last executing test programs:

7m35.003912743s ago: executing program 1 (id=548):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="4000000014"], 0x40}, 0x1, 0x0, 0x0, 0x811}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000a80)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x239, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x4, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x960, 0x0, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x800000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c6a0eb3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1010001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xd, 0x0, 0x0, 0x400000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x8)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x2d}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x14, 0x2}})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
r2 = syz_io_uring_setup(0x487, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, 0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r2})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)

7m33.935682992s ago: executing program 1 (id=552):
unshare(0x26020480)
socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64)
r0 = socket$key(0xf, 0x3, 0x2) (rerun: 64)
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x10}}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$inet6(0xa, 0x805, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
pipe(0x0) (async)
syz_pidfd_open(0x0, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000340)='rxrpc_local\x00', r2, 0x0, 0x84}, 0x18)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0) (async, rerun: 32)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'multiq3\x00', [0x0, 0x0, 0x100c139, 0x4, 0x5, 0xafa0, 0x0, 0x3, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x2000001, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x88, 0x6, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x9, 0x0, 0xfffffff4]}) (rerun: 32)
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c9516, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000300)='proc\x00', 0x820050, &(0x7f00000002c0)='v\x92^\xbb\xe4P\x1ab\xb0\xbb\x8dZ\x1d\x96\xff\xe7\x89\x16\xcd^VA\x1e\xa8q  1Gh\xc0\xb2\'6/q\xc3P\xdb\xc8') (async)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) (async, rerun: 32)
chdir(&(0x7f0000000080)='./file1\x00') (async, rerun: 32)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, 0x0, 0x0) (async)
setpgid(r4, 0x0) (async)
setpgid(0x0, r4) (async)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) (async)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000000200)='./file1\x00', 0x0, 0x18}, 0x14)
socket(0x10, 0x3, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r2, 0x80049370, &(0x7f0000000180))

7m33.797840561s ago: executing program 1 (id=553):
syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x92082)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000010000000000000000000000970001000000af6ef8d58851069c"], &(0x7f0000001a40)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000180)=0xd)
ioctl$TIOCOUTQ(r3, 0x5411, &(0x7f00000000c0))
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$netlink(0x10, 0x3, 0x4)
writev(r5, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a03", 0x2c}], 0x1)
syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
openat$fuse(0xffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000000000800010001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000340)=ANY=[@ANYRESHEX=r4, @ANYBLOB="4e2a35dac9c36852dadc7870a8457c400b27170758eb366234d0bb373bca06373825a5f687907af0b9d42995df39da2934c48e14111e60b7716bacbb8de619e342a317193663d402f83c7b335c318002a988d73fc0fa62d2f09c2bc551fe4bb2ec0518c39f40", @ANYRESOCT=0x0], 0x84}}, 0x20008040)

7m32.436660411s ago: executing program 1 (id=561):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x2000)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
readv(r0, &(0x7f0000001400)=[{&(0x7f0000001440)=""/4096, 0x1000}], 0x1)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x32, r0, 0x53242000)

7m32.237295458s ago: executing program 1 (id=563):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1001}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x773568b9b38b679a}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xd}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

7m32.00446652s ago: executing program 1 (id=565):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x7fffffff, 0x1}}, 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019780)=""/102390, 0xfffffffffffffc9c)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) (async)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
fcntl$notify(r4, 0x402, 0x19) (async)
fcntl$notify(r4, 0x402, 0x19)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019500)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000025000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd7000043500000200010020000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240009000f00000000000000810000000000000009000000000000000001000000000000f288c82f6b4e4060628102aa4f8e1e07cbcd21cf220a6e625829c133772194818dbfb45e7d97cfbd6201c14774d1f829931f0ed5ab790f0648330327687dbacc470334eebf99a9d2be751ef31fcdfa7909c3a15d96b05a2b8fd9907cc7c6de3d6dbd3ea567be6a3c7bbc48b08551da4e5827ab5d7d0a660a0444d3467099a046a5adf9f94286877b8256afa8d4424868c059bee3515df1aeba0ebaa7585a1092774b446467a4fdf61ca936d6e860b5d0722e661cf65f9ac511d2c9c3e6364a1fff8dcb5f487951d67e771f5b4d8f99d4c1ee52e8d7fdeb69c13109bfebf85f811c7d07f032e58c48a798ed55009ebf2886541129914144f571865983770579900ba1aa698f6c1b32"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) (async)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019500)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000025000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd7000043500000200010020000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240009000f00000000000000810000000000000009000000000000000001000000000000f288c82f6b4e4060628102aa4f8e1e07cbcd21cf220a6e625829c133772194818dbfb45e7d97cfbd6201c14774d1f829931f0ed5ab790f0648330327687dbacc470334eebf99a9d2be751ef31fcdfa7909c3a15d96b05a2b8fd9907cc7c6de3d6dbd3ea567be6a3c7bbc48b08551da4e5827ab5d7d0a660a0444d3467099a046a5adf9f94286877b8256afa8d4424868c059bee3515df1aeba0ebaa7585a1092774b446467a4fdf61ca936d6e860b5d0722e661cf65f9ac511d2c9c3e6364a1fff8dcb5f487951d67e771f5b4d8f99d4c1ee52e8d7fdeb69c13109bfebf85f811c7d07f032e58c48a798ed55009ebf2886541129914144f571865983770579900ba1aa698f6c1b32"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) (async)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001800dd8d000000ba7e9698ed1fbfa80e000000000002"], 0x3c}}, 0x0)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r9, &(0x7f0000000000)={0x27}, 0x62) (async)
bind$bt_hci(r9, &(0x7f0000000000)={0x27}, 0x62)
r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r10, &(0x7f0000000000)={0x27}, 0x74)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001700)=ANY=[@ANYRES32=r10, @ANYRES32, @ANYRES64=r0, @ANYBLOB="41053f8d8bd269daf97a59cda75067288158a8f503569ab25d9a110a2d4fad6741a25ba9a01890ff7de90b0c60b0fc1bfc183d80832910b8015da869fe5647da4acc39ee4bf85de4d71b15a6e2158efa3f1cc7ac1a2c2c2181c1d7871c52764866dc9a18ea984a931436484c29c10360b397fb87a6ed868eb40165465a1795168751387c08c100d5acda0f323381950e7c5da1620a78d7d3ea8d9413c8c7a47c1a818450651d2c985f66d8208a4f762392c64ebd27687f126ef115a12b84d4255e3f9b48507c8826270abf15c01edfaee26f848fb4aa423656c2779f82f3b6aff572a8e2afd2cd9945c0747c0b57d76e4d808ddea3f6828a4bfeb013b9b8aa8dc582967fb3ba1ca1822c50a888acc8a3482e25f102684eab9b93545cdbaf1717933803a836252fe790a450af43346e384eed83c63f7bcdf6c5b7488a960c9378d5db3a89091bf8f53bf47d9f32277f8115f5a4245879de3623be23fc40e14d9723297c542e82f6f7ec9aa8cf1fe9f3ed3331af8c7442c40d86049a636b076f9f5707c32003c94721bc0bd6931728166042808f31b04d05f827b7c8f6621c695c75a8eab275f10e69ca4c53c10b3ec431c2f2bef775358ef5da6c17752a7c9ea58e820404c03264b3ce5ecf2fc3eff606629b069c032eac3a1f8e43d034462b4fa4d156dd8224f11eabee473b741675e3d90bdee857802525a82596e1118fb5cb321809dcbca136f361a7f2ba401d5760013aca1af821711487cbe5037f44ea17555e4f641ea7a752bfdb6025d1c2c68661eda18a4cd7d5ae78e2e45ae2e135e700f609c92eb2babf566f18f08b83e10238c11513a0b2f99f1abb2e385b2842c18754832ff7c154d7b07d8bca4ca70aceefcb1f80aac9345391fda4d61fcc5135908fdb4fa5044241f79111fb1468226bb7948747491382487f6574d5e95e02602c7b6fdb2a0d32dd143c5daa0bf117a8793c5504dfa1128f2aa2d3701482872a0d5c0aa890bfc9a22b23b940362edc523d8909aaf247c018b433a42a4659067d579a180e5d030358142ec17751ca54a7ad463461555af8dcac40021002199290645e5b43058318848c8145213088b3489180d631443bb3a4e576481e3f1443b59f9c821b978048991e46e1a6215ff2cd86daee030f60defe15377ae3188772bcf80ad0505d1a701b6eec5eefb2b95083688dd4adc0b13d05bd0683d1a93510a684ce41c9cdbd537bcc6a63b7e523cc8befac458698456def6b05da677a64be9d07f27455a5dab0c5f8e2ade80a8d049f2213551bca73fa07f93f1ba707a7e1f847f21e91624109bd3dfd05a7fc68e01756d0a0c7540844569b37399d8c59883ad2f6908386d598fe2ad372f3590870bb5cbce97eeb54cd50a7c5872548a6ce345901a90d7439687c248bc7bc525db948fee7ccc85c63fb2b0fdc252393bb27c95098f9a95264c3c32800020e4ec74a55822356d1799479f3f1a3f7709ecf2d41ca95849663a9ef8102b4a60c0d361aa551a639854944ba6728621715ec4cae979eddb77128007f8aec5d72eff98e6a4cc8d7f327d0823f194005ce707f6884829b716a904ef6a49eadb0c1c3ef019512e04ee939ea3fd1da46b26ee3fbd03b21e93f11642d3f982ccbcc2aab2a41ea208aa87cc02d7b8929a8dd3c8fca407405962cdd84cd853251761130a72be8a91ab95c05be435be124796c3560cf3f2a686cd9009789a8e0f4d32702864596287705f1763b4cbb292afcceaa91c0aa3d004a370c8f832d96c4e1b8c09b8d6b1286c9e048f221f682e8e19960b01b54bee5c46dc2f6d68e4010686c873115aa64a005a59cd84a65f3ee66fb701690d6f258b18dcbe6904337a417abe42e9f7b216acad44077dd23c2a4b5a7deed6513b3724069b596884d9dce96e9da68e041f45cddd23e0dcb21dc2ccaef6d75088c1ecfaa241af9abe907cc9b8627fff832b0160371a2afcc029b8915f5ce01d733b735af636a81b932d9f02127588f42ed9dc2fbd84220c40b3dae6445af43339dfde32a5af9d9db9d96f81606cdee491bc4dd936ada9d360a8bf058f9e3d9dc3c8e2ee8fa25d37b97d7ad8fdd231b849cca1a15b26098ddf6974cf9ad8e7cea03342f6979461c15fd81210ca9b7b51ec54a6013a052d7027e348f03fd5fc7426f635978e872aa332bb4bfe5e6405d19fc6c14b6643516ff1ae4db47a10a138a9de53696962923ade2641dc2d8efc91e00914e159a0cb63a5d93de6a9ed02cd46daf7a6b73e2b4b0469fe62f7c64314a1e5cb2590c3211fa8478acabbb0d6e24070a45f4d77b90718fe5052dccfdbc3d53e1a1f200f5948d24ddf86f92f7c5ce26737aac88080658bb839d3ebb01dc37f2d808dbe8e8b3c574990153383d45dcf0853c9fb3496b2144952a0bd635a9d19de9c6ba1d82ca5b1bb7d7fde4774c56ce9d5f4efefb2994dba938a11abdd2db714e6f7dd2340f134d721e60fdc01eecbfbdb45926168dd8752363182459b9bdd524bed8e63a74979f2629ff483981f593cae08cf0241f5c35d0aaa133a48bb0ec891db57da6b606154f2d2c1b46109c4365d8eeb6fbbfbfdf0fb8024a274fa9b215ea270dd175dfd60d60ec6c69af745c01db85212a8fe4d02175972a395d98e7f3795bb46503ab332e8180902c7f850804201f1b0209a03a95e11932ec231889a810eb91afc6f6657d4b019de28d922fab932ebde786d7c4c9f4a354c09640ef903d4fecffe6291b5f39451da867f0eb641871917f710163432feb2da11d86d14d630eddc0158cfe706019784c3d36f06d94ead5162db462e7525d25e36f7e06e4a0d1f1adc82b2f65be2e701b950692a6fed2e753ed41ec3d9445b98d020c8982b98c9c47db99162487a8c7678c56bbb94e19d2c015112e973c30cc37829cba705d4b678e5b2ae72628a4840d81c73e1a7217db51224dddc3de0a4f36caad665d7a8a4e4fd9b5572b096691c71253dde17f646e29e77261f8190aa3218775bebc157bd7f82c0e18602573f6f27ccdfc406c61cd5e992f5ff31467c0ed467cf21dba85553201238516dd82234676c0febf3fa614b55ca95a833f23f067018e237dc02e3b7422e46ba3339274819404f06afcb031a1b02dc9028fb5a94ef3854c9dbe25a3a279f67a0feeeaf89bc5259116413a8a6e31a471039d2c1634899017915f95df6aa452915b57e454eab195f2819028d9f80684aecca37a304c5287de9a82e6bb9a1962dbed90cc83fe6af391c5226dd607691f2f402f5edd71392a3f81736c9c9d1b30c9059520a7198d503a19bf5b47902236d420c7426157e8f216ad97444bea6470c0fc23dcca6e238a6a1ab6a1a0dc274fd9ba442dbf4a85e8779cba659ee2c086998af7614325171a3f9e4906a0f75561dec302581782a2695619f6ea088365ae7f8c1f2faed18989e1ca0c718114f1e1333d1927aa73f028d6e8e74c778a9533b6bb6fac8ca0dc5d8fff02e158ca58f306e03a5eccd2197cf869c6b016354ce35b4a821fe228d4fb8a6dbcda27ac43b48b5b2921d71bb44ecea101d3e950659621bd043b0fa4c7b83cabc01d7c6641691b86ffaba5eb2ba1262fd07c28c02121e4e811c123973d3decf70b13662d9b7ca60ad8bd6da1853b40f5d4002deb9468908f5aa8aa1ba72997d36c4983c9517e171c62ba0317989435dbeab1090fbb519b924e375ef65d7b9914807e98392c50ad5442dc69cd7aad0d24a652e97b753d7361620b954ba140a1c5b68c25b4f4ef1dd5bbc498c6c2d18b9deab094fb223d8707678666994ae184c831d13b2bd142725d976e66797eefe65c545bc15aca480d3ca3abeebdc6ce0a554d55765efdf62bcfc513cd14159a1aa57adada84d971532b533150499f15bc64ca930fb064abd66fb2430c28a5c61945f2120d29d0c9cb68de4d674ddcb20e0d48168846f9bf1961e0f5a31133ea36fcd9fb929e4aac0d4e19732c3aef1b0c23e0021ed8edeb23739dba0f161d89daab1cafb6df23168c94f5d15933c71752822f5e6f5e8f066b2dbb71dd34acbfbbf6684bb3271be3da6e01b7a5b5ad8a16c504c4a90f946a1e3f0d7e84b07e3c151cfa3b19b29c073e3e21c5dbd3c00c722f917d5a529ba47ea2bf407dce75e0c21432522a41e4bef4b2f562dd2616fceb4bf93141b631f65d4f49c9de4f8b608f1b0d7dbca09b923f953962dd8904e9099dfef537e8a9a402516a63f674a53d6bc5bbec3837e5968123300938e52f553964ab1bd230e6b83455846bb3f3b2f62fb34ed317745fe438f69f611495b1869025b67426fe0a0306e59088c05876b29bf55ac0a01d79b07b890e6c967f6fc3e938de31c6eb91518d47ace54645b6e784d2d4f7376abb4935a69380e3e412a7f79785445cfa94af71b6b6cced0d8295b8545519afd4f5b1c37069cb15a4ede86a7b14e5b2f591366ada19a6a2d056d3bae7422c85cb31785230003015c1ee6b34212f6168b52f421217fc8e67600e0101472fbf68eebb2b34d84a6a5c24f80cb42e5eb51c7bc0fcda566cf97a76bb4bd8d6fc0241fc08cd89ab87a8c03cca25740f9aa6b6e8f148e68171a32f5736110eb0efe771ac261d05655dffaf97b546032152e1a02d26026b3ce8c9cffab6baf223153f16f56d6ebf9cdceb04fdd536bf60858afee9b7d141d06505da938598e3e58077cef1471740aa907f4587268108e94bd11f9d13a57f409cdc81ab1989686413b9b69f5ce57ce079fd2fe55b734b4f66e4a79c1592b9e8e99fa988aa2beceaa9926d2cc35f184f041e1ac9c090a3016ade5fa9940f13a4660cdc488e23e54377a684fda29e85834e46e092eb62f79be9600472b655ecf0eb1046324bc91651d1e6408ccbbcd708e855c22e77618431a69e1ef8f52659ef49289f08e3b3031d7a11dd385f9b6bdc0e11ae2700d111dd9aa612d566260d96290b583e79df416f4bb45853f0308707474c76f064a941a02d4a3a0c51a4c0c5a6dacd2478775b36747c2385eb1ab4619fc6f0e5f7a205ec5556f648eccabd0966bb3a905e6452ccdd412b997bf6667b32428fdf7d8e35e1dab76078954a68aa0e86f3ebc59146c4d58408043395c9b049d5c1b00053ed137fe6e99c58913b014c2df1e2db8a269a227d5807804e895849fe355b0f3b50a35ed0917730ca44a8d8c576917c5c86fec10afbd8590f982111fc8b4c0b785cc3753d91164e2fe63269948c96797035cb9321cbc0bcecfb7f70cef458da43609b952de0d53b3d728dd5d56344c330b5d94a557313a9b897c2bb5ecc8cf14e2f17032c066e6fc9758582b1e205fbbbb954092072444db9570dc63fcd47a9ad0171d0b36a889503478396aead85f266f0705f9638f537857d0b3003fec5312da5b9eb91f7e382c671215b193cab31cf7802ef9652ff16757545b126f805b5d373ed72942a1ce26178d81f629ac5f08b3f25c84b6487959bb0c5a9bd1da831c9b398a576b12f069fd1b17a19d0786af377025396db560b172e18ec502bc6189aeaac25216610d8c21eee5d2492baf3f220d01b2dc2d98f7174d5281e4c9c128545d2cfe0a80f7ed85035fd92a8a5d573dc6f7c2bddeefbcb10602f9879e70ac5c09bb03bbee15375d5e51e19579f84c72d0a2e025aa335548c77acf09f24d567311fb8a9fe0723bd5cfecf98a75bafd691a6be872aa80df44cc4cb6343cd68f256a2b50e92299939a9421e0d721810c0ffd257114036446c0c2fd858dc24e67697970f7e8e2e1c9175c633cf0be279354b20cac9c9577feda2803309413d7d43ac13a8"], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001700)=ANY=[@ANYRES32=r10, @ANYRES32, @ANYRES64=r0, @ANYBLOB="41053f8d8bd269daf97a59cda75067288158a8f503569ab25d9a110a2d4fad6741a25ba9a01890ff7de90b0c60b0fc1bfc183d80832910b8015da869fe5647da4acc39ee4bf85de4d71b15a6e2158efa3f1cc7ac1a2c2c2181c1d7871c52764866dc9a18ea984a931436484c29c10360b397fb87a6ed868eb40165465a1795168751387c08c100d5acda0f323381950e7c5da1620a78d7d3ea8d9413c8c7a47c1a818450651d2c985f66d8208a4f762392c64ebd27687f126ef115a12b84d4255e3f9b48507c8826270abf15c01edfaee26f848fb4aa423656c2779f82f3b6aff572a8e2afd2cd9945c0747c0b57d76e4d808ddea3f6828a4bfeb013b9b8aa8dc582967fb3ba1ca1822c50a888acc8a3482e25f102684eab9b93545cdbaf1717933803a836252fe790a450af43346e384eed83c63f7bcdf6c5b7488a960c9378d5db3a89091bf8f53bf47d9f32277f8115f5a4245879de3623be23fc40e14d9723297c542e82f6f7ec9aa8cf1fe9f3ed3331af8c7442c40d86049a636b076f9f5707c32003c94721bc0bd6931728166042808f31b04d05f827b7c8f6621c695c75a8eab275f10e69ca4c53c10b3ec431c2f2bef775358ef5da6c17752a7c9ea58e820404c03264b3ce5ecf2fc3eff606629b069c032eac3a1f8e43d034462b4fa4d156dd8224f11eabee473b741675e3d90bdee857802525a82596e1118fb5cb321809dcbca136f361a7f2ba401d5760013aca1af821711487cbe5037f44ea17555e4f641ea7a752bfdb6025d1c2c68661eda18a4cd7d5ae78e2e45ae2e135e700f609c92eb2babf566f18f08b83e10238c11513a0b2f99f1abb2e385b2842c18754832ff7c154d7b07d8bca4ca70aceefcb1f80aac9345391fda4d61fcc5135908fdb4fa5044241f79111fb1468226bb7948747491382487f6574d5e95e02602c7b6fdb2a0d32dd143c5daa0bf117a8793c5504dfa1128f2aa2d3701482872a0d5c0aa890bfc9a22b23b940362edc523d8909aaf247c018b433a42a4659067d579a180e5d030358142ec17751ca54a7ad463461555af8dcac40021002199290645e5b43058318848c8145213088b3489180d631443bb3a4e576481e3f1443b59f9c821b978048991e46e1a6215ff2cd86daee030f60defe15377ae3188772bcf80ad0505d1a701b6eec5eefb2b95083688dd4adc0b13d05bd0683d1a93510a684ce41c9cdbd537bcc6a63b7e523cc8befac458698456def6b05da677a64be9d07f27455a5dab0c5f8e2ade80a8d049f2213551bca73fa07f93f1ba707a7e1f847f21e91624109bd3dfd05a7fc68e01756d0a0c7540844569b37399d8c59883ad2f6908386d598fe2ad372f3590870bb5cbce97eeb54cd50a7c5872548a6ce345901a90d7439687c248bc7bc525db948fee7ccc85c63fb2b0fdc252393bb27c95098f9a95264c3c32800020e4ec74a55822356d1799479f3f1a3f7709ecf2d41ca95849663a9ef8102b4a60c0d361aa551a639854944ba6728621715ec4cae979eddb77128007f8aec5d72eff98e6a4cc8d7f327d0823f194005ce707f6884829b716a904ef6a49eadb0c1c3ef019512e04ee939ea3fd1da46b26ee3fbd03b21e93f11642d3f982ccbcc2aab2a41ea208aa87cc02d7b8929a8dd3c8fca407405962cdd84cd853251761130a72be8a91ab95c05be435be124796c3560cf3f2a686cd9009789a8e0f4d32702864596287705f1763b4cbb292afcceaa91c0aa3d004a370c8f832d96c4e1b8c09b8d6b1286c9e048f221f682e8e19960b01b54bee5c46dc2f6d68e4010686c873115aa64a005a59cd84a65f3ee66fb701690d6f258b18dcbe6904337a417abe42e9f7b216acad44077dd23c2a4b5a7deed6513b3724069b596884d9dce96e9da68e041f45cddd23e0dcb21dc2ccaef6d75088c1ecfaa241af9abe907cc9b8627fff832b0160371a2afcc029b8915f5ce01d733b735af636a81b932d9f02127588f42ed9dc2fbd84220c40b3dae6445af43339dfde32a5af9d9db9d96f81606cdee491bc4dd936ada9d360a8bf058f9e3d9dc3c8e2ee8fa25d37b97d7ad8fdd231b849cca1a15b26098ddf6974cf9ad8e7cea03342f6979461c15fd81210ca9b7b51ec54a6013a052d7027e348f03fd5fc7426f635978e872aa332bb4bfe5e6405d19fc6c14b6643516ff1ae4db47a10a138a9de53696962923ade2641dc2d8efc91e00914e159a0cb63a5d93de6a9ed02cd46daf7a6b73e2b4b0469fe62f7c64314a1e5cb2590c3211fa8478acabbb0d6e24070a45f4d77b90718fe5052dccfdbc3d53e1a1f200f5948d24ddf86f92f7c5ce26737aac88080658bb839d3ebb01dc37f2d808dbe8e8b3c574990153383d45dcf0853c9fb3496b2144952a0bd635a9d19de9c6ba1d82ca5b1bb7d7fde4774c56ce9d5f4efefb2994dba938a11abdd2db714e6f7dd2340f134d721e60fdc01eecbfbdb45926168dd8752363182459b9bdd524bed8e63a74979f2629ff483981f593cae08cf0241f5c35d0aaa133a48bb0ec891db57da6b606154f2d2c1b46109c4365d8eeb6fbbfbfdf0fb8024a274fa9b215ea270dd175dfd60d60ec6c69af745c01db85212a8fe4d02175972a395d98e7f3795bb46503ab332e8180902c7f850804201f1b0209a03a95e11932ec231889a810eb91afc6f6657d4b019de28d922fab932ebde786d7c4c9f4a354c09640ef903d4fecffe6291b5f39451da867f0eb641871917f710163432feb2da11d86d14d630eddc0158cfe706019784c3d36f06d94ead5162db462e7525d25e36f7e06e4a0d1f1adc82b2f65be2e701b950692a6fed2e753ed41ec3d9445b98d020c8982b98c9c47db99162487a8c7678c56bbb94e19d2c015112e973c30cc37829cba705d4b678e5b2ae72628a4840d81c73e1a7217db51224dddc3de0a4f36caad665d7a8a4e4fd9b5572b096691c71253dde17f646e29e77261f8190aa3218775bebc157bd7f82c0e18602573f6f27ccdfc406c61cd5e992f5ff31467c0ed467cf21dba85553201238516dd82234676c0febf3fa614b55ca95a833f23f067018e237dc02e3b7422e46ba3339274819404f06afcb031a1b02dc9028fb5a94ef3854c9dbe25a3a279f67a0feeeaf89bc5259116413a8a6e31a471039d2c1634899017915f95df6aa452915b57e454eab195f2819028d9f80684aecca37a304c5287de9a82e6bb9a1962dbed90cc83fe6af391c5226dd607691f2f402f5edd71392a3f81736c9c9d1b30c9059520a7198d503a19bf5b47902236d420c7426157e8f216ad97444bea6470c0fc23dcca6e238a6a1ab6a1a0dc274fd9ba442dbf4a85e8779cba659ee2c086998af7614325171a3f9e4906a0f75561dec302581782a2695619f6ea088365ae7f8c1f2faed18989e1ca0c718114f1e1333d1927aa73f028d6e8e74c778a9533b6bb6fac8ca0dc5d8fff02e158ca58f306e03a5eccd2197cf869c6b016354ce35b4a821fe228d4fb8a6dbcda27ac43b48b5b2921d71bb44ecea101d3e950659621bd043b0fa4c7b83cabc01d7c6641691b86ffaba5eb2ba1262fd07c28c02121e4e811c123973d3decf70b13662d9b7ca60ad8bd6da1853b40f5d4002deb9468908f5aa8aa1ba72997d36c4983c9517e171c62ba0317989435dbeab1090fbb519b924e375ef65d7b9914807e98392c50ad5442dc69cd7aad0d24a652e97b753d7361620b954ba140a1c5b68c25b4f4ef1dd5bbc498c6c2d18b9deab094fb223d8707678666994ae184c831d13b2bd142725d976e66797eefe65c545bc15aca480d3ca3abeebdc6ce0a554d55765efdf62bcfc513cd14159a1aa57adada84d971532b533150499f15bc64ca930fb064abd66fb2430c28a5c61945f2120d29d0c9cb68de4d674ddcb20e0d48168846f9bf1961e0f5a31133ea36fcd9fb929e4aac0d4e19732c3aef1b0c23e0021ed8edeb23739dba0f161d89daab1cafb6df23168c94f5d15933c71752822f5e6f5e8f066b2dbb71dd34acbfbbf6684bb3271be3da6e01b7a5b5ad8a16c504c4a90f946a1e3f0d7e84b07e3c151cfa3b19b29c073e3e21c5dbd3c00c722f917d5a529ba47ea2bf407dce75e0c21432522a41e4bef4b2f562dd2616fceb4bf93141b631f65d4f49c9de4f8b608f1b0d7dbca09b923f953962dd8904e9099dfef537e8a9a402516a63f674a53d6bc5bbec3837e5968123300938e52f553964ab1bd230e6b83455846bb3f3b2f62fb34ed317745fe438f69f611495b1869025b67426fe0a0306e59088c05876b29bf55ac0a01d79b07b890e6c967f6fc3e938de31c6eb91518d47ace54645b6e784d2d4f7376abb4935a69380e3e412a7f79785445cfa94af71b6b6cced0d8295b8545519afd4f5b1c37069cb15a4ede86a7b14e5b2f591366ada19a6a2d056d3bae7422c85cb31785230003015c1ee6b34212f6168b52f421217fc8e67600e0101472fbf68eebb2b34d84a6a5c24f80cb42e5eb51c7bc0fcda566cf97a76bb4bd8d6fc0241fc08cd89ab87a8c03cca25740f9aa6b6e8f148e68171a32f5736110eb0efe771ac261d05655dffaf97b546032152e1a02d26026b3ce8c9cffab6baf223153f16f56d6ebf9cdceb04fdd536bf60858afee9b7d141d06505da938598e3e58077cef1471740aa907f4587268108e94bd11f9d13a57f409cdc81ab1989686413b9b69f5ce57ce079fd2fe55b734b4f66e4a79c1592b9e8e99fa988aa2beceaa9926d2cc35f184f041e1ac9c090a3016ade5fa9940f13a4660cdc488e23e54377a684fda29e85834e46e092eb62f79be9600472b655ecf0eb1046324bc91651d1e6408ccbbcd708e855c22e77618431a69e1ef8f52659ef49289f08e3b3031d7a11dd385f9b6bdc0e11ae2700d111dd9aa612d566260d96290b583e79df416f4bb45853f0308707474c76f064a941a02d4a3a0c51a4c0c5a6dacd2478775b36747c2385eb1ab4619fc6f0e5f7a205ec5556f648eccabd0966bb3a905e6452ccdd412b997bf6667b32428fdf7d8e35e1dab76078954a68aa0e86f3ebc59146c4d58408043395c9b049d5c1b00053ed137fe6e99c58913b014c2df1e2db8a269a227d5807804e895849fe355b0f3b50a35ed0917730ca44a8d8c576917c5c86fec10afbd8590f982111fc8b4c0b785cc3753d91164e2fe63269948c96797035cb9321cbc0bcecfb7f70cef458da43609b952de0d53b3d728dd5d56344c330b5d94a557313a9b897c2bb5ecc8cf14e2f17032c066e6fc9758582b1e205fbbbb954092072444db9570dc63fcd47a9ad0171d0b36a889503478396aead85f266f0705f9638f537857d0b3003fec5312da5b9eb91f7e382c671215b193cab31cf7802ef9652ff16757545b126f805b5d373ed72942a1ce26178d81f629ac5f08b3f25c84b6487959bb0c5a9bd1da831c9b398a576b12f069fd1b17a19d0786af377025396db560b172e18ec502bc6189aeaac25216610d8c21eee5d2492baf3f220d01b2dc2d98f7174d5281e4c9c128545d2cfe0a80f7ed85035fd92a8a5d573dc6f7c2bddeefbcb10602f9879e70ac5c09bb03bbee15375d5e51e19579f84c72d0a2e025aa335548c77acf09f24d567311fb8a9fe0723bd5cfecf98a75bafd691a6be872aa80df44cc4cb6343cd68f256a2b50e92299939a9421e0d721810c0ffd257114036446c0c2fd858dc24e67697970f7e8e2e1c9175c633cf0be279354b20cac9c9577feda2803309413d7d43ac13a8"], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) (async)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x30000}}], 0x1, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x4, 0x0, [{0x97, 0x0, 0x8}, {0x9a1, 0x0, 0x88}, {0x913, 0x0, 0x7}, {0x2b4, 0x0, 0x9}]})

