last executing test programs:

7.346889326s ago: executing program 1 (id=889):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
syz_init_net_socket$nl_generic(0xb, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x24000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)

7.306642803s ago: executing program 2 (id=891):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
setgroups(0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000002e00010026bdf000fcdbdf250400000071acbef16dc29ef20db5b522cb2b865e98ec9a1f3e76961b90171667b87845463dc9de62a95c32cc276dc7e02e68"], 0x14}, 0x1, 0x0, 0x0, 0x4c0d9}, 0x20004000)
mknod(&(0x7f0000000240)='\x00', 0x0, 0xfffffffa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()

6.406293668s ago: executing program 1 (id=894):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
setgroups(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000002e00010026bdf000fcdbdf250400000071acbef16dc29ef20db5b522cb2b865e98ec9a1f3e76961b90171667b87845463dc9de62a95c32cc276dc7e02e68"], 0x14}, 0x1, 0x0, 0x0, 0x4c0d9}, 0x20004000)
mknod(&(0x7f0000000240)='\x00', 0x0, 0xfffffffa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()

5.339389254s ago: executing program 3 (id=897):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'veth1\x00', <r1=>0x0})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mkdirat(0xffffffffffffff9c, 0x0, 0x140)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)=""/226}, {&(0x7f0000000300)=""/33}, {&(0x7f0000000480)=""/185}, {&(0x7f00000005c0)=""/83}], 0x0, &(0x7f0000000640)=""/79}, 0x7fb7}, {{&(0x7f0000000700)=@l2={0x1f, 0x0, @fixed}, 0x0, &(0x7f0000000800)=[{&(0x7f0000000780)=""/87}, {&(0x7f0000000900)=""/194}, {&(0x7f0000000a00)=""/76}, {&(0x7f0000000b00)=""/245}, {&(0x7f0000000c00)=""/67}, {&(0x7f0000000c80)=""/87}], 0x0, &(0x7f0000000d00)=""/146}, 0x3}, {{&(0x7f0000000dc0)=@in={0x2, 0x0, @private}, 0x0, &(0x7f0000001180)=[{&(0x7f0000000e40)=""/135}, {&(0x7f0000000a80)=""/60}, {&(0x7f0000000f80)=""/221}, {&(0x7f0000000f00)=""/34}, {&(0x7f0000001080)=""/236}], 0x13}, 0xeaff}, {{&(0x7f00000011c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x0, &(0x7f0000000100)}, 0xfd32}], 0x80000f7, 0x122, 0x0)
mount(&(0x7f0000000080)=@nullb, 0x0, 0x0, 0xa48410, 0x0)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r6, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r6, &(0x7f0000000ac0)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xc0fe}}], 0x1, 0xff14)
getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000040)=0x7, &(0x7f0000000080)=0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x11, 0xe}]}}]}, 0x38}}, 0x0)

3.632325438s ago: executing program 2 (id=900):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1, 0x8}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x50, 0x2c, 0xd27, 0x30bd29, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x10, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xff}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0xe6a7, 0xfe00}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20048084}, 0x2008c010)

3.63131163s ago: executing program 3 (id=901):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
write$FUSE_CREATE_OPEN(r2, 0x0, 0x0)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x271f, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\a\x00\x00'], 0xfe33)
write$UHID_INPUT(r2, &(0x7f00000006c0)={0x8, {"829a128461db416d4a20025983cf707bc2eff840baf1d0261ab876aa829f17579c64a9560263929769364484282f1c7eeb51e6c617084ff5e261c160c274a243b9cd47d5f371021e17fffa0f4841387bcfa580939bde2a6ea2a7f80cc5cb81d49b96257aa13cb7fc7eeecaa2ff932ca7e34851638ad904f3df9ec70618714e90764bd41b6302c0a17c85ff82c4bd36fc35fe8cd64b63d5c6d5bfb2f3619e5925deb26cd1a1d10726960769baca5f89adc31230f5260e8943d2763295bef5fb7ae38b0710e667e5b3519bf116ee2a137d288e823b7a4a63ce7f49ab8d9e7543012ca4cab3f497083be08fdf25049b7f8d60adc64c72c51c812b2c0af49844f2cc460d70d90dd9bb1844a49eea4dd6f1ce35c7255fdab3565c741075c61e942386e0095ae8cc5c9aa00e5e1438b109356473099213386b6b17a3ea0b2ad920f99c102ab8c37e66dc077af3ccaa89ce98f7adfe90319d88dd40d29ca1f3d316ee14552f96bf8014ec22bc92e71c4c5a6c3ee3eaadcff206e5f77eda7fd84c6483225d9d2725d273f3fdde5afe5bda9ef74cfe781bef7bec99271947cfca758df0a53f360f32826623fec36d0e661ba71cb3a196adfaf7d6bd499d01eeec21c680a34002b5eaf0fded94194a814149d42463b9fb22c2275335a3d6217f651b51e75f2001bbf46a6cbdf4310b830c8ad430410ceddcfd7df228ccdb3d6cd5c9f85ca7b5ee9f24cc5e50a035a1b394708f09d0700248b84490ec25c9f15df8aa0d17f51296bc70501f1ac89dc3bea431385b98c4a8814e8c79f3d744c5e39dfce7ddf567aaf197eb11efcd7562b52d38c15f242d4574ea04c4f30c026d50b978c1921a91c082f10ddef62761d5f624c34392b1044d7050b1503b06db323c69bc64b208a28d40af33859e4f2dc35fa80869e26f7444643f2d2268d65ea0bac1d07de2b11a454d0e617e0ab0261356180cad09c04abfc9ab11add4c6a6bc79d3329d7bb84ac6104f36afd33c3768a3ee804d6e64eb916540c3f4f0cc33e0509ab297659baf8e1686c5e7f5b229d5a34323524d1d5dadd707583f3292b4e3ffe5aae3fa0ff379bf7ece8519bfd445f7363553a620bae6e4c63356a22217673671896c09ed5b78122e1f29443ec0bb074c23be8b408394d236bab3ed991148505d1a7439883d8f5b76e595b5d46623eae8387c743ea32ef7635d07921bf980564e712a8ea5329d1e82c4bfdc37b0a1579e8f6a90c8e2b7205da5633b6a38d69b14b8e7ca72ba5e363cad4cf14965ef6bee73f1c8261134a1791b9e9c413a39ed38c90205f3992c08e2a50a2ae3c92a4b448f687490afaa76ea973ebfdd4dc707292ffac25eefe17f4abffecf91588dd9c52e9edc5fa2f79603551ca65217b640f052046fcc0213b738b4b6f1cf27313c2b39aae46313ca7e92725e0e0ef9f9a019d014f88c536de0596d7b3ef6ffc24a1a8cc7979ba5a173b6558bceb6c0c23118fdb5f6e6226fd0d4c320eabb6d98a97f46aecfc3e87d3a398255cd1a5f3f21239d0b1dac413f893ca378a81ea49555db314ab546751a8cd9680e619011d3f9b4e094232a2c4352c4c2ada7c8bcac15c7dd7bfafea77a566312b0e5a6290e9a02aba760a25e9e28707cbf2cd82ef77bcd4c147f8e1b3badc2b6a023350e488d67d551e730d002cc8c8a0a6c12a4ef6625fa282733390e160ca698162d501ae4c30622830650319b83c98d6620b243ecca6cc1abc6ac6032309bfa04aac495f69529e0a67eede3a6c989f46cd415765f49593573e3116652e55a1d8d5070e2f20ca81b5cfea961d9df117c0f35225011acc6dad4424c1d18f1064241e4b379967cb8087fe162b6f0aa6528c8051e64b1b1666c1ae27887b093c8b4ec1d9cbe325c17ab497f51ff0300217708f7ef03834476ea287a591846e17cd60a5c02a37affbf2b59a9bf34985a5e82ce36d5090a2e0786b4dd101009851a65d0bf2ff21e9e33e7685576baa8768d56efa661315abdc037e7e33731d5e3246a583d217e549541869dbd1d76b193576b748a58f931c5e34a8f8b5ec8662a941d256593fb3ed85088ce59d05890dacc83d0c6cea8b8732e96ea65bd718e40e704f79ef74e58a4b137346525e29cdf7c8c446a9a2f846a87f206b8b38f5cc1672635a60d02af294b5f290d101948f8ef8500567abb2682751dab0ba8204b701ed0595cfc297a40a78838c424cb67d8efd6d39a728d3fc41b956821d8f8b946c70c7adfbc5f5403b5d6381cf530c0644aba84144fd8e96b07fc0f5d49d092765e308502f08f1c54586e777be83a72b45cbbcd0a1e4cbe07c656c7ff4b32ebede62d388ef9072207e4fe6dd74de0e4cda505213d57d972644d03aa51d3b1f32acb5b704fe68255f7c8dde32823c06e785bcc88fdd3765a86e0f7cc12d7aa4f1aa1b9fb865d51ad115a0775bbceb08c29d73ce5e212a8c21b534a8775d427bca38bb129fad469aa641b8e394904e6e10bff14dd2595731ba5b931c54fa1d2a4527fa0c252b2279759bb6e22d7ba801be6ccd338da967328a9527292621b2626ef9105b251715f7e2da5f923fc3d43a415fe84f10ba0e8f4e701534fe52456fb03d3f480972f682269a5c11456057fc1433a33e08f551ca8ad3929ba498248151b82d70af4f642e5928763fab8be22afa3f26d65a852013ce22e2db1c399012b79f69ea08083b4c97710463829b53bdd5116ae3257f2aab98873fee1e65ffe74ad819223bdfc8a358a109782fc51d6b115a2d452605269c7cbe2f1583d416aa1eb4f65288ba14d7619b23aa18b476f04ae9c70efd18f6780b5980fe585ccd836a78ea8fb15d53147f502bc9ffe2f7d9d49f97b588b2b2f266b9b0272707ad9c906755851ffa4ea095c2b56efe3c65265fcbdf42a1a4be4ec7ba44afa809f21aaaf04f239ccd5d44b783220cc63bbac01f37261cc81fa29d2adc38f5fe16dcc848c1af522e859f88da61e36b975c7c035788f175e1bc7b3d3aa5bac7ac7e56141296970d9ed920545f40c6236ca63ca4004a0822e85af1cc55baf326ea3d80a93ce734cca61d2cd42e36b66f1d58f01d91b4fca38120ec379e40c786710216f82a45d918eefb747ae6f5fac1ad7161f63bf6705a67395e6f63c861ff4cbcce34c104528d643f06ebd20395a6d4077b41efea61c7047d760553d707a39ecbe335deadbd5fee8d8b26f65b406e63366b1a5dcadafe652ee479694f9ac0e72b023a869a46aca3e0e8126ef487e2b9530e95224d2fe562576fe70e954f869c78d156d07b5b97b886cf9f547821906c8312c4a82ebe9d54c7498ef9fc2b996a08a774f8da59c5ca1eaa58dee3bfcd863c74fd783a0f71bb85c759d47d8e4855a476c13b518516911425e0d8e197e83354800480efda14b7061bbaf97669fc552f18abad10a53d49fe42e496a54d32eace77d1f915265576a4ac7b44436bb4b152c8b04ac0fd062687b302c1ea620ce6d90e3b2bdd73e21e40b5ff4e79819f69d1f2b3ae59671f99cb57b787d9f81d7b2ee7c873f7eaad029452c51eb4dea1d0642a32e149d469df4fba0d86583a8a3ef289c8473990e2df192913be26495ec4631da5e276ed06ce2dd23d2a62b7ba85f4961384a3df7cb1ca7d64c09e1a1bc6dffd2d4a18afb89f772ec182324f584b13792c40a77a48a0befedaf8e56689fd2a068d4d92ae7feaa7ebb8ef15c62b8c61d27c04908fd2787d0111029f0ae6c533c91554ddcf2f7c0a265d1c99dc7c84badad68d1aa436cb5f52fdab2d813ff2356f2b04c01376e2044ac33e1b8330280fef27d2c33d6d4cec9b7db0df9b3b59b786b093987754db163d86dd27af03013d5610393c46deb291c4eda88ca20e8b3ced20d1c2db12bb3e951530149cee359685f30db68c5f7a9b97ad628af0e24b0bc824afb8b490ca3f68710bd523ec0ad071bbe7edfd558abb77585e5ddebb8c55faa40e20427fde43840009a8f7e6c02659499c62c154302c8d36058c52047744396727d72133bbb8b64f686634ee233211ed17abefa426158c829889d5de143e4947d9fdf768d62bd5f5263943d9b058445448188103aedf21450879e6ad568eac59065b4d23b3609f70159a81b439d3c8fb5284b32176dbf134f26c2078e55611ab51e8a25cbd9afeb765cccdedb3150a1749c35d684e2b8334cf69b4ed38cf74e8023c88f77bf7357a51609d2167ceb50efaa31a32daa26011f46b6004a787fe9171ce52e7f2e882adcf4064e5531b416e00abd78218d6e98e8baa00e21d5e422303a2e3c65dbd703e52afbdeba0c2edc139d60e3b3576aaacc47799e53ec380bc8cd4f413ed4dce3932b06ac5849a912671821260b08442c2899b3851c8b2da079303826b2f97e405100d99dd235f0cbd5f028433c80e7dc504371815424d650336ec05cee3e02302dad30404d0adf690816ad0d6720f4f842b6f98083cce0e36cb351f5f21711c4ba7b0247ca1fca220fce5d7fefe30c5500e2fa6489437010314024d42a8a5ad736731c46b8c6e825242cc31530bac65f79cdc56bb17c99247a9f833480029d4625a8595315f1b4b7988820f01748d0848095c57626530e409dcb9c2963d00ff8cbbd0d7e4cf826e8bac15f52e3745e62dcb5070571ac236563e2422c996639a27aa1eda28e1fc7614e6411030b2e92b211dedeb07a337837169b12ad94172fd87d4637a9b1294e3c9f8d3b3b6b5b22b76b5e4bee60261bb62e95ca4dd9f459982e716897de84eb5e7ce1f52fcf6c745469010efe4e8fb73bc6613935e63307f79aa282322e5c4095ce12441908a6b487150b98e906acb5204c0d3daaf19f60f593d1356583e96179a999c995f8bbeb711c809c49bc0eb53ca082e1983b7a4702dc6330dd98ab62428bef3b673682528460d3d1fd899d5a65c504a25077ee1a19c20e0a607035c1dea502afbe217317edcec4132ebcffb6451d4c5b5c26203fd1dd29b1081462e3c469e8feb39723e35f1e8dc49cd4ae13db0744e62a2b9360d4bfa994e236c24d980298b8c60e529a869916f0c12f866e488417f388c27f8638c91ab1f52d658367e1483e4057bb184f1e344782223112655985bbbb69f385ffab71aca01f153dfcc1ec0eecda488d4252cf80896cc3a61c98aa1e5a0aa66f597f65dfc90a7c6bcbd82644ed8c51ded33e1340d51e676809631d5382ede58947b21bb7f132afbf1c386d3349b335cc898e475651f1b089daa9e2c07b8e76fc3c71f61d6e7fadd98b2dc9c51e18225798464de485026ffb95b04c4c2aa638b27f3190141f086806627b72110a716ce75cd0bb8e8d2d50182e92f7f8a2d53237d169d00cde4e8622c6137acc4a3f32763fb4d88d3b4c857314048dbd283df1fa19d23ad37d62bdd33708ca5917e5f1f2d9a18414455ed0e6c73786cd39c8ac98bf2ff26a05b2e33e06d0a5070ad0920307ce8e91d7493ca621337e71a21067b3e30d2cb3937a481acd26b8d79f30c75662b4b2771e4d437aa0de0318a75213eb08e340710fa83424f480a9ae29899d5981375d165afc83b48167ebd4d905bc295b1a76bdf2ff6ca308969e58bedd109cf5a6fd0a17174e66edb203ba0d3e0ccdfbfaf6de35d6dc0e06bc9f1190e702ca653e80f56bfe37e89fed66feac52201af13ac87f13e24204c9a7f46554d05abfc88aca791bccbd885370b91d03a9d1617a2d052112778ecac2c85b8df05dc1a35452051ac8ec03c2c349f51307c4873452a3e5b626e6aec7fe0440f4f3ab90765beca4385d1abd22983cab1bd106ff0bb5e8ace5857b20", 0x1000}}, 0x1006)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r6, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r4, 0x40000000)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x1, 0xd59f83, 0x7, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})

3.536913546s ago: executing program 1 (id=902):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
syz_init_net_socket$nl_generic(0xb, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x24000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)

3.391881863s ago: executing program 2 (id=903):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000001c0)={0x0, 0x2}, 0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4000cd}, 0x8)
sendmmsg$inet6(r0, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000040)={0x0, 0x7, 0xd1}, 0x8) (fail_nth: 1)

3.202251748s ago: executing program 2 (id=904):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x101082, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x2)
unlink(&(0x7f00000002c0)='./file0\x00')
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x101080, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
ftruncate(r2, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x2)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18ffffff7f006b6288740000fedfff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @void}, 0x10)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f00008c9000/0x1000)=nil, 0x1000, 0x1000000, 0x810, r1, 0x180000000)
creat(&(0x7f00000002c0)='./file0\x00', 0x51)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)

3.106172677s ago: executing program 0 (id=905):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x20001, 0x0, 0x96b45edffc0762f4}, 0x18)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x14002, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x2)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r4)
fchdir(r3)
r5 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r5, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ptrace$poke(0x5, r4, &(0x7f0000000200), 0x3)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0xf)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0)

3.02668546s ago: executing program 0 (id=906):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
syz_init_net_socket$nl_generic(0xb, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x24000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)

2.606474937s ago: executing program 1 (id=907):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
rseq(&(0x7f0000000400), 0x20, 0xfffffffe, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x24000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)

2.606081454s ago: executing program 3 (id=908):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0xc}]}}}]}]}], {0x14}}, 0x74}}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="180800ec0c00000000000000000000001801000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000380)={'syzkaller1\x00', @link_local})
bpf$MAP_CREATE(0x0, &(0x7f0000000f00)=@base={0x5, 0x4, 0xfff, 0x7}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

2.470098478s ago: executing program 3 (id=909):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'veth1\x00', <r1=>0x0})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mkdirat(0xffffffffffffff9c, 0x0, 0x140)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000380)=""/226}, {&(0x7f0000000300)=""/33}, {&(0x7f0000000480)=""/185}, {&(0x7f00000005c0)=""/83}], 0x0, &(0x7f0000000640)=""/79}, 0x7fb7}, {{&(0x7f0000000700)=@l2={0x1f, 0x0, @fixed}, 0x0, &(0x7f0000000800)=[{&(0x7f0000000780)=""/87}, {&(0x7f0000000900)=""/194}, {&(0x7f0000000a00)=""/76}, {&(0x7f0000000b00)=""/245}, {&(0x7f0000000c00)=""/67}, {&(0x7f0000000c80)=""/87}], 0x0, &(0x7f0000000d00)=""/146}, 0x3}, {{&(0x7f0000000dc0)=@in={0x2, 0x0, @private}, 0x0, &(0x7f0000001180)=[{&(0x7f0000000e40)=""/135}, {&(0x7f0000000a80)=""/60}, {&(0x7f0000000f80)=""/221}, {&(0x7f0000000f00)=""/34}, {&(0x7f0000001080)=""/236}], 0x13}, 0xeaff}, {{&(0x7f00000011c0)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x0, &(0x7f0000000100)}, 0xfd32}], 0x80000f7, 0x122, 0x0)
mount(&(0x7f0000000080)=@nullb, 0x0, 0x0, 0xa48410, 0x0)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r6, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r6, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
sendmmsg$inet6(r6, &(0x7f0000000ac0)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xc0fe}}], 0x1, 0xff14)
getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000040)=0x7, &(0x7f0000000080)=0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x11, 0xe}]}}]}, 0x38}}, 0x0)

2.386986019s ago: executing program 2 (id=910):
openat$fuse(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x2, 0xb3, &(0x7f0000000140)=""/179, 0x41100, 0x7b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x38}, 0x94)
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
setgroups(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000002e00010026bdf000fcdbdf250400000071acbef16dc29ef20db5b522cb2b865e98ec9a1f3e76961b90171667b87845463dc9de62a95c32cc276dc7e02e68"], 0x14}, 0x1, 0x0, 0x0, 0x4c0d9}, 0x20004000)
mknod(&(0x7f0000000240)='\x00', 0x0, 0xfffffffa)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()

