last executing test programs:

2m7.234731653s ago: executing program 1 (id=7139):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x12b080, 0x0)
write$vga_arbiter(r0, &(0x7f0000000140)=@target={'target ', {'PCI:', 'c', ':', 'f', ':', 'd', '.', '1a'}}, 0x14)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/user\x00')
setns(r2, 0x8000000)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000440)={0x0, 0x304e, 0x0, 0x2, 0x28d}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280))
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x84200)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
ioctl$NBD_DO_IT(r5, 0xab03)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)

2m6.207790107s ago: executing program 1 (id=7134):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r2, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r5, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000040)={0x0, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000080)={0x0, r6, 0x4, 0xfffffffe, 0x0, 0x2, 0x0, 0x1, 0x73})
pselect6(0x95, &(0x7f00000001c0)={0x3f, 0xffffffffffffff7e, 0xfffffffffffffffe, 0x6, 0xfffffffffffffffd, 0x3, 0x0, 0x6}, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)

2m5.156429516s ago: executing program 1 (id=7137):
socket$nl_route(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x80108907, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000, 0xffffffffffffffff, 0x40c}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408048000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000100000000b703000008"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000400)=r3, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4cc, 0x0, 0x940c, 0x3002, 0x0, 0x2c0, 0x404, 0x3d8, 0x3d8, 0x404, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x28c, 0x2d4, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x3f, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xc8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x528)
sendmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="d80000001a0081044e81f782db4cb904021d0800fe0055a1150015000200142603600e12080005007a010401a8001600200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457fffffffffffff0001bace8017cbec4c2ee5a7cef4090000001fb79164d322fe7c9f8775d3f2d5d0683f5aeb4edbb57a5025ccca9e00360db785262f3d40fad95667e006dcdf61951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a94100"/213, 0xd5}], 0x1}, 0x0)
syz_usb_connect(0x2, 0x39, 0x0, 0x0)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt(r6, 0x110, 0x6, 0x0, &(0x7f0000000280)=0x61)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x2c400, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000240), 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

2m2.203041176s ago: executing program 1 (id=7146):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SIOCNRDECOBS(r0, 0x89e2)
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000080)=0x7)
r2 = syz_open_dev$mouse(&(0x7f00000001c0), 0x2, 0x400000)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000200)='nv', 0x2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000013000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x90c}, 0x94)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x4)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8925, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x93, 0x0, &(0x7f0000000440)="2e0d6c96597ab3cc65dfd52a0e2ee9abc89b6f5bec79db8c2f93293857f7ea667202b0ed83c22db166e4e64b3d817a495d9119ce51d1c0736dff44408bf872f1218c2a296376091437cc5146719cef7b8a0a6e28c34635783795e15cf4ffffffffffffffeb78cce6a4ee723c8e4ffc38663e6d7e9fd63f065a61556f689b7ca64c311b3b1e760582960600000000000000ef3e", 0x0, 0xa5b4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x4}, 0x4c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x62)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_clone(0x4000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$FS_IOC_RESVSP(r7, 0x4030582b, &(0x7f0000000c00)={0x0, 0x1, 0x4, 0x40000000000000, 0x0, 0xf0})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')

2m2.030293891s ago: executing program 2 (id=7147):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r2, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r5, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

2m1.243806872s ago: executing program 2 (id=7148):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000340)='.log\x00', 0x200, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0x1, 0x288}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x7, 0x1000}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0xd, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)

2m0.938435017s ago: executing program 1 (id=7150):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
socket(0x10, 0x3, 0x6)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0x20, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0x3}, {0x6, 0xfff1}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xff, [0x0, 0xa, 0x0, 0x9, 0x3, 0x8, 0x5, 0x0, 0x6, 0x3, 0x7, 0x10, 0x0, 0x40, 0x10], 0xff, [0xf442, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x7], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xfffd, 0x1800, 0x0, 0x0, 0xfffe, 0x6f]}}}}]}, 0x88}}, 0x20000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a0000000000080017"], 0x3c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdb854b1852df253d0000000e0001006e657464657673696d00e2ff0f0002006e657464657673696d30000b1c008200736f757263655f7f61635f69735f6d756c746963617374004724d7529eced5829adc009505c2d51be4946234fdfc037830f3a11c764f72d53d6c03e3a67ba606541032d01f9531f4b6e5108c4f78a82e385e42dbbc3c04162e1e003136cb4514b15d99ebdee2c5c42c447827b5178e684a6778d4b8c482573392ad5908151c518e1d4b2f5b574a2e881499865d2c9bcf55dcc47fdea0eea6ab420a7d883d86dd9199f0cff695f8aa67af765475c0515255d96ffe079d4f982b85d2bf33f114d7f5aa23a05969eb1e13d1e1"], 0x50}, 0x1, 0x0, 0x0, 0x20008804}, 0x4050)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x48050)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r8, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f00"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
r9 = socket$caif_seqpacket(0x25, 0x5, 0x1)
r10 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xb6e7, 0x0, 0x3}, &(0x7f0000000340)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
mount$9p_virtio(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="7472616e733d76697274696f2c6e6f657874656e2ff688bf0a4e636c1ebb412480806a3b642c616e616d653d6465766c696e6b002c667363616368652c6e6f78617474722c64656275673d3078303030303030303030303030303030392c736d61630866736465663d002c00"])
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x40c1})
io_uring_enter(r10, 0x47f9, 0x0, 0x0, 0x0, 0x0)
write$char_usb(r5, &(0x7f0000001300)="92", 0x2)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r13}, 0x4)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

