, 0x6, &(0x7f0000920000/0x1000)=nil)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r4=>r3, {0x6}}, './file0\x00'})
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r5, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x80)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000540)=0xf6, 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvfrom$l2tp6(r2, 0x0, 0x94, 0x40000002, 0x0, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r8 = syz_open_dev$swradio(&(0x7f00000003c0), 0x1, 0x2)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r8, 0x80489439, &(0x7f0000000400))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)

12.651397044s ago: executing program 0 (id=3374):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sync_file_range(0xffffffffffffffff, 0x6, 0x6, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000003980))
r8 = fsmount(r7, 0x0, 0x8)
fchmodat(r8, &(0x7f0000000300)='.\x00', 0xffffffd3)
ioctl$CDROMREADAUDIO(r8, 0x530e, &(0x7f0000000340)={@lba=0x5, 0x1, 0x8, &(0x7f0000000280)=""/8})
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7001fbdbdf25250000000e0001006e65746465768e696d0000000f0002006e657464657673696d30000008008b08", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000003c0)={{0xa, 0x6, 0x6, 0x0, 'syz1\x00', 0x401}, 0x3, 0x20000000, 0x6, r4, 0xa, 0x3, 'syz0\x00', &(0x7f0000000300)=['/dev/vim2m\x00', '-\x14[&$\x00', '\x00', '%@\x00', '{-[+-\x00', 'GPL\x00', '\x00', '*\x00', '/dev/vim2m\x00', '/dev/comedi0\x00'], 0x3a})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000780)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xc880)

12.287108536s ago: executing program 3 (id=3377):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
pipe2(&(0x7f0000000580)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r2, &(0x7f0000000040)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
tee(r1, r3, 0xfffffffffffffc01, 0x0)
tee(r1, r3, 0x1fc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x10, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0x5, 0xffff}, {0xf, 0x8}, {0x1, 0xa}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r10, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
userfaultfd(0x801)

9.400271126s ago: executing program 0 (id=3379):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x4, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r3 = memfd_create(0x0, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mremap(&(0x7f00001f6000/0x4000)=nil, 0x4000, 0x1000, 0x6, &(0x7f0000920000/0x1000)=nil)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r4=>r3, {0x6}}, './file0\x00'})
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r5, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x80)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000540)=0xf6, 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvfrom$l2tp6(r2, 0x0, 0x94, 0x40000002, 0x0, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r8 = syz_open_dev$swradio(&(0x7f00000003c0), 0x1, 0x2)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r8, 0x80489439, &(0x7f0000000400))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
close_range(r0, 0xffffffffffffffff, 0x0)

9.293349768s ago: executing program 3 (id=3380):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sync_file_range(0xffffffffffffffff, 0x6, 0x6, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000038c0)=[{{&(0x7f0000000500)=@pppol2tp, 0x80, &(0x7f0000001900)=[{&(0x7f0000000580)=""/90, 0x5a}, {&(0x7f0000000600)=""/154, 0x9a}, {&(0x7f00000006c0)=""/137, 0x89}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x4, &(0x7f0000001940)=""/150, 0x96}, 0x1}, {{&(0x7f0000001a00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000001a80)=""/162, 0xa2}], 0x1, &(0x7f0000001b80)=""/23, 0x17}, 0x9}, {{&(0x7f0000001bc0)=@in6, 0x80, &(0x7f0000002000)=[{&(0x7f0000001c40)=""/143, 0x8f}, {&(0x7f0000001d00)=""/181, 0xb5}, {&(0x7f0000001dc0)=""/36, 0x24}, {&(0x7f0000001e00)=""/255, 0xff}, {&(0x7f0000001f00)=""/229, 0xe5}], 0x5, &(0x7f0000002040)=""/4096, 0x1000}, 0xb}, {{&(0x7f0000003040)=@xdp, 0x80, &(0x7f0000003640)=[{&(0x7f00000030c0)=""/146, 0x92}, {&(0x7f0000003180)=""/215, 0xd7}, {&(0x7f0000003280)=""/11, 0xb}, {&(0x7f00000032c0)=""/253, 0xfd}, {&(0x7f00000033c0)=""/44, 0x2c}, {&(0x7f0000003a00)=""/241, 0xf1}, {&(0x7f0000003500)=""/206, 0xce}, {&(0x7f0000003600)=""/14, 0xe}], 0x8}, 0x2}, {{&(0x7f0000003680)=@qipcrtr, 0x80, &(0x7f00000037c0)=[{&(0x7f0000003700)=""/107, 0x6b}, {&(0x7f0000003780)=""/20, 0x14}], 0x2, &(0x7f0000003800)=""/184, 0xb8}, 0x1}], 0x5, 0x20020121, &(0x7f00000039c0))
r8 = fsmount(r7, 0x0, 0x8)
fchmodat(r8, &(0x7f0000000300)='.\x00', 0xffffffd3)
ioctl$CDROMREADAUDIO(r8, 0x530e, &(0x7f0000000340)={@lba=0x5, 0x1, 0x8, &(0x7f0000000280)=""/8})
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7001fbdbdf25250000000e0001006e65746465768e696d0000000f0002006e657464657673696d30000008008b08", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000003c0)={{0xa, 0x6, 0x6, 0x0, 'syz1\x00', 0x401}, 0x3, 0x20000000, 0x6, r4, 0xa, 0x3, 'syz0\x00', &(0x7f0000000300)=['/dev/vim2m\x00', '-\x14[&$\x00', '\x00', '%@\x00', '{-[+-\x00', 'GPL\x00', '\x00', '*\x00', '/dev/vim2m\x00', '/dev/comedi0\x00'], 0x3a})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000780)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xc880)

6.306319989s ago: executing program 4 (id=3382):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sync_file_range(0xffffffffffffffff, 0x6, 0x6, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000038c0)=[{{&(0x7f0000000500)=@pppol2tp, 0x80, &(0x7f0000001900)=[{&(0x7f0000000580)=""/90, 0x5a}, {&(0x7f0000000600)=""/154, 0x9a}, {&(0x7f00000006c0)=""/137, 0x89}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x4, &(0x7f0000001940)=""/150, 0x96}, 0x1}, {{&(0x7f0000001a00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000001a80)=""/162, 0xa2}], 0x1, &(0x7f0000001b80)=""/23, 0x17}, 0x9}, {{&(0x7f0000001bc0)=@in6, 0x80, &(0x7f0000002000)=[{&(0x7f0000001c40)=""/143, 0x8f}, {&(0x7f0000001d00)=""/181, 0xb5}, {&(0x7f0000001dc0)=""/36, 0x24}, {&(0x7f0000001e00)=""/255, 0xff}, {&(0x7f0000001f00)=""/229, 0xe5}], 0x5, &(0x7f0000002040)=""/4096, 0x1000}, 0xb}, {{&(0x7f0000003040)=@xdp, 0x80, &(0x7f0000003640)=[{&(0x7f00000030c0)=""/146, 0x92}, {&(0x7f0000003180)=""/215, 0xd7}, {&(0x7f0000003280)=""/11, 0xb}, {&(0x7f00000032c0)=""/253, 0xfd}, {&(0x7f00000033c0)=""/44, 0x2c}, {&(0x7f0000003a00)=""/241, 0xf1}, {&(0x7f0000003500)=""/206, 0xce}, {&(0x7f0000003600)=""/14, 0xe}], 0x8}, 0x2}, {{&(0x7f0000003680)=@qipcrtr, 0x80, &(0x7f00000037c0)=[{&(0x7f0000003700)=""/107, 0x6b}, {&(0x7f0000003780)=""/20, 0x14}], 0x2, &(0x7f0000003800)=""/184, 0xb8}, 0x1}], 0x5, 0x20020121, &(0x7f00000039c0))
r8 = fsmount(r7, 0x0, 0x8)
fchmodat(r8, &(0x7f0000000300)='.\x00', 0xffffffd3)
ioctl$CDROMREADAUDIO(r8, 0x530e, &(0x7f0000000340)={@lba=0x5, 0x1, 0x8, &(0x7f0000000280)=""/8})
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7001fbdbdf25250000000e0001006e65746465768e696d0000000f0002006e657464657673696d30000008008b08", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000003c0)={{0xa, 0x6, 0x6, 0x0, 'syz1\x00', 0x401}, 0x3, 0x20000000, 0x6, r4, 0xa, 0x3, 'syz0\x00', &(0x7f0000000300)=['/dev/vim2m\x00', '-\x14[&$\x00', '\x00', '%@\x00', '{-[+-\x00', 'GPL\x00', '\x00', '*\x00', '/dev/vim2m\x00', '/dev/comedi0\x00'], 0x3a})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000780)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xc880)

6.272625659s ago: executing program 3 (id=3383):
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r2, 0x40305829, &(0x7f0000000040))

6.000889821s ago: executing program 6 (id=3385):
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f000000ba00)={0x1, 0x7ff, {0xffffffffffffffff}, {0xee00}, 0x7c, 0x5})
getegid()

6.000352133s ago: executing program 6 (id=3386):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sync_file_range(0xffffffffffffffff, 0x6, 0x6, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000038c0)=[{{&(0x7f0000000500)=@pppol2tp, 0x80, &(0x7f0000001900)=[{&(0x7f0000000580)=""/90, 0x5a}, {&(0x7f0000000600)=""/154, 0x9a}, {&(0x7f00000006c0)=""/137, 0x89}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x4, &(0x7f0000001940)=""/150, 0x96}, 0x1}, {{&(0x7f0000001a00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000001a80)=""/162, 0xa2}], 0x1, &(0x7f0000001b80)=""/23, 0x17}, 0x9}, {{&(0x7f0000001bc0)=@in6, 0x80, &(0x7f0000002000)=[{&(0x7f0000001c40)=""/143, 0x8f}, {&(0x7f0000001d00)=""/181, 0xb5}, {&(0x7f0000001dc0)=""/36, 0x24}, {&(0x7f0000001e00)=""/255, 0xff}, {&(0x7f0000001f00)=""/229, 0xe5}], 0x5, &(0x7f0000002040)=""/4096, 0x1000}, 0xb}, {{&(0x7f0000003040)=@xdp, 0x80, &(0x7f0000003640)=[{&(0x7f00000030c0)=""/146, 0x92}, {&(0x7f0000003180)=""/215, 0xd7}, {&(0x7f0000003280)=""/11, 0xb}, {&(0x7f00000032c0)=""/253, 0xfd}, {&(0x7f00000033c0)=""/44, 0x2c}, {&(0x7f0000003a00)=""/241, 0xf1}, {&(0x7f0000003500)=""/206, 0xce}, {&(0x7f0000003600)=""/14, 0xe}], 0x8}, 0x2}, {{&(0x7f0000003680)=@qipcrtr, 0x80, &(0x7f00000037c0)=[{&(0x7f0000003700)=""/107, 0x6b}, {&(0x7f0000003780)=""/20, 0x14}], 0x2, &(0x7f0000003800)=""/184, 0xb8}, 0x1}], 0x5, 0x20020121, &(0x7f00000039c0))
r8 = fsmount(r7, 0x0, 0x8)
fchmodat(r8, &(0x7f0000000300)='.\x00', 0xffffffd3)
ioctl$CDROMREADAUDIO(r8, 0x530e, &(0x7f0000000340)={@lba=0x5, 0x1, 0x8, &(0x7f0000000280)=""/8})
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7001fbdbdf25250000000e0001006e65746465768e696d0000000f0002006e657464657673696d30000008008b08", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000003c0)={{0xa, 0x6, 0x6, 0x0, 'syz1\x00', 0x401}, 0x3, 0x20000000, 0x6, r4, 0xa, 0x3, 'syz0\x00', &(0x7f0000000300)=['/dev/vim2m\x00', '-\x14[&$\x00', '\x00', '%@\x00', '{-[+-\x00', 'GPL\x00', '\x00', '*\x00', '/dev/vim2m\x00', '/dev/comedi0\x00'], 0x3a})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000780)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xc880)

5.075488102s ago: executing program 3 (id=3387):
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x22, 0x2, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40010002, 0x0, {0x3}})
io_uring_enter(r0, 0x1, 0x21, 0x1, 0x0, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

4.361094053s ago: executing program 6 (id=3388):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @empty, 0x30}, 0x1c)
listen(r0, 0xfffffffd)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x1)
sendto$inet6(r1, 0x0, 0x0, 0x20008010, &(0x7f0000000000)={0xa, 0x2}, 0x1c)

4.268223318s ago: executing program 6 (id=3389):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

4.102471373s ago: executing program 3 (id=3390):
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000006c0)='\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000140)={{{0x1, 0x1}}, 0x3f00, 0x80000000, 0x0})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025747a31000000000900010073797a30000000000800054000"], 0xe8}, 0x1, 0x0, 0x0, 0x40c0004}, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r7)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x1000000}, 0x0)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r7, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r8, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r9, 0x112, 0x10, &(0x7f0000000040)=0xfffffffc, 0x4)
sendmsg$can_j1939(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x1d, r6, 0x1, {0x0, 0xff, 0x4}}, 0x18, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8021}, 0x20048805)

3.938444619s ago: executing program 4 (id=3391):
syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x22, 0x2, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40010002, 0x0, {0x3}})
io_uring_enter(r0, 0x1, 0x21, 0x1, 0x0, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

3.791302135s ago: executing program 0 (id=3392):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x3, 0x980914, 0x3})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x5, 0x101000)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000080)={0x0, 0x0, 0x300c, 0x0, 0x8000, 0xfffffff9, 0x0, 0x1})
r3 = fcntl$dupfd(r0, 0x406, r1)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r3, 0xae03, 0x9)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e22, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x92c7}, 0x1c)
listen(r1, 0x5)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x80, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
clock_gettime(0x0, &(0x7f0000000100)={<r5=>0x0, <r6=>0x0})
pselect6(0x40, &(0x7f0000000040)={0x4, 0x2, 0x8, 0x3, 0x0, 0xfff, 0x3, 0x2}, &(0x7f0000000080)={0xff, 0xc5, 0x0, 0xc0000000000000, 0x40, 0x100000000, 0x388c, 0x9}, &(0x7f00000000c0)={0x10, 0x8, 0x0, 0x4, 0x3, 0x6, 0x100, 0x877}, &(0x7f0000000140)={r5, r6+10000000}, &(0x7f0000000200)={&(0x7f00000001c0)={[0x5, 0x7f]}, 0x8})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x1c, 0x40, 0x107, 0x70bd2b, 0x25dfdbfe, {0x1, 0x7c}, [@nested={0x4, 0x1c2}, @typed={0x4, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000280), &(0x7f00000002c0), 0x2, 0x1)
close_range(r1, 0xffffffffffffffff, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r10=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x38, r9, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r10}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x38}}, 0x20000000)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000003c0)=<r12=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000400)=<r13=>0x0)
sendmsg$NFC_CMD_DEP_LINK_DOWN(r8, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x34, r11, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r12}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r13}, @NFC_ATTR_TARGET_INDEX={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0xda5b9578b865abd8)

3.520667054s ago: executing program 0 (id=3393):
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x300000d, 0x1)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x0, 0x4, 0x8, &(0x7f00000006c0)='\x00\x00\x00\x00', &(0x7f0000000700)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000140)={{{0x1, 0x1}}, 0x3f00, 0x80000000, 0x0})
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
unshare(0x6a040000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025747a31000000000900010073797a30000000000800054000"], 0xe8}, 0x1, 0x0, 0x0, 0x40c0004}, 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000480)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f0000000100)={0x1d, r6, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), r7)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x44}, 0x1, 0x1000000}, 0x0)
r8 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r7, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r8, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x5}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$bt_BT_DEFER_SETUP(r9, 0x112, 0x10, &(0x7f0000000040)=0xfffffffc, 0x4)
sendmsg$can_j1939(r5, &(0x7f0000000200)={&(0x7f0000000000)={0x1d, r6, 0x1, {0x0, 0xff, 0x4}}, 0x18, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8021}, 0x20048805)

3.318106417s ago: executing program 6 (id=3394):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e20, 0x4, @empty}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r3 = memfd_create(0x0, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mremap(&(0x7f00001f6000/0x4000)=nil, 0x4000, 0x1000, 0x6, &(0x7f0000920000/0x1000)=nil)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r4=>r3, {0x6}}, './file0\x00'})
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r5, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x80)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000032680)=""/102400, 0x19000)
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000540)=0xf6, 0x4)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
recvfrom$l2tp6(r2, 0x0, 0x94, 0x40000002, 0x0, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r8 = syz_open_dev$swradio(&(0x7f00000003c0), 0x1, 0x2)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r8, 0x80489439, &(0x7f0000000400))
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
close_range(r0, 0xffffffffffffffff, 0x0)

2.155155906s ago: executing program 4 (id=3395):
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x670, 0x5, 0x454, 0x348, 0x198, 0xffffffff, 0x198, 0x0, 0x410, 0x410, 0xffffffff, 0x410, 0x410, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010100, @local, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x16}, 0x0, 0x164, 0x198, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x7, 0x100c, 'kmp\x00', "48ae43e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x76, 0x2, {0x1}}}, @common=@unspec=@devgroup={{0x34}, {0x3, 0x0, 0x3, 0x3, 0x81}}]}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0xae, {0x2e, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e24, @port=0x4e24}}}}, {{@uncond, 0x0, 0x9c, 0xcc, 0x0, {}, [@common=@addrtype={{0x2c}, {0x40, 0x200, 0x0, 0x1}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'veth1_to_bridge\x00', {}, {}, 0x0, 0x0, 0x5e}, 0x0, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x2, @ipv4=@empty, @ipv4=@empty, @port=0x4e22, @icmp_id=0x65}}}, {{@ip={@loopback, @remote, 0xff, 0x0, 'batadv_slave_1\x00', 'ip_vti0\x00', {}, {0xff}, 0x84, 0x1, 0x5}, 0x0, 0x70, 0xa4}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x10, @local, @dev={0xac, 0x14, 0x14, 0x2a}, @port=0x4e22, @gre_key=0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x4b0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', <r1=>0x0})
sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca0000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x40000)
sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x1d, r1, 0x0, 0x4000}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4004851}, 0x4004001)

972.688677ms ago: executing program 3 (id=3396):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r2=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007500000004000000070000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000003d80)=[{{0x0, 0x0, &(0x7f0000002240)=[{&(0x7f00000003c0)=""/138, 0x8a}, {&(0x7f0000000480)=""/8, 0x8}, {&(0x7f00000004c0)=""/57, 0x39}, {&(0x7f0000000680)=""/101, 0x65}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000002040)=""/34, 0x22}, {&(0x7f0000002080)=""/148, 0x94}, {&(0x7f0000002140)=""/247, 0xf7}], 0x8, &(0x7f0000002280)=""/93, 0x5d}, 0x6}, {{&(0x7f0000002300)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000002480)=[{&(0x7f0000002380)=""/164, 0xa4}, {&(0x7f0000002440)=""/48, 0x30}], 0x2, &(0x7f00000024c0)=""/196, 0xc4}, 0x9}, {{&(0x7f00000025c0), 0x80, &(0x7f0000003d00)=[{&(0x7f0000002640)=""/41, 0x29}, {&(0x7f0000002680)=""/4, 0x4}, {&(0x7f00000026c0)=""/204, 0xcc}, {&(0x7f00000027c0)=""/222, 0xde}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f00000038c0)=""/252, 0xfc}, {&(0x7f00000039c0)=""/34, 0x22}, {&(0x7f0000003a00)=""/231, 0xe7}, {&(0x7f0000000700)=""/193, 0xc1}, {&(0x7f0000003c00)=""/231, 0xe7}], 0xa}, 0x81}], 0x3, 0x2, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x111000, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000280)=0x80, 0x4)
r9 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r9, 0x0)
ioctl$BLKROSET(r7, 0x125d, &(0x7f0000000000)=0x1000000010)
ioctl$TIOCL_SETSEL(r9, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x1, 0x4, 0x5, 0x3}})
ioctl$BLKRRPART(r9, 0x125f, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r10 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1)
sendto$packet(r1, &(0x7f0000000000)="05000806", 0x5e0, 0x0, &(0x7f0000000080)={0x11, 0x8100, r2}, 0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="df253e0a2000e183708225cb64de7e667d9ebf88567ace", @ANYRESDEC=r10, @ANYRESOCT=r6], 0x0, 0x1, 0x0, 0x0, 0x0, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r11, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c799dbe888a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