7m16.973792688s ago: executing program 32 (id=565):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r3, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x7fffffff, 0x1}}, 0x20)
sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019780)=""/102390, 0xfffffffffffffc9c)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) (async)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
fcntl$notify(r4, 0x402, 0x19) (async)
fcntl$notify(r4, 0x402, 0x19)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019500)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000025000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd7000043500000200010020000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240009000f00000000000000810000000000000009000000000000000001000000000000f288c82f6b4e4060628102aa4f8e1e07cbcd21cf220a6e625829c133772194818dbfb45e7d97cfbd6201c14774d1f829931f0ed5ab790f0648330327687dbacc470334eebf99a9d2be751ef31fcdfa7909c3a15d96b05a2b8fd9907cc7c6de3d6dbd3ea567be6a3c7bbc48b08551da4e5827ab5d7d0a660a0444d3467099a046a5adf9f94286877b8256afa8d4424868c059bee3515df1aeba0ebaa7585a1092774b446467a4fdf61ca936d6e860b5d0722e661cf65f9ac511d2c9c3e6364a1fff8dcb5f487951d67e771f5b4d8f99d4c1ee52e8d7fdeb69c13109bfebf85f811c7d07f032e58c48a798ed55009ebf2886541129914144f571865983770579900ba1aa698f6c1b32"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0) (async)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000019500)=ANY=[@ANYBLOB="5c01000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000025000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd7000043500000200010020000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000240009000f00000000000000810000000000000009000000000000000001000000000000f288c82f6b4e4060628102aa4f8e1e07cbcd21cf220a6e625829c133772194818dbfb45e7d97cfbd6201c14774d1f829931f0ed5ab790f0648330327687dbacc470334eebf99a9d2be751ef31fcdfa7909c3a15d96b05a2b8fd9907cc7c6de3d6dbd3ea567be6a3c7bbc48b08551da4e5827ab5d7d0a660a0444d3467099a046a5adf9f94286877b8256afa8d4424868c059bee3515df1aeba0ebaa7585a1092774b446467a4fdf61ca936d6e860b5d0722e661cf65f9ac511d2c9c3e6364a1fff8dcb5f487951d67e771f5b4d8f99d4c1ee52e8d7fdeb69c13109bfebf85f811c7d07f032e58c48a798ed55009ebf2886541129914144f571865983770579900ba1aa698f6c1b32"], 0x15c}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) (async)
setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001800dd8d000000ba7e9698ed1fbfa80e000000000002"], 0x3c}}, 0x0)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r9, &(0x7f0000000000)={0x27}, 0x62) (async)
bind$bt_hci(r9, &(0x7f0000000000)={0x27}, 0x62)
r10 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r10, &(0x7f0000000000)={0x27}, 0x74)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001700)=ANY=[@ANYRES32=r10, @ANYRES32, @ANYRES64=r0, @ANYBLOB="41053f8d8bd269daf97a59cda75067288158a8f503569ab25d9a110a2d4fad6741a25ba9a01890ff7de90b0c60b0fc1bfc183d80832910b8015da869fe5647da4acc39ee4bf85de4d71b15a6e2158efa3f1cc7ac1a2c2c2181c1d7871c52764866dc9a18ea984a931436484c29c10360b397fb87a6ed868eb40165465a1795168751387c08c100d5acda0f323381950e7c5da1620a78d7d3ea8d9413c8c7a47c1a818450651d2c985f66d8208a4f762392c64ebd27687f126ef115a12b84d4255e3f9b48507c8826270abf15c01edfaee26f848fb4aa423656c2779f82f3b6aff572a8e2afd2cd9945c0747c0b57d76e4d808ddea3f6828a4bfeb013b9b8aa8dc582967fb3ba1ca1822c50a888acc8a3482e25f102684eab9b93545cdbaf1717933803a836252fe790a450af43346e384eed83c63f7bcdf6c5b7488a960c9378d5db3a89091bf8f53bf47d9f32277f8115f5a4245879de3623be23fc40e14d9723297c542e82f6f7ec9aa8cf1fe9f3ed3331af8c7442c40d86049a636b076f9f5707c32003c94721bc0bd6931728166042808f31b04d05f827b7c8f6621c695c75a8eab275f10e69ca4c53c10b3ec431c2f2bef775358ef5da6c17752a7c9ea58e820404c03264b3ce5ecf2fc3eff606629b069c032eac3a1f8e43d034462b4fa4d156dd8224f11eabee473b741675e3d90bdee857802525a82596e1118fb5cb321809dcbca136f361a7f2ba401d5760013aca1af821711487cbe5037f44ea17555e4f641ea7a752bfdb6025d1c2c68661eda18a4cd7d5ae78e2e45ae2e135e700f609c92eb2babf566f18f08b83e10238c11513a0b2f99f1abb2e385b2842c18754832ff7c154d7b07d8bca4ca70aceefcb1f80aac9345391fda4d61fcc5135908fdb4fa5044241f79111fb1468226bb7948747491382487f6574d5e95e02602c7b6fdb2a0d32dd143c5daa0bf117a8793c5504dfa1128f2aa2d3701482872a0d5c0aa890bfc9a22b23b940362edc523d8909aaf247c018b433a42a4659067d579a180e5d030358142ec17751ca54a7ad463461555af8dcac40021002199290645e5b43058318848c8145213088b3489180d631443bb3a4e576481e3f1443b59f9c821b978048991e46e1a6215ff2cd86daee030f60defe15377ae3188772bcf80ad0505d1a701b6eec5eefb2b95083688dd4adc0b13d05bd0683d1a93510a684ce41c9cdbd537bcc6a63b7e523cc8befac458698456def6b05da677a64be9d07f27455a5dab0c5f8e2ade80a8d049f2213551bca73fa07f93f1ba707a7e1f847f21e91624109bd3dfd05a7fc68e01756d0a0c7540844569b37399d8c59883ad2f6908386d598fe2ad372f3590870bb5cbce97eeb54cd50a7c5872548a6ce345901a90d7439687c248bc7bc525db948fee7ccc85c63fb2b0fdc252393bb27c95098f9a95264c3c32800020e4ec74a55822356d1799479f3f1a3f7709ecf2d41ca95849663a9ef8102b4a60c0d361aa551a639854944ba6728621715ec4cae979eddb77128007f8aec5d72eff98e6a4cc8d7f327d0823f194005ce707f6884829b716a904ef6a49eadb0c1c3ef019512e04ee939ea3fd1da46b26ee3fbd03b21e93f11642d3f982ccbcc2aab2a41ea208aa87cc02d7b8929a8dd3c8fca407405962cdd84cd853251761130a72be8a91ab95c05be435be124796c3560cf3f2a686cd9009789a8e0f4d32702864596287705f1763b4cbb292afcceaa91c0aa3d004a370c8f832d96c4e1b8c09b8d6b1286c9e048f221f682e8e19960b01b54bee5c46dc2f6d68e4010686c873115aa64a005a59cd84a65f3ee66fb701690d6f258b18dcbe6904337a417abe42e9f7b216acad44077dd23c2a4b5a7deed6513b3724069b596884d9dce96e9da68e041f45cddd23e0dcb21dc2ccaef6d75088c1ecfaa241af9abe907cc9b8627fff832b0160371a2afcc029b8915f5ce01d733b735af636a81b932d9f02127588f42ed9dc2fbd84220c40b3dae6445af43339dfde32a5af9d9db9d96f81606cdee491bc4dd936ada9d360a8bf058f9e3d9dc3c8e2ee8fa25d37b97d7ad8fdd231b849cca1a15b26098ddf6974cf9ad8e7cea03342f6979461c15fd81210ca9b7b51ec54a6013a052d7027e348f03fd5fc7426f635978e872aa332bb4bfe5e6405d19fc6c14b6643516ff1ae4db47a10a138a9de53696962923ade2641dc2d8efc91e00914e159a0cb63a5d93de6a9ed02cd46daf7a6b73e2b4b0469fe62f7c64314a1e5cb2590c3211fa8478acabbb0d6e24070a45f4d77b90718fe5052dccfdbc3d53e1a1f200f5948d24ddf86f92f7c5ce26737aac88080658bb839d3ebb01dc37f2d808dbe8e8b3c574990153383d45dcf0853c9fb3496b2144952a0bd635a9d19de9c6ba1d82ca5b1bb7d7fde4774c56ce9d5f4efefb2994dba938a11abdd2db714e6f7dd2340f134d721e60fdc01eecbfbdb45926168dd8752363182459b9bdd524bed8e63a74979f2629ff483981f593cae08cf0241f5c35d0aaa133a48bb0ec891db57da6b606154f2d2c1b46109c4365d8eeb6fbbfbfdf0fb8024a274fa9b215ea270dd175dfd60d60ec6c69af745c01db85212a8fe4d02175972a395d98e7f3795bb46503ab332e8180902c7f850804201f1b0209a03a95e11932ec231889a810eb91afc6f6657d4b019de28d922fab932ebde786d7c4c9f4a354c09640ef903d4fecffe6291b5f39451da867f0eb641871917f710163432feb2da11d86d14d630eddc0158cfe706019784c3d36f06d94ead5162db462e7525d25e36f7e06e4a0d1f1adc82b2f65be2e701b950692a6fed2e753ed41ec3d9445b98d020c8982b98c9c47db99162487a8c7678c56bbb94e19d2c015112e973c30cc37829cba705d4b678e5b2ae72628a4840d81c73e1a7217db51224dddc3de0a4f36caad665d7a8a4e4fd9b5572b096691c71253dde17f646e29e77261f8190aa3218775bebc157bd7f82c0e18602573f6f27ccdfc406c61cd5e992f5ff31467c0ed467cf21dba85553201238516dd82234676c0febf3fa614b55ca95a833f23f067018e237dc02e3b7422e46ba3339274819404f06afcb031a1b02dc9028fb5a94ef3854c9dbe25a3a279f67a0feeeaf89bc5259116413a8a6e31a471039d2c1634899017915f95df6aa452915b57e454eab195f2819028d9f80684aecca37a304c5287de9a82e6bb9a1962dbed90cc83fe6af391c5226dd607691f2f402f5edd71392a3f81736c9c9d1b30c9059520a7198d503a19bf5b47902236d420c7426157e8f216ad97444bea6470c0fc23dcca6e238a6a1ab6a1a0dc274fd9ba442dbf4a85e8779cba659ee2c086998af7614325171a3f9e4906a0f75561dec302581782a2695619f6ea088365ae7f8c1f2faed18989e1ca0c718114f1e1333d1927aa73f028d6e8e74c778a9533b6bb6fac8ca0dc5d8fff02e158ca58f306e03a5eccd2197cf869c6b016354ce35b4a821fe228d4fb8a6dbcda27ac43b48b5b2921d71bb44ecea101d3e950659621bd043b0fa4c7b83cabc01d7c6641691b86ffaba5eb2ba1262fd07c28c02121e4e811c123973d3decf70b13662d9b7ca60ad8bd6da1853b40f5d4002deb9468908f5aa8aa1ba72997d36c4983c9517e171c62ba0317989435dbeab1090fbb519b924e375ef65d7b9914807e98392c50ad5442dc69cd7aad0d24a652e97b753d7361620b954ba140a1c5b68c25b4f4ef1dd5bbc498c6c2d18b9deab094fb223d8707678666994ae184c831d13b2bd142725d976e66797eefe65c545bc15aca480d3ca3abeebdc6ce0a554d55765efdf62bcfc513cd14159a1aa57adada84d971532b533150499f15bc64ca930fb064abd66fb2430c28a5c61945f2120d29d0c9cb68de4d674ddcb20e0d48168846f9bf1961e0f5a31133ea36fcd9fb929e4aac0d4e19732c3aef1b0c23e0021ed8edeb23739dba0f161d89daab1cafb6df23168c94f5d15933c71752822f5e6f5e8f066b2dbb71dd34acbfbbf6684bb3271be3da6e01b7a5b5ad8a16c504c4a90f946a1e3f0d7e84b07e3c151cfa3b19b29c073e3e21c5dbd3c00c722f917d5a529ba47ea2bf407dce75e0c21432522a41e4bef4b2f562dd2616fceb4bf93141b631f65d4f49c9de4f8b608f1b0d7dbca09b923f953962dd8904e9099dfef537e8a9a402516a63f674a53d6bc5bbec3837e5968123300938e52f553964ab1bd230e6b83455846bb3f3b2f62fb34ed317745fe438f69f611495b1869025b67426fe0a0306e59088c05876b29bf55ac0a01d79b07b890e6c967f6fc3e938de31c6eb91518d47ace54645b6e784d2d4f7376abb4935a69380e3e412a7f79785445cfa94af71b6b6cced0d8295b8545519afd4f5b1c37069cb15a4ede86a7b14e5b2f591366ada19a6a2d056d3bae7422c85cb31785230003015c1ee6b34212f6168b52f421217fc8e67600e0101472fbf68eebb2b34d84a6a5c24f80cb42e5eb51c7bc0fcda566cf97a76bb4bd8d6fc0241fc08cd89ab87a8c03cca25740f9aa6b6e8f148e68171a32f5736110eb0efe771ac261d05655dffaf97b546032152e1a02d26026b3ce8c9cffab6baf223153f16f56d6ebf9cdceb04fdd536bf60858afee9b7d141d06505da938598e3e58077cef1471740aa907f4587268108e94bd11f9d13a57f409cdc81ab1989686413b9b69f5ce57ce079fd2fe55b734b4f66e4a79c1592b9e8e99fa988aa2beceaa9926d2cc35f184f041e1ac9c090a3016ade5fa9940f13a4660cdc488e23e54377a684fda29e85834e46e092eb62f79be9600472b655ecf0eb1046324bc91651d1e6408ccbbcd708e855c22e77618431a69e1ef8f52659ef49289f08e3b3031d7a11dd385f9b6bdc0e11ae2700d111dd9aa612d566260d96290b583e79df416f4bb45853f0308707474c76f064a941a02d4a3a0c51a4c0c5a6dacd2478775b36747c2385eb1ab4619fc6f0e5f7a205ec5556f648eccabd0966bb3a905e6452ccdd412b997bf6667b32428fdf7d8e35e1dab76078954a68aa0e86f3ebc59146c4d58408043395c9b049d5c1b00053ed137fe6e99c58913b014c2df1e2db8a269a227d5807804e895849fe355b0f3b50a35ed0917730ca44a8d8c576917c5c86fec10afbd8590f982111fc8b4c0b785cc3753d91164e2fe63269948c96797035cb9321cbc0bcecfb7f70cef458da43609b952de0d53b3d728dd5d56344c330b5d94a557313a9b897c2bb5ecc8cf14e2f17032c066e6fc9758582b1e205fbbbb954092072444db9570dc63fcd47a9ad0171d0b36a889503478396aead85f266f0705f9638f537857d0b3003fec5312da5b9eb91f7e382c671215b193cab31cf7802ef9652ff16757545b126f805b5d373ed72942a1ce26178d81f629ac5f08b3f25c84b6487959bb0c5a9bd1da831c9b398a576b12f069fd1b17a19d0786af377025396db560b172e18ec502bc6189aeaac25216610d8c21eee5d2492baf3f220d01b2dc2d98f7174d5281e4c9c128545d2cfe0a80f7ed85035fd92a8a5d573dc6f7c2bddeefbcb10602f9879e70ac5c09bb03bbee15375d5e51e19579f84c72d0a2e025aa335548c77acf09f24d567311fb8a9fe0723bd5cfecf98a75bafd691a6be872aa80df44cc4cb6343cd68f256a2b50e92299939a9421e0d721810c0ffd257114036446c0c2fd858dc24e67697970f7e8e2e1c9175c633cf0be279354b20cac9c9577feda2803309413d7d43ac13a8"], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001700)=ANY=[@ANYRES32=r10, @ANYRES32, @ANYRES64=r0, @ANYBLOB="41053f8d8bd269daf97a59cda75067288158a8f503569ab25d9a110a2d4fad6741a25ba9a01890ff7de90b0c60b0fc1bfc183d80832910b8015da869fe5647da4acc39ee4bf85de4d71b15a6e2158efa3f1cc7ac1a2c2c2181c1d7871c52764866dc9a18ea984a931436484c29c10360b397fb87a6ed868eb40165465a1795168751387c08c100d5acda0f323381950e7c5da1620a78d7d3ea8d9413c8c7a47c1a818450651d2c985f66d8208a4f762392c64ebd27687f126ef115a12b84d4255e3f9b48507c8826270abf15c01edfaee26f848fb4aa423656c2779f82f3b6aff572a8e2afd2cd9945c0747c0b57d76e4d808ddea3f6828a4bfeb013b9b8aa8dc582967fb3ba1ca1822c50a888acc8a3482e25f102684eab9b93545cdbaf1717933803a836252fe790a450af43346e384eed83c63f7bcdf6c5b7488a960c9378d5db3a89091bf8f53bf47d9f32277f8115f5a4245879de3623be23fc40e14d9723297c542e82f6f7ec9aa8cf1fe9f3ed3331af8c7442c40d86049a636b076f9f5707c32003c94721bc0bd6931728166042808f31b04d05f827b7c8f6621c695c75a8eab275f10e69ca4c53c10b3ec431c2f2bef775358ef5da6c17752a7c9ea58e820404c03264b3ce5ecf2fc3eff606629b069c032eac3a1f8e43d034462b4fa4d156dd8224f11eabee473b741675e3d90bdee857802525a82596e1118fb5cb321809dcbca136f361a7f2ba401d5760013aca1af821711487cbe5037f44ea17555e4f641ea7a752bfdb6025d1c2c68661eda18a4cd7d5ae78e2e45ae2e135e700f609c92eb2babf566f18f08b83e10238c11513a0b2f99f1abb2e385b2842c18754832ff7c154d7b07d8bca4ca70aceefcb1f80aac9345391fda4d61fcc5135908fdb4fa5044241f79111fb1468226bb7948747491382487f6574d5e95e02602c7b6fdb2a0d32dd143c5daa0bf117a8793c5504dfa1128f2aa2d3701482872a0d5c0aa890bfc9a22b23b940362edc523d8909aaf247c018b433a42a4659067d579a180e5d030358142ec17751ca54a7ad463461555af8dcac40021002199290645e5b43058318848c8145213088b3489180d631443bb3a4e576481e3f1443b59f9c821b978048991e46e1a6215ff2cd86daee030f60defe15377ae3188772bcf80ad0505d1a701b6eec5eefb2b95083688dd4adc0b13d05bd0683d1a93510a684ce41c9cdbd537bcc6a63b7e523cc8befac458698456def6b05da677a64be9d07f27455a5dab0c5f8e2ade80a8d049f2213551bca73fa07f93f1ba707a7e1f847f21e91624109bd3dfd05a7fc68e01756d0a0c7540844569b37399d8c59883ad2f6908386d598fe2ad372f3590870bb5cbce97eeb54cd50a7c5872548a6ce345901a90d7439687c248bc7bc525db948fee7ccc85c63fb2b0fdc252393bb27c95098f9a95264c3c32800020e4ec74a55822356d1799479f3f1a3f7709ecf2d41ca95849663a9ef8102b4a60c0d361aa551a639854944ba6728621715ec4cae979eddb77128007f8aec5d72eff98e6a4cc8d7f327d0823f194005ce707f6884829b716a904ef6a49eadb0c1c3ef019512e04ee939ea3fd1da46b26ee3fbd03b21e93f11642d3f982ccbcc2aab2a41ea208aa87cc02d7b8929a8dd3c8fca407405962cdd84cd853251761130a72be8a91ab95c05be435be124796c3560cf3f2a686cd9009789a8e0f4d32702864596287705f1763b4cbb292afcceaa91c0aa3d004a370c8f832d96c4e1b8c09b8d6b1286c9e048f221f682e8e19960b01b54bee5c46dc2f6d68e4010686c873115aa64a005a59cd84a65f3ee66fb701690d6f258b18dcbe6904337a417abe42e9f7b216acad44077dd23c2a4b5a7deed6513b3724069b596884d9dce96e9da68e041f45cddd23e0dcb21dc2ccaef6d75088c1ecfaa241af9abe907cc9b8627fff832b0160371a2afcc029b8915f5ce01d733b735af636a81b932d9f02127588f42ed9dc2fbd84220c40b3dae6445af43339dfde32a5af9d9db9d96f81606cdee491bc4dd936ada9d360a8bf058f9e3d9dc3c8e2ee8fa25d37b97d7ad8fdd231b849cca1a15b26098ddf6974cf9ad8e7cea03342f6979461c15fd81210ca9b7b51ec54a6013a052d7027e348f03fd5fc7426f635978e872aa332bb4bfe5e6405d19fc6c14b6643516ff1ae4db47a10a138a9de53696962923ade2641dc2d8efc91e00914e159a0cb63a5d93de6a9ed02cd46daf7a6b73e2b4b0469fe62f7c64314a1e5cb2590c3211fa8478acabbb0d6e24070a45f4d77b90718fe5052dccfdbc3d53e1a1f200f5948d24ddf86f92f7c5ce26737aac88080658bb839d3ebb01dc37f2d808dbe8e8b3c574990153383d45dcf0853c9fb3496b2144952a0bd635a9d19de9c6ba1d82ca5b1bb7d7fde4774c56ce9d5f4efefb2994dba938a11abdd2db714e6f7dd2340f134d721e60fdc01eecbfbdb45926168dd8752363182459b9bdd524bed8e63a74979f2629ff483981f593cae08cf0241f5c35d0aaa133a48bb0ec891db57da6b606154f2d2c1b46109c4365d8eeb6fbbfbfdf0fb8024a274fa9b215ea270dd175dfd60d60ec6c69af745c01db85212a8fe4d02175972a395d98e7f3795bb46503ab332e8180902c7f850804201f1b0209a03a95e11932ec231889a810eb91afc6f6657d4b019de28d922fab932ebde786d7c4c9f4a354c09640ef903d4fecffe6291b5f39451da867f0eb641871917f710163432feb2da11d86d14d630eddc0158cfe706019784c3d36f06d94ead5162db462e7525d25e36f7e06e4a0d1f1adc82b2f65be2e701b950692a6fed2e753ed41ec3d9445b98d020c8982b98c9c47db99162487a8c7678c56bbb94e19d2c015112e973c30cc37829cba705d4b678e5b2ae72628a4840d81c73e1a7217db51224dddc3de0a4f36caad665d7a8a4e4fd9b5572b096691c71253dde17f646e29e77261f8190aa3218775bebc157bd7f82c0e18602573f6f27ccdfc406c61cd5e992f5ff31467c0ed467cf21dba85553201238516dd82234676c0febf3fa614b55ca95a833f23f067018e237dc02e3b7422e46ba3339274819404f06afcb031a1b02dc9028fb5a94ef3854c9dbe25a3a279f67a0feeeaf89bc5259116413a8a6e31a471039d2c1634899017915f95df6aa452915b57e454eab195f2819028d9f80684aecca37a304c5287de9a82e6bb9a1962dbed90cc83fe6af391c5226dd607691f2f402f5edd71392a3f81736c9c9d1b30c9059520a7198d503a19bf5b47902236d420c7426157e8f216ad97444bea6470c0fc23dcca6e238a6a1ab6a1a0dc274fd9ba442dbf4a85e8779cba659ee2c086998af7614325171a3f9e4906a0f75561dec302581782a2695619f6ea088365ae7f8c1f2faed18989e1ca0c718114f1e1333d1927aa73f028d6e8e74c778a9533b6bb6fac8ca0dc5d8fff02e158ca58f306e03a5eccd2197cf869c6b016354ce35b4a821fe228d4fb8a6dbcda27ac43b48b5b2921d71bb44ecea101d3e950659621bd043b0fa4c7b83cabc01d7c6641691b86ffaba5eb2ba1262fd07c28c02121e4e811c123973d3decf70b13662d9b7ca60ad8bd6da1853b40f5d4002deb9468908f5aa8aa1ba72997d36c4983c9517e171c62ba0317989435dbeab1090fbb519b924e375ef65d7b9914807e98392c50ad5442dc69cd7aad0d24a652e97b753d7361620b954ba140a1c5b68c25b4f4ef1dd5bbc498c6c2d18b9deab094fb223d8707678666994ae184c831d13b2bd142725d976e66797eefe65c545bc15aca480d3ca3abeebdc6ce0a554d55765efdf62bcfc513cd14159a1aa57adada84d971532b533150499f15bc64ca930fb064abd66fb2430c28a5c61945f2120d29d0c9cb68de4d674ddcb20e0d48168846f9bf1961e0f5a31133ea36fcd9fb929e4aac0d4e19732c3aef1b0c23e0021ed8edeb23739dba0f161d89daab1cafb6df23168c94f5d15933c71752822f5e6f5e8f066b2dbb71dd34acbfbbf6684bb3271be3da6e01b7a5b5ad8a16c504c4a90f946a1e3f0d7e84b07e3c151cfa3b19b29c073e3e21c5dbd3c00c722f917d5a529ba47ea2bf407dce75e0c21432522a41e4bef4b2f562dd2616fceb4bf93141b631f65d4f49c9de4f8b608f1b0d7dbca09b923f953962dd8904e9099dfef537e8a9a402516a63f674a53d6bc5bbec3837e5968123300938e52f553964ab1bd230e6b83455846bb3f3b2f62fb34ed317745fe438f69f611495b1869025b67426fe0a0306e59088c05876b29bf55ac0a01d79b07b890e6c967f6fc3e938de31c6eb91518d47ace54645b6e784d2d4f7376abb4935a69380e3e412a7f79785445cfa94af71b6b6cced0d8295b8545519afd4f5b1c37069cb15a4ede86a7b14e5b2f591366ada19a6a2d056d3bae7422c85cb31785230003015c1ee6b34212f6168b52f421217fc8e67600e0101472fbf68eebb2b34d84a6a5c24f80cb42e5eb51c7bc0fcda566cf97a76bb4bd8d6fc0241fc08cd89ab87a8c03cca25740f9aa6b6e8f148e68171a32f5736110eb0efe771ac261d05655dffaf97b546032152e1a02d26026b3ce8c9cffab6baf223153f16f56d6ebf9cdceb04fdd536bf60858afee9b7d141d06505da938598e3e58077cef1471740aa907f4587268108e94bd11f9d13a57f409cdc81ab1989686413b9b69f5ce57ce079fd2fe55b734b4f66e4a79c1592b9e8e99fa988aa2beceaa9926d2cc35f184f041e1ac9c090a3016ade5fa9940f13a4660cdc488e23e54377a684fda29e85834e46e092eb62f79be9600472b655ecf0eb1046324bc91651d1e6408ccbbcd708e855c22e77618431a69e1ef8f52659ef49289f08e3b3031d7a11dd385f9b6bdc0e11ae2700d111dd9aa612d566260d96290b583e79df416f4bb45853f0308707474c76f064a941a02d4a3a0c51a4c0c5a6dacd2478775b36747c2385eb1ab4619fc6f0e5f7a205ec5556f648eccabd0966bb3a905e6452ccdd412b997bf6667b32428fdf7d8e35e1dab76078954a68aa0e86f3ebc59146c4d58408043395c9b049d5c1b00053ed137fe6e99c58913b014c2df1e2db8a269a227d5807804e895849fe355b0f3b50a35ed0917730ca44a8d8c576917c5c86fec10afbd8590f982111fc8b4c0b785cc3753d91164e2fe63269948c96797035cb9321cbc0bcecfb7f70cef458da43609b952de0d53b3d728dd5d56344c330b5d94a557313a9b897c2bb5ecc8cf14e2f17032c066e6fc9758582b1e205fbbbb954092072444db9570dc63fcd47a9ad0171d0b36a889503478396aead85f266f0705f9638f537857d0b3003fec5312da5b9eb91f7e382c671215b193cab31cf7802ef9652ff16757545b126f805b5d373ed72942a1ce26178d81f629ac5f08b3f25c84b6487959bb0c5a9bd1da831c9b398a576b12f069fd1b17a19d0786af377025396db560b172e18ec502bc6189aeaac25216610d8c21eee5d2492baf3f220d01b2dc2d98f7174d5281e4c9c128545d2cfe0a80f7ed85035fd92a8a5d573dc6f7c2bddeefbcb10602f9879e70ac5c09bb03bbee15375d5e51e19579f84c72d0a2e025aa335548c77acf09f24d567311fb8a9fe0723bd5cfecf98a75bafd691a6be872aa80df44cc4cb6343cd68f256a2b50e92299939a9421e0d721810c0ffd257114036446c0c2fd858dc24e67697970f7e8e2e1c9175c633cf0be279354b20cac9c9577feda2803309413d7d43ac13a8"], 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) (async)
connect$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r5, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x30000}}], 0x1, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x4, 0x0, [{0x97, 0x0, 0x8}, {0x9a1, 0x0, 0x88}, {0x913, 0x0, 0x7}, {0x2b4, 0x0, 0x9}]})