1m59.701772355s ago: executing program 1 (id=7153):
socket$nl_route(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x80108907, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000, 0xffffffffffffffff, 0x40c}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408048000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000100000000b703000008"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000400)=r3, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4cc, 0x0, 0x940c, 0x3002, 0x0, 0x2c0, 0x404, 0x3d8, 0x3d8, 0x404, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x28c, 0x2d4, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x3f, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xc8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x528)
sendmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="d80000001a0081044e81f782db4cb904021d0800fe0055a1150015000200142603600e12080005007a010401a8001600200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457fffffffffffff0001bace8017cbec4c2ee5a7cef4090000001fb79164d322fe7c9f8775d3f2d5d0683f5aeb4edbb57a5025ccca9e00360db785262f3d40fad95667e006dcdf61951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a94100000000000000000000000000d4da", 0xd7}], 0x1}, 0x0)
syz_usb_connect(0x2, 0x39, 0x0, 0x0)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt(r6, 0x110, 0x6, 0x0, &(0x7f0000000280)=0x61)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x2c400, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000240), 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

1m59.574192243s ago: executing program 32 (id=7153):
socket$nl_route(0x10, 0x3, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x80108907, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000, 0xffffffffffffffff, 0x40c}, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408048000001700638af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000100000000b703000008"], &(0x7f0000005d80)='syzkaller\x00', 0xc}, 0x94)
r4 = socket$kcm(0x10, 0x2, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000400)=r3, 0x4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x4cc, 0x0, 0x940c, 0x3002, 0x0, 0x2c0, 0x404, 0x3d8, 0x3d8, 0x404, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x28c, 0x2d4, 0x0, {}, [@common=@inet=@recent0={{0xf4}, {0x0, 0x3f, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf4}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private0, [0x0, 0x0, 0xff000000, 0xff], [0xffffff00, 0xffffff00, 0xff000000, 0xffffffff], 'team_slave_1\x00', 'veth1_virt_wifi\x00', {0xff}, {}, 0x886215f4d37bb4bb, 0x90, 0x1, 0x69}, 0x0, 0xc8, 0x130, 0x0, {}, [@inet=@rpfilter={{0x24}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x528)
sendmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000004c0)="d80000001a0081044e81f782db4cb904021d0800fe0055a1150015000200142603600e12080005007a010401a8001600200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457fffffffffffff0001bace8017cbec4c2ee5a7cef4090000001fb79164d322fe7c9f8775d3f2d5d0683f5aeb4edbb57a5025ccca9e00360db785262f3d40fad95667e006dcdf61951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a94100000000000000000000000000d4da", 0xd7}], 0x1}, 0x0)
syz_usb_connect(0x2, 0x39, 0x0, 0x0)
r6 = socket$rxrpc(0x21, 0x2, 0x2)
getsockopt(r6, 0x110, 0x6, 0x0, &(0x7f0000000280)=0x61)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000100), 0x2c400, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000240), 0x4)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