967.671085ms ago: executing program 4 (id=3397):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
r1 = fanotify_init(0x0, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
close(0x3)
openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r3, 0x0, 0x2, &(0x7f0000000000)=0xffffffffffffffff, 0x4)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

838.798577ms ago: executing program 4 (id=3398):
r0 = socket(0x1d, 0x2, 0x7)
setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x6b, 0x8, 0x0, 0x0) (async)
creat(&(0x7f0000000300)='./file1\x00', 0x0)
mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000)='efs\x00', 0x9, 0x0)

838.421394ms ago: executing program 4 (id=3399):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000000003, 0x7ffff, &(0x7f0000006680))
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sync_file_range(0xffffffffffffffff, 0x6, 0x6, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
clock_gettime(0x0, &(0x7f0000003980)={<r8=>0x0, <r9=>0x0})
recvmmsg(r1, &(0x7f00000038c0)=[{{&(0x7f0000000500)=@pppol2tp, 0x80, &(0x7f0000001900)=[{&(0x7f0000000580)=""/90, 0x5a}, {&(0x7f0000000600)=""/154, 0x9a}, {&(0x7f00000006c0)=""/137, 0x89}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x4, &(0x7f0000001940)=""/150, 0x96}, 0x1}, {{&(0x7f0000001a00)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast2}}, 0x80, &(0x7f0000001b40)=[{&(0x7f0000001a80)=""/162, 0xa2}], 0x1, &(0x7f0000001b80)=""/23, 0x17}, 0x9}, {{&(0x7f0000001bc0)=@in6, 0x80, &(0x7f0000002000)=[{&(0x7f0000001c40)=""/143, 0x8f}, {&(0x7f0000001d00)=""/181, 0xb5}, {&(0x7f0000001dc0)=""/36, 0x24}, {&(0x7f0000001e00)=""/255, 0xff}, {&(0x7f0000001f00)=""/229, 0xe5}], 0x5, &(0x7f0000002040)=""/4096, 0x1000}, 0xb}, {{&(0x7f0000003040)=@xdp, 0x80, &(0x7f0000003640)=[{&(0x7f00000030c0)=""/146, 0x92}, {&(0x7f0000003180)=""/215, 0xd7}, {&(0x7f0000003280)=""/11, 0xb}, {&(0x7f00000032c0)=""/253, 0xfd}, {&(0x7f00000033c0)=""/44, 0x2c}, {&(0x7f0000003a00)=""/241, 0xf1}, {&(0x7f0000003500)=""/206, 0xce}, {&(0x7f0000003600)=""/14, 0xe}], 0x8}, 0x2}, {{&(0x7f0000003680)=@qipcrtr, 0x80, &(0x7f00000037c0)=[{&(0x7f0000003700)=""/107, 0x6b}, {&(0x7f0000003780)=""/20, 0x14}], 0x2, &(0x7f0000003800)=""/184, 0xb8}, 0x1}], 0x5, 0x20020121, &(0x7f00000039c0)={r8, r9+60000000})
r10 = fsmount(r7, 0x0, 0x8)
fchmodat(r10, &(0x7f0000000300)='.\x00', 0xffffffd3)
ioctl$CDROMREADAUDIO(r10, 0x530e, &(0x7f0000000340)={@lba=0x5, 0x1, 0x8, &(0x7f0000000280)=""/8})
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7001fbdbdf25250000000e0001006e65746465768e696d0000000f0002006e657464657673696d30000008008b08", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x30)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000003c0)={{0xa, 0x6, 0x6, 0x0, 'syz1\x00', 0x401}, 0x3, 0x20000000, 0x6, r4, 0xa, 0x3, 'syz0\x00', &(0x7f0000000300)=['/dev/vim2m\x00', '-\x14[&$\x00', '\x00', '%@\x00', '{-[+-\x00', 'GPL\x00', '\x00', '*\x00', '/dev/vim2m\x00', '/dev/comedi0\x00'], 0x3a})
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000780)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0xc880)

0s ago: executing program 6 (id=3400):
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28)
connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x9, @loopback, 0x106}, 0x1c)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
write$binfmt_elf64(r1, &(0x7f00000004c0)=ANY=[], 0xfffffdcf) (fail_nth: 2)

kernel console output (not intermixed with test programs):

