last executing test programs:

9m35.703473328s ago: executing program 0 (id=947):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
iopl(0x3)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
iopl(0x9)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x1b)
read(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000001500000008ffffffbd0301000000000095000000000000006916200000000000bf67000000000000170600000fff0700670600001f000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
timer_settime(0x0, 0x0, &(0x7f0000000500)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmsg$unix(r1, 0x0, 0x24008091)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
unshare(0x20000400)
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind(r5, &(0x7f0000000580)=@l2tp={0x2, 0x0, @private=0x2000000, 0x2}, 0x80)
timer_getoverrun(r2)
sendto$inet6(r4, 0x0, 0x0, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback}, 0x1c)
sendto$inet6(r4, 0x0, 0x0, 0x800, 0x0, 0x0)

9m34.633888308s ago: executing program 0 (id=955):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x25cfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0x2, 0xffff}, {0x7, 0xe}}, [@qdisc_kind_options=@q_sfb={{0xfffffffffffffcf2}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3, 0x3ff, 0xfffffef2, 0x80, 0x350, 0x2, 0x2, 0xf7d, 0x5}}}}]}, 0x58}}, 0x80)
socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f00000000c0)={0xf0f041})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r4 = openat(0xffffffffffffffff, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0xf20f, 0x40, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000000))
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$kcm(r8, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r8, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0xfffe, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003580)=ANY=[@ANYBLOB="20000000240000012ebd7000fbdbdf25027c00000cb9fd72c32d9e5e2fa29c79"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='Xs\x00', @ANYRESDEC=r7, @ANYRESDEC=r6, @ANYRES16=r5, @ANYRESDEC], 0x58}, 0x1, 0x0, 0x0, 0x20010005}, 0x20000000)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x8040044}, 0x810)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000015c0)=ANY=[@ANYBLOB="18000000041401002dbd7000fedbdf25080001000000000fba30b28e994c1a08786eb807e0000000000000000000009fe70ba83a7a66e67a0bae5cfaccbbb81e28d7b568da", @ANYRESHEX, @ANYRESOCT], 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x880)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4848}, 0x0)

9m33.453208301s ago: executing program 0 (id=957):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x10, 0x0, 0x25dfdbfd, {}, [{0x90, 0x1, [@m_ct={0x44, 0x102, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r5 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)={0xc0000000})
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000080)={0x8004, 0x5, 0x800405a, 0xc, 0x16, "c20dadf18d07f4c58200777dbcacf000"})
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x6)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000070601080000000000000000000000000500010006"], 0x1c}, 0x1, 0x3f}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
syz_open_procfs(r0, &(0x7f0000000300)='net/ip_vs_stats_percpu\x00')
add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$VIDIOC_SUBDEV_S_CROP(0xffffffffffffffff, 0xc038563c, &(0x7f0000000080)={0x0, 0x0, {0x1, 0x3, 0x20000000}})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x2000, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002e00010500000000fcdbdf25040000000c000c000100000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x4c0d9}, 0x20000000)

9m33.093401775s ago: executing program 0 (id=959):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2})
r1 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0)
ioctl$BTRFS_IOC_SUBVOL_SYNC_WAIT(r1, 0x40109441, &(0x7f0000000140)={0x0, 0x2, 0xffffffe0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000340), 0xc, &(0x7f0000000700)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELTABLE={0x1c, 0x2, 0xa, 0x0, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x4804)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800e00010069703665727370616e0000002000028006000200300000001400060000000000000000000000ffff7f00000108000a00", @ANYRES32], 0x5c}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010000, 0x0, 0x4}]})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
mount_setattr(0xffffffffffffff9c, 0x0, 0x1800, &(0x7f0000000100)={0x4, 0x100008, 0xa8ad303474ade3b5}, 0x20)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r6, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000180)=0xf9)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)=0xd)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000280)=0xb3)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000100))
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000400)={{{@in=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000500)=0xe4)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f0000002140)={0x2020, 0x0, 0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
syz_fuse_handle_req(r8, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x1, {0x6, 0x2, 0x9, 0xfffffffffffffffd, 0x6, 0x0, {0x40, 0x0, 0xb, 0xfffc, 0x0, 0x1, 0x0, 0xffffffff, 0x120, 0x2000, 0xa8, r9, r10, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
mount$fuse(0x0, &(0x7f0000000240)='./file0/../file0\x00', &(0x7f00000002c0), 0x120080, &(0x7f0000000540)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r7}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@default_permissions}], [{@subj_role={'subj_role', 0x3d, '/dev/ptmx\x00'}}, {@dont_appraise}, {@flag='nolazytime'}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/ptmx\x00'}}, {@subj_user={'subj_user', 0x3d, '\'[]\\(('}}, {@uid_lt={'uid<', 0xee01}}]}})
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000000c0))
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000300)=0xa)

9m32.002760793s ago: executing program 0 (id=969):
fsetxattr$trusted_overlay_origin(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, 0x0, 0x48080)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000500)=ANY=[@ANYBLOB="a0000000", @ANYRES16, @ANYBLOB="050424bd7000fedbdf2501000000", @ANYRES32=0x0, @ANYBLOB="84000280400001"], 0xa0}, 0x1, 0x0, 0x0, 0xaddf11c998560ddf}, 0x24040084)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="180100002f00010000000000fcdbdf2507"], 0x118}], 0x1, 0x0, 0x0, 0x4000}, 0x0)

9m31.751196784s ago: executing program 0 (id=970):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000180), 0x880060, &(0x7f0000001400)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [{@subj_user={'subj_user', 0x3d, '\x00'}}, {@fowner_eq}, {@uid_gt}], 0x2f})

9m31.600073281s ago: executing program 32 (id=970):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000180), 0x880060, &(0x7f0000001400)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [{@subj_user={'subj_user', 0x3d, '\x00'}}, {@fowner_eq}, {@uid_gt}], 0x2f})

4m26.703411198s ago: executing program 1 (id=2536):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x14, 0x2, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x40000)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a310000"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000000000)={0x2c, 0x0, 0x400, 0x70bd29, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x4}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x810)

4m26.702934193s ago: executing program 1 (id=2537):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xf9, 0x7fff0000}]})
r1 = socket$pptp(0x18, 0x1, 0x2)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000280)={0x0, &(0x7f00000000c0)}, 0x8)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3882)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
setfsgid(0x0)
syz_pidfd_open(0x0, 0x0)
r3 = accept4$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs, &(0x7f00000001c0)=0x6e, 0x0)
sendmmsg$unix(r3, 0x0, 0x0, 0x4000885)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)

4m26.447776346s ago: executing program 1 (id=2540):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setuid(0xee00)
r3 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000), &(0x7f0000000000))
setrlimit(0x40000000000008, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)

4m25.196411746s ago: executing program 1 (id=2543):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xf9, 0x7fff0000}]})
socket$pptp(0x18, 0x1, 0x2)
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3882)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000003280)={0x73622a85, 0xa, 0x4})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
setfsgid(0x0)
syz_pidfd_open(0x0, 0x0)
r2 = accept4$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs, &(0x7f00000001c0)=0x6e, 0x0)
sendmmsg$unix(r2, 0x0, 0x0, 0x4000885)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x1, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)

4m24.995248385s ago: executing program 1 (id=2545):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='loginuid\x00')
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7", @ANYRES32=r0, @ANYRES8=r0], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x8, 0x0, 0x0, 0x0, 0xb4d, 0x209, 0x3, 0x0, 0x3}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x48083, 0x0)
io_submit(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f002})
getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x50, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000080)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="8022050000008890c0a2c0"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)={0x200000, 0x200000, 0x80, 0x0, 0x9, 0x2})
io_setup(0x4, &(0x7f0000001000)=<r4=>0x0)
io_getevents(r4, 0x3, 0x0, &(0x7f0000000280), &(0x7f0000001140)={0x0, 0x3938700})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x0, 0x96}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004000000000000cc306f9dd3b46d0c5f27e9e3310d7110bbfc98a5d5d04b67569fe2ea61490462f96c26e9e31bb210e7326aa6440b6590b92063158e8109c80d8e9f83bd83326afb622155045ef0c0e27df9bba5e4f951300997338899c2b2eb4f0d24a1dced11e02a46c23b32a332abb45e9033f8383eb9263da64795f92b2ec3e96d5789a7cdb0c42d1156cb98ff4d0efea117c01f9bad00bbc764fafe6f4540db83864657adbb46b5af4cad95c0423e1339c419fab65e5915899036cc8fc41b95017e5ed95facf50ec06c87a375a17c6eb09eee18eb0accc0957fce7af5c404ab1eb6"], 0x0, 0x26, 0x0, 0x1, 0xfffffffc}, 0x28)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r0, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x8, 0xee, 0x8, 0x0, 0x0}}, 0x10)
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f00000002c0)={@mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x1, 0x6, 0x8, 0x100, 0x4, 0x2080005})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7ffff, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
lsm_get_self_attr(0x64, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={@empty, @private2, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x80000021, 0x1, 0x0, 0x480, 0x6, 0x390023})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)

4m22.944472654s ago: executing program 1 (id=2552):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setuid(0xee00)
r3 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000), &(0x7f0000000000))
setrlimit(0x40000000000008, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)

4m22.869915797s ago: executing program 33 (id=2552):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setuid(0xee00)
r3 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000), &(0x7f0000000000))
setrlimit(0x40000000000008, &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)

8.420115422s ago: executing program 2 (id=3489):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_clone3(&(0x7f0000000300)={0x101004880, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[], 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r1, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x1000, 0x30}, &(0x7f0000000040)=0xc)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0xef, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0x0, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000003e40)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9bb759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be9b0220836729028b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb3596b61675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb6ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd"], &(0x7f0000000340)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff892f00004000633277fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0}, 0x4c)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000680)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="10c32900000000dbdf253700000008005700020000000800342b675bd3758e792c34cc5bf858e26599e2cb3688532661feb890f64900270002000000a75f59d89d3639214e59f560db111da535aced570a3768b9995bbd315f65ade2"], 0x2c}, 0x1, 0x0, 0x0, 0x4004000}, 0x40010)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r4 = gettid()
syz_clone3(&(0x7f0000000200)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[r4], 0x1}, 0x58)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000005c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xf}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000040}, 0x0)

7.64277661s ago: executing program 2 (id=3491):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000840), 0xffffffffffffffff)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x64, 0x4, 0x318, 0x100000c, 0x0, 0x1c0, 0xc0, 0xffffffff, 0xffffffff, 0x280, 0x280, 0x280, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @rand_addr, 0x0, 0x0, 'veth0_vlan\x00', 'syzkaller1\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'pim6reg0\x00', 'lo\x00'}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a2f3"}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x378)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f0000048040)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x4008af21, &(0x7f0000000380))
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000840)=@newtfilter={0x110, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xe, 0x7}, {0x0, 0x4}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xe0, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0xa4, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x24, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xdd13}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1af}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0xcc}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x2c, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0xf}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0xa44a}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xe147}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x4}, @TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK={0x8, 0x1c, 0xffffffff}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_MPLS_TC={0x5, 0x45, 0x80}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0x80}, 0x0)
fsopen(&(0x7f0000000000)='ubifs\x00', 0x0)
r10 = syz_usb_connect$lan78xx(0x6, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r10, &(0x7f0000000380)={0x14, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)=ANY=[]}, &(0x7f0000000600)={0x34, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000400)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000440)={0x0, 0x8, 0x1}, &(0x7f0000000480)={0xc0, 0xa1, 0x4, 0x7}, &(0x7f00000004c0)={0x40, 0xa0, 0x4, 0x4}, 0x0})
syz_clone(0x13020000, &(0x7f0000000100)="4ba57e5a6b1968", 0x7, 0x0, &(0x7f00000001c0), &(0x7f0000000640))
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x38, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x38}}, 0x20040000)

7.618691006s ago: executing program 4 (id=3492):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='loginuid\x00')
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000", @ANYRES32=r0, @ANYRES8=r0], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x8, 0x0, 0x0, 0x0, 0xb4d, 0x209, 0x3, 0x0, 0x3}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x48083, 0x0)
io_submit(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f002})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x50, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000080)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="8022050000008890c0a2c0"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)={0x200000, 0x200000, 0x80, 0x0, 0x9, 0x2})
io_setup(0x4, &(0x7f0000001000)=<r5=>0x0)
io_getevents(r5, 0x3, 0x0, &(0x7f0000000280), &(0x7f0000001140)={0x0, 0x3938700})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x0, 0x96}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004000000000000cc306f9dd3b46d0c5f27e9e3310d7110bbfc98a5d5d04b67569fe2ea61490462f96c26e9e31bb210e7326aa6440b6590b92063158e8109c80d8e9f83bd83326afb622155045ef0c0e27df9bba5e4f951300997338899c2b2eb4f0d24a1dced11e02a46c23b32a332abb45e9033f8383eb9263da64795f92b2ec3e96d5789a7cdb0c42d1156cb98ff4d0efea117c01f9bad00bbc764fafe6f4540db83864657adbb46b5af4cad95c0423e1339c419fab65e5915899036cc8fc41b95017e5ed95facf50ec06c87a375a17c6eb09eee18eb0accc0957fce7af5c404ab1eb6"], 0x0, 0x26, 0x0, 0x1, 0xfffffffc}, 0x28)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r0, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x8, 0xee, 0x8, 0x0, 0x0}}, 0x10)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000002c0)={@mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x1, 0x6, 0x8, 0x100, 0x4, 0x2080005})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7ffff, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
lsm_get_self_attr(0x64, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={@empty, @private2, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x80000021, 0x1, 0x0, 0x480, 0x6, 0x390023})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)

6.18749377s ago: executing program 2 (id=3494):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
mq_open(&(0x7f0000000100)='&\x00', 0x40, 0x100, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000001300), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0xc044)
syz_open_procfs(0x0, &(0x7f0000000240)='gid_map\x00')
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socket(0xa, 0x3, 0x3a)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f0000000040)={{@local, 0x28}, @hyper, 0xc, 0x7, 0x8889, 0x2, 0x0, 0x8000, 0x80000000})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
bind$alg(r0, 0x0, 0x0)

4.829899241s ago: executing program 3 (id=3504):
socket(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000300)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff30, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000000)={0x30000008})
r6 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r4, r6, 0x0, 0x3)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000000)=ANY=[], 0x24, 0x0)
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
listen(r7, 0x1ad72f7)
accept4(r7, 0x0, 0x0, 0x80000)

4.624903402s ago: executing program 2 (id=3505):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000000))
bind$netrom(0xffffffffffffffff, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x5, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0x3, 0x4, 0xe79, 0x7, 0x1, 0xfffffffe, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x4, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x3, 0x2, 0x6, 0x7ff, 0xb8547353], [0x4, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0x800000c, 0xf, 0x4, 0x6, 0x1, 0x9, 0x800098, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a97, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x5, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x37, 0x2, 0x20, 0xee40000, 0x1, 0x1, 0x4, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000006, 0x2, 0xfffffffa, 0x800, 0x7, 0x7, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x40006, 0x2, 0x0, 0x8, 0x1, 0x55f2, 0xdf46, 0x0, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0xa, 0x2, 0xffffff00, 0xda15, 0x82, 0x2, 0x10], [0x3, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x401, 0x6, 0x20c, 0xffffffff, 0xa18, 0x61cc, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x8, 0x8003c, 0x1000, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x3be, 0xeff]}, 0x45c)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
close(0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x8, &(0x7f0000000600)=<r5=>0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c9, &(0x7f0000000500))
io_submit(r5, 0x0, &(0x7f0000000180))
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa18c45d9979c908004600002c0000000000069078ac1e0800ac1414aa9404000000004e22efc6be3cf8dae476cf62f76e413d2daf22dd3dcb8f3e9861956cb939fbbecc4da189852bf9b3e942480bf1b903ad3a5bdc7c7e260131ed1f2dc91d924ee28bd0016fcc330000000000000007f5cd1a2e4ed7f4ae8202c58305914db8242e1009fdf34a9dcf1f6a7fff46ca8b7d956aaf5292416598a7e5", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02fffe90788000"], 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x41}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)=""/230, 0xe6}, {&(0x7f0000003bc0)=""/4085, 0xff5}, {&(0x7f0000000200)=""/253, 0xfd}, {&(0x7f0000000580)=""/166, 0xa6}, {&(0x7f0000000040)=""/126, 0x7e}, {&(0x7f00000000c0)=""/44, 0x2c}], 0x6}, 0x9}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x3ff}], 0x4, 0x2120, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x0)

3.888642377s ago: executing program 4 (id=3509):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007500000095"], 0x0}, 0x94)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r2 = fcntl$dupfd(r1, 0x406, r1)
ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000580)={0x1, 0x1, 0xf, 0xe, 0x2, 0x0})
setsockopt(r0, 0xff, 0x5, &(0x7f0000002d80)="f0c46000", 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b7020000910c0000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000003000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000ba7ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe11cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f745837bf3cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f60000faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122765c8b7e89eddfc3783f6c9129a7c5f8ee4191dc152f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b668c71e26032176066599783568628f0309c3a3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd756d2f87b039d5430b3c6643e9146d2478ce31344b554aca78a00000000000000"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x1f2f, 0xe, 0x0, &(0x7f00000007c0)="9f44948721919580684010a486dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0xf0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.761883451s ago: executing program 4 (id=3511):
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)={0x44, 0xd, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x10, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0xc0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'hsr0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=ANY=[@ANYBLOB="8400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010007ef0000540012800c0001006d6163766c616e0044000280060002000100000008000900010000000800030003000000080007000500000008000100100000000600020001000000040005800a000400aaaaaaaaaa2e000008000500", @ANYRES32=r1], 0x84}}, 0x20008040)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf)
munlock(&(0x7f00004ec000/0x3000)=nil, 0x3000)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x15, 0x0, 0x40b, 0x9, 0xfffffffe})
write$bt_hci(r3, &(0x7f0000000080)=ANY=[], 0x6)

3.665666171s ago: executing program 4 (id=3512):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x8c, 0x30, 0x1, 0x0, 0x25dfdbff, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x22, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x6}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000180), 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000300), 0x8442, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10010, 0xffffffffffffffff, 0x13074000)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x380, 0x0, 0x111, 0x4b4, 0x1ac, 0xd4feffff, 0x2b8, 0x20a, 0x278, 0x2b8, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [0xffffff00, 0xffffff00], [0x0, 0xff000000, 0x0, 0xffffffff], 'ipvlan0\x00', 'ip_vti0\x00', {}, {0xff}, 0x6, 0xe}, 0x0, 0x188, 0x1ac, 0x0, {}, [@inet=@rpfilter={{0x24}, {0x4}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x7b}}]}, @common=@inet=@TCPMSS={0x24, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @mcast2, [], [], 'hsr0\x00', 'pim6reg1\x00'}, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x20, 0x1, 0xfffffffe, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3dc)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000040)=0x272)
sendfile(r4, r4, 0x0, 0x200000)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x11, &(0x7f0000000340)=ANY=[], 0x0)
r6 = fsopen(&(0x7f0000000080)='ufs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r6, 0x5, &(0x7f00000001c0)='!\x00', 0x0, r4)

3.544216178s ago: executing program 5 (id=3514):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000540000a3c000000090a00000000000000000a000004090001005e84231742ed1173797a310000000008008540000000020900020073797a310000000008000a40fffffffc400000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018005000100d1000000140000001100010000000000000000000100000a00004a47dd2dea18c6d9ebf7"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

3.242976779s ago: executing program 3 (id=3515):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x9f667fd378a54ed4)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r4, @ANYBLOB="0108000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000040)={0x10, 0x17, 0x2, {0xffffffffffffffc1, './file0'}}, 0xfffffdab)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0001}]})
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad7, 0x10000, 0x3}, 0x0, &(0x7f0000000280), &(0x7f0000000000))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000440)={0xfffffeff})
close(r7)
socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x18, 0x803, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r9, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x48}, {0x0, 0x2}], 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xfefe, 0x2, 'syz0\x00', 0xfffffefd}, 0x1, 0x20, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x1b}, 0x1, 0x0, 0x0, 0x81}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="200000005e00010000000000000000000c0000000d000000ff86647bf3d92c231e2a974b022afc34b38525097ff6d68553305b75385b8650dcf20d6eb1bf5f65086e0368713db58b03bfa23e7a347bcc82bd9251a4e6aa158bdf4622664b7d656557a1b0e319defdd03a83c52c1e027685d68a18f43cd429ab0a39c2f8a4f9c167381a86f7440409adb8dec924637fb743af264fb710d01e5f3b11ee7c5c131dd6b4ef3e885afe80b7c7bdd4a025ca1982807cfe07feb901cc0961cef45c948d752e0493c5b16c47f6d074add77e866531a997c3acdb"], 0x20}], 0x1, 0x0, 0x5a}, 0x0)