2m59.433936316s ago: executing program 0 (id=1732):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
ioctl$RTC_IRQP_READ(r0, 0x8008700b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYRES32, @ANYRES16, @ANYRES8, @ANYRES64, @ANYRESOCT], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x141202, 0x0)
writev(r4, &(0x7f0000001800)=[{&(0x7f0000000580)='trylock ', 0x8}], 0x1)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

2m58.404852728s ago: executing program 0 (id=1736):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000))
socketpair$tipc(0x2d, 0x2, 0x0, &(0x7f0000000040))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0xce1, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, 0x0}, 0x94)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040e0c"], 0xf)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x2)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuseblk(&(0x7f0000000140), &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x1000000, &(0x7f0000000500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}})
socket$phonet(0x23, 0x2, 0x1)
r1 = syz_io_uring_setup(0x10d1, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34d}, &(0x7f00000003c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000300)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000030000004c0001800d0001"], 0x60}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000840)={0x0, @in6={{0xa, 0x4e20, 0x3ae, @local, 0x129}}, 0x3, 0x2, 0x614, 0x1, 0xed, 0x0, 0x7}, 0x9c)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x5d032, 0xffffffffffffffff, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

2m57.622376929s ago: executing program 0 (id=1739):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
r3 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
sendmsg(r3, &(0x7f00000000c0)={0x0, 0x952b, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)

2m56.460653816s ago: executing program 0 (id=1741):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x1)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ip6tnl0\x00'})
umount2(&(0x7f0000000380)='./file0\x00', 0x1)

2m56.368992819s ago: executing program 0 (id=1742):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x4010, 0xffffffffffffffff, 0xffffa000)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0x0, 0x80, 0x1, 0x24f}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f0000000340)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket(0x2a, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000280)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00', r4}, 0x10)
close(0xffffffffffffffff)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x42, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, {0x2}})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m56.067294579s ago: executing program 0 (id=1743):
mount$9p_fd(0x0, 0x0, 0x0, 0x802011, &(0x7f0000000480)=ANY=[])
socket$inet_sctp(0x2, 0x1, 0x84)
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e00000001090224"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x5d, 0x1, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x7c, 0x40}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x99, 0x0, 0xfc}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x10, 0x0, 0x5}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
openat$sequencer(0xffffff9c, 0x0, 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, <r5=>r3})
ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0xc0086202, &(0x7f0000000540)=0x1)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KDSIGACCEPT(r7, 0x541b, 0x1000000000200041)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)

2m55.972749324s ago: executing program 33 (id=1743):
mount$9p_fd(0x0, 0x0, 0x0, 0x802011, &(0x7f0000000480)=ANY=[])
socket$inet_sctp(0x2, 0x1, 0x84)
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e00000001090224"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x5d, 0x1, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x7c, 0x40}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x99, 0x0, 0xfc}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x10, 0x0, 0x5}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
openat$sequencer(0xffffff9c, 0x0, 0x2000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, <r5=>r3})
ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0xc0086202, &(0x7f0000000540)=0x1)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KDSIGACCEPT(r7, 0x541b, 0x1000000000200041)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)

4.903919988s ago: executing program 5 (id=2595):
prctl$PR_CAPBSET_READ(0x59616d61, 0xfffffffb)

4.89888493s ago: executing program 5 (id=2598):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)

3.370964023s ago: executing program 5 (id=2601):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.935214878s ago: executing program 3 (id=2608):
syz_open_dev$tty1(0xc, 0x4, 0x1)

2.934607366s ago: executing program 3 (id=2609):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000100)={'syz0\x00', {0x0, 0x0, 0x80, 0xfffc}, 0x7, [0x0, 0x80000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x77, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x20, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x3d, 0xffff, 0x0, 0x6, 0x0, 0x0, 0x0, 0x80, 0x1, 0x200, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x9], [0x0, 0x401, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x3, 0x100000, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, 0x45c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0xb8f1, 0x1, 0xffffffee, 0x1c3}, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c800"})
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r5 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, <r6=>r4})
ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x402, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff03, 0x6, 0x5, 0x7, 0x5, 0xdb, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x80, 0x7, 0x20003, 0x8, 0x4c74, 0x10003, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x800, 0x17, 0x0, 0x7, 0x5, 0x3e, 0x18e, 0x200006, 0x6, 0x454f, 0x6, 0x80004, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x0, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xffffbff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffe, 0x5, 0x0, 0x0, 0x9, 0x2f, 0xe, 0x1, 0x66abcbd2, 0xea4, 0x8, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x0, 0x6, 0x61b4fd67, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x9, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x7, 0x2, 0x4, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x5, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0x1000, 0x5, 0xb1, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x2120000, 0x200807ff, 0x2006, 0x80a2ed, 0x4, 0x28], [0x9, 0xbb33, 0x1ff, 0xb, 0x5, 0x4, 0x6, 0x6, 0x80000000, 0xb9, 0xce6, 0x1ff, 0x2, 0x4184, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0x8, 0xa620, 0x1, 0x5, 0x1, 0x6, 0x14c, 0x60a7, 0x6, 0xa, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x0, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000001340)=""/104, 0x68}], 0x1)
write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)
socket(0x10, 0x80002, 0x0)

2.525215466s ago: executing program 2 (id=2613):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x800008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r2, r1, 0x0, 0x21c)

2.049640808s ago: executing program 3 (id=2616):
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
close(r0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
r2 = signalfd(0xffffffffffffffff, &(0x7f00000006c0), 0x8)
mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

1.887948927s ago: executing program 2 (id=2617):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000280), 0x400000000000180, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000c00), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, r4, 0xf0106b2f9946af23, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x800)

1.392041688s ago: executing program 4 (id=2618):
setfsgid(0xee00)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000540)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lsetxattr$security_ima(0x0, &(0x7f00000003c0), 0x0, 0x0, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x800452d2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/diskstats\x00', 0x0, 0x0)
pread64(r3, &(0x7f0000000180)=""/73, 0x49, 0xac8c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)={0x50, 0x2, 0x6, 0x101, 0x7, 0x0, {}, [@IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x54}, 0x8404)

1.176772868s ago: executing program 3 (id=2619):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n'], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='signal_generate\x00'}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

1.105567327s ago: executing program 3 (id=2620):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f0000000100)=0xfefffff9, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x9, 0x7f}, @window={0x3, 0x9, 0x2}, @sack_perm, @mss={0x2, 0x20000cb2}, @sack_perm, @timestamp, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)

1.05385794s ago: executing program 3 (id=2621):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100008e88052086800095d89301020301090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000080)=[{0x1e, 0x6000, 0x0, 0x0}, {0x9, 0x1000, 0x0, 0x0}], 0x2})

1.023845957s ago: executing program 2 (id=2622):
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, 0x0, 0x0)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000140)=0xb9)

944.631386ms ago: executing program 2 (id=2623):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
fchdir(r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
readlinkat(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0xfffffffffffffffe, 0xfe9c)

441.875366ms ago: executing program 4 (id=2624):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x8000000010, 0x2, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x2, &(0x7f0000000040)=0x10000, 0x4)
setsockopt$inet6_int(r1, 0x29, 0x42, &(0x7f0000000080)=0x7, 0x4)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000100)=""/92, &(0x7f00000001c0)=0x14)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r3, &(0x7f0000000040)='\f\x00', 0xffeb, 0x0, &(0x7f0000000340), 0x10)
ioctl$sock_inet_SIOCSARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
socket$nl_netfilter(0x10, 0x3, 0xc)

353.842124ms ago: executing program 4 (id=2625):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x40900, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x961}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r1, @ANYRES32], 0x10)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00')
close_range(r2, 0xffffffffffffffff, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900010073797a30000000000c000240000000000000000109000300030000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)

287.140399ms ago: executing program 4 (id=2626):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
sendto$inet6(r2, 0x0, 0x0, 0x40000, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x200100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000140)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

213.011961ms ago: executing program 4 (id=2627):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000160a0100000000000000000001000000090001"], 0xc0}, 0x1, 0x0, 0x0, 0x20040841}, 0x0)

208.400449ms ago: executing program 5 (id=2628):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n'], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='signal_generate\x00'}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

207.818201ms ago: executing program 4 (id=2629):
r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
close(r0)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000006c0), 0x8)
mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