2.116860312s ago: executing program 0 (id=911):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, 0x0, 0x0, 0x4}, 0x94)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r0)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040), &(0x7f0000000600))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_enter(r1, 0x47ba, 0x100, 0x5, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0xb0, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x48, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffa}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc83}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x90}, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000280)={0x8, 0xffffffffffffffff, 0x1, {0x2000000000000008, 0xa44}, 0x80}, 0x1)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xffffffb5, 0x0, &(0x7f0000000280)="432275e2065074ef2415f73227b2", 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0x71, 0x109301)
ioctl$USBDEVFS_CLAIM_PORT(r7, 0x80045518, &(0x7f00000000c0)=0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140), &(0x7f0000000240)=0x4)
r8 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x1, 0x0)
r9 = dup(r8)
ioctl$FIONREAD(r9, 0x541b, 0x0)
sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f00000002c0)="85", 0x890c}], 0x20, &(0x7f00000000c0)=[@sndinfo={0x1c, 0x84, 0x2, {0x6, 0x4, 0x29, 0x200000e}}], 0x1c, 0x2400e044}, 0x6)

1.501826614s ago: executing program 1 (id=912):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x15, 0x5, 0x0)
getsockopt(r2, 0x200000000114, 0x271f, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\a\x00\x00'], 0xfe33)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000006c0)={0x8, {"829a128461db416d4a20025983cf707bc2eff840baf1d0261ab876aa829f17579c64a9560263929769364484282f1c7eeb51e6c617084ff5e261c160c274a243b9cd47d5f371021e17fffa0f4841387bcfa580939bde2a6ea2a7f80cc5cb81d49b96257aa13cb7fc7eeecaa2ff932ca7e34851638ad904f3df9ec70618714e90764bd41b6302c0a17c85ff82c4bd36fc35fe8cd64b63d5c6d5bfb2f3619e5925deb26cd1a1d10726960769baca5f89adc31230f5260e8943d2763295bef5fb7ae38b0710e667e5b3519bf116ee2a137d288e823b7a4a63ce7f49ab8d9e7543012ca4cab3f497083be08fdf25049b7f8d60adc64c72c51c812b2c0af49844f2cc460d70d90dd9bb1844a49eea4dd6f1ce35c7255fdab3565c741075c61e942386e0095ae8cc5c9aa00e5e1438b109356473099213386b6b17a3ea0b2ad920f99c102ab8c37e66dc077af3ccaa89ce98f7adfe90319d88dd40d29ca1f3d316ee14552f96bf8014ec22bc92e71c4c5a6c3ee3eaadcff206e5f77eda7fd84c6483225d9d2725d273f3fdde5afe5bda9ef74cfe781bef7bec99271947cfca758df0a53f360f32826623fec36d0e661ba71cb3a196adfaf7d6bd499d01eeec21c680a34002b5eaf0fded94194a814149d42463b9fb22c2275335a3d6217f651b51e75f2001bbf46a6cbdf4310b830c8ad430410ceddcfd7df228ccdb3d6cd5c9f85ca7b5ee9f24cc5e50a035a1b394708f09d0700248b84490ec25c9f15df8aa0d17f51296bc70501f1ac89dc3bea431385b98c4a8814e8c79f3d744c5e39dfce7ddf567aaf197eb11efcd7562b52d38c15f242d4574ea04c4f30c026d50b978c1921a91c082f10ddef62761d5f624c34392b1044d7050b1503b06db323c69bc64b208a28d40af33859e4f2dc35fa80869e26f7444643f2d2268d65ea0bac1d07de2b11a454d0e617e0ab0261356180cad09c04abfc9ab11add4c6a6bc79d3329d7bb84ac6104f36afd33c3768a3ee804d6e64eb916540c3f4f0cc33e0509ab297659baf8e1686c5e7f5b229d5a34323524d1d5dadd707583f3292b4e3ffe5aae3fa0ff379bf7ece8519bfd445f7363553a620bae6e4c63356a22217673671896c09ed5b78122e1f29443ec0bb074c23be8b408394d236bab3ed991148505d1a7439883d8f5b76e595b5d46623eae8387c743ea32ef7635d07921bf980564e712a8ea5329d1e82c4bfdc37b0a1579e8f6a90c8e2b7205da5633b6a38d69b14b8e7ca72ba5e363cad4cf14965ef6bee73f1c8261134a1791b9e9c413a39ed38c90205f3992c08e2a50a2ae3c92a4b448f687490afaa76ea973ebfdd4dc707292ffac25eefe17f4abffecf91588dd9c52e9edc5fa2f79603551ca65217b640f052046fcc0213b738b4b6f1cf27313c2b39aae46313ca7e92725e0e0ef9f9a019d014f88c536de0596d7b3ef6ffc24a1a8cc7979ba5a173b6558bceb6c0c23118fdb5f6e6226fd0d4c320eabb6d98a97f46aecfc3e87d3a398255cd1a5f3f21239d0b1dac413f893ca378a81ea49555db314ab546751a8cd9680e619011d3f9b4e094232a2c4352c4c2ada7c8bcac15c7dd7bfafea77a566312b0e5a6290e9a02aba760a25e9e28707cbf2cd82ef77bcd4c147f8e1b3badc2b6a023350e488d67d551e730d002cc8c8a0a6c12a4ef6625fa282733390e160ca698162d501ae4c30622830650319b83c98d6620b243ecca6cc1abc6ac6032309bfa04aac495f69529e0a67eede3a6c989f46cd415765f49593573e3116652e55a1d8d5070e2f20ca81b5cfea961d9df117c0f35225011acc6dad4424c1d18f1064241e4b379967cb8087fe162b6f0aa6528c8051e64b1b1666c1ae27887b093c8b4ec1d9cbe325c17ab497f51ff0300217708f7ef03834476ea287a591846e17cd60a5c02a37affbf2b59a9bf34985a5e82ce36d5090a2e0786b4dd101009851a65d0bf2ff21e9e33e7685576baa8768d56efa661315abdc037e7e33731d5e3246a583d217e549541869dbd1d76b193576b748a58f931c5e34a8f8b5ec8662a941d256593fb3ed85088ce59d05890dacc83d0c6cea8b8732e96ea65bd718e40e704f79ef74e58a4b137346525e29cdf7c8c446a9a2f846a87f206b8b38f5cc1672635a60d02af294b5f290d101948f8ef8500567abb2682751dab0ba8204b701ed0595cfc297a40a78838c424cb67d8efd6d39a728d3fc41b956821d8f8b946c70c7adfbc5f5403b5d6381cf530c0644aba84144fd8e96b07fc0f5d49d092765e308502f08f1c54586e777be83a72b45cbbcd0a1e4cbe07c656c7ff4b32ebede62d388ef9072207e4fe6dd74de0e4cda505213d57d972644d03aa51d3b1f32acb5b704fe68255f7c8dde32823c06e785bcc88fdd3765a86e0f7cc12d7aa4f1aa1b9fb865d51ad115a0775bbceb08c29d73ce5e212a8c21b534a8775d427bca38bb129fad469aa641b8e394904e6e10bff14dd2595731ba5b931c54fa1d2a4527fa0c252b2279759bb6e22d7ba801be6ccd338da967328a9527292621b2626ef9105b251715f7e2da5f923fc3d43a415fe84f10ba0e8f4e701534fe52456fb03d3f480972f682269a5c11456057fc1433a33e08f551ca8ad3929ba498248151b82d70af4f642e5928763fab8be22afa3f26d65a852013ce22e2db1c399012b79f69ea08083b4c97710463829b53bdd5116ae3257f2aab98873fee1e65ffe74ad819223bdfc8a358a109782fc51d6b115a2d452605269c7cbe2f1583d416aa1eb4f65288ba14d7619b23aa18b476f04ae9c70efd18f6780b5980fe585ccd836a78ea8fb15d53147f502bc9ffe2f7d9d49f97b588b2b2f266b9b0272707ad9c906755851ffa4ea095c2b56efe3c65265fcbdf42a1a4be4ec7ba44afa809f21aaaf04f239ccd5d44b783220cc63bbac01f37261cc81fa29d2adc38f5fe16dcc848c1af522e859f88da61e36b975c7c035788f175e1bc7b3d3aa5bac7ac7e56141296970d9ed920545f40c6236ca63ca4004a0822e85af1cc55baf326ea3d80a93ce734cca61d2cd42e36b66f1d58f01d91b4fca38120ec379e40c786710216f82a45d918eefb747ae6f5fac1ad7161f63bf6705a67395e6f63c861ff4cbcce34c104528d643f06ebd20395a6d4077b41efea61c7047d760553d707a39ecbe335deadbd5fee8d8b26f65b406e63366b1a5dcadafe652ee479694f9ac0e72b023a869a46aca3e0e8126ef487e2b9530e95224d2fe562576fe70e954f869c78d156d07b5b97b886cf9f547821906c8312c4a82ebe9d54c7498ef9fc2b996a08a774f8da59c5ca1eaa58dee3bfcd863c74fd783a0f71bb85c759d47d8e4855a476c13b518516911425e0d8e197e83354800480efda14b7061bbaf97669fc552f18abad10a53d49fe42e496a54d32eace77d1f915265576a4ac7b44436bb4b152c8b04ac0fd062687b302c1ea620ce6d90e3b2bdd73e21e40b5ff4e79819f69d1f2b3ae59671f99cb57b787d9f81d7b2ee7c873f7eaad029452c51eb4dea1d0642a32e149d469df4fba0d86583a8a3ef289c8473990e2df192913be26495ec4631da5e276ed06ce2dd23d2a62b7ba85f4961384a3df7cb1ca7d64c09e1a1bc6dffd2d4a18afb89f772ec182324f584b13792c40a77a48a0befedaf8e56689fd2a068d4d92ae7feaa7ebb8ef15c62b8c61d27c04908fd2787d0111029f0ae6c533c91554ddcf2f7c0a265d1c99dc7c84badad68d1aa436cb5f52fdab2d813ff2356f2b04c01376e2044ac33e1b8330280fef27d2c33d6d4cec9b7db0df9b3b59b786b093987754db163d86dd27af03013d5610393c46deb291c4eda88ca20e8b3ced20d1c2db12bb3e951530149cee359685f30db68c5f7a9b97ad628af0e24b0bc824afb8b490ca3f68710bd523ec0ad071bbe7edfd558abb77585e5ddebb8c55faa40e20427fde43840009a8f7e6c02659499c62c154302c8d36058c52047744396727d72133bbb8b64f686634ee233211ed17abefa426158c829889d5de143e4947d9fdf768d62bd5f5263943d9b058445448188103aedf21450879e6ad568eac59065b4d23b3609f70159a81b439d3c8fb5284b32176dbf134f26c2078e55611ab51e8a25cbd9afeb765cccdedb3150a1749c35d684e2b8334cf69b4ed38cf74e8023c88f77bf7357a51609d2167ceb50efaa31a32daa26011f46b6004a787fe9171ce52e7f2e882adcf4064e5531b416e00abd78218d6e98e8baa00e21d5e422303a2e3c65dbd703e52afbdeba0c2edc139d60e3b3576aaacc47799e53ec380bc8cd4f413ed4dce3932b06ac5849a912671821260b08442c2899b3851c8b2da079303826b2f97e405100d99dd235f0cbd5f028433c80e7dc504371815424d650336ec05cee3e02302dad30404d0adf690816ad0d6720f4f842b6f98083cce0e36cb351f5f21711c4ba7b0247ca1fca220fce5d7fefe30c5500e2fa6489437010314024d42a8a5ad736731c46b8c6e825242cc31530bac65f79cdc56bb17c99247a9f833480029d4625a8595315f1b4b7988820f01748d0848095c57626530e409dcb9c2963d00ff8cbbd0d7e4cf826e8bac15f52e3745e62dcb5070571ac236563e2422c996639a27aa1eda28e1fc7614e6411030b2e92b211dedeb07a337837169b12ad94172fd87d4637a9b1294e3c9f8d3b3b6b5b22b76b5e4bee60261bb62e95ca4dd9f459982e716897de84eb5e7ce1f52fcf6c745469010efe4e8fb73bc6613935e63307f79aa282322e5c4095ce12441908a6b487150b98e906acb5204c0d3daaf19f60f593d1356583e96179a999c995f8bbeb711c809c49bc0eb53ca082e1983b7a4702dc6330dd98ab62428bef3b673682528460d3d1fd899d5a65c504a25077ee1a19c20e0a607035c1dea502afbe217317edcec4132ebcffb6451d4c5b5c26203fd1dd29b1081462e3c469e8feb39723e35f1e8dc49cd4ae13db0744e62a2b9360d4bfa994e236c24d980298b8c60e529a869916f0c12f866e488417f388c27f8638c91ab1f52d658367e1483e4057bb184f1e344782223112655985bbbb69f385ffab71aca01f153dfcc1ec0eecda488d4252cf80896cc3a61c98aa1e5a0aa66f597f65dfc90a7c6bcbd82644ed8c51ded33e1340d51e676809631d5382ede58947b21bb7f132afbf1c386d3349b335cc898e475651f1b089daa9e2c07b8e76fc3c71f61d6e7fadd98b2dc9c51e18225798464de485026ffb95b04c4c2aa638b27f3190141f086806627b72110a716ce75cd0bb8e8d2d50182e92f7f8a2d53237d169d00cde4e8622c6137acc4a3f32763fb4d88d3b4c857314048dbd283df1fa19d23ad37d62bdd33708ca5917e5f1f2d9a18414455ed0e6c73786cd39c8ac98bf2ff26a05b2e33e06d0a5070ad0920307ce8e91d7493ca621337e71a21067b3e30d2cb3937a481acd26b8d79f30c75662b4b2771e4d437aa0de0318a75213eb08e340710fa83424f480a9ae29899d5981375d165afc83b48167ebd4d905bc295b1a76bdf2ff6ca308969e58bedd109cf5a6fd0a17174e66edb203ba0d3e0ccdfbfaf6de35d6dc0e06bc9f1190e702ca653e80f56bfe37e89fed66feac52201af13ac87f13e24204c9a7f46554d05abfc88aca791bccbd885370b91d03a9d1617a2d052112778ecac2c85b8df05dc1a35452051ac8ec03c2c349f51307c4873452a3e5b626e6aec7fe0440f4f3ab90765beca4385d1abd22983cab1bd106ff0bb5e8ace5857b20", 0x1000}}, 0x1006)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r5, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x40000000)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x1, 0xd59f83, 0x7, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})

1.176482775s ago: executing program 0 (id=913):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x260e, 0x10100, 0x0, 0x170}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r5=>0x0)
io_pgetevents(r5, 0x2, 0x2, &(0x7f0000000100)=[{}, {}], 0x0, 0x0)

847.143559ms ago: executing program 3 (id=914):
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x20001, 0x0, 0x96b45edffc0762f4}, 0x18)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x14002, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x2)
setpgid(0x0, 0x0)
setpgid(0x0, 0x0)
fchdir(r3)
r4 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ptrace$poke(0x5, 0x0, &(0x7f0000000200), 0x3)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0xf)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0)

635.3448ms ago: executing program 3 (id=915):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xfffffff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rseq(&(0x7f0000000400), 0x20, 0xfffffffe, 0x0)
syz_init_net_socket$nl_generic(0xb, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
lseek(0xffffffffffffffff, 0x9, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x24000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0xf0ffff, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)