3.242754497s ago: executing program 5 (id=3516):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_pressure(r0, 0x0, 0x2, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000080)={'some', 0x20, 0xfffffffffffffff2, 0x20, 0x2}, 0x2f)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "b4e1cb02caed70def93a79a60b22c04bf05c974bcda3bcf1d7bf99b64d3c6ef542217ee2ea2d26468fef32692f8603282c79dae14f63654a45edfb14b7b1f07e", 0x19}, 0x48, 0xffffffffffffffff)
dup(r2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010000104fcfffffffcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32, @ANYBLOB="08001f000500ec00"], 0x44}, 0x1, 0x0, 0x0, 0x240088d0}, 0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000140)=0x9)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x2d, &(0x7f0000000200)="34bad5308d0b3cd70d921c38cb8e4511ea9449e177184dd7100334b31cc6558f3812a69f7d31e814ccbdf16b6c0faa07e00f4d8faaad1e36bd3313c54864beef9d8ef5912928fb52074333c4511316897e4a8eaa8e61ad2806c3a5c8a156ff41b3b6f964be4727df37ef7e35a9c9d3c3c54b9983ab632f19a5d9491aa816d20559c4fda430", 0x85)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0a00000004000000020000000200000000000000e308ffb0338104e94f91a70aaa507970af016732b982e599dfbab2b1513e4a03d1c649f3d15dac10a7d48d686fa458a6f53f511f28ca592c1307750efaab2d03184ac8b18ff6f6003dd4829db8097b84635c53b3f4ea3501bd78f0cba75d5bd38aa3d22322ff8802cd1b28b5057dffa6872b43fa010a9f6d7a038a56b59c0f96cd722062ea8846b9d354a55511220c420a49b707e027f8453974783d1861691c284c5ae207003e2dd2f7f3baea", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r6}, 0xc)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000400019070000000000000025037c00000c00428008000a"], 0x20}, 0x1, 0x0, 0x0, 0x48814}, 0xc000)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtfilter={0x34, 0x2c, 0xd27, 0x10, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x8, 0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0xc004)
r8 = fsopen(&(0x7f0000000000)='udf\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0)
read(r8, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000002100)='net/ip6_tables_matches\x00')

3.240689297s ago: executing program 2 (id=3517):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='loginuid\x00')
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022400010000", @ANYRES32=r0, @ANYRES8=r0], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x8, 0x0, 0x0, 0x0, 0xb4d, 0x209, 0x3, 0x0, 0x3}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x48083, 0x0)
io_submit(0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0xf0f002})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r3, 0x29, 0x50, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000080)={0x14, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="8022050000008890c0a2c0"], 0x0}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000100)={0x200000, 0x200000, 0x80, 0x0, 0x9, 0x2})
io_setup(0x4, &(0x7f0000001000)=<r5=>0x0)
io_getevents(r5, 0x3, 0x0, &(0x7f0000000280), &(0x7f0000001140)={0x0, 0x3938700})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x0, 0x96}, 0x28)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004000000000000cc306f9dd3b46d0c5f27e9e3310d7110bbfc98a5d5d04b67569fe2ea61490462f96c26e9e31bb210e7326aa6440b6590b92063158e8109c80d8e9f83bd83326afb622155045ef0c0e27df9bba5e4f951300997338899c2b2eb4f0d24a1dced11e02a46c23b32a332abb45e9033f8383eb9263da64795f92b2ec3e96d5789a7cdb0c42d1156cb98ff4d0efea117c01f9bad00bbc764fafe6f4540db83864657adbb46b5af4cad95c0423e1339c419fab65e5915899036cc8fc41b95017e5ed95facf50ec06c87a375a17c6eb09eee18eb0accc0957fce7af5c404ab1eb6"], 0x0, 0x26, 0x0, 0x1, 0xfffffffc}, 0x28)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r0, 0xe0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x8, 0xee, 0x8, 0x0, 0x0}}, 0x10)
ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000002c0)={@mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x1, 0x6, 0x8, 0x100, 0x4, 0x2080005})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7ffff, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
lsm_get_self_attr(0x64, 0x0, 0x0, 0x0)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000340)={@empty, @private2, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x80000021, 0x1, 0x0, 0x480, 0x6, 0x390023})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)

3.240442189s ago: executing program 5 (id=3518):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x9f667fd378a54ed4)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r4, @ANYBLOB="0108000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000040)={0x10, 0x17, 0x2, {0xffffffffffffffc1, './file0'}}, 0xfffffdab)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0001}]})
socket(0x1e, 0x4, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad7, 0x10000, 0x3}, 0x0, &(0x7f0000000280), &(0x7f0000000000))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000440)={0xfffffeff})
close(r7)
socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x18, 0x803, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r9, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x48}, {0x0, 0x2}], 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xfefe, 0x2, 'syz0\x00', 0xfffffefd}, 0x1, 0x20, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x1b}, 0x1, 0x0, 0x0, 0x81}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="200000005e00010000000000000000000c0000000d000000ff86647bf3d92c231e2a974b022afc34b38525097ff6d68553305b75385b8650dcf20d6eb1bf5f65086e0368713db58b03bfa23e7a347bcc82bd9251a4e6aa158bdf4622664b7d656557a1b0e319defdd03a83c52c1e027685d68a18f43cd429ab0a39c2f8a4f9c167381a86f7440409adb8dec924637fb743af264fb710d01e5f3b11ee7c5c131dd6b4ef3e885afe80b7c7bdd4a025ca1982807cfe07feb901cc0961cef45c948d752e0493c5b16c47f6d074add77e866531a997c3acdb"], 0x20}], 0x1, 0x0, 0x5a}, 0x0)

2.604482964s ago: executing program 3 (id=3519):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r0=>0x0)
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x8, @mcast2, 0x2}}}, 0x30)
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0)
write$binfmt_misc(r5, &(0x7f0000000980), 0xfdef)
splice(r1, 0x0, r5, 0x0, 0x80, 0x4)
clock_gettime(0x0, &(0x7f0000000040)={<r6=>0x0, <r7=>0x0})
timer_settime(r0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {r6, r7+10000000}}, 0x0)
read$FUSE(r4, &(0x7f0000000980)={0x2020}, 0x2020)

2.472761227s ago: executing program 5 (id=3520):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x4)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
migrate_pages(r1, 0x4, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)

2.383468732s ago: executing program 5 (id=3521):
socket(0x10, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r1, 0xffffffffffffffff, 0x1e, 0x0, @val=@netkit={@void, @value=r1}}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sysfs$2(0x2, 0x817fff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_getnexthop={0x34, 0x6a, 0x300, 0x70bd2d, 0x25dfdbfe, {}, [@NHA_GROUPS={0x4}, @NHA_ID={0x8, 0x1, 0x1}, @NHA_MASTER={0x8, 0xa, 0x2}, @NHA_MASTER={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x81)
close(0x3)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x800)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)

1.908082787s ago: executing program 4 (id=3522):
r0 = socket$packet(0x11, 0x3, 0x300) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newqdisc={0x70, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x6, 0x8, 0xfffffffe, 0xd99d}}]}]}}}]}, 0x70}}, 0x0) (async)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81e8943c, &(0x7f0000000800)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, <r4=>0x0})
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r2, 0xc0c09425, &(0x7f0000000700)={"6cfa717224453effe95975aae9abad8b", 0x0, r4, {}, {0x3, 0x2}, 0x9abd, [0x9, 0x9, 0x1, 0x6, 0x80000000, 0x1, 0x8f, 0x9, 0x81, 0x0, 0x6, 0x6, 0x7, 0x5, 0x2, 0xb45]})
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
recvmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000004140)=[{&(0x7f0000000240)=""/212, 0xd4}], 0x1}, 0x0)
sendto$packet(r0, &(0x7f00000002c0)="44c33b69ebc9e05e9bdec0c288a8", 0x12, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x14)

1.785078876s ago: executing program 4 (id=3523):
socket(0xa, 0x3, 0xff)
socket$igmp6(0xa, 0x3, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00')
preadv(r0, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/235, 0xeb}], 0x1, 0x24, 0x8080)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYRESDEC=r0], 0x50)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}, {{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x7}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5, 0x1, 0xb, 0x9, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x7, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{}, {0x6, 0x0, 0x5, 0x7, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xbe)

1.621066871s ago: executing program 3 (id=3525):
r0 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
ioctl$DVB_DVR_DMX_EXPBUF(0xffffffffffffffff, 0xc00c6f3e, &(0x7f0000000000)={0x8000, 0x0, r0})
socket$inet_mptcp(0x2, 0x1, 0x106)
preadv(r0, &(0x7f0000002340)=[{&(0x7f0000000040)=""/124, 0x7c}, {&(0x7f00000000c0)=""/4096, 0x1000}, {&(0x7f00000010c0)=""/67, 0x43}, {&(0x7f0000001140)=""/16, 0x10}, {&(0x7f0000001180)=""/186, 0xba}, {&(0x7f0000001240)=""/174, 0xae}, {&(0x7f0000001300)}, {&(0x7f0000001340)=""/4096, 0x1000}], 0x8, 0x389, 0x51a5)

1.620595158s ago: executing program 3 (id=3526):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x145, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000000c0), &(0x7f00000001c0), &(0x7f0000000000))
bind$netrom(0xffffffffffffffff, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3)
write$uinput_user_dev(r3, &(0x7f0000000080)={'syz1\x00', {0x3ff, 0x3, 0x4}, 0x4d, [0x10004, 0x6, 0x9, 0x8a4, 0xfffffffe, 0x2, 0x7fffffff, 0x80000001, 0x4, 0x1, 0xfd, 0x3c6, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x5, 0x1, 0x8, 0xffff, 0xe, 0xe, 0x10, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x6, 0xc, 0x3, 0x4, 0xe79, 0x7, 0x1, 0xfffffffe, 0x1, 0x4, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x4, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x3, 0x2, 0x6, 0x7ff, 0xb8547353], [0x4, 0xffffffff, 0x4, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0x800000c, 0xf, 0x4, 0x6, 0x1, 0x9, 0x800098, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x0, 0xd, 0x10001, 0xfffffffe, 0x6e38, 0x8000, 0xa, 0x6, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x9, 0xfff, 0x4, 0x0, 0x40000040, 0x1, 0x8, 0x5, 0x8, 0x0, 0x34f1, 0x1ff, 0x4, 0x1b2c5a97, 0x0, 0x9, 0x8, 0x0, 0x1, 0x1, 0x6, 0x6, 0xac, 0x2, 0x54, 0xcfb9], [0x5, 0xdb8, 0x9, 0x4, 0x2, 0x200006, 0x5, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x37, 0x2, 0x20, 0xee40000, 0x1, 0x1, 0x4, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000006, 0x2, 0xfffffffa, 0x800, 0x7, 0x7, 0x10000, 0x0, 0x1, 0xfffffffe, 0x3, 0x0, 0x4, 0x8c0, 0x9, 0x2, 0x8, 0x7, 0x40006, 0x2, 0x0, 0x8, 0x1, 0x55f2, 0xdf46, 0x0, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x2, 0xa, 0xa, 0x2, 0xffffff00, 0xda15, 0x82, 0x2, 0x10], [0x3, 0x897, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0xd, 0x7ff, 0x606, 0x5, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0xffffffff, 0x0, 0x401, 0x6, 0x20c, 0xffffffff, 0xa18, 0x61cc, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x5, 0x7, 0x101, 0x9, 0x3000000, 0x20e, 0x4000006, 0x7, 0xfffffffd, 0x9, 0x1, 0x4, 0x100009, 0x100, 0x8, 0x8003c, 0x1000, 0x3, 0x3, 0x15, 0x8000, 0x7, 0x81, 0x8, 0x7, 0xfffffffc, 0x4, 0x3be, 0xeff]}, 0x45c)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x9, 0x0, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04000000040010"], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
close(0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x8, &(0x7f0000000600)=<r5=>0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c9, &(0x7f0000000500))
io_submit(r5, 0x0, &(0x7f0000000180))
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f00000007c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa18c45d9979c908004600002c0000000000069078ac1e0800ac1414aa9404000000004e22efc6be3cf8dae476cf62f76e413d2daf22dd3dcb8f3e9861956cb939fbbecc4da189852bf9b3e942480bf1b903ad3a5bdc7c7e260131ed1f2dc91d924ee28bd0016fcc330000000000000007f5cd1a2e4ed7f4ae8202c58305914db8242e1009fdf34a9dcf1f6a7fff46ca8b7d956aaf5292416598a7e5", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5c02fffe90788000"], 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x41}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000300)=""/230, 0xe6}, {&(0x7f0000003bc0)=""/4085, 0xff5}, {&(0x7f0000000200)=""/253, 0xfd}, {&(0x7f0000000580)=""/166, 0xa6}, {&(0x7f0000000040)=""/126, 0x7e}, {&(0x7f00000000c0)=""/44, 0x2c}], 0x6}, 0x9}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x3ff}], 0x4, 0x2120, 0x0)
sendmsg$nl_generic(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4004088}, 0x0)

1.368394053s ago: executing program 5 (id=3527):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='net/unix\x00')
socket$inet6_sctp(0xa, 0x5, 0x84)
syz_open_procfs$pagemap(r0, &(0x7f0000000280))
socket$nl_route(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f0000000400), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x2, &(0x7f00000002c0)={<r4=>0x0, @in={{0x2, 0x0, @dev}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x9}, &(0x7f0000000380)=0x9c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000003c0)={r4, @in={{0x2, 0x0, @empty}}, 0x6}, &(0x7f0000000100)=0x9c)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8924, &(0x7f0000001300)={'nr0\x00'})
r6 = socket(0x11, 0x2, 0x0)
getsockopt$sock_buf(r6, 0x1, 0x1c, 0x0, &(0x7f0000000080))
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4, 0x80000000, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xf}, 0x1c)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0)

417.19032ms ago: executing program 3 (id=3528):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0x2, 0xffffffff}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0, 0x9f667fd378a54ed4)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r4, @ANYBLOB="0108000007500500580012800b0001006272696467650000480002800500190002000000050017"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
write$P9_RREADLINK(r2, &(0x7f0000000040)={0x10, 0x17, 0x2, {0xffffffffffffffc1, './file0'}}, 0xfffffdab)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x7fff0001}]})
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x80000007, 0x1}, 0x1c)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad7, 0x10000, 0x3}, 0x0, &(0x7f0000000280), &(0x7f0000000000))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000440)={0xfffffeff})
close(r7)
socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x18, 0x803, 0x0)
r9 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r9, 0xc0045516, &(0x7f0000000000)=0x639)
readv(r9, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x48}, {0x0, 0x2}], 0x2)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r9, 0xc1105517, &(0x7f00000002c0)={{0x0, 0x6, 0xfefe, 0x2, 'syz0\x00', 0xfffffefd}, 0x1, 0x20, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x1b}, 0x1, 0x0, 0x0, 0x81}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="200000005e00010000000000000000000c0000000d000000ff86647bf3d92c231e2a974b022afc34b38525097ff6d68553305b75385b8650dcf20d6eb1bf5f65086e0368713db58b03bfa23e7a347bcc82bd9251a4e6aa158bdf4622664b7d656557a1b0e319defdd03a83c52c1e027685d68a18f43cd429ab0a39c2f8a4f9c167381a86f7440409adb8dec924637fb743af264fb710d01e5f3b11ee7c5c131dd6b4ef3e885afe80b7c7bdd4a025ca1982807cfe07feb901cc0961cef45c948d752e0493c5b16c47f6d074add77e866531a997c3acdb"], 0x20}], 0x1, 0x0, 0x5a}, 0x0)

0s ago: executing program 2 (id=3529):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000840), 0xffffffffffffffff)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x64, 0x4, 0x318, 0x100000c, 0x0, 0x1c0, 0xc0, 0xffffffff, 0xffffffff, 0x280, 0x280, 0x280, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @rand_addr, 0x0, 0x0, 'veth0_vlan\x00', 'syzkaller1\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ip={@remote, @multicast2, 0x0, 0x0, 'pim6reg0\x00', 'lo\x00'}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x30}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a2f3"}}]}, @common=@inet=@TCPMSS={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x378)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f0000048040)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000540)={'pcl818\x00', [0x5c22, 0x3, 0x1, 0x0, 0xa, 0x7, 0xc, 0x7, 0x5, 0x800, 0x6b5b, 0x2, 0x3d, 0x403, 0x7, 0x1, 0x1, 0x0, 0x7, 0x40400003, 0x8c, 0x1007fff, 0x200006, 0xd, 0x8004, 0x8, 0x2, 0x8, 0x8, 0x1]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x4008af21, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000840)=@newtfilter={0x110, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xe, 0x7}, {0x0, 0x4}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xe0, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0xa4, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x24, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xdd13}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x1af}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0xcc}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x2c, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0xf}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0xa44a}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xe147}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x8}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x14, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0xc, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ICMPV6_TYPE_MASK={0x5}, @TCA_FLOWER_KEY_ENC_OPTS_MASK={0x4}, @TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK={0x8, 0x1c, 0xffffffff}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_MPLS_TC={0x5, 0x45, 0x80}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0x80}, 0x0)
fsopen(&(0x7f0000000000)='ubifs\x00', 0x0)
r10 = syz_usb_connect$lan78xx(0x6, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r10, &(0x7f0000000380)={0x14, &(0x7f0000000240)=ANY=[], &(0x7f0000000300)=ANY=[]}, &(0x7f0000000600)={0x34, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000400)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000440)={0x0, 0x8, 0x1}, &(0x7f0000000480)={0xc0, 0xa1, 0x4, 0x7}, &(0x7f00000004c0)={0x40, 0xa0, 0x4, 0x4}, 0x0})
syz_clone(0x13020000, &(0x7f0000000100)="4ba57e5a6b1968", 0x7, 0x0, &(0x7f00000001c0), &(0x7f0000000640))
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)={0x38, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8}}]}, 0x38}}, 0x20040000)

kernel console output (not intermixed with test programs):