1m58.709216497s ago: executing program 2 (id=7155):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
io_uring_setup(0x203, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001600)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf200000000000002600020007ffffffbd0310000000000095002000000000006916000000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee61e00bf150000000000000f5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f1d5af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916fcecc8158f0200000000c8fb735fd552bdc268694aeb0743e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3738270b315d362ed834f2af97787f696649a462e7e090000000000000045eac1f2014f720e83b7838e3eede14308d582685e1becd6f35154bcb4000000000000000000000000000000bc3af2b170ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbf909a2cabf5b8ea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f4a2575fbe943a6c40000000000000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca68c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233bff7f0000000000009fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c1ba322fd4d6fbf19e617d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be691c334ea35bae71e76e160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7bcf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da04647aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ced4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b874c9a0c6c04b96360d6f499d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b257b5a786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc1364640250136729ba4f763ff25c33e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a5628878040000000000000017b68afd95d4abf7920de9ebe1c89661f4adc3d83d72b1b778e30c2bf2efbbcd054cf51f4205ebf9a98a0d9f18135cb1d8d567c3436fa697b72c3b0200000000000079c0b3339debc78352b2e65299223d7ef2bd540e78167b3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586360c3663531eb5995d228f011a10ffc8b17d716b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22d9669560d296287c13c92070000ee7553eb2df17839542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c8c0130187081c8d320642389f5f0c42dba0ff68e84d7b130906f17f6aa075a257310f2d92cb1d1e16468949f5675262ee318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0fde97a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1ff01000000000000bdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee807fc081e004ffb7d3104af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5e8bac16e79da9c2444420900000000000000f888a94365b99b72796fca1b922fc9aefaf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837beeedba483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c794846e403950bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be05a40fde69c350e59f11f1d26a4d04d8c8b2c4a4d23ec931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f64705f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680f346ff0ffbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705116b2f4fc20d4e93882bdd6ccea97f3a08d3565b0000000000000000000000000000d35fb97c2d7a9374294dcec3da3df9a13c4fc63b00426682534d894caee0b963a3"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x68, 0x2, 0x7, 0x401, 0x0, 0x0, {0x22f764d1a7906001, 0x0, 0x5}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x4}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x6}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFACCT_QUOTA={0xc}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004080)

1m57.676526192s ago: executing program 2 (id=7158):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SIOCNRDECOBS(r0, 0x89e2)
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000080)=0x7)
r2 = syz_open_dev$mouse(&(0x7f00000001c0), 0x2, 0x400000)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000200)='nv', 0x2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000013000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x90c}, 0x94)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x4)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8925, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x93, 0x0, &(0x7f0000000440)="2e0d6c96597ab3cc65dfd52a0e2ee9abc89b6f5bec79db8c2f93293857f7ea667202b0ed83c22db166e4e64b3d817a495d9119ce51d1c0736dff44408bf872f1218c2a296376091437cc5146719cef7b8a0a6e28c34635783795e15cf4ffffffffffffffeb78cce6a4ee723c8e4ffc38663e6d7e9fd63f065a61556f689b7ca64c311b3b1e760582960600000000000000ef3e", 0x0, 0xa5b4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x4}, 0x4c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x62)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_clone(0x4000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$FS_IOC_RESVSP(r7, 0x4030582b, &(0x7f0000000c00)={0x0, 0x1, 0x4, 0x40000000000000, 0x0, 0xf0})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')

1m56.714724763s ago: executing program 2 (id=7161):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
socket(0x10, 0x3, 0x6)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0x20, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0x3}, {0x6, 0xfff1}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xff, [0x0, 0xa, 0x0, 0x9, 0x3, 0x8, 0x5, 0x0, 0x6, 0x3, 0x7, 0x10, 0x0, 0x40, 0x10], 0xff, [0xf442, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x7], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xfffd, 0x1800, 0x0, 0x0, 0xfffe, 0x6f]}}}}]}, 0x88}}, 0x20000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a0000000000080017"], 0x3c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdb854b1852df253d0000000e0001006e657464657673696d00e2ff0f0002006e657464657673696d30000b1c008200736f757263655f7f61635f69735f6d756c746963617374004724d7529eced5829adc009505c2d51be4946234fdfc037830f3a11c764f72d53d6c03e3a67ba606541032d01f9531f4b6e5108c4f78a82e385e42dbbc3c04162e1e003136cb4514b15d99ebdee2c5c42c447827b5178e684a6778d4b8c482573392ad5908151c518e1d4b2f5b574a2e881499865d2c9bcf55dcc47fdea0eea6ab420a7d883d86dd9199f0cff695f8aa67af765475c0515255d96ffe079d4f982b85d2bf33f114d7f5aa23a05969eb1e13d1e1"], 0x50}, 0x1, 0x0, 0x0, 0x20008804}, 0x4050)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x48050)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r8, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f00"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
r9 = socket$caif_seqpacket(0x25, 0x5, 0x1)
r10 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xb6e7, 0x0, 0x3}, &(0x7f0000000340)=<r11=>0x0, &(0x7f0000000280)=<r12=>0x0)
mount$9p_virtio(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="7472616e733d76697274696f2c6e6f657874656e2ff688bf0a4e636c1ebb412480806a3b642c616e616d653d6465766c696e6b002c667363616368652c6e6f78617474722c64656275673d3078303030303030303030303030303030392c736d61630866736465663d002c00"])
syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r11, r12, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x40c1})
io_uring_enter(r10, 0x47f9, 0x0, 0x0, 0x0, 0x0)
write$char_usb(r5, &(0x7f0000001300)="92", 0x2)
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r13}, 0x4)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

1m55.888095195s ago: executing program 2 (id=7164):
socket$can_j1939(0x1d, 0x2, 0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
fcntl$dupfd(r0, 0x406, r0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pipe2(&(0x7f0000000400), 0x80800)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
r1 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1}) (fail_nth: 7)