hys_seg 1 prio class 2
[  837.222409][T17250] Buffer I/O error on dev nbd0, logical block 2, async page read
[  837.225458][T17250] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  837.229499][T17250] Buffer I/O error on dev nbd0, logical block 3, async page read
[  837.232752][T17250] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  837.236774][T17250] Buffer I/O error on dev nbd0, logical block 0, async page read
[  837.239533][T17250] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  837.243141][T17250] Buffer I/O error on dev nbd0, logical block 1, async page read
[  837.253211][T17250] ldm_validate_partition_table(): Disk read failed.
[  837.256573][T17250] Dev nbd0: unable to read RDB block 0
[  837.260432][T17250]  nbd0: unable to read partition table
[  837.972302][T17259] wg1 speed is unknown, defaulting to 1000
[  837.979632][T17259] pimreg0 speed is unknown, defaulting to 1000
[  838.180320][T17264] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2996'.
[  838.189688][T17264] random: crng reseeded on system resumption
[  838.499794][T17274] usb usb8: usbfs: process 17274 (syz.6.2999) did not claim interface 0 before use
[  838.754762][T17276] wg1 speed is unknown, defaulting to 1000
[  838.759862][T17276] pimreg0 speed is unknown, defaulting to 1000
[  838.769574][T17278] usb usb8: usbfs: process 17278 (syz.0.3000) did not claim interface 0 before use
[  839.438665][T17287] FAULT_INJECTION: forcing a failure.
[  839.438665][T17287] name failslab, interval 1, probability 0, space 0, times 0
[  839.444247][T17287] CPU: 3 UID: 0 PID: 17287 Comm: syz.4.3002 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  839.444285][T17287] Tainted: [L]=SOFTLOCKUP
[  839.444292][T17287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  839.444305][T17287] Call Trace:
[  839.444314][T17287]  <TASK>
[  839.444323][T17287]  dump_stack_lvl+0x100/0x190
[  839.444368][T17287]  should_fail_ex.cold+0x5/0xa
[  839.444392][T17287]  ? tomoyo_realpath_from_path+0xb6/0x690
[  839.444424][T17287]  should_failslab+0xc2/0x120
[  839.444448][T17287]  __kmalloc_noprof+0xe0/0x850
[  839.444484][T17287]  tomoyo_realpath_from_path+0xb6/0x690
[  839.444516][T17287]  tomoyo_path_number_perm+0x23c/0x580
[  839.444538][T17287]  ? tomoyo_path_number_perm+0x22e/0x580
[  839.444566][T17287]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  839.444615][T17287]  ? find_held_lock+0x2b/0x80
[  839.444635][T17287]  ? hook_file_ioctl_common+0x146/0x410
[  839.444658][T17287]  ? __fget_files+0x215/0x3d0
[  839.444685][T17287]  ? __fget_files+0x21f/0x3d0
[  839.444715][T17287]  security_file_ioctl_compat+0xd3/0x230
[  839.444743][T17287]  __ia32_compat_sys_ioctl+0xc2/0x360
[  839.444776][T17287]  __do_fast_syscall_32+0xe3/0x8c0
[  839.444805][T17287]  do_fast_syscall_32+0x32/0x70
[  839.444827][T17287]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  839.444852][T17287] RIP: 0023:0xf709ef6c
[  839.444869][T17287] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  839.444888][T17287] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  839.444909][T17287] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541c
[  839.444922][T17287] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  839.444932][T17287] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  839.444944][T17287] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  839.444955][T17287] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  839.444980][T17287]  </TASK>
[  839.444989][T17287] ERROR: Out of memory at tomoyo_realpath_from_path.
[  839.457742][T17280] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2999'.
[  840.238376][T17296] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3000'.
[  840.426172][T17304] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3004'.
[  840.458817][T17283] wg1 speed is unknown, defaulting to 1000
[  840.493668][T17308] netlink: 'syz.4.3005': attribute type 1 has an invalid length.
[  840.646054][T17283] pimreg0 speed is unknown, defaulting to 1000
[  840.656099][T17296] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3000'.
[  840.737285][T17310] ieee802154 phy0 wpan0: encryption failed: -22
[  840.773506][T17310] netlink: 'syz.4.3005': attribute type 5 has an invalid length.
[  841.220929][T17328] random: crng reseeded on system resumption
[  841.347511][T17322] wg1 speed is unknown, defaulting to 1000
[  841.363215][T17335] bridge1: entered allmulticast mode
[  841.368434][T17322] pimreg0 speed is unknown, defaulting to 1000
[  841.438054][T17335] ªªªªª»: renamed from hsr0 (while UP)
[  841.679456][T17321] program syz.3.3007 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  841.783503][T17341] tipc: Started in network mode
[  841.785622][T17341] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  841.798703][T17341] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  841.888867][T17343] FAULT_INJECTION: forcing a failure.
[  841.888867][T17343] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  841.899187][T17343] CPU: 2 UID: 0 PID: 17343 Comm: syz.4.3014 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  841.899225][T17343] Tainted: [L]=SOFTLOCKUP
[  841.899232][T17343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  841.899244][T17343] Call Trace:
[  841.899252][T17343]  <TASK>
[  841.899260][T17343]  dump_stack_lvl+0x100/0x190
[  841.899299][T17343]  should_fail_ex.cold+0x5/0xa
[  841.899325][T17343]  _copy_from_user+0x2e/0xd0
[  841.899354][T17343]  get_compat_msghdr+0xb3/0x4b0
[  841.899392][T17343]  ? __pfx_get_compat_msghdr+0x10/0x10
[  841.899432][T17343]  ___sys_sendmsg+0x1b6/0x1e0
[  841.899465][T17343]  ? __pfx____sys_sendmsg+0x10/0x10
[  841.899539][T17343]  __sys_sendmsg+0x170/0x220
[  841.899562][T17343]  ? __pfx___sys_sendmsg+0x10/0x10
[  841.899591][T17343]  ? __pfx_ksys_write+0x10/0x10
[  841.899620][T17343]  __do_fast_syscall_32+0xe3/0x8c0
[  841.899647][T17343]  do_fast_syscall_32+0x32/0x70
[  841.899669][T17343]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  841.899691][T17343] RIP: 0023:0xf709ef6c
[  841.899710][T17343] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  841.899729][T17343] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  841.899749][T17343] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  841.899761][T17343] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000
[  841.899772][T17343] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  841.899784][T17343] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  841.899796][T17343] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  841.899821][T17343]  </TASK>
[  842.022713][T17345] binder: 17344:17345 ioctl c0109428 80000080 returned -22
[  842.244572][T17352] FAULT_INJECTION: forcing a failure.
[  842.244572][T17352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  842.254356][T17352] CPU: 3 UID: 0 PID: 17352 Comm: syz.6.3018 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  842.254388][T17352] Tainted: [L]=SOFTLOCKUP
[  842.254394][T17352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  842.254406][T17352] Call Trace:
[  842.254413][T17352]  <TASK>
[  842.254421][T17352]  dump_stack_lvl+0x100/0x190
[  842.254457][T17352]  should_fail_ex.cold+0x5/0xa
[  842.254480][T17352]  _copy_to_user+0x32/0xd0
[  842.254506][T17352]  simple_read_from_buffer+0xcb/0x170
[  842.254538][T17352]  proc_fail_nth_read+0x1af/0x230
[  842.254565][T17352]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  842.254590][T17352]  ? rw_verify_area+0xce/0x6d0
[  842.254616][T17352]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  842.254638][T17352]  vfs_read+0x1e4/0xb30
[  842.254660][T17352]  ? __pfx_vfs_read+0x10/0x10
[  842.254675][T17352]  ? find_held_lock+0x2b/0x80
[  842.254695][T17352]  ? __fget_files+0x215/0x3d0
[  842.254718][T17352]  ? __fget_files+0x21f/0x3d0
[  842.254743][T17352]  ksys_read+0x12a/0x250
[  842.254760][T17352]  ? __pfx_ksys_read+0x10/0x10
[  842.254810][T17352]  do_int80_emulation+0x141/0x6b0
[  842.254834][T17352]  asm_int80_emulation+0x1a/0x20
[  842.254851][T17352] RIP: 0023:0xf71f5cab
[  842.254866][T17352] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  842.254884][T17352] RSP: 002b:00000000f54b64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  842.254902][T17352] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54b65d0
[  842.254913][T17352] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  842.254923][T17352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  842.254934][T17352] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  842.254944][T17352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  842.254968][T17352]  </TASK>
[  842.389402][T17356] netlink: 196 bytes leftover after parsing attributes in process `syz.0.3020'.
[  842.393044][T17356] netlink: 196 bytes leftover after parsing attributes in process `syz.0.3020'.
[  842.499218][   T40] kauditd_printk_skb: 157 callbacks suppressed
[  842.499240][   T40] audit: type=1326 audit(1775720838.495:5064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.633809][T17367] FAULT_INJECTION: forcing a failure.
[  842.633809][T17367] name failslab, interval 1, probability 0, space 0, times 0
[  842.639340][T17367] CPU: 0 UID: 0 PID: 17367 Comm: syz.3.3023 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  842.639374][T17367] Tainted: [L]=SOFTLOCKUP
[  842.639381][T17367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  842.639393][T17367] Call Trace:
[  842.639402][T17367]  <TASK>
[  842.639411][T17367]  dump_stack_lvl+0x100/0x190
[  842.639450][T17367]  should_fail_ex.cold+0x5/0xa
[  842.639474][T17367]  ? tomoyo_realpath_from_path+0xb6/0x690
[  842.639503][T17367]  should_failslab+0xc2/0x120
[  842.639527][T17367]  __kmalloc_noprof+0xe0/0x850
[  842.639564][T17367]  tomoyo_realpath_from_path+0xb6/0x690
[  842.639598][T17367]  tomoyo_path_number_perm+0x23c/0x580
[  842.639621][T17367]  ? tomoyo_path_number_perm+0x22e/0x580
[  842.639646][T17367]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  842.639696][T17367]  ? find_held_lock+0x2b/0x80
[  842.639716][T17367]  ? hook_file_ioctl_common+0x146/0x410
[  842.639740][T17367]  ? __fget_files+0x215/0x3d0
[  842.639765][T17367]  ? __fget_files+0x21f/0x3d0
[  842.639788][T17367]  security_file_ioctl_compat+0xd3/0x230
[  842.639815][T17367]  __ia32_compat_sys_ioctl+0xc2/0x360
[  842.639849][T17367]  __do_fast_syscall_32+0xe3/0x8c0
[  842.639876][T17367]  do_fast_syscall_32+0x32/0x70
[  842.639898][T17367]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  842.639923][T17367] RIP: 0023:0xf6fdef6c
[  842.639939][T17367] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  842.639958][T17367] RSP: 002b:00000000f53ac50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  842.639977][T17367] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000008914
[  842.639989][T17367] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  842.640001][T17367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  842.640012][T17367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  842.640022][T17367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  842.640046][T17367]  </TASK>
[  842.641332][T17367] ERROR: Out of memory at tomoyo_realpath_from_path.
[  842.745027][T17358] kvm: kvm [17357]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000
[  842.772671][   T40] audit: type=1326 audit(1775720838.495:5065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.780890][   T40] audit: type=1326 audit(1775720838.514:5066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.807185][   T40] audit: type=1326 audit(1775720838.514:5067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.824338][   T40] audit: type=1326 audit(1775720838.514:5068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.832054][   T40] audit: type=1326 audit(1775720838.514:5069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.845535][   T40] audit: type=1326 audit(1775720838.514:5070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.855496][   T40] audit: type=1326 audit(1775720838.514:5071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.875091][   T40] audit: type=1326 audit(1775720838.514:5072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.885006][   T40] audit: type=1326 audit(1775720838.514:5073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17357 comm="syz.6.3021" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff8f6c code=0x7ffc0000
[  842.931807][T17369] siw: device registration error -23
[  843.686739][T17373] FAULT_INJECTION: forcing a failure.
[  843.686739][T17373] name failslab, interval 1, probability 0, space 0, times 0
[  843.693022][T17373] CPU: 3 UID: 0 PID: 17373 Comm: syz.3.3026 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  843.693050][T17373] Tainted: [L]=SOFTLOCKUP
[  843.693056][T17373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  843.693066][T17373] Call Trace:
[  843.693073][T17373]  <TASK>
[  843.693081][T17373]  dump_stack_lvl+0x100/0x190
[  843.693114][T17373]  should_fail_ex.cold+0x5/0xa
[  843.693135][T17373]  ? kernfs_fop_write_iter+0x26a/0x5f0
[  843.693153][T17373]  should_failslab+0xc2/0x120
[  843.693173][T17373]  __kmalloc_noprof+0xe0/0x850
[  843.693202][T17373]  kernfs_fop_write_iter+0x26a/0x5f0
[  843.693222][T17373]  vfs_write+0x6ac/0x1070
[  843.693239][T17373]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  843.693259][T17373]  ? __pfx_vfs_write+0x10/0x10
[  843.693286][T17373]  ksys_write+0x12a/0x250
[  843.693301][T17373]  ? __pfx_ksys_write+0x10/0x10
[  843.693316][T17373]  ? __pfx_ksys_write+0x10/0x10
[  843.693336][T17373]  __do_fast_syscall_32+0xe3/0x8c0
[  843.693357][T17373]  do_fast_syscall_32+0x32/0x70
[  843.693375][T17373]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  843.693395][T17373] RIP: 0023:0xf6fdef6c
[  843.693409][T17373] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  843.693432][T17373] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  843.693448][T17373] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[  843.693458][T17373] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[  843.693467][T17373] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  843.693477][T17373] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  843.693485][T17373] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  843.693505][T17373]  </TASK>
[  843.972115][T17377] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3028'.
[  843.979390][T17377] bridge0: port 2(bridge_slave_1) entered disabled state
[  843.982079][T17377] bridge0: port 1(bridge_slave_0) entered disabled state
[  843.994719][T17377] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3028'.
[  844.265631][T17383] netlink: 196 bytes leftover after parsing attributes in process `syz.6.3030'.
[  844.269951][T17383] netlink: 196 bytes leftover after parsing attributes in process `syz.6.3030'.
[  844.293075][T17379] wg1 speed is unknown, defaulting to 1000
[  844.307433][T17379] pimreg0 speed is unknown, defaulting to 1000
[  844.560753][T17393] input: syz0 as /devices/virtual/input/input17
[  844.623084][T17391] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1415315873 (2830631746 ns) > initial count (1854604918 ns). Using initial count to start timer.
[  844.630958][T17391] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3089888063 (3089888063 ns) > initial count (2126324423 ns). Using initial count to start timer.
[  845.040705][T17396] wg1 speed is unknown, defaulting to 1000
[  845.043646][T17396] pimreg0 speed is unknown, defaulting to 1000
[  845.335760][ T6178] usb 9-1: new full-speed USB device number 12 using dummy_hcd
[  845.346159][T12757] Bluetooth: hci1: command 0x0406 tx timeout
[  845.499971][ T6178] usb 9-1: config 0 has no interfaces?
[  845.502364][ T6178] usb 9-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  845.513823][ T6178] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.525613][ T6178] usb 9-1: config 0 descriptor??
[  845.746329][T17396] __nla_validate_parse: 3 callbacks suppressed
[  845.746350][T17396] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3035'.
[  845.767748][   T50] usb 9-1: USB disconnect, device number 12
[  846.643397][T17411] FAULT_INJECTION: forcing a failure.
[  846.643397][T17411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  846.649279][T17411] CPU: 2 UID: 0 PID: 17411 Comm: syz.4.3039 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  846.649315][T17411] Tainted: [L]=SOFTLOCKUP
[  846.649321][T17411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  846.649334][T17411] Call Trace:
[  846.649343][T17411]  <TASK>
[  846.649352][T17411]  dump_stack_lvl+0x100/0x190
[  846.649389][T17411]  should_fail_ex.cold+0x5/0xa
[  846.649412][T17411]  _copy_from_user+0x2e/0xd0
[  846.649436][T17411]  get_compat_msghdr+0xb3/0x4b0
[  846.649467][T17411]  ? __pfx_get_compat_msghdr+0x10/0x10
[  846.649504][T17411]  ___sys_sendmsg+0x1b6/0x1e0
[  846.649532][T17411]  ? __pfx____sys_sendmsg+0x10/0x10
[  846.649555][T17411]  ? __pte_offset_map+0x179/0x310
[  846.649620][T17411]  __sys_sendmsg+0x170/0x220
[  846.649642][T17411]  ? __pfx___sys_sendmsg+0x10/0x10
[  846.649676][T17411]  __do_fast_syscall_32+0xe3/0x8c0
[  846.649702][T17411]  do_fast_syscall_32+0x32/0x70
[  846.649723][T17411]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  846.649746][T17411] RIP: 0023:0xf709ef6c
[  846.649762][T17411] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  846.649780][T17411] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  846.649799][T17411] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  846.649810][T17411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  846.649820][T17411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  846.649831][T17411] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  846.649841][T17411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  846.649864][T17411]  </TASK>
[  846.778608][T17413] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3040'.
[  846.783503][T17413] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3040'.
[  847.216526][T17417] siw: device registration error -23
[  847.436001][T17421] FAULT_INJECTION: forcing a failure.
[  847.436001][T17421] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  847.443121][T17421] CPU: 0 UID: 0 PID: 17421 Comm: syz.0.3043 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  847.443151][T17421] Tainted: [L]=SOFTLOCKUP
[  847.443158][T17421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  847.443169][T17421] Call Trace:
[  847.443176][T17421]  <TASK>
[  847.443183][T17421]  dump_stack_lvl+0x100/0x190
[  847.443217][T17421]  should_fail_ex.cold+0x5/0xa
[  847.443240][T17421]  _copy_to_user+0x32/0xd0
[  847.443267][T17421]  nr_getsockopt+0x22a/0x390
[  847.443384][T17421]  ? __pfx_nr_getsockopt+0x10/0x10
[  847.443403][T17421]  ? aa_sock_opt_perm+0xfe/0x1b0
[  847.443425][T17421]  ? __pfx_nr_getsockopt+0x10/0x10
[  847.443444][T17421]  do_sock_getsockopt+0x259/0x3d0
[  847.443467][T17421]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  847.443501][T17421]  __sys_getsockopt+0x133/0x1d0
[  847.443532][T17421]  ? ksys_write+0x1ac/0x250
[  847.443554][T17421]  ? __ia32_sys_getsockopt+0xbc/0x160
[  847.443570][T17421]  __ia32_sys_getsockopt+0xbc/0x160
[  847.443586][T17421]  ? __do_fast_syscall_32+0x94/0x8c0
[  847.443607][T17421]  ? lockdep_hardirqs_on+0x78/0x100
[  847.443625][T17421]  __do_fast_syscall_32+0xe3/0x8c0
[  847.443645][T17421]  do_fast_syscall_32+0x32/0x70
[  847.443662][T17421]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  847.443684][T17421] RIP: 0023:0xf7f34f6c
[  847.443698][T17421] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  847.443714][T17421] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 000000000000016d
[  847.443732][T17421] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000103
[  847.443742][T17421] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000080000280
[  847.443752][T17421] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  847.443762][T17421] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  847.443772][T17421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  847.443794][T17421]  </TASK>
[  848.083452][T17438] FAULT_INJECTION: forcing a failure.
[  848.083452][T17438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  848.088831][T17438] CPU: 0 UID: 0 PID: 17438 Comm: syz.6.3050 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  848.088854][T17438] Tainted: [L]=SOFTLOCKUP
[  848.088859][T17438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  848.088867][T17438] Call Trace:
[  848.088873][T17438]  <TASK>
[  848.088879][T17438]  dump_stack_lvl+0x100/0x190
[  848.088906][T17438]  should_fail_ex.cold+0x5/0xa
[  848.088921][T17438]  _copy_from_user+0x2e/0xd0
[  848.088940][T17438]  __sys_bpf+0x243/0x4b90
[  848.088960][T17438]  ? __pfx___sys_bpf+0x10/0x10
[  848.088974][T17438]  ? proc_fail_nth_write+0x9f/0x220
[  848.088991][T17438]  ? find_held_lock+0x2b/0x80
[  848.089007][T17438]  ? find_held_lock+0x2b/0x80
[  848.089019][T17438]  ? ksys_write+0x190/0x250
[  848.089035][T17438]  ? __mutex_unlock_slowpath+0x15c/0x790
[  848.089060][T17438]  ? fput+0x79/0x100
[  848.089075][T17438]  ? ksys_write+0x1ac/0x250
[  848.089089][T17438]  __ia32_sys_bpf+0x79/0xf0
[  848.089106][T17438]  ? lockdep_hardirqs_on+0x78/0x100
[  848.089120][T17438]  __do_fast_syscall_32+0xe3/0x8c0
[  848.089136][T17438]  do_fast_syscall_32+0x32/0x70
[  848.089149][T17438]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  848.089170][T17438] RIP: 0023:0xf7ff8f6c