235.241743ms ago: executing program 1 (id=916):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r2 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
write$FUSE_CREATE_OPEN(r2, 0x0, 0x0)
r3 = socket(0x15, 0x5, 0x0)
getsockopt(r3, 0x200000000114, 0x271f, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r5, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\a\x00\x00'], 0xfe33)
write$UHID_INPUT(r2, &(0x7f00000006c0)={0x8, {"829a128461db416d4a20025983cf707bc2eff840baf1d0261ab876aa829f17579c64a9560263929769364484282f1c7eeb51e6c617084ff5e261c160c274a243b9cd47d5f371021e17fffa0f4841387bcfa580939bde2a6ea2a7f80cc5cb81d49b96257aa13cb7fc7eeecaa2ff932ca7e34851638ad904f3df9ec70618714e90764bd41b6302c0a17c85ff82c4bd36fc35fe8cd64b63d5c6d5bfb2f3619e5925deb26cd1a1d10726960769baca5f89adc31230f5260e8943d2763295bef5fb7ae38b0710e667e5b3519bf116ee2a137d288e823b7a4a63ce7f49ab8d9e7543012ca4cab3f497083be08fdf25049b7f8d60adc64c72c51c812b2c0af49844f2cc460d70d90dd9bb1844a49eea4dd6f1ce35c7255fdab3565c741075c61e942386e0095ae8cc5c9aa00e5e1438b109356473099213386b6b17a3ea0b2ad920f99c102ab8c37e66dc077af3ccaa89ce98f7adfe90319d88dd40d29ca1f3d316ee14552f96bf8014ec22bc92e71c4c5a6c3ee3eaadcff206e5f77eda7fd84c6483225d9d2725d273f3fdde5afe5bda9ef74cfe781bef7bec99271947cfca758df0a53f360f32826623fec36d0e661ba71cb3a196adfaf7d6bd499d01eeec21c680a34002b5eaf0fded94194a814149d42463b9fb22c2275335a3d6217f651b51e75f2001bbf46a6cbdf4310b830c8ad430410ceddcfd7df228ccdb3d6cd5c9f85ca7b5ee9f24cc5e50a035a1b394708f09d0700248b84490ec25c9f15df8aa0d17f51296bc70501f1ac89dc3bea431385b98c4a8814e8c79f3d744c5e39dfce7ddf567aaf197eb11efcd7562b52d38c15f242d4574ea04c4f30c026d50b978c1921a91c082f10ddef62761d5f624c34392b1044d7050b1503b06db323c69bc64b208a28d40af33859e4f2dc35fa80869e26f7444643f2d2268d65ea0bac1d07de2b11a454d0e617e0ab0261356180cad09c04abfc9ab11add4c6a6bc79d3329d7bb84ac6104f36afd33c3768a3ee804d6e64eb916540c3f4f0cc33e0509ab297659baf8e1686c5e7f5b229d5a34323524d1d5dadd707583f3292b4e3ffe5aae3fa0ff379bf7ece8519bfd445f7363553a620bae6e4c63356a22217673671896c09ed5b78122e1f29443ec0bb074c23be8b408394d236bab3ed991148505d1a7439883d8f5b76e595b5d46623eae8387c743ea32ef7635d07921bf980564e712a8ea5329d1e82c4bfdc37b0a1579e8f6a90c8e2b7205da5633b6a38d69b14b8e7ca72ba5e363cad4cf14965ef6bee73f1c8261134a1791b9e9c413a39ed38c90205f3992c08e2a50a2ae3c92a4b448f687490afaa76ea973ebfdd4dc707292ffac25eefe17f4abffecf91588dd9c52e9edc5fa2f79603551ca65217b640f052046fcc0213b738b4b6f1cf27313c2b39aae46313ca7e92725e0e0ef9f9a019d014f88c536de0596d7b3ef6ffc24a1a8cc7979ba5a173b6558bceb6c0c23118fdb5f6e6226fd0d4c320eabb6d98a97f46aecfc3e87d3a398255cd1a5f3f21239d0b1dac413f893ca378a81ea49555db314ab546751a8cd9680e619011d3f9b4e094232a2c4352c4c2ada7c8bcac15c7dd7bfafea77a566312b0e5a6290e9a02aba760a25e9e28707cbf2cd82ef77bcd4c147f8e1b3badc2b6a023350e488d67d551e730d002cc8c8a0a6c12a4ef6625fa282733390e160ca698162d501ae4c30622830650319b83c98d6620b243ecca6cc1abc6ac6032309bfa04aac495f69529e0a67eede3a6c989f46cd415765f49593573e3116652e55a1d8d5070e2f20ca81b5cfea961d9df117c0f35225011acc6dad4424c1d18f1064241e4b379967cb8087fe162b6f0aa6528c8051e64b1b1666c1ae27887b093c8b4ec1d9cbe325c17ab497f51ff0300217708f7ef03834476ea287a591846e17cd60a5c02a37affbf2b59a9bf34985a5e82ce36d5090a2e0786b4dd101009851a65d0bf2ff21e9e33e7685576baa8768d56efa661315abdc037e7e33731d5e3246a583d217e549541869dbd1d76b193576b748a58f931c5e34a8f8b5ec8662a941d256593fb3ed85088ce59d05890dacc83d0c6cea8b8732e96ea65bd718e40e704f79ef74e58a4b137346525e29cdf7c8c446a9a2f846a87f206b8b38f5cc1672635a60d02af294b5f290d101948f8ef8500567abb2682751dab0ba8204b701ed0595cfc297a40a78838c424cb67d8efd6d39a728d3fc41b956821d8f8b946c70c7adfbc5f5403b5d6381cf530c0644aba84144fd8e96b07fc0f5d49d092765e308502f08f1c54586e777be83a72b45cbbcd0a1e4cbe07c656c7ff4b32ebede62d388ef9072207e4fe6dd74de0e4cda505213d57d972644d03aa51d3b1f32acb5b704fe68255f7c8dde32823c06e785bcc88fdd3765a86e0f7cc12d7aa4f1aa1b9fb865d51ad115a0775bbceb08c29d73ce5e212a8c21b534a8775d427bca38bb129fad469aa641b8e394904e6e10bff14dd2595731ba5b931c54fa1d2a4527fa0c252b2279759bb6e22d7ba801be6ccd338da967328a9527292621b2626ef9105b251715f7e2da5f923fc3d43a415fe84f10ba0e8f4e701534fe52456fb03d3f480972f682269a5c11456057fc1433a33e08f551ca8ad3929ba498248151b82d70af4f642e5928763fab8be22afa3f26d65a852013ce22e2db1c399012b79f69ea08083b4c97710463829b53bdd5116ae3257f2aab98873fee1e65ffe74ad819223bdfc8a358a109782fc51d6b115a2d452605269c7cbe2f1583d416aa1eb4f65288ba14d7619b23aa18b476f04ae9c70efd18f6780b5980fe585ccd836a78ea8fb15d53147f502bc9ffe2f7d9d49f97b588b2b2f266b9b0272707ad9c906755851ffa4ea095c2b56efe3c65265fcbdf42a1a4be4ec7ba44afa809f21aaaf04f239ccd5d44b783220cc63bbac01f37261cc81fa29d2adc38f5fe16dcc848c1af522e859f88da61e36b975c7c035788f175e1bc7b3d3aa5bac7ac7e56141296970d9ed920545f40c6236ca63ca4004a0822e85af1cc55baf326ea3d80a93ce734cca61d2cd42e36b66f1d58f01d91b4fca38120ec379e40c786710216f82a45d918eefb747ae6f5fac1ad7161f63bf6705a67395e6f63c861ff4cbcce34c104528d643f06ebd20395a6d4077b41efea61c7047d760553d707a39ecbe335deadbd5fee8d8b26f65b406e63366b1a5dcadafe652ee479694f9ac0e72b023a869a46aca3e0e8126ef487e2b9530e95224d2fe562576fe70e954f869c78d156d07b5b97b886cf9f547821906c8312c4a82ebe9d54c7498ef9fc2b996a08a774f8da59c5ca1eaa58dee3bfcd863c74fd783a0f71bb85c759d47d8e4855a476c13b518516911425e0d8e197e83354800480efda14b7061bbaf97669fc552f18abad10a53d49fe42e496a54d32eace77d1f915265576a4ac7b44436bb4b152c8b04ac0fd062687b302c1ea620ce6d90e3b2bdd73e21e40b5ff4e79819f69d1f2b3ae59671f99cb57b787d9f81d7b2ee7c873f7eaad029452c51eb4dea1d0642a32e149d469df4fba0d86583a8a3ef289c8473990e2df192913be26495ec4631da5e276ed06ce2dd23d2a62b7ba85f4961384a3df7cb1ca7d64c09e1a1bc6dffd2d4a18afb89f772ec182324f584b13792c40a77a48a0befedaf8e56689fd2a068d4d92ae7feaa7ebb8ef15c62b8c61d27c04908fd2787d0111029f0ae6c533c91554ddcf2f7c0a265d1c99dc7c84badad68d1aa436cb5f52fdab2d813ff2356f2b04c01376e2044ac33e1b8330280fef27d2c33d6d4cec9b7db0df9b3b59b786b093987754db163d86dd27af03013d5610393c46deb291c4eda88ca20e8b3ced20d1c2db12bb3e951530149cee359685f30db68c5f7a9b97ad628af0e24b0bc824afb8b490ca3f68710bd523ec0ad071bbe7edfd558abb77585e5ddebb8c55faa40e20427fde43840009a8f7e6c02659499c62c154302c8d36058c52047744396727d72133bbb8b64f686634ee233211ed17abefa426158c829889d5de143e4947d9fdf768d62bd5f5263943d9b058445448188103aedf21450879e6ad568eac59065b4d23b3609f70159a81b439d3c8fb5284b32176dbf134f26c2078e55611ab51e8a25cbd9afeb765cccdedb3150a1749c35d684e2b8334cf69b4ed38cf74e8023c88f77bf7357a51609d2167ceb50efaa31a32daa26011f46b6004a787fe9171ce52e7f2e882adcf4064e5531b416e00abd78218d6e98e8baa00e21d5e422303a2e3c65dbd703e52afbdeba0c2edc139d60e3b3576aaacc47799e53ec380bc8cd4f413ed4dce3932b06ac5849a912671821260b08442c2899b3851c8b2da079303826b2f97e405100d99dd235f0cbd5f028433c80e7dc504371815424d650336ec05cee3e02302dad30404d0adf690816ad0d6720f4f842b6f98083cce0e36cb351f5f21711c4ba7b0247ca1fca220fce5d7fefe30c5500e2fa6489437010314024d42a8a5ad736731c46b8c6e825242cc31530bac65f79cdc56bb17c99247a9f833480029d4625a8595315f1b4b7988820f01748d0848095c57626530e409dcb9c2963d00ff8cbbd0d7e4cf826e8bac15f52e3745e62dcb5070571ac236563e2422c996639a27aa1eda28e1fc7614e6411030b2e92b211dedeb07a337837169b12ad94172fd87d4637a9b1294e3c9f8d3b3b6b5b22b76b5e4bee60261bb62e95ca4dd9f459982e716897de84eb5e7ce1f52fcf6c745469010efe4e8fb73bc6613935e63307f79aa282322e5c4095ce12441908a6b487150b98e906acb5204c0d3daaf19f60f593d1356583e96179a999c995f8bbeb711c809c49bc0eb53ca082e1983b7a4702dc6330dd98ab62428bef3b673682528460d3d1fd899d5a65c504a25077ee1a19c20e0a607035c1dea502afbe217317edcec4132ebcffb6451d4c5b5c26203fd1dd29b1081462e3c469e8feb39723e35f1e8dc49cd4ae13db0744e62a2b9360d4bfa994e236c24d980298b8c60e529a869916f0c12f866e488417f388c27f8638c91ab1f52d658367e1483e4057bb184f1e344782223112655985bbbb69f385ffab71aca01f153dfcc1ec0eecda488d4252cf80896cc3a61c98aa1e5a0aa66f597f65dfc90a7c6bcbd82644ed8c51ded33e1340d51e676809631d5382ede58947b21bb7f132afbf1c386d3349b335cc898e475651f1b089daa9e2c07b8e76fc3c71f61d6e7fadd98b2dc9c51e18225798464de485026ffb95b04c4c2aa638b27f3190141f086806627b72110a716ce75cd0bb8e8d2d50182e92f7f8a2d53237d169d00cde4e8622c6137acc4a3f32763fb4d88d3b4c857314048dbd283df1fa19d23ad37d62bdd33708ca5917e5f1f2d9a18414455ed0e6c73786cd39c8ac98bf2ff26a05b2e33e06d0a5070ad0920307ce8e91d7493ca621337e71a21067b3e30d2cb3937a481acd26b8d79f30c75662b4b2771e4d437aa0de0318a75213eb08e340710fa83424f480a9ae29899d5981375d165afc83b48167ebd4d905bc295b1a76bdf2ff6ca308969e58bedd109cf5a6fd0a17174e66edb203ba0d3e0ccdfbfaf6de35d6dc0e06bc9f1190e702ca653e80f56bfe37e89fed66feac52201af13ac87f13e24204c9a7f46554d05abfc88aca791bccbd885370b91d03a9d1617a2d052112778ecac2c85b8df05dc1a35452051ac8ec03c2c349f51307c4873452a3e5b626e6aec7fe0440f4f3ab90765beca4385d1abd22983cab1bd106ff0bb5e8ace5857b20", 0x1000}}, 0x1006)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r6, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r4, 0x40000000)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x1, 0xd59f83, 0x7, 0x42, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba3, 0x9, 0x0, {0x8, 0xffffffff}, 0xd0, 0x9}})

182.690982ms ago: executing program 0 (id=917):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
recvmmsg(r0, &(0x7f00000002c0), 0x220, 0x100, 0x0) (fail_nth: 1)

46.138021ms ago: executing program 2 (id=918):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0xa5)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x101082, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r1, &(0x7f0000000100)='./file1\x00', r1, &(0x7f0000000240)='./file0\x00', 0x0)
setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x2)
unlink(&(0x7f00000002c0)='./file0\x00')
timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080), 0x101080, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
ftruncate(r2, 0xc17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000080)=0x9, 0x8, 0x2)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18ffffff7f006b6288740000fedfff10850000000700000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @void}, 0x10)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
mmap$xdp(&(0x7f00008c9000/0x1000)=nil, 0x1000, 0x1000000, 0x810, r1, 0x180000000)
creat(&(0x7f00000002c0)='./file0\x00', 0x51)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)

0s ago: executing program 0 (id=919):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000002140)={0x2020, 0x0, <r5=>0x0}, 0x2020)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000b80)=ANY=[@ANYBLOB="66643dda5c99a0f6da454c09ccf402ebd8adca633869330ed6be180baebb43bbce3df0eb8f3b0a1045e4a535000400001f3572495ba12303d926688abdb5bb96e69e949894ada499907792f5986b8378797452713a797f2203e9940408670f4b8a5cfee4a2832850ab0f06efcdb34093c1673a9285fd9ea59930265ff2420a2d92c88ce92e4ae2e820a9d8657d6f1a7caec68fbbf234ca980b274d8cb9cb631949330001f086d7af6e9ab5bbcd2a302720b455718b7a274a1e8c87f0087f8bbbbc347b07134703a6224ba758d647cedc86921dd4ee9b07dac0dfa25c79c908e7e7d07db25fa57b602e18f05124a267ea8607a071f6538e95679934cbedb25565afd1cea49769a82dddb5b1c4f1b7b8e9c9e416a6efaf35aaa39c60eadef4613b9bbf4485e327c9089d4d776e5f379d761340a3e8b31ebf4404649f71209f8f5c0e307bff98e2b68db1c757f729c9cdd4cf97b5242302c703229f2166b981b147b700e695073c2db10c4a30139291f80aac4f68604af3af3a622344d58306cf0a8c086bba9505e5b87c1bd207618c243cbe79181fcae8ca51ee096dab0b9ee816f069b7dcf6bb00000000000000000000a8b820e26e192dabbddff4efb6bc088d5bd04ea6c3051b1abc8ca705abcdab64f2d3a0f7cf1d5dfcc9164dbae8a7851406b539fa85d2d8cf179ce9fd5835ba96c9374d36869ff1983991c4699ffa6ab4905b0d0fd9d54318e74c555c3282ad67c8821dbddf323361071d96b14ea8e8aca44f52758c1671ad8aac40f65f543f731265238f", @ANYRESHEX=r3, @ANYRESOCT=r4, @ANYRESDEC=0x0, @ANYRESDEC=r5, @ANYRESDEC=0x0, @ANYBLOB])
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x2e, 0x4, 0x0, {0x4, 0x1, 0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2e)
read$FUSE(r3, &(0x7f0000002140)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000080)={0x50, 0x0, r6, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2}}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x6c)
syz_fuse_handle_req(r3, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
timerfd_settime(r1, 0x0, &(0x7f0000000600)={{0x77359400}, {0x0, 0x989680}}, 0x0)
recvmmsg(r0, &(0x7f00000002c0), 0x220, 0x100, 0x0)

kernel console output (not intermixed with test programs):