1m55.8741541s ago: executing program 3 (id=7165):
socket$can_j1939(0x1d, 0x2, 0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
pipe2(&(0x7f0000000400), 0x80800)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
r1 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000040)=0x90000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x3, 0x4)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0xfffc, @broadcast}, 0x2}}, 0x2e)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x1, 0x0)
ioctl$SIOCX25GSUBSCRIP(r0, 0x89e0, &(0x7f0000000500)={'veth0_virt_wifi\x00', 0x6ef})
socket$inet6_mptcp(0xa, 0x1, 0x106)

1m55.695518968s ago: executing program 33 (id=7164):
socket$can_j1939(0x1d, 0x2, 0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0)
fcntl$dupfd(r0, 0x406, r0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pipe2(&(0x7f0000000400), 0x80800)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
r1 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1}) (fail_nth: 7)

1m55.647580906s ago: executing program 3 (id=7167):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r4, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

1m55.358112221s ago: executing program 3 (id=7168):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=@newtaction={0x110, 0x30, 0x1, 0x0, 0x0, {}, [{0xfc, 0x1, [@m_connmark={0xf8, 0x6, 0x0, 0x0, {{0xd}, {0xc8, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xc0000000, 0x2, 0x5, 0x7fffffff, 0x9}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x71c0, 0x101, 0x2, 0x0, 0x32d6}, 0x1000}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0x6, 0x1, 0x0, 0xd3be}, 0x2bdf}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x2, 0x0, 0xd67, 0x7}, 0x1}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x6, 0x2, 0x6, 0x7fff, 0xc}, 0x7fff}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8, 0x1, 0x2, 0x3, 0x4}, 0x56}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0x3cc0, 0x0, 0x401, 0xe2}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x804}, 0x4004000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
rt_sigsuspend(0x0, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x15)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r6 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$EBT_SO_GET_INFO(r6, 0x0, 0x80, &(0x7f00000003c0)={'broute\x00', 0x0, 0x0, 0x0, [0x61, 0x10000, 0x9c9, 0xf, 0x4, 0x3]}, &(0x7f00000001c0)=0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
ioctl$HIDIOCGRAWPHYS(0xffffffffffffffff, 0x80404805, &(0x7f0000000340))
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000540)={r5, 0x0, 0x25, 0x5, @val=@netfilter={0xa, 0x0, 0xd}}, 0x20)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_DQ_RATE_ESTIMATOR={0x8}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003402e60000000000000b94dcf5c0461c1d67f6f94007134cf6ee0800108e8d8ef52a985162f7ce06bbace80170000000000000000090000001fb791643a5ee4d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e97010000000000000000a9b7", 0xd8}], 0x1}, 0x64040884)

1m54.318953654s ago: executing program 3 (id=7170):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SIOCNRDECOBS(r0, 0x89e2)
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000080)=0x7)
r2 = syz_open_dev$mouse(&(0x7f00000001c0), 0x2, 0x400000)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000200)='nv', 0x2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000013000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x90c}, 0x94)
r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x4)
r5 = dup(r4)
ioctl$SIOCSIFHWADDR(r5, 0x8925, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x93, 0x0, &(0x7f0000000440)="2e0d6c96597ab3cc65dfd52a0e2ee9abc89b6f5bec79db8c2f93293857f7ea667202b0ed83c22db166e4e64b3d817a495d9119ce51d1c0736dff44408bf872f1218c2a296376091437cc5146719cef7b8a0a6e28c34635783795e15cf4ffffffffffffffeb78cce6a4ee723c8e4ffc38663e6d7e9fd63f065a61556f689b7ca64c311b3b1e760582960600000000000000ef3e", 0x0, 0xa5b4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x4}, 0x4c)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x62)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_clone(0x4000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r8, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$FS_IOC_RESVSP(r7, 0x4030582b, &(0x7f0000000c00)={0x0, 0x1, 0x4, 0x40000000000000, 0x0, 0xf0})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')

1m53.643108007s ago: executing program 3 (id=7172):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f0000000100)={0x0, 0x1, 0x800})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
io_uring_enter(r2, 0x48cb, 0x963e, 0x48, &(0x7f0000000040)={[0x4, 0x2]}, 0x8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'dvmrp0\x00', <r3=>0x0})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000000)="3ab9d90300ffacb96beab6ac7400", 0x10)
close_range(r4, r4, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000001c00000429bd7000fedbdf2507000000", @ANYRES32=r3, @ANYBLOB="8000ee0b0a00d26a0200aaaaaaaaaa0c0000c8431fc358d74240cef846e3735b0aff712379822f522359c1b163bf9cd6e5f81e5799b789bba1a204b1c48e16f33002aae2d9573a92926224b320612875444b16e939eae5e890d251d26f73776e8f3eb1187129c006c7d3bec2e8fb0eb302b290ea65975089343eb58eb90ff8d7dfc44e818de2b02dbfc7f04037c2c737c74146ca20cc8d515512c95a21"], 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)