125.764065ms ago: executing program 5 (id=2630):
r0 = mq_open(&(0x7f0000000000)='bat\x03<\x02eslave_K\x00', 0x8c2, 0x30, 0x0)
mq_getsetattr(r0, &(0x7f0000000040)={0x0, 0x40, 0x4, 0x7ff}, 0x0)

125.379341ms ago: executing program 5 (id=2631):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r4 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
sendfile(r4, r3, 0x0, 0x3a)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x1, 0x4, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xfffffffd}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x6}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4080)

82.673961ms ago: executing program 2 (id=2632):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000a, 0x204031, 0xffffffffffffffff, 0xec776000)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)

0s ago: executing program 2 (id=2633):
write$tun(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0xfdef)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x47)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r3 = openat$cgroup_devices(r2, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
splice(r0, 0x0, r3, 0x0, 0xc, 0x3)

kernel console output (not intermixed with test programs):

yscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.089526][   T40] audit: type=1326 audit(1766384232.828:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.100102][   T40] audit: type=1326 audit(1766384232.838:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.111558][   T40] audit: type=1326 audit(1766384232.838:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.153965][   T40] audit: type=1326 audit(1766384232.838:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.171375][   T40] audit: type=1326 audit(1766384232.838:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.178597][   T40] audit: type=1326 audit(1766384232.838:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.187436][   T40] audit: type=1326 audit(1766384232.838:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12978 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7fc00000
[  490.975736][T13013] FAULT_INJECTION: forcing a failure.
[  490.975736][T13013] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  490.981447][T13013] CPU: 1 UID: 0 PID: 13013 Comm: syz.2.1770 Not tainted syzkaller #0 PREEMPT(full) 
[  490.981484][T13013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  490.981496][T13013] Call Trace:
[  490.981503][T13013]  <TASK>
[  490.981509][T13013]  dump_stack_lvl+0x16c/0x1f0
[  490.981556][T13013]  should_fail_ex+0x512/0x640
[  490.981585][T13013]  _copy_from_user+0x2e/0xd0
[  490.981629][T13013]  __sys_bpf+0x248/0x4980
[  490.981649][T13013]  ? __pfx___sys_bpf+0x10/0x10
[  490.981665][T13013]  ? find_held_lock+0x2b/0x80
[  490.981697][T13013]  ? find_held_lock+0x2b/0x80
[  490.981723][T13013]  ? __mutex_unlock_slowpath+0x161/0x790
[  490.981760][T13013]  ? fput+0x70/0xf0
[  490.981778][T13013]  ? ksys_write+0x1ac/0x250
[  490.981800][T13013]  ? __pfx_ksys_write+0x10/0x10
[  490.981824][T13013]  __ia32_sys_bpf+0x76/0xe0
[  490.981839][T13013]  ? lockdep_hardirqs_on+0x7c/0x110
[  490.981864][T13013]  __do_fast_syscall_32+0xe8/0x680
[  490.981892][T13013]  do_fast_syscall_32+0x32/0x80
[  490.981905][T13013]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  490.981925][T13013] RIP: 0023:0xf703d579
[  490.981939][T13013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  490.981955][T13013] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  490.981972][T13013] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00000000800000c0
[  490.981982][T13013] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  490.981989][T13013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  490.981996][T13013] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  490.982002][T13013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  490.982016][T13013]  </TASK>
[  491.206199][ T5944] Bluetooth: hci2: unexpected event for opcode 0x2003
[  491.493951][T13020] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  491.496029][T13020] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  491.514767][T13020] vhci_hcd vhci_hcd.0: Device attached
[  491.539436][T13021] vhci_hcd: connection closed
[  491.540615][ T1140] vhci_hcd vhci_hcd.5: stop threads
[  491.544224][ T1140] vhci_hcd vhci_hcd.5: release socket
[  491.546048][ T1140] vhci_hcd vhci_hcd.5: disconnect device
[  491.827894][T13026] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  491.830758][T13026] overlayfs: failed to set xattr on upper
[  491.833053][T13026] overlayfs: ...falling back to redirect_dir=nofollow.
[  491.836140][T13026] overlayfs: ...falling back to metacopy=off.
[  491.838716][T13026] overlayfs: ...falling back to index=off.
[  491.841340][T13026] overlayfs: ...falling back to uuid=null.
[  492.023861][T13030] kAFS: unable to lookup cell ''
[  492.104033][ T5944] Bluetooth: hci3: command tx timeout
[  493.806682][T13057] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  493.809322][T13057] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  493.816120][T13057] vhci_hcd vhci_hcd.0: Device attached
[  494.094309][ T6721] usb 44-1: SetAddress Request (123) to port 0
[  494.096555][ T6721] usb 44-1: new SuperSpeed USB device number 123 using vhci_hcd
[  494.770234][T13067] vhci_hcd: connection reset by peer
[  494.772853][ T1140] vhci_hcd vhci_hcd.3: stop threads
[  494.777650][ T1140] vhci_hcd vhci_hcd.3: release socket
[  494.783297][ T1140] vhci_hcd vhci_hcd.3: disconnect device
[  495.093899][ T5983] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  495.254840][ T5983] usb 7-1: Using ep0 maxpacket: 8
[  495.257068][T13087] FAULT_INJECTION: forcing a failure.
[  495.257068][T13087] name failslab, interval 1, probability 0, space 0, times 0
[  495.262467][T13087] CPU: 3 UID: 0 PID: 13087 Comm: syz.5.1790 Not tainted syzkaller #0 PREEMPT(full) 
[  495.262504][T13087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  495.262521][T13087] Call Trace:
[  495.262529][T13087]  <TASK>
[  495.262538][T13087]  dump_stack_lvl+0x16c/0x1f0
[  495.262568][T13087]  should_fail_ex+0x512/0x640
[  495.262589][T13087]  ? __kmalloc_noprof+0xca/0x910
[  495.262614][T13087]  should_failslab+0xc2/0x120
[  495.262642][T13087]  __kmalloc_noprof+0xeb/0x910
[  495.262663][T13087]  ? video_usercopy+0x139/0x13e0
[  495.262697][T13087]  ? video_usercopy+0x139/0x13e0
[  495.262722][T13087]  video_usercopy+0x139/0x13e0
[  495.262752][T13087]  ? __pfx___video_do_ioctl+0x10/0x10
[  495.262777][T13087]  ? do_vfs_ioctl+0x128/0x14f0
[  495.262801][T13087]  ? __pfx_video_usercopy+0x10/0x10
[  495.262837][T13087]  ? hook_file_ioctl_common+0x144/0x410
[  495.262868][T13087]  v4l2_ioctl+0x1bd/0x250
[  495.262893][T13087]  ? __pfx_fput+0x1/0x10
[  495.262913][T13087]  v4l2_compat_ioctl32+0x217/0x2e0
[  495.262937][T13087]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  495.262963][T13087]  __ia32_compat_sys_ioctl+0x242/0x370
[  495.262990][T13087]  __do_fast_syscall_32+0xe8/0x680
[  495.263022][T13087]  do_fast_syscall_32+0x32/0x80
[  495.263041][T13087]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  495.263064][T13087] RIP: 0023:0xf70dd579
[  495.263078][T13087] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  495.263097][T13087] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  495.263117][T13087] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0845657
[  495.263130][T13087] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  495.263142][T13087] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  495.263152][T13087] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  495.263163][T13087] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  495.263187][T13087]  </TASK>
[  495.275518][ T5983] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  495.398432][T13089] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  495.401242][T13089] overlayfs: failed to set xattr on upper
[  495.403239][T13089] overlayfs: ...falling back to redirect_dir=nofollow.
[  495.407109][T13089] overlayfs: ...falling back to metacopy=off.
[  495.409243][T13089] overlayfs: ...falling back to index=off.
[  495.411101][T13089] overlayfs: ...falling back to uuid=null.
[  495.413547][ T5983] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  495.417486][ T5983] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.425023][ T5983] usb 7-1: config 0 descriptor??
[  495.634778][ T5983] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  496.148863][ T5983] usb 7-1: USB disconnect, device number 14
[  496.165460][   T40] kauditd_printk_skb: 322 callbacks suppressed
[  496.165471][   T40] audit: type=1326 audit(1766384238.948:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.193877][   T40] audit: type=1326 audit(1766384238.948:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.200569][   T40] audit: type=1326 audit(1766384238.948:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.210741][   T40] audit: type=1326 audit(1766384238.948:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.254436][   T40] audit: type=1326 audit(1766384238.948:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.261134][   T40] audit: type=1326 audit(1766384238.948:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.281018][   T40] audit: type=1326 audit(1766384238.948:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.288784][   T40] audit: type=1326 audit(1766384238.948:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.295643][   T40] audit: type=1326 audit(1766384238.948:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  496.302319][   T40] audit: type=1326 audit(1766384238.948:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13088 comm="syz.5.1791" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7fc00000
[  497.643932][T13128] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  497.646076][T13128] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  497.648734][T13128] vhci_hcd vhci_hcd.0: Device attached
[  497.924413][ T6002] usb 48-1: SetAddress Request (2) to port 0
[  497.926465][ T6002] usb 48-1: new SuperSpeed USB device number 2 using vhci_hcd
[  498.115202][T13129] vhci_hcd: connection reset by peer
[  498.118939][ T1140] vhci_hcd vhci_hcd.5: stop threads
[  498.121223][ T1140] vhci_hcd vhci_hcd.5: release socket
[  498.128373][ T1140] vhci_hcd vhci_hcd.5: disconnect device
[  498.703885][ T6054] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  498.873937][ T6054] usb 7-1: Using ep0 maxpacket: 8
[  498.877911][ T6054] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  498.881920][ T6054] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  498.897688][ T6054] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.903123][ T6054] usb 7-1: config 0 descriptor??
[  499.145911][ T6054] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  499.154104][ T6721] usb 44-1: device descriptor read/8, error -110
[  499.290245][T13174] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  499.293233][T13174] overlayfs: failed to set xattr on upper
[  499.296898][T13174] overlayfs: ...falling back to redirect_dir=nofollow.
[  499.299919][T13174] overlayfs: ...falling back to metacopy=off.
[  499.302538][T13174] overlayfs: ...falling back to index=off.
[  499.310176][T13174] overlayfs: ...falling back to uuid=null.
[  499.545056][ T6721] usb usb44-port1: attempt power cycle
[  500.624723][ T6721] usb usb44-port1: unable to enumerate USB device
[  501.564842][ T6030] usb 7-1: USB disconnect, device number 15
[  501.838003][   T40] kauditd_printk_skb: 39 callbacks suppressed
[  501.838021][   T40] audit: type=1804 audit(1766384244.618:711): pid=13213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1817" name="/newroot/291/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  502.254669][ T6030] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  502.374023][   T10] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  502.424329][ T6030] usb 8-1: Using ep0 maxpacket: 8
[  502.429235][ T6030] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  502.433431][ T6030] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  502.437252][ T6030] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.543889][   T10] usb 7-1: Using ep0 maxpacket: 8
[  502.547542][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  502.552618][   T10] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  502.557669][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.564381][   T10] usb 7-1: config 0 descriptor??
[  502.774436][   T10] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  502.984080][ T6002] usb 48-1: device descriptor read/8, error -110
[  503.122518][   T40] audit: type=1804 audit(1766384245.898:712): pid=13236 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1826" name="/newroot/295/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  503.327382][   T10] usb 7-1: USB disconnect, device number 16
[  503.684829][ T6002] usb usb48-port1: attempt power cycle
[  503.907556][T13241] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  503.910366][T13241] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  503.913770][T13241] vhci_hcd vhci_hcd.0: Device attached
[  504.034286][ T6002] usb 48-1: SetAddress Request (4) to port 0
[  504.036949][ T6002] usb 48-1: new SuperSpeed USB device number 4 using vhci_hcd
[  505.026010][ T5983] usb 8-1: USB disconnect, device number 16
[  505.360036][   T40] audit: type=1804 audit(1766384248.118:713): pid=13258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1830" name="/newroot/297/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  505.511898][   T40] audit: type=1326 audit(1766384248.288:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.520961][   T40] audit: type=1326 audit(1766384248.288:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.528567][   T40] audit: type=1326 audit(1766384248.298:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.536199][   T40] audit: type=1326 audit(1766384248.298:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.544369][   T40] audit: type=1326 audit(1766384248.298:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.553453][   T40] audit: type=1326 audit(1766384248.308:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.562489][   T40] audit: type=1326 audit(1766384248.308:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13256 comm="syz.3.1831" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  505.966480][ T5944] Bluetooth: hci2: unexpected event for opcode 0x2003
[  505.970361][T13260] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  506.039513][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  506.042199][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  506.101914][T13244] vhci_hcd: connection reset by peer
[  506.166264][   T60] vhci_hcd vhci_hcd.5: stop threads
[  506.168013][   T60] vhci_hcd vhci_hcd.5: release socket
[  506.169762][   T60] vhci_hcd vhci_hcd.5: disconnect device
[  508.966382][T13351] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  508.968496][T13351] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  508.971362][T13351] vhci_hcd vhci_hcd.0: Device attached
[  509.064721][ T6002] usb 48-1: device descriptor read/8, error -110
[  509.129201][T13355] vhci_hcd: connection closed
[  509.129373][  T102] vhci_hcd vhci_hcd.2: stop threads
[  509.142951][  T102] vhci_hcd vhci_hcd.2: release socket
[  509.174493][  T102] vhci_hcd vhci_hcd.2: disconnect device
[  509.474912][ T6002] usb usb48-port1: unable to enumerate USB device
[  509.815042][T13373] 9pnet_virtio: no channels available for device syz
[  510.850118][T13385] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1853'.
[  510.927106][T13384] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  510.929448][T13384] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  510.964861][T13384] vhci_hcd vhci_hcd.0: Device attached
[  511.283980][T12962] usb 44-1: SetAddress Request (127) to port 0
[  511.286791][T12962] usb 44-1: new SuperSpeed USB device number 127 using vhci_hcd
[  512.328908][T13386] vhci_hcd: connection reset by peer
[  512.337108][ T1177] vhci_hcd vhci_hcd.3: stop threads
[  512.338790][ T1177] vhci_hcd vhci_hcd.3: release socket
[  512.343878][ T1177] vhci_hcd vhci_hcd.3: disconnect device
[  512.814949][T13413] FAULT_INJECTION: forcing a failure.
[  512.814949][T13413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  512.820106][T13413] CPU: 2 UID: 0 PID: 13413 Comm: syz.2.1861 Not tainted syzkaller #0 PREEMPT(full) 
[  512.820152][T13413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  512.820162][T13413] Call Trace:
[  512.820169][T13413]  <TASK>
[  512.820177][T13413]  dump_stack_lvl+0x16c/0x1f0
[  512.820217][T13413]  should_fail_ex+0x512/0x640
[  512.820237][T13413]  _copy_to_user+0x32/0xd0
[  512.820251][T13413]  simple_read_from_buffer+0xcb/0x170
[  512.820269][T13413]  proc_fail_nth_read+0x197/0x240
[  512.820288][T13413]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  512.820308][T13413]  ? rw_verify_area+0xcf/0x6c0
[  512.820322][T13413]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  512.820340][T13413]  vfs_read+0x1e4/0xcf0
[  512.820357][T13413]  ? __pfx___mutex_lock+0x10/0x10
[  512.820376][T13413]  ? __pfx_vfs_read+0x10/0x10
[  512.820390][T13413]  ? find_held_lock+0x2b/0x80
[  512.820408][T13413]  ? __fget_files+0x20e/0x3c0
[  512.820428][T13413]  ksys_read+0x12a/0x250
[  512.820444][T13413]  ? __pfx_ksys_read+0x10/0x10
[  512.820463][T13413]  __do_fast_syscall_32+0xe8/0x680
[  512.820483][T13413]  do_fast_syscall_32+0x32/0x80
[  512.820493][T13413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  512.820507][T13413] RIP: 0023:0xf703d579
[  512.820517][T13413] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  512.820528][T13413] RSP: 002b:00000000f542d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  512.820539][T13413] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542d620
[  512.820546][T13413] RDX: 000000000000000f RSI: 00000000f73d6ff4 RDI: 0000000000000000
[  512.820553][T13413] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  512.820559][T13413] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  512.820565][T13413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  512.820579][T13413]  </TASK>
[  513.292215][T13419] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  513.294981][T13419] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  513.298941][T13419] vhci_hcd vhci_hcd.0: Device attached
[  513.583970][ T6721] usb 42-1: SetAddress Request (75) to port 0
[  513.594891][ T6721] usb 42-1: new SuperSpeed USB device number 75 using vhci_hcd
[  513.822095][T13420] vhci_hcd: connection reset by peer
[  513.824336][ T6241] vhci_hcd vhci_hcd.2: stop threads
[  513.977577][ T6241] vhci_hcd vhci_hcd.2: release socket
[  513.993113][ T6241] vhci_hcd vhci_hcd.2: disconnect device
[  514.627341][ T5944] Bluetooth: hci3: ACL packet too small
[  514.822680][T13451] FAULT_INJECTION: forcing a failure.
[  514.822680][T13451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  514.828977][T13451] CPU: 0 UID: 0 PID: 13451 Comm: syz.5.1870 Not tainted syzkaller #0 PREEMPT(full) 
[  514.829005][T13451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  514.829023][T13451] Call Trace:
[  514.829028][T13451]  <TASK>
[  514.829032][T13451]  dump_stack_lvl+0x16c/0x1f0
[  514.829053][T13451]  should_fail_ex+0x512/0x640
[  514.829069][T13451]  _copy_from_user+0x2e/0xd0
[  514.829082][T13451]  kstrtouint_from_user+0xd6/0x1d0
[  514.829098][T13451]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  514.829113][T13451]  ? __lock_acquire+0x436/0x2890
[  514.829130][T13451]  proc_fail_nth_write+0x83/0x220
[  514.829143][T13451]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  514.829159][T13451]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  514.829169][T13451]  vfs_write+0x2a0/0x11d0
[  514.829187][T13451]  ? __pfx___mutex_lock+0x10/0x10
[  514.829205][T13451]  ? __pfx_vfs_write+0x10/0x10
[  514.829220][T13451]  ? find_held_lock+0x2b/0x80
[  514.829238][T13451]  ? __fget_files+0x20e/0x3c0
[  514.829258][T13451]  ksys_write+0x12a/0x250
[  514.829274][T13451]  ? __pfx_ksys_write+0x10/0x10
[  514.829294][T13451]  __do_fast_syscall_32+0xe8/0x680
[  514.829314][T13451]  do_fast_syscall_32+0x32/0x80
[  514.829324][T13451]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  514.829339][T13451] RIP: 0023:0xf70dd579
[  514.829348][T13451] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  514.829359][T13451] RSP: 002b:00000000f54cd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  514.829371][T13451] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54cd620
[  514.829378][T13451] RDX: 0000000000000001 RSI: 00000000f7476ff4 RDI: 0000000000000000
[  514.829385][T13451] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  514.829391][T13451] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  514.829406][T13451] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  514.829429][T13451]  </TASK>
[  515.710273][T13463] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  515.712561][T13463] overlayfs: failed to set xattr on upper
[  515.716523][T13463] overlayfs: ...falling back to redirect_dir=nofollow.
[  515.718836][T13463] overlayfs: ...falling back to metacopy=off.
[  515.721156][T13463] overlayfs: ...falling back to index=off.
[  515.723253][T13463] overlayfs: ...falling back to uuid=null.
[  516.338533][T13472] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  516.340946][T13472] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  516.347036][T12962] usb 44-1: device descriptor read/8, error -110
[  516.397439][T13472] vhci_hcd vhci_hcd.0: Device attached
[  516.746396][T12962] usb usb44-port1: attempt power cycle
[  516.816242][T13473] vhci_hcd: connection closed
[  516.818596][ T6241] vhci_hcd vhci_hcd.2: stop threads
[  516.846607][ T6241] vhci_hcd vhci_hcd.2: release socket
[  516.848800][ T6241] vhci_hcd vhci_hcd.2: disconnect device
[  517.314637][T12962] usb usb44-port1: unable to enumerate USB device
[  517.746982][T13498] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  517.749206][T13498] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  517.753897][T13498] vhci_hcd vhci_hcd.0: Device attached
[  517.960356][T13499] vhci_hcd: connection closed
[  517.960702][ T1139] vhci_hcd vhci_hcd.3: stop threads
[  517.966493][ T1139] vhci_hcd vhci_hcd.3: release socket
[  517.968295][ T1139] vhci_hcd vhci_hcd.3: disconnect device
[  518.064015][   T29] usb 44-1: enqueue for inactive port 0
[  518.127116][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  518.127132][   T40] audit: type=1326 audit(1766384260.908:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.163348][   T40] audit: type=1326 audit(1766384260.928:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.177134][   T40] audit: type=1326 audit(1766384260.928:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.187276][   T40] audit: type=1326 audit(1766384260.928:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.199769][   T40] audit: type=1326 audit(1766384260.928:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.209229][   T40] audit: type=1326 audit(1766384260.928:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.218472][   T40] audit: type=1326 audit(1766384260.938:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.227756][   T40] audit: type=1326 audit(1766384260.938:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=94 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.237026][   T40] audit: type=1326 audit(1766384260.938:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.246364][   T40] audit: type=1326 audit(1766384260.938:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13510 comm="syz.5.1886" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd579 code=0x7ffc0000
[  518.253903][ T1331] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  518.403902][ T1331] usb 7-1: Using ep0 maxpacket: 8
[  518.406849][ T1331] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  518.410292][ T1331] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  518.413147][ T1331] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.414053][ T6029] usb 10-1: new low-speed USB device number 2 using dummy_hcd
[  518.418066][ T1331] usb 7-1: config 0 descriptor??
[  518.566330][ T6029] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  518.568999][ T6029] usb 10-1: config 0 has no interface number 0
[  518.570967][ T6029] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  518.574391][   T29] usb usb44-port1: attempt power cycle
[  518.578595][ T6029] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  518.582542][ T6029] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  518.587256][ T6029] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  518.591049][ T6029] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  518.594505][ T6029] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  518.598901][ T6029] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  518.601831][ T6029] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.616249][ T6029] usb 10-1: config 0 descriptor??