th: hci3: Opcode 0x0c1a failed: -4
[  157.033935][ T7744] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  157.135334][ T7755] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  157.162079][ T7755] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  157.289335][   T40] audit: type=1804 audit(1771489439.840:125): pid=7759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.450" name="/newroot/104/bus/bus" dev="overlay" ino=777 res=1 errno=0
[  157.313106][   T40] audit: type=1804 audit(1771489439.870:126): pid=7759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.450" name="/newroot/104/bus/bus" dev="overlay" ino=777 res=1 errno=0
[  157.343675][ T6274] usb usb40-port1: attempt power cycle
[  157.671953][ T7768] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  157.674106][ T7768] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  157.677142][ T7768] vhci_hcd vhci_hcd.0: Device attached
[  157.988697][ T6274] usb usb40-port1: unable to enumerate USB device
[  158.244058][ T7769] vhci_hcd: connection closed
[  158.244265][  T154] vhci_hcd vhci_hcd.2: stop threads
[  158.247653][  T154] vhci_hcd vhci_hcd.2: release socket
[  158.249447][  T154] vhci_hcd vhci_hcd.2: disconnect device
[  158.528952][ T7772] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  158.531540][ T7772] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  158.535954][ T7772] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  158.809573][   T40] audit: type=1804 audit(1771489441.360:127): pid=7793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.458" name="/newroot/121/bus/bus" dev="overlay" ino=901 res=1 errno=0
[  159.216480][ T7804] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  159.219773][ T7804] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  159.482055][  T841] usb 42-1: device descriptor read/8, error -110
[  159.590217][ T7801] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  159.592732][ T7801] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  159.595549][ T7801] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  159.872854][  T841] usb usb42-port1: attempt power cycle
[  160.018090][ T7819] overlay: Unknown parameter '/'
[  160.102073][ T7821] overlayfs: missing 'workdir'
[  160.342941][ T7825] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  160.345150][ T7825] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  160.348288][ T7825] vhci_hcd vhci_hcd.0: Device attached
[  160.442630][  T841] usb usb42-port1: unable to enumerate USB device
[  160.611997][   T24] usb 40-1: SetAddress Request (18) to port 0
[  160.617717][   T24] usb 40-1: new SuperSpeed USB device number 18 using vhci_hcd
[  160.806252][ T7839] 9pnet_virtio: no channels available for device syz
[  161.092153][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  161.642017][ T5946] Bluetooth: hci3: command 0x0c1a tx timeout
[  161.652023][ T5946] Bluetooth: hci2: command 0x0c1a tx timeout
[  161.672972][ T7826] vhci_hcd: connection reset by peer
[  161.677982][  T766] vhci_hcd vhci_hcd.1: stop threads
[  161.680323][  T766] vhci_hcd vhci_hcd.1: release socket
[  161.691357][  T766] vhci_hcd vhci_hcd.1: disconnect device
[  161.710811][ T7841] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  161.714550][ T7841] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  162.201922][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  162.201935][   T40] audit: type=1804 audit(1771489444.730:132): pid=7854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.472" name="/newroot/118/bus/bus" dev="overlay" ino=914 res=1 errno=0
[  162.210983][   T40] audit: type=1804 audit(1771489444.740:133): pid=7854 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.472" name="/newroot/118/bus/bus" dev="overlay" ino=914 res=1 errno=0
[  162.272641][ T7855] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  162.275416][ T7855] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  162.279998][ T7855] vhci_hcd vhci_hcd.0: Device attached
[  162.598336][ T7848] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  162.600758][ T7848] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  162.603566][ T7848] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  162.782278][  T828] usb 44-1: SetAddress Request (14) to port 0
[  162.784454][  T828] usb 44-1: new SuperSpeed USB device number 14 using vhci_hcd
[  162.916090][ T7867] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  162.918872][ T7867] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  162.941631][ T7867] vhci_hcd vhci_hcd.0: Device attached
[  163.064566][   T40] audit: type=1804 audit(1771489445.610:134): pid=7866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.474" name="/newroot/123/bus/bus" dev="overlay" ino=920 res=1 errno=0
[  163.071317][   T40] audit: type=1804 audit(1771489445.610:135): pid=7866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.474" name="/newroot/123/bus/bus" dev="overlay" ino=920 res=1 errno=0
[  163.082466][   T40] audit: type=1800 audit(1771489445.620:136): pid=7866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.474" name="bus" dev="overlay" ino=920 res=0 errno=0
[  163.141771][ T7872] overlayfs: missing 'lowerdir'
[  163.297845][ T7856] vhci_hcd: connection reset by peer
[  163.303509][ T1140] vhci_hcd vhci_hcd.3: stop threads
[  163.306894][ T1140] vhci_hcd vhci_hcd.3: release socket
[  163.309049][ T1140] vhci_hcd vhci_hcd.3: disconnect device
[  163.332000][   T50] usb 38-1: SetAddress Request (14) to port 0
[  163.334246][   T50] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  163.689720][ T7868] vhci_hcd: connection reset by peer
[  163.692622][  T101] vhci_hcd vhci_hcd.0: stop threads
[  163.694316][  T101] vhci_hcd vhci_hcd.0: release socket
[  163.696088][  T101] vhci_hcd vhci_hcd.0: disconnect device
[  164.066757][ T7882] overlayfs: missing 'lowerdir'
[  164.125638][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  164.557041][ T7895] overlayfs: missing 'lowerdir'
[  164.681955][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[  164.684784][ T5946] Bluetooth: hci2: command 0x0c1a tx timeout
[  165.039081][ T7889] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  165.042100][ T7889] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  165.050063][ T7889] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  165.236395][   T40] audit: type=1804 audit(1771489447.790:137): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.483" name="/newroot/112/bus/bus" dev="overlay" ino=837 res=1 errno=0
[  165.452035][   T40] audit: type=1804 audit(1771489447.790:138): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.483" name="/newroot/112/bus/bus" dev="overlay" ino=837 res=1 errno=0
[  165.461036][   T40] audit: type=1800 audit(1771489447.790:139): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.483" name="bus" dev="overlay" ino=837 res=0 errno=0
[  165.731966][   T24] usb 40-1: device descriptor read/8, error -110
[  165.763558][   T40] audit: type=1804 audit(1771489448.320:140): pid=7916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.484" name="/newroot/122/bus/bus" dev="overlay" ino=948 res=1 errno=0
[  165.775721][   T40] audit: type=1804 audit(1771489448.330:141): pid=7916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.484" name="/newroot/122/bus/bus" dev="overlay" ino=948 res=1 errno=0
[  166.123264][   T24] usb usb40-port1: attempt power cycle
[  166.170880][ T7923] overlayfs: missing 'lowerdir'
[  166.277684][ T7925] overlayfs: missing 'lowerdir'
[  166.361931][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  166.686487][   T24] usb usb40-port1: unable to enumerate USB device
[  167.082764][ T5935] Bluetooth: hci2: command 0x0c1a tx timeout
[  167.084954][ T5946] Bluetooth: hci3: command 0x0c1a tx timeout
[  167.897572][  T828] usb 44-1: device descriptor read/8, error -110
[  168.117568][ T7942] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  168.119675][ T7942] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  168.121652][ T7942] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  168.361957][   T50] usb 38-1: device descriptor read/8, error -110
[  168.748353][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  168.748364][   T40] audit: type=1804 audit(1771489451.300:145): pid=7972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.499" name="/newroot/129/bus/bus" dev="overlay" ino=973 res=1 errno=0
[  168.762300][   T40] audit: type=1804 audit(1771489451.310:146): pid=7972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.499" name="/newroot/129/bus/bus" dev="overlay" ino=973 res=1 errno=0
[  168.762392][  T828] usb usb44-port1: attempt power cycle
[  168.771540][   T40] audit: type=1800 audit(1771489451.320:147): pid=7972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.499" name="bus" dev="overlay" ino=973 res=0 errno=0
[  168.792947][   T50] usb usb38-port1: attempt power cycle
[  168.912179][ T7974] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  168.914800][ T7974] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  168.918211][ T7974] vhci_hcd vhci_hcd.0: Device attached
[  168.977108][   T40] audit: type=1804 audit(1771489451.530:148): pid=7977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.500" name="/newroot/125/bus/bus" dev="overlay" ino=973 res=1 errno=0
[  169.038579][   T40] audit: type=1804 audit(1771489451.530:149): pid=7977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.500" name="/newroot/125/bus/bus" dev="overlay" ino=973 res=1 errno=0
[  169.132002][  T828] usb 44-1: SetAddress Request (16) to port 0
[  169.134519][  T828] usb 44-1: new SuperSpeed USB device number 16 using vhci_hcd
[  169.197878][   T40] audit: type=1800 audit(1771489451.530:150): pid=7977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.500" name="bus" dev="overlay" ino=973 res=0 errno=0
[  169.401891][ T7982] overlayfs: overlapping lowerdir path
[  169.431761][ T7982] overlayfs: missing 'workdir'
[  169.475874][ T7975] vhci_hcd: connection reset by peer
[  169.478082][ T1166] vhci_hcd vhci_hcd.3: stop threads
[  169.480292][ T1166] vhci_hcd vhci_hcd.3: release socket
[  169.482421][ T1166] vhci_hcd vhci_hcd.3: disconnect device
[  169.485006][   T50] usb usb38-port1: unable to enumerate USB device
[  169.572831][ T7985] syzkaller0: entered promiscuous mode
[  169.574758][ T7985] syzkaller0: entered allmulticast mode
[  169.583607][ T7985] tipc: Started in network mode
[  169.585610][ T7985] tipc: Node identity 76553fb6392f, cluster identity 4711
[  169.588786][ T7985] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  169.592615][ T7984] tipc: Resetting bearer <eth:syzkaller0>
[  169.611432][ T7984] tipc: Disabling bearer <eth:syzkaller0>
[  169.643414][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  169.930342][ T7994] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  169.933176][ T7994] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  169.940718][ T7994] vhci_hcd vhci_hcd.0: Device attached
[  170.028914][ T7997] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  170.031735][ T7997] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  170.132474][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[  170.134456][ T5946] Bluetooth: hci2: command 0x0c1a tx timeout
[  170.183115][ T7997] vhci_hcd vhci_hcd.0: Device attached
[  170.212359][   T50] usb 42-1: SetAddress Request (18) to port 0
[  170.216632][   T50] usb 42-1: new SuperSpeed USB device number 18 using vhci_hcd
[  170.451959][   T34] usb 40-1: SetAddress Request (22) to port 0
[  170.454223][   T34] usb 40-1: new SuperSpeed USB device number 22 using vhci_hcd
[  171.341994][ T7998] vhci_hcd: connection reset by peer
[  171.345551][   T54] vhci_hcd vhci_hcd.1: stop threads
[  171.347295][   T54] vhci_hcd vhci_hcd.1: release socket
[  171.349308][ T7995] vhci_hcd: connection reset by peer
[  171.363207][   T54] vhci_hcd vhci_hcd.1: disconnect device
[  171.365311][   T54] vhci_hcd vhci_hcd.2: stop threads
[  171.367022][   T54] vhci_hcd vhci_hcd.2: release socket
[  171.372143][   T54] vhci_hcd vhci_hcd.2: disconnect device
[  171.478264][   T40] audit: type=1804 audit(1771489454.030:151): pid=8011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.507" name="/newroot/120/bus/bus" dev="overlay" ino=899 res=1 errno=0
[  171.487200][   T40] audit: type=1804 audit(1771489454.040:152): pid=8011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.507" name="/newroot/120/bus/bus" dev="overlay" ino=899 res=1 errno=0
[  171.496649][   T40] audit: type=1800 audit(1771489454.050:153): pid=8011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.507" name="bus" dev="overlay" ino=899 res=0 errno=0
[  172.152679][   T40] audit: type=1804 audit(1771489454.710:155): pid=8022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.510" name="/newroot/133/bus/bus" dev="overlay" ino=1002 res=1 errno=0
[  173.093418][ T8034] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  173.105453][ T8034] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  173.131609][ T8034] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  173.961750][ T5946] Bluetooth: hci2: unexpected event for opcode 0x0406
[  174.023816][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  174.023830][   T40] audit: type=1804 audit(1771489456.580:164): pid=8044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.517" name="/newroot/122/bus/file0" dev="overlay" ino=919 res=1 errno=0
[  174.185061][   T40] audit: type=1804 audit(1771489456.740:165): pid=8034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.515" name="/newroot/134/bus/file0" dev="overlay" ino=1017 res=1 errno=0
[  174.202280][  T828] usb 44-1: device descriptor read/8, error -110
[  174.213622][   T40] audit: type=1804 audit(1771489456.770:166): pid=8034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.515" name="/newroot/134/bus/file0" dev="overlay" ino=1017 res=1 errno=0
[  174.250062][ T8053] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  174.253127][ T8053] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  174.280448][ T8053] vhci_hcd vhci_hcd.0: Device attached
[  174.413885][   T40] audit: type=1804 audit(1771489456.970:167): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.521" name="/newroot/135/bus/bus" dev="overlay" ino=1031 res=1 errno=0
[  174.429280][   T40] audit: type=1804 audit(1771489456.980:168): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.521" name="/newroot/135/bus/bus" dev="overlay" ino=1031 res=1 errno=0
[  174.439441][   T40] audit: type=1800 audit(1771489456.980:169): pid=8061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.521" name="bus" dev="overlay" ino=1031 res=0 errno=0
[  174.622484][  T828] usb usb44-port1: unable to enumerate USB device
[  174.921142][ T8054] vhci_hcd: connection closed
[  174.921552][ T1140] vhci_hcd vhci_hcd.2: stop threads
[  174.924828][ T1140] vhci_hcd vhci_hcd.2: release socket
[  174.927746][ T1140] vhci_hcd vhci_hcd.2: disconnect device
[  174.950950][   T40] audit: type=1804 audit(1771489457.500:170): pid=8067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.522" name="/newroot/131/bus/bus" dev="overlay" ino=999 res=1 errno=0
[  175.067794][ T8056] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  175.069914][ T8056] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  175.072138][ T8056] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  175.259712][ T8073] KVM: debugfs: duplicate directory 8073-5
[  175.321985][   T50] usb 42-1: device descriptor read/8, error -110
[  175.437512][ T8075] overlayfs: missing 'lowerdir'
[  175.479670][ T8077] KVM: debugfs: duplicate directory 8077-5
[  175.482861][ T8077] FAULT_INJECTION: forcing a failure.
[  175.482861][ T8077] name failslab, interval 1, probability 0, space 0, times 0
[  175.486435][ T8077] CPU: 2 UID: 0 PID: 8077 Comm: syz.1.526 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  175.486453][ T8077] Tainted: [L]=SOFTLOCKUP
[  175.486457][ T8077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  175.486463][ T8077] Call Trace:
[  175.486467][ T8077]  <TASK>
[  175.486472][ T8077]  dump_stack_lvl+0x100/0x190
[  175.486490][ T8077]  should_fail_ex.cold+0x5/0xa
[  175.486502][ T8077]  should_failslab+0xc2/0x120
[  175.486519][ T8077]  __kmalloc_cache_noprof+0x7a/0x6f0
[  175.486532][ T8077]  ? kvm_uevent_notify_change.part.0+0x94/0x450
[  175.486548][ T8077]  kvm_uevent_notify_change.part.0+0x94/0x450
[  175.486562][ T8077]  ? __pfx_kvm_vm_release+0x10/0x10
[  175.486573][ T8077]  kvm_put_kvm+0xe4/0xb10
[  175.486583][ T8077]  ? lockdep_hardirqs_on+0x78/0x100
[  175.486596][ T8077]  ? _raw_spin_unlock_irq+0x2e/0x50
[  175.486607][ T8077]  ? __pfx_kvm_vm_release+0x10/0x10
[  175.486618][ T8077]  kvm_vm_release+0x3c/0x50
[  175.486628][ T8077]  __fput+0x3ff/0xb40
[  175.486642][ T8077]  fput_close_sync+0x118/0x250
[  175.486654][ T8077]  ? __pfx_fput_close_sync+0x10/0x10
[  175.486669][ T8077]  __ia32_sys_close+0x8b/0x120
[  175.486682][ T8077]  __do_fast_syscall_32+0xe3/0x8c0
[  175.486697][ T8077]  do_fast_syscall_32+0x32/0x70
[  175.486709][ T8077]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  175.486723][ T8077] RIP: 0023:0xf70bef6c
[  175.486731][ T8077] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  175.486741][ T8077] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000006
[  175.486751][ T8077] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000
[  175.486757][ T8077] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  175.486763][ T8077] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  175.486769][ T8077] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  175.486775][ T8077] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  175.486787][ T8077]  </TASK>
[  175.492090][   T34] usb 40-1: device descriptor read/8, error -110
[  175.792482][   T50] usb usb42-port1: attempt power cycle
[  175.882149][ T8081] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  175.884358][ T8081] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  175.886464][ T8081] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  175.982028][   T40] audit: type=1804 audit(1771489458.480:171): pid=8087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.529" name="/newroot/130/bus/bus" dev="overlay" ino=1025 res=1 errno=0
[  175.990779][   T40] audit: type=1804 audit(1771489458.490:172): pid=8087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.529" name="/newroot/130/bus/bus" dev="overlay" ino=1025 res=1 errno=0
[  175.992243][   T34] usb usb40-port1: attempt power cycle
[  175.999335][   T40] audit: type=1800 audit(1771489458.490:173): pid=8087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.529" name="bus" dev="overlay" ino=1025 res=0 errno=0
[  176.393106][ T5946] Bluetooth: hci1: unexpected event for opcode 0x0406
[  176.474667][   T50] usb usb42-port1: unable to enumerate USB device
[  176.608483][ T8096] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  176.610619][ T8096] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  176.625533][ T8096] vhci_hcd vhci_hcd.0: Device attached
[  176.752011][   T34] usb 40-1: SetAddress Request (25) to port 0
[  176.754647][   T34] usb 40-1: new SuperSpeed USB device number 25 using vhci_hcd
[  177.345565][ T8097] vhci_hcd: connection reset by peer
[  177.348965][   T54] vhci_hcd vhci_hcd.1: stop threads
[  177.351232][   T54] vhci_hcd vhci_hcd.1: release socket
[  177.353790][   T54] vhci_hcd vhci_hcd.1: disconnect device
[  177.961988][ T5946] Bluetooth: hci2: command 0x0c1a tx timeout
[  177.962005][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[  178.070134][ T8117] FAULT_INJECTION: forcing a failure.
[  178.070134][ T8117] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.127830][ T8117] CPU: 3 UID: 0 PID: 8117 Comm: syz.0.537 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  178.127849][ T8117] Tainted: [L]=SOFTLOCKUP
[  178.127853][ T8117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  178.127859][ T8117] Call Trace:
[  178.127863][ T8117]  <TASK>
[  178.127868][ T8117]  dump_stack_lvl+0x100/0x190
[  178.127887][ T8117]  should_fail_ex.cold+0x5/0xa
[  178.127900][ T8117]  _copy_from_user+0x2e/0xd0
[  178.127916][ T8117]  get_compat_msghdr+0xb3/0x4b0
[  178.127928][ T8117]  ? __pfx_get_compat_msghdr+0x10/0x10
[  178.127943][ T8117]  ___sys_sendmsg+0x1b6/0x1e0
[  178.127960][ T8117]  ? __pfx____sys_sendmsg+0x10/0x10
[  178.128012][ T8117]  __sys_sendmsg+0x170/0x220
[  178.128024][ T8117]  ? __pfx___sys_sendmsg+0x10/0x10
[  178.128039][ T8117]  ? __pfx_ksys_write+0x10/0x10
[  178.128058][ T8117]  __do_fast_syscall_32+0xe3/0x8c0
[  178.128073][ T8117]  do_fast_syscall_32+0x32/0x70
[  178.128086][ T8117]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  178.128099][ T8117] RIP: 0023:0xf70bef6c
[  178.128108][ T8117] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  178.128118][ T8117] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  178.128128][ T8117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000540
[  178.128135][ T8117] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000
[  178.128141][ T8117] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  178.128146][ T8117] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  178.128152][ T8117] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  178.128165][ T8117]  </TASK>
[  178.683876][ T8127] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  178.688487][ T8127] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  178.694920][ T8127] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  178.992026][ T5946] Bluetooth: hci2: unexpected event for opcode 0x0406
[  179.077513][ T5946] Bluetooth: hci3: unexpected event for opcode 0x6505
[  179.267415][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  179.267427][   T40] audit: type=1804 audit(1771489461.820:184): pid=8150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.546" name="/newroot/135/bus/bus" dev="overlay" ino=1078 res=1 errno=0
[  179.278596][   T40] audit: type=1804 audit(1771489461.830:185): pid=8150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.546" name="/newroot/135/bus/bus" dev="overlay" ino=1078 res=1 errno=0
[  179.345167][ T8151] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  179.347871][ T8151] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  179.362169][ T8151] vhci_hcd vhci_hcd.0: Device attached
[  180.001253][   T40] audit: type=1804 audit(1771489462.550:186): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.547" name="/newroot/136/bus/bus" dev="overlay" ino=1042 res=1 errno=0
[  180.021644][   T40] audit: type=1804 audit(1771489462.560:187): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.547" name="/newroot/136/bus/bus" dev="overlay" ino=1042 res=1 errno=0
[  180.122058][ T8152] vhci_hcd: connection closed
[  180.125076][  T154] vhci_hcd vhci_hcd.1: stop threads
[  180.128840][  T154] vhci_hcd vhci_hcd.1: release socket
[  180.130876][  T154] vhci_hcd vhci_hcd.1: disconnect device
[  180.222077][   T40] audit: type=1800 audit(1771489462.560:188): pid=8159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.547" name="bus" dev="overlay" ino=1042 res=0 errno=0
[  180.451941][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  181.231273][ T8165] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  181.234102][ T8165] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  181.237983][ T8165] vhci_hcd vhci_hcd.0: Device attached
[  181.511995][   T24] usb 42-1: SetAddress Request (22) to port 0
[  181.514780][   T24] usb 42-1: new SuperSpeed USB device number 22 using vhci_hcd
[  181.627882][ T8175] overlayfs: overlapping lowerdir path
[  181.669585][ T8171] vhci_hcd: connection reset by peer
[  181.671606][  T154] vhci_hcd vhci_hcd.2: stop threads
[  181.673384][  T154] vhci_hcd vhci_hcd.2: release socket
[  181.675170][  T154] vhci_hcd vhci_hcd.2: disconnect device
[  181.801965][   T34] usb 40-1: device descriptor read/8, error -110
[  181.912152][   T34] usb usb40-port1: unable to enumerate USB device
[  182.286730][ T8183] FAULT_INJECTION: forcing a failure.