1m53.236474063s ago: executing program 3 (id=7174):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r2, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r5, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

1m53.182233838s ago: executing program 34 (id=7174):
r0 = syz_open_dev$dri(&(0x7f00000002c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r2, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r5, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

7.242562513s ago: executing program 6 (id=7627):
syz_usb_connect$uac1(0x5, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002000000206b1d01014000010203010902780003010000060904000000010100000a24010200000201020a240803040040000000090401000001"], 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000400), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

6.173793263s ago: executing program 0 (id=7631):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
poll(&(0x7f0000000040)=[{r0, 0xc200}], 0x1, 0x400)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000400)={0x6, 0x3, 0x100, 0x0, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
syz_open_procfs(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x4000a2, 0x118)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r2 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r2, 0x0, 0x0, 'syz1\x00', 0x0})

6.066943366s ago: executing program 4 (id=7632):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00')
getdents(r2, &(0x7f0000000380)=""/55, 0x37)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000)=0x3)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x80000, 0xf, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x7, 0x7ff, 0xfffffffe, 0x0, 0x40, 0x0, 0x0, 0x100000001, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0x108000000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x4, 0x0, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffa, 0x0, 0x401, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x4, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xde4, 0x7, 0x0, 0x100000000]}) (fail_nth: 3)

5.736871941s ago: executing program 6 (id=7633):
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd) (fail_nth: 8)

5.581608075s ago: executing program 6 (id=7635):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r0, r1, 0x0, 0x5, &(0x7f00000001c0)=':.#\'\x00'}, 0x30)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r4 = socket$netlink(0x10, 0x3, 0x4)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x29, &(0x7f0000001e00)=""/218, &(0x7f0000001f00)=0xda)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r7, 0x8008330e, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
unshare(0x400)
syz_80211_inject_frame(0x0, &(0x7f00000003c0)=@mgmt_frame=@beacon={{{}, {}, @device_b, @broadcast, @random}, 0x0, @default, 0x1, @void, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @val={0x3c, 0x4, {0x1, 0x0, 0x5b, 0xe}}, @void, @void, @void, @void}, 0x34)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000400)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x80000})
sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4040)
pipe(&(0x7f0000000080))

5.366740114s ago: executing program 5 (id=7637):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYRES16], 0x48)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000240)=ANY=[], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x880, &(0x7f0000000080)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
io_uring_register$IORING_REGISTER_IOWQ_AFF(r3, 0x11, &(0x7f0000000200)="fe7c8190353887361303bb0894284e959b1e73d85180479c44db994de82bdebd47b28dc4b20df38b11", 0x29)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x60802, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_FD_FRAMES(r4, 0x65, 0x8, &(0x7f0000004400), &(0x7f0000004440)=0x4)
r5 = syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7f2454a899033a066938a75744ec63262e682fca72818fab4970a21cda912ee9e5efa8d1220c93efaa19f2fab62e9cc0dac30327b2b51f773ae5b3044829eb764f3df7831d8d038e37e103f900bdf6831962b0ccff7dee1edf629186df067732d05b7d858df1f389613add6124294613123a6238813a731b52b7538598de0714e11bf9cab27b5f08cff7830661e16fc9625867d20459652514b6a3c3726e7b0ab2d2b99e270f8a3b57b151bd11260a8b16024cff6d88100000000000000f63b1925d8920400313044d782248e4dda73ee1cb3542540246cd52a7c472c862978a616b25ece463221a51a4d113d24ac1105aa"], 0x0)
arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x1)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xfffffefffbfbbfbe, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x20206, 0x10100)
syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
syz_open_procfs$namespace(0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x81044804, &(0x7f0000000400)={0x5, 0x3, 0x40})
ioctl$HIDIOCGUSAGES(r6, 0xd01c4813, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)="52fdc530e2557b89720622a1888a8c4063995164e7e0cdf129119ad177f3904594420135736d481956740f13a9426a51d2c2e13b0af2b1d431d7e27bb820c454271f7ad05fc53509a9d57c3ed1a602e6112c2f34dfe4b8a60ac83d924ea5b3231ed4b5969192bb44ae11a02361bd2d35ada4d13fe0a000943b6e49621d5a3909cec60f0859fa32e6d9b97d42fff067792748", &(0x7f0000000000)="ad8d1d1a1ee4f97110857a582e491cfa49cee915646bb30c04a39c6ca7be1b6fc6d525be6a2ef26d3f87d1ac1c7259cc5b8051935d0840bd", 0x77227a37, r0, 0x4}, 0x38)