[  848.089184][T17438] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  848.089200][T17438] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  848.089218][T17438] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000840
[  848.089229][T17438] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  848.089240][T17438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  848.089250][T17438] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  848.089260][T17438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  848.089282][T17438]  </TASK>
[  848.228105][T17439] netlink: 'syz.0.3048': attribute type 10 has an invalid length.
[  848.305362][T17443] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3048'.
[  848.331785][T17439] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  848.376316][T17445] ip6tnl1: entered promiscuous mode
[  848.378527][T17445] ip6tnl1: entered allmulticast mode
[  848.688467][T17455] netlink: 496 bytes leftover after parsing attributes in process `syz.6.3055'.
[  848.889382][T17457] syzkaller1: entered promiscuous mode
[  848.892244][T17457] syzkaller1: entered allmulticast mode
[  849.164183][T17465] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  849.168297][T17465] tipc: Enabled bearer <udp:syz0>, priority 10
[  849.307111][T17472] overlayfs: missing 'lowerdir'
[  849.381062][T17480] FAULT_INJECTION: forcing a failure.
[  849.381062][T17480] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  849.390132][T17480] CPU: 3 UID: 0 PID: 17480 Comm: syz.4.3065 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  849.390165][T17480] Tainted: [L]=SOFTLOCKUP
[  849.390173][T17480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  849.390184][T17480] Call Trace:
[  849.390196][T17480]  <TASK>
[  849.390205][T17480]  dump_stack_lvl+0x100/0x190
[  849.390243][T17480]  should_fail_ex.cold+0x5/0xa
[  849.390270][T17480]  _copy_from_user+0x2e/0xd0
[  849.390298][T17480]  get_compat_msghdr+0xb3/0x4b0
[  849.390331][T17480]  ? __pfx_get_compat_msghdr+0x10/0x10
[  849.390371][T17480]  ___sys_sendmsg+0x1b6/0x1e0
[  849.390399][T17480]  ? __pfx____sys_sendmsg+0x10/0x10
[  849.390457][T17480]  __sys_sendmsg+0x170/0x220
[  849.390478][T17480]  ? __pfx___sys_sendmsg+0x10/0x10
[  849.390507][T17480]  ? __pfx_ksys_write+0x10/0x10
[  849.390534][T17480]  __do_fast_syscall_32+0xe3/0x8c0
[  849.390560][T17480]  do_fast_syscall_32+0x32/0x70
[  849.390583][T17480]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  849.390607][T17480] RIP: 0023:0xf709ef6c
[  849.390624][T17480] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  849.390643][T17480] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  849.390665][T17480] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  849.390678][T17480] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  849.390689][T17480] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  849.390700][T17480] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  849.390711][T17480] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  849.390766][T17480]  </TASK>
[  849.628136][T17494] FAULT_INJECTION: forcing a failure.
[  849.628136][T17494] name failslab, interval 1, probability 0, space 0, times 0
[  849.634698][T17494] CPU: 1 UID: 0 PID: 17494 Comm: syz.0.3069 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  849.634726][T17494] Tainted: [L]=SOFTLOCKUP
[  849.634732][T17494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  849.634767][T17494] Call Trace:
[  849.634774][T17494]  <TASK>
[  849.634782][T17494]  dump_stack_lvl+0x100/0x190
[  849.634819][T17494]  should_fail_ex.cold+0x5/0xa
[  849.634840][T17494]  should_failslab+0xc2/0x120
[  849.634859][T17494]  __kmalloc_cache_noprof+0x7a/0x6f0
[  849.634883][T17494]  ? alloc_pipe_info+0x10e/0x590
[  849.634903][T17494]  ? find_held_lock+0x2b/0x80
[  849.634925][T17494]  alloc_pipe_info+0x10e/0x590
[  849.634947][T17494]  splice_direct_to_actor+0x78f/0xa30
[  849.634966][T17494]  ? __lock_acquire+0x4a5/0x2630
[  849.634985][T17494]  ? __pfx_direct_splice_actor+0x10/0x10
[  849.635005][T17494]  ? __pfx_aa_file_perm+0x10/0x10
[  849.635032][T17494]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  849.635065][T17494]  do_splice_direct+0x174/0x240
[  849.635084][T17494]  ? __pfx_do_splice_direct+0x10/0x10
[  849.635101][T17494]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  849.635120][T17494]  ? bpf_lsm_file_permission+0x9/0x10
[  849.635139][T17494]  ? security_file_permission+0x76/0x210
[  849.635181][T17494]  ? rw_verify_area+0xce/0x6d0
[  849.635208][T17494]  do_sendfile+0xadc/0xe20
[  849.635228][T17494]  ? __pfx_do_sendfile+0x10/0x10
[  849.635257][T17494]  ? __fget_files+0x21f/0x3d0
[  849.635280][T17494]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  849.635303][T17494]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  849.635325][T17494]  ? __pfx_ksys_write+0x10/0x10
[  849.635344][T17494]  __do_fast_syscall_32+0xe3/0x8c0
[  849.635368][T17494]  do_fast_syscall_32+0x32/0x70
[  849.635388][T17494]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  849.635411][T17494] RIP: 0023:0xf7f34f6c
[  849.635427][T17494] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  849.635444][T17494] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb
[  849.635462][T17494] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000004
[  849.635472][T17494] RDX: 0000000000000000 RSI: 000000007ffff004 RDI: 0000000000000000
[  849.635482][T17494] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  849.635493][T17494] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  849.635503][T17494] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  849.635527][T17494]  </TASK>
[  849.700632][T17489] IPVS: set_ctl: invalid protocol: 255 224.0.0.1:20000
[  849.749079][T17500] overlayfs: missing 'lowerdir'
[  849.772615][T17498] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  849.775326][T17498] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  849.778948][T17498] vhci_hcd vhci_hcd.0: Device attached
[  849.814297][T17497] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3067'.
[  850.047922][ T5999] usb 45-1: new high-speed USB device number 2 using vhci_hcd
[  850.138540][T17512] blk_print_req_error: 54 callbacks suppressed
[  850.138563][T17512] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.145281][T17512] buffer_io_error: 54 callbacks suppressed
[  850.145293][T17512] Buffer I/O error on dev nbd0, logical block 0, async page read
[  850.149701][T17512] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.153521][T17512] Buffer I/O error on dev nbd0, logical block 1, async page read
[  850.157100][T17512] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.160217][T17512] Buffer I/O error on dev nbd0, logical block 2, async page read
[  850.162759][T17512] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.165891][T17512] Buffer I/O error on dev nbd0, logical block 3, async page read
[  850.168196][T17512] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.170992][T17512] Buffer I/O error on dev nbd0, logical block 0, async page read
[  850.173923][T17512] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.177952][T17512] Buffer I/O error on dev nbd0, logical block 1, async page read
[  850.180947][T17512] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.183896][T17512] Buffer I/O error on dev nbd0, logical block 2, async page read
[  850.186385][T17512] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.189353][T17512] Buffer I/O error on dev nbd0, logical block 3, async page read
[  850.191724][T17512] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.192341][T17515] 9pnet_virtio: no channels available for device syz
[  850.194430][T17512] Buffer I/O error on dev nbd0, logical block 0, async page read
[  850.202067][T17512] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  850.205686][T17512] Buffer I/O error on dev nbd0, logical block 1, async page read
[  850.212190][T17512] ldm_validate_partition_table(): Disk read failed.
[  850.215778][T17512] Dev nbd0: unable to read RDB block 0
[  850.218888][T17512]  nbd0: unable to read partition table
[  850.229611][   T34] tipc: Node number set to 2212544799
[  850.348345][T17522] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3076'.
[  850.540998][T17502] vhci_hcd: connection reset by peer
[  850.543718][ T9930] vhci_hcd vhci_hcd.4: stop threads
[  850.546777][ T9930] vhci_hcd vhci_hcd.4: release socket
[  850.549595][ T9930] vhci_hcd vhci_hcd.4: disconnect device
[  850.916138][T17555] FAULT_INJECTION: forcing a failure.
[  850.916138][T17555] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  850.921892][T17555] CPU: 1 UID: 0 PID: 17555 Comm: syz.0.3081 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  850.921916][T17555] Tainted: [L]=SOFTLOCKUP
[  850.921922][T17555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  850.921930][T17555] Call Trace:
[  850.921936][T17555]  <TASK>
[  850.921942][T17555]  dump_stack_lvl+0x100/0x190
[  850.921968][T17555]  should_fail_ex.cold+0x5/0xa
[  850.921984][T17555]  _copy_from_user+0x2e/0xd0
[  850.922002][T17555]  get_compat_msghdr+0xb3/0x4b0
[  850.922024][T17555]  ? __pfx_get_compat_msghdr+0x10/0x10
[  850.922055][T17555]  ___sys_sendmsg+0x1b6/0x1e0
[  850.922074][T17555]  ? __pfx____sys_sendmsg+0x10/0x10
[  850.922107][T17555]  __sys_sendmsg+0x170/0x220
[  850.922122][T17555]  ? __pfx___sys_sendmsg+0x10/0x10
[  850.922147][T17555]  ? __pfx_ksys_write+0x10/0x10
[  850.922172][T17555]  __do_fast_syscall_32+0xe3/0x8c0
[  850.922202][T17555]  do_fast_syscall_32+0x32/0x70
[  850.922222][T17555]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  850.922250][T17555] RIP: 0023:0xf7f34f6c
[  850.922269][T17555] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  850.922288][T17555] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  850.922307][T17555] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000e80
[  850.922316][T17555] RDX: 0000000000004080 RSI: 0000000000000000 RDI: 0000000000000000
[  850.922323][T17555] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  850.922330][T17555] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  850.922337][T17555] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  850.922354][T17555]  </TASK>
[  851.058580][T17558] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3083'.
[  851.108687][T17565] FAULT_INJECTION: forcing a failure.
[  851.108687][T17565] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  851.112700][T17565] CPU: 2 UID: 0 PID: 17565 Comm: syz.0.3084 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  851.112719][T17565] Tainted: [L]=SOFTLOCKUP
[  851.112723][T17565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  851.112731][T17565] Call Trace:
[  851.112736][T17565]  <TASK>
[  851.112741][T17565]  dump_stack_lvl+0x100/0x190
[  851.112765][T17565]  should_fail_ex.cold+0x5/0xa
[  851.112781][T17565]  _copy_from_user+0x2e/0xd0
[  851.112798][T17565]  get_compat_msghdr+0xb3/0x4b0
[  851.112819][T17565]  ? __pfx_get_compat_msghdr+0x10/0x10
[  851.112842][T17565]  ___sys_sendmsg+0x1b6/0x1e0
[  851.112859][T17565]  ? __pfx____sys_sendmsg+0x10/0x10
[  851.112891][T17565]  __sys_sendmsg+0x170/0x220
[  851.112903][T17565]  ? __pfx___sys_sendmsg+0x10/0x10
[  851.112919][T17565]  ? __pfx_ksys_write+0x10/0x10
[  851.112934][T17565]  __do_fast_syscall_32+0xe3/0x8c0
[  851.112951][T17565]  do_fast_syscall_32+0x32/0x70
[  851.112966][T17565]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  851.112995][T17565] RIP: 0023:0xf7f34f6c
[  851.113006][T17565] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  851.113017][T17565] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  851.113029][T17565] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580
[  851.113036][T17565] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  851.113042][T17565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  851.113049][T17565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  851.113056][T17565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  851.113070][T17565]  </TASK>
[  851.282392][T17574] FAULT_INJECTION: forcing a failure.
[  851.282392][T17574] name failslab, interval 1, probability 0, space 0, times 0
[  851.287477][T17574] CPU: 3 UID: 0 PID: 17574 Comm: syz.0.3088 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  851.287499][T17574] Tainted: [L]=SOFTLOCKUP
[  851.287504][T17574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  851.287513][T17574] Call Trace:
[  851.287518][T17574]  <TASK>
[  851.287524][T17574]  dump_stack_lvl+0x100/0x190
[  851.287550][T17574]  should_fail_ex.cold+0x5/0xa
[  851.287566][T17574]  ? tomoyo_realpath_from_path+0xb6/0x690
[  851.287584][T17574]  should_failslab+0xc2/0x120
[  851.287600][T17574]  __kmalloc_noprof+0xe0/0x850
[  851.287622][T17574]  tomoyo_realpath_from_path+0xb6/0x690
[  851.287643][T17574]  tomoyo_path_number_perm+0x23c/0x580
[  851.287658][T17574]  ? tomoyo_path_number_perm+0x22e/0x580
[  851.287673][T17574]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  851.287702][T17574]  ? find_held_lock+0x2b/0x80
[  851.287715][T17574]  ? hook_file_ioctl_common+0x146/0x410
[  851.287730][T17574]  ? __fget_files+0x215/0x3d0
[  851.287745][T17574]  ? __fget_files+0x21f/0x3d0
[  851.287759][T17574]  security_file_ioctl_compat+0xd3/0x230
[  851.287776][T17574]  __ia32_compat_sys_ioctl+0xc2/0x360
[  851.287797][T17574]  __do_fast_syscall_32+0xe3/0x8c0
[  851.287814][T17574]  do_fast_syscall_32+0x32/0x70
[  851.287828][T17574]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  851.287844][T17574] RIP: 0023:0xf7f34f6c
[  851.287855][T17574] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  851.287868][T17574] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  851.287881][T17574] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0505350
[  851.287888][T17574] RDX: 0000000080000940 RSI: 0000000000000000 RDI: 0000000000000000
[  851.287895][T17574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  851.287901][T17574] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  851.287908][T17574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  851.287922][T17574]  </TASK>
[  851.287928][T17574] ERROR: Out of memory at tomoyo_realpath_from_path.
[  851.430573][T17582] FAULT_INJECTION: forcing a failure.
[  851.430573][T17582] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  851.436204][T17582] CPU: 3 UID: 0 PID: 17582 Comm: syz.0.3091 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  851.436234][T17582] Tainted: [L]=SOFTLOCKUP
[  851.436240][T17582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  851.436251][T17582] Call Trace:
[  851.436258][T17582]  <TASK>
[  851.436265][T17582]  dump_stack_lvl+0x100/0x190
[  851.436317][T17582]  should_fail_ex.cold+0x5/0xa
[  851.436339][T17582]  _copy_from_user+0x2e/0xd0
[  851.436365][T17582]  get_compat_msghdr+0xb3/0x4b0
[  851.436394][T17582]  ? __pfx_get_compat_msghdr+0x10/0x10
[  851.436429][T17582]  ___sys_sendmsg+0x1b6/0x1e0
[  851.436455][T17582]  ? __pfx____sys_sendmsg+0x10/0x10
[  851.436503][T17582]  __sys_sendmsg+0x170/0x220
[  851.436521][T17582]  ? __pfx___sys_sendmsg+0x10/0x10
[  851.436545][T17582]  ? __pfx_ksys_write+0x10/0x10
[  851.436570][T17582]  __do_fast_syscall_32+0xe3/0x8c0
[  851.436594][T17582]  do_fast_syscall_32+0x32/0x70
[  851.436614][T17582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  851.436636][T17582] RIP: 0023:0xf7f34f6c
[  851.436652][T17582] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  851.436669][T17582] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  851.436687][T17582] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000380
[  851.436697][T17582] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  851.436708][T17582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  851.436718][T17582] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  851.436728][T17582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  851.436751][T17582]  </TASK>
[  851.813212][T17596] FAULT_INJECTION: forcing a failure.
[  851.813212][T17596] name failslab, interval 1, probability 0, space 0, times 0
[  851.817631][T17596] CPU: 1 UID: 0 PID: 17596 Comm: syz.6.3096 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  851.817651][T17596] Tainted: [L]=SOFTLOCKUP
[  851.817655][T17596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  851.817663][T17596] Call Trace:
[  851.817668][T17596]  <TASK>
[  851.817675][T17596]  dump_stack_lvl+0x100/0x190
[  851.817700][T17596]  should_fail_ex.cold+0x5/0xa
[  851.817715][T17596]  ? tomoyo_realpath_from_path+0xb6/0x690
[  851.817732][T17596]  should_failslab+0xc2/0x120
[  851.817747][T17596]  __kmalloc_noprof+0xe0/0x850
[  851.817769][T17596]  tomoyo_realpath_from_path+0xb6/0x690
[  851.817789][T17596]  tomoyo_path_number_perm+0x23c/0x580
[  851.817803][T17596]  ? tomoyo_path_number_perm+0x22e/0x580
[  851.817818][T17596]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  851.817846][T17596]  ? find_held_lock+0x2b/0x80
[  851.817858][T17596]  ? hook_file_ioctl_common+0x146/0x410
[  851.817873][T17596]  ? __fget_files+0x215/0x3d0
[  851.817887][T17596]  ? __fget_files+0x21f/0x3d0
[  851.817901][T17596]  security_file_ioctl_compat+0xd3/0x230
[  851.817917][T17596]  __ia32_compat_sys_ioctl+0xc2/0x360
[  851.817938][T17596]  __do_fast_syscall_32+0xe3/0x8c0
[  851.817955][T17596]  do_fast_syscall_32+0x32/0x70
[  851.817968][T17596]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  851.817983][T17596] RIP: 0023:0xf7ff8f6c
[  851.817993][T17596] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  851.818005][T17596] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  851.818017][T17596] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c10c5541
[  851.818025][T17596] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  851.818032][T17596] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  851.818038][T17596] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  851.818045][T17596] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  851.818059][T17596]  </TASK>
[  851.818064][T17596] ERROR: Out of memory at tomoyo_realpath_from_path.
[  852.268248][T17609] wg1 speed is unknown, defaulting to 1000
[  852.275927][T17609] pimreg0 speed is unknown, defaulting to 1000
[  852.327212][T17612] netlink: 'syz.0.3100': attribute type 1 has an invalid length.
[  852.331222][T17612] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3100'.
[  852.342705][T17612] netlink: 'syz.0.3100': attribute type 1 has an invalid length.
[  852.351169][T17612] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3100'.
[  852.495650][T17619] FAULT_INJECTION: forcing a failure.
[  852.495650][T17619] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  852.501656][T17619] CPU: 1 UID: 0 PID: 17619 Comm: syz.0.3102 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  852.501677][T17619] Tainted: [L]=SOFTLOCKUP
[  852.501682][T17619] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  852.501700][T17619] Call Trace:
[  852.501708][T17619]  <TASK>
[  852.501714][T17619]  dump_stack_lvl+0x100/0x190
[  852.501739][T17619]  should_fail_ex.cold+0x5/0xa
[  852.501754][T17619]  _copy_from_user+0x2e/0xd0
[  852.501772][T17619]  get_compat_msghdr+0xb3/0x4b0
[  852.501793][T17619]  ? __pfx_get_compat_msghdr+0x10/0x10
[  852.501816][T17619]  ___sys_sendmsg+0x1b6/0x1e0
[  852.501834][T17619]  ? __pfx____sys_sendmsg+0x10/0x10
[  852.501865][T17619]  __sys_sendmsg+0x170/0x220
[  852.501878][T17619]  ? __pfx___sys_sendmsg+0x10/0x10
[  852.501893][T17619]  ? __pfx_ksys_write+0x10/0x10
[  852.501909][T17619]  __do_fast_syscall_32+0xe3/0x8c0
[  852.501928][T17619]  do_fast_syscall_32+0x32/0x70
[  852.501941][T17619]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  852.501956][T17619] RIP: 0023:0xf7f34f6c
[  852.501966][T17619] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  852.501978][T17619] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  852.501989][T17619] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000e80
[  852.501996][T17619] RDX: 0000000000004080 RSI: 0000000000000000 RDI: 0000000000000000
[  852.502003][T17619] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  852.502009][T17619] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  852.502016][T17619] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  852.502030][T17619]  </TASK>
[  852.716319][T17625] usb usb8: usbfs: process 17625 (syz.4.3104) did not claim interface 0 before use
[  853.041419][T17627] wg1 speed is unknown, defaulting to 1000
[  853.047595][T17627] pimreg0 speed is unknown, defaulting to 1000
[  853.123377][T17630] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3104'.
[  853.151879][T17632] binder: 17631:17632 ioctl c0109428 80000080 returned -22
[  853.157414][T17630] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3104'.
[  853.202697][T17634] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3107'.
[  853.206324][T17634] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3107'.
[  853.268194][T17637] usb usb8: usbfs: process 17637 (syz.3.3108) did not claim interface 0 before use
[  853.381998][T12621] usb 11-1: new high-speed USB device number 23 using dummy_hcd
[  853.648349][T17641] netlink: 'syz.0.3109': attribute type 1 has an invalid length.
[  853.662460][T17641] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3109'.
[  853.667681][T17641] netlink: 'syz.0.3109': attribute type 1 has an invalid length.
[  853.671360][T17641] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3109'.
[  854.814989][T17639] wg1 speed is unknown, defaulting to 1000
[  854.848139][T17639] pimreg0 speed is unknown, defaulting to 1000