[  518.619176][T13511] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  518.622497][T13511] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  518.631390][ T6029] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  518.632782][ T1331] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1
[  518.673913][ T6721] usb 42-1: device descriptor read/8, error -110
[  518.869441][ T6029] usb 10-1: USB disconnect, device number 2
[  518.869555][    C2] ldusb 10-1:0.55: usb_submit_urb failed (-19)
[  518.875647][ T6029] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  518.875654][T13509] ldusb: No device or device unplugged -19
[  519.074352][ T6721] usb usb42-port1: attempt power cycle
[  519.204324][   T29] usb usb44-port1: unable to enumerate USB device
[  519.634614][ T6721] usb usb42-port1: unable to enumerate USB device
[  520.045989][T13535] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  520.048800][T13535] overlayfs: failed to set xattr on upper
[  520.051178][T13535] overlayfs: ...falling back to redirect_dir=nofollow.
[  520.054592][T13535] overlayfs: ...falling back to metacopy=off.
[  520.057272][T13535] overlayfs: ...falling back to index=off.
[  520.059788][T13535] overlayfs: ...falling back to uuid=null.
[  520.274019][T13541] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  520.276115][T13541] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  520.279100][T13541] vhci_hcd vhci_hcd.0: Device attached
[  520.616134][ T6721] usb 46-1: SetAddress Request (51) to port 0
[  520.624991][ T6721] usb 46-1: new SuperSpeed USB device number 51 using vhci_hcd
[  520.716195][T13542] vhci_hcd: connection reset by peer
[  520.718950][ T6241] vhci_hcd vhci_hcd.4: stop threads
[  520.720857][ T6241] vhci_hcd vhci_hcd.4: release socket
[  520.722689][ T6241] vhci_hcd vhci_hcd.4: disconnect device
[  521.004714][   T10] usb 7-1: USB disconnect, device number 17
[  521.164552][T13556] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  521.166691][T13556] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  521.169721][T13556] vhci_hcd vhci_hcd.0: Device attached
[  521.504086][ T1331] usb 48-1: SetAddress Request (6) to port 0
[  521.513375][ T1331] usb 48-1: new SuperSpeed USB device number 6 using vhci_hcd
[  521.633598][T13557] vhci_hcd: connection reset by peer
[  521.636931][ T5136] vhci_hcd vhci_hcd.5: stop threads
[  521.639396][ T5136] vhci_hcd vhci_hcd.5: release socket
[  521.642095][ T5136] vhci_hcd vhci_hcd.5: disconnect device
[  522.172008][T13573] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  522.174350][T13573] overlayfs: failed to set xattr on upper
[  522.176164][T13573] overlayfs: ...falling back to redirect_dir=nofollow.
[  522.178322][T13573] overlayfs: ...falling back to metacopy=off.
[  522.180281][T13573] overlayfs: ...falling back to index=off.
[  522.182236][T13573] overlayfs: ...falling back to uuid=null.
[  523.323421][T13594] FAULT_INJECTION: forcing a failure.
[  523.323421][T13594] name failslab, interval 1, probability 0, space 0, times 0
[  523.328399][T13594] CPU: 3 UID: 0 PID: 13594 Comm: syz.2.1907 Not tainted syzkaller #0 PREEMPT(full) 
[  523.328415][T13594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  523.328422][T13594] Call Trace:
[  523.328426][T13594]  <TASK>
[  523.328431][T13594]  dump_stack_lvl+0x16c/0x1f0
[  523.328451][T13594]  should_fail_ex+0x512/0x640
[  523.328464][T13594]  ? kmem_cache_alloc_noprof+0x62/0x770
[  523.328485][T13594]  should_failslab+0xc2/0x120
[  523.328511][T13594]  kmem_cache_alloc_noprof+0x83/0x770
[  523.328533][T13594]  ? stack_depot_save_flags+0x29/0x9b0
[  523.328555][T13594]  ? alloc_empty_file+0x55/0x1e0
[  523.328580][T13594]  ? alloc_empty_file+0x55/0x1e0
[  523.328597][T13594]  ? kasan_save_track+0x14/0x30
[  523.328612][T13594]  alloc_empty_file+0x55/0x1e0
[  523.328625][T13594]  path_openat+0xde/0x3140
[  523.328641][T13594]  ? __do_fast_syscall_32+0xe8/0x680
[  523.328672][T13594]  ? do_fast_syscall_32+0x32/0x80
[  523.328682][T13594]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  523.328701][T13594]  ? __pfx_path_openat+0x10/0x10
[  523.328723][T13594]  do_filp_open+0x20b/0x470
[  523.328740][T13594]  ? __pfx_do_filp_open+0x10/0x10
[  523.328766][T13594]  ? alloc_fd+0x471/0x7d0
[  523.328787][T13594]  do_sys_openat2+0x121/0x290
[  523.328799][T13594]  ? __pfx_do_sys_openat2+0x10/0x10
[  523.328813][T13594]  ? __fget_files+0x20e/0x3c0
[  523.328831][T13594]  __ia32_compat_sys_open+0x146/0x1e0
[  523.328844][T13594]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  523.328859][T13594]  ? do_user_addr_fault+0x843/0x1370
[  523.328873][T13594]  ? rcu_is_watching+0x12/0xc0
[  523.328890][T13594]  __do_fast_syscall_32+0xe8/0x680
[  523.328909][T13594]  do_fast_syscall_32+0x32/0x80
[  523.328919][T13594]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  523.328933][T13594] RIP: 0023:0xf703d579
[  523.328942][T13594] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  523.328953][T13594] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  523.328964][T13594] RAX: ffffffffffffffda RBX: 00000000809e1000 RCX: 0000000000000300
[  523.328971][T13594] RDX: 0000000000000140 RSI: 0000000000000000 RDI: 0000000000000000
[  523.328978][T13594] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  523.328984][T13594] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  523.328990][T13594] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  523.329004][T13594]  </TASK>
[  523.853991][   T40] kauditd_printk_skb: 48 callbacks suppressed
[  523.854003][   T40] audit: type=1804 audit(1766384266.628:790): pid=13606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.1909" name="/newroot/35/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  524.103411][T13614] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1913'.
[  524.199188][T13616] fuse: Unknown parameter 'group_i00000000000000000000'
[  525.157472][ T5944] Bluetooth: hci2: unexpected event for opcode 0x2003
[  525.704086][ T6721] usb 46-1: device descriptor read/8, error -110
[  526.096676][ T6721] usb usb46-port1: attempt power cycle
[  526.583984][ T1331] usb 48-1: device descriptor read/8, error -110
[  526.674719][ T6721] usb usb46-port1: unable to enumerate USB device
[  526.773180][T13667] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  526.775585][T13667] overlayfs: failed to set xattr on upper
[  526.777559][T13667] overlayfs: ...falling back to redirect_dir=nofollow.
[  526.780435][T13667] overlayfs: ...falling back to metacopy=off.
[  526.782967][T13667] overlayfs: ...falling back to index=off.
[  526.785546][T13667] overlayfs: ...falling back to uuid=null.
[  526.894139][T13672] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1931'.
[  526.976804][ T1331] usb usb48-port1: attempt power cycle
[  527.103060][T13672] FAULT_INJECTION: forcing a failure.
[  527.103060][T13672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  527.108717][T13672] CPU: 0 UID: 0 PID: 13672 Comm: syz.2.1931 Not tainted syzkaller #0 PREEMPT(full) 
[  527.108734][T13672] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  527.108741][T13672] Call Trace:
[  527.108746][T13672]  <TASK>
[  527.108752][T13672]  dump_stack_lvl+0x16c/0x1f0
[  527.108774][T13672]  should_fail_ex+0x512/0x640
[  527.108789][T13672]  _copy_to_user+0x32/0xd0
[  527.108803][T13672]  simple_read_from_buffer+0xcb/0x170
[  527.108820][T13672]  proc_fail_nth_read+0x197/0x240
[  527.108839][T13672]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  527.108859][T13672]  ? rw_verify_area+0xcf/0x6c0
[  527.108873][T13672]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  527.108891][T13672]  vfs_read+0x1e4/0xcf0
[  527.108908][T13672]  ? __pfx___mutex_lock+0x10/0x10
[  527.108927][T13672]  ? __pfx_vfs_read+0x10/0x10
[  527.108941][T13672]  ? find_held_lock+0x2b/0x80
[  527.108960][T13672]  ? __fget_files+0x20e/0x3c0
[  527.108980][T13672]  ksys_read+0x12a/0x250
[  527.108995][T13672]  ? __pfx_ksys_read+0x10/0x10
[  527.109093][T13672]  ? syscall_user_dispatch+0x78/0x140
[  527.109111][T13672]  __do_fast_syscall_32+0xe8/0x680
[  527.109132][T13672]  do_fast_syscall_32+0x32/0x80
[  527.109142][T13672]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  527.109157][T13672] RIP: 0023:0xf703d579
[  527.109166][T13672] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  527.109177][T13672] RSP: 002b:00000000f542d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  527.109189][T13672] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542d620
[  527.109196][T13672] RDX: 000000000000000f RSI: 00000000f73d6ff4 RDI: 0000000000000000
[  527.109203][T13672] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  527.109209][T13672] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  527.109216][T13672] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  527.109230][T13672]  </TASK>
[  527.428136][T13691] bond1: ARP target 9.0.0.0 is already present
[  527.430260][T13691] bond1: option arp_ip_target: invalid value (9)
[  527.594201][ T1331] usb usb48-port1: unable to enumerate USB device
[  527.599354][T13691] bond1 (unregistering): Released all slaves
[  527.970618][ T5944] Bluetooth: hci2: ACL packet too small
[  527.970636][T13702] fuse: Unknown parameter 'group_id00000000000000000000'
[  530.340702][T13757] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  530.564793][ T5944] Bluetooth: hci3: ACL packet too small
[  531.482893][T13787] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  531.485619][T13787] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  531.658961][T13787] vhci_hcd vhci_hcd.0: Device attached
[  531.842895][T13794] fuse: Unknown parameter 'group_id00000000000000000000'
[  531.848583][T13795] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  531.850678][T13795] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  531.853716][T13795] vhci_hcd vhci_hcd.0: Device attached
[  531.934152][ T1331] usb 46-1: SetAddress Request (55) to port 0
[  531.936247][ T1331] usb 46-1: new SuperSpeed USB device number 55 using vhci_hcd
[  532.006483][T13788] vhci_hcd: connection reset by peer
[  532.014942][T13753] vhci_hcd vhci_hcd.4: stop threads
[  532.017219][T13753] vhci_hcd vhci_hcd.4: release socket
[  532.019867][T13753] vhci_hcd vhci_hcd.4: disconnect device
[  532.124006][T12962] usb 44-1: SetAddress Request (9) to port 0
[  532.126669][T12962] usb 44-1: new SuperSpeed USB device number 9 using vhci_hcd
[  532.217365][T13796] vhci_hcd: connection closed
[  532.294202][T10206] vhci_hcd vhci_hcd.3: stop threads
[  532.298117][T10206] vhci_hcd vhci_hcd.3: release socket
[  532.300448][T10206] vhci_hcd vhci_hcd.3: disconnect device
[  532.355198][T12962] usb 44-1: enqueue for inactive port 0
[  532.774668][T12962] usb usb44-port1: attempt power cycle
[  532.986678][T13821] FAULT_INJECTION: forcing a failure.
[  532.986678][T13821] name failslab, interval 1, probability 0, space 0, times 0
[  532.992377][T13821] CPU: 1 UID: 0 PID: 13821 Comm: syz.2.1963 Not tainted syzkaller #0 PREEMPT(full) 
[  532.992402][T13821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  532.992414][T13821] Call Trace:
[  532.992435][T13821]  <TASK>
[  532.992444][T13821]  dump_stack_lvl+0x16c/0x1f0
[  532.992475][T13821]  should_fail_ex+0x512/0x640
[  532.992497][T13821]  ? __kmalloc_noprof+0xca/0x910
[  532.992520][T13821]  should_failslab+0xc2/0x120
[  532.992549][T13821]  __kmalloc_noprof+0xeb/0x910
[  532.992569][T13821]  ? copy_splice_read+0x1a8/0xc20
[  532.992600][T13821]  ? copy_splice_read+0x1a8/0xc20
[  532.992624][T13821]  copy_splice_read+0x1a8/0xc20
[  532.992650][T13821]  ? __lock_acquire+0x436/0x2890
[  532.992669][T13821]  ? __pfx_aa_file_perm+0x10/0x10
[  532.992696][T13821]  ? __pfx_copy_splice_read+0x10/0x10
[  532.992738][T13821]  ? __pfx_copy_splice_read+0x10/0x10
[  532.992763][T13821]  do_splice_read+0x285/0x370
[  532.992791][T13821]  splice_file_to_pipe+0x109/0x120
[  532.992818][T13821]  do_splice+0x118c/0x1fc0
[  532.992846][T13821]  ? vfs_write+0x15d/0x11d0
[  532.992876][T13821]  ? __pfx_do_splice+0x10/0x10
[  532.992901][T13821]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  532.992925][T13821]  ? __pfx_do_sys_openat2+0x10/0x10
[  532.992950][T13821]  __do_splice+0x15d/0x360
[  532.992979][T13821]  ? __pfx___do_splice+0x10/0x10
[  532.993015][T13821]  ? ksys_write+0x1ac/0x250
[  532.993040][T13821]  ? __pfx_ksys_write+0x10/0x10
[  532.993069][T13821]  __ia32_sys_splice+0x189/0x250
[  532.993101][T13821]  __do_fast_syscall_32+0xe8/0x680
[  532.993132][T13821]  do_fast_syscall_32+0x32/0x80
[  532.993150][T13821]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  532.993173][T13821] RIP: 0023:0xf703d579
[  532.993188][T13821] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  532.993206][T13821] RSP: 002b:00000000f542d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  532.993225][T13821] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000000
[  532.993237][T13821] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 000000007ffff000
[  532.993248][T13821] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  532.993258][T13821] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  532.993269][T13821] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  532.993294][T13821]  </TASK>
[  533.226801][T13824] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1965'.
[  533.565494][T13831] misc userio: Invalid payload size
[  533.734408][T12962] usb usb44-port1: unable to enumerate USB device
[  533.879014][T13839] FAULT_INJECTION: forcing a failure.
[  533.879014][T13839] name failslab, interval 1, probability 0, space 0, times 0
[  533.883009][T13839] CPU: 3 UID: 0 PID: 13839 Comm: syz.5.1969 Not tainted syzkaller #0 PREEMPT(full) 
[  533.883025][T13839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  533.883033][T13839] Call Trace:
[  533.883037][T13839]  <TASK>
[  533.883042][T13839]  dump_stack_lvl+0x16c/0x1f0
[  533.883063][T13839]  should_fail_ex+0x512/0x640
[  533.883075][T13839]  ? fs_reclaim_acquire+0xae/0x150
[  533.883094][T13839]  should_failslab+0xc2/0x120
[  533.883112][T13839]  __kmalloc_noprof+0xeb/0x910
[  533.883125][T13839]  ? tomoyo_encode2+0x100/0x3e0
[  533.883143][T13839]  ? tomoyo_encode2+0x100/0x3e0
[  533.883157][T13839]  tomoyo_encode2+0x100/0x3e0
[  533.883174][T13839]  tomoyo_encode+0x29/0x50
[  533.883188][T13839]  tomoyo_realpath_from_path+0x18f/0x6e0
[  533.883208][T13839]  tomoyo_path_number_perm+0x245/0x580
[  533.883220][T13839]  ? tomoyo_path_number_perm+0x237/0x580
[  533.883234][T13839]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  533.883260][T13839]  ? find_held_lock+0x2b/0x80
[  533.883275][T13839]  ? hook_file_ioctl_common+0x144/0x410
[  533.883292][T13839]  ? __fget_files+0x20e/0x3c0
[  533.883307][T13839]  ? __fput_deferred+0x480/0x480
[  533.883321][T13839]  security_file_ioctl_compat+0x9b/0x240
[  533.883336][T13839]  __ia32_compat_sys_ioctl+0xc3/0x370
[  533.883352][T13839]  __do_fast_syscall_32+0xe8/0x680
[  533.883372][T13839]  do_fast_syscall_32+0x32/0x80
[  533.883382][T13839]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  533.883397][T13839] RIP: 0023:0xf70dd579
[  533.883406][T13839] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  533.883417][T13839] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  533.883428][T13839] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000127c
[  533.883436][T13839] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  533.883442][T13839] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  533.883449][T13839] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  533.883456][T13839] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  533.883470][T13839]  </TASK>
[  533.883480][T13839] ERROR: Out of memory at tomoyo_realpath_from_path.
[  534.368998][T13848] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  534.371105][T13848] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  534.429038][T13848] vhci_hcd vhci_hcd.0: Device attached
[  534.585053][T13853] Invalid ELF header magic: != ELF
[  534.589963][T13853] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1973'.
[  534.714027][T12962] usb 48-1: SetAddress Request (10) to port 0
[  534.716116][T12962] usb 48-1: new SuperSpeed USB device number 10 using vhci_hcd
[  534.966718][T13849] vhci_hcd: connection reset by peer
[  534.970344][  T102] vhci_hcd vhci_hcd.5: stop threads
[  534.975040][  T102] vhci_hcd vhci_hcd.5: release socket
[  534.978458][  T102] vhci_hcd vhci_hcd.5: disconnect device
[  535.671268][T13880] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1981'.
[  535.679975][T13880] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.683263][T13880] bridge0: port 1(bridge_slave_0) entered disabled state
[  536.716608][T13901] FAULT_INJECTION: forcing a failure.
[  536.716608][T13901] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  536.722059][T13901] CPU: 3 UID: 0 PID: 13901 Comm: syz.4.1988 Not tainted syzkaller #0 PREEMPT(full) 
[  536.722084][T13901] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  536.722095][T13901] Call Trace:
[  536.722101][T13901]  <TASK>
[  536.722108][T13901]  dump_stack_lvl+0x16c/0x1f0
[  536.722145][T13901]  should_fail_ex+0x512/0x640
[  536.722170][T13901]  _copy_from_user+0x2e/0xd0
[  536.722190][T13901]  get_user_ifreq+0x116/0x1c0
[  536.722216][T13901]  compat_sock_ioctl+0x3f6/0x730
[  536.722234][T13901]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  536.722250][T13901]  ? hook_file_ioctl_common+0x144/0x410
[  536.722277][T13901]  ? __fget_files+0x20e/0x3c0
[  536.722301][T13901]  ? __fput_deferred+0x480/0x480
[  536.722326][T13901]  ? __pfx_compat_sock_ioctl+0x10/0x10
[  536.722340][T13901]  __ia32_compat_sys_ioctl+0x242/0x370
[  536.722366][T13901]  __do_fast_syscall_32+0xe8/0x680
[  536.722396][T13901]  do_fast_syscall_32+0x32/0x80
[  536.722413][T13901]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  536.722435][T13901] RIP: 0023:0xf704d579
[  536.722450][T13901] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  536.722466][T13901] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  536.722482][T13901] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946
[  536.722493][T13901] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[  536.722505][T13901] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  536.722515][T13901] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  536.722526][T13901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  536.722550][T13901]  </TASK>
[  537.045657][ T5944] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1
[  537.048816][ T5944] Bluetooth: hci3: unexpected event for opcode 0x2039
[  537.377347][ T1331] usb 46-1: device descriptor read/8, error -110
[  537.494401][T13910] 9pnet_virtio: no channels available for device syz
[  537.894637][ T1331] usb usb46-port1: attempt power cycle
[  538.421939][T13926] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  538.424508][T13926] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  538.436475][T13926] vhci_hcd vhci_hcd.0: Device attached
[  538.469708][T13926] netlink: 'syz.3.1991': attribute type 4 has an invalid length.
[  538.475543][ T1331] usb usb46-port1: unable to enumerate USB device
[  538.674066][ T1331] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[  539.122286][T13934] vhci_hcd: connection reset by peer
[  539.128066][ T5136] vhci_hcd vhci_hcd.3: stop threads
[  539.130036][ T5136] vhci_hcd vhci_hcd.3: release socket
[  539.132353][ T5136] vhci_hcd vhci_hcd.3: disconnect device
[  539.784631][T12962] usb 48-1: device descriptor read/8, error -110
[  540.124760][   T29] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  540.184390][T12962] usb usb48-port1: attempt power cycle
[  540.323935][   T29] usb 8-1: Using ep0 maxpacket: 8
[  540.394197][   T29] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  540.398908][   T29] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  540.402778][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.507051][   T29] usb 8-1: config 0 descriptor??
[  540.745172][   T29] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  540.754368][T12962] usb usb48-port1: unable to enumerate USB device
[  541.068354][ T5944] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  541.072642][ T5944] Bluetooth: hci3: Injecting HCI hardware error event
[  541.078585][ T5944] Bluetooth: hci3: hardware error 0x00
[  542.821043][   T10] usb 8-1: USB disconnect, device number 17
[  543.143926][ T5944] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  543.192196][   T29] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  543.363892][   T29] usb 7-1: Using ep0 maxpacket: 8
[  543.397725][ T6721] IPVS: starting estimator thread 0...
[  543.401733][   T29] usb 7-1: config 0 has no interfaces?
[  543.407963][   T29] usb 7-1: New USB device found, idVendor=0582, idProduct=e6ca, bcdDevice=d3.0b
[  543.407980][   T29] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.407991][   T29] usb 7-1: Product: syz
[  543.407999][   T29] usb 7-1: Manufacturer: syz
[  543.408007][   T29] usb 7-1: SerialNumber: syz
[  543.415258][   T29] usb 7-1: config 0 descriptor??
[  543.429579][T14042] /dev/nullb0: Can't open blockdev
[  543.493960][T14040] IPVS: using max 44 ests per chain, 105600 per kthread
[  543.794444][ T1331] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  545.407072][T14064] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2025'.
[  545.631345][T14066] 9pnet_virtio: no channels available for device syz
[  546.172061][   T10] usb 7-1: USB disconnect, device number 18
[  547.644860][T14100] 9p: Bad value for 'wfdno'
[  548.024149][T14104] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2034'.
[  548.098549][T14106] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  548.468450][T14115] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  548.471385][T14115] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  548.474939][T14119] FAULT_INJECTION: forcing a failure.
[  548.474939][T14119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  548.480421][T14119] CPU: 2 UID: 0 PID: 14119 Comm: syz.5.2040 Not tainted syzkaller #0 PREEMPT(full) 
[  548.480445][T14119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  548.480457][T14119] Call Trace:
[  548.480465][T14119]  <TASK>
[  548.480487][T14119]  dump_stack_lvl+0x16c/0x1f0
[  548.480540][T14119]  should_fail_ex+0x512/0x640
[  548.480573][T14119]  _copy_to_user+0x32/0xd0
[  548.480598][T14119]  __copy_siginfo_to_user32+0x96/0xf0
[  548.480627][T14119]  ? __pfx___copy_siginfo_to_user32+0x10/0x10
[  548.480665][T14119]  ? _raw_spin_unlock_irq+0x23/0x50
[  548.480692][T14119]  ? siginfo_layout+0x177/0x290
[  548.480719][T14119]  ia32_setup_rt_frame+0x6cc/0xb30
[  548.480748][T14119]  ? __pfx_ia32_setup_rt_frame+0x10/0x10
[  548.480771][T14119]  ? __pfx_vfs_read+0x10/0x10
[  548.480796][T14119]  ? find_held_lock+0x2b/0x80
[  548.480830][T14119]  arch_do_signal_or_restart+0x475/0x7a0
[  548.480860][T14119]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  548.480886][T14119]  ? __fget_files+0x20e/0x3c0
[  548.480919][T14119]  ? fput+0x70/0xf0
[  548.480938][T14119]  ? ksys_pread64+0x110/0x1a0
[  548.480970][T14119]  exit_to_user_mode_loop+0x8c/0x540
[  548.480999][T14119]  __do_fast_syscall_32+0x4a4/0x680
[  548.481031][T14119]  do_fast_syscall_32+0x32/0x80
[  548.481049][T14119]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  548.481074][T14119] RIP: 0023:0xf70dd577
[  548.481091][T14119] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[  548.481110][T14119] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  548.481130][T14119] RAX: 00000000000000b4 RBX: 0000000000000003 RCX: 0000000000000000
[  548.481142][T14119] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  548.481154][T14119] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  548.481166][T14119] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  548.481193][T14119] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  548.481219][T14119]  </TASK>
[  550.420911][T14136] fuse: Bad value for 'fd'
[  550.504678][ T5944] Bluetooth: hci2: command 0x0406 tx timeout
[  550.504772][ T5939] Bluetooth: hci1: command 0x0406 tx timeout
[  551.614350][T14150] misc userio: Invalid payload size
[  551.720940][T14154] FAULT_INJECTION: forcing a failure.
[  551.720940][T14154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  551.750094][T14154] CPU: 2 UID: 0 PID: 14154 Comm: syz.4.2048 Not tainted syzkaller #0 PREEMPT(full) 
[  551.750117][T14154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  551.750127][T14154] Call Trace:
[  551.750133][T14154]  <TASK>
[  551.750139][T14154]  dump_stack_lvl+0x16c/0x1f0
[  551.750182][T14154]  should_fail_ex+0x512/0x640
[  551.750202][T14154]  _copy_from_iter+0x2a4/0x16c0
[  551.750227][T14154]  ? __alloc_skb+0x220/0x410
[  551.750243][T14154]  ? __alloc_skb+0x35d/0x410
[  551.750258][T14154]  ? __pfx__copy_from_iter+0x10/0x10
[  551.750274][T14154]  ? netlink_autobind.isra.0+0x158/0x370