5.22577592s ago: executing program 0 (id=7638):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000340)='.log\x00', 0x200, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0xd146, 0x0, 0x1, 0x288}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xfff, 0x7, 0x1000}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_UNLINKAT={0x24, 0xd, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)

5.225581198s ago: executing program 4 (id=7639):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0)
r0 = mq_open(&(0x7f00000000c0)='${$\x00', 0x840, 0x0, 0x0)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000700)={0x0, 0x3ca9, 0x10, 0x0, 0x10002da}, &(0x7f0000000280)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x6, &(0x7f0000000380), 0x0, 0x4})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) (fail_nth: 3)

5.056596427s ago: executing program 4 (id=7640):
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r1, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r1, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r4, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000040)={0x0, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000080)={0x0, r5, 0x4, 0xfffffffe, 0x0, 0x2, 0x0, 0x1, 0x73})
pselect6(0x95, &(0x7f00000001c0)={0x3f, 0xffffffffffffff7e, 0xfffffffffffffffe, 0x6, 0xfffffffffffffffd, 0x3, 0x0, 0x6}, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)

4.195030893s ago: executing program 4 (id=7641):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_setup(0x2255, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x2020}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r3, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4b}}}}, [@chandef_params, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x56}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4014)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r5, r5, 0x0, 0x200000)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
syz_emit_vhci(0x0, 0x7)
mount$cgroup(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x8000, &(0x7f0000000480)={[{@name={'name', 0x3d, 'nfs\x00'}}]})

3.871743118s ago: executing program 6 (id=7642):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
socket(0x10, 0x3, 0x6)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0x20, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xffff, 0x3}, {0x6, 0xfff1}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xff, [0x0, 0xa, 0x0, 0x9, 0x3, 0x8, 0x5, 0x0, 0x6, 0x3, 0x7, 0x10, 0x0, 0x40, 0x10], 0xff, [0xf442, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x5c4, 0x0, 0x0, 0x0, 0x3dc, 0x7], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xfffd, 0x1800, 0x0, 0x0, 0xfffe, 0x6f]}}}}]}, 0x88}}, 0x20000000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a0000000000080017"], 0x3c}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000fcdb854b1852df253d0000000e0001006e657464657673696d00e2ff0f0002006e657464657673696d30000b1c008200736f757263655f7f61635f69735f6d756c746963617374004724d7529eced5829adc009505c2d51be4946234fdfc037830f3a11c764f72d53d6c03e3a67ba606541032d01f9531f4b6e5108c4f78a82e385e42dbbc3c04162e1e003136cb4514b15d99ebdee2c5c42c447827b5178e684a6778d4b8c482573392ad5908151c518e1d4b2f5b574a2e881499865d2c9bcf55dcc47fdea0eea6ab420a7d883d86dd9199f0cff695f8aa67af765475c0515255d96ffe079d4f982b85d2bf33f114d7f5aa23a05969eb1e13d1e1"], 0x50}, 0x1, 0x0, 0x0, 0x20008804}, 0x4050)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYRES16=r3], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48050)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00'})
sendmsg$nl_route(r6, 0x0, 0x4)
r8 = socket$caif_seqpacket(0x25, 0x5, 0x1)
r9 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xb6e7, 0x0, 0x3}, &(0x7f0000000340)=<r10=>0x0, &(0x7f0000000280)=<r11=>0x0)
mount$9p_virtio(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="7472616e733d76697274696f2c6e6f657874656e2ff688bf0a4e636c1ebb412480806a3b642c616e616d653d6465766c696e6b002c667363616368652c6e6f78617474722c64656275673d3078303030303030303030303030303030392c736d61630866736465663d002c00"])
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x40c1})
io_uring_enter(r9, 0x47f9, 0x0, 0x0, 0x0, 0x0)
write$char_usb(r5, &(0x7f0000001300)="92", 0x2)
r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r12}, 0x4)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

3.292675697s ago: executing program 0 (id=7643):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
fcntl$getown(r2, 0x9)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
getrlimit(0xe, &(0x7f0000000000))
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$tipc(0x1e, 0x2, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="364000001a0091"], 0x82d7)
socket$packet(0x11, 0x3, 0x300)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0xc0041, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000140)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.232888965s ago: executing program 4 (id=7644):
unshare(0x200)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
io_setup(0x222, &(0x7f0000000180))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
r5 = shmat(0x0, &(0x7f0000ff1000/0x3000)=nil, 0x400c)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mremap(&(0x7f0000ff4000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil)
shmdt(r5)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a3100000000090001007379"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r7, 0x0, 0x8000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000e0f711b1f6603f526ee35fb42c040863d0366df3535011b5523a9924c4a158d2ab09f8f3368ae364ffbb8c04efb5903f546dc76e001411f042a1516b9e401867c08a8d8415717f9109ba7545ea7ed0f54b04bfe52bcce91b7e4a4f6b1ea6789d6f97150cd6095697ae9099ff832799426f85796e2b1478c9c20a41ea2b06d2790fb3bbc0bcdf6aedf6b111fcdacf39dbea05407f0220679fd9ff095a74108ea2d6f08a20cce55b4b48c1ca44", @ANYRES16=r2, @ANYBLOB="010329bd7000fcdbdf2524000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001740)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYBLOB, @ANYRESDEC=r0, @ANYRES16, @ANYBLOB="00d04a4c5d79580b69dc9d4ac8", @ANYRES8=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='sched_switch\x00', r8, 0x0, 0x4}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