 unevictable:1768 dirty:376 writeback:0
[  686.129727][T17478]  slab_reclaimable:6697 slab_unreclaimable:63349
[  686.129727][T17478]  mapped:26032 shmem:11950 pagetables:1390
[  686.129727][T17478]  sec_pagetables:313 bounce:0
[  686.129727][T17478]  kernel_misc_reclaimable:0
[  686.129727][T17478]  free:49244 free_pcp:0 free_cma:0
[  686.144634][T17478] Node 0 active_anon:4kB inactive_anon:364kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8596kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  686.144717][T17478] Node 0 DMA free:2452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  686.167486][T17478] lowmem_reserve[]: 0 285 285 285 285
[  686.167526][T17478] Node 0 DMA: 37*4kB (U) 14*8kB (U) 11*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2452kB
[  686.167644][T17478] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  686.167655][T17478] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  686.167764][T17478] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  686.167775][T17478] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  686.167785][T17478] 34645 total pagecache pages
[  686.169996][T17478] 1156 pages in swap cache
[  686.170004][T17478] Free swap  = 76240kB
[  686.170089][T17478] Total swap = 124996kB
[  686.170096][T17478] 524155 pages RAM
[  686.170100][T17478] 0 pages HighMem/MovableOnly
[  686.170182][T17478] 210148 pages reserved
[  686.170188][T17478] 0 pages cma reserved
[  686.827343][T17479] hsr0 speed is unknown, defaulting to 1000
[  687.183518][T13226] usb 48-1: device descriptor read/8, error -110
[  687.622156][T13226] usb usb48-port1: attempt power cycle
[  688.149495][T17505] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3045'.
[  688.156998][T17505] vlan2: entered allmulticast mode
[  688.158927][T17505] macsec0: entered allmulticast mode
[  688.161130][T17505] veth1_macvtap: entered allmulticast mode
[  688.225484][T17514] lo speed is unknown, defaulting to 1000
[  688.271085][T13226] usb usb48-port1: unable to enumerate USB device
[  688.381465][T17514] hsr0 speed is unknown, defaulting to 1000
[  689.271977][T17544] netlink: 'syz.5.3057': attribute type 1 has an invalid length.
[  689.275294][T17544] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3057'.
[  690.899943][T17566] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3063'.
[  691.122175][T17569] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  691.670280][T17575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  691.690038][T17575] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  694.603478][T17615] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3077'.
[  694.733971][T17615] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  696.301047][T17646] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  696.320532][T17648] overlay: Unknown parameter '.rsvd.usage_in_bytes'
[  696.437794][T14445] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[  696.447079][T17654] FAULT_INJECTION: forcing a failure.
[  696.447079][T17654] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  696.453560][T17654] CPU: 0 UID: 0 PID: 17654 Comm: syz.4.3092 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  696.453584][T17654] Tainted: [L]=SOFTLOCKUP
[  696.453589][T17654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  696.453597][T17654] Call Trace:
[  696.453602][T17654]  <TASK>
[  696.453607][T17654]  dump_stack_lvl+0x100/0x190
[  696.453634][T17654]  should_fail_ex.cold+0x5/0xa
[  696.453650][T17654]  _copy_from_user+0x2e/0xd0
[  696.453670][T17654]  kstrtouint_from_user+0xd6/0x1d0
[  696.453690][T17654]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  696.453709][T17654]  ? __lock_acquire+0x4a5/0x2630
[  696.453729][T17654]  ? lock_acquire+0x1cf/0x380
[  696.453747][T17654]  proc_fail_nth_write+0x83/0x220
[  696.453766][T17654]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  696.453786][T17654]  vfs_write+0x2aa/0x1070
[  696.453799][T17654]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  696.453817][T17654]  ? __pfx_vfs_write+0x10/0x10
[  696.453842][T17654]  ? find_held_lock+0x2b/0x80
[  696.453854][T17654]  ? __fget_files+0x215/0x3d0
[  696.453870][T17654]  ? __fget_files+0x21f/0x3d0
[  696.453886][T17654]  ksys_write+0x12a/0x250
[  696.453898][T17654]  ? __pfx_ksys_write+0x10/0x10
[  696.453914][T17654]  do_int80_emulation+0x141/0x6b0
[  696.453932][T17654]  asm_int80_emulation+0x1a/0x20
[  696.453945][T17654] RIP: 0023:0xf7145cab
[  696.453956][T17654] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  696.453967][T17654] RSP: 002b:00000000f54064bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  696.453982][T17654] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54065d0
[  696.453990][T17654] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  696.453997][T17654] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  696.454004][T17654] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  696.454011][T17654] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  696.454031][T17654]  </TASK>
[  696.591476][T17659] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  696.593771][T17659] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  696.596663][T17659] vhci_hcd vhci_hcd.0: Device attached
[  696.608842][T14445] usb 7-1: Using ep0 maxpacket: 8
[  696.612915][T14445] usb 7-1: config 0 has no interfaces?
[  696.616988][T14445] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  696.620666][T14445] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.624011][T14445] usb 7-1: Product: syz
[  696.625772][T14445] usb 7-1: Manufacturer: syz
[  696.627678][T14445] usb 7-1: SerialNumber: syz
[  696.634687][T14445] usb 7-1: config 0 descriptor??
[  696.907756][   T29] usb 44-1: SetAddress Request (38) to port 0
[  696.909867][   T29] usb 44-1: new SuperSpeed USB device number 38 using vhci_hcd
[  697.265909][T17661] vhci_hcd: connection reset by peer
[  697.268054][   T59] vhci_hcd vhci_hcd.3: stop threads
[  697.269871][   T59] vhci_hcd vhci_hcd.3: release socket
[  697.272338][   T59] vhci_hcd vhci_hcd.3: disconnect device
[  697.608701][T17680] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3096'.
[  697.735897][T17680] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  699.197970][T17696] warn_alloc: 2 callbacks suppressed
[  699.197987][T17696] syz.3.3099: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  699.204749][T17696] CPU: 2 UID: 0 PID: 17696 Comm: syz.3.3099 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.204778][T17696] Tainted: [L]=SOFTLOCKUP
[  699.204784][T17696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  699.204795][T17696] Call Trace:
[  699.204803][T17696]  <TASK>
[  699.204825][T17696]  dump_stack_lvl+0x100/0x190
[  699.204862][T17696]  warn_alloc.cold+0x95/0x1c1
[  699.204892][T17696]  ? __pfx_warn_alloc+0x10/0x10
[  699.204923][T17696]  ? __mutex_unlock_slowpath+0x15c/0x790
[  699.204948][T17696]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  699.204981][T17696]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  699.205018][T17696]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  699.205049][T17696]  ? comedi_isadma_alloc+0x10c/0x6e0
[  699.205072][T17696]  ? __pfx_stack_trace_save+0x10/0x10
[  699.205109][T17696]  ? stack_depot_save_flags+0x27/0x9d0
[  699.205136][T17696]  ? comedi_isadma_alloc+0x10c/0x6e0
[  699.205156][T17696]  ? kasan_save_stack+0x3f/0x50
[  699.205172][T17696]  ? kasan_save_stack+0x30/0x50
[  699.205186][T17696]  ? kasan_save_track+0x14/0x30
[  699.205201][T17696]  ? __kasan_kmalloc+0xaa/0xb0
[  699.205218][T17696]  ? __do_fast_syscall_32+0xe3/0x8c0
[  699.205235][T17696]  ? do_fast_syscall_32+0x32/0x70
[  699.205252][T17696]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.205277][T17696]  __alloc_pages_noprof+0xb/0x1b0
[  699.205302][T17696]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  699.205326][T17696]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  699.205345][T17696]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  699.205367][T17696]  dma_direct_alloc+0x8f/0x590
[  699.205384][T17696]  dma_alloc_attrs+0x185/0x2b0
[  699.205407][T17696]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  699.205429][T17696]  ? dma_direct_supported+0xca/0x220
[  699.205449][T17696]  comedi_isadma_alloc+0x3dc/0x6e0
[  699.205476][T17696]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  699.205500][T17696]  ? request_threaded_irq+0x27b/0x3e0
[  699.205524][T17696]  pcl818_attach+0x1103/0x15b0
[  699.205548][T17696]  comedi_device_attach+0x40e/0x6b0
[  699.205570][T17696]  do_devconfig_ioctl+0x1b3/0x6d0
[  699.205590][T17696]  ? comedi_unlocked_ioctl+0x180/0x3310
[  699.205615][T17696]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  699.205645][T17696]  ? tomoyo_path_number_perm+0x46d/0x580
[  699.205665][T17696]  ? kasan_save_stack+0x3f/0x50
[  699.205679][T17696]  ? kasan_save_stack+0x30/0x50
[  699.205692][T17696]  ? kasan_save_track+0x14/0x30
[  699.205706][T17696]  ? kasan_save_free_info+0x3b/0x70
[  699.205731][T17696]  comedi_unlocked_ioctl+0x860/0x3310
[  699.205759][T17696]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  699.205794][T17696]  ? tomoyo_path_number_perm+0x46d/0x580
[  699.205814][T17696]  ? kasan_quarantine_put+0x104/0x240
[  699.205838][T17696]  ? lockdep_hardirqs_on+0x78/0x100
[  699.205856][T17696]  ? find_held_lock+0x2b/0x80
[  699.205871][T17696]  ? tomoyo_path_number_perm+0x28f/0x580
[  699.205890][T17696]  ? tomoyo_path_number_perm+0x28f/0x580
[  699.205912][T17696]  ? tomoyo_path_number_perm+0x188/0x580
[  699.205935][T17696]  comedi_compat_ioctl+0x438/0xe20
[  699.205959][T17696]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  699.205982][T17696]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  699.205999][T17696]  ? do_vfs_ioctl+0x226/0x13e0
[  699.206028][T17696]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  699.206056][T17696]  ? find_held_lock+0x2b/0x80
[  699.206071][T17696]  ? hook_file_ioctl_common+0x146/0x410
[  699.206095][T17696]  ? __fget_files+0x21f/0x3d0
[  699.206115][T17696]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  699.206138][T17696]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  699.206165][T17696]  __do_fast_syscall_32+0xe3/0x8c0
[  699.206185][T17696]  do_fast_syscall_32+0x32/0x70
[  699.206203][T17696]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.206223][T17696] RIP: 0023:0xf7fe7f6c
[  699.206238][T17696] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  699.206253][T17696] RSP: 002b:00000000f548550c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  699.206269][T17696] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  699.206281][T17696] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  699.206290][T17696] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  699.206298][T17696] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  699.206307][T17696] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  699.206327][T17696]  </TASK>
[  699.352113][T17696] Mem-Info:
[  699.353573][T17696] active_anon:5871 inactive_anon:10077 isolated_anon:0
[  699.353573][T17696]  active_file:11077 inactive_file:12985 isolated_file:0
[  699.353573][T17696]  unevictable:1768 dirty:135 writeback:0
[  699.353573][T17696]  slab_reclaimable:6709 slab_unreclaimable:63232
[  699.353573][T17696]  mapped:27885 shmem:14821 pagetables:1420
[  699.353573][T17696]  sec_pagetables:313 bounce:0
[  699.353573][T17696]  kernel_misc_reclaimable:0
[  699.353573][T17696]  free:50289 free_pcp:0 free_cma:0
[  699.369976][T17696] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  699.380991][T17696] Node 0 DMA free:2452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  699.392772][T17696] lowmem_reserve[]: 0 285 285 285 285
[  699.395190][T17696] Node 0 DMA: 37*4kB (U) 14*8kB (U) 11*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2452kB
[  699.400924][T17696] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  699.404597][T17696] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  699.408097][T17696] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  699.411611][T17696] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  699.415187][T17696] 40156 total pagecache pages
[  699.416900][T17696] 1276 pages in swap cache
[  699.418810][T17696] Free swap  = 76240kB
[  699.420623][T17696] Total swap = 124996kB
[  699.422319][T17696] 524155 pages RAM
[  699.423774][T17696] 0 pages HighMem/MovableOnly
[  699.425386][T17696] 210148 pages reserved
[  699.426826][T17696] 0 pages cma reserved
[  700.158238][ T5967] usb 7-1: USB disconnect, device number 45
[  700.784585][T17724] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  700.787087][T17724] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  700.790567][T17724] vhci_hcd vhci_hcd.0: Device attached
[  701.176677][T17733] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3109'.
[  701.267810][ T5967] usb 42-1: SetAddress Request (79) to port 0
[  701.270777][ T5967] usb 42-1: new SuperSpeed USB device number 79 using vhci_hcd
[  701.385740][T17737] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  701.422810][T17725] vhci_hcd: connection reset by peer
[  701.425734][   T91] vhci_hcd vhci_hcd.2: stop threads
[  701.428437][   T91] vhci_hcd vhci_hcd.2: release socket
[  701.431642][   T91] vhci_hcd vhci_hcd.2: disconnect device
[  702.400871][   T29] usb 44-1: device descriptor read/8, error -110
[  702.561829][T17744] netlink: 'syz.2.3112': attribute type 39 has an invalid length.
[  702.570364][T17744] hsr_slave_0 (unregistering): left promiscuous mode
[  702.703189][T17748] fuse: Bad value for 'fd'
[  702.854803][T17749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3112'.
[  702.858017][T17749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3112'.
[  703.044226][   T29] usb usb44-port1: attempt power cycle
[  703.641153][   T29] usb usb44-port1: unable to enumerate USB device
[  703.759751][T17769] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3118'.
[  704.168448][T17775] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3119'.
[  704.305232][T17777] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  705.700928][T17802] netlink: 'syz.4.3126': attribute type 9 has an invalid length.
[  705.705215][T17802] netlink: 'syz.4.3126': attribute type 7 has an invalid length.
[  705.708714][T17802] netlink: 'syz.4.3126': attribute type 8 has an invalid length.
[  705.854623][T17816] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3130'.
[  705.995970][T17818] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  706.058612][T17819] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  706.061315][T17819] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  706.065686][T17819] vhci_hcd vhci_hcd.0: Device attached
[  706.103353][T17819] netlink: 'syz.3.3129': attribute type 12 has an invalid length.
[  706.419249][T13226] usb 44-1: SetAddress Request (42) to port 0
[  706.426034][T13226] usb 44-1: new SuperSpeed USB device number 42 using vhci_hcd
[  706.632682][T17820] vhci_hcd: connection reset by peer
[  706.636254][ T1172] vhci_hcd vhci_hcd.3: stop threads
[  706.639380][ T1172] vhci_hcd vhci_hcd.3: release socket
[  706.646171][ T1172] vhci_hcd vhci_hcd.3: disconnect device
[  706.771042][ T5967] usb 42-1: device descriptor read/8, error -110
[  708.108472][ T5967] usb usb42-port1: attempt power cycle
[  708.318985][T17865] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3140'.
[  708.405540][T17867] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  708.497791][   T69] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  708.687666][   T69] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  708.693017][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.697389][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.702179][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.707184][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.711649][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.716473][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.720783][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.725699][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.730540][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.734504][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.739290][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.744790][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.748940][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.752758][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.757646][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.758174][ T5967] usb usb42-port1: unable to enumerate USB device
[  708.762307][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.767718][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.772494][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.776663][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.781429][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.785676][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.788980][   T69] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  708.792232][   T69] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  708.796788][   T69] usb 9-1: config 0 interface 0 has no altsetting 0
[  708.801117][   T69] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  708.805976][   T69] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  708.808742][   T69] usb 9-1: Product: syz
[  708.810253][   T69] usb 9-1: Manufacturer: syz
[  708.812826][   T69] usb 9-1: SerialNumber: syz
[  708.817975][   T69] usb 9-1: config 0 descriptor??
[  708.823734][   T69] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  709.076503][   T69] usb 9-1: USB disconnect, device number 25
[  709.091574][   T69] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  709.197800][T17879] FAULT_INJECTION: forcing a failure.
[  709.197800][T17879] name failslab, interval 1, probability 0, space 0, times 0
[  709.202342][T17879] CPU: 2 UID: 0 PID: 17879 Comm: syz.3.3145 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  709.202366][T17879] Tainted: [L]=SOFTLOCKUP
[  709.202371][T17879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  709.202380][T17879] Call Trace:
[  709.202386][T17879]  <TASK>
[  709.202393][T17879]  dump_stack_lvl+0x100/0x190
[  709.202422][T17879]  should_fail_ex.cold+0x5/0xa
[  709.202440][T17879]  ? offload_action_alloc+0x29/0xf0
[  709.202542][T17879]  should_failslab+0xc2/0x120
[  709.202583][T17879]  __kmalloc_noprof+0xe0/0x850
[  709.202607][T17879]  ? find_held_lock+0x2b/0x80
[  709.202624][T17879]  offload_action_alloc+0x29/0xf0
[  709.202646][T17879]  tcf_action_offload_add_ex+0x1b6/0x860
[  709.202722][T17879]  ? __pfx_tcf_action_offload_add_ex+0x10/0x10
[  709.202773][T17879]  ? tcf_action_fill_size+0x110/0x340
[  709.202790][T17879]  ? tcf_action_fill_size+0x110/0x340
[  709.202813][T17879]  tcf_action_init+0x679/0xa60
[  709.202837][T17879]  ? __pfx_tcf_action_init+0x10/0x10
[  709.202868][T17879]  ? __kernel_text_address+0xd/0x30
[  709.202890][T17879]  ? unwind_get_return_address+0x59/0xa0
[  709.202906][T17879]  ? arch_stack_walk+0xa6/0xf0
[  709.202934][T17879]  ? kfree_skbmem+0x19a/0x210
[  709.202953][T17879]  ? kasan_save_stack+0x3f/0x50
[  709.202965][T17879]  ? kasan_save_stack+0x30/0x50
[  709.202977][T17879]  ? kasan_save_track+0x14/0x30
[  709.202988][T17879]  ? kasan_save_free_info+0x3b/0x70
[  709.203006][T17879]  ? __kasan_slab_free+0x5f/0x80
[  709.203019][T17879]  ? kmem_cache_free+0x124/0x6a0
[  709.203038][T17879]  ? kfree_skbmem+0x19a/0x210
[  709.203053][T17879]  ? consume_skb+0xd1/0x110
[  709.203067][T17879]  ? nlmon_xmit+0xa5/0xe0
[  709.203154][T17879]  tcf_action_add+0xed/0x5c0
[  709.203175][T17879]  ? __pfx_tcf_action_add+0x10/0x10
[  709.203218][T17879]  ? __nla_parse+0x40/0x60
[  709.203238][T17879]  tc_ctl_action+0x2e3/0x470
[  709.203258][T17879]  ? __pfx_tc_ctl_action+0x10/0x10
[  709.203282][T17879]  ? __pfx_tc_ctl_action+0x10/0x10
[  709.203301][T17879]  rtnetlink_rcv_msg+0x3c9/0xe90
[  709.203318][T17879]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  709.203337][T17879]  ? ref_tracker_free+0x37e/0x6c0
[  709.203359][T17879]  netlink_rcv_skb+0x159/0x420
[  709.203377][T17879]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  709.203392][T17879]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  709.203414][T17879]  ? netlink_deliver_tap+0x1ae/0xcc0
[  709.203431][T17879]  netlink_unicast+0x5aa/0x870
[  709.203448][T17879]  ? __pfx_netlink_unicast+0x10/0x10
[  709.203470][T17879]  netlink_sendmsg+0x8b0/0xda0
[  709.203488][T17879]  ? __pfx_netlink_sendmsg+0x10/0x10
[  709.203505][T17879]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  709.203524][T17879]  ____sys_sendmsg+0x9e1/0xb70
[  709.203541][T17879]  ? __pfx_netlink_sendmsg+0x10/0x10
[  709.203557][T17879]  ? __pfx_____sys_sendmsg+0x10/0x10
[  709.203583][T17879]  ___sys_sendmsg+0x190/0x1e0
[  709.203603][T17879]  ? __pfx____sys_sendmsg+0x10/0x10
[  709.203641][T17879]  __sys_sendmsg+0x170/0x220
[  709.203655][T17879]  ? __pfx___sys_sendmsg+0x10/0x10
[  709.203675][T17879]  ? __pfx_ksys_write+0x10/0x10
[  709.203693][T17879]  __do_fast_syscall_32+0xe3/0x8c0
[  709.203712][T17879]  do_fast_syscall_32+0x32/0x70
[  709.203729][T17879]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  709.203747][T17879] RIP: 0023:0xf7fe7f6c
[  709.203761][T17879] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  709.203774][T17879] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  709.203788][T17879] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140
[  709.203797][T17879] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  709.203805][T17879] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  709.203813][T17879] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  709.203821][T17879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  709.203838][T17879]  </TASK>
[  710.230977][T17894] warn_alloc: 2 callbacks suppressed
[  710.231062][T17894] syz.4.3151: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  710.238920][T17894] CPU: 2 UID: 0 PID: 17894 Comm: syz.4.3151 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  710.238955][T17894] Tainted: [L]=SOFTLOCKUP
[  710.238960][T17894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  710.238969][T17894] Call Trace:
[  710.238975][T17894]  <TASK>
[  710.238982][T17894]  dump_stack_lvl+0x100/0x190
[  710.239008][T17894]  warn_alloc.cold+0x95/0x1c1
[  710.239032][T17894]  ? __pfx_warn_alloc+0x10/0x10
[  710.239052][T17894]  ? __mutex_unlock_slowpath+0x15c/0x790
[  710.239071][T17894]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  710.239095][T17894]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  710.239121][T17894]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  710.239141][T17894]  ? comedi_isadma_alloc+0x10c/0x6e0
[  710.239158][T17894]  ? __pfx_stack_trace_save+0x10/0x10