[  855.641467][T17650] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3108'.
[  855.647563][T12621] usb 11-1: Using ep0 maxpacket: 16
[  855.650083][ T5999] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  855.654811][T12621] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  855.662218][T12621] usb 11-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  855.666168][T12621] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.669747][T12621] usb 11-1: Product: syz
[  855.671710][T12621] usb 11-1: Manufacturer: syz
[  855.673982][T12621] usb 11-1: SerialNumber: syz
[  855.680086][T12621] usb 11-1: config 0 descriptor??
[  855.685612][T12621] em28xx 11-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  855.691835][T12621] em28xx 11-1:0.0: DVB interface 0 found: bulk
[  856.209696][T17658] siw: device registration error -23
[  856.482942][T12621] em28xx 11-1:0.0: unknown em28xx chip ID (0)
[  856.948205][T17663] binder: 17662:17663 ioctl c0109428 80000080 returned -22
[  857.017719][T17665] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3116'.
[  857.264549][T17673] FAULT_INJECTION: forcing a failure.
[  857.264549][T17673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  857.269774][T17673] CPU: 1 UID: 0 PID: 17673 Comm: syz.3.3120 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  857.269797][T17673] Tainted: [L]=SOFTLOCKUP
[  857.269802][T17673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  857.269810][T17673] Call Trace:
[  857.269817][T17673]  <TASK>
[  857.269823][T17673]  dump_stack_lvl+0x100/0x190
[  857.269849][T17673]  should_fail_ex.cold+0x5/0xa
[  857.269865][T17673]  _copy_from_user+0x2e/0xd0
[  857.269884][T17673]  __sys_bpf+0x243/0x4b90
[  857.269902][T17673]  ? __pfx___sys_bpf+0x10/0x10
[  857.269917][T17673]  ? proc_fail_nth_write+0x9f/0x220
[  857.269934][T17673]  ? find_held_lock+0x2b/0x80
[  857.269951][T17673]  ? find_held_lock+0x2b/0x80
[  857.269963][T17673]  ? ksys_write+0x190/0x250
[  857.269979][T17673]  ? __mutex_unlock_slowpath+0x15c/0x790
[  857.270003][T17673]  ? fput+0x79/0x100
[  857.270018][T17673]  ? ksys_write+0x1ac/0x250
[  857.270032][T17673]  __ia32_sys_bpf+0x79/0xf0
[  857.270047][T17673]  ? lockdep_hardirqs_on+0x78/0x100
[  857.270061][T17673]  __do_fast_syscall_32+0xe3/0x8c0
[  857.270078][T17673]  do_fast_syscall_32+0x32/0x70
[  857.270093][T17673]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  857.270110][T17673] RIP: 0023:0xf6fdef6c
[  857.270121][T17673] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  857.270134][T17673] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  857.270147][T17673] RAX: ffffffffffffffda RBX: 000000000000001c RCX: 0000000080000240
[  857.270155][T17673] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[  857.270162][T17673] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  857.270169][T17673] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  857.270176][T17673] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  857.270191][T17673]  </TASK>
[  857.998743][T17629] em28xx 11-1:0.0: reading from i2c device at 0x482c failed (error=-5)
[  858.011447][T12621] em28xx 11-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  858.062613][T12621] em28xx 11-1:0.0: board has no eeprom
[  858.140763][T17682] usb usb8: usbfs: process 17682 (syz.0.3122) did not claim interface 0 before use
[  858.164085][T12621] em28xx 11-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  858.167314][T12621] em28xx 11-1:0.0: dvb set to bulk mode.
[  858.175953][ T5999] em28xx 11-1:0.0: Binding DVB extension
[  858.196311][T12621] usb 11-1: USB disconnect, device number 23
[  858.203743][T12621] em28xx 11-1:0.0: Disconnecting em28xx
[  858.341373][ T5999] em28xx 11-1:0.0: Registering input extension
[  858.704259][T17690] wg1 speed is unknown, defaulting to 1000
[  858.735622][T17690] pimreg0 speed is unknown, defaulting to 1000
[  859.334561][T12621] em28xx 11-1:0.0: Closing input extension
[  859.360396][T12621] em28xx 11-1:0.0: Freeing device
[  861.277927][T17692] __nla_validate_parse: 1 callbacks suppressed
[  861.277945][T17692] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3122'.
[  861.484418][T17677] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  861.486666][T17677] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  861.493663][T17677] vhci_hcd vhci_hcd.0: Device attached
[  861.776285][T17687] vcan0: tx drop: invalid da for name 0x0000000000000001
[  861.920211][ T6021] usb 44-1: SetAddress Request (23) to port 0
[  861.923003][ T6021] usb 44-1: new SuperSpeed USB device number 23 using vhci_hcd
[  862.781269][T17719] ubi31: attaching mtd0
[  862.785049][T17719] ubi31: scanning is finished
[  862.796709][T17719] ubi31: empty MTD device detected
[  862.995398][T17719] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  862.998184][T17719] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  863.000832][T17719] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  863.003596][T17719] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  863.007032][T17719] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  863.020737][T17694] vhci_hcd: connection reset by peer
[  863.020746][T17719] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  863.023425][ T9930] vhci_hcd vhci_hcd.3: stop threads
[  863.025254][T17719] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 252485266
[  863.027343][ T9930] vhci_hcd vhci_hcd.3: release socket
[  863.031136][T17719] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  863.041861][T17730] ubi31: background thread "ubi_bgt31d" started, PID 17730
[  863.076921][ T9930] vhci_hcd vhci_hcd.3: disconnect device
[  863.180650][T17714] wg1 speed is unknown, defaulting to 1000
[  863.185710][T17714] pimreg0 speed is unknown, defaulting to 1000
[  863.454787][T17748] FAULT_INJECTION: forcing a failure.
[  863.454787][T17748] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  863.460612][T17748] CPU: 3 UID: 0 PID: 17748 Comm: syz.4.3136 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  863.460634][T17748] Tainted: [L]=SOFTLOCKUP
[  863.460639][T17748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  863.460647][T17748] Call Trace:
[  863.460652][T17748]  <TASK>
[  863.460658][T17748]  dump_stack_lvl+0x100/0x190
[  863.460685][T17748]  should_fail_ex.cold+0x5/0xa
[  863.460699][T17748]  ? prepare_alloc_pages+0x16d/0x5f0
[  863.460716][T17748]  should_fail_alloc_page+0xeb/0x140
[  863.460732][T17748]  prepare_alloc_pages+0x1f0/0x5f0
[  863.460746][T17748]  ? kasan_save_track+0x14/0x30
[  863.460758][T17748]  ? kasan_save_free_info+0x3b/0x70
[  863.460776][T17748]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[  863.460796][T17748]  ? __handle_mm_fault+0x18c7/0x2b60
[  863.460814][T17748]  ? do_user_addr_fault+0x5a3/0x12f0
[  863.460828][T17748]  ? exc_page_fault+0x6f/0xd0
[  863.460840][T17748]  ? asm_exc_page_fault+0x26/0x30
[  863.460859][T17748]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  863.460881][T17748]  ? __lock_acquire+0x4a5/0x2630
[  863.460899][T17748]  ? __lock_acquire+0x4a5/0x2630
[  863.460920][T17748]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  863.460935][T17748]  ? policy_nodemask+0xed/0x4f0
[  863.460951][T17748]  alloc_pages_mpol+0x1fb/0x550
[  863.460965][T17748]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  863.460979][T17748]  ? swap_entry_swapped+0x1ff/0x2b0
[  863.460992][T17748]  ? __pfx_swap_entry_swapped+0x10/0x10
[  863.461007][T17748]  folio_alloc_mpol_noprof+0x36/0x340
[  863.461025][T17748]  swap_cache_alloc_folio+0x1a8/0x300
[  863.461045][T17748]  ? __pfx_swap_cache_alloc_folio+0x10/0x10
[  863.461064][T17748]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  863.461080][T17748]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  863.461098][T17748]  swap_cluster_readahead+0x411/0x770
[  863.461120][T17748]  ? __pfx_swap_cluster_readahead+0x10/0x10
[  863.461139][T17748]  ? __lock_acquire+0x400/0x2630
[  863.461162][T17748]  ? get_vma_policy+0x23d/0x3b0
[  863.461178][T17748]  swapin_readahead+0x160/0x12c0
[  863.461196][T17748]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  863.461215][T17748]  ? __pfx_swapin_readahead+0x10/0x10
[  863.461237][T17748]  ? find_held_lock+0x2b/0x80
[  863.461248][T17748]  ? swap_table_get+0x103/0x2c0
[  863.461265][T17748]  ? swap_table_get+0x103/0x2c0
[  863.461283][T17748]  ? swap_table_get+0x10d/0x2c0
[  863.461300][T17748]  ? swap_cache_get_folio+0x1ae/0x600
[  863.461319][T17748]  ? __pfx_swap_cache_get_folio+0x10/0x10
[  863.461335][T17748]  ? __pfx_get_swap_device+0x10/0x10
[  863.461351][T17748]  ? do_swap_page+0xb2e/0x6900
[  863.461367][T17748]  do_swap_page+0xb2e/0x6900
[  863.461386][T17748]  ? __lock_acquire+0x4a5/0x2630
[  863.461406][T17748]  ? __pfx_do_swap_page+0x10/0x10
[  863.461426][T17748]  ? rcu_is_watching+0x12/0xc0
[  863.461446][T17748]  ? __pte_offset_map+0x179/0x310
[  863.461462][T17748]  __handle_mm_fault+0x18c7/0x2b60
[  863.461482][T17748]  ? reacquire_held_locks+0xce/0x1e0
[  863.461499][T17748]  ? __pfx___handle_mm_fault+0x10/0x10
[  863.461519][T17748]  ? lock_vma_under_rcu+0x17c/0x590
[  863.461545][T17748]  handle_mm_fault+0x36d/0xa20
[  863.461566][T17748]  do_user_addr_fault+0x5a3/0x12f0
[  863.461582][T17748]  exc_page_fault+0x6f/0xd0
[  863.461595][T17748]  asm_exc_page_fault+0x26/0x30
[  863.461607][T17748] RIP: 0023:0xf70cbee8
[  863.461619][T17748] Code: ff 83 c4 10 83 ec 0c 8b 44 24 14 8d 80 cf c0 e3 ff 50 e8 0b 3f ff ff 83 c4 7c 5b 5e 5f 5d c3 8d 76 00 8b 44 24 20 8b 5c 24 04 <8b> 90 80 00 00 00 8b 40 04 8d 4b 2c e8 a7 8d ff ff 89 43 5c e9 2d
[  863.461631][T17748] RSP: 002b:00000000f548d580 EFLAGS: 00010246
[  863.461642][T17748] RAX: 00000000f7432fa0 RBX: 00000000f7494f80 RCX: 00000000bea503da
[  863.461649][T17748] RDX: 00000000f548da6c RSI: 0000000000000004 RDI: 00000000f548d5c0
[  863.461656][T17748] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  863.461663][T17748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  863.461670][T17748] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  863.461684][T17748]  </TASK>
[  863.462253][T17748] xt_connbytes: Forcing CT accounting to be enabled
[  863.623074][T17755] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(8)
[  863.623106][T17755] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  863.624496][T17755] vhci_hcd vhci_hcd.0: Device attached
[  863.630881][T17748] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  863.653985][T17749] netlink: 'syz.6.3132': attribute type 1 has an invalid length.
[  863.689534][T17749] 8021q: adding VLAN 0 to HW filter on device bond1
[  863.751171][T17763] netlink: 'syz.4.3140': attribute type 1 has an invalid length.
[  863.759716][T17763] netlink: 216 bytes leftover after parsing attributes in process `syz.4.3140'.
[  863.767310][T17763] netlink: 'syz.4.3140': attribute type 1 has an invalid length.
[  863.773182][T17763] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3140'.
[  863.782599][T17749] bond1: (slave geneve2): making interface the new active one
[  863.815475][T17765] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3141'.
[  863.819370][T17749] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  863.841686][T17767] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3142'.
[  863.886473][   T10] usb 49-1: new low-speed USB device number 2 using vhci_hcd
[  863.891150][T17771] overlayfs: missing 'workdir'
[  863.928857][T17754] wg1 speed is unknown, defaulting to 1000
[  863.932410][T17754] pimreg0 speed is unknown, defaulting to 1000
[  864.091992][T17779] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  864.096810][T17783] blk_print_req_error: 54 callbacks suppressed
[  864.096824][T17783] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.106649][T17783] buffer_io_error: 54 callbacks suppressed
[  864.106705][T17783] Buffer I/O error on dev nbd0, logical block 0, async page read
[  864.108813][T17756] vhci_hcd: connection reset by peer
[  864.109939][T17783] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.118896][T17783] Buffer I/O error on dev nbd0, logical block 1, async page read
[  864.121640][T17783] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.123371][ T9929] vhci_hcd vhci_hcd.6: stop threads
[  864.125192][T17783] Buffer I/O error on dev nbd0, logical block 2, async page read
[  864.125256][T17783] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.127627][ T9929] vhci_hcd vhci_hcd.6: release socket
[  864.130133][T17783] Buffer I/O error on dev nbd0, logical block 3, async page read
[  864.130208][T17783] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.134028][ T9929] vhci_hcd vhci_hcd.6: disconnect device
[  864.160852][T17783] Buffer I/O error on dev nbd0, logical block 0, async page read
[  864.165033][T17783] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.169896][T17783] Buffer I/O error on dev nbd0, logical block 1, async page read
[  864.173407][T17783] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.184354][T17783] Buffer I/O error on dev nbd0, logical block 2, async page read
[  864.187857][T17783] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.191700][T17783] Buffer I/O error on dev nbd0, logical block 3, async page read
[  864.198638][T17783] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.201743][T17783] Buffer I/O error on dev nbd0, logical block 0, async page read
[  864.204167][T17783] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  864.207377][T17786] netlink: 'syz.4.3150': attribute type 1 has an invalid length.
[  864.207401][T17786] netlink: 216 bytes leftover after parsing attributes in process `syz.4.3150'.
[  864.208080][T17786] netlink: 'syz.4.3150': attribute type 1 has an invalid length.
[  864.211041][T17783] Buffer I/O error on dev nbd0, logical block 1, async page read
[  864.215067][T17786] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3150'.
[  864.219918][T17783] ldm_validate_partition_table(): Disk read failed.
[  864.231667][T17783] Dev nbd0: unable to read RDB block 0
[  864.233894][T17783]  nbd0: unable to read partition table
[  864.329244][T17792] overlayfs: missing 'lowerdir'
[  864.394534][T17794] xt_connbytes: Forcing CT accounting to be enabled
[  864.398232][T17794] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  864.562140][T17799] FAULT_INJECTION: forcing a failure.
[  864.562140][T17799] name failslab, interval 1, probability 0, space 0, times 0
[  864.568530][T17799] CPU: 0 UID: 0 PID: 17799 Comm: syz.3.3155 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  864.568570][T17799] Tainted: [L]=SOFTLOCKUP
[  864.568575][T17799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  864.568584][T17799] Call Trace:
[  864.568591][T17799]  <TASK>
[  864.568598][T17799]  dump_stack_lvl+0x100/0x190
[  864.568629][T17799]  should_fail_ex.cold+0x5/0xa
[  864.568649][T17799]  should_failslab+0xc2/0x120
[  864.568667][T17799]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  864.568691][T17799]  ? __alloc_skb+0x140/0x710
[  864.568719][T17799]  __alloc_skb+0x140/0x710
[  864.568738][T17799]  ? __alloc_skb+0x5b7/0x710
[  864.568759][T17799]  ? __pfx___alloc_skb+0x10/0x10
[  864.568786][T17799]  netlink_alloc_large_skb+0x69/0x150
[  864.568806][T17799]  netlink_sendmsg+0x680/0xda0
[  864.568825][T17799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.568843][T17799]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  864.568863][T17799]  ____sys_sendmsg+0x9e1/0xb70
[  864.568881][T17799]  ? __pfx_netlink_sendmsg+0x10/0x10
[  864.568898][T17799]  ? __pfx_____sys_sendmsg+0x10/0x10
[  864.568921][T17799]  ? __lock_acquire+0x4a5/0x2630
[  864.568950][T17799]  ___sys_sendmsg+0x190/0x1e0
[  864.568972][T17799]  ? __pfx____sys_sendmsg+0x10/0x10
[  864.569006][T17799]  __sys_sendmsg+0x170/0x220
[  864.569018][T17799]  ? __pfx___sys_sendmsg+0x10/0x10
[  864.569034][T17799]  ? exit_to_user_mode_loop+0xdd/0x4a0
[  864.569053][T17799]  __do_fast_syscall_32+0xe3/0x8c0
[  864.569069][T17799]  do_fast_syscall_32+0x32/0x70
[  864.569082][T17799]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  864.569111][T17799] RIP: 0023:0xf6fdef6c
[  864.569122][T17799] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  864.569134][T17799] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  864.569146][T17799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[  864.569153][T17799] RDX: 0000000004004080 RSI: 0000000000000000 RDI: 0000000000000000
[  864.569159][T17799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  864.569165][T17799] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  864.569172][T17799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  864.569186][T17799]  </TASK>
[  865.151367][T17812] netlink: 'syz.3.3159': attribute type 1 has an invalid length.
[  865.154560][T17812] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3159'.
[  865.160452][T17812] netlink: 'syz.3.3159': attribute type 1 has an invalid length.
[  865.163352][T17812] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3159'.
[  865.187978][T17790] syz.4.3151 (17790) used greatest stack depth: 18760 bytes left
[  865.231134][T17814] overlayfs: missing 'lowerdir'
[  865.461327][T17818] program syz.6.3162 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  865.655761][T17828] wg1 speed is unknown, defaulting to 1000
[  865.660026][T17828] pimreg0 speed is unknown, defaulting to 1000
[  865.872840][T17834] FAULT_INJECTION: forcing a failure.
[  865.872840][T17834] name failslab, interval 1, probability 0, space 0, times 0
[  865.890205][T17834] CPU: 3 UID: 0 PID: 17834 Comm: syz.0.3167 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  865.890240][T17834] Tainted: [L]=SOFTLOCKUP
[  865.890247][T17834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  865.890259][T17834] Call Trace:
[  865.890268][T17834]  <TASK>
[  865.890276][T17834]  dump_stack_lvl+0x100/0x190
[  865.890314][T17834]  should_fail_ex.cold+0x5/0xa
[  865.890338][T17834]  should_failslab+0xc2/0x120
[  865.890360][T17834]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  865.890389][T17834]  ? __alloc_skb+0x140/0x710
[  865.890422][T17834]  __alloc_skb+0x140/0x710
[  865.890448][T17834]  ? __alloc_skb+0x5b7/0x710
[  865.890474][T17834]  ? __pfx___alloc_skb+0x10/0x10
[  865.890509][T17834]  netlink_alloc_large_skb+0x69/0x150
[  865.890533][T17834]  netlink_sendmsg+0x680/0xda0
[  865.890557][T17834]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.890580][T17834]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  865.890605][T17834]  ____sys_sendmsg+0x9e1/0xb70
[  865.890642][T17834]  ? __pfx_netlink_sendmsg+0x10/0x10
[  865.890686][T17834]  ? __pfx_____sys_sendmsg+0x10/0x10
[  865.890722][T17834]  ___sys_sendmsg+0x190/0x1e0
[  865.890747][T17834]  ? __pfx____sys_sendmsg+0x10/0x10
[  865.890801][T17834]  __sys_sendmsg+0x170/0x220
[  865.890820][T17834]  ? __pfx___sys_sendmsg+0x10/0x10
[  865.890847][T17834]  ? __pfx_ksys_write+0x10/0x10
[  865.890872][T17834]  __do_fast_syscall_32+0xe3/0x8c0
[  865.890897][T17834]  do_fast_syscall_32+0x32/0x70
[  865.890919][T17834]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  865.890942][T17834] RIP: 0023:0xf7f34f6c
[  865.890958][T17834] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  865.890976][T17834] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  865.890995][T17834] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000500
[  865.891006][T17834] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000
[  865.891017][T17834] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  865.891032][T17834] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  865.891043][T17834] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  865.891067][T17834]  </TASK>
[  866.688550][T17844] netlink: 'syz.4.3170': attribute type 1 has an invalid length.
[  866.693198][T17844] netlink: 216 bytes leftover after parsing attributes in process `syz.4.3170'.
[  866.699461][T17844] netlink: 'syz.4.3170': attribute type 1 has an invalid length.
[  866.702779][T17844] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3170'.
[  866.882923][T17848] FAULT_INJECTION: forcing a failure.
[  866.882923][T17848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  866.889519][T17848] CPU: 2 UID: 0 PID: 17848 Comm: syz.6.3172 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  866.889556][T17848] Tainted: [L]=SOFTLOCKUP
[  866.889564][T17848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  866.889578][T17848] Call Trace:
[  866.889588][T17848]  <TASK>
[  866.889599][T17848]  dump_stack_lvl+0x100/0x190
[  866.889637][T17848]  should_fail_ex.cold+0x5/0xa
[  866.889662][T17848]  _copy_to_user+0x32/0xd0
[  866.889694][T17848]  simple_read_from_buffer+0xcb/0x170
[  866.889731][T17848]  proc_fail_nth_read+0x1af/0x230
[  866.889763][T17848]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  866.889791][T17848]  ? rw_verify_area+0xce/0x6d0
[  866.889820][T17848]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  866.889846][T17848]  vfs_read+0x1e4/0xb30
[  866.889872][T17848]  ? __pfx_vfs_read+0x10/0x10
[  866.889891][T17848]  ? find_held_lock+0x2b/0x80
[  866.889914][T17848]  ? __fget_files+0x215/0x3d0
[  866.889940][T17848]  ? __fget_files+0x21f/0x3d0
[  866.889966][T17848]  ksys_read+0x12a/0x250
[  866.889986][T17848]  ? __pfx_ksys_read+0x10/0x10
[  866.890020][T17848]  do_int80_emulation+0x141/0x6b0
[  866.890056][T17848]  asm_int80_emulation+0x1a/0x20
[  866.890082][T17848] RIP: 0023:0xf71f5cab
[  866.890103][T17848] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  866.890124][T17848] RSP: 002b:00000000f54b64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  866.890148][T17848] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54b65d0