[  551.750303][T14154]  netlink_sendmsg+0x820/0xdd0
[  551.750326][T14154]  ? __pfx_netlink_sendmsg+0x10/0x10
[  551.750349][T14154]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  551.750377][T14154]  ____sys_sendmsg+0xa5d/0xc30
[  551.750401][T14154]  ? __pfx_____sys_sendmsg+0x10/0x10
[  551.750423][T14154]  ? get_compat_msghdr+0x11a/0x170
[  551.750449][T14154]  ___sys_sendmsg+0x134/0x1d0
[  551.750469][T14154]  ? __pfx____sys_sendmsg+0x10/0x10
[  551.750500][T14154]  ? find_held_lock+0x2b/0x80
[  551.750533][T14154]  __sys_sendmsg+0x16d/0x220
[  551.750551][T14154]  ? __pfx___sys_sendmsg+0x10/0x10
[  551.750577][T14154]  ? do_user_addr_fault+0x843/0x1370
[  551.750598][T14154]  __do_fast_syscall_32+0xe8/0x680
[  551.750639][T14154]  do_fast_syscall_32+0x32/0x80
[  551.750654][T14154]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  551.750672][T14154] RIP: 0023:0xf704d579
[  551.750684][T14154] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  551.750699][T14154] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  551.750713][T14154] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  551.750723][T14154] RDX: 0000000000004010 RSI: 0000000000000000 RDI: 0000000000000000
[  551.750732][T14154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  551.750740][T14154] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  551.750749][T14154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  551.750768][T14154]  </TASK>
[  552.105700][T14161] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2050'.
[  554.298321][T14177] netlink: 'syz.3.2055': attribute type 4 has an invalid length.
[  554.300936][T14177] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2055'.
[  554.733873][   T10] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  554.903850][   T10] usb 8-1: Using ep0 maxpacket: 8
[  554.907875][   T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  554.914080][   T10] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  554.917044][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  554.932548][   T10] usb 8-1: config 0 descriptor??
[  555.894785][T14202] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  555.897134][T14202] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  555.900408][T14202] vhci_hcd vhci_hcd.0: Device attached
[  556.176342][ T6721] usb 48-1: SetAddress Request (14) to port 0
[  556.179118][ T6721] usb 48-1: new SuperSpeed USB device number 14 using vhci_hcd
[  556.589905][T14203] vhci_hcd: connection reset by peer
[  556.592144][ T1177] vhci_hcd vhci_hcd.5: stop threads
[  556.594919][ T1177] vhci_hcd vhci_hcd.5: release socket
[  556.596710][ T1177] vhci_hcd vhci_hcd.5: disconnect device
[  557.035092][T14215] netlink: 'syz.2.2064': attribute type 4 has an invalid length.
[  557.038468][T14215] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2064'.
[  557.478190][   T10] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  557.600093][T14220] netlink: 'syz.5.2065': attribute type 4 has an invalid length.
[  557.602787][T14220] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2065'.
[  557.923585][T14230] JFS: discard option not supported on device
[  557.932635][T14230] Mount JFS Failure: -22
[  557.934503][T14230] jfs_mount failed w/return code = -22
[  558.312363][   T10] usb 8-1: USB disconnect, device number 18
[  559.370785][T14260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2081'.
[  559.525640][T14268] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  559.527798][T14268] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  559.530492][T14268] vhci_hcd vhci_hcd.0: Device attached
[  559.707292][T14269] vhci_hcd: connection closed
[  559.707460][ T5136] vhci_hcd vhci_hcd.5: stop threads
[  559.710952][ T5136] vhci_hcd vhci_hcd.5: release socket
[  559.712739][ T5136] vhci_hcd vhci_hcd.5: disconnect device
[  560.068203][T14274] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  560.070414][T14274] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  560.079100][T14274] vhci_hcd vhci_hcd.0: Device attached
[  560.403940][ T6029] usb 42-1: SetAddress Request (79) to port 0
[  560.406314][ T6029] usb 42-1: new SuperSpeed USB device number 79 using vhci_hcd
[  560.464747][T14275] vhci_hcd: connection reset by peer
[  560.466772][T13753] vhci_hcd vhci_hcd.2: stop threads
[  560.468556][T13753] vhci_hcd vhci_hcd.2: release socket
[  560.470536][T13753] vhci_hcd vhci_hcd.2: disconnect device
[  561.546685][ T6721] usb 48-1: device descriptor read/8, error -110
[  561.942980][   T40] audit: type=1804 audit(1766384304.718:791): pid=14292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2087" name="/newroot/362/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  562.027451][T14299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2090'.
[  562.034991][ T6721] usb usb48-port1: attempt power cycle
[  562.617887][ T6721] usb usb48-port1: unable to enumerate USB device
[  563.275945][T14320] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  563.278643][T14320] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  563.282148][T14320] vhci_hcd vhci_hcd.0: Device attached
[  563.593894][ T6721] usb 46-1: SetAddress Request (59) to port 0
[  563.596351][ T6721] usb 46-1: new SuperSpeed USB device number 59 using vhci_hcd
[  564.085846][ T5939] Bluetooth: hci2: ACL packet too small
[  564.754492][T14321] vhci_hcd: connection reset by peer
[  564.758345][ T5136] vhci_hcd vhci_hcd.4: stop threads
[  564.760349][ T5136] vhci_hcd vhci_hcd.4: release socket
[  564.762089][ T5136] vhci_hcd vhci_hcd.4: disconnect device
[  564.956020][T14343] fuse: Invalid rootmode
[  565.480835][ T6029] usb 42-1: device descriptor read/8, error -110
[  565.833906][   T40] audit: type=1804 audit(1766384308.308:792): pid=14358 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2103" name="/newroot/523/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  565.865782][ T6029] usb usb42-port1: attempt power cycle
[  566.424841][ T6029] usb usb42-port1: unable to enumerate USB device
[  566.810105][T14378] fuse: Unknown parameter 'user00000000000000000000'
[  567.466929][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  567.469838][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  568.397157][   T40] audit: type=1804 audit(1766384311.178:793): pid=14401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2116" name="/newroot/560/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  568.674470][ T6721] usb 46-1: device descriptor read/8, error -110
[  569.087714][ T6721] usb usb46-port1: attempt power cycle
[  569.309677][T14413] fuse: Unknown parameter 'user00000000000000000000'
[  569.771745][ T6721] usb usb46-port1: unable to enumerate USB device
[  570.104510][T14425] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  570.106615][T14425] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  570.109751][T14425] vhci_hcd vhci_hcd.0: Device attached
[  570.443992][ T6030] usb 48-1: SetAddress Request (18) to port 0
[  570.445957][ T6030] usb 48-1: new SuperSpeed USB device number 18 using vhci_hcd
[  570.629859][T14429] vhci_hcd: connection reset by peer
[  570.631912][T13753] vhci_hcd vhci_hcd.5: stop threads
[  570.633569][T13753] vhci_hcd vhci_hcd.5: release socket
[  570.635372][T13753] vhci_hcd vhci_hcd.5: disconnect device
[  572.257711][T12962] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  572.413908][T12962] usb 7-1: Using ep0 maxpacket: 8
[  572.425218][T12962] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  572.429924][T12962] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  572.434118][T12962] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.444958][T12962] usb 7-1: config 0 descriptor??
[  572.652810][T12962] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  573.137057][T14483] fuse: Unknown parameter 'pcr'
[  573.145617][T12962] usb 7-1: USB disconnect, device number 19
[  575.544345][ T6030] usb 48-1: device descriptor read/8, error -110
[  576.337190][ T6030] usb usb48-port1: attempt power cycle
[  576.435814][T14535] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  576.438032][T14535] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  576.441814][T14535] vhci_hcd vhci_hcd.0: Device attached
[  576.687521][T14542] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.866631][  T839] usb 42-1: SetAddress Request (83) to port 0
[  576.868701][  T839] usb 42-1: new SuperSpeed USB device number 83 using vhci_hcd
[  576.949621][ T6030] usb usb48-port1: unable to enumerate USB device
[  576.953057][T14542] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.091281][T14542] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.128779][T14545] vhci_hcd: connection reset by peer
[  577.132199][ T1141] vhci_hcd vhci_hcd.2: stop threads
[  577.135766][ T1141] vhci_hcd vhci_hcd.2: release socket
[  577.139089][ T1141] vhci_hcd vhci_hcd.2: disconnect device
[  577.177628][T14542] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.268936][ T6106] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  577.278841][ T6106] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  577.290212][ T6106] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  577.304922][ T6106] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  577.970232][   T40] audit: type=1804 audit(1766384320.748:794): pid=14572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2163" name="/newroot/537/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  578.847450][T14582] tipc: Started in network mode
[  578.849233][T14582] tipc: Node identity , cluster identity 4711
[  578.851298][T14582] tipc: Failed to set node id, please configure manually
[  578.854465][T14582] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  578.933846][T14587] netlink: 'syz.2.2165': attribute type 4 has an invalid length.
[  579.085515][T14588] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  579.091350][T14588] Error validating options; rc = [-22]
[  579.600107][T14596] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  579.602900][T14596] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  579.612490][T14596] vhci_hcd vhci_hcd.0: Device attached
[  579.894018][ T6030] usb 48-1: SetAddress Request (22) to port 0
[  579.898595][ T6030] usb 48-1: new SuperSpeed USB device number 22 using vhci_hcd
[  580.532949][T14597] vhci_hcd: connection reset by peer
[  580.551831][ T5136] vhci_hcd vhci_hcd.5: stop threads
[  580.553643][ T5136] vhci_hcd vhci_hcd.5: release socket
[  580.556077][ T5136] vhci_hcd vhci_hcd.5: disconnect device
[  581.495930][T14639] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2182'.
[  582.204023][  T839] usb 42-1: device descriptor read/8, error -110
[  582.617889][T14654] misc userio: Invalid payload size
[  582.644335][  T839] usb usb42-port1: attempt power cycle
[  583.214787][  T839] usb usb42-port1: unable to enumerate USB device
[  583.891065][T12962] libceph: connect (1)[c::]:6789 error -101
[  583.893320][T12962] libceph: mon0 (1)[c::]:6789 connect error
[  584.155118][T12962] libceph: connect (1)[c::]:6789 error -101
[  584.157188][T12962] libceph: mon0 (1)[c::]:6789 connect error
[  584.666420][T12962] libceph: connect (1)[c::]:6789 error -101
[  584.669162][T12962] libceph: mon0 (1)[c::]:6789 connect error
[  584.701144][T14668] ceph: No mds server is up or the cluster is laggy
[  584.785121][T14691] misc userio: Invalid payload size
[  584.983936][ T6030] usb 48-1: device descriptor read/8, error -110
[  584.989437][T14692] autofs: Unknown parameter ''
[  585.405749][ T6030] usb usb48-port1: attempt power cycle
[  585.752218][T14707] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2201'.
[  585.991108][ T6030] usb usb48-port1: unable to enumerate USB device
[  588.267134][T14734] FAULT_INJECTION: forcing a failure.
[  588.267134][T14734] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.271519][T14734] CPU: 1 UID: 0 PID: 14734 Comm: syz.5.2209 Not tainted syzkaller #0 PREEMPT(full) 
[  588.271545][T14734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  588.271553][T14734] Call Trace:
[  588.271558][T14734]  <TASK>
[  588.271563][T14734]  dump_stack_lvl+0x16c/0x1f0
[  588.271583][T14734]  should_fail_ex+0x512/0x640
[  588.271599][T14734]  _copy_from_user+0x2e/0xd0
[  588.271612][T14734]  bpf_test_init.isra.0+0xce/0x130
[  588.271628][T14734]  bpf_prog_test_run_skb+0x489/0x31a0
[  588.271647][T14734]  ? find_held_lock+0x2b/0x80
[  588.271667][T14734]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  588.271684][T14734]  ? fput+0x70/0xf0
[  588.271696][T14734]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  588.271712][T14734]  __sys_bpf+0x1035/0x4980
[  588.271726][T14734]  ? __pfx___sys_bpf+0x10/0x10
[  588.271735][T14734]  ? find_held_lock+0x2b/0x80
[  588.271752][T14734]  ? find_held_lock+0x2b/0x80
[  588.271770][T14734]  ? __mutex_unlock_slowpath+0x161/0x790
[  588.271796][T14734]  ? fput+0x70/0xf0
[  588.271806][T14734]  ? ksys_write+0x1ac/0x250
[  588.271822][T14734]  ? __pfx_ksys_write+0x10/0x10
[  588.271840][T14734]  __ia32_sys_bpf+0x76/0xe0
[  588.271851][T14734]  ? lockdep_hardirqs_on+0x7c/0x110
[  588.271867][T14734]  __do_fast_syscall_32+0xe8/0x680
[  588.271887][T14734]  do_fast_syscall_32+0x32/0x80
[  588.271897][T14734]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  588.271911][T14734] RIP: 0023:0xf70dd579
[  588.271921][T14734] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  588.271931][T14734] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  588.271945][T14734] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000800002c0
[  588.271952][T14734] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
[  588.271958][T14734] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  588.271965][T14734] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  588.271971][T14734] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  588.271985][T14734]  </TASK>
[  589.020345][T14754] misc userio: Invalid payload size
[  589.479134][T14772] syzkaller0: entered promiscuous mode
[  589.481505][T14772] syzkaller0: entered allmulticast mode
[  590.433617][T14785] 9p: Unknown Cache mode or invalid value fscach
[  590.746019][T14801] netlink: 80 bytes leftover after parsing attributes in process `syz.5.2226'.
[  590.753362][T14801] 9p: Bad value for 'wfdno'
[  592.505311][T14835] syz_tun: entered allmulticast mode
[  592.543128][T14835] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  593.304161][ T5939] Bluetooth: hci2: ACL packet too small
[  594.262591][   T40] audit: type=1804 audit(1766384337.038:795): pid=14874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2248" name="/newroot/589/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  595.294946][T14883] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  595.297093][T14883] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  595.299849][T14883] vhci_hcd vhci_hcd.0: Device attached
[  595.443943][  T839] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  595.563901][   T29] usb 48-1: SetAddress Request (26) to port 0
[  595.566388][   T29] usb 48-1: new SuperSpeed USB device number 26 using vhci_hcd
[  595.770143][  T839] usb 7-1: too many configurations: 9, using maximum allowed: 8
[  595.776281][T14884] vhci_hcd: connection reset by peer
[  595.778564][   T60] vhci_hcd vhci_hcd.5: stop threads
[  595.778572][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.780299][   T60] vhci_hcd vhci_hcd.5: release socket
[  595.780356][   T60] vhci_hcd vhci_hcd.5: disconnect device
[  595.783248][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.790750][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.797164][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.800146][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.803566][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.812294][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.816730][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.820291][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.827769][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.836505][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.840047][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.847890][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.850838][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.860030][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.863978][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.866987][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.870516][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.883549][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.895308][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.902317][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.910326][  T839] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9
[  595.913234][  T839] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  595.917520][  T839] usb 7-1: config 0 interface 0 has no altsetting 0
[  595.931152][  T839] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  595.934193][  T839] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  595.936900][  T839] usb 7-1: Product: syz
[  595.938290][  T839] usb 7-1: Manufacturer: syz
[  595.940295][  T839] usb 7-1: SerialNumber: syz
[  595.945792][  T839] usb 7-1: config 0 descriptor??
[  595.966365][  T839] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0
[  596.265019][    C1] usb 7-1: yurex_control_callback - control failed: -71
[  596.265364][ T6030] usb 7-1: USB disconnect, device number 20
[  596.274052][ T6030] yurex 7-1:0.0: USB YUREX #0 now disconnected
[  596.565805][T14910] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2258'.
[  597.118104][T14936] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2263'.
[  597.190511][T14940] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2263'.
[  598.346375][T14973] bridge_slave_0: left allmulticast mode
[  598.348761][T14973] bridge_slave_0: left promiscuous mode
[  598.350768][T14973] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.395632][T14973] bridge_slave_1: left allmulticast mode
[  598.397461][T14973] bridge_slave_1: left promiscuous mode
[  598.399271][T14973] bridge0: port 2(bridge_slave_1) entered disabled state
[  598.416145][T14973] bond0: (slave bond_slave_0): Releasing backup interface
[  598.423636][T14973] bond_slave_0: left promiscuous mode
[  598.546895][T14973] bond0: (slave bond_slave_1): Releasing backup interface
[  598.565702][T14973] bond_slave_1: left promiscuous mode
[  598.588447][T14973] team0: Port device team_slave_0 removed
[  598.605684][T14973] team0: Port device team_slave_1 removed
[  598.608494][T14973] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  598.610860][T14973] batman_adv: batadv0: Removing interface: batadv_slave_0
[  598.634817][T14973] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  598.788435][T14973] batman_adv: batadv0: Removing interface: batadv_slave_1
[  598.809914][T14973] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  599.023575][   T60] bridge_slave_1: left allmulticast mode
[  599.026436][   T60] bridge_slave_1: left promiscuous mode
[  599.029074][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.033888][   T60] bridge_slave_0: left allmulticast mode
[  599.035942][   T60] bridge_slave_0: left promiscuous mode
[  599.038559][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  599.374680][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  599.380826][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  599.397286][   T60] bond0 (unregistering): Released all slaves
[  599.656333][T15014] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  599.658953][T15014] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  599.666539][T15014] vhci_hcd vhci_hcd.0: Device attached
[  599.955169][T12962] usb 44-1: SetAddress Request (13) to port 0
[  599.957171][T12962] usb 44-1: new SuperSpeed USB device number 13 using vhci_hcd
[  600.349562][T15017] vhci_hcd: connection reset by peer
[  600.352598][ T4297] vhci_hcd vhci_hcd.3: stop threads
[  600.363145][ T4297] vhci_hcd vhci_hcd.3: release socket
[  600.365860][ T4297] vhci_hcd vhci_hcd.3: disconnect device
[  600.663872][   T29] usb 48-1: device descriptor read/8, error -110
[  601.074961][   T29] usb usb48-port1: attempt power cycle
[  601.654780][   T29] usb usb48-port1: unable to enumerate USB device
[  602.934306][   T60] hsr_slave_0: left promiscuous mode
[  602.937082][   T60] hsr_slave_1: left promiscuous mode
[  602.939110][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  602.941937][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  603.419828][   T60] team0 (unregistering): Port device team_slave_1 removed
[  603.502171][T15086] fuse: Bad value for 'fd'
[  603.538974][   T60] team0 (unregistering): Port device team_slave_0 removed
[  603.569478][T15089] misc userio: Invalid payload size
[  604.236616][T15106] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2297'.
[  604.269174][T15106] usb 1-1: USB disconnect, device number 3
[  604.641701][T15109] wg2 speed is unknown, defaulting to 1000
[  604.648574][T15109] wg2 speed is unknown, defaulting to 1000
[  604.650816][T15109] wg2 speed is unknown, defaulting to 1000
[  604.819950][T15109] infiniband syz2: set active
[  604.821752][T15109] infiniband syz2: added wg2
[  604.856833][T15109] RDS/IB: syz2: added
[  604.860618][T15109] smc: adding ib device syz2 with port count 1
[  604.863248][T15109] smc:    ib device syz2 port 1 has pnetid SYZ1 (user defined)
[  604.871605][   T29] wg2 speed is unknown, defaulting to 1000
[  604.875824][T15109] wg2 speed is unknown, defaulting to 1000
[  604.934715][   T29] wg2 speed is unknown, defaulting to 1000
[  604.984036][T12962] usb 44-1: device descriptor read/8, error -110
[  605.076915][T15109] wg2 speed is unknown, defaulting to 1000
[  605.106882][T15114] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  605.112304][T15114] Error validating options; rc = [-22]
[  605.374400][T12962] usb usb44-port1: attempt power cycle
[  605.374757][T15109] wg2 speed is unknown, defaulting to 1000
[  605.607949][T15109] wg2 speed is unknown, defaulting to 1000
[  605.934675][T12962] usb usb44-port1: unable to enumerate USB device
[  605.954854][T15118] fuse: Bad value for 'fd'
[  606.369142][T15136] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2305'.
[  606.723875][ T1331] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  606.883915][ T1331] usb 8-1: Using ep0 maxpacket: 8
[  606.889420][ T1331] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  606.899012][ T1331] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  606.904516][ T1331] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.921691][ T1331] usb 8-1: config 0 descriptor??
[  607.128243][T15148] fuse: Bad value for 'fd'
[  607.526583][T15158] Cache volume key already in use (9p,syz,)
[  607.574772][   T40] audit: type=1804 audit(1766384350.318:796): pid=15158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2311" name="/newroot/598/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  607.951467][ T1331] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  609.330838][T15180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2316'.
[  609.340383][T15180] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  609.343879][T15180] team0: Device ipvlan2 is already an upper device of the team interface
[  609.511009][ T6721] usb 8-1: USB disconnect, device number 19
[  609.600045][T15189] veth1_to_bond: entered allmulticast mode
[  609.602375][T15189] veth1_to_bond: entered promiscuous mode
[  609.665731][ T5944] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  609.669398][ T5944] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  609.672192][ T5944] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  609.675848][ T5944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  609.678628][ T5944] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  609.849917][T15193] wg2 speed is unknown, defaulting to 1000
[  610.028315][T15200] usb usb9: usbfs: process 15200 (syz.3.2323) did not claim interface 30 before use
[  610.118023][   T40] audit: type=1326 audit(1766384352.888:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.152209][   T40] audit: type=1326 audit(1766384352.888:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.192174][T15207] cgroup: none used incorrectly
[  610.225962][   T40] audit: type=1326 audit(1766384352.898:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.266712][   T40] audit: type=1326 audit(1766384352.898:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.271569][T15193] chnl_net:caif_netlink_parms(): no params data found
[  610.273720][   T40] audit: type=1326 audit(1766384352.898:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.284672][   T40] audit: type=1326 audit(1766384352.898:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.291944][   T40] audit: type=1326 audit(1766384352.908:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.343982][   T40] audit: type=1326 audit(1766384352.908:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.352531][   T40] audit: type=1326 audit(1766384352.908:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15198 comm="syz.3.2323" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f07579 code=0x7ffc0000