[  710.239172][T17894]  ? stack_depot_save_flags+0x27/0x9d0
[  710.239191][T17894]  ? comedi_isadma_alloc+0x10c/0x6e0
[  710.239205][T17894]  ? kasan_save_stack+0x3f/0x50
[  710.239216][T17894]  ? kasan_save_stack+0x30/0x50
[  710.239226][T17894]  ? kasan_save_track+0x14/0x30
[  710.239236][T17894]  ? __kasan_kmalloc+0xaa/0xb0
[  710.239252][T17894]  ? __do_fast_syscall_32+0xe3/0x8c0
[  710.239274][T17894]  ? do_fast_syscall_32+0x32/0x70
[  710.239290][T17894]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  710.239316][T17894]  __alloc_pages_noprof+0xb/0x1b0
[  710.239343][T17894]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  710.239370][T17894]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  710.239395][T17894]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  710.239419][T17894]  dma_direct_alloc+0x8f/0x590
[  710.239437][T17894]  dma_alloc_attrs+0x185/0x2b0
[  710.239460][T17894]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  710.239488][T17894]  ? dma_direct_supported+0xca/0x220
[  710.239510][T17894]  comedi_isadma_alloc+0x3dc/0x6e0
[  710.239540][T17894]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  710.239565][T17894]  ? request_threaded_irq+0x27b/0x3e0
[  710.239588][T17894]  pcl818_attach+0x1103/0x15b0
[  710.239615][T17894]  comedi_device_attach+0x40e/0x6b0
[  710.239638][T17894]  do_devconfig_ioctl+0x1b3/0x6d0
[  710.239653][T17894]  ? comedi_unlocked_ioctl+0x180/0x3310
[  710.239670][T17894]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  710.239691][T17894]  ? tomoyo_path_number_perm+0x46d/0x580
[  710.239707][T17894]  ? kasan_save_stack+0x3f/0x50
[  710.239718][T17894]  ? kasan_save_stack+0x30/0x50
[  710.239730][T17894]  ? kasan_save_track+0x14/0x30
[  710.239742][T17894]  ? kasan_save_free_info+0x3b/0x70
[  710.239761][T17894]  comedi_unlocked_ioctl+0x860/0x3310
[  710.239782][T17894]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  710.239808][T17894]  ? tomoyo_path_number_perm+0x46d/0x580
[  710.239823][T17894]  ? kasan_quarantine_put+0x104/0x240
[  710.239841][T17894]  ? lockdep_hardirqs_on+0x78/0x100
[  710.239855][T17894]  ? find_held_lock+0x2b/0x80
[  710.239875][T17894]  ? tomoyo_path_number_perm+0x28f/0x580
[  710.239892][T17894]  ? tomoyo_path_number_perm+0x28f/0x580
[  710.239910][T17894]  ? tomoyo_path_number_perm+0x188/0x580
[  710.239930][T17894]  comedi_compat_ioctl+0x438/0xe20
[  710.239950][T17894]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  710.239970][T17894]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  710.239985][T17894]  ? do_vfs_ioctl+0x226/0x13e0
[  710.240005][T17894]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  710.240029][T17894]  ? find_held_lock+0x2b/0x80
[  710.240041][T17894]  ? hook_file_ioctl_common+0x146/0x410
[  710.240060][T17894]  ? __fget_files+0x21f/0x3d0
[  710.240075][T17894]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  710.240092][T17894]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  710.240112][T17894]  __do_fast_syscall_32+0xe3/0x8c0
[  710.240127][T17894]  do_fast_syscall_32+0x32/0x70
[  710.240142][T17894]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  710.240158][T17894] RIP: 0023:0xf7f47f6c
[  710.240170][T17894] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  710.240181][T17894] RSP: 002b:00000000f53e550c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  710.240194][T17894] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  710.240201][T17894] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  710.240207][T17894] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  710.240214][T17894] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  710.240220][T17894] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  710.240235][T17894]  </TASK>
[  710.240263][T17894] Mem-Info:
[  710.254718][ T1462] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  710.258303][T17894] active_anon:12751 inactive_anon:8954 isolated_anon:0
[  710.258303][T17894]  active_file:11077 inactive_file:12989 isolated_file:0
[  710.258303][T17894]  unevictable:1768 dirty:290 writeback:0
[  710.258303][T17894]  slab_reclaimable:6709 slab_unreclaimable:63331
[  710.258303][T17894]  mapped:30995 shmem:19698 pagetables:1426
[  710.258303][T17894]  sec_pagetables:313 bounce:0
[  710.258303][T17894]  kernel_misc_reclaimable:0
[  710.258303][T17894]  free:45807 free_pcp:0 free_cma:0
[  710.431394][ T1462] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  710.437144][T17894] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  710.451913][ T1462] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  710.456728][ T1462] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  710.462670][T17894] Node 0 DMA free:2452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  710.462871][ T1462] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  710.480988][T17894] lowmem_reserve[]: 0 285 285 285 285
[  710.483657][ T1462] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.487632][T17894] Node 0 DMA: 37*4kB (U) 14*8kB (U) 11*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2452kB
[  710.493782][T17894] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  710.497591][T17894] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  710.503466][ T1462] usb 7-1: config 0 descriptor??
[  710.506463][T17891] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  710.516899][T17894] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  710.551493][T17894] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  710.562250][T17894] 37287 total pagecache pages
[  710.565399][T17894] 1291 pages in swap cache
[  710.567596][T17894] Free swap  = 76240kB
[  710.569029][T17894] Total swap = 124996kB
[  710.570716][T17894] 524155 pages RAM
[  710.572098][T17894] 0 pages HighMem/MovableOnly
[  710.573688][T17894] 210148 pages reserved
[  710.575985][T17894] 0 pages cma reserved
[  710.652063][T17905] bond0: entered promiscuous mode
[  710.653685][T17905] bond_slave_0: entered promiscuous mode
[  710.655914][T17905] bond_slave_1: entered promiscuous mode
[  710.687364][T17904] bond0: left promiscuous mode
[  710.688934][T17904] bond_slave_0: left promiscuous mode
[  710.690969][T17904] bond_slave_1: left promiscuous mode
[  710.991913][ T1462] usbhid 7-1:0.0: can't add hid device: -71
[  710.996917][ T1462] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  711.015585][ T1462] usb 7-1: USB disconnect, device number 46
[  711.850802][T17922] netlink: 'syz.2.3160': attribute type 1 has an invalid length.
[  711.866489][T17922] 8021q: adding VLAN 0 to HW filter on device bond4
[  711.879788][T17922] bond4: (slave dummy0): making interface the new active one
[  711.884420][T17922] bond4: (slave dummy0): Enslaving as an active interface with an up link
[  711.891978][T13226] usb 44-1: device descriptor read/8, error -110
[  711.897023][   T40] kauditd_printk_skb: 238 callbacks suppressed
[  711.897042][   T40] audit: type=1326 audit(1775736251.532:4547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17921 comm="syz.2.3160" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701ef6c code=0x0
[  712.315392][T13226] usb usb44-port1: attempt power cycle
[  712.931658][T13226] usb usb44-port1: unable to enumerate USB device
[  714.666745][T17976] lo speed is unknown, defaulting to 1000
[  714.838390][T17976] hsr0 speed is unknown, defaulting to 1000
[  714.903311][T17975] fuse: Bad value for 'fd'
[  715.134776][T17989] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3176'.
[  715.295967][T17991] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  716.855226][T18000] FAULT_INJECTION: forcing a failure.
[  716.855226][T18000] name failslab, interval 1, probability 0, space 0, times 0
[  716.861679][T18000] CPU: 2 UID: 0 PID: 18000 Comm: syz.3.3180 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  716.861729][T18000] Tainted: [L]=SOFTLOCKUP
[  716.861735][T18000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  716.861746][T18000] Call Trace:
[  716.861753][T18000]  <TASK>
[  716.861761][T18000]  dump_stack_lvl+0x100/0x190
[  716.861798][T18000]  should_fail_ex.cold+0x5/0xa
[  716.861821][T18000]  ? tomoyo_encode2+0xfb/0x3c0
[  716.861847][T18000]  should_failslab+0xc2/0x120
[  716.861869][T18000]  __kmalloc_noprof+0xe0/0x850
[  716.861895][T18000]  ? d_absolute_path+0x136/0x1b0
[  716.861924][T18000]  tomoyo_encode2+0xfb/0x3c0
[  716.861953][T18000]  tomoyo_encode+0x29/0x50
[  716.861977][T18000]  tomoyo_realpath_from_path+0x18c/0x690
[  716.862008][T18000]  tomoyo_path_number_perm+0x23c/0x580
[  716.862030][T18000]  ? tomoyo_path_number_perm+0x22e/0x580
[  716.862053][T18000]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  716.862115][T18000]  ? find_held_lock+0x2b/0x80
[  716.862136][T18000]  ? hook_file_ioctl_common+0x146/0x410
[  716.862163][T18000]  ? __fget_files+0x215/0x3d0
[  716.862187][T18000]  ? __fget_files+0x21f/0x3d0
[  716.862209][T18000]  security_file_ioctl_compat+0xd3/0x230
[  716.862236][T18000]  __ia32_compat_sys_ioctl+0xc2/0x360
[  716.862267][T18000]  __do_fast_syscall_32+0xe3/0x8c0
[  716.862294][T18000]  do_fast_syscall_32+0x32/0x70
[  716.862315][T18000]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  716.862338][T18000] RIP: 0023:0xf7fe7f6c
[  716.862354][T18000] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  716.862372][T18000] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  716.862391][T18000] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040086f52
[  716.862403][T18000] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  716.862413][T18000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  716.862423][T18000] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  716.862434][T18000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  716.862458][T18000]  </TASK>
[  716.862624][T18000] ERROR: Out of memory at tomoyo_realpath_from_path.
[  717.455826][T18016] program syz.2.3186 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  717.459364][T18016] ata1.00: invalid command format 255
[  717.742055][T18022] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3188'.
[  717.859011][T18027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3189'.
[  719.008708][T18046] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3193'.
[  719.402798][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  719.606020][T18048] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3195'.
[  719.694860][T18048] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  720.372111][T18067] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  720.381103][T18067] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  720.542178][T18070] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3201'.
[  721.441028][T18081] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  721.533593][T18088] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3207'.
[  721.849372][T14445] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  721.988382][T14445] usb 9-1: device descriptor read/64, error -71
[  722.244569][T14445] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[  722.404946][T14445] usb 9-1: device descriptor read/64, error -71
[  722.522739][T14445] usb usb9-port1: attempt power cycle
[  722.602835][T18098] netlink: 'syz.5.3210': attribute type 1 has an invalid length.
[  722.633440][T18098] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  722.694583][T18098] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3210'.
[  722.702307][T18098] macvlan2: entered promiscuous mode
[  722.705059][T18098] macvlan2: entered allmulticast mode
[  722.707776][T18098] bond1: (slave macvlan2): Opening slave failed
[  722.886194][T14445] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  722.907419][T14445] usb 9-1: device descriptor read/8, error -71
[  723.030871][T18111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3214'.
[  723.163339][T14445] usb 9-1: new high-speed USB device number 29 using dummy_hcd
[  723.185739][T14445] usb 9-1: device descriptor read/8, error -71
[  723.302706][T14445] usb usb9-port1: unable to enumerate USB device
[  724.189775][T18128] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  724.192166][T18128] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  724.195430][T18128] vhci_hcd vhci_hcd.0: Device attached
[  724.201128][T18128] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  724.308320][T18131] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  724.310557][T18131] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  724.321780][T18131] vhci_hcd vhci_hcd.0: Device attached
[  724.488844][ T5967] usb 42-1: SetAddress Request (83) to port 0
[  724.490972][ T5967] usb 42-1: new SuperSpeed USB device number 83 using vhci_hcd
[  724.648919][T13226] usb 48-1: SetAddress Request (18) to port 0
[  724.653805][T13226] usb 48-1: new SuperSpeed USB device number 18 using vhci_hcd
[  724.866051][T18129] vhci_hcd: connection reset by peer
[  724.869150][  T770] vhci_hcd vhci_hcd.2: stop threads
[  724.872102][  T770] vhci_hcd vhci_hcd.2: release socket
[  724.883243][  T770] vhci_hcd vhci_hcd.2: disconnect device
[  724.960484][T18132] vhci_hcd: connection reset by peer
[  724.963423][  T770] vhci_hcd vhci_hcd.5: stop threads
[  724.966093][  T770] vhci_hcd vhci_hcd.5: release socket
[  724.971792][  T770] vhci_hcd vhci_hcd.5: disconnect device
[  725.068404][T18140] warn_alloc: 1 callbacks suppressed
[  725.068452][T18140] syz.3.3221: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  725.076441][T18140] CPU: 3 UID: 0 PID: 18140 Comm: syz.3.3221 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  725.076462][T18140] Tainted: [L]=SOFTLOCKUP
[  725.076467][T18140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  725.076475][T18140] Call Trace:
[  725.076480][T18140]  <TASK>
[  725.076486][T18140]  dump_stack_lvl+0x100/0x190
[  725.076526][T18140]  warn_alloc.cold+0x95/0x1c1
[  725.076548][T18140]  ? __pfx_warn_alloc+0x10/0x10
[  725.076567][T18140]  ? __mutex_unlock_slowpath+0x15c/0x790
[  725.076586][T18140]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  725.076612][T18140]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  725.076639][T18140]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  725.076657][T18140]  ? comedi_isadma_alloc+0x10c/0x6e0
[  725.076675][T18140]  ? __pfx_stack_trace_save+0x10/0x10
[  725.076688][T18140]  ? stack_depot_save_flags+0x27/0x9d0
[  725.076708][T18140]  ? comedi_isadma_alloc+0x10c/0x6e0
[  725.076722][T18140]  ? kasan_save_stack+0x3f/0x50
[  725.076732][T18140]  ? kasan_save_stack+0x30/0x50
[  725.076741][T18140]  ? kasan_save_track+0x14/0x30
[  725.076751][T18140]  ? __kasan_kmalloc+0xaa/0xb0
[  725.076763][T18140]  ? __do_fast_syscall_32+0xe3/0x8c0
[  725.076776][T18140]  ? do_fast_syscall_32+0x32/0x70
[  725.076788][T18140]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  725.076806][T18140]  __alloc_pages_noprof+0xb/0x1b0
[  725.076823][T18140]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  725.076840][T18140]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  725.076858][T18140]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  725.076873][T18140]  dma_direct_alloc+0x8f/0x590
[  725.076886][T18140]  dma_alloc_attrs+0x185/0x2b0
[  725.076902][T18140]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  725.076919][T18140]  ? dma_direct_supported+0xca/0x220
[  725.076933][T18140]  comedi_isadma_alloc+0x3dc/0x6e0
[  725.076951][T18140]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  725.076967][T18140]  ? request_threaded_irq+0x27b/0x3e0
[  725.076985][T18140]  pcl818_attach+0x1103/0x15b0
[  725.077002][T18140]  comedi_device_attach+0x40e/0x6b0
[  725.077018][T18140]  do_devconfig_ioctl+0x1b3/0x6d0
[  725.077032][T18140]  ? comedi_unlocked_ioctl+0x180/0x3310
[  725.077050][T18140]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  725.077072][T18140]  ? tomoyo_path_number_perm+0x46d/0x580
[  725.077087][T18140]  ? kasan_save_stack+0x3f/0x50
[  725.077097][T18140]  ? kasan_save_stack+0x30/0x50
[  725.077107][T18140]  ? kasan_save_track+0x14/0x30
[  725.077116][T18140]  ? kasan_save_free_info+0x3b/0x70
[  725.077134][T18140]  comedi_unlocked_ioctl+0x860/0x3310
[  725.077155][T18140]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  725.077181][T18140]  ? tomoyo_path_number_perm+0x46d/0x580
[  725.077196][T18140]  ? kasan_quarantine_put+0x104/0x240
[  725.077214][T18140]  ? lockdep_hardirqs_on+0x78/0x100
[  725.077227][T18140]  ? find_held_lock+0x2b/0x80
[  725.077239][T18140]  ? tomoyo_path_number_perm+0x28f/0x580
[  725.077253][T18140]  ? tomoyo_path_number_perm+0x28f/0x580
[  725.077269][T18140]  ? tomoyo_path_number_perm+0x188/0x580
[  725.077287][T18140]  comedi_compat_ioctl+0x438/0xe20
[  725.077305][T18140]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  725.077322][T18140]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  725.077336][T18140]  ? do_vfs_ioctl+0x226/0x13e0
[  725.077353][T18140]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  725.077374][T18140]  ? find_held_lock+0x2b/0x80
[  725.077385][T18140]  ? hook_file_ioctl_common+0x146/0x410
[  725.077404][T18140]  ? __fget_files+0x21f/0x3d0
[  725.077419][T18140]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  725.077436][T18140]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  725.077466][T18140]  __do_fast_syscall_32+0xe3/0x8c0
[  725.077483][T18140]  do_fast_syscall_32+0x32/0x70
[  725.077496][T18140]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  725.077511][T18140] RIP: 0023:0xf7fe7f6c
[  725.077521][T18140] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  725.077532][T18140] RSP: 002b:00000000f548550c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  725.077545][T18140] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  725.077552][T18140] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  725.077558][T18140] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  725.077565][T18140] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  725.077571][T18140] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  725.077586][T18140]  </TASK>
[  725.077764][T18140] Mem-Info:
[  725.237592][T18140] active_anon:9938 inactive_anon:8954 isolated_anon:0
[  725.237592][T18140]  active_file:11077 inactive_file:12993 isolated_file:0
[  725.237592][T18140]  unevictable:1768 dirty:322 writeback:0
[  725.237592][T18140]  slab_reclaimable:6710 slab_unreclaimable:63934
[  725.237592][T18140]  mapped:29770 shmem:17670 pagetables:1431
[  725.237592][T18140]  sec_pagetables:313 bounce:0
[  725.237592][T18140]  kernel_misc_reclaimable:0
[  725.237592][T18140]  free:47659 free_pcp:0 free_cma:0
[  725.253750][T18140] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  725.265900][T18140] Node 0 DMA free:2452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  725.276286][T18140] lowmem_reserve[]: 0 285 285 285 285
[  725.279616][T18140] Node 0 DMA: 37*4kB (U) 14*8kB (U) 11*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2452kB
[  725.285269][T18140] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  725.288427][T18140] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  725.291795][T18140] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  725.295290][T18140] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  725.298352][T18140] 43037 total pagecache pages
[  725.300383][T18140] 1300 pages in swap cache
[  725.302038][T18140] Free swap  = 76240kB
[  725.303583][T18140] Total swap = 124996kB
[  725.304938][T18140] 524155 pages RAM
[  725.306134][T18140] 0 pages HighMem/MovableOnly
[  725.307666][T18140] 210148 pages reserved
[  725.309017][T18140] 0 pages cma reserved
[  725.949661][T18151] binder: 18147:18151 ioctl c0285840 80000500 returned -22
[  726.210079][T18155] could not allocate digest TFM handle sha224-generic
[  726.218251][T18160] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3225'.
[  727.619477][   T53] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  727.769064][   T53] usb 10-1: device descriptor read/64, error -71
[  728.046861][   T53] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  728.059750][T18182] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  728.062515][T18182] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  728.066417][T18182] vhci_hcd vhci_hcd.0: Device attached
[  728.196633][   T53] usb 10-1: device descriptor read/64, error -71
[  728.326091][   T53] usb usb10-port1: attempt power cycle
[  728.688026][   T53] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  728.720711][   T53] usb 10-1: device descriptor read/8, error -71
[  728.755279][T18183] vhci_hcd: connection closed
[  728.755673][ T6275] vhci_hcd vhci_hcd.2: stop threads
[  728.759519][ T6275] vhci_hcd vhci_hcd.2: release socket
[  728.761439][ T6275] vhci_hcd vhci_hcd.2: disconnect device
[  728.997964][   T53] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  729.020703][   T53] usb 10-1: device descriptor read/8, error -71
[  729.137200][   T53] usb usb10-port1: unable to enumerate USB device
[  729.363476][T18193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3235'.
[  729.927656][ T5967] usb 42-1: device descriptor read/8, error -110
[  730.098724][T13226] usb 48-1: device descriptor read/8, error -110
[  730.120257][T18199] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3237'.
[  730.309138][T18207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3239'.
[  730.355545][ T5967] usb usb42-port1: attempt power cycle
[  730.527150][T13226] usb usb48-port1: attempt power cycle
[  730.891578][T18217] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3242'.
[  730.976426][ T5967] usb usb42-port1: unable to enumerate USB device
[  731.049194][T18219] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  731.147007][T13226] usb usb48-port1: unable to enumerate USB device
[  731.284239][   T40] audit: type=1326 audit(1775736269.668:4548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.306422][   T40] audit: type=1326 audit(1775736269.668:4549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.313962][   T40] audit: type=1326 audit(1775736269.686:4550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.321234][   T40] audit: type=1326 audit(1775736269.686:4551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.329643][   T40] audit: type=1326 audit(1775736269.686:4552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.336632][   T40] audit: type=1326 audit(1775736269.686:4553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.344927][   T40] audit: type=1326 audit(1775736269.686:4554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.352839][   T40] audit: type=1326 audit(1775736269.686:4555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.355675][T18225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3244'.