[  866.890165][T17848] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  866.890179][T17848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  866.890194][T17848] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  866.890217][T17848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  866.890252][T17848]  </TASK>
[  867.015042][T17850] overlayfs: missing 'lowerdir'
[  867.122986][T17855] qrtr: Invalid version 115
[  867.915503][T12757] Bluetooth: hci3: command tx timeout
[  867.956041][ T6021] usb 44-1: device descriptor read/8, error -110
[  868.974522][ T6021] usb usb44-port1: attempt power cycle
[  869.282172][T17868] siw: device registration error -23
[  869.358126][T17875] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  869.360336][T17875] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  869.368759][   T10] vhci_hcd vhci_hcd.6: vhci_device speed not set
[  869.387000][T17875] vhci_hcd vhci_hcd.0: Device attached
[  869.443228][ T6021] usb 44-1: SetAddress Request (26) to port 0
[  869.446295][ T6021] usb 44-1: new SuperSpeed USB device number 26 using vhci_hcd
[  869.946728][T17881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3179'.
[  869.957285][T17881] netem: unknown loss type 0
[  869.962549][T17881] netem: change failed
[  869.990541][T17876] vhci_hcd: connection reset by peer
[  869.994982][   T12] vhci_hcd vhci_hcd.3: stop threads
[  869.997732][   T12] vhci_hcd vhci_hcd.3: release socket
[  870.009496][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  870.076691][T17886] netlink: 'syz.6.3182': attribute type 1 has an invalid length.
[  870.079759][T17886] netlink: 216 bytes leftover after parsing attributes in process `syz.6.3182'.
[  870.083287][T17886] netlink: 'syz.6.3182': attribute type 1 has an invalid length.
[  870.086013][T17886] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3182'.
[  870.120434][T17888] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  870.123739][T17888] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  870.960672][T17913] tipc: Started in network mode
[  870.962930][T17913] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  870.967267][T17913] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  870.971996][T17913] tipc: Enabled bearer <udp:syz0>, priority 10
[  872.168260][T12621] tipc: Node number set to 1
[  872.600608][T17919] siw: device registration error -23
[  872.703136][T12757] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[  873.123100][T17924] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  873.126169][T17924] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  873.241576][T17916] delete_channel: no stack
[  873.324345][T17926] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3194'.
[  873.336437][T17926] random: crng reseeded on system resumption
[  873.342412][T17929] netlink: 'syz.6.3195': attribute type 1 has an invalid length.
[  873.345182][T17929] netlink: 216 bytes leftover after parsing attributes in process `syz.6.3195'.
[  873.349283][T17929] netlink: 'syz.6.3195': attribute type 1 has an invalid length.
[  873.353058][T17929] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3195'.
[  873.504778][T17936] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3198'.
[  873.516078][T17936] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  873.610690][   T34] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  873.682314][T17939] tmpfs: Unknown parameter 'usrquota'
[  873.795079][   T34] usb 9-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  873.799444][   T34] usb 9-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  873.808299][   T34] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  873.811981][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  873.815030][   T34] usb 9-1: Product: syz
[  873.816844][   T34] usb 9-1: Manufacturer: syz
[  873.818854][   T34] usb 9-1: SerialNumber: syz
[  873.848805][   T34] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  873.895353][T12621] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  874.137018][   T34] usb 9-1: USB disconnect, device number 13
[  874.887785][T17958] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  874.891182][T17958] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  875.010596][ T6021] usb 44-1: device descriptor read/8, error -110
[  875.121189][T12621] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive
[  875.125046][T12621] ath9k_htc: Failed to initialize the device
[  875.129532][   T34] usb 9-1: ath9k_htc: USB layer deinitialized
[  875.131239][ T6021] usb usb44-port1: unable to enumerate USB device
[  875.448691][   T34] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  876.096716][   T34] usb 9-1: Using ep0 maxpacket: 32
[  876.100194][   T34] usb 9-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  876.103859][   T34] usb 9-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  876.105647][   T34] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 1.08
[  876.105666][   T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.105678][   T34] usb 9-1: Product: syz
[  876.105686][   T34] usb 9-1: Manufacturer: syz
[  876.105695][   T34] usb 9-1: SerialNumber: syz
[  876.114864][   T34] ldusb 9-1:1.0: LD USB Device #0 now attached to major 180 minor 0
[  876.338122][   T34] usb 9-1: USB disconnect, device number 14
[  876.347008][   T34] ldusb 9-1:1.0: LD USB Device #0 now disconnected
[  876.376032][T17977] netlink: 'syz.3.3204': attribute type 1 has an invalid length.
[  876.378811][T17977] netlink: 216 bytes leftover after parsing attributes in process `syz.3.3204'.
[  876.382666][T17977] netlink: 'syz.3.3204': attribute type 1 has an invalid length.
[  876.385506][T17977] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3204'.
[  876.906592][T17987] siw: device registration error -23
[  878.943273][T18005] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  878.945342][T18005] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  878.949786][T18005] vhci_hcd vhci_hcd.0: Device attached
[  879.583977][T13634] usb 44-1: SetAddress Request (27) to port 0
[  879.642698][T13634] usb 44-1: new SuperSpeed USB device number 27 using vhci_hcd
[  880.146988][T18005] rdma_rxe: rxe_newlink: failed to add wg2
[  880.471124][T18021] usb usb8: usbfs: process 18021 (syz.6.3213) did not claim interface 0 before use
[  880.854260][T18025] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3213'.
[  880.978746][T18026] vcan0: tx drop: invalid da for name 0x0000000000000001
[  881.022525][T18028] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3214'.
[  882.550387][T18024] wg1 speed is unknown, defaulting to 1000
[  882.552983][T18024] pimreg0 speed is unknown, defaulting to 1000
[  883.155929][T18006] vhci_hcd: connection reset by peer
[  883.158286][ T9949] vhci_hcd vhci_hcd.3: stop threads
[  883.160527][ T9949] vhci_hcd vhci_hcd.3: release socket
[  883.162910][ T9949] vhci_hcd vhci_hcd.3: disconnect device
[  883.445354][T18048] FAULT_INJECTION: forcing a failure.
[  883.445354][T18048] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  883.450554][T18048] CPU: 3 UID: 0 PID: 18048 Comm: syz.6.3221 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  883.450607][T18048] Tainted: [L]=SOFTLOCKUP
[  883.450617][T18048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  883.450629][T18048] Call Trace:
[  883.450635][T18048]  <TASK>
[  883.450643][T18048]  dump_stack_lvl+0x100/0x190
[  883.450674][T18048]  should_fail_ex.cold+0x5/0xa
[  883.450694][T18048]  _copy_to_user+0x32/0xd0
[  883.450717][T18048]  bpf_prog_test_run_syscall+0x5ea/0xad0
[  883.450738][T18048]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  883.450754][T18048]  ? fput+0x79/0x100
[  883.450773][T18048]  ? __bpf_prog_get+0x97/0x2a0
[  883.450797][T18048]  ? __pfx_bpf_prog_test_run_syscall+0x10/0x10
[  883.450813][T18048]  __sys_bpf+0x1725/0x4b90
[  883.450838][T18048]  ? __pfx___sys_bpf+0x10/0x10
[  883.450862][T18048]  ? proc_fail_nth_write+0x9f/0x220
[  883.450894][T18048]  ? find_held_lock+0x2b/0x80
[  883.450922][T18048]  ? find_held_lock+0x2b/0x80
[  883.450947][T18048]  ? ksys_write+0x190/0x250
[  883.450976][T18048]  ? __mutex_unlock_slowpath+0x15c/0x790
[  883.451020][T18048]  ? fput+0x79/0x100
[  883.451038][T18048]  ? ksys_write+0x1ac/0x250
[  883.451056][T18048]  __ia32_sys_bpf+0x79/0xf0
[  883.451075][T18048]  ? lockdep_hardirqs_on+0x78/0x100
[  883.451092][T18048]  __do_fast_syscall_32+0xe3/0x8c0
[  883.451111][T18048]  do_fast_syscall_32+0x32/0x70
[  883.451128][T18048]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  883.451149][T18048] RIP: 0023:0xf7ff8f6c
[  883.451162][T18048] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  883.451176][T18048] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  883.451192][T18048] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000500
[  883.451201][T18048] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
[  883.451210][T18048] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  883.451223][T18048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  883.451232][T18048] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  883.451250][T18048]  </TASK>
[  884.766970][T15275] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  884.948650][T15275] usb 8-1: Using ep0 maxpacket: 8
[  884.953169][T15275] usb 8-1: config index 0 descriptor too short (expected 74, got 45)
[  884.956601][T15275] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  884.961338][T15275] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  884.965254][T15275] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  884.969111][T15275] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  884.973383][T15275] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  884.978071][T15275] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  884.981245][T15275] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.211077][T15275] usb 8-1: usb_control_msg returned -32
[  885.212903][T15275] usbtmc 8-1:16.0: can't read capabilities
[  885.280906][T13634] usb 44-1: device descriptor read/8, error -110
[  886.231130][   T24] usb 11-1: new high-speed USB device number 24 using dummy_hcd
[  886.403463][   T24] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  886.407109][   T24] usb 11-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  886.410473][   T24] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.436203][   T24] usb 11-1: config 0 descriptor??
[  886.657102][   T24] usbhid 11-1:0.0: can't add hid device: -71
[  886.662945][   T24] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  886.677728][   T24] usb 11-1: USB disconnect, device number 24
[  886.877708][T18074] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3228'.
[  886.881853][T18074] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3228'.
[  886.886207][T18074] netlink: 104 bytes leftover after parsing attributes in process `syz.6.3228'.
[  887.011962][T18078] FAULT_INJECTION: forcing a failure.
[  887.011962][T18078] name failslab, interval 1, probability 0, space 0, times 0
[  887.016175][T18078] CPU: 2 UID: 0 PID: 18078 Comm: syz.6.3229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  887.016196][T18078] Tainted: [L]=SOFTLOCKUP
[  887.016200][T18078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  887.016208][T18078] Call Trace:
[  887.016215][T18078]  <TASK>
[  887.016222][T18078]  dump_stack_lvl+0x100/0x190
[  887.016246][T18078]  should_fail_ex.cold+0x5/0xa
[  887.016261][T18078]  ? alloc_pipe_info+0x1ec/0x590
[  887.016273][T18078]  should_failslab+0xc2/0x120
[  887.016287][T18078]  __kmalloc_noprof+0xe0/0x850
[  887.016308][T18078]  alloc_pipe_info+0x1ec/0x590
[  887.016322][T18078]  splice_direct_to_actor+0x78f/0xa30
[  887.016336][T18078]  ? __lock_acquire+0x4a5/0x2630
[  887.016352][T18078]  ? __pfx_direct_splice_actor+0x10/0x10
[  887.016364][T18078]  ? __pfx_aa_file_perm+0x10/0x10
[  887.016384][T18078]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  887.016400][T18078]  do_splice_direct+0x174/0x240
[  887.016413][T18078]  ? __pfx_do_splice_direct+0x10/0x10
[  887.016425][T18078]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  887.016437][T18078]  ? bpf_lsm_file_permission+0x9/0x10
[  887.016449][T18078]  ? security_file_permission+0x76/0x210
[  887.016465][T18078]  ? rw_verify_area+0xce/0x6d0
[  887.016484][T18078]  do_sendfile+0xadc/0xe20
[  887.016497][T18078]  ? __pfx_do_sendfile+0x10/0x10
[  887.016516][T18078]  ? __fget_files+0x21f/0x3d0
[  887.016531][T18078]  __ia32_compat_sys_sendfile+0x1e5/0x220
[  887.016546][T18078]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[  887.016561][T18078]  ? __pfx_ksys_write+0x10/0x10
[  887.016575][T18078]  __do_fast_syscall_32+0xe3/0x8c0
[  887.016591][T18078]  do_fast_syscall_32+0x32/0x70
[  887.016604][T18078]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  887.016620][T18078] RIP: 0023:0xf7ff8f6c
[  887.016631][T18078] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  887.016642][T18078] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 00000000000000bb
[  887.016654][T18078] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000005
[  887.016661][T18078] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[  887.016667][T18078] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  887.016674][T18078] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  887.016680][T18078] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  887.016693][T18078]  </TASK>
[  887.189373][T18080] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  887.193084][T18080] batman_adv: batadv0: Removing interface: batadv_slave_0
[  887.198499][T18080] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  887.201786][T18080] batman_adv: batadv0: Removing interface: batadv_slave_1
[  887.231341][T13634] usb usb44-port1: attempt power cycle
[  887.259912][T15275] usb 8-1: USB disconnect, device number 6
[  887.340679][T18084] netlink: 'syz.0.3232': attribute type 1 has an invalid length.
[  887.345074][T18084] netlink: 216 bytes leftover after parsing attributes in process `syz.0.3232'.
[  887.354431][T18084] netlink: 'syz.0.3232': attribute type 1 has an invalid length.
[  887.358094][T18084] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3232'.
[  887.458256][T18092] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  887.479196][T18094] FAULT_INJECTION: forcing a failure.
[  887.479196][T18094] name failslab, interval 1, probability 0, space 0, times 0
[  887.484133][T18094] CPU: 3 UID: 0 PID: 18094 Comm: syz.6.3237 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  887.484155][T18094] Tainted: [L]=SOFTLOCKUP
[  887.484159][T18094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  887.484167][T18094] Call Trace:
[  887.484171][T18094]  <TASK>
[  887.484176][T18094]  dump_stack_lvl+0x100/0x190
[  887.484201][T18094]  should_fail_ex.cold+0x5/0xa
[  887.484216][T18094]  should_failslab+0xc2/0x120
[  887.484231][T18094]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  887.484250][T18094]  ? __alloc_skb+0x140/0x710
[  887.484272][T18094]  __alloc_skb+0x140/0x710
[  887.484288][T18094]  ? __alloc_skb+0x5b7/0x710
[  887.484305][T18094]  ? __pfx___alloc_skb+0x10/0x10
[  887.484322][T18094]  ? __pfx___might_resched+0x10/0x10
[  887.484344][T18094]  netlink_alloc_large_skb+0x69/0x150
[  887.484359][T18094]  netlink_sendmsg+0x680/0xda0
[  887.484374][T18094]  ? __pfx_netlink_sendmsg+0x10/0x10
[  887.484388][T18094]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  887.484403][T18094]  ____sys_sendmsg+0x9e1/0xb70
[  887.484416][T18094]  ? __pfx_netlink_sendmsg+0x10/0x10
[  887.484430][T18094]  ? __pfx_____sys_sendmsg+0x10/0x10
[  887.484450][T18094]  ___sys_sendmsg+0x190/0x1e0
[  887.484466][T18094]  ? __pfx____sys_sendmsg+0x10/0x10
[  887.484496][T18094]  __sys_sendmsg+0x170/0x220
[  887.484508][T18094]  ? __pfx___sys_sendmsg+0x10/0x10
[  887.484523][T18094]  ? __pfx_ksys_write+0x10/0x10
[  887.484538][T18094]  __do_fast_syscall_32+0xe3/0x8c0
[  887.484554][T18094]  do_fast_syscall_32+0x32/0x70
[  887.484567][T18094]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  887.484583][T18094] RIP: 0023:0xf7ff8f6c
[  887.484593][T18094] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  887.484604][T18094] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  887.484616][T18094] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001c00
[  887.484622][T18094] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  887.484629][T18094] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  887.484635][T18094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  887.484641][T18094] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  887.484655][T18094]  </TASK>
[  887.489607][T18090] usb usb8: usbfs: process 18090 (syz.0.3235) did not claim interface 0 before use
[  887.793424][T18104] wg1 speed is unknown, defaulting to 1000
[  887.798303][T18104] pimreg0 speed is unknown, defaulting to 1000
[  887.837817][T18107] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3235'.
[  887.895130][T18113] netlink: 'syz.4.3243': attribute type 1 has an invalid length.
[  887.905202][T18113] netlink: 216 bytes leftover after parsing attributes in process `syz.4.3243'.
[  887.909840][T18113] netlink: 'syz.4.3243': attribute type 1 has an invalid length.
[  887.912893][T18113] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3243'.
[  887.936626][T13634] usb usb44-port1: unable to enumerate USB device
[  888.016947][T18118] FAULT_INJECTION: forcing a failure.
[  888.016947][T18118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  888.023381][T18118] CPU: 3 UID: 0 PID: 18118 Comm: syz.3.3245 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  888.023417][T18118] Tainted: [L]=SOFTLOCKUP
[  888.023425][T18118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  888.023441][T18118] Call Trace:
[  888.023451][T18118]  <TASK>
[  888.023460][T18118]  dump_stack_lvl+0x100/0x190
[  888.023508][T18118]  should_fail_ex.cold+0x5/0xa
[  888.023539][T18118]  _copy_to_user+0x32/0xd0
[  888.023575][T18118]  simple_read_from_buffer+0xcb/0x170
[  888.023618][T18118]  proc_fail_nth_read+0x1af/0x230
[  888.023650][T18118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  888.023683][T18118]  ? rw_verify_area+0xce/0x6d0
[  888.023720][T18118]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  888.023750][T18118]  vfs_read+0x1e4/0xb30
[  888.023780][T18118]  ? __pfx_vfs_read+0x10/0x10
[  888.023802][T18118]  ? find_held_lock+0x2b/0x80
[  888.023829][T18118]  ? __fget_files+0x215/0x3d0
[  888.023861][T18118]  ? __fget_files+0x21f/0x3d0
[  888.023896][T18118]  ksys_read+0x12a/0x250
[  888.023920][T18118]  ? __pfx_ksys_read+0x10/0x10
[  888.023954][T18118]  do_int80_emulation+0x141/0x6b0
[  888.023996][T18118]  asm_int80_emulation+0x1a/0x20
[  888.024023][T18118] RIP: 0023:0xf7115cab
[  888.024043][T18118] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  888.024067][T18118] RSP: 002b:00000000f53cd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  888.024090][T18118] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f53cd5d0
[  888.024106][T18118] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  888.024119][T18118] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  888.024133][T18118] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  888.024146][T18118] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  888.024179][T18118]  </TASK>
[  889.906393][T18140] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3253'.
[  891.236438][T18173] FAULT_INJECTION: forcing a failure.
[  891.236438][T18173] name failslab, interval 1, probability 0, space 0, times 0
[  891.242044][T18173] CPU: 2 UID: 0 PID: 18173 Comm: syz.3.3258 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  891.242066][T18173] Tainted: [L]=SOFTLOCKUP
[  891.242070][T18173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  891.242078][T18173] Call Trace:
[  891.242084][T18173]  <TASK>
[  891.242089][T18173]  dump_stack_lvl+0x100/0x190
[  891.242117][T18173]  should_fail_ex.cold+0x5/0xa
[  891.242140][T18173]  should_failslab+0xc2/0x120
[  891.242159][T18173]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  891.242179][T18173]  ? __alloc_skb+0x140/0x710
[  891.242202][T18173]  __alloc_skb+0x140/0x710
[  891.242219][T18173]  ? __alloc_skb+0x5b7/0x710
[  891.242236][T18173]  ? __pfx___alloc_skb+0x10/0x10
[  891.242257][T18173]  netlink_alloc_large_skb+0x69/0x150
[  891.242272][T18173]  netlink_sendmsg+0x680/0xda0
[  891.242287][T18173]  ? __pfx_netlink_sendmsg+0x10/0x10
[  891.242301][T18173]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  891.242316][T18173]  ____sys_sendmsg+0x9e1/0xb70
[  891.242331][T18173]  ? __pfx_netlink_sendmsg+0x10/0x10
[  891.242345][T18173]  ? __pfx_____sys_sendmsg+0x10/0x10
[  891.242365][T18173]  ___sys_sendmsg+0x190/0x1e0
[  891.242381][T18173]  ? __pfx____sys_sendmsg+0x10/0x10
[  891.242412][T18173]  __sys_sendmsg+0x170/0x220
[  891.242424][T18173]  ? __pfx___sys_sendmsg+0x10/0x10
[  891.242439][T18173]  ? __pfx_ksys_write+0x10/0x10
[  891.242454][T18173]  __do_fast_syscall_32+0xe3/0x8c0
[  891.242471][T18173]  do_fast_syscall_32+0x32/0x70
[  891.242484][T18173]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  891.242513][T18173] RIP: 0023:0xf6fdef6c
[  891.242525][T18173] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  891.242537][T18173] RSP: 002b:00000000f53ac50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  891.242573][T18173] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[  891.242581][T18173] RDX: 0000000000000098 RSI: 0000000000000000 RDI: 0000000000000000