[  610.408498][T15187] veth1_to_bond: left promiscuous mode
[  610.411126][T15187] veth1_to_bond: left allmulticast mode
[  610.450222][T15193] bridge0: port 1(bridge_slave_0) entered blocking state
[  610.452540][T15193] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.455019][T15193] bridge_slave_0: entered allmulticast mode
[  610.457863][T15193] bridge_slave_0: entered promiscuous mode
[  610.462292][T15193] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.464897][T15193] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.467149][T15193] bridge_slave_1: entered allmulticast mode
[  610.469686][T15193] bridge_slave_1: entered promiscuous mode
[  610.493743][T15193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  610.500173][T15193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  610.526307][T15220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2325'.
[  610.532390][T15193] team0: Port device team_slave_0 added
[  610.536723][T15220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2325'.
[  610.541861][T15193] team0: Port device team_slave_1 added
[  610.543681][T15220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2325'.
[  610.553495][T15220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2325'.
[  610.561865][T15220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2325'.
[  610.565784][T15193] batman_adv: batadv0: Adding interface: batadv_slave_0
[  610.568242][T15193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  610.576835][T15193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  610.582309][T15193] batman_adv: batadv0: Adding interface: batadv_slave_1
[  610.585601][T15193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  610.594685][T15193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  610.622773][T15193] hsr_slave_0: entered promiscuous mode
[  610.625334][T15193] hsr_slave_1: entered promiscuous mode
[  610.805307][ T6809] bridge_slave_1: left allmulticast mode
[  610.807408][ T6809] bridge_slave_1: left promiscuous mode
[  610.809264][ T6809] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.812914][ T6809] bridge_slave_0: left allmulticast mode
[  610.815178][ T6809] bridge_slave_0: left promiscuous mode
[  610.817067][ T6809] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.703949][ T5944] Bluetooth: hci1: command tx timeout
[  612.852723][ T6809] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  612.857818][ T6809] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  612.861461][ T6809] bond0 (unregistering): Released all slaves
[  612.975001][T15235] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  612.978254][T15235] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  613.012042][T15235] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  613.137346][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  613.137363][   T40] audit: type=1804 audit(1766384355.918:808): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2332" name="/newroot/130/bus/file0" dev="overlay" ino=732 res=1 errno=0
[  613.149772][   T40] audit: type=1804 audit(1766384355.918:809): pid=15255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2332" name="/newroot/130/bus/file0" dev="overlay" ino=732 res=1 errno=0
[  613.445317][T15193] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  613.451793][T15193] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  613.481560][T15193] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  613.496068][T15275] tipc: Enabled bearer <udp:syz2>, priority 10
[  613.499929][T15193] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  613.555024][ T6030] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  613.664956][ T6809] hsr_slave_0: left promiscuous mode
[  613.669268][ T6809] batman_adv: batadv0: Removing interface: batadv_slave_0
[  613.673178][ T6809] batman_adv: batadv0: Removing interface: batadv_slave_1
[  613.703971][ T6030] usb 10-1: Using ep0 maxpacket: 8
[  613.707072][ T6030] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  613.710520][ T6030] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  613.713359][ T6030] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.897280][ T6030] usb 10-1: config 0 descriptor??
[  614.085390][ T6809] team0 (unregistering): Port device team_slave_1 removed
[  614.109607][ T6030] iowarrior 10-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  614.117727][ T6809] team0 (unregistering): Port device team_slave_0 removed
[  614.400989][T15193] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.496011][T15193] 8021q: adding VLAN 0 to HW filter on device team0
[  614.508562][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.511566][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.533614][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.536827][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  614.571764][ T6721] usb 10-1: USB disconnect, device number 3
[  614.616715][ T6030] tipc: Node number set to 235581628
[  614.729249][T15193] 8021q: adding VLAN 0 to HW filter on device batadv0
[  614.769209][T15193] veth0_vlan: entered promiscuous mode
[  614.780804][T15193] veth1_vlan: entered promiscuous mode
[  614.800334][T15193] veth0_macvtap: entered promiscuous mode
[  614.804776][T15193] veth1_macvtap: entered promiscuous mode
[  614.817495][T15193] batman_adv: batadv0: Interface activated: batadv_slave_0
[  614.826740][T15193] batman_adv: batadv0: Interface activated: batadv_slave_1
[  614.843243][ T6809] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  614.849714][ T6809] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  614.853247][ T6809] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  614.872956][ T4297] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  614.942244][T13753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  614.949835][T13753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.963634][ T4297] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  614.966357][ T4297] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  614.984015][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[  616.187664][T15359] FAULT_INJECTION: forcing a failure.
[  616.187664][T15359] name failslab, interval 1, probability 0, space 0, times 0
[  616.191707][T15359] CPU: 3 UID: 0 PID: 15359 Comm: syz.2.2354 Not tainted syzkaller #0 PREEMPT(full) 
[  616.191723][T15359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  616.191730][T15359] Call Trace:
[  616.191734][T15359]  <TASK>
[  616.191739][T15359]  dump_stack_lvl+0x16c/0x1f0
[  616.191760][T15359]  should_fail_ex+0x512/0x640
[  616.191774][T15359]  ? kmem_cache_alloc_noprof+0x62/0x770
[  616.191789][T15359]  should_failslab+0xc2/0x120
[  616.191806][T15359]  kmem_cache_alloc_noprof+0x83/0x770
[  616.191820][T15359]  ? security_file_alloc+0x34/0x2b0
[  616.191837][T15359]  ? security_file_alloc+0x34/0x2b0
[  616.191850][T15359]  security_file_alloc+0x34/0x2b0
[  616.191864][T15359]  init_file+0x93/0x4c0
[  616.191876][T15359]  alloc_empty_file+0x73/0x1e0
[  616.191889][T15359]  path_openat+0xde/0x3140
[  616.191904][T15359]  ? __do_fast_syscall_32+0xe8/0x680
[  616.191922][T15359]  ? do_fast_syscall_32+0x32/0x80
[  616.191931][T15359]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  616.191949][T15359]  ? __pfx_path_openat+0x10/0x10
[  616.191968][T15359]  ? __lock_acquire+0x436/0x2890
[  616.191980][T15359]  do_filp_open+0x20b/0x470
[  616.191997][T15359]  ? __pfx_do_filp_open+0x10/0x10
[  616.192025][T15359]  ? _raw_spin_unlock+0x28/0x50
[  616.192040][T15359]  ? alloc_fd+0x471/0x7d0
[  616.192060][T15359]  do_sys_openat2+0x121/0x290
[  616.192072][T15359]  ? __pfx_do_sys_openat2+0x10/0x10
[  616.192086][T15359]  ? __fget_files+0x20e/0x3c0
[  616.192104][T15359]  __ia32_compat_sys_openat+0x16d/0x210
[  616.192117][T15359]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  616.192130][T15359]  ? ksys_write+0x1ac/0x250
[  616.192147][T15359]  ? do_user_addr_fault+0x843/0x1370
[  616.192163][T15359]  __do_fast_syscall_32+0xe8/0x680
[  616.192182][T15359]  do_fast_syscall_32+0x32/0x80
[  616.192192][T15359]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  616.192206][T15359] RIP: 0023:0xf708d579
[  616.192216][T15359] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  616.192227][T15359] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  616.192238][T15359] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080002180
[  616.192245][T15359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  616.192252][T15359] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  616.192258][T15359] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  616.192265][T15359] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  616.192283][T15359]  </TASK>
[  616.995659][T15372] netlink: 'syz.3.2359': attribute type 10 has an invalid length.
[  616.999648][T15372] veth0_vlan: left promiscuous mode
[  617.003858][T15372] veth0_vlan: entered promiscuous mode
[  617.007642][T15372] team0: Device veth0_vlan failed to register rx_handler
[  617.025462][T15368] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  617.028263][T15368] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  617.031859][T15368] vhci_hcd vhci_hcd.0: Device attached
[  617.036110][T15372] vlan0: entered allmulticast mode
[  617.038325][T15372] veth0_to_bond: entered allmulticast mode
[  617.073899][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[  617.275912][T15383] netlink: 45 bytes leftover after parsing attributes in process `syz.4.2358'.
[  617.295318][ T6721] usb 48-1: SetAddress Request (30) to port 0
[  617.297949][ T6721] usb 48-1: new SuperSpeed USB device number 30 using vhci_hcd
[  617.423291][T15386] fuse: Unknown parameter 'rootmo00000000 000000040000'
[  617.482616][T15387] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  617.485188][T15387] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  617.489286][T15387] vhci_hcd vhci_hcd.0: Device attached
[  617.640402][T15373] vhci_hcd: connection reset by peer
[  617.642434][   T13] vhci_hcd vhci_hcd.5: stop threads
[  617.644797][   T13] vhci_hcd vhci_hcd.5: release socket
[  617.647129][   T13] vhci_hcd vhci_hcd.5: disconnect device
[  617.753939][ T1331] usb 42-1: SetAddress Request (87) to port 0
[  617.756626][ T1331] usb 42-1: new SuperSpeed USB device number 87 using vhci_hcd
[  619.112315][   T40] audit: type=1804 audit(1766384361.888:810): pid=15397 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2364" name="/newroot/574/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  619.153894][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[  619.278999][T15388] vhci_hcd: connection reset by peer
[  619.281059][   T71] vhci_hcd vhci_hcd.2: stop threads
[  619.283483][   T71] vhci_hcd vhci_hcd.2: release socket
[  619.289585][   T71] vhci_hcd vhci_hcd.2: disconnect device
[  620.563061][T15418] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  620.565360][T15418] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  620.568252][T15418] vhci_hcd vhci_hcd.0: Device attached
[  620.571363][T15419] vhci_hcd: connection closed
[  620.571826][ T4297] vhci_hcd vhci_hcd.5: stop threads
[  620.575448][ T4297] vhci_hcd vhci_hcd.5: release socket
[  620.577179][ T4297] vhci_hcd vhci_hcd.5: disconnect device
[  620.938250][T15423] fuse: Bad value for 'fd'
[  621.223953][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[  621.272570][T15431] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  621.274836][T15431] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  621.277931][T15431] vhci_hcd vhci_hcd.0: Device attached
[  621.572392][   T40] audit: type=1804 audit(1766384364.348:811): pid=15446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2375" name="/newroot/576/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  622.052162][T15432] vhci_hcd: connection closed
[  622.052888][   T13] vhci_hcd vhci_hcd.2: stop threads
[  622.056615][   T13] vhci_hcd vhci_hcd.2: release socket
[  622.058553][   T13] vhci_hcd vhci_hcd.2: disconnect device
[  622.344004][ T6721] usb 48-1: device descriptor read/8, error -110
[  622.827635][ T6721] usb usb48-port1: attempt power cycle
[  623.144267][ T1331] usb 42-1: device descriptor read/8, error -110
[  623.248790][T15464] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  623.251513][T15464] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  623.269643][T15464] vhci_hcd vhci_hcd.0: Device attached
[  623.303905][ T5944] Bluetooth: hci1: command 0x040f tx timeout
[  623.361736][   T40] audit: type=1326 audit(1766384366.138:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.370493][   T40] audit: type=1326 audit(1766384366.138:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.383240][   T40] audit: type=1326 audit(1766384366.138:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.389372][ T6721] usb usb48-port1: unable to enumerate USB device
[  623.392071][   T40] audit: type=1326 audit(1766384366.138:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.409892][   T40] audit: type=1326 audit(1766384366.138:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=156 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.424251][ T1331] usb 42-1: SetAddress Request (88) to port 0
[  623.426224][ T1331] usb 42-1: new SuperSpeed USB device number 88 using vhci_hcd
[  623.461990][   T40] audit: type=1326 audit(1766384366.138:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.478427][   T40] audit: type=1326 audit(1766384366.138:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.493316][   T40] audit: type=1326 audit(1766384366.148:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15468 comm="syz.4.2385" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf704d579 code=0x7ffc0000
[  623.866123][T15465] vhci_hcd: connection reset by peer
[  623.869581][T13753] vhci_hcd vhci_hcd.2: stop threads
[  623.873115][T13753] vhci_hcd vhci_hcd.2: release socket
[  623.876883][T13753] vhci_hcd vhci_hcd.2: disconnect device
[  624.763637][T15499] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2391'.
[  624.767687][T15499] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2391'.
[  624.818948][T15498] RDS: rds_bind could not find a transport for ::ffff:172.30.1.6, load rds_tcp or rds_rdma?
[  624.943162][T15494] bridge0: port 2(bridge_slave_1) entered disabled state
[  624.945714][T15494] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.184672][T15494] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  625.198410][T15494] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  625.366281][ T4297] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  625.369207][ T4297] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  625.372035][ T4297] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  625.376475][ T4297] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  626.551194][T15533] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  626.553283][T15533] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  626.587453][   T40] kauditd_printk_skb: 36 callbacks suppressed
[  626.587474][   T40] audit: type=1804 audit(1766384369.368:856): pid=15537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2402" name="/newroot/10/file0/file0" dev="9p" ino=71827937 res=1 errno=0
[  626.616195][T15533] vhci_hcd vhci_hcd.0: Device attached
[  626.903898][   T61] usb 44-1: SetAddress Request (17) to port 0
[  626.906232][   T61] usb 44-1: new SuperSpeed USB device number 17 using vhci_hcd
[  627.052513][T15539] lo speed is unknown, defaulting to 1000
[  627.055324][T15539] lo speed is unknown, defaulting to 1000
[  627.058243][T15539] lo speed is unknown, defaulting to 1000
[  627.069097][T15539] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  627.137619][T15539] lo speed is unknown, defaulting to 1000
[  627.140631][T15539] lo speed is unknown, defaulting to 1000
[  627.143265][T15539] lo speed is unknown, defaulting to 1000
[  627.146223][T15539] lo speed is unknown, defaulting to 1000
[  627.213939][T15535] vhci_hcd: connection reset by peer
[  627.218346][ T4297] vhci_hcd vhci_hcd.3: stop threads
[  627.220151][ T4297] vhci_hcd vhci_hcd.3: release socket
[  627.222498][ T4297] vhci_hcd vhci_hcd.3: disconnect device
[  628.020981][T15558] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  628.134031][T15565] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  628.136720][T15565] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  628.139887][T15565] vhci_hcd vhci_hcd.0: Device attached
[  628.721799][T15566] vhci_hcd: connection reset by peer
[  628.724254][   T46] vhci_hcd vhci_hcd.2: stop threads
[  628.728357][   T46] vhci_hcd vhci_hcd.2: release socket
[  628.731614][   T46] vhci_hcd vhci_hcd.2: disconnect device
[  628.859982][ T1331] usb 42-1: device descriptor read/8, error -110
[  628.879263][T15561] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  628.884419][T15561] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  628.919676][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  628.922639][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  628.964099][ T1331] usb usb42-port1: attempt power cycle
[  629.161995][T15590] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  629.164752][T15590] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  629.168965][T15590] vhci_hcd vhci_hcd.0: Device attached
[  629.173900][ T6721] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  629.333906][ T6721] usb 10-1: Using ep0 maxpacket: 8
[  629.337917][ T6721] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 5
[  629.341817][ T6721] usb 10-1: config 0 interface 0 has no altsetting 0
[  629.344950][ T6721] usb 10-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  629.349177][ T6721] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.353565][ T6721] usb 10-1: config 0 descriptor??
[  629.595675][ T1331] usb usb42-port1: unable to enumerate USB device
[  629.622952][ T6721] usbhid 10-1:0.0: can't add hid device: -71
[  629.625219][ T6721] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  629.629655][ T6721] usb 10-1: USB disconnect, device number 4
[  629.989928][T15591] vhci_hcd: connection closed
[  629.992879][ T1177] vhci_hcd vhci_hcd.3: stop threads
[  629.996749][ T1177] vhci_hcd vhci_hcd.3: release socket
[  629.998535][ T1177] vhci_hcd vhci_hcd.3: disconnect device
[  630.250825][T15609] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  630.254063][T15609] UDF-fs: Scanning with blocksize 2048 failed
[  630.258312][T15609] UDF-fs: warning (device sr0): udf_load_vrs: No VRS found
[  630.260713][T15609] UDF-fs: Scanning with blocksize 4096 failed
[  630.931509][T15624] misc userio: Invalid payload size
[  631.943992][   T61] usb 44-1: device descriptor read/8, error -110
[  632.404295][   T61] usb usb44-port1: attempt power cycle
[  632.974964][   T61] usb usb44-port1: unable to enumerate USB device
[  633.170122][T15664] FAULT_INJECTION: forcing a failure.
[  633.170122][T15664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  633.203983][T15664] CPU: 0 UID: 0 PID: 15664 Comm: syz.3.2444 Not tainted syzkaller #0 PREEMPT(full) 
[  633.204017][T15664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  633.204028][T15664] Call Trace:
[  633.204035][T15664]  <TASK>
[  633.204043][T15664]  dump_stack_lvl+0x16c/0x1f0
[  633.204093][T15664]  should_fail_ex+0x512/0x640
[  633.204125][T15664]  _copy_from_user+0x2e/0xd0
[  633.204146][T15664]  kstrtouint_from_user+0xd6/0x1d0
[  633.204171][T15664]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  633.204196][T15664]  ? __lock_acquire+0x436/0x2890
[  633.204226][T15664]  proc_fail_nth_write+0x83/0x220
[  633.204246][T15664]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  633.204270][T15664]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  633.204287][T15664]  vfs_write+0x2a0/0x11d0
[  633.204315][T15664]  ? __pfx___mutex_lock+0x10/0x10
[  633.204346][T15664]  ? __pfx_vfs_write+0x10/0x10
[  633.204369][T15664]  ? find_held_lock+0x2b/0x80
[  633.204399][T15664]  ? __fget_files+0x20e/0x3c0
[  633.204432][T15664]  ksys_write+0x12a/0x250
[  633.204457][T15664]  ? __pfx_ksys_write+0x10/0x10
[  633.204491][T15664]  __do_fast_syscall_32+0xe8/0x680
[  633.204522][T15664]  do_fast_syscall_32+0x32/0x80
[  633.204540][T15664]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  633.204563][T15664] RIP: 0023:0xf7f07579
[  633.204577][T15664] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  633.204595][T15664] RSP: 002b:00000000f53f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  633.204613][T15664] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53f6620
[  633.204625][T15664] RDX: 0000000000000001 RSI: 00000000f7396ff4 RDI: 0000000000000000
[  633.204636][T15664] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  633.204647][T15664] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  633.204659][T15664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  633.204684][T15664]  </TASK>
[  634.772855][T15694] No control pipe specified
[  635.674080][T15724] overlayfs: failed to clone upperpath
[  636.426061][T15742] random: crng reseeded on system resumption
[  636.821528][T15750] netlink: 'syz.2.2474': attribute type 10 has an invalid length.
[  636.824221][T15750] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2474'.
[  636.827317][T15750] batadv0: entered promiscuous mode
[  636.828944][T15750] batadv0: entered allmulticast mode
[  636.830745][T15750] bridge0: port 3(batadv0) entered blocking state
[  636.832791][T15750] bridge0: port 3(batadv0) entered disabled state
[  636.869843][T15755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2476'.
[  637.023939][ T1177] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  637.027041][ T1177] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  637.037249][T15768] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2481'.
[  637.463865][  T839] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  637.624114][  T839] usb 8-1: Using ep0 maxpacket: 8
[  637.628462][  T839] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  637.632310][  T839] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  637.636649][  T839] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  637.640838][  T839] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  637.645564][  T839] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  637.651161][  T839] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  637.655143][  T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.884379][  T839] usb 8-1: usb_control_msg returned -32
[  637.889555][  T839] usbtmc 8-1:16.0: can't read capabilities
[  638.309141][T15807] usbtmc 8-1:16.0: usb_control_msg returned -32
[  638.373939][   T61] usb 8-1: USB disconnect, device number 20
[  639.680013][T15825] tipc: Can't bind to reserved service type 2
[  639.704042][T15825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2501'.
[  639.779267][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2503'.
[  639.798185][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2503'.
[  640.585485][T15847] netlink: 'syz.4.2511': attribute type 1 has an invalid length.
[  640.588046][T15847] netlink: 'syz.4.2511': attribute type 22 has an invalid length.
[  641.112731][T15866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2516'.
[  641.669958][ T5939] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  641.673632][ T5939] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  641.682916][ T5939] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  641.694215][ T5939] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  641.696948][ T5939] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  641.707338][ T5944] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  641.715332][ T5944] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  641.719055][ T5944] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  641.722142][ T5944] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  641.728824][ T5944] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  641.785716][T15873] wg2 speed is unknown, defaulting to 1000
[  641.930619][T15873] lo speed is unknown, defaulting to 1000
[  641.956244][T15259] syz_tun (unregistering): left allmulticast mode
[  642.038398][T15873] chnl_net:caif_netlink_parms(): no params data found
[  642.128952][T15873] bridge0: port 1(bridge_slave_0) entered blocking state
[  642.136025][T15873] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.138416][T15873] bridge_slave_0: entered allmulticast mode
[  642.163968][T15873] bridge_slave_0: entered promiscuous mode
[  642.216715][T15873] bridge0: port 2(bridge_slave_1) entered blocking state
[  642.224023][T15873] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.226416][T15873] bridge_slave_1: entered allmulticast mode
[  642.229096][T15873] bridge_slave_1: entered promiscuous mode