[  182.286730][ T8183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  182.291827][ T8183] CPU: 0 UID: 0 PID: 8183 Comm: syz.2.553 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  182.291854][ T8183] Tainted: [L]=SOFTLOCKUP
[  182.291859][ T8183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  182.291869][ T8183] Call Trace:
[  182.291875][ T8183]  <TASK>
[  182.291882][ T8183]  dump_stack_lvl+0x100/0x190
[  182.291910][ T8183]  should_fail_ex.cold+0x5/0xa
[  182.291946][ T8183]  _copy_from_user+0x2e/0xd0
[  182.291973][ T8183]  move_addr_to_kernel+0x65/0x170
[  182.291996][ T8183]  __sys_sendto+0x1c9/0x520
[  182.292012][ T8183]  ? __pfx___sys_sendto+0x10/0x10
[  182.292035][ T8183]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  182.292064][ T8183]  ? fput+0x79/0x100
[  182.292081][ T8183]  ? ksys_write+0x1ac/0x250
[  182.292106][ T8183]  __ia32_sys_sendto+0xdd/0x1b0
[  182.292121][ T8183]  ? __do_fast_syscall_32+0x94/0x8c0
[  182.292139][ T8183]  ? lockdep_hardirqs_on+0x78/0x100
[  182.292156][ T8183]  __do_fast_syscall_32+0xe3/0x8c0
[  182.292176][ T8183]  do_fast_syscall_32+0x32/0x70
[  182.292195][ T8183]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  182.292214][ T8183] RIP: 0023:0xf703ef6c
[  182.292227][ T8183] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  182.292242][ T8183] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000171
[  182.292264][ T8183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  182.292275][ T8183] RDX: 000000000000fce0 RSI: 0000000000000004 RDI: 0000000080000140
[  182.292284][ T8183] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[  182.292294][ T8183] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  182.292303][ T8183] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  182.292324][ T8183]  </TASK>
[  182.435351][ T5946] Bluetooth: hci3: unexpected event for opcode 0x0406
[  182.600225][   T40] audit: type=1804 audit(1771489465.150:189): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.556" name="/newroot/132/bus/bus" dev="overlay" ino=999 res=1 errno=0
[  182.607268][   T40] audit: type=1804 audit(1771489465.150:190): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.556" name="/newroot/132/bus/bus" dev="overlay" ino=999 res=1 errno=0
[  182.614400][   T40] audit: type=1800 audit(1771489465.150:191): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.556" name="bus" dev="overlay" ino=999 res=0 errno=0
[  182.805078][   T40] audit: type=1804 audit(1771489465.360:192): pid=8196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.557" name="/newroot/138/bus/bus" dev="overlay" ino=1061 res=1 errno=0
[  182.822551][   T40] audit: type=1804 audit(1771489465.360:193): pid=8196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.557" name="/newroot/138/bus/bus" dev="overlay" ino=1061 res=1 errno=0
[  183.002190][ T5946] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  183.005055][ T5946] Bluetooth: hci2: Injecting HCI hardware error event
[  183.008444][ T5946] Bluetooth: hci2: hardware error 0x00
[  183.431709][ T8204] overlayfs: failed to resolve './file0': -2
[  183.492207][ T8204] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  183.494477][ T8204] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  184.175769][ T8225] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  184.177897][ T8225] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  184.221335][ T8225] vhci_hcd vhci_hcd.0: Device attached
[  184.501814][  T841] usb 44-1: SetAddress Request (18) to port 0
[  184.501955][  T841] usb 44-1: new SuperSpeed USB device number 18 using vhci_hcd
[  184.695149][ T8226] vhci_hcd: connection reset by peer
[  184.740107][   T54] vhci_hcd vhci_hcd.3: stop threads
[  184.740772][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  184.740783][   T40] audit: type=1804 audit(1771489467.270:198): pid=8233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.565" name="/newroot/141/bus/bus" dev="overlay" ino=1135 res=1 errno=0
[  184.742438][   T54] vhci_hcd vhci_hcd.3: release socket
[  184.742530][   T54] vhci_hcd vhci_hcd.3: disconnect device
[  184.744437][   T40] audit: type=1804 audit(1771489467.270:199): pid=8233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.565" name="/newroot/141/bus/bus" dev="overlay" ino=1135 res=1 errno=0
[  184.763523][   T40] audit: type=1800 audit(1771489467.270:200): pid=8233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.565" name="bus" dev="overlay" ino=1135 res=0 errno=0
[  184.862844][ T5935] Bluetooth: hci2: unexpected event for opcode 0x0406
[  184.969961][   T40] audit: type=1800 audit(1771489467.520:201): pid=8240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.567" name="bus" dev="overlay" ino=1127 res=0 errno=0
[  185.081925][ T5946] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  185.393316][   T40] audit: type=1804 audit(1771489467.950:202): pid=8244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.568" name="/newroot/136/bus/bus" dev="overlay" ino=1041 res=1 errno=0
[  185.461963][   T40] audit: type=1804 audit(1771489467.970:203): pid=8244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.568" name="/newroot/136/bus/bus" dev="overlay" ino=1041 res=1 errno=0
[  185.661997][ T5946] Bluetooth: hci3: command 0x0c1a tx timeout
[  185.664804][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  185.809512][ T8253] overlayfs: failed to resolve './file0': -2
[  186.013581][ T8257] overlayfs: overlapping lowerdir path
[  186.273298][   T40] audit: type=1800 audit(1771489468.830:204): pid=8262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.572" name="bus" dev="overlay" ino=1055 res=0 errno=0
[  186.292290][ T8249] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  186.294961][ T8249] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  186.471064][   T40] audit: type=1800 audit(1771489469.020:205): pid=8269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.573" name="bus" dev="overlay" ino=1091 res=0 errno=0
[  186.530463][   T40] audit: type=1800 audit(1771489469.070:206): pid=8270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.574" name="bus" dev="overlay" ino=1157 res=0 errno=0
[  186.611956][   T24] usb 42-1: device descriptor read/8, error -110
[  187.012908][   T24] usb usb42-port1: attempt power cycle
[  187.085402][ T8272] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  187.089433][ T8272] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  187.278430][   T40] audit: type=1804 audit(1771489469.830:207): pid=8276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.576" name="/newroot/139/bus/bus" dev="overlay" ino=1079 res=1 errno=0
[  187.594142][   T24] usb usb42-port1: unable to enumerate USB device
[  187.642007][ T8282] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  187.644745][ T8282] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  187.648437][ T8282] vhci_hcd vhci_hcd.0: Device attached
[  187.881973][ T5935] Bluetooth: hci1: command 0x0c1a tx timeout
[  187.931988][   T34] usb 42-1: SetAddress Request (26) to port 0
[  187.933967][   T34] usb 42-1: new SuperSpeed USB device number 26 using vhci_hcd
[  188.031538][ T8289] FAULT_INJECTION: forcing a failure.
[  188.031538][ T8289] name failslab, interval 1, probability 0, space 0, times 0
[  188.037755][ T8289] CPU: 3 UID: 0 PID: 8289 Comm: syz.0.580 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  188.037772][ T8289] Tainted: [L]=SOFTLOCKUP
[  188.037776][ T8289] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  188.037783][ T8289] Call Trace:
[  188.037787][ T8289]  <TASK>
[  188.037792][ T8289]  dump_stack_lvl+0x100/0x190
[  188.037811][ T8289]  should_fail_ex.cold+0x5/0xa
[  188.037823][ T8289]  ? tomoyo_realpath_from_path+0xb6/0x690
[  188.037834][ T8289]  should_failslab+0xc2/0x120
[  188.037852][ T8289]  __kmalloc_noprof+0xe0/0x850
[  188.037869][ T8289]  tomoyo_realpath_from_path+0xb6/0x690
[  188.037883][ T8289]  tomoyo_path_number_perm+0x23c/0x580
[  188.037898][ T8289]  ? tomoyo_path_number_perm+0x22e/0x580
[  188.037914][ T8289]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  188.037944][ T8289]  ? find_held_lock+0x2b/0x80
[  188.037960][ T8289]  ? hook_file_ioctl_common+0x146/0x410
[  188.037976][ T8289]  ? __fget_files+0x215/0x3d0
[  188.037994][ T8289]  ? __fget_files+0x21f/0x3d0
[  188.038011][ T8289]  security_file_ioctl_compat+0xd3/0x230
[  188.038028][ T8289]  __ia32_compat_sys_ioctl+0xc2/0x360
[  188.038044][ T8289]  __do_fast_syscall_32+0xe3/0x8c0
[  188.038059][ T8289]  do_fast_syscall_32+0x32/0x70
[  188.038072][ T8289]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.038085][ T8289] RIP: 0023:0xf70bef6c
[  188.038094][ T8289] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  188.038105][ T8289] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  188.038115][ T8289] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  188.038122][ T8289] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  188.038127][ T8289] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.038133][ T8289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  188.038139][ T8289] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.038158][ T8289]  </TASK>
[  188.038165][ T8289] ERROR: Out of memory at tomoyo_realpath_from_path.
[  188.362082][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[  189.022943][ T8283] vhci_hcd: connection reset by peer
[  189.112276][   T12] vhci_hcd vhci_hcd.2: stop threads
[  189.113982][   T12] vhci_hcd vhci_hcd.2: release socket
[  189.121905][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  189.562515][  T841] usb 44-1: device descriptor read/8, error -110
[  189.638408][ T8310] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.885035][ T8313] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  189.887585][ T8313] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  189.952750][  T841] usb usb44-port1: attempt power cycle
[  190.521021][ T8310] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.522397][  T841] usb usb44-port1: unable to enumerate USB device
[  190.577384][ T8310] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.658991][ T8310] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.747778][  T766] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.758135][  T766] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.773056][  T154] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.783761][  T766] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.370858][ T5935] Bluetooth: hci3: unexpected event for opcode 0x0406
[  191.397971][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  191.397985][   T40] audit: type=1804 audit(1771489473.950:215): pid=8313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.585" name="/newroot/150/bus/file0" dev="overlay" ino=1155 res=1 errno=0
[  191.415639][   T40] audit: type=1804 audit(1771489473.970:216): pid=8313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.585" name="/newroot/150/bus/file0" dev="overlay" ino=1155 res=1 errno=0
[  191.473161][ T8325] overlayfs: overlapping lowerdir path
[  191.730971][   T40] audit: type=1804 audit(1771489474.280:217): pid=8335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.590" name="/newroot/147/bus/bus" dev="overlay" ino=1126 res=1 errno=0
[  191.904331][ T8341] overlayfs: missing 'lowerdir'
[  191.962733][ T5935] Bluetooth: hci1: command 0x0c1a tx timeout
[  192.066119][   T40] audit: type=1804 audit(1771489474.620:218): pid=8345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.594" name="/newroot/147/bus/bus" dev="overlay" ino=1191 res=1 errno=0
[  192.077930][   T40] audit: type=1804 audit(1771489474.630:219): pid=8345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.594" name="/newroot/147/bus/bus" dev="overlay" ino=1191 res=1 errno=0
[  192.089559][   T40] audit: type=1800 audit(1771489474.630:220): pid=8345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.594" name="bus" dev="overlay" ino=1191 res=0 errno=0
[  192.657339][ T8349] netlink: 32 bytes leftover after parsing attributes in process `syz.0.595'.
[  193.002067][   T34] usb 42-1: device descriptor read/8, error -110
[  193.402910][   T34] usb usb42-port1: attempt power cycle
[  193.717901][ T8360] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  193.720709][ T8360] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  193.884068][   T40] audit: type=1326 audit(1771489476.440:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.602" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000
[  193.926581][   T40] audit: type=1326 audit(1771489476.450:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.602" exe="/syz-executor" sig=0 arch=40000003 syscall=70 compat=1 ip=0xf703ef6c code=0x7ffc0000
[  193.962729][   T34] usb usb42-port1: unable to enumerate USB device
[  193.996804][   T40] audit: type=1326 audit(1771489476.450:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.602" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000
[  194.022379][   T40] audit: type=1326 audit(1771489476.450:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.602" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000
[  194.432706][ T8383] 9pnet_virtio: no channels available for device syz
[  195.082006][ T5935] Bluetooth: hci1: command 0x0c1a tx timeout
[  195.475403][ T8395] overlayfs: missing 'workdir'
[  195.722058][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[  195.795319][ T8403] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  195.797415][ T8403] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  195.800506][ T8403] vhci_hcd vhci_hcd.0: Device attached
[  196.242428][ T8408] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  196.245403][ T8408] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  196.252050][  T841] usb 44-1: SetAddress Request (22) to port 0
[  196.254854][  T841] usb 44-1: new SuperSpeed USB device number 22 using vhci_hcd
[  196.372040][ T8404] vhci_hcd: connection reset by peer
[  196.373971][   T12] vhci_hcd vhci_hcd.3: stop threads
[  196.375680][   T12] vhci_hcd vhci_hcd.3: release socket
[  196.377556][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  196.810528][ T8424] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  196.813242][ T8424] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  196.821310][ T8424] vhci_hcd vhci_hcd.0: Device attached
[  197.091960][   T34] usb 38-1: SetAddress Request (18) to port 0
[  197.096944][   T34] usb 38-1: new SuperSpeed USB device number 18 using vhci_hcd
[  197.456247][ T8425] vhci_hcd: connection reset by peer
[  197.487873][ T8423] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  197.490793][ T8423] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  197.581660][   T54] vhci_hcd vhci_hcd.0: stop threads
[  197.583721][   T54] vhci_hcd vhci_hcd.0: release socket
[  197.585974][   T54] vhci_hcd vhci_hcd.0: disconnect device
[  197.654490][ T5935] Bluetooth: hci3: unexpected event for opcode 0x0406
[  198.341919][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  198.341932][   T40] audit: type=1804 audit(1771489480.880:234): pid=8446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.620" name="/newroot/157/bus/bus" dev="overlay" ino=1282 res=1 errno=0
[  198.354392][   T40] audit: type=1804 audit(1771489480.880:235): pid=8446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.620" name="/newroot/157/bus/bus" dev="overlay" ino=1282 res=1 errno=0
[  198.363187][   T40] audit: type=1800 audit(1771489480.880:236): pid=8446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.620" name="bus" dev="overlay" ino=1282 res=0 errno=0
[  198.745599][ T8453] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  198.748013][ T8453] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  198.792544][ T8453] vhci_hcd vhci_hcd.0: Device attached
[  198.853284][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  198.857863][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  198.942024][ T5935] Bluetooth: hci1: command 0x0c1a tx timeout
[  199.332807][ T8459] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  199.335031][ T8459] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  199.338526][ T8459] vhci_hcd vhci_hcd.0: Device attached
[  199.636954][   T40] audit: type=1804 audit(1771489482.160:237): pid=8468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.623" name="/newroot/157/bus/bus" dev="overlay" ino=1211 res=1 errno=0
[  199.646062][   T40] audit: type=1804 audit(1771489482.170:238): pid=8468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.623" name="/newroot/157/bus/bus" dev="overlay" ino=1211 res=1 errno=0
[  199.658571][   T40] audit: type=1800 audit(1771489482.170:239): pid=8468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.623" name="bus" dev="overlay" ino=1211 res=0 errno=0
[  199.755002][ T8469] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.137229][ T8469] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.271636][ T8469] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.531905][ T8454] vhci_hcd: connection closed
[  200.532108][   T54] vhci_hcd vhci_hcd.0: stop threads
[  200.537144][   T54] vhci_hcd vhci_hcd.0: release socket
[  200.539548][   T54] vhci_hcd vhci_hcd.0: disconnect device
[  200.550891][ T8469] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  200.582681][ T8460] vhci_hcd: connection closed
[  200.583071][   T54] vhci_hcd vhci_hcd.3: stop threads
[  200.587481][   T54] vhci_hcd vhci_hcd.3: release socket
[  200.589911][   T54] vhci_hcd vhci_hcd.3: disconnect device
[  200.661902][ T1140] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  200.670715][ T1140] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  200.680206][ T1140] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  200.691305][ T1140] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  201.146117][ T8481] overlayfs: failed to resolve './file0': -2
[  201.218495][   T40] audit: type=1804 audit(1771489483.770:240): pid=8483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.626" name="/newroot/158/bus/bus" dev="overlay" ino=1225 res=1 errno=0
[  201.225111][   T40] audit: type=1804 audit(1771489483.770:241): pid=8483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.626" name="/newroot/158/bus/bus" dev="overlay" ino=1225 res=1 errno=0
[  201.231421][   T40] audit: type=1800 audit(1771489483.770:242): pid=8483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.626" name="bus" dev="overlay" ino=1225 res=0 errno=0
[  201.332148][  T841] usb 44-1: device descriptor read/8, error -110
[  201.617591][   T40] audit: type=1804 audit(1771489484.100:243): pid=8493 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.628" name="/newroot/150/bus/bus" dev="overlay" ino=1149 res=1 errno=0
[  201.722158][ T5935] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  201.725908][ T5935] Bluetooth: hci3: Injecting HCI hardware error event
[  201.730987][ T5946] Bluetooth: hci3: hardware error 0x00
[  201.739605][  T841] usb usb44-port1: attempt power cycle
[  202.044599][ T8479] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  202.122161][   T34] usb 38-1: device descriptor read/8, error -110
[  202.323583][ T8502] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  202.326352][ T8502] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  202.331157][ T8502] vhci_hcd vhci_hcd.0: Device attached
[  202.341085][  T841] usb usb44-port1: unable to enumerate USB device
[  202.566384][   T34] usb usb38-port1: attempt power cycle
[  202.804688][   T10] usb 40-1: SetAddress Request (26) to port 0
[  202.807045][   T10] usb 40-1: new SuperSpeed USB device number 26 using vhci_hcd
[  202.940250][ T8503] vhci_hcd: connection reset by peer
[  202.944356][  T154] vhci_hcd vhci_hcd.1: stop threads
[  202.946061][  T154] vhci_hcd vhci_hcd.1: release socket
[  202.947840][  T154] vhci_hcd vhci_hcd.1: disconnect device
[  203.122489][   T34] usb usb38-port1: unable to enumerate USB device
[  203.321997][ T5935] Bluetooth: hci1: command 0x0c1a tx timeout
[  203.881922][ T5946] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  204.771918][ T8527] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  204.812543][ T8540] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  204.815181][ T8540] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  204.819489][ T8540] vhci_hcd vhci_hcd.0: Device attached
[  205.103497][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  205.103510][   T40] audit: type=1804 audit(1771489487.600:252): pid=8550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.641" name="/newroot/161/bus/bus" dev="overlay" ino=1249 res=1 errno=0
[  205.113370][   T40] audit: type=1804 audit(1771489487.600:253): pid=8550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.641" name="/newroot/161/bus/bus" dev="overlay" ino=1249 res=1 errno=0
[  205.251951][   T40] audit: type=1804 audit(1771489487.730:254): pid=8555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.642" name="/newroot/164/bus/bus" dev="overlay" ino=1343 res=1 errno=0
[  205.262163][   T40] audit: type=1804 audit(1771489487.730:255): pid=8555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.642" name="/newroot/164/bus/bus" dev="overlay" ino=1343 res=1 errno=0
[  205.275906][   T40] audit: type=1800 audit(1771489487.730:256): pid=8555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.642" name="bus" dev="overlay" ino=1343 res=0 errno=0
[  205.307295][   T34] usb 38-1: SetAddress Request (22) to port 0
[  205.309522][   T34] usb 38-1: new SuperSpeed USB device number 22 using vhci_hcd
[  205.613669][ T8545] vhci_hcd: connection reset by peer
[  205.615660][  T154] vhci_hcd vhci_hcd.0: stop threads
[  205.617293][  T154] vhci_hcd vhci_hcd.0: release socket
[  205.619099][  T154] vhci_hcd vhci_hcd.0: disconnect device
[  205.954067][   T40] audit: type=1804 audit(1771489488.500:257): pid=8561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.643" name="/newroot/162/bus/bus" dev="overlay" ino=1263 res=1 errno=0
[  205.972008][   T40] audit: type=1804 audit(1771489488.500:258): pid=8561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.643" name="/newroot/162/bus/bus" dev="overlay" ino=1263 res=1 errno=0
[  205.978603][   T40] audit: type=1800 audit(1771489488.500:259): pid=8561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.643" name="bus" dev="overlay" ino=1263 res=0 errno=0
[  206.201909][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  206.831044][ T8567] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  207.748979][ T8595] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  207.751055][ T8595] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  207.754104][ T8595] vhci_hcd vhci_hcd.0: Device attached
[  207.763370][ T8589] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  207.957616][   T40] audit: type=1800 audit(1771489490.510:260): pid=8601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.652" name="bus" dev="overlay" ino=1367 res=0 errno=0
[  207.964104][   T10] usb 40-1: device descriptor read/8, error -110
[  208.041931][   T50] usb 44-1: SetAddress Request (26) to port 0
[  208.044223][   T50] usb 44-1: new SuperSpeed USB device number 26 using vhci_hcd
[  208.159680][   T40] audit: type=1804 audit(1771489490.710:261): pid=8605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.651" name="/newroot/164/bus/bus" dev="overlay" ino=1283 res=1 errno=0
[  208.362369][   T10] usb usb40-port1: attempt power cycle
[  208.943276][   T10] usb usb40-port1: unable to enumerate USB device
[  209.201954][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  210.134211][ T8608] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.168095][ T8596] vhci_hcd: connection reset by peer
[  210.170162][  T101] vhci_hcd vhci_hcd.3: stop threads
[  210.172459][  T101] vhci_hcd vhci_hcd.3: release socket
[  210.174799][  T101] vhci_hcd vhci_hcd.3: disconnect device
[  210.194833][ T8608] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.286173][ T8608] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.369008][ T8608] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  210.372063][   T34] usb 38-1: device descriptor read/8, error -110