[  891.242588][T18173] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  891.242594][T18173] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  891.242601][T18173] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  891.242615][T18173]  </TASK>
[  891.631129][T18190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3260'.
[  892.301214][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  894.156901][T18194] siw: device registration error -23
[  894.430003][T18208] usb usb8: usbfs: process 18208 (syz.6.3265) did not claim interface 0 before use
[  894.995378][T18222] wg1 speed is unknown, defaulting to 1000
[  895.004569][T18222] pimreg0 speed is unknown, defaulting to 1000
[  895.955850][T18229] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3265'.
[  896.472937][T18222] vcan0: tx drop: invalid da for name 0x0000000000000001
[  896.934695][T18239] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  897.263352][T18248] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[  897.265498][T18248] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  897.269291][T18248] vhci_hcd vhci_hcd.0: Device attached
[  897.309699][T18259] vhci_hcd: connection closed
[  897.320777][ T9928] vhci_hcd vhci_hcd.0: stop threads
[  897.344425][ T9928] vhci_hcd vhci_hcd.0: release socket
[  897.346824][ T9928] vhci_hcd vhci_hcd.0: disconnect device
[  897.408225][T18261] siw: device registration error -23
[  898.747997][T18271] FAULT_INJECTION: forcing a failure.
[  898.747997][T18271] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  898.752542][T18271] CPU: 3 UID: 0 PID: 18271 Comm: syz.0.3279 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  898.752563][T18271] Tainted: [L]=SOFTLOCKUP
[  898.752567][T18271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  898.752574][T18271] Call Trace:
[  898.752580][T18271]  <TASK>
[  898.752586][T18271]  dump_stack_lvl+0x100/0x190
[  898.752611][T18271]  should_fail_ex.cold+0x5/0xa
[  898.752625][T18271]  _copy_from_user+0x2e/0xd0
[  898.752642][T18271]  sctp_setsockopt+0x8cc/0xb370
[  898.752662][T18271]  ? __pfx_aa_sk_perm+0x10/0x10
[  898.752680][T18271]  ? __pfx_sctp_setsockopt+0x10/0x10
[  898.752696][T18271]  ? aa_sock_opt_perm+0xfe/0x1b0
[  898.752707][T18271]  ? sock_common_setsockopt+0x2e/0xf0
[  898.752722][T18271]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  898.752737][T18271]  do_sock_setsockopt+0xf3/0x1d0
[  898.752753][T18271]  __sys_setsockopt+0x119/0x190
[  898.752774][T18271]  __ia32_sys_setsockopt+0xbc/0x160
[  898.752792][T18271]  ? __do_fast_syscall_32+0x94/0x8c0
[  898.752806][T18271]  ? lockdep_hardirqs_on+0x78/0x100
[  898.752818][T18271]  __do_fast_syscall_32+0xe3/0x8c0
[  898.752832][T18271]  do_fast_syscall_32+0x32/0x70
[  898.752852][T18271]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  898.752868][T18271] RIP: 0023:0xf7f34f6c
[  898.752878][T18271] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  898.752890][T18271] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  898.752901][T18271] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000084
[  898.752908][T18271] RDX: 0000000000000072 RSI: 0000000080000180 RDI: 000000000000000c
[  898.752915][T18271] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  898.752921][T18271] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  898.752927][T18271] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  898.752941][T18271]  </TASK>
[  898.925307][T18279] FAULT_INJECTION: forcing a failure.
[  898.925307][T18279] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  898.931738][T18279] CPU: 2 UID: 0 PID: 18279 Comm: syz.0.3280 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  898.931759][T18279] Tainted: [L]=SOFTLOCKUP
[  898.931763][T18279] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  898.931772][T18279] Call Trace:
[  898.931776][T18279]  <TASK>
[  898.931781][T18279]  dump_stack_lvl+0x100/0x190
[  898.931806][T18279]  should_fail_ex.cold+0x5/0xa
[  898.931820][T18279]  ? prepare_alloc_pages+0x16d/0x5f0
[  898.931837][T18279]  should_fail_alloc_page+0xeb/0x140
[  898.931852][T18279]  prepare_alloc_pages+0x1f0/0x5f0
[  898.931866][T18279]  ? __lock_acquire+0x4a5/0x2630
[  898.931884][T18279]  __alloc_frozen_pages_noprof+0x19a/0x2ba0
[  898.931908][T18279]  ? find_held_lock+0x2b/0x80
[  898.931923][T18279]  ? is_bpf_text_address+0x8a/0x1a0
[  898.931943][T18279]  ? is_bpf_text_address+0x8a/0x1a0
[  898.931961][T18279]  ? bpf_ksym_find+0x124/0x1c0
[  898.931975][T18279]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  898.932007][T18279]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  898.932022][T18279]  ? is_bpf_text_address+0x94/0x1a0
[  898.932040][T18279]  ? kernel_text_address+0x8d/0x100
[  898.932059][T18279]  ? __kernel_text_address+0xd/0x30
[  898.932076][T18279]  ? unwind_get_return_address+0x59/0xa0
[  898.932098][T18279]  ? __lock_acquire+0x4a5/0x2630
[  898.932115][T18279]  ? tomoyo_check_open_permission+0x1a2/0x3c0
[  898.932131][T18279]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  898.932145][T18279]  ? policy_nodemask+0xed/0x4f0
[  898.932160][T18279]  alloc_pages_mpol+0x1fb/0x550
[  898.932174][T18279]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  898.932192][T18279]  folio_alloc_mpol_noprof+0x36/0x340
[  898.932208][T18279]  vma_alloc_folio_noprof+0xed/0x1d0
[  898.932223][T18279]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  898.932237][T18279]  ? rcu_read_unlock+0x2d/0xb0
[  898.932255][T18279]  ? rcu_read_unlock+0x2d/0xb0
[  898.932272][T18279]  ? __lock_acquire+0x4a5/0x2630
[  898.932289][T18279]  do_wp_page+0xf28/0x4e90
[  898.932308][T18279]  ? __pfx_do_wp_page+0x10/0x10
[  898.932324][T18279]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  898.932347][T18279]  __handle_mm_fault+0x1ace/0x2b60
[  898.932367][T18279]  ? mt_find+0x45e/0x8e0
[  898.932385][T18279]  ? __pfx___handle_mm_fault+0x10/0x10
[  898.932401][T18279]  ? __pfx_mt_find+0x10/0x10
[  898.932423][T18279]  ? find_vma+0xbf/0x140
[  898.932435][T18279]  ? __pfx_find_vma+0x10/0x10
[  898.932449][T18279]  handle_mm_fault+0x36d/0xa20
[  898.932470][T18279]  do_user_addr_fault+0x74c/0x12f0
[  898.932487][T18279]  exc_page_fault+0x6f/0xd0
[  898.932501][T18279]  asm_exc_page_fault+0x26/0x30
[  898.932513][T18279] RIP: 0010:_copy_to_iter+0x38c/0x1720
[  898.932530][T18279] Code: 00 00 00 00 e9 4d ff ff ff e8 70 e6 15 fd 4c 8b 74 24 18 44 89 fe 4c 89 f7 e8 10 88 81 fd 0f 01 cb 4c 89 f9 48 89 df 4c 89 f6 <f3> a4 0f 1f 00 48 89 cb 0f 01 ca 4c 89 f8 48 29 c8 48 89 44 24 08
[  898.932542][T18279] RSP: 0018:ffffc90007ef7ab0 EFLAGS: 00050246
[  898.932552][T18279] RAX: 0000000000000001 RBX: 0000000080003f80 RCX: 0000000000000040
[  898.932560][T18279] RDX: 0000000000000001 RSI: ffffc90007ef7c58 RDI: 0000000080003f80
[  898.932567][T18279] RBP: ffffc90007ef7d70 R08: 0000000000000000 R09: fffff52000fdef92
[  898.932574][T18279] R10: ffffc90007ef7c97 R11: 0000000000000000 R12: 0000000080003fc0
[  898.932580][T18279] R13: 00007ffffffff000 R14: ffffc90007ef7c58 R15: 0000000000000040
[  898.932598][T18279]  ? __pfx___ldsem_down_read_nested+0x10/0x10
[  898.932755][T18279]  ? __pfx__copy_to_iter+0x10/0x10
[  898.932772][T18279]  ? __pfx_woken_wake_function+0x10/0x10
[  898.932798][T18279]  tty_read+0x242/0x550
[  898.932882][T18279]  ? __pfx_tty_read+0x10/0x10
[  898.932906][T18279]  ? bpf_lsm_file_permission+0x9/0x10
[  898.932920][T18279]  ? security_file_permission+0x76/0x210
[  898.932938][T18279]  ? rw_verify_area+0xce/0x6d0
[  898.932958][T18279]  ? __pfx_tty_read+0x10/0x10
[  898.932975][T18279]  vfs_read+0x825/0xb30
[  898.932990][T18279]  ? __pfx_vfs_read+0x10/0x10
[  898.933000][T18279]  ? find_held_lock+0x2b/0x80
[  898.933023][T18279]  ksys_read+0x12a/0x250
[  898.933034][T18279]  ? __pfx_ksys_read+0x10/0x10
[  898.933046][T18279]  ? __pfx_ksys_write+0x10/0x10
[  898.933062][T18279]  __do_fast_syscall_32+0xe3/0x8c0
[  898.933080][T18279]  do_fast_syscall_32+0x32/0x70
[  898.933094][T18279]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  898.933111][T18279] RIP: 0023:0xf7f34f6c
[  898.933122][T18279] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  898.933134][T18279] RSP: 002b:00000000f53d550c EFLAGS: 00000292 ORIG_RAX: 0000000000000003
[  898.933146][T18279] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080003f80
[  898.933153][T18279] RDX: 0000000000001e04 RSI: 0000000000000000 RDI: 0000000000000000
[  898.933160][T18279] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  898.933167][T18279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  898.933174][T18279] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  898.933189][T18279]  </TASK>
[  899.250651][T18297] FAULT_INJECTION: forcing a failure.
[  899.250651][T18297] name failslab, interval 1, probability 0, space 0, times 0
[  899.254596][T18297] CPU: 3 UID: 0 PID: 18297 Comm: syz.4.3283 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  899.254615][T18297] Tainted: [L]=SOFTLOCKUP
[  899.254620][T18297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  899.254627][T18297] Call Trace:
[  899.254632][T18297]  <TASK>
[  899.254638][T18297]  dump_stack_lvl+0x100/0x190
[  899.254663][T18297]  should_fail_ex.cold+0x5/0xa
[  899.254678][T18297]  should_failslab+0xc2/0x120
[  899.254694][T18297]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  899.254715][T18297]  ? __alloc_skb+0x140/0x710
[  899.254738][T18297]  __alloc_skb+0x140/0x710
[  899.254756][T18297]  ? __alloc_skb+0x5b7/0x710
[  899.254774][T18297]  ? __pfx___alloc_skb+0x10/0x10
[  899.254797][T18297]  netlink_alloc_large_skb+0x69/0x150
[  899.254813][T18297]  netlink_sendmsg+0x680/0xda0
[  899.254829][T18297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  899.254848][T18297]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  899.254865][T18297]  ____sys_sendmsg+0x9e1/0xb70
[  899.254880][T18297]  ? __pfx_netlink_sendmsg+0x10/0x10
[  899.254894][T18297]  ? __pfx_____sys_sendmsg+0x10/0x10
[  899.254916][T18297]  ___sys_sendmsg+0x190/0x1e0
[  899.254933][T18297]  ? __pfx____sys_sendmsg+0x10/0x10
[  899.254966][T18297]  __sys_sendmsg+0x170/0x220
[  899.254979][T18297]  ? __pfx___sys_sendmsg+0x10/0x10
[  899.254996][T18297]  ? __pfx_ksys_write+0x10/0x10
[  899.255012][T18297]  __do_fast_syscall_32+0xe3/0x8c0
[  899.255029][T18297]  do_fast_syscall_32+0x32/0x70
[  899.255043][T18297]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  899.255060][T18297] RIP: 0023:0xf709ef6c
[  899.255070][T18297] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  899.255081][T18297] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  899.255094][T18297] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  899.255102][T18297] RDX: 00000000040080c0 RSI: 0000000000000000 RDI: 0000000000000000
[  899.255108][T18297] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  899.255115][T18297] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  899.255122][T18297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  899.255136][T18297]  </TASK>
[  899.481184][T18303] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  900.441707][T18301] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  900.451394][T18301] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  900.454623][T18301] overlayfs: failed to look up (tracing) for ino (-66)
[  902.633789][T18309] 9pnet_virtio: no channels available for device syz
[  902.637706][T18309] siw: device registration error -23
[  902.773239][T18317] usb usb8: usbfs: process 18317 (syz.0.3288) did not claim interface 0 before use
[  903.113519][T18324] wg1 speed is unknown, defaulting to 1000
[  903.118517][T18324] pimreg0 speed is unknown, defaulting to 1000
[  903.225591][T18325] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3288'.
[  903.299086][T18326] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3288'.
[  904.151511][T18329] usb usb8: usbfs: process 18329 (syz.4.3291) did not claim interface 0 before use
[  904.503297][T18336] wg1 speed is unknown, defaulting to 1000
[  904.509642][T18336] pimreg0 speed is unknown, defaulting to 1000
[  904.640387][T18338] usb usb8: usbfs: process 18338 (syz.3.3290) did not claim interface 0 before use
[  906.407656][T18330] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3291'.
[  906.664165][T18343] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3290'.
[  906.777554][T18342] wg1 speed is unknown, defaulting to 1000
[  906.784240][T18342] pimreg0 speed is unknown, defaulting to 1000
[  907.090942][T18330] vcan0: tx drop: invalid da for name 0x0000000000000001
[  908.340000][T18359] siw: device registration error -23
[  909.046270][T18367] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3300'.
[  910.278883][T18375] tmpfs: Unknown parameter 'usrqšota'
[  910.999333][T18387] usb usb8: usbfs: process 18387 (syz.0.3307) did not claim interface 0 before use
[  911.328992][T18398] wg1 speed is unknown, defaulting to 1000
[  911.335579][T18398] pimreg0 speed is unknown, defaulting to 1000
[  911.387027][T18399] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3307'.
[  911.623177][T18398] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3307'.
[  912.119268][T18411] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3303'.
[  912.122519][T18411] netlink: 196 bytes leftover after parsing attributes in process `syz.4.3303'.
[  912.253307][T18420] usb usb8: usbfs: process 18420 (syz.4.3309) did not claim interface 0 before use
[  912.575135][T18423] wg1 speed is unknown, defaulting to 1000
[  912.580196][T18423] pimreg0 speed is unknown, defaulting to 1000
[  912.690953][T18424] blk_print_req_error: 54 callbacks suppressed
[  912.690970][T18424] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.697231][T18424] buffer_io_error: 54 callbacks suppressed
[  912.697246][T18424] Buffer I/O error on dev nbd3, logical block 0, async page read
[  912.702856][T18425] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3309'.
[  912.703572][T18424] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.709926][T18424] Buffer I/O error on dev nbd3, logical block 1, async page read
[  912.714366][T18424] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.718174][T18424] Buffer I/O error on dev nbd3, logical block 2, async page read
[  912.721776][T18424] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.726358][T18424] Buffer I/O error on dev nbd3, logical block 3, async page read
[  912.730301][T18424] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.735072][T18424] Buffer I/O error on dev nbd3, logical block 0, async page read
[  912.737718][T18424] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.740845][T18424] Buffer I/O error on dev nbd3, logical block 1, async page read
[  912.743741][T18424] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.747324][T18424] Buffer I/O error on dev nbd3, logical block 2, async page read
[  912.750188][T18424] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.753500][T18424] Buffer I/O error on dev nbd3, logical block 3, async page read
[  912.756171][T18424] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.759333][T18424] Buffer I/O error on dev nbd3, logical block 0, async page read
[  912.762134][T18424] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  912.765777][T18424] Buffer I/O error on dev nbd3, logical block 1, async page read
[  912.769069][T18424] ldm_validate_partition_table(): Disk read failed.
[  912.772253][T18424] Dev nbd3: unable to read RDB block 0
[  912.775399][T18424]  nbd3: unable to read partition table
[  912.792074][T18426] vcan0: tx drop: invalid da for name 0x0000000000000001
[  912.873654][T18424] 9p: Bad value for 'wfdno'
[  913.273960][T18430] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3311'.
[  913.281407][T18430] random: crng reseeded on system resumption
[  913.635113][T18438] siw: device registration error -23
[  914.317645][T18444] netlink: 'syz.4.3315': attribute type 1 has an invalid length.
[  914.356518][T18444] bond1: entered promiscuous mode
[  914.361937][T18444] 8021q: adding VLAN 0 to HW filter on device bond1
[  914.417932][T18444] bond1: (slave bridge3): making interface the new active one
[  914.420530][T18444] bridge3: entered promiscuous mode
[  914.434737][T18444] bond1: (slave bridge3): Enslaving as an active interface with an up link
[  916.904552][T18459] usb usb8: usbfs: process 18459 (syz.6.3319) did not claim interface 0 before use
[  917.324522][T18464] FAULT_INJECTION: forcing a failure.
[  917.324522][T18464] name failslab, interval 1, probability 0, space 0, times 0
[  917.331489][T18464] CPU: 3 UID: 0 PID: 18464 Comm: syz.0.3318 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  917.331522][T18464] Tainted: [L]=SOFTLOCKUP
[  917.331529][T18464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  917.331539][T18464] Call Trace:
[  917.331546][T18464]  <TASK>
[  917.331553][T18464]  dump_stack_lvl+0x100/0x190
[  917.331588][T18464]  should_fail_ex.cold+0x5/0xa
[  917.331611][T18464]  should_failslab+0xc2/0x120
[  917.331631][T18464]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  917.331658][T18464]  ? ipmr_mfc_add+0x27a/0x2eb0
[  917.331751][T18464]  ? ipmr_mfc_add+0x1e9/0x2eb0
[  917.331771][T18464]  ipmr_mfc_add+0x27a/0x2eb0
[  917.331797][T18464]  ? __pfx_ipmr_mfc_add+0x10/0x10
[  917.331814][T18464]  ? __might_fault+0xc5/0x140
[  917.331839][T18464]  ? __might_fault+0xc5/0x140
[  917.331871][T18464]  ? ip_mroute_setsockopt+0xb05/0x11a0
[  917.331888][T18464]  ip_mroute_setsockopt+0xb05/0x11a0
[  917.331915][T18464]  ? __pfx_ip_mroute_setsockopt+0x10/0x10
[  917.331942][T18464]  ? get_pid_task+0xfc/0x250
[  917.331963][T18464]  ? get_pid_task+0xfc/0x250
[  917.331989][T18464]  do_ip_setsockopt+0x382/0x3200
[  917.332023][T18464]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  917.332046][T18464]  ? aa_sk_perm+0x309/0xaa0
[  917.332069][T18464]  ? ksys_write+0x190/0x250
[  917.332087][T18464]  ? __pfx_aa_sk_perm+0x10/0x10
[  917.332113][T18464]  ip_setsockopt+0x5a/0xf0
[  917.332136][T18464]  raw_setsockopt+0x60/0x1b0
[  917.332158][T18464]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  917.332182][T18464]  do_sock_setsockopt+0xf3/0x1d0
[  917.332205][T18464]  __sys_setsockopt+0x119/0x190
[  917.332236][T18464]  __ia32_sys_setsockopt+0xbc/0x160
[  917.332262][T18464]  ? __do_fast_syscall_32+0x94/0x8c0
[  917.332283][T18464]  ? lockdep_hardirqs_on+0x78/0x100
[  917.332301][T18464]  __do_fast_syscall_32+0xe3/0x8c0
[  917.332323][T18464]  do_fast_syscall_32+0x32/0x70
[  917.332342][T18464]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  917.332365][T18464] RIP: 0023:0xf7f34f6c
[  917.332379][T18464] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  917.332396][T18464] RSP: 002b:00000000f53f650c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  917.332413][T18464] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  917.332423][T18464] RDX: 00000000000000d2 RSI: 0000000080000200 RDI: 000000000000003c
[  917.332434][T18464] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  917.332443][T18464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  917.332453][T18464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  917.332476][T18464]  </TASK>
[  917.443326][T18461] wg1 speed is unknown, defaulting to 1000
[  917.448766][T18461] pimreg0 speed is unknown, defaulting to 1000
[  917.658400][T18470] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3319'.
[  917.659746][T18468] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3320'.
[  917.696645][T18468] random: crng reseeded on system resumption
[  917.771538][T18470] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3319'.
[  918.107414][ T6268] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  918.268277][ T6268] usb 9-1: Using ep0 maxpacket: 8
[  918.272354][ T6268] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  918.275108][ T6268] usb 9-1: config 0 has no interface number 0
[  918.277531][ T6268] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  918.283920][ T6268] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  918.286837][ T6268] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  918.294470][ T6268] usb 9-1: config 0 descriptor??
[  918.301076][T18488] futex_wake_op: syz.0.3327 tries to shift op by 32; fix this program
[  918.305807][ T6268] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  918.713202][T18496] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3329'.
[  918.871373][T18500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3324'.
[  919.744257][T18510] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3332'.
[  919.755957][T18510] random: crng reseeded on system resumption
[  919.929379][T18514] blk_print_req_error: 54 callbacks suppressed
[  919.929396][T18514] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.935294][T18514] buffer_io_error: 54 callbacks suppressed
[  919.935308][T18514] Buffer I/O error on dev nbd0, logical block 0, async page read
[  919.940415][T18514] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.943825][T18514] Buffer I/O error on dev nbd0, logical block 1, async page read
[  919.947829][T18514] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.951273][T18514] Buffer I/O error on dev nbd0, logical block 2, async page read
[  919.954511][T18514] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.958196][T18514] Buffer I/O error on dev nbd0, logical block 3, async page read
[  919.960866][T18514] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.964130][T18514] Buffer I/O error on dev nbd0, logical block 0, async page read