[  642.269616][T15873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  642.284141][T15873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  642.307431][T15873] team0: Port device team_slave_0 added
[  642.310603][T15873] team0: Port device team_slave_1 added
[  642.334792][T15873] batman_adv: batadv0: Adding interface: batadv_slave_0
[  642.336993][T15873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  642.354692][T15873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  642.368717][T15873] batman_adv: batadv0: Adding interface: batadv_slave_1
[  642.371248][T15873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  642.393838][T15873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  642.413933][ T1331] usb 7-1: new full-speed USB device number 21 using dummy_hcd
[  642.445144][T15873] hsr_slave_0: entered promiscuous mode
[  642.447410][T15873] hsr_slave_1: entered promiscuous mode
[  642.449476][T15873] debugfs: 'hsr0' already exists in 'hsr'
[  642.452488][T15873] Cannot create hsr debugfs directory
[  642.551342][   T60] erspan0: left allmulticast mode
[  642.553513][   T60] erspan0: left promiscuous mode
[  642.556945][   T60] bridge0: port 3(erspan0) entered disabled state
[  642.560905][   T60] bridge_slave_1: left allmulticast mode
[  642.562878][   T60] bridge_slave_1: left promiscuous mode
[  642.565605][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.568963][ T1331] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  642.572404][ T1331] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  642.577744][ T1331] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  642.580588][ T1331] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  642.584431][   T60] bridge_slave_0: left allmulticast mode
[  642.586205][   T60] bridge_slave_0: left promiscuous mode
[  642.588043][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  642.591125][ T1331] usb 7-1: config 0 descriptor??
[  642.601327][ T1331] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  642.604092][ T1331] dvb-usb: bulk message failed: -22 (3/0)
[  642.609331][ T1331] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  642.613001][ T1331] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  642.615782][ T1331] usb 7-1: media controller created
[  642.619800][ T1331] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  642.644801][ T1331] dvb-usb: bulk message failed: -22 (6/0)
[  642.648206][ T1331] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  642.659914][ T1331] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input62
[  642.689314][ T1331] dvb-usb: schedule remote query interval to 150 msecs.
[  642.694692][ T1331] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  642.804492][ T1331] usb 7-1: USB disconnect, device number 21
[  642.883022][ T1331] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  643.667161][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  643.671073][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  643.674424][   T60] bond0 (unregistering): Released all slaves
[  643.729298][   T60] tipc: Disabling bearer <udp:syz2>
[  643.732875][   T60] tipc: Left network mode
[  643.794257][ T5944] Bluetooth: hci2: command tx timeout
[  644.126624][   T60] hsr_slave_0: left promiscuous mode
[  644.128977][   T60] hsr_slave_1: left promiscuous mode
[  644.490991][   T60] team0 (unregistering): Port device team_slave_1 removed
[  644.528633][   T60] team0 (unregistering): Port device team_slave_0 removed
[  644.627758][   T10] usb 7-1: new full-speed USB device number 22 using dummy_hcd
[  644.779799][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  644.784626][   T10] usb 7-1: config 0 has no interfaces?
[  644.798222][   T10] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  644.802334][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.811365][   T10] usb 7-1: Product: syz
[  644.812811][   T10] usb 7-1: Manufacturer: syz
[  644.814422][   T10] usb 7-1: SerialNumber: syz
[  644.824389][   T10] usb 7-1: config 0 descriptor??
[  644.853460][T15873] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  644.876440][T15873] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  644.880548][T15873] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  644.884885][T15873] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  644.976045][T15873] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.988815][T15873] 8021q: adding VLAN 0 to HW filter on device team0
[  644.996107][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.998468][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  645.004653][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  645.006992][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.032442][T12962] usb 7-1: USB disconnect, device number 22
[  645.140452][T15873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  645.165415][T15873] veth0_vlan: entered promiscuous mode
[  645.171473][T15873] veth1_vlan: entered promiscuous mode
[  645.192268][T15873] veth0_macvtap: entered promiscuous mode
[  645.197244][T15873] veth1_macvtap: entered promiscuous mode
[  645.206948][T15873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  645.213194][T15873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  645.220952][ T4297] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  645.223850][ T4297] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  645.227423][ T4297] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  645.231130][ T4297] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  645.270378][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  645.272770][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  645.295350][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  645.299049][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  645.645377][T15976] dlm: no local IP address has been set
[  645.647376][T15976] dlm: cannot start dlm midcomms -107
[  645.812097][T15985] geneve2: entered promiscuous mode
[  645.817826][T15985] geneve2: entered allmulticast mode
[  645.863938][ T5944] Bluetooth: hci2: command tx timeout
[  646.029832][T15988] hub 6-0:1.0: USB hub found
[  646.034055][T15988] hub 6-0:1.0: 1 port detected
[  647.953905][ T5944] Bluetooth: hci2: command tx timeout
[  648.393864][T15335] usb 10-1: new full-speed USB device number 5 using dummy_hcd
[  648.642047][T15335] usb 10-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  648.645845][T15335] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.649119][T15335] usb 10-1: Product: syz
[  648.650860][T15335] usb 10-1: Manufacturer: syz
[  648.652825][T15335] usb 10-1: SerialNumber: syz
[  648.658182][T15335] usb 10-1: config 0 descriptor??
[  649.148465][T15335] airspy 10-1:0.0: Board ID: 00
[  649.150513][T15335] airspy 10-1:0.0: Firmware version: 
[  649.757454][T15335] airspy 10-1:0.0: usb_control_msg() failed -71 request 12
[  649.770461][T15335] airspy 10-1:0.0: Registered as swradio24
[  649.772514][T15335] airspy 10-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  649.778588][T15335] usb 10-1: USB disconnect, device number 5
[  650.024039][ T5939] Bluetooth: hci2: command tx timeout
[  651.416988][T16090] fuse: Unknown parameter 'fd0x000000000000000800000000000000000000'
[  652.393968][   T40] audit: type=1800 audit(1766384395.168:857): pid=16102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2577" name="bus" dev="overlay" ino=1093 res=0 errno=0
[  652.706499][T16105] netlink: 'syz.5.2578': attribute type 5 has an invalid length.
[  653.055038][   T40] audit: type=1804 audit(1766384395.838:858): pid=16111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2579" name="/newroot/199/bus/file0" dev="overlay" ino=1115 res=1 errno=0
[  653.767446][T12962] libceph: connect (1)[c::]:6789 error -101
[  653.770146][T12962] libceph: mon0 (1)[c::]:6789 connect error
[  653.808569][T16122] ceph: No mds server is up or the cluster is laggy
[  653.865469][T16128] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2586'.
[  653.916570][T16129] process 'memfd:-BÕN4¦EyÛѧ±Sñ:)' started with executable stack
[  653.943432][T16132] tmpfs: Bad value for 'mpol'
[  654.029653][T16136] netlink: 'syz.2.2590': attribute type 3 has an invalid length.
[  654.032200][T16136] netlink: 'syz.2.2590': attribute type 3 has an invalid length.
[  654.403892][ T6454] usb 8-1: new full-speed USB device number 21 using dummy_hcd
[  654.564532][ T6454] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  654.567803][ T6454] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  654.570921][ T6454] usb 8-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  654.584346][ T6454] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  654.587229][ T6454] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  654.589607][ T6454] usb 8-1: SerialNumber: syz
[  654.603147][T16142] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  654.610682][T16142] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  654.837473][T16142] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  654.845658][T16142] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  655.279177][ T6454] cdc_ether 8-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42
[  655.465200][ T6454] usb 8-1: USB disconnect, device number 21
[  655.479006][ T6454] cdc_ether 8-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device
[  656.118715][T16171] syzkaller0: entered promiscuous mode
[  656.128272][T16171] syzkaller0: entered allmulticast mode
[  656.160819][T16171] tipc: Started in network mode
[  656.162483][T16171] tipc: Node identity da6037cb7ff, cluster identity 4711
[  656.175574][T16171] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  656.179270][T16170] tipc: Resetting bearer <eth:syzkaller0>
[  656.196787][T16170] tipc: Disabling bearer <eth:syzkaller0>
[  656.468365][T16184] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  656.543864][T15335] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  656.694956][T15335] usb 10-1: Using ep0 maxpacket: 8
[  656.697852][T15335] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  656.700335][T15335] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  656.704066][T15335] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  656.706881][T15335] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  656.709740][T15335] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  656.713740][T15335] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  656.716852][T15335] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.914559][T16203] input: syz0 as /devices/virtual/input/input63
[  656.927867][T15335] usb 10-1: usb_control_msg returned -32
[  656.930968][T15335] usbtmc 10-1:16.0: can't read capabilities
[  658.863911][T15335] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  659.013943][T15335] usb 8-1: Using ep0 maxpacket: 32
[  659.017459][T15335] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  659.020783][T15335] usb 8-1: config 0 has no interface number 0
[  659.025279][T15335] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  659.029009][T15335] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.032019][T15335] usb 8-1: Product: syz
[  659.033919][T15335] usb 8-1: Manufacturer: syz
[  659.035599][T15335] usb 8-1: SerialNumber: syz
[  659.041085][T15335] usb 8-1: config 0 descriptor??
[  659.045760][T15335] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  659.049284][T15335] usb 8-1: selecting invalid altsetting 1
[  659.051468][T15335] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  659.056318][T15335] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  659.060632][T15335] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  659.063714][T15335] usb 8-1: media controller created
[  659.074981][T15335] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  659.248606][T15335] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  659.255508][T15335] zl10353_read_register: readreg error (reg=127, ret==-71)
[  659.263229][T15335] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  659.308016][T15335] usb 8-1: USB disconnect, device number 22
[  659.426506][T16254] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2627'.
[  659.434221][T12962] usb 10-1: USB disconnect, device number 6
[  659.679007][T16267] 
[  659.680058][T16267] ======================================================
[  659.682964][T16267] WARNING: possible circular locking dependency detected
[  659.685765][T16267] syzkaller #0 Not tainted
[  659.687950][T16267] ------------------------------------------------------
[  659.690923][T16267] syz.2.2633/16267 is trying to acquire lock:
[  659.693393][T16267] ffff88802b1c2c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570
[  659.697158][T16267] 
[  659.697158][T16267] but task is already holding lock:
[  659.700158][T16267] ffff88805c959468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  659.703553][T16267] 
[  659.703553][T16267] which lock already depends on the new lock.
[  659.703553][T16267] 
[  659.707778][T16267] 
[  659.707778][T16267] the existing dependency chain (in reverse order) is:
[  659.711417][T16267] 
[  659.711417][T16267] -> #2 (&pipe->mutex){+.+.}-{4:4}:
[  659.714451][T16267]        __mutex_lock+0x1aa/0x1ca0
[  659.716587][T16267]        anon_pipe_write+0x15d/0x1bd0
[  659.718800][T16267]        __kernel_write_iter+0x720/0xb10
[  659.720735][T16267]        __kernel_write+0xf5/0x140
[  659.722383][T16267]        autofs_notify_daemon+0x4db/0xd60
[  659.724192][T16267]        autofs_wait+0x10f3/0x1ac0
[  659.725818][T16267]        autofs_mount_wait+0x132/0x3c0
[  659.727900][T16267]        autofs_d_automount+0x4b2/0x960
[  659.729639][T16267]        __traverse_mounts+0x1b9/0x830
[  659.731379][T16267]        step_into_slowpath+0x772/0xf50
[  659.733120][T16267]        path_lookupat+0x627/0xc40
[  659.734735][T16267]        filename_lookup+0x224/0x5f0
[  659.736415][T16267]        kern_path+0x35/0x50
[  659.737910][T16267]        lookup_bdev+0xd8/0x280
[  659.739470][T16267]        resume_store+0x1d6/0x490
[  659.741073][T16267]        kobj_attr_store+0x58/0x80
[  659.742762][T16267]        sysfs_kf_write+0xf2/0x150
[  659.744408][T16267]        kernfs_fop_write_iter+0x3af/0x570
[  659.746249][T16267]        vfs_write+0x7d3/0x11d0
[  659.747909][T16267]        ksys_write+0x12a/0x250
[  659.749454][T16267]        __do_fast_syscall_32+0xe8/0x680
[  659.751236][T16267]        do_fast_syscall_32+0x32/0x80
[  659.752919][T16267]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.755064][T16267] 
[  659.755064][T16267] -> #1 (&sbi->pipe_mutex){+.+.}-{4:4}:
[  659.757507][T16267]        __mutex_lock+0x1aa/0x1ca0
[  659.759138][T16267]        autofs_notify_daemon+0x4a6/0xd60
[  659.760924][T16267]        autofs_wait+0x10f3/0x1ac0
[  659.762537][T16267]        autofs_mount_wait+0x132/0x3c0
[  659.764254][T16267]        autofs_d_automount+0x4b2/0x960
[  659.765992][T16267]        __traverse_mounts+0x1b9/0x830
[  659.767765][T16267]        step_into_slowpath+0x772/0xf50
[  659.769497][T16267]        path_lookupat+0x627/0xc40
[  659.771117][T16267]        filename_lookup+0x224/0x5f0
[  659.772769][T16267]        kern_path+0x35/0x50
[  659.774240][T16267]        lookup_bdev+0xd8/0x280
[  659.775790][T16267]        resume_store+0x1d6/0x490
[  659.777453][T16267]        kobj_attr_store+0x58/0x80
[  659.779088][T16267]        sysfs_kf_write+0xf2/0x150
[  659.780697][T16267]        kernfs_fop_write_iter+0x3af/0x570
[  659.782667][T16267]        vfs_write+0x7d3/0x11d0
[  659.784253][T16267]        ksys_write+0x12a/0x250
[  659.785793][T16267]        __do_fast_syscall_32+0xe8/0x680
[  659.787629][T16267]        do_fast_syscall_32+0x32/0x80
[  659.789309][T16267]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.791446][T16267] 
[  659.791446][T16267] -> #0 (&of->mutex){+.+.}-{4:4}:
[  659.793719][T16267]        __lock_acquire+0x1669/0x2890
[  659.795413][T16267]        lock_acquire+0x179/0x330
[  659.797014][T16267]        __mutex_lock+0x1aa/0x1ca0
[  659.798630][T16267]        kernfs_fop_write_iter+0x28f/0x570
[  659.800468][T16267]        iter_file_splice_write+0xa24/0x12b0
[  659.802351][T16267]        do_splice+0x1478/0x1fc0
[  659.803931][T16267]        __do_splice+0x32a/0x360
[  659.805501][T16267]        __ia32_sys_splice+0x189/0x250
[  659.807255][T16267]        __do_fast_syscall_32+0xe8/0x680
[  659.809523][T16267]        do_fast_syscall_32+0x32/0x80
[  659.811774][T16267]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.814607][T16267] 
[  659.814607][T16267] other info that might help us debug this:
[  659.814607][T16267] 
[  659.818819][T16267] Chain exists of:
[  659.818819][T16267]   &of->mutex --> &sbi->pipe_mutex --> &pipe->mutex
[  659.818819][T16267] 
[  659.823882][T16267]  Possible unsafe locking scenario:
[  659.823882][T16267] 
[  659.826969][T16267]        CPU0                    CPU1
[  659.829068][T16267]        ----                    ----
[  659.830980][T16267]   lock(&pipe->mutex);
[  659.832443][T16267]                                lock(&sbi->pipe_mutex);
[  659.834871][T16267]                                lock(&pipe->mutex);
[  659.837215][T16267]   lock(&of->mutex);
[  659.838637][T16267] 
[  659.838637][T16267]  *** DEADLOCK ***
[  659.838637][T16267] 
[  659.841751][T16267] 2 locks held by syz.2.2633/16267:
[  659.843695][T16267]  #0: ffff888043f58420 (sb_writers#10){.+.+}-{0:0}, at: __do_splice+0x32a/0x360
[  659.846748][T16267]  #1: ffff88805c959468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[  659.850085][T16267] 
[  659.850085][T16267] stack backtrace:
[  659.852411][T16267] CPU: 3 UID: 0 PID: 16267 Comm: syz.2.2633 Not tainted syzkaller #0 PREEMPT(full) 
[  659.852436][T16267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  659.852449][T16267] Call Trace:
[  659.852456][T16267]  <TASK>
[  659.852464][T16267]  dump_stack_lvl+0x116/0x1f0
[  659.852495][T16267]  print_circular_bug+0x275/0x340
[  659.852528][T16267]  check_noncircular+0x146/0x160
[  659.852560][T16267]  __lock_acquire+0x1669/0x2890
[  659.852580][T16267]  ? __do_splice+0x32a/0x360
[  659.852608][T16267]  ? __do_fast_syscall_32+0xe8/0x680
[  659.852638][T16267]  lock_acquire+0x179/0x330
[  659.852656][T16267]  ? kernfs_fop_write_iter+0x28f/0x570
[  659.852682][T16267]  ? __pfx___might_resched+0x10/0x10
[  659.852707][T16267]  __mutex_lock+0x1aa/0x1ca0
[  659.852726][T16267]  ? kernfs_fop_write_iter+0x28f/0x570
[  659.852742][T16267]  ? kernfs_fop_write_iter+0x28f/0x570
[  659.852758][T16267]  ? __asan_memcpy+0x3c/0x60
[  659.852772][T16267]  ? __pfx___mutex_lock+0x10/0x10
[  659.852793][T16267]  ? __pfx__copy_from_iter+0x10/0x10
[  659.852813][T16267]  ? trace_kmalloc+0x2b/0xb0
[  659.852840][T16267]  ? __kmalloc_noprof+0x35d/0x910
[  659.852861][T16267]  ? kernfs_fop_write_iter+0x237/0x570
[  659.852889][T16267]  ? kernfs_fop_write_iter+0x28f/0x570
[  659.852915][T16267]  kernfs_fop_write_iter+0x28f/0x570
[  659.852944][T16267]  iter_file_splice_write+0xa24/0x12b0
[  659.852980][T16267]  ? __pfx_iter_file_splice_write+0x10/0x10
[  659.853018][T16267]  ? __pfx_iter_file_splice_write+0x10/0x10
[  659.853048][T16267]  do_splice+0x1478/0x1fc0
[  659.853085][T16267]  ? __lock_acquire+0x436/0x2890
[  659.853107][T16267]  ? __pfx_do_splice+0x10/0x10
[  659.853135][T16267]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  659.853163][T16267]  ? find_held_lock+0x2b/0x80
[  659.853189][T16267]  __do_splice+0x32a/0x360
[  659.853219][T16267]  ? __pfx___do_splice+0x10/0x10
[  659.853244][T16267]  ? __ia32_compat_sys_openat+0xa0/0x210
[  659.853268][T16267]  __ia32_sys_splice+0x189/0x250
[  659.853295][T16267]  __do_fast_syscall_32+0xe8/0x680
[  659.853322][T16267]  do_fast_syscall_32+0x32/0x80
[  659.853337][T16267]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  659.853354][T16267] RIP: 0023:0xf708d579
[  659.853367][T16267] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  659.853384][T16267] RSP: 002b:00000000f547d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000139
[  659.853403][T16267] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  659.853415][T16267] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 000000000000000c
[  659.853426][T16267] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[  659.853437][T16267] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  659.853448][T16267] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.853465][T16267]  </TASK>
[  660.255519][ T4297] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  660.426453][ T4297] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.555203][ T4297] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.646334][ T4297] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.698843][ T4297] bridge_slave_1: left allmulticast mode
[  660.700672][ T4297] bridge_slave_1: left promiscuous mode
[  660.702498][ T4297] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.705740][ T4297] bridge_slave_0: left allmulticast mode
[  660.707562][ T4297] bridge_slave_0: left promiscuous mode
[  660.709378][ T4297] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.856127][ T4297] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  660.859682][ T4297] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  660.862934][ T4297] bond0 (unregistering): Released all slaves
[  661.142048][ T4297] hsr_slave_0: left promiscuous mode
[  661.144518][ T4297] hsr_slave_1: left promiscuous mode
[  661.147218][ T4297] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  661.150261][ T4297] batman_adv: batadv0: Removing interface: batadv_slave_0
[  661.153675][ T4297] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  661.160668][ T4297] batman_adv: batadv0: Removing interface: batadv_slave_1
[  661.165354][ T4297] veth1_macvtap: left promiscuous mode
[  661.167135][ T4297] veth0_macvtap: left promiscuous mode
[  661.168882][ T4297] veth1_vlan: left promiscuous mode
[  661.170547][ T4297] veth0_vlan: left promiscuous mode
[  661.263003][ T4297] team0 (unregistering): Port device team_slave_1 removed
[  661.284798][ T4297] team0 (unregistering): Port device team_slave_0 removed
[  661.340418][T12962] lo speed is unknown, defaulting to 1000
[  661.342279][T12962] infiniband syz0: ib_query_port failed (-19)
[  661.700064][ T4297] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.759183][ T4297] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.847534][ T4297] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.908907][ T4297] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.025422][ T4297] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.089551][ T4297] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.149862][ T4297] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.208535][ T4297] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  662.301608][ T4297] bridge_slave_1: left allmulticast mode
[  662.303437][ T4297] bridge_slave_1: left promiscuous mode
[  662.305318][ T4297] bridge0: port 2(bridge_slave_1) entered disabled state
[  662.308386][ T4297] bridge_slave_0: left allmulticast mode
[  662.310449][ T4297] bridge_slave_0: left promiscuous mode
[  662.312287][ T4297] bridge0: port 1(bridge_slave_0) entered disabled state
[  662.368734][ T4297] dvmrp8 (unregistering): left allmulticast mode
[  663.006624][ T4297] bond0 (unregistering): Released all slaves
[  663.082700][ T4297] bond1 (unregistering): Released all slaves
[  663.088107][ T4297] bond2 (unregistering): Released all slaves
[  663.180412][ T4297] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  663.184097][ T4297] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  663.187368][ T4297] bond0 (unregistering): Released all slaves
[  663.193144][T12962] wg2 speed is unknown, defaulting to 1000
[  663.195604][T12962] syz2: Port: 1 Link DOWN
[  663.197424][T12962] wg2 speed is unknown, defaulting to 1000
[  663.276256][ T4297] tipc: Left network mode
[  663.689996][ T4297] hsr_slave_0: left promiscuous mode
[  663.692078][ T4297] hsr_slave_1: left promiscuous mode
[  663.695921][ T4297] hsr_slave_0: left promiscuous mode
[  663.698512][ T4297] hsr_slave_1: left promiscuous mode
[  663.701068][ T4297] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  663.704331][ T4297] batman_adv: batadv0: Removing interface: batadv_slave_0
[  663.707887][ T4297] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  663.710986][ T4297] batman_adv: batadv0: Removing interface: batadv_slave_1
[  663.719741][ T4297] veth1_macvtap: left promiscuous mode
[  663.722083][ T4297] veth0_macvtap: left promiscuous mode
[  663.725681][ T4297] veth1_vlan: left promiscuous mode
[  663.727949][ T4297] veth0_vlan: left promiscuous mode
[  663.731282][ T4297] veth1_macvtap: left promiscuous mode
[  663.733609][ T4297] veth0_macvtap: left promiscuous mode
[  663.736302][ T4297] veth1_vlan: left promiscuous mode
[  663.738543][ T4297] veth0_vlan: left promiscuous mode
[  663.905896][   T71] smc: removing ib device syz2
[  664.017152][ T4297] team0 (unregistering): Port device team_slave_1 removed
[  664.031085][ T4297] team0 (unregistering): Port device team_slave_0 removed
[  664.609725][ T4297] IPVS: stop unused estimator thread 0...