[  210.436383][  T101] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.443831][  T154] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.450771][  T154] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.510775][  T154] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.772793][   T34] usb usb38-port1: attempt power cycle
[  210.890086][ T8640] overlayfs: overlapping lowerdir path
[  211.030554][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  211.030596][   T40] audit: type=1804 audit(1771489493.580:264): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.664" name="/newroot/157/bus/bus" dev="overlay" ino=1212 res=1 errno=0
[  211.039182][   T40] audit: type=1804 audit(1771489493.590:265): pid=8648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.664" name="/newroot/157/bus/bus" dev="overlay" ino=1212 res=1 errno=0
[  211.373058][   T34] usb usb38-port1: unable to enumerate USB device
[  211.697331][   T40] audit: type=1804 audit(1771489494.190:266): pid=8657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.666" name="/newroot/169/bus/bus" dev="overlay" ino=1318 res=1 errno=0
[  211.706510][   T40] audit: type=1804 audit(1771489494.190:267): pid=8657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.666" name="/newroot/169/bus/bus" dev="overlay" ino=1318 res=1 errno=0
[  211.715644][   T40] audit: type=1800 audit(1771489494.190:268): pid=8657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.666" name="bus" dev="overlay" ino=1318 res=0 errno=0
[  211.880440][   T40] audit: type=1804 audit(1771489494.200:269): pid=8656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.665" name="/newroot/167/bus/bus" dev="overlay" ino=1287 res=1 errno=0
[  211.887599][   T40] audit: type=1804 audit(1771489494.210:270): pid=8656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.665" name="/newroot/167/bus/bus" dev="overlay" ino=1287 res=1 errno=0
[  211.894474][   T40] audit: type=1800 audit(1771489494.210:271): pid=8656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.665" name="bus" dev="overlay" ino=1287 res=0 errno=0
[  212.014973][   T40] audit: type=1804 audit(1771489494.570:272): pid=8663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.667" name="/newroot/158/bus/file0" dev="overlay" ino=1227 res=1 errno=0
[  212.023229][   T40] audit: type=1804 audit(1771489494.580:273): pid=8663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.667" name="/newroot/158/bus/file0" dev="overlay" ino=1227 res=1 errno=0
[  212.769420][ T8662] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  212.870872][ T8673] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  212.873008][ T8673] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  212.875739][ T8673] vhci_hcd vhci_hcd.0: Device attached
[  213.082761][   T50] usb 44-1: device descriptor read/8, error -110
[  213.141926][   T34] usb 38-1: SetAddress Request (26) to port 0
[  213.142449][ T8671] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  213.143935][   T34] usb 38-1: new SuperSpeed USB device number 26 using vhci_hcd
[  213.146013][ T8671] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  213.146094][ T8671] vhci_hcd vhci_hcd.0: Device attached
[  213.297996][ T8678] vhci_hcd: connection reset by peer
[  213.303516][ T1140] vhci_hcd vhci_hcd.0: stop threads
[  213.305867][ T1140] vhci_hcd vhci_hcd.0: release socket
[  213.308316][ T1140] vhci_hcd vhci_hcd.0: disconnect device
[  213.411967][ T7403] usb 40-1: SetAddress Request (30) to port 0
[  213.415009][ T7403] usb 40-1: new SuperSpeed USB device number 30 using vhci_hcd
[  213.459312][ T8689] vhci_hcd: connection reset by peer
[  213.461372][   T12] vhci_hcd vhci_hcd.1: stop threads
[  213.463226][   T12] vhci_hcd vhci_hcd.1: release socket
[  213.465077][   T12] vhci_hcd vhci_hcd.1: disconnect device
[  213.472878][   T50] usb usb44-port1: attempt power cycle
[  213.814156][ T8687] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  214.106306][   T50] usb usb44-port1: unable to enumerate USB device
[  214.685871][ T8712] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.898770][ T8712] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.052376][ T8712] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.132690][ T8712] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.171970][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  215.253995][  T101] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  215.278813][  T101] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.363077][ T1140] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.521946][ T1140] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.873822][ T8715] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  216.094395][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  216.094410][   T40] audit: type=1804 audit(1771489498.650:282): pid=8715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.680" name="/newroot/163/bus/file0" dev="overlay" ino=1289 res=1 errno=0
[  216.125502][   T40] audit: type=1800 audit(1771489498.680:283): pid=8725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.683" name="bus" dev="overlay" ino=1320 res=0 errno=0
[  216.157631][ T8723] overlayfs: overlapping lowerdir path
[  216.179298][   T40] audit: type=1804 audit(1771489498.730:284): pid=8715 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.680" name="/newroot/163/bus/file0" dev="overlay" ino=1289 res=1 errno=0
[  216.336407][ T8728] overlayfs: missing 'lowerdir'
[  216.926724][ T8729] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  216.981961][   T40] audit: type=1804 audit(1771489499.520:285): pid=8740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.686" name="/newroot/171/bus/bus" dev="overlay" ino=1334 res=1 errno=0
[  216.999856][   T40] audit: type=1804 audit(1771489499.520:286): pid=8740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.686" name="/newroot/171/bus/bus" dev="overlay" ino=1334 res=1 errno=0
[  217.007713][   T40] audit: type=1800 audit(1771489499.520:287): pid=8740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.686" name="bus" dev="overlay" ino=1334 res=0 errno=0
[  217.336411][ T8749] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  217.339090][ T8749] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  217.342758][ T8749] vhci_hcd vhci_hcd.0: Device attached
[  217.480033][ T8753] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  217.482790][ T8753] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  217.517405][ T8753] vhci_hcd vhci_hcd.0: Device attached
[  217.802056][ T5936] usb 44-1: SetAddress Request (30) to port 0
[  217.804502][ T5936] usb 44-1: new SuperSpeed USB device number 30 using vhci_hcd
[  218.153278][   T40] audit: type=1804 audit(1771489500.700:288): pid=8766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.692" name="/newroot/174/bus/bus" dev="overlay" ino=1436 res=1 errno=0
[  218.161776][   T40] audit: type=1804 audit(1771489500.700:289): pid=8766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.692" name="/newroot/174/bus/bus" dev="overlay" ino=1436 res=1 errno=0
[  218.177520][   T40] audit: type=1800 audit(1771489500.700:290): pid=8766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.692" name="bus" dev="overlay" ino=1436 res=0 errno=0
[  218.202015][   T34] usb 38-1: device descriptor read/8, error -110
[  218.281912][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  218.303460][ T8768] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  218.305864][ T8768] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  218.325072][ T8768] vhci_hcd vhci_hcd.0: Device attached
[  218.496255][   T34] usb 38-1: SetAddress Request (27) to port 0
[  218.498244][   T34] usb 38-1: new SuperSpeed USB device number 27 using vhci_hcd
[  218.886179][ T8769] vhci_hcd: connection reset by peer
[  218.892300][  T766] vhci_hcd vhci_hcd.0: stop threads
[  218.898407][  T766] vhci_hcd vhci_hcd.0: release socket
[  218.907796][  T766] vhci_hcd vhci_hcd.0: disconnect device
[  218.988307][ T8754] vhci_hcd: connection reset by peer
[  218.990417][  T766] vhci_hcd vhci_hcd.3: stop threads
[  218.993085][  T766] vhci_hcd vhci_hcd.3: release socket
[  218.995495][  T766] vhci_hcd vhci_hcd.3: disconnect device
[  219.022468][ T8772] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  219.028473][ T8751] vhci_hcd: connection reset by peer
[  219.030942][   T54] vhci_hcd vhci_hcd.1: stop threads
[  219.032772][   T54] vhci_hcd vhci_hcd.1: release socket
[  219.034565][ T7403] usb 40-1: device descriptor read/8, error -110
[  219.039589][   T54] vhci_hcd vhci_hcd.1: disconnect device
[  219.063830][   T40] audit: type=1804 audit(1771489501.620:291): pid=8772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.693" name="/newroot/175/bus/file0" dev="overlay" ino=1451 res=1 errno=0
[  219.442891][ T7403] usb usb40-port1: attempt power cycle
[  219.885333][ T8793] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  219.960791][ T8793] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.042344][ T7403] usb usb40-port1: unable to enumerate USB device
[  220.061706][ T8793] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.174448][ T8793] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  220.305156][ T8781] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  220.318176][  T101] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  220.366312][  T101] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  220.372723][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  220.394247][ T1140] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  220.652387][ T8808] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  221.249346][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  221.249358][   T40] audit: type=1804 audit(1771489503.800:296): pid=8808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.702" name="/newroot/176/bus/file0" dev="overlay" ino=1387 res=1 errno=0
[  221.264881][   T40] audit: type=1804 audit(1771489503.820:297): pid=8808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.702" name="/newroot/176/bus/file0" dev="overlay" ino=1387 res=1 errno=0
[  221.704751][ T8826] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.801926][ T8826] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.862911][   T40] audit: type=1804 audit(1771489504.080:298): pid=8825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.705" name="/newroot/168/bus/bus" dev="overlay" ino=1323 res=1 errno=0
[  221.870211][   T40] audit: type=1804 audit(1771489504.090:299): pid=8825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.705" name="/newroot/168/bus/bus" dev="overlay" ino=1323 res=1 errno=0
[  221.962891][ T8826] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.022841][   T40] audit: type=1804 audit(1771489504.580:300): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.703" name="/newroot/178/bus/bus" dev="overlay" ino=1380 res=1 errno=0
[  222.053361][ T8826] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.192136][   T46] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.249632][   T46] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.251939][   T40] audit: type=1804 audit(1771489504.710:301): pid=8829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.703" name="/newroot/178/bus/bus" dev="overlay" ino=1380 res=1 errno=0
[  222.261748][   T54] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.275732][   T54] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.681911][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  222.922201][ T5936] usb 44-1: device descriptor read/8, error -110
[  223.136906][   T40] audit: type=1804 audit(1771489505.690:302): pid=8839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.706" name="/newroot/178/bus/bus" dev="overlay" ino=1406 res=1 errno=0
[  223.145479][   T40] audit: type=1804 audit(1771489505.690:303): pid=8839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.706" name="/newroot/178/bus/bus" dev="overlay" ino=1406 res=1 errno=0
[  223.172803][   T40] audit: type=1800 audit(1771489505.690:304): pid=8839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.706" name="bus" dev="overlay" ino=1406 res=0 errno=0
[  223.332448][ T5936] usb usb44-port1: attempt power cycle
[  223.571911][   T34] usb 38-1: device descriptor read/8, error -110
[  223.614966][   T40] audit: type=1804 audit(1771489506.170:305): pid=8852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.710" name="/newroot/180/bus/bus" dev="overlay" ino=1494 res=1 errno=0
[  223.644354][ T8853] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  223.646575][ T8853] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  223.649519][ T8853] vhci_hcd vhci_hcd.0: Device attached
[  223.692157][   T34] usb usb38-port1: attempt power cycle
[  223.751966][ T5936] usb 44-1: SetAddress Request (33) to port 0
[  223.754879][ T5936] usb 44-1: new SuperSpeed USB device number 33 using vhci_hcd
[  223.872637][ T8838] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  224.058101][ T8863] FAULT_INJECTION: forcing a failure.
[  224.058101][ T8863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  224.081965][ T8863] CPU: 2 UID: 0 PID: 8863 Comm: syz.1.713 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  224.081996][ T8863] Tainted: [L]=SOFTLOCKUP
[  224.082002][ T8863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.082012][ T8863] Call Trace:
[  224.082019][ T8863]  <TASK>
[  224.082026][ T8863]  dump_stack_lvl+0x100/0x190
[  224.082056][ T8863]  should_fail_ex.cold+0x5/0xa
[  224.082078][ T8863]  _copy_from_user+0x2e/0xd0
[  224.082105][ T8863]  get_compat_msghdr+0xb3/0x4b0
[  224.082124][ T8863]  ? __pfx_get_compat_msghdr+0x10/0x10
[  224.082151][ T8863]  ___sys_sendmsg+0x1b6/0x1e0
[  224.082179][ T8863]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.082230][ T8863]  __sys_sendmsg+0x170/0x220
[  224.082250][ T8863]  ? __pfx___sys_sendmsg+0x10/0x10
[  224.082276][ T8863]  ? __pfx_ksys_write+0x10/0x10
[  224.082307][ T8863]  __do_fast_syscall_32+0xe3/0x8c0
[  224.082331][ T8863]  do_fast_syscall_32+0x32/0x70
[  224.082352][ T8863]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  224.082373][ T8863] RIP: 0023:0xf70bef6c
[  224.082387][ T8863] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  224.082403][ T8863] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  224.082420][ T8863] RAX: ffffffffffffffda RBX: 000000000000001f RCX: 0000000080000200
[  224.082431][ T8863] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  224.082440][ T8863] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  224.082451][ T8863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.082460][ T8863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  224.082482][ T8863]  </TASK>
[  224.252876][   T34] usb usb38-port1: unable to enumerate USB device
[  224.371451][ T8854] vhci_hcd: connection reset by peer
[  224.377319][  T766] vhci_hcd vhci_hcd.3: stop threads
[  224.379052][  T766] vhci_hcd vhci_hcd.3: release socket
[  224.381281][  T766] vhci_hcd vhci_hcd.3: disconnect device
[  224.402386][ T8868] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  224.898294][ T8881] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  224.900431][ T8881] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  224.910577][ T8881] vhci_hcd vhci_hcd.0: Device attached
[  225.192601][   T24] usb 40-1: SetAddress Request (34) to port 0
[  225.194624][   T24] usb 40-1: new SuperSpeed USB device number 34 using vhci_hcd
[  225.525288][ T8883] vhci_hcd: connection reset by peer
[  225.527178][   T12] vhci_hcd vhci_hcd.1: stop threads
[  225.528895][   T12] vhci_hcd vhci_hcd.1: release socket
[  225.530747][   T12] vhci_hcd vhci_hcd.1: disconnect device
[  226.249160][ T8891] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  227.094066][ T8916] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  227.872216][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  227.872228][   T40] audit: type=1804 audit(1771489510.430:311): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.726" name="/newroot/184/bus/file0" dev="overlay" ino=1441 res=1 errno=0
[  228.023253][   T40] audit: type=1804 audit(1771489510.570:312): pid=8915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.726" name="/newroot/184/bus/file0" dev="overlay" ino=1441 res=1 errno=0
[  228.842087][ T5936] usb 44-1: device descriptor read/8, error -110
[  228.970034][ T5936] usb usb44-port1: unable to enumerate USB device
[  229.503101][ T8946] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  229.505286][ T8946] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  229.514411][ T8947] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  229.516911][ T8947] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  229.519967][ T8947] vhci_hcd vhci_hcd.0: Device attached
[  229.578668][ T8946] vhci_hcd vhci_hcd.0: Device attached
[  229.793383][ T8938] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  229.842056][ T5936] usb 42-1: SetAddress Request (30) to port 0
[  229.842093][ T5936] usb 42-1: new SuperSpeed USB device number 30 using vhci_hcd
[  230.225220][ T8950] vhci_hcd: connection closed
[  230.231962][   T54] vhci_hcd vhci_hcd.1: stop threads
[  230.235927][   T54] vhci_hcd vhci_hcd.1: release socket
[  230.238201][   T54] vhci_hcd vhci_hcd.1: disconnect device
[  230.282051][   T24] usb 40-1: device descriptor read/8, error -110
[  230.343187][ T8949] vhci_hcd: connection reset by peer
[  230.345161][ T1166] vhci_hcd vhci_hcd.2: stop threads
[  230.346906][ T1166] vhci_hcd vhci_hcd.2: release socket
[  230.348764][ T1166] vhci_hcd vhci_hcd.2: disconnect device
[  230.462321][ T8967] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  230.465123][ T8967] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  230.471420][ T8967] vhci_hcd vhci_hcd.0: Device attached
[  230.702907][   T24] usb usb40-port1: attempt power cycle
[  230.762034][ T6222] usb 38-1: SetAddress Request (30) to port 0
[  230.769118][ T6222] usb 38-1: new SuperSpeed USB device number 30 using vhci_hcd
[  231.084519][ T8968] vhci_hcd: connection reset by peer
[  231.087778][ T1140] vhci_hcd vhci_hcd.0: stop threads
[  231.089507][ T1140] vhci_hcd vhci_hcd.0: release socket
[  231.091326][ T1140] vhci_hcd vhci_hcd.0: disconnect device
[  231.141940][   T39] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  231.292616][   T24] usb usb40-port1: unable to enumerate USB device
[  231.325314][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.329944][   T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.334320][   T39] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  231.339763][   T39] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  231.343916][   T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.351237][   T39] usb 6-1: config 0 descriptor??
[  231.763169][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.765886][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.768440][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.771046][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.773930][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.776517][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.779114][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.781702][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.784446][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.787031][   T39] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  231.800900][   T39] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  231.858979][   T40] audit: type=1804 audit(1771489514.360:313): pid=8990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.746" name="/newroot/176/bus/bus" dev="overlay" ino=1380 res=1 errno=0
[  231.872539][ T8981] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  231.872614][   T40] audit: type=1804 audit(1771489514.370:314): pid=8991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.745" name="/newroot/189/bus/bus" dev="overlay" ino=1506 res=1 errno=0
[  231.902466][   T40] audit: type=1804 audit(1771489514.380:315): pid=8990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.746" name="/newroot/176/bus/bus" dev="overlay" ino=1380 res=1 errno=0
[  231.910053][   T40] audit: type=1804 audit(1771489514.380:316): pid=8991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.745" name="/newroot/189/bus/bus" dev="overlay" ino=1506 res=1 errno=0
[  232.175038][ T8998] FAULT_INJECTION: forcing a failure.
[  232.175038][ T8998] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.223586][ T8998] CPU: 0 UID: 0 PID: 8998 Comm: syz.1.742 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  232.223606][ T8998] Tainted: [L]=SOFTLOCKUP
[  232.223609][ T8998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  232.223616][ T8998] Call Trace:
[  232.223620][ T8998]  <TASK>
[  232.223625][ T8998]  dump_stack_lvl+0x100/0x190
[  232.223644][ T8998]  should_fail_ex.cold+0x5/0xa
[  232.223657][ T8998]  _copy_to_user+0x32/0xd0
[  232.223675][ T8998]  simple_read_from_buffer+0xcb/0x170
[  232.223691][ T8998]  proc_fail_nth_read+0x1af/0x230
[  232.223703][ T8998]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.223715][ T8998]  ? rw_verify_area+0xce/0x6d0
[  232.223729][ T8998]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  232.223740][ T8998]  vfs_read+0x1e4/0xb30
[  232.223757][ T8998]  ? __pfx_vfs_read+0x10/0x10
[  232.223770][ T8998]  ? find_held_lock+0x2b/0x80
[  232.223787][ T8998]  ? __fget_files+0x215/0x3d0
[  232.223805][ T8998]  ? __fget_files+0x21f/0x3d0
[  232.223828][ T8998]  ksys_read+0x12a/0x250
[  232.223844][ T8998]  ? __pfx_ksys_read+0x10/0x10
[  232.223862][ T8998]  do_int80_emulation+0x141/0x6b0
[  232.223877][ T8998]  asm_int80_emulation+0x1a/0x20
[  232.223888][ T8998] RIP: 0023:0xf71f5b6b
[  232.223897][ T8998] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  232.223907][ T8998] RSP: 002b:00000000f548c4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  232.223918][ T8998] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f548c5d0
[  232.223924][ T8998] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  232.223930][ T8998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  232.223936][ T8998] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  232.223942][ T8998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  232.223955][ T8998]  </TASK>
[  232.234899][ T6274] usb 6-1: USB disconnect, device number 2
[  232.385019][ T8992] fido_id[8992]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb6/report_descriptor': No such file or directory
[  232.612708][ T9001] overlayfs: overlapping lowerdir path
[  232.703470][ T9001] overlayfs: missing 'lowerdir'
[  232.778917][   T40] audit: type=1804 audit(1771489515.330:317): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.751" name="/newroot/192/bus/bus" dev="tmpfs" ino=1523 res=1 errno=0
[  233.075780][ T9021] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  233.078542][ T9021] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  233.086777][ T9021] vhci_hcd vhci_hcd.0: Device attached
[  233.158039][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  233.789907][ T9022] vhci_hcd: connection closed
[  233.790495][  T766] vhci_hcd vhci_hcd.0: stop threads
[  233.795186][  T766] vhci_hcd vhci_hcd.0: release socket
[  233.797431][  T766] vhci_hcd vhci_hcd.0: disconnect device
[  233.936652][ T9027] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.053815][ T9027] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.190165][ T9027] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.324058][ T9027] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.626176][  T766] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  234.735368][   T46] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  234.808161][  T101] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  234.815607][  T101] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.921986][ T5936] usb 42-1: device descriptor read/8, error -110