[  731.434002][   T40] audit: type=1326 audit(1775736269.808:4556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  731.442960][   T40] audit: type=1326 audit(1775736269.808:4557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18220 comm="syz.2.3243" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  732.335919][T18244] netlink: 140 bytes leftover after parsing attributes in process `syz.5.3250'.
[  732.541278][T18253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3252'.
[  732.704005][T18254] ceph: No mds server is up or the cluster is laggy
[  732.733443][T13226] libceph: connect (1)[c::]:6789 error -101
[  732.735472][T13226] libceph: mon0 (1)[c::]:6789 connect error
[  732.765082][T18251] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3251'.
[  732.875962][T18260] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  732.878387][T18260] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  732.881320][T18260] vhci_hcd vhci_hcd.0: Device attached
[  733.114601][T18261] vhci_hcd: connection closed
[  733.114859][  T156] vhci_hcd vhci_hcd.4: stop threads
[  733.118227][  T156] vhci_hcd vhci_hcd.4: release socket
[  733.120364][  T156] vhci_hcd vhci_hcd.4: disconnect device
[  733.640693][T18273] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3255'.
[  733.979342][T18282] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3258'.
[  734.116945][T18284] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  734.497848][T18293] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3259'.
[  734.636078][T18295] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  734.883613][T18308] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3263'.
[  735.424072][T18318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3268'.
[  736.402260][T18329] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3272'.
[  736.549086][T18329] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  737.753409][   T40] kauditd_printk_skb: 15 callbacks suppressed
[  737.753424][   T40] audit: type=1326 audit(1775736275.732:4573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.772419][   T40] audit: type=1326 audit(1775736275.750:4574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.794781][   T40] audit: type=1326 audit(1775736275.769:4575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.801825][   T40] audit: type=1326 audit(1775736275.769:4576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.836998][   T40] audit: type=1326 audit(1775736275.769:4577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.848269][   T40] audit: type=1326 audit(1775736275.769:4578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.855169][   T40] audit: type=1326 audit(1775736275.788:4579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.863495][   T40] audit: type=1326 audit(1775736275.788:4580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.872413][   T40] audit: type=1326 audit(1775736275.788:4581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  737.879813][   T40] audit: type=1326 audit(1775736275.788:4582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.3274" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe7f6c code=0x7ffc0000
[  738.230916][   T69] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  738.399243][   T69] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  738.403547][   T69] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  738.408496][   T69] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  738.411816][   T69] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.423902][   T69] usb 9-1: config 0 descriptor??
[  738.452554][T18362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3281'.
[  738.880056][   T69] usbhid 9-1:0.0: can't add hid device: -71
[  738.893255][   T69] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  738.902725][   T69] usb 9-1: USB disconnect, device number 30
[  739.377393][T18367] syz.5.3282: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  739.382014][T18367] CPU: 0 UID: 0 PID: 18367 Comm: syz.5.3282 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  739.382049][T18367] Tainted: [L]=SOFTLOCKUP
[  739.382054][T18367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  739.382063][T18367] Call Trace:
[  739.382069][T18367]  <TASK>
[  739.382075][T18367]  dump_stack_lvl+0x100/0x190
[  739.382102][T18367]  warn_alloc.cold+0x95/0x1c1
[  739.382127][T18367]  ? __pfx_warn_alloc+0x10/0x10
[  739.382147][T18367]  ? __mutex_unlock_slowpath+0x15c/0x790
[  739.382166][T18367]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  739.382190][T18367]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  739.382217][T18367]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  739.382235][T18367]  ? comedi_isadma_alloc+0x10c/0x6e0
[  739.382252][T18367]  ? __pfx_stack_trace_save+0x10/0x10
[  739.382266][T18367]  ? stack_depot_save_flags+0x27/0x9d0
[  739.382290][T18367]  ? comedi_isadma_alloc+0x10c/0x6e0
[  739.382304][T18367]  ? kasan_save_stack+0x3f/0x50
[  739.382315][T18367]  ? kasan_save_stack+0x30/0x50
[  739.382324][T18367]  ? kasan_save_track+0x14/0x30
[  739.382334][T18367]  ? __kasan_kmalloc+0xaa/0xb0
[  739.382345][T18367]  ? __do_fast_syscall_32+0xe3/0x8c0
[  739.382358][T18367]  ? do_fast_syscall_32+0x32/0x70
[  739.382370][T18367]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  739.382387][T18367]  __alloc_pages_noprof+0xb/0x1b0
[  739.382404][T18367]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  739.382441][T18367]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  739.382458][T18367]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  739.382460][T18376] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3284'.
[  739.382473][T18367]  dma_direct_alloc+0x8f/0x590
[  739.382487][T18367]  dma_alloc_attrs+0x185/0x2b0
[  739.382504][T18367]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  739.382521][T18367]  ? dma_direct_supported+0xca/0x220
[  739.382538][T18367]  comedi_isadma_alloc+0x3dc/0x6e0
[  739.382557][T18367]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  739.382574][T18367]  ? request_threaded_irq+0x27b/0x3e0
[  739.382592][T18367]  pcl818_attach+0x1103/0x15b0
[  739.382623][T18367]  comedi_device_attach+0x40e/0x6b0
[  739.382639][T18367]  do_devconfig_ioctl+0x1b3/0x6d0
[  739.382653][T18367]  ? comedi_unlocked_ioctl+0x180/0x3310
[  739.382670][T18367]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  739.382693][T18367]  ? tomoyo_path_number_perm+0x46d/0x580
[  739.382709][T18367]  ? kasan_save_stack+0x3f/0x50
[  739.382718][T18367]  ? kasan_save_stack+0x30/0x50
[  739.382729][T18367]  ? kasan_save_track+0x14/0x30
[  739.382740][T18367]  ? kasan_save_free_info+0x3b/0x70
[  739.382764][T18367]  comedi_unlocked_ioctl+0x860/0x3310
[  739.382785][T18367]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  739.382813][T18367]  ? tomoyo_path_number_perm+0x46d/0x580
[  739.382829][T18367]  ? kasan_quarantine_put+0x104/0x240
[  739.382848][T18367]  ? lockdep_hardirqs_on+0x78/0x100
[  739.382874][T18367]  ? find_held_lock+0x2b/0x80
[  739.382888][T18367]  ? tomoyo_path_number_perm+0x28f/0x580
[  739.382902][T18367]  ? tomoyo_path_number_perm+0x28f/0x580
[  739.382918][T18367]  ? tomoyo_path_number_perm+0x188/0x580
[  739.382936][T18367]  comedi_compat_ioctl+0x438/0xe20
[  739.382954][T18367]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  739.382971][T18367]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  739.382986][T18367]  ? do_vfs_ioctl+0x226/0x13e0
[  739.383007][T18367]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  739.383029][T18367]  ? find_held_lock+0x2b/0x80
[  739.383040][T18367]  ? hook_file_ioctl_common+0x146/0x410
[  739.383058][T18367]  ? __fget_files+0x21f/0x3d0
[  739.383073][T18367]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  739.383089][T18367]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  739.383109][T18367]  __do_fast_syscall_32+0xe3/0x8c0
[  739.383124][T18367]  do_fast_syscall_32+0x32/0x70
[  739.383137][T18367]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  739.383151][T18367] RIP: 0023:0xf7f42f6c
[  739.383162][T18367] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  739.383174][T18367] RSP: 002b:00000000f53c450c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  739.383186][T18367] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  739.383193][T18367] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  739.383200][T18367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  739.383207][T18367] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  739.383213][T18367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  739.383228][T18367]  </TASK>
[  739.383312][T18367] Mem-Info:
[  739.535027][T18367] active_anon:7207 inactive_anon:8562 isolated_anon:0
[  739.535027][T18367]  active_file:8229 inactive_file:13580 isolated_file:0
[  739.535027][T18367]  unevictable:1768 dirty:214 writeback:0
[  739.535027][T18367]  slab_reclaimable:6752 slab_unreclaimable:64631
[  739.535027][T18367]  mapped:27609 shmem:14662 pagetables:1409
[  739.535027][T18367]  sec_pagetables:313 bounce:0
[  739.535027][T18367]  kernel_misc_reclaimable:0
[  739.535027][T18367]  free:63012 free_pcp:0 free_cma:0
[  739.549530][T18367] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:192kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  739.561270][T18367] Node 0 DMA free:2452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  739.572766][T18367] lowmem_reserve[]: 0 285 285 285 285
[  739.574636][T18367] Node 0 DMA: 37*4kB (U) 14*8kB (U) 11*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2452kB
[  739.579824][T18367] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  739.583034][T18367] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  739.650936][T18367] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  739.679510][T18367] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  739.687857][T18367] 37711 total pagecache pages
[  739.693500][T18367] 1243 pages in swap cache
[  739.695666][T18367] Free swap  = 75560kB
[  739.697475][T18367] Total swap = 124996kB
[  739.699609][T18367] 524155 pages RAM
[  739.701832][T18367] 0 pages HighMem/MovableOnly
[  739.704423][T18367] 210148 pages reserved
[  739.707018][T18384] netlink: 'syz.4.3286': attribute type 1 has an invalid length.
[  739.707534][T18367] 0 pages cma reserved
[  739.734923][T18384] bond1: entered promiscuous mode
[  739.737221][T18384] 8021q: adding VLAN 0 to HW filter on device bond1
[  739.826768][T18391] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3287'.
[  739.978452][T18396] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  742.313278][T18413] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  742.315792][T18413] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  742.318796][T18413] vhci_hcd vhci_hcd.0: Device attached
[  742.611953][T13226] usb 44-1: SetAddress Request (46) to port 0
[  742.614145][T13226] usb 44-1: new SuperSpeed USB device number 46 using vhci_hcd
[  742.720265][ T1462] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  742.893565][ T1462] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  742.897223][ T1462] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  742.902296][ T1462] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  742.905463][ T1462] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.912060][ T1462] usb 9-1: config 0 descriptor??
[  742.941004][T18433] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3298'.
[  742.999116][T18414] vhci_hcd: connection reset by peer
[  743.001856][T18037] vhci_hcd vhci_hcd.3: stop threads
[  743.004104][T18037] vhci_hcd vhci_hcd.3: release socket
[  743.005992][T18037] vhci_hcd vhci_hcd.3: disconnect device
[  743.096646][T18436] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  743.371162][ T1462] usbhid 9-1:0.0: can't add hid device: -71
[  743.376387][ T1462] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  743.392463][ T1462] usb 9-1: USB disconnect, device number 31
[  744.532365][T18456] netlink: 'syz.5.3304': attribute type 1 has an invalid length.
[  744.535523][T18456] netlink: 216 bytes leftover after parsing attributes in process `syz.5.3304'.
[  744.539291][T18456] netlink: 'syz.5.3304': attribute type 1 has an invalid length.
[  744.542151][T18456] netlink: 224 bytes leftover after parsing attributes in process `syz.5.3304'.
[  745.253083][T18469] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3308'.
[  746.041589][T18472] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3309'.
[  746.373456][ T6026] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[  746.535390][ T6026] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  746.539122][ T6026] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  746.543712][ T6026] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  746.547918][ T6026] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.553646][ T6026] usb 9-1: config 0 descriptor??
[  746.823223][T18483] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  746.825337][T18483] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  746.828203][T18483] vhci_hcd vhci_hcd.0: Device attached
[  747.015477][T18484] vhci_hcd: connection closed
[  747.015699][T18037] vhci_hcd vhci_hcd.3: stop threads
[  747.020070][T18037] vhci_hcd vhci_hcd.3: release socket
[  747.022151][T18037] vhci_hcd vhci_hcd.3: disconnect device
[  747.024467][ T6026] usbhid 9-1:0.0: can't add hid device: -71
[  747.029252][ T6026] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  747.035043][ T6026] usb 9-1: USB disconnect, device number 32
[  747.543572][T18496] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  747.545930][T18496] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  747.581103][T18496] vhci_hcd vhci_hcd.0: Device attached
[  747.600112][T18496] tmpfs: Unknown parameter 'qukta'
[  747.608015][T18498] vhci_hcd: connection closed
[  747.608265][  T156] vhci_hcd vhci_hcd.2: stop threads
[  747.611597][  T156] vhci_hcd vhci_hcd.2: release socket
[  747.613796][  T156] vhci_hcd vhci_hcd.2: disconnect device
[  747.711659][T18501] overlay: ./file0 is not a directory
[  747.932855][T18510] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3319'.
[  748.061964][T13226] usb 44-1: device descriptor read/8, error -110
[  748.516633][T18517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3321'.
[  748.607328][T13226] usb usb44-port1: attempt power cycle
[  748.831350][T18519] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  748.833668][T18519] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  748.836835][T18519] vhci_hcd vhci_hcd.0: Device attached
[  748.895981][T18525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3323'.
[  748.901528][T18525] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3323'.
[  748.998451][T18532] random: crng reseeded on system resumption
[  749.141148][   T53] usb 42-1: SetAddress Request (87) to port 0
[  749.147950][   T53] usb 42-1: new SuperSpeed USB device number 87 using vhci_hcd
[  749.227112][T13226] usb usb44-port1: unable to enumerate USB device
[  749.250010][ T6026] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  749.310218][T18541] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  749.312497][T18541] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  749.320715][T18541] vhci_hcd vhci_hcd.0: Device attached
[  749.417347][T18520] vhci_hcd: connection reset by peer
[  749.430090][  T156] vhci_hcd vhci_hcd.2: stop threads
[  749.432161][  T156] vhci_hcd vhci_hcd.2: release socket
[  749.434219][  T156] vhci_hcd vhci_hcd.2: disconnect device
[  749.437802][ T6026] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  749.441533][ T6026] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  749.446285][ T6026] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  749.450659][ T6026] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.457556][ T6026] usb 10-1: config 0 descriptor??
[  749.602692][T13226] usb 46-1: SetAddress Request (71) to port 0
[  749.605822][T13226] usb 46-1: new SuperSpeed USB device number 71 using vhci_hcd
[  749.866918][T18542] vhci_hcd: connection reset by peer
[  749.870045][ T1172] vhci_hcd vhci_hcd.4: stop threads
[  749.872748][ T1172] vhci_hcd vhci_hcd.4: release socket
[  749.874551][ T1172] vhci_hcd vhci_hcd.4: disconnect device
[  749.898265][ T6026] usbhid 10-1:0.0: can't add hid device: -71
[  749.901075][ T6026] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  749.905957][ T6026] usb 10-1: USB disconnect, device number 8
[  750.168933][T18552] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3327'.
[  750.241907][T18553] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  751.278984][T18568] warn_alloc: 1 callbacks suppressed
[  751.279042][T18568] syz.2.3332: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  751.286412][T18568] CPU: 0 UID: 0 PID: 18568 Comm: syz.2.3332 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  751.286464][T18568] Tainted: [L]=SOFTLOCKUP
[  751.286488][T18568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  751.286504][T18568] Call Trace:
[  751.286514][T18568]  <TASK>
[  751.286524][T18568]  dump_stack_lvl+0x100/0x190
[  751.286572][T18568]  warn_alloc.cold+0x95/0x1c1
[  751.286612][T18568]  ? __pfx_warn_alloc+0x10/0x10
[  751.286648][T18568]  ? __mutex_unlock_slowpath+0x15c/0x790
[  751.286685][T18568]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  751.286727][T18568]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  751.286775][T18568]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  751.286808][T18568]  ? comedi_isadma_alloc+0x10c/0x6e0
[  751.286843][T18568]  ? __pfx_stack_trace_save+0x10/0x10
[  751.286870][T18568]  ? stack_depot_save_flags+0x27/0x9d0
[  751.286905][T18568]  ? comedi_isadma_alloc+0x10c/0x6e0
[  751.286932][T18568]  ? kasan_save_stack+0x3f/0x50
[  751.286953][T18568]  ? kasan_save_stack+0x30/0x50
[  751.286979][T18568]  ? kasan_save_track+0x14/0x30
[  751.286997][T18568]  ? __kasan_kmalloc+0xaa/0xb0
[  751.287021][T18568]  ? __do_fast_syscall_32+0xe3/0x8c0
[  751.287047][T18568]  ? do_fast_syscall_32+0x32/0x70
[  751.287072][T18568]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  751.287110][T18568]  __alloc_pages_noprof+0xb/0x1b0
[  751.287159][T18568]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  751.287191][T18568]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  751.287218][T18568]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  751.287248][T18568]  dma_direct_alloc+0x8f/0x590
[  751.287273][T18568]  dma_alloc_attrs+0x185/0x2b0
[  751.287305][T18568]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  751.287336][T18568]  ? dma_direct_supported+0xca/0x220
[  751.287365][T18568]  comedi_isadma_alloc+0x3dc/0x6e0
[  751.287399][T18568]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  751.287429][T18568]  ? request_threaded_irq+0x27b/0x3e0
[  751.287461][T18568]  pcl818_attach+0x1103/0x15b0
[  751.287495][T18568]  comedi_device_attach+0x40e/0x6b0
[  751.287527][T18568]  do_devconfig_ioctl+0x1b3/0x6d0
[  751.287554][T18568]  ? comedi_unlocked_ioctl+0x180/0x3310
[  751.287586][T18568]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  751.287626][T18568]  ? tomoyo_path_number_perm+0x46d/0x580
[  751.287654][T18568]  ? kasan_save_stack+0x3f/0x50
[  751.287674][T18568]  ? kasan_save_stack+0x30/0x50
[  751.287693][T18568]  ? kasan_save_track+0x14/0x30
[  751.287711][T18568]  ? kasan_save_free_info+0x3b/0x70
[  751.287746][T18568]  comedi_unlocked_ioctl+0x860/0x3310
[  751.287784][T18568]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  751.287833][T18568]  ? tomoyo_path_number_perm+0x46d/0x580
[  751.287862][T18568]  ? kasan_quarantine_put+0x104/0x240
[  751.287894][T18568]  ? lockdep_hardirqs_on+0x78/0x100
[  751.287920][T18568]  ? find_held_lock+0x2b/0x80
[  751.287943][T18568]  ? tomoyo_path_number_perm+0x28f/0x580
[  751.287975][T18568]  ? tomoyo_path_number_perm+0x28f/0x580
[  751.288007][T18568]  ? tomoyo_path_number_perm+0x188/0x580
[  751.288040][T18568]  comedi_compat_ioctl+0x438/0xe20
[  751.288073][T18568]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  751.288105][T18568]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  751.288135][T18568]  ? do_vfs_ioctl+0x226/0x13e0
[  751.288170][T18568]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  751.288212][T18568]  ? find_held_lock+0x2b/0x80
[  751.288232][T18568]  ? hook_file_ioctl_common+0x146/0x410
[  751.288269][T18568]  ? __fget_files+0x21f/0x3d0
[  751.288298][T18568]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  751.288329][T18568]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  751.288364][T18568]  __do_fast_syscall_32+0xe3/0x8c0
[  751.288393][T18568]  do_fast_syscall_32+0x32/0x70
[  751.288418][T18568]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  751.288446][T18568] RIP: 0023:0xf701ef6c
[  751.288467][T18568] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  751.288489][T18568] RSP: 002b:00000000f53ec50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  751.288512][T18568] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040946400
[  751.288526][T18568] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  751.288538][T18568] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  751.288552][T18568] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  751.288563][T18568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  751.288592][T18568]  </TASK>
[  751.288872][T18568] Mem-Info:
[  751.480853][T18568] active_anon:7723 inactive_anon:8562 isolated_anon:0
[  751.480853][T18568]  active_file:8292 inactive_file:13648 isolated_file:0
[  751.480853][T18568]  unevictable:1768 dirty:304 writeback:0
[  751.480853][T18568]  slab_reclaimable:6803 slab_unreclaimable:65145
[  751.480853][T18568]  mapped:27790 shmem:14669 pagetables:1434
[  751.480853][T18568]  sec_pagetables:313 bounce:0
[  751.480853][T18568]  kernel_misc_reclaimable:0
[  751.480853][T18568]  free:51131 free_pcp:0 free_cma:0
[  751.494880][T18568] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  751.505513][T18568] Node 0 DMA free:2452kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  751.515304][T18568] lowmem_reserve[]: 0 285 285 285 285
[  751.517355][T18568] Node 0 DMA: 37*4kB (U) 14*8kB (U) 11*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2452kB
[  751.524047][T18568] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  751.527117][T18568] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  751.530186][T18568] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  751.533322][T18568] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  751.536572][T18568] 39009 total pagecache pages
[  751.538255][T18568] 1253 pages in swap cache
[  751.540014][T18568] Free swap  = 75584kB
[  751.541461][T18568] Total swap = 124996kB
[  751.542920][T18568] 524155 pages RAM
[  751.544435][T18568] 0 pages HighMem/MovableOnly
[  751.546470][T18568] 210148 pages reserved
[  751.548026][T18568] 0 pages cma reserved
[  752.167389][T18579] futex_wake_op: syz.3.3334 tries to shift op by -1; fix this program