2.362587979s ago: executing program 5 (id=7645):
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'dvmrp0\x00', 0x2})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000000f8ffffffb703000008000000b70400000100000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x68801, 0x124)
ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f0000019140)={0xa, 0x7ff, [{0x0, 0x0, 0x1}, {0x8001, 0x0, 0x1}, {0xd98, 0x0, 0x3}, {0x5, 0x0, 0x2}, {0x2, 0x0, 0xd}, {0x6, 0x0, 0x9}, {0x3d, 0x0, 0xc55}, {0x400, 0x0, 0x5}, {0x9, 0x0, 0xf}, {0x8, 0x0, 0xb}, {0xd, 0x0, 0x7fff}, {0x2, 0x0, 0x3ff}, {0x8, 0x0, 0x9}, {0x6, 0x0, 0x4}, {0x6, 0x0, 0x2}, {0x1, 0x0, 0xf}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000740), 0x80000002, r0}, 0x38)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='attr\x00')
getsockopt$PNPIPE_IFINDEX(r3, 0x113, 0x2, &(0x7f00000005c0)=<r4=>0x0, &(0x7f0000000600)=0x4)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x8, '\x00', r4, 0xffffffffffffffff, 0x0, 0x3}, 0x50)
getdents(r3, &(0x7f0000000040)=""/44, 0x2c)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
open(&(0x7f0000000080)='./bus\x00', 0x169242, 0x10)
rename(&(0x7f0000000440)='./bus\x00', &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000480)={0x2, 0x41414770, 0x1, @stepwise={0x7, 0x0, 0x5, 0x0, 0x6, 0xf922}})
sendmsg$nl_xfrm(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2}, {0x0, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000580)={{0x1, 0x1, 0x18, r0, {0xb}}, './file0\x00'})
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r11, 0x8910, &(0x7f0000000000)={'lo\x00', @ifru_map={0x8, 0x9, 0x4e, 0x9, 0xd, 0x5d}})
ioctl$sock_netdev_private(r11, 0x8949, &(0x7f0000000000))
sendmsg$NL80211_CMD_SET_CQM(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x38, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_CQM={0x1c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x84d}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x337}]}]}, 0x38}}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@security={'security\x00', 0x44, 0x4, 0x424, 0xffffffff, 0xc8, 0x294, 0xc8, 0xffffffff, 0xffffffff, 0x35c, 0x35c, 0x35c, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@private0, @mcast1, [0x0, 0x0, 0xffffffff], [], 'nr0\x00', 'veth0_vlan\x00'}, 0x203, 0xa4, 0xc8, 0x8502}, @common=@unspec=@CONNSECMARK={0x24, 'CONNSECMARK\x00', 0x0, {0x1}}}, {{@uncond, 0x0, 0xa4, 0x1cc}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:modem_device_t:s0\x00'}}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@AUDIT={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x480)

2.337838636s ago: executing program 0 (id=7653):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x12b080, 0x0)
write$vga_arbiter(r0, &(0x7f0000000140)=@target={'target ', {'PCI:', 'c', ':', 'f', ':', 'd', '.', '1a'}}, 0x14)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = syz_open_procfs$namespace(0x0, 0x0)
setns(r2, 0x8000000)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000440)={0x0, 0x304e, 0x0, 0x2, 0x28d}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280))
r5 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x84200)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
ioctl$NBD_DO_IT(r5, 0xab03)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)

2.173222747s ago: executing program 5 (id=7646):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
poll(&(0x7f0000000040)=[{r0, 0xc200}], 0x1, 0x400)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000400)={0x6, 0x3, 0x100, 0x0, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
syz_open_procfs(0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x4000a2, 0x118)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r2 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, r2, 0x0, 0x0, 'syz1\x00', 0x0})