[  919.967176][T18514] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.971068][T18514] Buffer I/O error on dev nbd0, logical block 1, async page read
[  919.973889][T18514] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.978500][T18514] Buffer I/O error on dev nbd0, logical block 2, async page read
[  919.981167][T18514] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.984423][T18514] Buffer I/O error on dev nbd0, logical block 3, async page read
[  919.987455][T18514] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.991741][T18514] Buffer I/O error on dev nbd0, logical block 0, async page read
[  919.995299][T18514] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  919.998515][T18514] Buffer I/O error on dev nbd0, logical block 1, async page read
[  920.001610][T18514] ldm_validate_partition_table(): Disk read failed.
[  920.004201][T18514] Dev nbd0: unable to read RDB block 0
[  920.006557][T18514]  nbd0: unable to read partition table
[  920.006628][ T6021] usb 9-1: USB disconnect, device number 15
[  920.023627][ T5343] ldm_validate_partition_table(): Disk read failed.
[  920.025955][ T5343] Dev nbd0: unable to read RDB block 0
[  920.027965][ T5343]  nbd0: unable to read partition table
[  920.032064][ T5343] ldm_validate_partition_table(): Disk read failed.
[  920.034904][ T5343] Dev nbd0: unable to read RDB block 0
[  920.037247][ T5343]  nbd0: unable to read partition table
[  920.048833][T18493] ldm_validate_partition_table(): Disk read failed.
[  920.051670][T18493] Dev nbd0: unable to read RDB block 0
[  920.054815][T18493]  nbd0: unable to read partition table
[  920.061822][T18493] ldm_validate_partition_table(): Disk read failed.
[  920.065555][T18493] Dev nbd0: unable to read RDB block 0
[  920.067605][T18493]  nbd0: unable to read partition table
[  920.136562][T18518] wg1 speed is unknown, defaulting to 1000
[  920.139463][T18518] pimreg0 speed is unknown, defaulting to 1000
[  920.332096][T18522] Mount JFS Failure: -22
[  920.333673][T18522] jfs_mount failed w/return code = -22
[  920.365707][T18524] usb usb8: usbfs: process 18524 (syz.6.3337) did not claim interface 0 before use
[  920.666936][T18526] wg1 speed is unknown, defaulting to 1000
[  920.677875][T18526] pimreg0 speed is unknown, defaulting to 1000
[  920.921849][T18527] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3337'.
[  920.950454][T18527] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3337'.
[  921.009249][  T829] kernel read not supported for file /dsp (pid: 829 comm: kworker/1:2)
[  922.264295][T18536] siw: device registration error -23
[  922.669873][T18542] 9pnet_virtio: no channels available for device syz
[  922.682650][T18542] siw: device registration error -23
[  922.741467][T18541] netlink: 'syz.6.3341': attribute type 1 has an invalid length.
[  922.744844][T18541] netlink: 216 bytes leftover after parsing attributes in process `syz.6.3341'.
[  922.749623][T18541] netlink: 'syz.6.3341': attribute type 1 has an invalid length.
[  922.752699][T18541] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3341'.
[  924.114926][T18547] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4)
[  924.119126][T18547] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  924.130919][T18547] vhci_hcd vhci_hcd.0: Device attached
[  924.414189][T18573] usb usb8: usbfs: process 18573 (syz.3.3349) did not claim interface 0 before use
[  926.162303][T18593] wg1 speed is unknown, defaulting to 1000
[  926.167187][T18593] pimreg0 speed is unknown, defaulting to 1000
[  926.414930][T18593] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3349'.
[  926.423344][T13634] usb 50-1: SetAddress Request (10) to port 0
[  926.436979][T18545] Process accounting resumed
[  926.440546][T13634] usb 50-1: new SuperSpeed USB device number 10 using vhci_hcd
[  926.528016][T18595] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3349'.
[  926.956921][T18601] FAULT_INJECTION: forcing a failure.
[  926.956921][T18601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  926.963062][T18601] CPU: 3 UID: 0 PID: 18601 Comm: syz.3.3351 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  926.963100][T18601] Tainted: [L]=SOFTLOCKUP
[  926.963108][T18601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  926.963121][T18601] Call Trace:
[  926.963130][T18601]  <TASK>
[  926.963140][T18601]  dump_stack_lvl+0x100/0x190
[  926.963180][T18601]  should_fail_ex.cold+0x5/0xa
[  926.963208][T18601]  _copy_from_user+0x2e/0xd0
[  926.963237][T18601]  move_addr_to_kernel+0x65/0x170
[  926.963269][T18601]  get_compat_msghdr+0x3ee/0x4b0
[  926.963303][T18601]  ? __pfx_get_compat_msghdr+0x10/0x10
[  926.963344][T18601]  ___sys_sendmsg+0x1b6/0x1e0
[  926.963374][T18601]  ? __pfx____sys_sendmsg+0x10/0x10
[  926.963434][T18601]  __sys_sendmsg+0x170/0x220
[  926.963457][T18601]  ? __pfx___sys_sendmsg+0x10/0x10
[  926.963486][T18601]  ? __pfx_ksys_write+0x10/0x10
[  926.963514][T18601]  __do_fast_syscall_32+0xe3/0x8c0
[  926.963543][T18601]  do_fast_syscall_32+0x32/0x70
[  926.963567][T18601]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  926.963593][T18601] RIP: 0023:0xf6fdef6c
[  926.963612][T18601] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  926.963633][T18601] RSP: 002b:00000000f53cd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  926.963655][T18601] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000700
[  926.963668][T18601] RDX: 0000000004004080 RSI: 0000000000000000 RDI: 0000000000000000
[  926.963680][T18601] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  926.963692][T18601] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  926.963705][T18601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  926.963732][T18601]  </TASK>
[  927.049349][T18602] overlay: Unknown parameter 'uid<00000000000000000000'
[  927.065294][T18559] vhci_hcd: connection reset by peer
[  927.068905][  T159] vhci_hcd vhci_hcd.6: stop threads
[  927.071280][  T159] vhci_hcd vhci_hcd.6: release socket
[  927.074994][  T159] vhci_hcd vhci_hcd.6: disconnect device
[  927.249384][T18614] QAT: Device 253 not found
[  927.919754][T18626] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3358'.
[  928.366173][T17033] block nbd3: Receive control failed (result -1)
[  929.017841][  T829] usb 11-1: new low-speed USB device number 25 using dummy_hcd
[  929.178269][  T829] usb 11-1: device descriptor read/64, error -71
[  929.446143][  T829] usb 11-1: new low-speed USB device number 26 using dummy_hcd
[  929.670398][  T829] usb 11-1: device descriptor read/64, error -71
[  929.818824][  T829] usb usb11-port1: attempt power cycle
[  931.839139][  T829] usb 11-1: new low-speed USB device number 27 using dummy_hcd
[  931.875874][T13634] usb 50-1: device descriptor read/8, error -110
[  931.878043][  T829] usb 11-1: device descriptor read/8, error -71
[  932.727441][T13634] usb usb50-port1: attempt power cycle
[  933.058114][T18712] 9pnet_virtio: no channels available for device syz
[  934.330430][T13634] usb usb50-port1: unable to enumerate USB device
[  935.388932][T18743] usb usb8: usbfs: process 18743 (syz.4.3378) did not claim interface 0 before use
[  936.718782][T18745] wg1 speed is unknown, defaulting to 1000
[  936.725287][T18745] pimreg0 speed is unknown, defaulting to 1000
[  937.703520][T18746] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3378'.
[  937.959323][T18744] vcan0: tx drop: invalid da for name 0x0000000000000001
[  941.281934][T18785] vlan2: entered promiscuous mode
[  941.284882][T18785] vlan2: entered allmulticast mode
[  941.287746][T18785] hsr_slave_1: entered allmulticast mode
[  943.406292][T18809] usb usb8: usbfs: process 18809 (syz.3.3390) did not claim interface 0 before use
[  943.677885][T18818] wg1 speed is unknown, defaulting to 1000
[  943.684733][T18818] pimreg0 speed is unknown, defaulting to 1000
[  943.828427][T18821] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3390'.
[  943.931551][T18824] usb usb8: usbfs: process 18824 (syz.0.3393) did not claim interface 0 before use
[  945.880774][T18834] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3393'.
[  945.916185][T18835] vcan0: tx drop: invalid da for name 0x0000000000000001
[  946.260566][T18830] wg1 speed is unknown, defaulting to 1000
[  946.263589][T18830] pimreg0 speed is unknown, defaulting to 1000
[  946.526493][T18844] efs: device does not support 512 byte blocks
[  946.529840][T18844] device does not support 512 byte blocks
[  946.529840][T18844] 
[  947.649820][T18851] 
[  947.651024][T18851] ======================================================
[  947.654105][T18851] WARNING: possible circular locking dependency detected
[  947.657672][T18851] syzkaller #0 Tainted: G             L     
[  947.660606][T18851] ------------------------------------------------------
[  947.663548][T18851] syz.6.3400/18851 is trying to acquire lock:
[  947.666189][T18851] ffffffff8e9aa8a0 (fs_reclaim){+.+.}-{0:0}, at: kmem_cache_alloc_node_noprof+0x53/0x6f0
[  947.671277][T18851] 
[  947.671277][T18851] but task is already holding lock:
[  947.674500][T18851] ffff88802ad1ec60 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110
[  947.678187][T18851] 
[  947.678187][T18851] which lock already depends on the new lock.
[  947.678187][T18851] 
[  947.682977][T18851] 
[  947.682977][T18851] the existing dependency chain (in reverse order) is:
[  947.687723][T18851] 
[  947.687723][T18851] -> #6 (sk_lock-AF_INET6){+.+.}-{0:0}:
[  947.691072][T18851]        lock_sock_nested+0x41/0xf0
[  947.693327][T18851]        inet_shutdown+0x67/0x410
[  947.695495][T18851]        nbd_mark_nsock_dead+0xae/0x5c0
[  947.697936][T18851]        recv_work+0x5fb/0x8c0
[  947.700088][T18851]        process_one_work+0xa23/0x19a0
[  947.702610][T18851]        worker_thread+0x5ef/0xe50
[  947.705250][T18851]        kthread+0x370/0x450
[  947.708155][T18851]        ret_from_fork+0x754/0xd80
[  947.710883][T18851]        ret_from_fork_asm+0x1a/0x30
[  947.713413][T18851] 
[  947.713413][T18851] -> #5 (&nsock->tx_lock){+.+.}-{4:4}:
[  947.717186][T18851]        __mutex_lock+0x1a2/0x1b90
[  947.719713][T18851]        nbd_queue_rq+0x428/0x1080
[  947.721904][T18851]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  947.724546][T18851]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  947.727672][T18851]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  947.731301][T18851]        blk_mq_run_hw_queue+0x23c/0x670
[  947.733990][T18851]        blk_mq_dispatch_list+0x51d/0x1360
[  947.736525][T18851]        blk_mq_flush_plug_list+0x130/0x600
[  947.739154][T18851]        __blk_flush_plug+0x2c4/0x4b0
[  947.741502][T18851]        __submit_bio+0x584/0x6c0
[  947.743904][T18851]        submit_bio_noacct_nocheck+0x562/0xc10
[  947.747028][T18851]        submit_bio_noacct+0xd17/0x2010
[  947.749757][T18851]        submit_bh_wbc+0x59c/0x770
[  947.751971][T18851]        block_read_full_folio+0x264/0x8e0
[  947.754484][T18851]        filemap_read_folio+0xfc/0x3b0
[  947.757047][T18851]        do_read_cache_folio+0x2d7/0x6b0
[  947.760066][T18851]        read_part_sector+0xd1/0x370
[  947.762867][T18851]        adfspart_check_ICS+0x93/0x910
[  947.765171][T18851]        bdev_disk_changed+0x7f8/0xc80
[  947.767506][T18851]        blkdev_get_whole+0x187/0x290
[  947.769782][T18851]        bdev_open+0x2c7/0xe40
[  947.772100][T18851]        blkdev_open+0x34e/0x4f0
[  947.774751][T18851]        do_dentry_open+0x6d8/0x1660
[  947.777260][T18851]        vfs_open+0x82/0x3f0
[  947.779224][T18851]        path_openat+0x208c/0x31a0
[  947.781348][T18851]        do_file_open+0x20e/0x430
[  947.783498][T18851]        do_sys_openat2+0x10d/0x1e0
[  947.785971][T18851]        __x64_sys_openat+0x12d/0x210
[  947.788683][T18851]        do_syscall_64+0x106/0xf80
[  947.791071][T18851]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.793751][T18851] 
[  947.793751][T18851] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  947.796917][T18851]        __mutex_lock+0x1a2/0x1b90
[  947.799622][T18851]        nbd_queue_rq+0xba/0x1080
[  947.801994][T18851]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  947.804567][T18851]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  947.807542][T18851]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  947.811051][T18851]        blk_mq_run_hw_queue+0x23c/0x670
[  947.814145][T18851]        blk_mq_dispatch_list+0x51d/0x1360
[  947.816642][T18851]        blk_mq_flush_plug_list+0x130/0x600
[  947.819218][T18851]        __blk_flush_plug+0x2c4/0x4b0
[  947.821527][T18851]        __submit_bio+0x584/0x6c0
[  947.823715][T18851]        submit_bio_noacct_nocheck+0x562/0xc10
[  947.826830][T18851]        submit_bio_noacct+0xd17/0x2010
[  947.829502][T18851]        submit_bh_wbc+0x59c/0x770
[  947.831733][T18851]        block_read_full_folio+0x264/0x8e0
[  947.834199][T18851]        filemap_read_folio+0xfc/0x3b0
[  947.836652][T18851]        do_read_cache_folio+0x2d7/0x6b0
[  947.839459][T18851]        read_part_sector+0xd1/0x370
[  947.841823][T18851]        adfspart_check_ICS+0x93/0x910
[  947.844242][T18851]        bdev_disk_changed+0x7f8/0xc80
[  947.846532][T18851]        blkdev_get_whole+0x187/0x290
[  947.848889][T18851]        bdev_open+0x2c7/0xe40
[  947.851327][T18851]        blkdev_open+0x34e/0x4f0
[  947.854070][T18851]        do_dentry_open+0x6d8/0x1660
[  947.856444][T18851]        vfs_open+0x82/0x3f0
[  947.858551][T18851]        path_openat+0x208c/0x31a0
[  947.860885][T18851]        do_file_open+0x20e/0x430
[  947.863183][T18851]        do_sys_openat2+0x10d/0x1e0
[  947.865536][T18851]        __x64_sys_openat+0x12d/0x210
[  947.868260][T18851]        do_syscall_64+0x106/0xf80
[  947.870893][T18851]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  947.873104][T18851] 
[  947.873104][T18851] -> #3 (set->srcu){.+.+}-{0:0}:
[  947.875395][T18851]        __synchronize_srcu+0xa2/0x300
[  947.877383][T18851]        blk_mq_quiesce_queue+0x149/0x1c0
[  947.879477][T18851]        elevator_switch+0x17b/0x7e0
[  947.881224][T18851]        elevator_change+0x352/0x530
[  947.883057][T18851]        elevator_set_default+0x29e/0x360
[  947.885251][T18851]        blk_register_queue+0x412/0x590
[  947.888062][T18851]        __add_disk+0x73f/0xe40
[  947.889848][T18851]        add_disk_fwnode+0x118/0x5c0
[  947.891651][T18851]        nbd_dev_add+0x77a/0xb10
[  947.893346][T18851]        nbd_init+0x291/0x2b0
[  947.895059][T18851]        do_one_initcall+0x11d/0x760
[  947.896892][T18851]        kernel_init_freeable+0x6e5/0x7a0
[  947.898906][T18851]        kernel_init+0x1f/0x1e0
[  947.900581][T18851]        ret_from_fork+0x754/0xd80
[  947.902532][T18851]        ret_from_fork_asm+0x1a/0x30
[  947.904392][T18851] 
[  947.904392][T18851] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  947.907042][T18851]        __mutex_lock+0x1a2/0x1b90
[  947.908892][T18851]        elevator_change+0x1bc/0x530
[  947.910753][T18851]        elevator_set_none+0x92/0xf0
[  947.912578][T18851]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  947.914755][T18851]        nbd_start_device+0x1a6/0xbd0
[  947.916618][T18851]        nbd_genl_connect+0xff2/0x1a40
[  947.918503][T18851]        genl_family_rcv_msg_doit+0x214/0x300
[  947.920570][T18851]        genl_rcv_msg+0x560/0x800
[  947.922331][T18851]        netlink_rcv_skb+0x159/0x420
[  947.924102][T18851]        genl_rcv+0x28/0x40
[  947.925670][T18851]        netlink_unicast+0x5aa/0x870
[  947.927592][T18851]        netlink_sendmsg+0x8b0/0xda0
[  947.929414][T18851]        ____sys_sendmsg+0x9e1/0xb70
[  947.931245][T18851]        ___sys_sendmsg+0x190/0x1e0
[  947.933270][T18851]        __sys_sendmsg+0x170/0x220
[  947.934997][T18851]        __do_fast_syscall_32+0xe3/0x8c0
[  947.936808][T18851]        do_fast_syscall_32+0x32/0x70
[  947.938592][T18851]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  947.940821][T18851] 
[  947.940821][T18851] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  947.943989][T18851]        blk_alloc_queue+0x610/0x790
[  947.946012][T18851]        blk_mq_alloc_queue+0x174/0x290
[  947.948063][T18851]        __blk_mq_alloc_disk+0x29/0x120
[  947.950414][T18851]        nbd_dev_add+0x492/0xb10
[  947.952416][T18851]        nbd_init+0x291/0x2b0
[  947.954336][T18851]        do_one_initcall+0x11d/0x760
[  947.956497][T18851]        kernel_init_freeable+0x6e5/0x7a0
[  947.958812][T18851]        kernel_init+0x1f/0x1e0
[  947.961088][T18851]        ret_from_fork+0x754/0xd80
[  947.963562][T18851]        ret_from_fork_asm+0x1a/0x30
[  947.965748][T18851] 
[  947.965748][T18851] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  947.968624][T18851]        __lock_acquire+0x14b8/0x2630
[  947.970402][T18851]        lock_acquire+0x1cf/0x380
[  947.972041][T18851]        fs_reclaim_acquire+0xc4/0x100
[  947.973828][T18851]        kmem_cache_alloc_node_noprof+0x53/0x6f0
[  947.976031][T18851]        kmalloc_reserve+0x148/0x350
[  947.978012][T18851]        __alloc_skb+0x185/0x710
[  947.980027][T18851]        tcp_send_active_reset+0x8b/0xa60
[  947.982257][T18851]        __tcp_close+0x41e/0x1110
[  947.984075][T18851]        tcp_close+0x28/0x110
[  947.985691][T18851]        inet_release+0xed/0x200
[  947.987490][T18851]        inet6_release+0x4f/0x70
[  947.989248][T18851]        __sock_release+0xb3/0x260
[  947.991032][T18851]        sock_close+0x1c/0x30
[  947.992725][T18851]        __fput+0x3ff/0xb40
[  947.994548][T18851]        task_work_run+0x150/0x240
[  947.996598][T18851]        exit_to_user_mode_loop+0x100/0x4a0
[  947.999020][T18851]        __do_fast_syscall_32+0x578/0x8c0
[  948.001092][T18851]        do_fast_syscall_32+0x32/0x70
[  948.003022][T18851]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  948.005368][T18851] 
[  948.005368][T18851] other info that might help us debug this:
[  948.005368][T18851] 
[  948.008944][T18851] Chain exists of:
[  948.008944][T18851]   fs_reclaim --> &nsock->tx_lock --> sk_lock-AF_INET6
[  948.008944][T18851] 
[  948.013987][T18851]  Possible unsafe locking scenario:
[  948.013987][T18851] 
[  948.016923][T18851]        CPU0                    CPU1
[  948.018825][T18851]        ----                    ----
[  948.020563][T18851]   lock(sk_lock-AF_INET6);
[  948.022140][T18851]                                lock(&nsock->tx_lock);
[  948.024489][T18851]                                lock(sk_lock-AF_INET6);
[  948.026898][T18851]   lock(fs_reclaim);
[  948.028379][T18851] 
[  948.028379][T18851]  *** DEADLOCK ***
[  948.028379][T18851] 
[  948.032270][T18851] 2 locks held by syz.6.3400/18851:
[  948.034833][T18851]  #0: ffff888044bc1908 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260
[  948.039395][T18851]  #1: ffff88802ad1ec60 (sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_close+0x1d/0x110
[  948.043245][T18851] 
[  948.043245][T18851] stack backtrace:
[  948.046189][T18851] CPU: 2 UID: 0 PID: 18851 Comm: syz.6.3400 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  948.046222][T18851] Tainted: [L]=SOFTLOCKUP
[  948.046230][T18851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  948.046244][T18851] Call Trace:
[  948.046253][T18851]  <TASK>
[  948.046263][T18851]  dump_stack_lvl+0x100/0x190
[  948.046326][T18851]  print_circular_bug.cold+0x178/0x1c7
[  948.046362][T18851]  check_noncircular+0x146/0x160
[  948.046387][T18851]  ? __kasan_mempool_unpoison_object+0xea/0x160
[  948.046415][T18851]  __lock_acquire+0x14b8/0x2630
[  948.046445][T18851]  lock_acquire+0x1cf/0x380
[  948.046468][T18851]  ? kmem_cache_alloc_node_noprof+0x53/0x6f0
[  948.046504][T18851]  fs_reclaim_acquire+0xc4/0x100
[  948.046527][T18851]  ? kmem_cache_alloc_node_noprof+0x53/0x6f0
[  948.046557][T18851]  kmem_cache_alloc_node_noprof+0x53/0x6f0
[  948.046587][T18851]  ? kmalloc_reserve+0x148/0x350
[  948.046615][T18851]  kmalloc_reserve+0x148/0x350
[  948.046641][T18851]  __alloc_skb+0x185/0x710
[  948.046669][T18851]  ? __alloc_skb+0x5b7/0x710
[  948.046697][T18851]  ? __pfx___alloc_skb+0x10/0x10
[  948.046726][T18851]  ? skb_attempt_defer_free+0x2f3/0x810
[  948.046808][T18851]  tcp_send_active_reset+0x8b/0xa60
[  948.046843][T18851]  __tcp_close+0x41e/0x1110
[  948.046873][T18851]  tcp_close+0x28/0x110
[  948.046901][T18851]  inet_release+0xed/0x200
[  948.046929][T18851]  inet6_release+0x4f/0x70
[  948.046956][T18851]  __sock_release+0xb3/0x260
[  948.046979][T18851]  ? __pfx_sock_close+0x10/0x10
[  948.047000][T18851]  sock_close+0x1c/0x30
[  948.047020][T18851]  __fput+0x3ff/0xb40
[  948.047048][T18851]  ? _raw_spin_unlock_irq+0x23/0x50
[  948.047139][T18851]  task_work_run+0x150/0x240
[  948.047172][T18851]  ? __pfx_task_work_run+0x10/0x10
[  948.047207][T18851]  exit_to_user_mode_loop+0x100/0x4a0
[  948.047241][T18851]  __do_fast_syscall_32+0x578/0x8c0
[  948.047269][T18851]  do_fast_syscall_32+0x32/0x70
[  948.047295][T18851]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  948.047325][T18851] RIP: 0023:0xf7ff8f6c
[  948.047346][T18851] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  948.047369][T18851] RSP: 002b:00000000ffdf5d4c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[  948.047395][T18851] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  948.047410][T18851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  948.047424][T18851] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  948.047438][T18851] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  948.047452][T18851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  948.047473][T18851]  </TASK>
[  954.686069][T12757] Bluetooth: hci4: command 0x0406 tx timeout