[  752.430920][T18586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3336'.
[  753.175820][T18593] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3339'.
[  753.361413][T18601] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3340'.
[  753.463163][T18604] overlayfs: missing 'lowerdir'
[  753.467177][T18604] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3342'.
[  753.467873][T18606] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  754.558957][   T53] usb 42-1: device descriptor read/8, error -110
[  754.955165][T18622] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  754.957312][T18622] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  754.960100][T18622] vhci_hcd vhci_hcd.0: Device attached
[  755.009902][T13226] usb 46-1: device descriptor read/8, error -110
[  755.012769][   T53] usb usb42-port1: attempt power cycle
[  755.264251][ T5967] usb 44-1: SetAddress Request (50) to port 0
[  755.266656][ T5967] usb 44-1: new SuperSpeed USB device number 50 using vhci_hcd
[  755.435795][T13226] usb usb46-port1: attempt power cycle
[  755.522283][T18623] vhci_hcd: connection reset by peer
[  755.524288][ T1172] vhci_hcd vhci_hcd.3: stop threads
[  755.526048][ T1172] vhci_hcd vhci_hcd.3: release socket
[  755.529914][ T1172] vhci_hcd vhci_hcd.3: disconnect device
[  755.606870][   T53] usb usb42-port1: unable to enumerate USB device
[  755.648192][T18642] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  755.650551][T18642] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  755.653783][T18642] vhci_hcd vhci_hcd.0: Device attached
[  755.851969][T13226] usb 46-1: SetAddress Request (73) to port 0
[  755.854000][T13226] usb 46-1: new SuperSpeed USB device number 73 using vhci_hcd
[  756.315219][T18643] vhci_hcd: connection reset by peer
[  756.318550][ T1172] vhci_hcd vhci_hcd.4: stop threads
[  756.320471][ T1172] vhci_hcd vhci_hcd.4: release socket
[  756.322780][ T1172] vhci_hcd vhci_hcd.4: disconnect device
[  756.474201][T18653] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3354'.
[  756.718025][T18654] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  757.128610][T18665] random: crng reseeded on system resumption
[  757.191566][T18664] lo speed is unknown, defaulting to 1000
[  757.321785][T18664] hsr0 speed is unknown, defaulting to 1000
[  757.482176][T18671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3358'.
[  758.657105][T18683] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3360'.
[  758.797100][T18688] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3362'.
[  758.908232][   T69] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[  758.949740][T18690] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  759.047125][   T69] usb 7-1: device descriptor read/64, error -71
[  759.314364][   T69] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  759.463907][   T69] usb 7-1: device descriptor read/64, error -71
[  759.585556][   T69] usb usb7-port1: attempt power cycle
[  759.945125][   T69] usb 7-1: new high-speed USB device number 49 using dummy_hcd
[  759.978243][   T69] usb 7-1: device descriptor read/8, error -71
[  760.079115][T18706] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3366'.
[  760.218889][T18708] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  760.233293][   T69] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[  760.255328][   T69] usb 7-1: device descriptor read/8, error -71
[  760.405900][   T69] usb usb7-port1: unable to enumerate USB device
[  760.703554][ T5967] usb 44-1: device descriptor read/8, error -110
[  761.110140][T18722] futex_wake_op: syz.5.3368 tries to shift op by -1; fix this program
[  761.131390][ T5967] usb usb44-port1: attempt power cycle
[  761.301915][T13226] usb 46-1: device descriptor read/8, error -110
[  761.731760][T13226] usb usb46-port1: unable to enumerate USB device
[  761.736512][ T5967] usb usb44-port1: unable to enumerate USB device
[  761.854731][T18738] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3374'.
[  762.700069][T18752] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3377'.
[  762.850563][T18753] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  763.448951][T18762] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3380'.
[  763.814698][T18769] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3382'.
[  764.229866][T14445] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[  764.380394][T14445] usb 9-1: device descriptor read/64, error -71
[  764.647353][T14445] usb 9-1: new high-speed USB device number 34 using dummy_hcd
[  764.796798][T14445] usb 9-1: device descriptor read/64, error -71
[  764.907509][T18779] warn_alloc: 1 callbacks suppressed
[  764.907697][T18779] syz.2.3384: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  764.916653][T18779] CPU: 0 UID: 0 PID: 18779 Comm: syz.2.3384 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  764.916684][T18779] Tainted: [L]=SOFTLOCKUP
[  764.916718][T18779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  764.916737][T18779] Call Trace:
[  764.916745][T18779]  <TASK>
[  764.916753][T18779]  dump_stack_lvl+0x100/0x190
[  764.916795][T18779]  warn_alloc.cold+0x95/0x1c1
[  764.916827][T18779]  ? __pfx_warn_alloc+0x10/0x10
[  764.916852][T18779]  ? __mutex_unlock_slowpath+0x15c/0x790
[  764.916891][T18779]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  764.916932][T18779]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  764.916957][T18779]  ? comedi_isadma_alloc+0x10c/0x6e0
[  764.916984][T18779]  ? __pfx_stack_trace_save+0x10/0x10
[  764.917006][T18779]  ? stack_depot_save_flags+0x27/0x9d0
[  764.917039][T18779]  ? comedi_isadma_alloc+0x10c/0x6e0
[  764.917060][T18779]  ? kasan_save_stack+0x3f/0x50
[  764.917077][T18779]  ? kasan_save_stack+0x30/0x50
[  764.917092][T18779]  ? kasan_save_track+0x14/0x30
[  764.917107][T18779]  ? __kasan_kmalloc+0xaa/0xb0
[  764.917127][T18779]  ? __do_fast_syscall_32+0xe3/0x8c0
[  764.917147][T18779]  ? do_fast_syscall_32+0x32/0x70
[  764.917178][T18779]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  764.917209][T18779]  __alloc_pages_noprof+0xb/0x1b0
[  764.917237][T18779]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  764.917262][T18779]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  764.917284][T18779]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  764.917307][T18779]  dma_direct_alloc+0x8f/0x590
[  764.917327][T18779]  dma_alloc_attrs+0x185/0x2b0
[  764.917350][T18779]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  764.917373][T18779]  ? dma_direct_supported+0xca/0x220
[  764.917396][T18779]  comedi_isadma_alloc+0x3dc/0x6e0
[  764.917423][T18779]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  764.917447][T18779]  ? request_threaded_irq+0x27b/0x3e0
[  764.917474][T18779]  pcl818_attach+0x1103/0x15b0
[  764.917501][T18779]  comedi_device_attach+0x40e/0x6b0
[  764.917525][T18779]  do_devconfig_ioctl+0x1b3/0x6d0
[  764.917546][T18779]  ? comedi_unlocked_ioctl+0x180/0x3310
[  764.917571][T18779]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  764.917603][T18779]  ? tomoyo_path_number_perm+0x46d/0x580
[  764.917626][T18779]  ? kasan_save_stack+0x3f/0x50
[  764.917641][T18779]  ? kasan_save_stack+0x30/0x50
[  764.917655][T18779]  ? kasan_save_track+0x14/0x30
[  764.917672][T18779]  ? kasan_save_free_info+0x3b/0x70
[  764.917700][T18779]  comedi_unlocked_ioctl+0x860/0x3310
[  764.917736][T18779]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  764.917777][T18779]  ? tomoyo_path_number_perm+0x46d/0x580
[  764.917801][T18779]  ? kasan_quarantine_put+0x104/0x240
[  764.917827][T18779]  ? lockdep_hardirqs_on+0x78/0x100
[  764.917849][T18779]  ? find_held_lock+0x2b/0x80
[  764.917868][T18779]  ? tomoyo_path_number_perm+0x28f/0x580
[  764.917888][T18779]  ? tomoyo_path_number_perm+0x28f/0x580
[  764.917912][T18779]  ? tomoyo_path_number_perm+0x188/0x580
[  764.917938][T18779]  comedi_compat_ioctl+0x438/0xe20
[  764.917964][T18779]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  764.917988][T18779]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  764.918008][T18779]  ? do_vfs_ioctl+0x226/0x13e0
[  764.918035][T18779]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  764.918065][T18779]  ? find_held_lock+0x2b/0x80
[  764.918081][T18779]  ? hook_file_ioctl_common+0x146/0x410
[  764.918108][T18779]  ? __fget_files+0x21f/0x3d0
[  764.918130][T18779]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  764.918153][T18779]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  764.918181][T18779]  __do_fast_syscall_32+0xe3/0x8c0
[  764.918202][T18779]  do_fast_syscall_32+0x32/0x70
[  764.918222][T18779]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  764.918244][T18779] RIP: 0023:0xf701ef6c
[  764.918259][T18779] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  764.918277][T18779] RSP: 002b:00000000f53ec50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  764.918323][T18779] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  764.918337][T18779] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  764.918350][T18779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  764.918360][T18779] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  764.918371][T18779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  764.918396][T18779]  </TASK>
[  764.920052][T18779] Mem-Info:
[  764.924769][T14445] usb usb9-port1: attempt power cycle
[  764.927713][T18779] active_anon:4458 inactive_anon:8562 isolated_anon:0
[  764.927713][T18779]  active_file:8293 inactive_file:13656 isolated_file:0
[  764.927713][T18779]  unevictable:1768 dirty:223 writeback:0
[  764.927713][T18779]  slab_reclaimable:6873 slab_unreclaimable:65554
[  764.927713][T18779]  mapped:23728 shmem:11819 pagetables:1413
[  764.927713][T18779]  sec_pagetables:313 bounce:0
[  764.927713][T18779]  kernel_misc_reclaimable:0
[  764.927713][T18779]  free:55440 free_pcp:22 free_cma:0
[  765.094202][T18779] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:12kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  765.098140][T18782] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3385'.
[  765.105242][T18779] Node 0 
[  765.107520][T18783] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3386'.
[  765.197410][T18779] DMA free:2388kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:88kB local_pcp:32kB free_cma:0kB
[  765.209407][T18779] lowmem_reserve[]: 0 285 285 285 285
[  765.240243][T18779] Node 0 DMA: 37*4kB (U) 14*8kB (U) 7*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2388kB
[  765.255093][T18779] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  765.258668][T18779] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  765.270351][T18779] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  765.281618][T18790] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  765.330895][T18779] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  765.333791][T18782] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  765.334694][T18779] 35000 total pagecache pages
[  765.339646][T18779] 1256 pages in swap cache
[  765.341697][T18779] Free swap  = 75584kB
[  765.343731][T18779] Total swap = 124996kB
[  765.345288][T18779] 524155 pages RAM
[  765.346779][T18779] 0 pages HighMem/MovableOnly
[  765.348639][T18779] 210148 pages reserved
[  765.350345][T18779] 0 pages cma reserved
[  765.405409][T14445] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[  765.427530][T14445] usb 9-1: device descriptor read/8, error -71
[  765.704638][T14445] usb 9-1: new high-speed USB device number 36 using dummy_hcd
[  765.737151][T14445] usb 9-1: device descriptor read/8, error -71
[  765.865676][T14445] usb usb9-port1: unable to enumerate USB device
[  766.084245][T18799] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3389'.
[  766.893190][T18808] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3390'.
[  767.004902][T18810] netlink: 'syz.2.3393': attribute type 1 has an invalid length.
[  767.019580][T18813] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  767.036941][T18810] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  767.100002][T18810] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3393'.
[  767.111476][T18810] macvlan2: entered promiscuous mode
[  767.113861][T18810] macvlan2: entered allmulticast mode
[  767.117639][T18810] bond5: (slave macvlan2): Opening slave failed
[  767.547490][T18825] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3396'.
[  767.576301][T18826] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  767.578998][T18826] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  767.694399][T18826] vhci_hcd vhci_hcd.0: Device attached
[  768.398095][T13226] usb 46-1: SetAddress Request (75) to port 0
[  768.400848][T13226] usb 46-1: new SuperSpeed USB device number 75 using vhci_hcd
[  768.499947][T18827] vhci_hcd: connection reset by peer
[  768.502581][T18037] vhci_hcd vhci_hcd.4: stop threads
[  768.506263][T18037] vhci_hcd vhci_hcd.4: release socket
[  768.508412][T18037] vhci_hcd vhci_hcd.4: disconnect device
[  768.918320][T18842] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3400'.
[  769.733349][T18855] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3404'.
[  769.740080][T18856] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3402'.
[  769.863089][T18855] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  769.889887][T14445] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[  769.904946][T18856] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  770.075463][T14445] usb 9-1: device descriptor read/64, error -71
[  770.331841][T14445] usb 9-1: new high-speed USB device number 38 using dummy_hcd
[  770.432856][T18863] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3405'.
[  770.471024][T14445] usb 9-1: device descriptor read/64, error -71
[  770.509819][T18864] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  770.589595][T14445] usb usb9-port1: attempt power cycle
[  770.951557][T14445] usb 9-1: new high-speed USB device number 39 using dummy_hcd
[  770.977220][T14445] usb 9-1: device descriptor read/8, error -71
[  771.229456][T14445] usb 9-1: new high-speed USB device number 40 using dummy_hcd
[  771.251846][T14445] usb 9-1: device descriptor read/8, error -71
[  771.369047][T14445] usb usb9-port1: unable to enumerate USB device
[  771.921577][T18885] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3416'.
[  772.017612][T18890] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  773.208653][T18905] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  773.210996][T18905] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  773.214857][T18905] vhci_hcd vhci_hcd.0: Device attached
[  774.112906][T18922] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3415'.
[  774.257320][T18923] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  775.885144][T18936] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3419'.
[  776.016230][T18937] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  776.140799][T18906] vhci_hcd: connection reset by peer
[  776.144232][   T91] vhci_hcd vhci_hcd.4: stop threads
[  776.147050][   T91] vhci_hcd vhci_hcd.4: release socket
[  776.151260][T13226] usb 46-1: device descriptor read/8, error -110
[  776.154286][   T91] vhci_hcd vhci_hcd.4: disconnect device
[  776.433445][   T53] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  776.572733][   T53] usb 10-1: device descriptor read/64, error -71
[  776.575437][T13226] usb usb46-port1: attempt power cycle
[  776.850319][   T53] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  776.930771][T18950] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3422'.
[  776.994815][   T53] usb 10-1: device descriptor read/64, error -71
[  777.118175][   T53] usb usb10-port1: attempt power cycle
[  777.216916][T13226] usb usb46-port1: unable to enumerate USB device
[  777.523571][   T53] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  777.552455][   T53] usb 10-1: device descriptor read/8, error -71
[  778.185950][   T53] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  778.218938][   T53] usb 10-1: device descriptor read/8, error -71
[  778.371643][T18965] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3426'.
[  778.386523][   T53] usb usb10-port1: unable to enumerate USB device
[  778.732313][T18967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3435'.
[  780.302270][T18965] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  780.720237][T18976] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3429'.
[  780.790038][T18987] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  781.092586][T18994] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3441'.
[  781.140440][T18995] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  781.143285][T18995] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  781.157350][T18995] vhci_hcd vhci_hcd.0: Device attached
[  781.222847][T18998] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  781.267419][T18991] lo speed is unknown, defaulting to 1000
[  781.348969][T18991] hsr0 speed is unknown, defaulting to 1000
[  781.509232][   T53] usb 44-1: SetAddress Request (54) to port 0
[  781.511346][   T53] usb 44-1: new SuperSpeed USB device number 54 using vhci_hcd
[  781.748663][T18996] vhci_hcd: connection reset by peer
[  781.752877][   T91] vhci_hcd vhci_hcd.3: stop threads
[  781.754775][   T91] vhci_hcd vhci_hcd.3: release socket
[  781.756825][   T91] vhci_hcd vhci_hcd.3: disconnect device
[  781.877019][T19007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3434'.
[  783.073009][T19022] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3438'.
[  783.078273][T19022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3438'.
[  783.167484][T19023] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  783.170414][T19023] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  783.174397][T19023] vhci_hcd vhci_hcd.0: Device attached
[  783.533236][ T5967] usb 42-1: SetAddress Request (91) to port 0
[  783.536012][ T5967] usb 42-1: new SuperSpeed USB device number 91 using vhci_hcd
[  783.789719][T19024] vhci_hcd: connection reset by peer
[  783.791764][ T1172] vhci_hcd vhci_hcd.2: stop threads
[  783.793411][ T1172] vhci_hcd vhci_hcd.2: release socket
[  783.795252][ T1172] vhci_hcd vhci_hcd.2: disconnect device
[  784.829925][T19039] warn_alloc: 4 callbacks suppressed
[  784.829952][T19039] syz.2.3440: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null)
[  784.834731][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  784.839353][T19039] ,cpuset=/,mems_allowed=0-1
[  784.842122][T19039] CPU: 1 UID: 0 PID: 19039 Comm: syz.2.3440 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  784.842145][T19039] Tainted: [L]=SOFTLOCKUP
[  784.842150][T19039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  784.842159][T19039] Call Trace:
[  784.842176][T19039]  <TASK>
[  784.842183][T19039]  dump_stack_lvl+0x100/0x190
[  784.842239][T19039]  warn_alloc.cold+0x95/0x1c1
[  784.842261][T19039]  ? __pfx_warn_alloc+0x10/0x10
[  784.842282][T19039]  ? __mutex_unlock_slowpath+0x15c/0x790
[  784.842301][T19039]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  784.842325][T19039]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  784.842349][T19039]  ? __schedule+0x1000/0x6120
[  784.842360][T19039]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  784.842386][T19039]  ? __pfx___schedule+0x10/0x10
[  784.842432][T19039]  ? irqentry_exit+0x180/0x670
[  784.842446][T19039]  ? lockdep_hardirqs_on+0x78/0x100
[  784.842460][T19039]  __alloc_pages_noprof+0xb/0x1b0
[  784.842478][T19039]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  784.842496][T19039]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  784.842510][T19039]  ? dma_alloc_from_dev_coherent+0x43f/0x570
[  784.842526][T19039]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  784.842544][T19039]  dma_direct_alloc+0x8f/0x590
[  784.842557][T19039]  dma_alloc_attrs+0x185/0x2b0
[  784.842575][T19039]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  784.842592][T19039]  ? dma_direct_supported+0xca/0x220
[  784.842607][T19039]  comedi_isadma_alloc+0x3dc/0x6e0
[  784.842628][T19039]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  784.842649][T19039]  ? request_threaded_irq+0x27b/0x3e0
[  784.842666][T19039]  pcl818_attach+0x1103/0x15b0
[  784.842684][T19039]  comedi_device_attach+0x40e/0x6b0
[  784.842699][T19039]  do_devconfig_ioctl+0x1b3/0x6d0
[  784.842713][T19039]  ? comedi_unlocked_ioctl+0x180/0x3310
[  784.842730][T19039]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  784.842753][T19039]  ? tomoyo_path_number_perm+0x46d/0x580
[  784.842769][T19039]  ? kasan_save_stack+0x3f/0x50
[  784.842780][T19039]  ? kasan_save_stack+0x30/0x50
[  784.842790][T19039]  ? kasan_save_track+0x14/0x30
[  784.842800][T19039]  ? kasan_save_free_info+0x3b/0x70
[  784.842818][T19039]  comedi_unlocked_ioctl+0x860/0x3310
[  784.842839][T19039]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  784.842867][T19039]  ? tomoyo_path_number_perm+0x46d/0x580
[  784.842882][T19039]  ? kasan_quarantine_put+0x104/0x240
[  784.842900][T19039]  ? lockdep_hardirqs_on+0x78/0x100
[  784.842913][T19039]  ? find_held_lock+0x2b/0x80
[  784.842924][T19039]  ? tomoyo_path_number_perm+0x28f/0x580
[  784.842938][T19039]  ? tomoyo_path_number_perm+0x28f/0x580
[  784.842955][T19039]  ? tomoyo_path_number_perm+0x188/0x580
[  784.842972][T19039]  comedi_compat_ioctl+0x438/0xe20
[  784.842990][T19039]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  784.843007][T19039]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  784.843020][T19039]  ? do_vfs_ioctl+0x226/0x13e0
[  784.843038][T19039]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  784.843059][T19039]  ? find_held_lock+0x2b/0x80
[  784.843070][T19039]  ? hook_file_ioctl_common+0x146/0x410
[  784.843089][T19039]  ? __fget_files+0x21f/0x3d0
[  784.843103][T19039]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  784.843121][T19039]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  784.843142][T19039]  __do_fast_syscall_32+0xe3/0x8c0
[  784.843158][T19039]  do_fast_syscall_32+0x32/0x70
[  784.843171][T19039]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  784.843186][T19039] RIP: 0023:0xf701ef6c
[  784.843198][T19039] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  784.843209][T19039] RSP: 002b:00000000f53ec50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  784.843223][T19039] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  784.843230][T19039] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  784.843237][T19039] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  784.843243][T19039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  784.843249][T19039] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  784.843264][T19039]  </TASK>
[  785.178265][T19039] Mem-Info:
[  785.179810][T19039] active_anon:4424 inactive_anon:8562 isolated_anon:0