[  235.280612][ T9030] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  235.322859][ T5936] usb usb42-port1: attempt power cycle
[  235.640662][ T9039] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.705507][ T9039] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.745184][ T9039] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  235.803000][ T6222] usb 38-1: device descriptor read/8, error -110
[  235.926073][ T9039] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.041714][   T54] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.044952][   T54] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.047563][   T54] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.050164][   T54] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.611969][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  236.623981][ T6222] usb usb38-port1: attempt power cycle
[  237.081935][ T5946] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  237.151024][ T5936] usb usb42-port1: unable to enumerate USB device
[  237.158663][ T9059] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.169004][   T40] audit: type=1804 audit(1771489519.720:318): pid=9057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.763" name="/newroot/191/bus/bus" dev="tmpfs" ino=1520 res=1 errno=0
[  237.313742][ T6222] usb usb38-port1: unable to enumerate USB device
[  237.552561][ T9059] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.378356][ T9059] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.433415][ T9068] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  238.436229][ T9068] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  238.445094][ T9068] vhci_hcd vhci_hcd.0: Device attached
[  238.491358][ T9059] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.731984][ T5936] usb 40-1: SetAddress Request (38) to port 0
[  238.734610][ T5936] usb 40-1: new SuperSpeed USB device number 38 using vhci_hcd
[  239.216736][ T9070] vhci_hcd: connection reset by peer
[  239.219693][ T1166] vhci_hcd vhci_hcd.1: stop threads
[  239.222379][ T1166] vhci_hcd vhci_hcd.1: release socket
[  239.224776][ T1166] vhci_hcd vhci_hcd.1: disconnect device
[  240.902211][ T9098] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  240.904317][ T9098] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  240.945980][ T9098] vhci_hcd vhci_hcd.0: Device attached
[  241.222012][ T7403] usb 44-1: SetAddress Request (34) to port 0
[  241.223975][ T7403] usb 44-1: new SuperSpeed USB device number 34 using vhci_hcd
[  241.241289][ T9100] vhci_hcd: connection closed
[  241.241407][ T1140] vhci_hcd vhci_hcd.3: stop threads
[  241.246536][ T1140] vhci_hcd vhci_hcd.3: release socket
[  241.248765][ T1140] vhci_hcd vhci_hcd.3: disconnect device
[  241.564907][  T101] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.579719][  T101] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.587076][  T101] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.594287][  T101] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.919614][   T40] audit: type=1804 audit(1771489524.420:319): pid=9110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.776" name="/newroot/198/bus/bus" dev="tmpfs" ino=1567 res=1 errno=0
[  241.943379][   T40] audit: type=1804 audit(1771489524.500:320): pid=9109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.775" name="/newroot/197/bus/bus" dev="tmpfs" ino=1596 res=1 errno=0
[  242.750910][ T9123] tmpfs: Unknown parameter 'hash'
[  242.774170][ T9120] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  243.811963][ T5936] usb 40-1: device descriptor read/8, error -110
[  243.812304][ T9136] fuse: Bad value for 'fd'
[  244.051890][   T40] audit: type=1804 audit(1771489526.590:321): pid=9150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.785" name="/newroot/185/bus/bus" dev="tmpfs" ino=1431 res=1 errno=0
[  244.141380][   T40] audit: type=1804 audit(1771489526.640:322): pid=9152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.788" name="/newroot/198/bus/bus" dev="tmpfs" ino=1580 res=1 errno=0
[  244.226422][ T5936] usb usb40-port1: attempt power cycle
[  244.374510][   T40] audit: type=1804 audit(1771489526.860:323): pid=9158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.787" name="/newroot/201/bus" dev="tmpfs" ino=1589 res=1 errno=0
[  244.852074][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  244.872535][ T5936] usb usb40-port1: unable to enumerate USB device
[  245.131875][ T9167] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  245.140775][ T9170] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  245.143110][ T9170] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  245.145861][ T9170] vhci_hcd vhci_hcd.0: Device attached
[  245.228477][   T40] audit: type=1804 audit(1771489527.780:324): pid=9167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.791" name="/newroot/202/bus/file0" dev="overlay" ino=1604 res=1 errno=0
[  245.248816][   T40] audit: type=1804 audit(1771489527.800:325): pid=9167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.791" name="/newroot/202/bus/file0" dev="overlay" ino=1604 res=1 errno=0
[  245.422541][ T6040] usb 38-1: SetAddress Request (34) to port 0
[  245.424824][ T6040] usb 38-1: new SuperSpeed USB device number 34 using vhci_hcd
[  245.821964][ T5936] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  245.870336][ T9171] vhci_hcd: connection reset by peer
[  245.872730][ T1166] vhci_hcd vhci_hcd.0: stop threads
[  245.874994][ T1166] vhci_hcd vhci_hcd.0: release socket
[  245.877418][ T1166] vhci_hcd vhci_hcd.0: disconnect device
[  245.955579][ T9183] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  245.958452][ T9183] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  245.962092][ T9183] vhci_hcd vhci_hcd.0: Device attached
[  245.994443][ T5936] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  245.998444][ T5936] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  246.003007][ T5936] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  246.006077][ T5936] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.019932][ T9178] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  246.028330][ T5936] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  246.231987][   T24] usb 42-1: SetAddress Request (34) to port 0
[  246.234521][   T24] usb 42-1: new SuperSpeed USB device number 34 using vhci_hcd
[  246.281983][ T7403] usb 44-1: device descriptor read/8, error -110
[  246.551950][ T9184] vhci_hcd: connection reset by peer
[  246.554446][ T1166] vhci_hcd vhci_hcd.2: stop threads
[  246.556214][ T1166] vhci_hcd vhci_hcd.2: release socket
[  246.558182][ T1166] vhci_hcd vhci_hcd.2: disconnect device
[  246.681930][ T5936] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  246.834456][ T5936] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  246.838102][ T5936] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  246.842753][ T5936] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  246.846546][ T5936] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x42, changing to 0x2
[  246.851133][ T5936] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  246.856008][ T5936] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  246.861534][ T5936] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  246.866112][ T5936] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  246.869511][ T5936] usb 6-1: Product: syz
[  246.871299][ T5936] usb 6-1: Manufacturer: syz
[  246.880642][ T5936] cdc_wdm 6-1:1.0: skipping garbage
[  246.883113][ T5936] cdc_wdm 6-1:1.0: skipping garbage
[  246.885495][ T5936] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  247.002255][ T7403] usb usb44-port1: attempt power cycle
[  247.045052][   T29] usb 8-1: USB disconnect, device number 2
[  247.162012][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  247.336479][   T40] audit: type=1804 audit(1771489529.890:326): pid=9201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.797" name="/newroot/188/bus" dev="tmpfs" ino=1450 res=1 errno=0
[  247.387017][   T40] audit: type=1804 audit(1771489529.920:327): pid=9203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.798" name="/newroot/202/bus/bus" dev="overlay" ino=1631 res=1 errno=0
[  247.395121][   T40] audit: type=1804 audit(1771489529.930:328): pid=9203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.798" name="/newroot/202/bus/bus" dev="overlay" ino=1631 res=1 errno=0
[  247.602593][ T7403] usb usb44-port1: unable to enumerate USB device
[  247.653580][   T40] audit: type=1800 audit(1771489529.930:329): pid=9203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.798" name="bus" dev="overlay" ino=1631 res=0 errno=0
[  247.771093][   T40] audit: type=1804 audit(1771489530.320:330): pid=9209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.799" name="/newroot/201/bus" dev="tmpfs" ino=1599 res=1 errno=0
[  248.667965][ T9221] batman_adv: batadv0: Adding interface: gretap1
[  248.670371][ T9221] batman_adv: batadv0: Interface activated: gretap1
[  249.397462][ T9223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.804'.
[  249.463172][ T9227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.805'.
[  249.471936][ T9227] vlan2: entered allmulticast mode
[  249.473787][ T9227] vlan0: entered allmulticast mode
[  249.475634][ T9227] veth0_vlan: entered allmulticast mode
[  249.533740][   T60] usb 6-1: USB disconnect, device number 3
[  249.926160][ T9239] overlayfs: failed to resolve './file1': -2
[  250.002904][ T9239] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  250.422255][   T40] audit: type=1804 audit(1771489532.970:331): pid=9251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.809" name="/newroot/204/bus" dev="tmpfs" ino=1644 res=1 errno=0
[  250.541901][ T6040] usb 38-1: device descriptor read/8, error -110
[  250.701644][ T9252] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  250.704054][ T9252] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  250.718426][ T9252] vhci_hcd vhci_hcd.0: Device attached
[  250.781917][ T6040] usb 38-1: SetAddress Request (35) to port 0
[  250.783913][ T6040] usb 38-1: new SuperSpeed USB device number 35 using vhci_hcd
[  251.322281][   T24] usb 42-1: device descriptor read/8, error -110
[  251.348564][ T9260] loop9: detected capacity change from 0 to 7
[  251.356983][ T8849] Dev loop9: unable to read RDB block 7
[  251.359453][ T8849]  loop9: AHDI p2 p3
[  251.361128][ T8849] loop9: partition table partially beyond EOD, truncated
[  251.366370][ T8849] loop9: p2 size 1701016946 extends beyond EOD, truncated
[  251.379074][ T9260] Dev loop9: unable to read RDB block 7
[  251.382269][ T9260]  loop9: AHDI p2 p3
[  251.383987][ T9260] loop9: partition table partially beyond EOD, truncated
[  251.387602][ T9260] loop9: p2 size 1701016946 extends beyond EOD, truncated
[  251.504578][ T9179] udevd[9179]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory
[  251.524360][ T9265] ALSA: mixer_oss: invalid OSS volume ''
[  251.594850][ T9179] udevd[9179]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory
[  251.624799][   T40] audit: type=1804 audit(1771489534.130:332): pid=9266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.812" name="/newroot/206/bus" dev="tmpfs" ino=1658 res=1 errno=0
[  251.722783][   T24] usb usb42-port1: attempt power cycle
[  251.856866][ T9253] vhci_hcd: connection reset by peer
[  251.859440][ T1166] vhci_hcd vhci_hcd.0: stop threads
[  251.861233][ T1166] vhci_hcd vhci_hcd.0: release socket
[  251.864033][ T1166] vhci_hcd vhci_hcd.0: disconnect device
[  252.042139][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  252.060182][ T9273] FAULT_INJECTION: forcing a failure.
[  252.060182][ T9273] name failslab, interval 1, probability 0, space 0, times 0
[  252.065831][ T9273] CPU: 0 UID: 0 PID: 9273 Comm: syz.1.815 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  252.065860][ T9273] Tainted: [L]=SOFTLOCKUP
[  252.065866][ T9273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  252.065874][ T9273] Call Trace:
[  252.065882][ T9273]  <TASK>
[  252.065890][ T9273]  dump_stack_lvl+0x100/0x190
[  252.065912][ T9273]  should_fail_ex.cold+0x5/0xa
[  252.065925][ T9273]  ? tomoyo_realpath_from_path+0xb6/0x690
[  252.065936][ T9273]  should_failslab+0xc2/0x120
[  252.065953][ T9273]  __kmalloc_noprof+0xe0/0x850
[  252.065970][ T9273]  tomoyo_realpath_from_path+0xb6/0x690
[  252.065984][ T9273]  tomoyo_path_number_perm+0x23c/0x580
[  252.065999][ T9273]  ? tomoyo_path_number_perm+0x22e/0x580
[  252.066015][ T9273]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  252.066044][ T9273]  ? find_held_lock+0x2b/0x80
[  252.066060][ T9273]  ? hook_file_ioctl_common+0x146/0x410
[  252.066075][ T9273]  ? __fget_files+0x215/0x3d0
[  252.066093][ T9273]  ? __fget_files+0x21f/0x3d0
[  252.066110][ T9273]  security_file_ioctl_compat+0xd3/0x230
[  252.066127][ T9273]  __ia32_compat_sys_ioctl+0xc2/0x360
[  252.066143][ T9273]  __do_fast_syscall_32+0xe3/0x8c0
[  252.066158][ T9273]  do_fast_syscall_32+0x32/0x70
[  252.066171][ T9273]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  252.066185][ T9273] RIP: 0023:0xf70bef6c
[  252.066193][ T9273] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  252.066204][ T9273] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  252.066214][ T9273] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c0a
[  252.066221][ T9273] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  252.066228][ T9273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  252.066234][ T9273] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  252.066240][ T9273] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  252.066253][ T9273]  </TASK>
[  252.066257][ T9273] ERROR: Out of memory at tomoyo_realpath_from_path.
[  252.133974][ T9273] loop9: detected capacity change from 0 to 7
[  252.138968][ T9179] Dev loop9: unable to read RDB block 7
[  252.141434][ T9179]  loop9: AHDI p2 p3
[  252.143370][ T9179] loop9: partition table partially beyond EOD, truncated
[  252.147375][ T9179] loop9: p2 size 1701016946 extends beyond EOD, truncated
[  252.164105][ T9273] Dev loop9: unable to read RDB block 7
[  252.165901][ T9273]  loop9: AHDI p2 p3
[  252.167238][ T9273] loop9: partition table partially beyond EOD, truncated
[  252.169792][ T9273] loop9: p2 size 1701016946 extends beyond EOD, truncated
[  252.201106][ T9179] udevd[9179]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory
[  252.216726][ T9179] udevd[9179]: inotify_add_watch(7, /dev/loop9p2, 10) failed: No such file or directory
[  252.260097][ T9275] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  252.314329][   T24] usb usb42-port1: unable to enumerate USB device
[  252.669448][ T9279] overlayfs: overlapping lowerdir path
[  252.707631][ T9285] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  252.785425][ T9279] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  252.832186][ T9291] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  252.933975][ T9291] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.027429][ T9291] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.110264][ T9291] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.273000][  T154] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  253.290141][  T154] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  253.371449][  T154] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  253.504264][  T154] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  254.028494][ T9286] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  254.031112][ T9286] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  254.034637][ T9286] vhci_hcd vhci_hcd.0: Device attached
[  254.259869][ T9297] vhci_hcd: connection closed
[  254.261337][  T766] vhci_hcd vhci_hcd.0: stop threads
[  254.266329][  T766] vhci_hcd vhci_hcd.0: release socket
[  254.269421][  T766] vhci_hcd vhci_hcd.0: disconnect device
[  254.831896][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  255.436546][ T9311] overlayfs: failed to resolve './file1': -2
[  255.469149][   T40] audit: type=1804 audit(1771489538.020:333): pid=9311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.825" name="/newroot/209/bus/bus" dev="tmpfs" ino=1679 res=1 errno=0
[  255.881989][ T6040] usb 38-1: device descriptor read/8, error -110
[  255.992164][ T6040] usb usb38-port1: attempt power cycle
[  255.999711][ T9317] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  256.002193][ T9317] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  256.006770][ T9317] vhci_hcd vhci_hcd.0: Device attached
[  256.432098][   T29] usb 42-1: SetAddress Request (38) to port 0
[  256.572834][ T6040] usb usb38-port1: unable to enumerate USB device
[  256.806380][   T29] usb 42-1: new SuperSpeed USB device number 38 using vhci_hcd
[  257.222129][ T9320] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  257.266006][   T40] audit: type=1804 audit(1771489539.820:334): pid=9320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.826" name="/newroot/196/bus/file0" dev="overlay" ino=1508 res=1 errno=0
[  257.287837][   T40] audit: type=1804 audit(1771489539.840:335): pid=9320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.826" name="/newroot/196/bus/file0" dev="overlay" ino=1508 res=1 errno=0
[  257.339306][ T9330] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  257.341410][ T9330] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  257.346070][ T9318] vhci_hcd: connection reset by peer
[  257.349129][ T9330] vhci_hcd vhci_hcd.0: Device attached
[  257.351877][  T154] vhci_hcd vhci_hcd.2: stop threads
[  257.354637][  T154] vhci_hcd vhci_hcd.2: release socket
[  257.357286][  T154] vhci_hcd vhci_hcd.2: disconnect device
[  257.551168][   T40] audit: type=1804 audit(1771489540.100:336): pid=9338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.830" name="/newroot/208/bus/bus" dev="tmpfs" ino=1639 res=1 errno=0
[  257.622045][   T34] usb 40-1: SetAddress Request (42) to port 0
[  257.624878][   T34] usb 40-1: new SuperSpeed USB device number 42 using vhci_hcd
[  257.852182][ T9341] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  257.854870][ T9341] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  257.858136][ T9341] vhci_hcd vhci_hcd.0: Device attached
[  258.131956][ T6040] usb 44-1: SetAddress Request (38) to port 0
[  258.134455][ T6040] usb 44-1: new SuperSpeed USB device number 38 using vhci_hcd
[  258.396956][ T9331] vhci_hcd: connection reset by peer
[  258.406182][   T12] vhci_hcd vhci_hcd.1: stop threads
[  258.408398][   T12] vhci_hcd vhci_hcd.1: release socket
[  258.410773][   T12] vhci_hcd vhci_hcd.1: disconnect device
[  258.440393][ T9342] vhci_hcd: connection reset by peer
[  258.443260][  T154] vhci_hcd vhci_hcd.3: stop threads
[  258.445065][  T154] vhci_hcd vhci_hcd.3: release socket
[  258.447854][  T154] vhci_hcd vhci_hcd.3: disconnect device
[  258.467621][ T9350] FAULT_INJECTION: forcing a failure.
[  258.467621][ T9350] name failslab, interval 1, probability 0, space 0, times 0
[  258.471585][ T9350] CPU: 1 UID: 0 PID: 9350 Comm: syz.2.834 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  258.471601][ T9350] Tainted: [L]=SOFTLOCKUP
[  258.471605][ T9350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  258.471611][ T9350] Call Trace:
[  258.471615][ T9350]  <TASK>
[  258.471620][ T9350]  dump_stack_lvl+0x100/0x190
[  258.471639][ T9350]  should_fail_ex.cold+0x5/0xa
[  258.471651][ T9350]  ? tomoyo_realpath_from_path+0xb6/0x690
[  258.471662][ T9350]  should_failslab+0xc2/0x120
[  258.471679][ T9350]  __kmalloc_noprof+0xe0/0x850
[  258.471696][ T9350]  tomoyo_realpath_from_path+0xb6/0x690
[  258.471710][ T9350]  tomoyo_path_number_perm+0x23c/0x580
[  258.471725][ T9350]  ? tomoyo_path_number_perm+0x22e/0x580
[  258.471741][ T9350]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  258.471770][ T9350]  ? find_held_lock+0x2b/0x80
[  258.471786][ T9350]  ? hook_file_ioctl_common+0x146/0x410
[  258.471802][ T9350]  ? __fget_files+0x215/0x3d0
[  258.471836][ T9350]  ? __fget_files+0x21f/0x3d0
[  258.471864][ T9350]  security_file_ioctl_compat+0xd3/0x230
[  258.471891][ T9350]  __ia32_compat_sys_ioctl+0xc2/0x360
[  258.471914][ T9350]  __do_fast_syscall_32+0xe3/0x8c0
[  258.471935][ T9350]  do_fast_syscall_32+0x32/0x70
[  258.471954][ T9350]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  258.471973][ T9350] RIP: 0023:0xf703ef6c
[  258.471989][ T9350] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  258.472001][ T9350] RSP: 002b:00000000f542d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  258.472012][ T9350] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0cc5605
[  258.472019][ T9350] RDX: 00000000800025c0 RSI: 0000000000000000 RDI: 0000000000000000
[  258.472025][ T9350] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  258.472031][ T9350] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  258.472037][ T9350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  258.472050][ T9350]  </TASK>
[  258.536945][ T9350] ERROR: Out of memory at tomoyo_realpath_from_path.
[  258.588368][ T9348] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  258.591100][ T9348] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  258.595532][ T9348] vhci_hcd vhci_hcd.0: Device attached
[  258.677549][ T9356] overlayfs: failed to resolve './file1': -2
[  258.694878][   T40] audit: type=1804 audit(1771489541.250:337): pid=9356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.835" name="/newroot/212/bus/bus" dev="tmpfs" ino=1697 res=1 errno=0
[  258.872567][   T24] usb 38-1: SetAddress Request (38) to port 0
[  258.876397][   T24] usb 38-1: new SuperSpeed USB device number 38 using vhci_hcd
[  259.133953][ T9353] vhci_hcd: connection reset by peer
[  259.138143][   T54] vhci_hcd vhci_hcd.0: stop threads
[  259.140333][   T54] vhci_hcd vhci_hcd.0: release socket
[  259.144187][   T54] vhci_hcd vhci_hcd.0: disconnect device
[  259.241935][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  259.758491][ T9365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.838'.
[  259.761481][ T9365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.838'.
[  259.802296][ T9368] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  259.981500][   T40] audit: type=1804 audit(1771489542.530:338): pid=9368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.839" name="/newroot/211/bus/file0" dev="overlay" ino=1664 res=1 errno=0
[  260.026946][   T40] audit: type=1804 audit(1771489542.580:339): pid=9368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.839" name="/newroot/211/bus/file0" dev="overlay" ino=1664 res=1 errno=0
[  260.323159][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  260.325222][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  260.399936][ T9387] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.490696][ T9387] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.581474][ T9387] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.740164][ T9387] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  260.868739][  T766] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  261.627804][  T766] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  261.630442][  T766] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  261.642310][  T766] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.702621][ T9386] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  261.705392][ T9397] overlayfs: failed to resolve './file1': -2
[  261.946121][   T40] audit: type=1804 audit(1771489544.270:340): pid=9397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.846" name="/newroot/200/bus/bus" dev="tmpfs" ino=1531 res=1 errno=0
[  262.212031][   T29] usb 42-1: device descriptor read/8, error -110
[  262.385488][ T9401] overlayfs: overlapping lowerdir path
[  262.410712][ T9416] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 1, id = 0
[  262.474156][ T9408] overlayfs: missing 'workdir'
[  262.530205][ T9418] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  262.593073][   T40] audit: type=1804 audit(1771489545.150:341): pid=9418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.852" name="/newroot/219/bus/file0" dev="overlay" ino=1721 res=1 errno=0