[  785.179810][T19039]  active_file:8282 inactive_file:13672 isolated_file:0
[  785.179810][T19039]  unevictable:1768 dirty:382 writeback:0
[  785.179810][T19039]  slab_reclaimable:6884 slab_unreclaimable:65703
[  785.179810][T19039]  mapped:24744 shmem:11821 pagetables:1448
[  785.179810][T19039]  sec_pagetables:313 bounce:0
[  785.179810][T19039]  kernel_misc_reclaimable:0
[  785.179810][T19039]  free:50083 free_pcp:22 free_cma:0
[  785.196668][T19039] Node 0 active_anon:0kB inactive_anon:364kB active_file:0kB inactive_file:192kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8608kB pagetables:1720kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  785.228329][T19039] Node 0 DMA free:2388kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:88kB local_pcp:32kB free_cma:0kB
[  785.239273][T19039] lowmem_reserve[]: 0 285 285 285 285
[  785.242461][T19039] Node 0 DMA: 37*4kB (U) 14*8kB (U) 7*16kB (U) 3*32kB (U) 2*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 2388kB
[  785.253158][T19039] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  785.257965][T19039] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  785.265401][T19039] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  785.270703][T19039] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  785.274544][T19039] 35015 total pagecache pages
[  785.276807][T19039] 1263 pages in swap cache
[  785.280044][T19039] Free swap  = 75584kB
[  785.282255][T19039] Total swap = 124996kB
[  785.284775][T19039] 524155 pages RAM
[  785.288647][T19039] 0 pages HighMem/MovableOnly
[  785.292524][T19039] 210148 pages reserved
[  785.295141][T19039] 0 pages cma reserved
[  786.080209][T19050] could not allocate digest TFM handle sha224-generic
[  786.474532][T19058] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3445'.
[  786.708418][T19060] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  786.948448][   T53] usb 44-1: device descriptor read/8, error -110
[  786.998671][T19069] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3448'.
[  787.154856][T19069] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  787.424072][   T53] usb usb44-port1: attempt power cycle
[  788.049499][T19082] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  788.052139][T19082] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  788.055296][T19082] vhci_hcd vhci_hcd.0: Device attached
[  788.134514][   T53] usb 44-1: SetAddress Request (57) to port 0
[  788.136583][   T53] usb 44-1: new SuperSpeed USB device number 57 using vhci_hcd
[  788.552506][T19083] vhci_hcd: connection reset by peer
[  788.554664][T14371] vhci_hcd vhci_hcd.3: stop threads
[  788.557155][T14371] vhci_hcd vhci_hcd.3: release socket
[  788.559781][T14371] vhci_hcd vhci_hcd.3: disconnect device
[  788.915127][ T5967] usb 42-1: device descriptor read/8, error -110
[  789.036995][T19092] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3459'.
[  789.084667][T19093] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3451'.
[  789.088160][T19093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3451'.
[  789.343297][ T5967] usb usb42-port1: attempt power cycle
[  789.941032][ T5967] usb usb42-port1: unable to enumerate USB device
[  790.035668][T19106] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3455'.
[  791.693618][T19115] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  791.696069][T19115] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  791.698867][T19115] vhci_hcd vhci_hcd.0: Device attached
[  791.982096][T19116] vhci_hcd: connection closed
[  791.982382][ T6275] vhci_hcd vhci_hcd.4: stop threads
[  791.987236][ T6275] vhci_hcd vhci_hcd.4: release socket
[  791.989827][ T6275] vhci_hcd vhci_hcd.4: disconnect device
[  791.992197][ T5967] usb 46-1: enqueue for inactive port 0
[  792.518170][ T5967] usb usb46-port1: attempt power cycle
[  792.598740][T19127] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3461'.
[  793.245135][ T5967] usb usb46-port1: unable to enumerate USB device
[  793.541784][   T53] usb 44-1: device descriptor read/8, error -110
[  793.666000][   T53] usb usb44-port1: unable to enumerate USB device
[  793.853668][T19148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3466'.
[  794.818390][T19149] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  794.821271][T19149] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  794.834905][T19149] vhci_hcd vhci_hcd.0: Device attached
[  795.392556][   T53] usb 46-1: SetAddress Request (83) to port 0
[  795.397843][   T53] usb 46-1: new SuperSpeed USB device number 83 using vhci_hcd
[  795.416871][T19159] random: crng reseeded on system resumption
[  795.736316][T19151] vhci_hcd: connection reset by peer
[  795.739434][T14371] vhci_hcd vhci_hcd.4: stop threads
[  795.741297][T14371] vhci_hcd vhci_hcd.4: release socket
[  795.745734][T14371] vhci_hcd vhci_hcd.4: disconnect device
[  796.256016][T19167] nbd3: detected capacity change from 0 to 127
[  796.263005][ T5942] block nbd3: Receive control failed (result -104)
[  796.263056][ T5940] block nbd3: Receive control failed (result -32)
[  796.779471][    T9] usb 9-1: new high-speed USB device number 41 using dummy_hcd
[  796.960137][    T9] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  796.963727][    T9] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  796.966626][    T9] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  796.969625][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  796.976902][    T9] usb 9-1: config 0 descriptor??
[  797.472895][T19185] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3476'.
[  798.127466][T19191] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3477'.
[  798.395314][T19192] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  798.603702][T19196] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  798.609442][T19196] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  798.798591][T19201] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  798.801150][T19201] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  798.804795][T19201] vhci_hcd vhci_hcd.0: Device attached
[  799.120300][ T5967] usb 44-1: SetAddress Request (58) to port 0
[  799.123250][ T5967] usb 44-1: new SuperSpeed USB device number 58 using vhci_hcd
[  799.183138][T19212] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3482'.
[  799.320857][T19213] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  799.418957][  T831] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  799.434478][T19202] vhci_hcd: connection reset by peer
[  799.437097][   T91] vhci_hcd vhci_hcd.3: stop threads
[  799.438861][   T91] vhci_hcd vhci_hcd.3: release socket
[  799.441329][   T91] vhci_hcd vhci_hcd.3: disconnect device
[  799.591606][  T831] usb 10-1: config 0 has an invalid interface number: 64 but max is 0
[  799.595188][  T831] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  799.599547][  T831] usb 10-1: config 0 has no interface number 0
[  799.604651][  T831] usb 10-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  799.609211][  T831] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  799.613133][  T831] usb 10-1: Product: syz
[  799.615019][  T831] usb 10-1: Manufacturer: syz
[  799.616932][  T831] usb 10-1: SerialNumber: syz
[  799.622691][  T831] usb 10-1: config 0 descriptor??
[  799.629517][  T831] uvcvideo 10-1:0.64: Found UVC 0.00 device syz (046d:0823)
[  799.632941][  T831] uvcvideo 10-1:0.64: No valid video chain found.
[  799.704222][ T6026] usb 9-1: USB disconnect, device number 41
[  799.812260][T19216] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3484'.
[  800.279853][T19220] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3483'.
[  800.288477][T19220] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3483'.
[  800.968521][   T53] usb 46-1: device descriptor read/8, error -110
[  801.386057][   T53] usb usb46-port1: attempt power cycle
[  801.600262][T19235] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  801.603098][T19235] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  801.614906][T19235] vhci_hcd vhci_hcd.0: Device attached
[  801.773393][T19238] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  801.775643][T19238] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  801.804044][T19238] vhci_hcd vhci_hcd.0: Device attached
[  801.823340][   T53] usb 46-1: SetAddress Request (85) to port 0
[  801.825614][   T53] usb 46-1: new SuperSpeed USB device number 85 using vhci_hcd
[  801.963645][T19236] vhci_hcd: connection reset by peer
[  801.965891][   T91] vhci_hcd vhci_hcd.4: stop threads
[  801.967611][   T91] vhci_hcd vhci_hcd.4: release socket
[  801.969605][   T91] vhci_hcd vhci_hcd.4: disconnect device
[  802.038780][T19244] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3489'.
[  802.423812][ T6026] usb 10-1: USB disconnect, device number 13
[  802.870698][T19239] vhci_hcd: connection closed
[  802.871612][  T110] vhci_hcd vhci_hcd.3: stop threads
[  802.875220][  T110] vhci_hcd vhci_hcd.3: release socket
[  802.879896][  T110] vhci_hcd vhci_hcd.3: disconnect device
[  803.982074][  T831] usb 9-1: new high-speed USB device number 42 using dummy_hcd
[  804.155179][  T831] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  804.163326][  T831] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  804.174222][  T831] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  804.177959][  T831] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.217881][  T831] usb 9-1: config 0 descriptor??
[  804.276398][   T40] kauditd_printk_skb: 30 callbacks suppressed
[  804.276413][   T40] audit: type=1326 audit(1775736337.981:4613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.2.3494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  804.310557][   T40] audit: type=1326 audit(1775736337.981:4614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.2.3494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  804.334516][   T40] audit: type=1326 audit(1775736337.981:4615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.2.3494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  804.343567][   T40] audit: type=1326 audit(1775736337.981:4616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.2.3494" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  804.389674][   T40] audit: type=1326 audit(1775736337.981:4617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.2.3494" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  804.397573][   T40] audit: type=1326 audit(1775736337.981:4618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19263 comm="syz.2.3494" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf701ef6c code=0x7ffc0000
[  804.561274][ T5967] usb 44-1: device descriptor read/8, error -110
[  804.586259][T19278] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3500'.
[  804.998897][ T5967] usb usb44-port1: attempt power cycle
[  805.786802][T19294] tipc: Started in network mode
[  805.794574][T19294] tipc: Node identity 5e6e96b89d32, cluster identity 4711
[  805.797104][T19294] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  805.802329][T19294] syzkaller0: entered promiscuous mode
[  805.804068][T19294] syzkaller0: entered allmulticast mode
[  805.824352][T19294] tipc: Resetting bearer <eth:syzkaller0>
[  805.837677][T19293] tipc: Resetting bearer <eth:syzkaller0>
[  805.856469][T19293] tipc: Disabling bearer <eth:syzkaller0>
[  806.462785][T14436] usb 9-1: USB disconnect, device number 42
[  806.524188][ T5967] usb usb44-port1: unable to enumerate USB device
[  806.746489][T19311] block nbd4: server does not support multiple connections per device.
[  806.756404][T19311] block nbd4: shutting down sockets
[  807.012765][T19330] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3515'.
[  807.113768][T19332] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3518'.
[  807.187988][T19334] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  807.198973][   T34] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[  807.209341][   T53] usb 46-1: device descriptor read/8, error -110
[  807.260937][T19336] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  807.403816][   T34] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  807.411123][   T34] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  807.417710][   T34] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  807.422870][   T34] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.442492][   T34] usb 7-1: config 0 descriptor??
[  807.571251][T19338] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  807.573383][T19338] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  807.576949][T19338] vhci_hcd vhci_hcd.0: Device attached
[  807.711375][   T53] usb 46-1: SetAddress Request (86) to port 0
[  807.713858][   T53] usb 46-1: new SuperSpeed USB device number 86 using vhci_hcd
[  807.883586][T19339] vhci_hcd: connection reset by peer
[  807.886026][  T156] vhci_hcd vhci_hcd.4: stop threads
[  807.888313][  T156] vhci_hcd vhci_hcd.4: release socket
[  807.892130][  T156] vhci_hcd vhci_hcd.4: disconnect device
[  808.253409][  T831] libceph: connect (1)[c::]:6789 error -101
[  808.258040][  T831] libceph: mon0 (1)[c::]:6789 connect error
[  808.515491][T19359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3522'.
[  808.523590][T19360] netlink: 'syz.4.3522': attribute type 29 has an invalid length.
[  808.537618][  T831] libceph: connect (1)[c::]:6789 error -101
[  808.539867][  T831] libceph: mon0 (1)[c::]:6789 connect error
[  808.550588][T19361] netlink: 'syz.4.3522': attribute type 29 has an invalid length.
[  808.799708][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  808.806666][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  808.812257][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  808.816138][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  808.819087][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  808.836738][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  808.844985][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  808.849582][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  808.853525][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  808.861953][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  808.904141][T19353] ceph: No mds server is up or the cluster is laggy
[  808.938406][T19367] lo speed is unknown, defaulting to 1000
[  809.229416][T19367] hsr0 speed is unknown, defaulting to 1000
[  809.480121][T19367] chnl_net:caif_netlink_parms(): no params data found
[  809.564427][T19367] bridge0: port 1(bridge_slave_0) entered blocking state
[  809.567966][T19367] bridge0: port 1(bridge_slave_0) entered disabled state
[  809.571614][T19367] bridge_slave_0: entered allmulticast mode
[  809.575874][T19367] bridge_slave_0: entered promiscuous mode
[  809.579954][T19367] bridge0: port 2(bridge_slave_1) entered blocking state
[  809.582923][T19367] bridge0: port 2(bridge_slave_1) entered disabled state
[  809.585644][T19367] bridge_slave_1: entered allmulticast mode
[  809.588914][T19367] bridge_slave_1: entered promiscuous mode
[  809.612581][T19367] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  809.619502][T19367] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  809.643505][T19367] team0: Port device team_slave_0 added
[  809.647760][T19367] team0: Port device team_slave_1 added
[  809.665414][T19367] batman_adv: batadv0: Adding interface: batadv_slave_0
[  809.667769][T19367] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  809.676351][T19367] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  809.681784][T19367] batman_adv: batadv0: Adding interface: batadv_slave_1
[  809.684173][T19367] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  809.693267][T19367] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  809.732198][T19367] hsr_slave_0: entered promiscuous mode
[  809.734976][T19367] hsr_slave_1: entered promiscuous mode
[  809.737344][T19367] debugfs: 'hsr0' already exists in 'hsr'
[  809.739222][T19367] Cannot create hsr debugfs directory
[  809.846610][T19367] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  809.850716][T19367] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.020106][T19367] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  810.023796][T19367] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.085661][T19389] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3528'.
[  810.177528][T19367] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  810.195543][T19367] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.248582][T19391] snd_dummy snd_dummy.0: control 6:65278:2:syz0:-259 is already present
[  810.352859][   T34] usb 7-1: USB disconnect, device number 51
[  810.365814][T19367] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  810.369612][T19367] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.689213][T19394] warn_alloc: 2 callbacks suppressed
[  810.689276][T19394] syz.2.3529: page allocation failure: order:2, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
[  810.696189][T19394] CPU: 2 UID: 0 PID: 19394 Comm: syz.2.3529 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  810.696225][T19394] Tainted: [L]=SOFTLOCKUP
[  810.696229][T19394] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  810.696237][T19394] Call Trace:
[  810.696242][T19394]  <TASK>
[  810.696247][T19394]  dump_stack_lvl+0x100/0x190
[  810.696273][T19394]  warn_alloc.cold+0x95/0x1c1
[  810.696299][T19394]  ? __pfx_warn_alloc+0x10/0x10
[  810.696318][T19394]  ? __mutex_unlock_slowpath+0x15c/0x790
[  810.696338][T19394]  ? __alloc_frozen_pages_noprof+0xd68/0x2ba0
[  810.696363][T19394]  __alloc_frozen_pages_noprof+0xf36/0x2ba0
[  810.696392][T19394]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  810.696414][T19394]  ? find_held_lock+0x2b/0x80
[  810.696431][T19394]  ? trace_sched_exit_tp+0x13a/0x180
[  810.696455][T19394]  __alloc_pages_noprof+0xb/0x1b0
[  810.696474][T19394]  __dma_direct_alloc_pages.isra.0+0x47c/0x8f0
[  810.696496][T19394]  ? __pfx___dma_direct_alloc_pages.isra.0+0x10/0x10
[  810.696510][T19394]  ? irqentry_exit+0x180/0x670
[  810.696526][T19394]  ? dma_alloc_from_dev_coherent+0x2e0/0x570
[  810.696548][T19394]  dma_direct_alloc+0x8f/0x590
[  810.696567][T19394]  dma_alloc_attrs+0x185/0x2b0
[  810.696588][T19394]  ? __pfx_dma_alloc_attrs+0x10/0x10
[  810.696603][T19394]  ? dma_set_coherent_mask+0x54/0xd0
[  810.696619][T19394]  ? dma_direct_supported+0xca/0x220
[  810.696634][T19394]  comedi_isadma_alloc+0x3dc/0x6e0
[  810.696655][T19394]  ? __pfx_comedi_isadma_alloc+0x10/0x10
[  810.696672][T19394]  ? request_threaded_irq+0x27b/0x3e0
[  810.696689][T19394]  pcl818_attach+0x1103/0x15b0
[  810.696708][T19394]  comedi_device_attach+0x40e/0x6b0
[  810.696724][T19394]  do_devconfig_ioctl+0x1b3/0x6d0
[  810.696740][T19394]  ? comedi_unlocked_ioctl+0x180/0x3310
[  810.696758][T19394]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  810.696780][T19394]  ? tomoyo_path_number_perm+0x46d/0x580
[  810.696796][T19394]  ? kasan_save_stack+0x3f/0x50
[  810.696808][T19394]  ? kasan_save_stack+0x30/0x50
[  810.696818][T19394]  ? kasan_save_track+0x14/0x30
[  810.696828][T19394]  ? kasan_save_free_info+0x3b/0x70
[  810.696846][T19394]  comedi_unlocked_ioctl+0x860/0x3310
[  810.696868][T19394]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  810.696894][T19394]  ? tomoyo_path_number_perm+0x46d/0x580
[  810.696910][T19394]  ? kasan_quarantine_put+0x104/0x240
[  810.696928][T19394]  ? lockdep_hardirqs_on+0x78/0x100
[  810.696941][T19394]  ? find_held_lock+0x2b/0x80
[  810.696952][T19394]  ? tomoyo_path_number_perm+0x28f/0x580
[  810.696966][T19394]  ? tomoyo_path_number_perm+0x28f/0x580
[  810.696984][T19394]  ? tomoyo_path_number_perm+0x188/0x580
[  810.697002][T19394]  comedi_compat_ioctl+0x438/0xe20
[  810.697020][T19394]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  810.697038][T19394]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  810.697052][T19394]  ? do_vfs_ioctl+0x226/0x13e0
[  810.697070][T19394]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  810.697092][T19394]  ? find_held_lock+0x2b/0x80
[  810.697103][T19394]  ? hook_file_ioctl_common+0x146/0x410
[  810.697122][T19394]  ? __fget_files+0x21f/0x3d0
[  810.697137][T19394]  ? __pfx_comedi_compat_ioctl+0x10/0x10
[  810.697154][T19394]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  810.697174][T19394]  __do_fast_syscall_32+0xe3/0x8c0
[  810.697190][T19394]  do_fast_syscall_32+0x32/0x70
[  810.697204][T19394]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  810.697220][T19394] RIP: 0023:0xf701ef6c
[  810.697231][T19394] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  810.697243][T19394] RSP: 002b:00000000f53ec50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  810.697255][T19394] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000040946400
[  810.697263][T19394] RDX: 0000000080000540 RSI: 0000000000000000 RDI: 0000000000000000
[  810.697269][T19394] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  810.697276][T19394] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  810.697283][T19394] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  810.697297][T19394]  </TASK>
[  810.697321][T19394] Mem-Info:
[  810.704816][T19367] 
[  810.705919][T19394] active_anon:4973 inactive_anon:2335 isolated_anon:0
[  810.705919][T19394]  active_file:3919 inactive_file:16085 isolated_file:0
[  810.705919][T19394]  unevictable:1768 dirty:306 writeback:0
[  810.705919][T19394]  slab_reclaimable:7022 slab_unreclaimable:67812
[  810.705919][T19394]  mapped:30626 shmem:4667 pagetables:1362
[  810.705919][T19394]  sec_pagetables:314 bounce:0
[  810.705919][T19394]  kernel_misc_reclaimable:0
[  810.705919][T19394]  free:65174 free_pcp:23 free_cma:0
[  810.707187][T19367] ======================================================
[  810.707199][T19367] WARNING: possible circular locking dependency detected
[  810.708354][T19394] Node 0 active_anon:0kB inactive_anon:304kB active_file:0kB inactive_file:148kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:8kB writeback:0kB shmem:3540kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8596kB pagetables:1656kB sec_pagetables:1120kB all_unreclaimable? yes Balloon:0kB
[  810.710904][T19367] syzkaller #0 Tainted: G             L     
[  810.712472][T19394] Node 0 
[  810.714799][T19367] ------------------------------------------------------
[  810.714814][T19367] syz-executor/19367 is trying to acquire lock:
[  810.714827][T19367] ffffffff8e9aa8a0 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x6f0
[  810.714881][T19367] 
[  810.714881][T19367] but task is already holding lock:
[  810.714887][T19367] ffff88805f9bf538 (&idev->mc_lock){+.+.}-{4:4}, at: __ipv6_dev_mc_inc+0x53/0xbc0
[  810.714936][T19367] 
[  810.714936][T19367] which lock already depends on the new lock.
[  810.714936][T19367] 
[  810.714943][T19367] 
[  810.714943][T19367] the existing dependency chain (in reverse order) is:
[  810.714949][T19367] 
[  810.714949][T19367] -> #7 (&idev->mc_lock){+.+.}-{4:4}:
[  810.714974][T19367]        __mutex_lock+0x1a2/0x1b90
[  810.714994][T19367]        __ipv6_dev_mc_inc+0x53/0xbc0
[  810.715016][T19367]        __ipv6_sock_mc_join+0x5b8/0x8e0
[  810.715039][T19367]        do_ipv6_mcast_group_source+0x21e/0x270
[  810.715059][T19367]        do_ipv6_setsockopt+0x1d89/0x4400
[  810.715078][T19367]        ipv6_setsockopt+0xcb/0x170
[  810.715095][T19367]        tcp_setsockopt+0xa7/0x100
[  810.716987][T19394] DMA free:2388kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:92kB local_pcp:32kB free_cma:0kB
[  810.719728][T19367]        do_sock_setsockopt+0xf3/0x1d0
[  810.721988][T19394] lowmem_reserve[]:
[  810.724894][T19367]        __sys_setsockopt+0x119/0x190
[  810.724938][T19367]        __ia32_sys_setsockopt+0xbc/0x160
[  810.724965][T19367]        __do_fast_syscall_32+0xe3/0x8c0
[  810.726762][T19394]  0
[  810.728973][T19367]        do_fast_syscall_32+0x32/0x70
[  810.729009][T19367]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  810.730726][T19394]  285
[  810.732858][T19367] 
[  810.732858][T19367] -> #6 (sk_lock-AF_INET6
[  810.735052][T19394]  285
[  810.736859][T19367] ){+.+.}-{0:0}:
[  810.736874][T19367]        lock_sock_nested+0x41/0xf0
[  810.736898][T19367]        inet_shutdown+0x67/0x410
[  810.736911][T19367]        nbd_mark_nsock_dead+0xae/0x5c0
[  810.744344][T19394]  285
[  810.745946][T19367]        sock_shutdown+0x16b/0x200
[  810.745979][T19367]        nbd_config_put+0x1eb/0x750
[  810.748103][T19394]  285
[  810.750174][T19367]        nbd_genl_connect+0xaf8/0x1a40
[  810.750209][T19367]        genl_family_rcv_msg_doit+0x214/0x300
[  810.750233][T19367]        genl_rcv_msg+0x560/0x800
[  810.751927][T19394] 
[  810.754314][T19367]        netlink_rcv_skb+0x159/0x420
[  810.756344][T19394] Node 0 
[  810.758520][T19367]        genl_rcv+0x28/0x40
[  810.758558][T19367]        netlink_unicast+0x5aa/0x870
[  810.758579][T19367]        netlink_sendmsg+0x8b0/0xda0
[  810.760532][T19394] DMA: 
[  810.762788][T19367]        ____sys_sendmsg+0x9e1/0xb70
[  810.764776][T19394] 37*4kB 
[  810.767093][T19367]        ___sys_sendmsg+0x190/0x1e0
[  810.767129][T19367]        __sys_sendmsg+0x170/0x220
[  810.769198][T19394] (U) 
[  810.771126][T19367]        __do_fast_syscall_32+0xe3/0x8c0
[  810.772877][T19394] 14*8kB 
[  810.774883][T19367]        do_fast_syscall_32+0x32/0x70
[  810.774922][T19367]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  810.774948][T19367] 
[  810.774948][T19367] -> #5 (
[  810.776979][T19394] (U) 
[  810.779741][T19367] &nsock->tx_lock){+.+.}-{4:4}:
[  810.779782][T19367]        __mutex_lock+0x1a2/0x1b90
[  810.779816][T19367]        nbd_queue_rq+0x428/0x1080
[  810.779843][T19367]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  810.779963][T19367]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  810.779995][T19367]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  810.780025][T19367]        blk_mq_run_hw_queue+0x23c/0x670
[  810.780053][T19367]        blk_mq_dispatch_list+0x51d/0x1360
[  810.780082][T19367]        blk_mq_flush_plug_list+0x130/0x600
[  810.780114][T19367]        __blk_flush_plug+0x2c4/0x4b0
[  810.780144][T19367]        __submit_bio+0x584/0x6c0
[  810.782659][T19394] 7*16kB 
[  810.785075][T19367]        submit_bio_noacct_nocheck+0x562/0xc10
[  810.785115][T19367]        submit_bio_noacct+0xd17/0x2010
[  810.785137][T19367]        submit_bh_wbc+0x59c/0x770
[  810.786918][T19394] (U) 
[  810.789123][T19367]        block_read_full_folio+0x264/0x8e0
[  810.789159][T19367]        filemap_read_folio+0xfc/0x3b0
[  810.789183][T19367]        do_read_cache_folio+0x2d7/0x6b0
[  810.789199][T19367]        read_part_sector+0xd1/0x370
[  810.790809][T19394] 3*32kB 
[  810.792892][T19367]        adfspart_check_ICS+0x93/0x910
[  810.794739][T19394] (U) 
[  810.796597][T19367]        bdev_disk_changed+0x7f8/0xc80
[  810.796629][T19367]        blkdev_get_whole+0x187/0x290
[  810.796648][T19367]        bdev_open+0x2c7/0xe40
[  810.798322][T19394] 2*64kB 
[  810.800652][T19367]        blkdev_open+0x34e/0x4f0
[  810.800692][T19367]        do_dentry_open+0x6d8/0x1660
[  810.800710][T19367]        vfs_open+0x82/0x3f0
[  810.800728][T19367]        path_openat+0x208c/0x31a0
[  810.800745][T19367]        do_file_open+0x20e/0x430
[  810.800761][T19367]        do_sys_openat2+0x10d/0x1e0
[  810.800785][T19367]        __x64_sys_openat+0x12d/0x210
[  810.800806][T19367]        do_syscall_64+0x106/0xf80
[  810.800826][T19367]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.800844][T19367] 
[  810.800844][T19367] -> #4 (&cmd->lock){+.+.}-{4:4}:
[  810.800873][T19367]        __mutex_lock+0x1a2/0x1b90
[  810.802997][T19394] (U) 
[  810.804979][T19367]        nbd_queue_rq+0xba/0x1080
[  810.806884][T19394] 0*128kB 
[  810.809144][T19367]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  810.811842][T19394] 1*256kB 
[  810.813170][T19367]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  810.815136][T19394] (U) 
[  810.817319][T19367]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  810.819064][T19394] 1*512kB 
[  810.820617][T19367]        blk_mq_run_hw_queue+0x23c/0x670
[  810.820645][T19367]        blk_mq_dispatch_list+0x51d/0x1360
[  810.820662][T19367]        blk_mq_flush_plug_list+0x130/0x600
[  810.822843][T19394] (U) 
[  810.824428][T19367]        __blk_flush_plug+0x2c4/0x4b0
[  810.831294][T19394] 1*1024kB 
[  810.834668][T19367]        __submit_bio+0x584/0x6c0
[  810.834725][T19367]        submit_bio_noacct_nocheck+0x562/0xc10
[  810.834757][T19367]        submit_bio_noacct+0xd17/0x2010
[  810.837854][T19394] (U) 
[  810.841180][T19367]        submit_bh_wbc+0x59c/0x770
[  810.844099][T19394] 0*2048kB 
[  810.847179][T19367]        block_read_full_folio+0x264/0x8e0
[  810.847223][T19367]        filemap_read_folio+0xfc/0x3b0
[  810.850116][T19394] 0*4096kB 
[  810.851267][T19367]        do_read_cache_folio+0x2d7/0x6b0
[  810.851301][T19367]        read_part_sector+0xd1/0x370
[  810.851327][T19367]        adfspart_check_ICS+0x93/0x910
[  810.852473][T19394] = 2388kB
[  810.853590][T19367]        bdev_disk_changed+0x7f8/0xc80
[  810.853628][T19367]        blkdev_get_whole+0x187/0x290
[  810.853653][T19367]        bdev_open+0x2c7/0xe40
[  810.868549][T19394] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  810.871838][T19367]        blkdev_open+0x34e/0x4f0
[  810.878740][T19394] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  810.887339][T19367]        do_dentry_open+0x6d8/0x1660
[  810.887380][T19367]        vfs_open+0x82/0x3f0
[  810.887401][T19367]        path_openat+0x208c/0x31a0
[  810.887420][T19367]        do_file_open+0x20e/0x430
[  810.887437][T19367]        do_sys_openat2+0x10d/0x1e0
[  810.887460][T19367]        __x64_sys_openat+0x12d/0x210
[  810.887483][T19367]        do_syscall_64+0x106/0xf80
[  810.887504][T19367]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.887526][T19367] 
[  810.887526][T19367] -> #3 (set->srcu){.+.+}-{0:0}:
[  810.887558][T19367]        __synchronize_srcu+0xa2/0x300
[  810.887585][T19367]        blk_mq_quiesce_queue+0x149/0x1c0
[  810.887610][T19367]        elevator_switch+0x17b/0x7e0
[  810.887633][T19367]        elevator_change+0x352/0x530
[  810.887655][T19367]        elevator_set_default+0x29e/0x360
[  810.889911][T19394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  810.891075][T19367]        blk_register_queue+0x412/0x590
[  810.891110][T19367]        __add_disk+0x73f/0xe40
[  810.891125][T19367]        add_disk_fwnode+0x118/0x5c0
[  810.893481][T19394] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  810.896066][T19367]        nbd_dev_add+0x77a/0xb10
[  810.896102][T19367]        nbd_init+0x291/0x2b0
[  810.899827][T19394] 25765 total pagecache pages
[  810.903395][T19367]        do_one_initcall+0x11d/0x760
[  810.903437][T19367]        kernel_init_freeable+0x6e5/0x7a0
[  810.906983][T19394] 1094 pages in swap cache
[  810.911473][T19367]        kernel_init+0x1f/0x1e0
[  810.911516][T19367]        ret_from_fork+0x754/0xd80
[  810.911543][T19367]        ret_from_fork_asm+0x1a/0x30
[  810.914499][T19394] Free swap  = 102120kB
[  810.917538][T19367] 
[  810.917538][T19367] -> #2 (&q->elevator_lock){+.+.}-{4:4}:
[  810.917580][T19367]        __mutex_lock+0x1a2/0x1b90
[  810.917607][T19367]        elevator_change+0x1bc/0x530
[  810.917630][T19367]        elevator_set_none+0x92/0xf0
[  810.917651][T19367]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  810.917668][T19367]        nbd_start_device+0x1a6/0xbd0
[  810.917690][T19367]        nbd_genl_connect+0xff2/0x1a40
[  810.917710][T19367]        genl_family_rcv_msg_doit+0x214/0x300
[  810.917732][T19367]        genl_rcv_msg+0x560/0x800
[  810.917751][T19367]        netlink_rcv_skb+0x159/0x420
[  810.917769][T19367]        genl_rcv+0x28/0x40
[  810.917787][T19367]        netlink_unicast+0x5aa/0x870
[  810.919584][T19394] Total swap = 124996kB
[  810.921786][T19367]        netlink_sendmsg+0x8b0/0xda0
[  810.921824][T19367]        ____sys_sendmsg+0x9e1/0xb70
[  810.921845][T19367]        ___sys_sendmsg+0x190/0x1e0
[  810.923832][T19394] 524155 pages RAM
[  810.926806][T19367]        __sys_sendmsg+0x170/0x220
[  810.926846][T19367]        __do_fast_syscall_32+0xe3/0x8c0
[  810.926871][T19367]        do_fast_syscall_32+0x32/0x70
[  810.929152][T19394] 0 pages HighMem/MovableOnly
[  810.931440][T19367]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  810.931487][T19367] 
[  810.931487][T19367] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}
[  810.933356][T19394] 210148 pages reserved
[  810.946301][T19367] :
[  810.946322][T19367]        blk_alloc_queue+0x610/0x790
[  810.946428][T19367]        blk_mq_alloc_queue+0x174/0x290
[  810.946442][T19367]        __blk_mq_alloc_disk+0x29/0x120
[  810.946457][T19367]        nbd_dev_add+0x492/0xb10
[  810.949266][T19394] 0 pages cma reserved
[  810.950925][T19367]        nbd_init+0x291/0x2b0
[  810.950958][T19367]        do_one_initcall+0x11d/0x760
[  810.950976][T19367]        kernel_init_freeable+0x6e5/0x7a0
[  811.324300][T19367]        kernel_init+0x1f/0x1e0
[  811.326352][T19367]        ret_from_fork+0x754/0xd80
[  811.328484][T19367]        ret_from_fork_asm+0x1a/0x30
[  811.330737][T19367] 
[  811.330737][T19367] -> #0 (fs_reclaim){+.+.}-{0:0}:
[  811.333748][T19367]        __lock_acquire+0x14b8/0x2630
[  811.336214][T19367]        lock_acquire+0x1cf/0x380
[  811.338560][T19367]        fs_reclaim_acquire+0xc4/0x100
[  811.340594][T19367]        __kmalloc_cache_noprof+0x4b/0x6f0
[  811.343055][T19367]        __ipv6_dev_mc_inc+0x2f1/0xbc0
[  811.345300][T19367]        ipv6_add_dev+0xb78/0x1520
[  811.347416][T19367]        addrconf_notify+0x563/0x19d0
[  811.349640][T19367]        notifier_call_chain+0x99/0x420
[  811.351951][T19367]        call_netdevice_notifiers_info+0xbe/0x110
[  811.354680][T19367]        register_netdevice+0x16e6/0x2210
[  811.357054][T19367]        nsim_create+0xc27/0x1370
[  811.359625][T19367]        __nsim_dev_port_add+0x2f4/0x790
[  811.362053][T19367]        nsim_drv_probe+0xeb7/0x14b0
[  811.364260][T19367]        really_probe+0x241/0xa60
[  811.366409][T19367]        __driver_probe_device+0x1de/0x400
[  811.368809][T19367]        driver_probe_device+0x4c/0x1b0
[  811.371121][T19367]        __device_attach_driver+0x1df/0x340
[  811.373442][T19367]        bus_for_each_drv+0x159/0x1e0
[  811.375464][T19367]        __device_attach+0x1e4/0x4d0
[  811.377763][T19367]        device_initial_probe+0xaf/0xd0
[  811.380320][T19367]        bus_probe_device+0x64/0x160
[  811.382667][T19367]        device_add+0x11d9/0x1950
[  811.384833][T19367]        new_device_store+0x40b/0x700
[  811.387038][T19367]        bus_attr_store+0x74/0xb0
[  811.388901][T19367]        sysfs_kf_write+0xf2/0x150
[  811.390909][T19367]        kernfs_fop_write_iter+0x3e0/0x5f0
[  811.393300][T19367]        vfs_write+0x6ac/0x1070
[  811.395454][T19367]        ksys_write+0x12a/0x250
[  811.397472][T19367]        do_int80_emulation+0x141/0x6b0
[  811.399779][T19367]        asm_int80_emulation+0x1a/0x20
[  811.401761][T19367] 
[  811.401761][T19367] other info that might help us debug this:
[  811.401761][T19367] 
[  811.405241][T19367] Chain exists of:
[  811.405241][T19367]   fs_reclaim --> sk_lock-AF_INET6 --> &idev->mc_lock
[  811.405241][T19367] 
[  811.409943][T19367]  Possible unsafe locking scenario:
[  811.409943][T19367] 
[  811.412907][T19367]        CPU0                    CPU1
[  811.415323][T19367]        ----                    ----
[  811.417863][T19367]   lock(&idev->mc_lock);
[  811.419775][T19367]                                lock(sk_lock-AF_INET6);
[  811.422790][T19367]                                lock(&idev->mc_lock);
[  811.425704][T19367]   lock(fs_reclaim);
[  811.427416][T19367] 
[  811.427416][T19367]  *** DEADLOCK ***
[  811.427416][T19367] 
[  811.430867][T19367] 9 locks held by syz-executor/19367:
[  811.433212][T19367]  #0: ffff88804c18e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  811.436441][T19367]  #1: ffff888051174c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  811.439574][T19367]  #2: ffff888021842968 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  811.442795][T19367]  #3: ffffffff8fb6f1c8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0xfe/0x700
[  811.446108][T19367]  #4: ffff88806973d130 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4d0
[  811.449251][T19367]  #5: ffff888069738250 (&devlink->lock_key#10){+.+.}-{4:4}, at: nsim_drv_probe+0xd4/0x14b0
[  811.452647][T19367]  #6: ffffffff906172e8 (rtnl_mutex){+.+.}-{4:4}, at: nsim_create+0x936/0x1370
[  811.455606][T19367]  #7: ffff888071a70d88 (&dev_instance_lock_key#24){+.+.}-{4:4}, at: register_netdevice+0x16c6/0x2210
[  811.459146][T19367]  #8: ffff88805f9bf538 (&idev->mc_lock){+.+.}-{4:4}, at: __ipv6_dev_mc_inc+0x53/0xbc0
[  811.462245][T19367] 
[  811.462245][T19367] stack backtrace:
[  811.464186][T19367] CPU: 1 UID: 0 PID: 19367 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  811.464204][T19367] Tainted: [L]=SOFTLOCKUP
[  811.464209][T19367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  811.464217][T19367] Call Trace:
[  811.464224][T19367]  <TASK>
[  811.464231][T19367]  dump_stack_lvl+0x100/0x190
[  811.464252][T19367]  print_circular_bug.cold+0x178/0x1c7
[  811.464271][T19367]  check_noncircular+0x146/0x160
[  811.464288][T19367]  __lock_acquire+0x14b8/0x2630
[  811.464304][T19367]  ? __ipv6_dev_mc_inc+0x53/0xbc0
[  811.464321][T19367]  ? __lock_acquire+0x4a5/0x2630
[  811.464335][T19367]  lock_acquire+0x1cf/0x380
[  811.464349][T19367]  ? __kmalloc_cache_noprof+0x4b/0x6f0
[  811.464368][T19367]  fs_reclaim_acquire+0xc4/0x100
[  811.464381][T19367]  ? __kmalloc_cache_noprof+0x4b/0x6f0
[  811.464396][T19367]  __kmalloc_cache_noprof+0x4b/0x6f0
[  811.464411][T19367]  ? __ipv6_dev_mc_inc+0x2f1/0xbc0
[  811.464428][T19367]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  811.464447][T19367]  ipv6_add_dev+0xb78/0x1520
[  811.464458][T19367]  addrconf_notify+0x563/0x19d0
[  811.464477][T19367]  ? ip6mr_device_event+0x1bc/0x230
[  811.464494][T19367]  notifier_call_chain+0x99/0x420
[  811.464510][T19367]  call_netdevice_notifiers_info+0xbe/0x110
[  811.464526][T19367]  register_netdevice+0x16e6/0x2210
[  811.464540][T19367]  ? __pfx_register_netdevice+0x10/0x10
[  811.464551][T19367]  ? debugfs_create_file_full+0x41/0x60
[  811.464717][T19367]  nsim_create+0xc27/0x1370
[  811.464735][T19367]  __nsim_dev_port_add+0x2f4/0x790
[  811.464753][T19367]  ? __pfx___nsim_dev_port_add+0x10/0x10
[  811.464773][T19367]  ? nsim_dev_hwstats_init+0xf5/0x4f0
[  811.464789][T19367]  nsim_drv_probe+0xeb7/0x14b0
[  811.464800][T19367]  ? __pfx_nsim_drv_probe+0x10/0x10
[  811.464812][T19367]  ? kernfs_put+0x3f/0x60
[  811.464830][T19367]  ? sysfs_create_link+0x68/0xc0
[  811.464846][T19367]  ? __pfx_nsim_bus_probe+0x10/0x10
[  811.464859][T19367]  really_probe+0x241/0xa60
[  811.464873][T19367]  __driver_probe_device+0x1de/0x400
[  811.464886][T19367]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  811.464954][T19367]  driver_probe_device+0x4c/0x1b0
[  811.464967][T19367]  __device_attach_driver+0x1df/0x340
[  811.464980][T19367]  ? __pfx___device_attach_driver+0x10/0x10
[  811.464994][T19367]  bus_for_each_drv+0x159/0x1e0
[  811.465013][T19367]  ? __pfx_bus_for_each_drv+0x10/0x10
[  811.465032][T19367]  __device_attach+0x1e4/0x4d0
[  811.465045][T19367]  ? __pfx___device_attach+0x10/0x10
[  811.465057][T19367]  ? do_raw_spin_unlock+0x145/0x1e0
[  811.465076][T19367]  device_initial_probe+0xaf/0xd0
[  811.465090][T19367]  bus_probe_device+0x64/0x160
[  811.465101][T19367]  device_add+0x11d9/0x1950
[  811.465116][T19367]  ? __pfx_device_add+0x10/0x10
[  811.465130][T19367]  ? lockdep_init_map_type+0x5c/0x250
[  811.465145][T19367]  ? __init_waitqueue_head+0xca/0x150
[  811.465165][T19367]  new_device_store+0x40b/0x700
[  811.465179][T19367]  ? __pfx_new_device_store+0x10/0x10
[  811.465194][T19367]  ? find_held_lock+0x2b/0x80
[  811.465204][T19367]  ? sysfs_file_kobj+0xe4/0x290
[  811.465218][T19367]  ? sysfs_file_kobj+0xe4/0x290
[  811.465231][T19367]  ? __pfx_new_device_store+0x10/0x10
[  811.465245][T19367]  bus_attr_store+0x74/0xb0
[  811.465261][T19367]  ? __pfx_bus_attr_store+0x10/0x10
[  811.465276][T19367]  sysfs_kf_write+0xf2/0x150
[  811.465291][T19367]  kernfs_fop_write_iter+0x3e0/0x5f0
[  811.465303][T19367]  ? __pfx_sysfs_kf_write+0x10/0x10
[  811.465318][T19367]  vfs_write+0x6ac/0x1070
[  811.465329][T19367]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  811.465342][T19367]  ? __pfx_vfs_write+0x10/0x10
[  811.465352][T19367]  ? __pfx_do_sys_openat2+0x10/0x10
[  811.465370][T19367]  ksys_write+0x12a/0x250
[  811.465380][T19367]  ? __pfx_ksys_write+0x10/0x10
[  811.465392][T19367]  do_int80_emulation+0x141/0x6b0
[  811.465406][T19367]  asm_int80_emulation+0x1a/0x20
[  811.465418][T19367] RIP: 0023:0xf7195cab
[  811.465430][T19367] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  811.465441][T19367] RSP: 002b:00000000ffba4ebc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  811.465452][T19367] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000ffba4f80
[  811.465459][T19367] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  811.465469][T19367] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  811.465476][T19367] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  811.465482][T19367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  811.465491][T19367]  </TASK>
[  811.627126][ T5940] Bluetooth: hci0: command tx timeout
[  811.651965][T19367] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  812.627329][T14371] bridge_slave_1: left allmulticast mode
[  812.629351][T14371] bridge_slave_1: left promiscuous mode
[  812.631461][T14371] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.635134][T14371] bridge_slave_0: left allmulticast mode
[  812.637158][T14371] bridge_slave_0: left promiscuous mode
[  812.639438][T14371] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.695583][T14371] bond2 (unregistering): (slave ip6gretap1): Releasing active interface
[  812.722190][T14371] erspan0 (unregistering): left promiscuous mode
[  812.821663][T14371] bond0 (unregistering): left promiscuous mode
[  812.823895][T14371] bond_slave_0: left promiscuous mode
[  812.826232][T14371] bond_slave_1: left promiscuous mode
[  812.830031][T14371] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  812.834474][T14371] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  812.838673][T14371] bond0 (unregistering): Released all slaves
[  812.843993][T14371] bond1 (unregistering): Released all slaves
[  812.851020][T14371] bond2 (unregistering): Released all slaves
[  812.857366][T14371] bond3 (unregistering): Released all slaves
[  812.864928][T14371] bond4 (unregistering): (slave dummy0): Releasing active interface
[  812.869205][T14371] bond4 (unregistering): Released all slaves
[  812.876281][T14371] bond5 (unregistering): Released all slaves
[  812.954309][T14371] tipc: Left network mode
[  813.108883][   T53] usb 46-1: device descriptor read/8, error -110
[  813.225495][   T53] usb usb46-port1: unable to enumerate USB device
[  813.404651][T14371] team0: left promiscuous mode
[  813.406297][T14371] team_slave_0: left promiscuous mode
[  813.408365][T14371] team_slave_1: left promiscuous mode
[  813.413529][T14371] hsr_slave_1: left promiscuous mode
[  813.415654][T14371] batman_adv: batadv0: Removing interface: batadv_slave_0
[  813.419822][T14371] batman_adv: batadv0: Removing interface: batadv_slave_1
[  813.511525][T14371] team0 (unregistering): Port device team_slave_1 removed
[  813.517567][T14371] team0 (unregistering): Port device team_slave_0 removed
[  813.859561][T14371] IPVS: stop unused estimator thread 0...
[  814.621272][ T6275] bridge_slave_1: left allmulticast mode
[  814.623258][ T6275] bridge_slave_1: left promiscuous mode
[  814.625875][ T6275] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.631351][ T6275] bridge_slave_0: left allmulticast mode
[  814.634014][ T6275] bridge_slave_0: left promiscuous mode
[  814.636644][ T6275] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.641101][ T6275] bridge_slave_1: left allmulticast mode
[  814.644038][ T6275] bridge_slave_1: left promiscuous mode
[  814.650007][ T6275] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.655210][ T6275] bridge_slave_0: left allmulticast mode
[  814.660745][ T6275] bridge_slave_0: left promiscuous mode
[  814.663591][ T6275] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.767556][ T6275] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  814.773020][ T6275] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  814.777536][ T6275] bond0 (unregistering): Released all slaves
[  814.782473][ T6275] bond1 (unregistering): Released all slaves
[  814.892477][ T6275] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  814.897466][ T6275] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  814.902436][ T6275] bond0 (unregistering): Released all slaves
[  814.969639][ T6275] tipc: Left network mode
[  815.541434][ T6275] hsr_slave_0: left promiscuous mode
[  815.543980][ T6275] hsr_slave_1: left promiscuous mode
[  815.566262][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_0
[  815.571572][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_1
[  815.577087][ T6275] hsr_slave_0: left promiscuous mode
[  815.579073][ T6275] hsr_slave_1: left promiscuous mode
[  815.580928][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_0
[  815.583533][ T6275] batman_adv: batadv0: Removing interface: batadv_slave_1
[  815.632693][ T6275] team0 (unregistering): Port device team_slave_1 removed
[  815.637337][ T6275] team0 (unregistering): Port device team_slave_0 removed
[  815.699963][ T6275] team0 (unregistering): Port device team_slave_1 removed
[  815.704474][ T6275] team0 (unregistering): Port device team_slave_0 removed