[  262.605284][   T40] audit: type=1804 audit(1771489545.160:342): pid=9418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.852" name="/newroot/219/bus/file0" dev="overlay" ino=1721 res=1 errno=0
[  262.672747][   T29] usb usb42-port1: attempt power cycle
[  262.682024][   T34] usb 40-1: device descriptor read/8, error -110
[  262.836662][ T9427] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.994921][ T9427] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.053576][ T9427] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.154234][ T9427] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  263.162117][ T6040] usb 44-1: device descriptor read/8, error -110
[  263.253447][   T29] usb usb42-port1: unable to enumerate USB device
[  263.389747][   T12] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.672646][  T766] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.673702][   T34] usb usb40-port1: attempt power cycle
[  263.697950][   T54] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  263.707483][   T54] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  263.952700][ T6040] usb usb44-port1: attempt power cycle
[  264.144938][   T24] usb 38-1: device descriptor read/8, error -110
[  264.234085][   T34] usb usb40-port1: unable to enumerate USB device
[  264.522603][ T6040] usb usb44-port1: unable to enumerate USB device
[  264.584790][ T9446] overlayfs: failed to resolve './file1': -2
[  264.606626][   T24] usb usb38-port1: attempt power cycle
[  264.644121][   T40] audit: type=1804 audit(1771489547.190:343): pid=9446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.858" name="/newroot/203/bus/bus" dev="tmpfs" ino=1549 res=1 errno=0
[  264.712791][ T9434] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  265.162236][ T9457] overlayfs: failed to resolve './file0': -2
[  265.175090][   T40] audit: type=1804 audit(1771489547.730:344): pid=9457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.861" name="/newroot/218/bus/bus" dev="tmpfs" ino=1735 res=1 errno=0
[  265.391708][ T9465] FAULT_INJECTION: forcing a failure.
[  265.391708][ T9465] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  265.397121][ T9465] CPU: 1 UID: 0 PID: 9465 Comm: syz.1.863 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  265.397140][ T9465] Tainted: [L]=SOFTLOCKUP
[  265.397149][ T9465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  265.397155][ T9465] Call Trace:
[  265.397159][ T9465]  <TASK>
[  265.397164][ T9465]  dump_stack_lvl+0x100/0x190
[  265.397182][ T9465]  should_fail_ex.cold+0x5/0xa
[  265.397195][ T9465]  _copy_from_user+0x2e/0xd0
[  265.397212][ T9465]  get_old_timespec32+0x82/0x130
[  265.397224][ T9465]  ? __pfx_get_old_timespec32+0x10/0x10
[  265.397236][ T9465]  ? __pfx_vfs_write+0x10/0x10
[  265.397250][ T9465]  ? do_sys_openat2+0x157/0x1e0
[  265.397264][ T9465]  do_compat_pselect+0x1be/0x2b0
[  265.397280][ T9465]  ? __pfx_do_compat_pselect+0x10/0x10
[  265.397295][ T9465]  ? __ia32_sys_futex_time32+0x2f4/0x470
[  265.397314][ T9465]  __ia32_compat_sys_pselect6_time32+0x16c/0x1e0
[  265.397346][ T9465]  __do_fast_syscall_32+0xe3/0x8c0
[  265.397364][ T9465]  do_fast_syscall_32+0x32/0x70
[  265.397377][ T9465]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  265.397391][ T9465] RIP: 0023:0xf70bef6c
[  265.397402][ T9465] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  265.397412][ T9465] RSP: 002b:00000000f548c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  265.397423][ T9465] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 0000000080000100
[  265.397429][ T9465] RDX: 0000000000000000 RSI: 0000000080000240 RDI: 0000000080000280
[  265.397435][ T9465] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  265.397441][ T9465] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  265.397447][ T9465] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  265.397460][ T9465]  </TASK>
[  265.488550][ T9449] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  265.515945][   T24] usb usb38-port1: unable to enumerate USB device
[  265.656248][ T9470] FAULT_INJECTION: forcing a failure.
[  265.656248][ T9470] name failslab, interval 1, probability 0, space 0, times 0
[  265.660167][ T9470] CPU: 0 UID: 0 PID: 9470 Comm: syz.1.866 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  265.660184][ T9470] Tainted: [L]=SOFTLOCKUP
[  265.660187][ T9470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  265.660194][ T9470] Call Trace:
[  265.660198][ T9470]  <TASK>
[  265.660202][ T9470]  dump_stack_lvl+0x100/0x190
[  265.660220][ T9470]  should_fail_ex.cold+0x5/0xa
[  265.660232][ T9470]  ? tomoyo_realpath_from_path+0xb6/0x690
[  265.660243][ T9470]  should_failslab+0xc2/0x120
[  265.660260][ T9470]  __kmalloc_noprof+0xe0/0x850
[  265.660277][ T9470]  tomoyo_realpath_from_path+0xb6/0x690
[  265.660291][ T9470]  tomoyo_path_number_perm+0x23c/0x580
[  265.660306][ T9470]  ? tomoyo_path_number_perm+0x22e/0x580
[  265.660322][ T9470]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  265.660350][ T9470]  ? find_held_lock+0x2b/0x80
[  265.660366][ T9470]  ? hook_file_ioctl_common+0x146/0x410
[  265.660382][ T9470]  ? __fget_files+0x215/0x3d0
[  265.660399][ T9470]  ? __fget_files+0x21f/0x3d0
[  265.660417][ T9470]  security_file_ioctl_compat+0xd3/0x230
[  265.660433][ T9470]  __ia32_compat_sys_ioctl+0xc2/0x360
[  265.660453][ T9470]  __do_fast_syscall_32+0xe3/0x8c0
[  265.660468][ T9470]  do_fast_syscall_32+0x32/0x70
[  265.660481][ T9470]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  265.660495][ T9470] RIP: 0023:0xf70bef6c
[  265.660504][ T9470] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  265.660514][ T9470] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  265.660525][ T9470] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0045005
[  265.660531][ T9470] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  265.660537][ T9470] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  265.660543][ T9470] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  265.660548][ T9470] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  265.660561][ T9470]  </TASK>
[  265.660566][ T9470] ERROR: Out of memory at tomoyo_realpath_from_path.
[  267.012575][ T9491] FAULT_INJECTION: forcing a failure.
[  267.012575][ T9491] name failslab, interval 1, probability 0, space 0, times 0
[  267.017317][ T9491] CPU: 0 UID: 0 PID: 9491 Comm: syz.0.873 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  267.017344][ T9491] Tainted: [L]=SOFTLOCKUP
[  267.017350][ T9491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  267.017360][ T9491] Call Trace:
[  267.017366][ T9491]  <TASK>
[  267.017373][ T9491]  dump_stack_lvl+0x100/0x190
[  267.017410][ T9491]  should_fail_ex.cold+0x5/0xa
[  267.017428][ T9491]  ? tomoyo_realpath_from_path+0xb6/0x690
[  267.017446][ T9491]  should_failslab+0xc2/0x120
[  267.017474][ T9491]  __kmalloc_noprof+0xe0/0x850
[  267.017502][ T9491]  tomoyo_realpath_from_path+0xb6/0x690
[  267.017527][ T9491]  tomoyo_path_number_perm+0x23c/0x580
[  267.017552][ T9491]  ? tomoyo_path_number_perm+0x22e/0x580
[  267.017579][ T9491]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  267.017628][ T9491]  ? find_held_lock+0x2b/0x80
[  267.017654][ T9491]  ? hook_file_ioctl_common+0x146/0x410
[  267.017679][ T9491]  ? __fget_files+0x215/0x3d0
[  267.017708][ T9491]  ? __fget_files+0x21f/0x3d0
[  267.017737][ T9491]  security_file_ioctl_compat+0xd3/0x230
[  267.017764][ T9491]  __ia32_compat_sys_ioctl+0xc2/0x360
[  267.017790][ T9491]  __do_fast_syscall_32+0xe3/0x8c0
[  267.017814][ T9491]  do_fast_syscall_32+0x32/0x70
[  267.017834][ T9491]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.017856][ T9491] RIP: 0023:0xf70bef6c
[  267.017870][ T9491] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  267.017885][ T9491] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  267.017902][ T9491] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005100
[  267.017912][ T9491] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  267.017921][ T9491] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  267.017930][ T9491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  267.017939][ T9491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.017962][ T9491]  </TASK>
[  267.017970][ T9491] ERROR: Out of memory at tomoyo_realpath_from_path.
[  267.163509][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  267.364813][ T9503] FAULT_INJECTION: forcing a failure.
[  267.364813][ T9503] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  267.371086][ T9503] CPU: 1 UID: 0 PID: 9503 Comm: syz.1.877 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  267.371113][ T9503] Tainted: [L]=SOFTLOCKUP
[  267.371120][ T9503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  267.371129][ T9503] Call Trace:
[  267.371136][ T9503]  <TASK>
[  267.371144][ T9503]  dump_stack_lvl+0x100/0x190
[  267.371194][ T9503]  should_fail_ex.cold+0x5/0xa
[  267.371216][ T9503]  _copy_from_user+0x2e/0xd0
[  267.371243][ T9503]  get_old_timespec32+0x82/0x130
[  267.371263][ T9503]  ? __pfx_get_old_timespec32+0x10/0x10
[  267.371284][ T9503]  ? __pfx_vfs_write+0x10/0x10
[  267.371308][ T9503]  ? do_sys_openat2+0x157/0x1e0
[  267.371330][ T9503]  do_compat_pselect+0x1be/0x2b0
[  267.371357][ T9503]  ? __pfx_do_compat_pselect+0x10/0x10
[  267.371378][ T9503]  ? __ia32_sys_futex_time32+0x2f4/0x470
[  267.371412][ T9503]  __ia32_compat_sys_pselect6_time32+0x16c/0x1e0
[  267.371450][ T9503]  __do_fast_syscall_32+0xe3/0x8c0
[  267.371474][ T9503]  do_fast_syscall_32+0x32/0x70
[  267.371494][ T9503]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  267.371516][ T9503] RIP: 0023:0xf70bef6c
[  267.371531][ T9503] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  267.371548][ T9503] RSP: 002b:00000000f548c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  267.371567][ T9503] RAX: ffffffffffffffda RBX: 0000000000000900 RCX: 0000000000000000
[  267.371578][ T9503] RDX: 0000000000000000 RSI: 0000000080000240 RDI: 0000000080000280
[  267.371589][ T9503] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  267.371598][ T9503] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  267.371607][ T9503] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  267.371629][ T9503]  </TASK>
[  267.621930][ T9508] overlayfs: failed to resolve './file0': -2
[  267.649384][   T40] audit: type=1804 audit(1771489550.200:345): pid=9508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.878" name="/newroot/220/bus/bus" dev="tmpfs" ino=1748 res=1 errno=0
[  267.966462][ T9499] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  268.013531][ T9511] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  268.284576][ T9524] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  268.287078][ T9524] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  268.300983][ T9524] vhci_hcd vhci_hcd.0: Device attached
[  268.572103][   T39] usb 40-1: SetAddress Request (46) to port 0
[  268.574862][   T39] usb 40-1: new SuperSpeed USB device number 46 using vhci_hcd
[  268.767304][ T9533] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  268.769392][ T9533] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  268.814674][ T9533] vhci_hcd vhci_hcd.0: Device attached
[  268.906850][ T9525] vhci_hcd: connection reset by peer
[  268.909445][   T46] vhci_hcd vhci_hcd.1: stop threads
[  268.911772][   T46] vhci_hcd vhci_hcd.1: release socket
[  268.919764][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  268.924219][ T9520] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  268.984927][ T9538] FAULT_INJECTION: forcing a failure.
[  268.984927][ T9538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.990525][ T9538] CPU: 3 UID: 0 PID: 9538 Comm: syz.0.884 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  268.990553][ T9538] Tainted: [L]=SOFTLOCKUP
[  268.990559][ T9538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  268.990569][ T9538] Call Trace:
[  268.990576][ T9538]  <TASK>
[  268.990584][ T9538]  dump_stack_lvl+0x100/0x190
[  268.990612][ T9538]  should_fail_ex.cold+0x5/0xa
[  268.990633][ T9538]  _copy_from_user+0x2e/0xd0
[  268.990660][ T9538]  get_compat_msghdr+0xb3/0x4b0
[  268.990680][ T9538]  ? __pfx_get_compat_msghdr+0x10/0x10
[  268.990701][ T9538]  ? __lock_acquire+0x4a5/0x2630
[  268.990726][ T9538]  ___sys_recvmsg+0x193/0x1a0
[  268.990752][ T9538]  ? __pfx____sys_recvmsg+0x10/0x10
[  268.990797][ T9538]  __sys_recvmsg+0x16d/0x220
[  268.990817][ T9538]  ? __pfx___sys_recvmsg+0x10/0x10
[  268.990845][ T9538]  ? __pfx_ksys_write+0x10/0x10
[  268.990877][ T9538]  __do_fast_syscall_32+0xe3/0x8c0
[  268.990901][ T9538]  do_fast_syscall_32+0x32/0x70
[  268.990922][ T9538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  268.990945][ T9538] RIP: 0023:0xf70bef6c
[  268.990959][ T9538] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  268.990975][ T9538] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000174
[  268.990993][ T9538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800014c0
[  268.991003][ T9538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  268.991013][ T9538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  268.991023][ T9538] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  268.991033][ T9538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  268.991056][ T9538]  </TASK>
[  269.122354][   T34] usb 42-1: SetAddress Request (42) to port 0
[  269.125270][   T34] usb 42-1: new SuperSpeed USB device number 42 using vhci_hcd
[  269.308367][ T5946] Bluetooth: hci1: ACL packet for unknown connection handle 201
[  269.509562][ T9534] vhci_hcd: connection reset by peer
[  269.527332][   T46] vhci_hcd vhci_hcd.2: stop threads
[  269.529537][   T46] vhci_hcd vhci_hcd.2: release socket
[  269.531932][   T46] vhci_hcd vhci_hcd.2: disconnect device
[  269.946544][ T9543] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  271.411921][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  272.081524][ T9572] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  272.081551][ T9572] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  272.082339][ T9572] vhci_hcd vhci_hcd.0: Device attached
[  272.486175][ T9567] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  272.885290][ T9583] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  272.887539][ T9583] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  272.897534][ T9583] vhci_hcd vhci_hcd.0: Device attached
[  273.228904][ T9574] vhci_hcd: connection closed
[  273.229150][   T12] vhci_hcd vhci_hcd.2: stop threads
[  273.242090][   T12] vhci_hcd vhci_hcd.2: release socket
[  273.244469][   T12] vhci_hcd vhci_hcd.2: disconnect device
[  273.459278][ T9584] vhci_hcd: connection closed
[  273.459644][  T154] vhci_hcd vhci_hcd.1: stop threads
[  273.464021][  T154] vhci_hcd vhci_hcd.1: release socket
[  273.466536][  T154] vhci_hcd vhci_hcd.1: disconnect device
[  273.641962][   T39] usb 40-1: device descriptor read/8, error -110
[  274.032833][   T39] usb usb40-port1: attempt power cycle
[  274.191945][ T9590] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  274.202091][   T34] usb 42-1: device descriptor read/8, error -110
[  274.365644][   T40] audit: type=1804 audit(1771489556.920:346): pid=9604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.898" name="/newroot/226/bus/bus" dev="tmpfs" ino=1747 res=1 errno=0
[  274.602544][   T34] usb usb42-port1: attempt power cycle
[  274.602869][   T39] usb usb40-port1: unable to enumerate USB device
[  275.182339][   T34] usb usb42-port1: unable to enumerate USB device
[  275.562278][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  276.276106][ T9623] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  277.378002][ T9649] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  277.610920][   T40] audit: type=1804 audit(1771489560.160:347): pid=9659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.912" name="/newroot/240/bus/bus" dev="overlay" ino=1837 res=1 errno=0
[  277.628475][   T40] audit: type=1804 audit(1771489560.180:348): pid=9659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.912" name="/newroot/240/bus/bus" dev="overlay" ino=1837 res=1 errno=0
[  277.787046][ T9661] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  277.789162][ T9661] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  277.802109][ T9661] vhci_hcd vhci_hcd.0: Device attached
[  278.072499][   T34] usb 42-1: SetAddress Request (46) to port 0
[  278.076319][   T34] usb 42-1: new SuperSpeed USB device number 46 using vhci_hcd
[  278.256618][ T9662] vhci_hcd: connection reset by peer
[  278.259783][  T154] vhci_hcd vhci_hcd.2: stop threads
[  278.262371][  T154] vhci_hcd vhci_hcd.2: release socket
[  278.265504][  T154] vhci_hcd vhci_hcd.2: disconnect device
[  278.860500][ T9682] FAULT_INJECTION: forcing a failure.
[  278.860500][ T9682] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.865611][ T9682] CPU: 3 UID: 0 PID: 9682 Comm: syz.0.917 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  278.865630][ T9682] Tainted: [L]=SOFTLOCKUP
[  278.865634][ T9682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  278.865640][ T9682] Call Trace:
[  278.865643][ T9682]  <TASK>
[  278.865648][ T9682]  dump_stack_lvl+0x100/0x190
[  278.865666][ T9682]  should_fail_ex.cold+0x5/0xa
[  278.865679][ T9682]  _copy_from_user+0x2e/0xd0
[  278.865695][ T9682]  get_compat_msghdr+0xb3/0x4b0
[  278.865707][ T9682]  ? __pfx_get_compat_msghdr+0x10/0x10
[  278.865717][ T9682]  ? _kstrtoull+0x13c/0x1f0
[  278.865728][ T9682]  ? __lock_acquire+0x4a5/0x2630
[  278.865744][ T9682]  ___sys_recvmsg+0x193/0x1a0
[  278.865759][ T9682]  ? __pfx____sys_recvmsg+0x10/0x10
[  278.865776][ T9682]  ? find_held_lock+0x2b/0x80
[  278.865800][ T9682]  do_recvmmsg+0x563/0x760
[  278.865816][ T9682]  ? __pfx_do_recvmmsg+0x10/0x10
[  278.865832][ T9682]  ? ksys_write+0x190/0x250
[  278.865847][ T9682]  ? ksys_write+0x190/0x250
[  278.865867][ T9682]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  278.865883][ T9682]  __sys_recvmmsg+0x21f/0x270
[  278.865896][ T9682]  ? __pfx___sys_recvmmsg+0x10/0x10
[  278.865909][ T9682]  ? ksys_write+0x1ac/0x250
[  278.865925][ T9682]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  278.865937][ T9682]  ? __do_fast_syscall_32+0x94/0x8c0
[  278.865950][ T9682]  ? lockdep_hardirqs_on+0x78/0x100
[  278.865961][ T9682]  __do_fast_syscall_32+0xe3/0x8c0
[  278.865975][ T9682]  do_fast_syscall_32+0x32/0x70
[  278.865988][ T9682]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  278.866001][ T9682] RIP: 0023:0xf70bef6c
[  278.866010][ T9682] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  278.866020][ T9682] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[  278.866030][ T9682] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  278.866037][ T9682] RDX: 0000000000000220 RSI: 0000000000000100 RDI: 0000000000000000
[  278.866055][ T9682] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  278.866062][ T9682] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  278.866068][ T9682] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  278.866085][ T9682]  </TASK>
[  278.989434][ T1166] 
[  278.990745][ T1166] ============================================
[  278.993464][ T1166] WARNING: possible recursive locking detected
[  278.996037][ T1166] syzkaller #0 Tainted: G             L     
[  278.998597][ T1166] --------------------------------------------
[  279.001165][ T1166] kworker/u32:9/1166 is trying to acquire lock:
[  279.003785][ T1166] ffff88806e613760 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: inet6_getname+0x1a2/0x860
[  279.007579][ T1166] 
[  279.007579][ T1166] but task is already holding lock:
[  279.010632][ T1166] ffff88806e613760 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_recv_path+0x88/0xf0
[  279.014623][ T1166] 
[  279.014623][ T1166] other info that might help us debug this:
[  279.017961][ T1166]  Possible unsafe locking scenario:
[  279.017961][ T1166] 
[  279.021056][ T1166]        CPU0
[  279.022495][ T1166]        ----
[  279.023921][ T1166]   lock(k-sk_lock-AF_INET6);
[  279.025897][ T1166]   lock(k-sk_lock-AF_INET6);
[  279.027923][ T1166] 
[  279.027923][ T1166]  *** DEADLOCK ***
[  279.027923][ T1166] 
[  279.031293][ T1166]  May be due to missing lock nesting notation
[  279.031293][ T1166] 
[  279.034723][ T1166] 3 locks held by kworker/u32:9/1166:
[  279.036983][ T1166]  #0: ffff8880281ed148 ((wq_completion)krds_cp_wq#0/0){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  279.041600][ T1166]  #1: ffffc90006f2fd08 ((work_completion)(&(&cp->cp_recv_w)->work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  279.046614][ T1166]  #2: ffff88806e613760 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_recv_path+0x88/0xf0
[  279.050721][ T1166] 
[  279.050721][ T1166] stack backtrace:
[  279.053248][ T1166] CPU: 0 UID: 0 PID: 1166 Comm: kworker/u32:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  279.053273][ T1166] Tainted: [L]=SOFTLOCKUP
[  279.053279][ T1166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  279.053291][ T1166] Workqueue: krds_cp_wq#0/0 rds_recv_worker
[  279.053315][ T1166] Call Trace:
[  279.053321][ T1166]  <TASK>
[  279.053333][ T1166]  dump_stack_lvl+0x100/0x190
[  279.053357][ T1166]  print_deadlock_bug.cold+0xbd/0xca
[  279.053385][ T1166]  __lock_acquire+0x12bb/0x2630
[  279.053407][ T1166]  ? check_irq_usage+0xe5/0x810
[  279.053427][ T1166]  lock_acquire+0x1cf/0x380
[  279.053446][ T1166]  ? inet6_getname+0x1a2/0x860
[  279.053467][ T1166]  lock_sock_nested+0x41/0xf0
[  279.053483][ T1166]  ? inet6_getname+0x1a2/0x860
[  279.053501][ T1166]  inet6_getname+0x1a2/0x860
[  279.053520][ T1166]  rds_tcp_get_peer_sport+0x7c/0x110
[  279.053537][ T1166]  ? __pfx_rds_tcp_get_peer_sport+0x10/0x10
[  279.053557][ T1166]  ? find_held_lock+0x2b/0x80
[  279.053582][ T1166]  ? rds_addr_cmp+0x10d/0x150
[  279.053604][ T1166]  rds_tcp_conn_slots_available+0x279/0x390
[  279.053621][ T1166]  ? __pfx_rds_tcp_conn_slots_available+0x10/0x10
[  279.053640][ T1166]  rds_recv_hs_exthdrs+0x5cb/0x7e0
[  279.053662][ T1166]  ? __pfx_rds_recv_hs_exthdrs+0x10/0x10
[  279.053685][ T1166]  rds_recv_incoming+0xd6c/0x1150
[  279.053706][ T1166]  ? __pfx_rds_recv_incoming+0x10/0x10
[  279.053726][ T1166]  ? skb_copy_bits+0x5c8/0x8d0
[  279.053755][ T1166]  rds_tcp_data_recv+0x278/0xce0
[  279.053775][ T1166]  ? tcp_recv_skb+0x2a4/0x400
[  279.053797][ T1166]  __tcp_read_sock+0x204/0x8d0
[  279.053821][ T1166]  ? __pfx_rds_tcp_data_recv+0x10/0x10
[  279.053839][ T1166]  ? __pfx___tcp_read_sock+0x10/0x10
[  279.053864][ T1166]  rds_tcp_read_sock+0x12e/0x280
[  279.053881][ T1166]  ? __pfx_rds_tcp_read_sock+0x10/0x10
[  279.053901][ T1166]  ? __local_bh_enable_ip+0x9e/0x120
[  279.053919][ T1166]  rds_tcp_recv_path+0x95/0xf0
[  279.053936][ T1166]  rds_recv_worker+0xf9/0x3b0
[  279.053957][ T1166]  process_one_work+0x9d7/0x1920
[  279.053985][ T1166]  ? __pfx_process_one_work+0x10/0x10
[  279.054010][ T1166]  ? __pfx_rds_recv_worker+0x10/0x10
[  279.054034][ T1166]  worker_thread+0x5da/0xe40
[  279.054058][ T1166]  ? __pfx_worker_thread+0x10/0x10
[  279.054080][ T1166]  ? kthread+0x13a/0x450
[  279.054098][ T1166]  ? __pfx_worker_thread+0x10/0x10
[  279.054119][ T1166]  kthread+0x370/0x450
[  279.054138][ T1166]  ? __pfx_kthread+0x10/0x10
[  279.054159][ T1166]  ret_from_fork+0x754/0xd80
[  279.054182][ T1166]  ? __pfx_ret_from_fork+0x10/0x10
[  279.054205][ T1166]  ? __switch_to+0x7b4/0x1120
[  279.054223][ T1166]  ? __pfx_kthread+0x10/0x10
[  279.054243][ T1166]  ret_from_fork_asm+0x1a/0x30
[  279.054265][ T1166]  </TASK>
[  279.176426][ T9676] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  279.352132][ T9689] fuse: Bad value for 'fd'
[  280.601928][ T5946] Bluetooth: hci1: command 0x0c1a tx timeout
[  283.162029][   T34] usb 42-1: device descriptor read/8, error -110
[  283.552117][   T34] usb usb42-port1: attempt power cycle
[  284.112461][   T34] usb usb42-port1: unable to enumerate USB device