1.936424234s ago: executing program 4 (id=7647):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000772904202404019957c201020301090210000904430002317d55002a05020200020200000905820200020000000000000000"], 0x0)
syz_usb_ep_read(r1, 0x5, 0xb4, &(0x7f0000000200)=""/180)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="64000000010605000000000000000000000000000500040000f200000900020073797a3200000000140007800500150000000000080012400000c468000000000400010000005f0001000600000016000300686173683a6e65742c706f72742c6e657400"], 0xfffffffffffffdc3}}, 0x40010)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000500)=ANY=[@ANYBLOB="000d02000000dae538e9d1c8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a58000000060a010400000000000000000a56cd190300010073797a31000000002c0004802800018007000100637400001c0002800500030001000000080002400000001508d866da460000090900020073797a3200000000140000001100010000000000000000000200000a"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000000416010800000000000000000a0000050500011007000000e169c7abf0554c370996fe6a489a189d5698602385d4bd99b3cfa9990995b88759c4f0e9875e6f6025f01f7b2725e2a710f8e0fcf61b872dff1605b685312c416016aa0de0010000002befff10207f7d54fc15cc4c5cf23f4640dc4a4810ff7be0651efff77de5a37eb897"], 0x1c}, 0x1, 0x0, 0x0, 0x4002}, 0x24000010)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050001000000fddbdf25060000000c009900050000020f0000001c00e700941686f54c428e48193856257512280bf969b3ca65ea3f63b7b6e38804929e8149b48f7eeadfc8c208fc89dfb8e94da72058f2cd16c9e92016c91091ac6df2ae1dc0b49621112614eca347fae8825e4a5fbd4ed9b7daa78a764f81c0c26a2db5f62d50633d60d7aba025dcdd09a92d5de3c7f74d5c10f76328c72f480af9cb979375b82d3aed485dccc3651c863bbbce4a3d90b58f48ae91d13007f734469130f36d08f5944f45977348a9629b5015e16f283b0ed1c28e56f62ceb273c2e432ddd5e67cb7123ad7b285a22d49dc0d5e50498ff35087f262de3728578ee31ececfc460ccba184c96b6551e4ca4237b3367c4b7ced4b541f63e4639b8280571a0f3d1f92558be609604f72153f02cf88cfb6c8b95eb0200bfbb70973ac057e989796262bb2"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x44004)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x2, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f00000003c0)={0x13, 0x10, 0xfa00, {0x0, r8, 0x3}}, 0x18)
syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16=r6], 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)
syz_usb_control_io$hid(r9, &(0x7f00000002c0)={0x14, 0x0, 0x0, &(0x7f00000002c0)=ANY=[], 0x0}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="000000003d000103f0a18725a1db462b9041c3088c2a"], 0x14}}, 0x0)
syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x40)

1.516893656s ago: executing program 6 (id=7648):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
fcntl$getown(r2, 0x9)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
getrlimit(0xe, &(0x7f0000000000))
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$tipc(0x1e, 0x2, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="364000001a0091"], 0x82d7)
socket$packet(0x11, 0x3, 0x300)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0xc0041, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000140)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.366441338s ago: executing program 0 (id=7649):
r0 = syz_open_dev$dri(0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x24008800}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(0xffffffffffffffff, r2, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$radio(0x0, 0x3, 0x2)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$addseals(r2, 0x409, 0x8)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000100010002d0100000000000100000000", @ANYRES32=0x0, @ANYBLOB="fff0000008030000"], 0x20}, 0x1, 0x0, 0x0, 0x20081}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000001100010027bd7000fddbdf2500000000", @ANYRES32=r5, @ANYBLOB="801400000421000041fda70e0000003b009f460372fae0cae5f66e14a3d6302747888aa1930451d348c184c110bf01c2d4ab8b2dbb1593b08e3d9934f8b06923c7501ecec693f3284209caac12"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000040)={0x0, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000080)={0x0, r6, 0x4, 0xfffffffe, 0x0, 0x2, 0x0, 0x1, 0x73})
pselect6(0x95, &(0x7f00000001c0)={0x3f, 0xffffffffffffff7e, 0xfffffffffffffffe, 0x6, 0xfffffffffffffffd, 0x3, 0x0, 0x6}, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)

1.245638813s ago: executing program 5 (id=7650):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_setup(0x2255, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xa, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x2020}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x38, r3, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4b}}}}, [@chandef_params, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x56}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x4014)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r5, r5, 0x0, 0x200000)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
syz_emit_vhci(0x0, 0x7)
mount$cgroup(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x8000, &(0x7f0000000480)={[{@name={'name', 0x3d, 'nfs\x00'}}]})

873.012462ms ago: executing program 0 (id=7651):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
fcntl$getown(r1, 0x9)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {}, {0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x5}, @TCA_FLOWER_KEY_CT_STATE_MASK={0x6, 0x5c, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$tipc(0x1e, 0x2, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYRESOCT=0x0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x28}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="364000001a0091"], 0x82d7)
socket$packet(0x11, 0x3, 0x300)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000480), 0xc0041, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000140)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

662.362524ms ago: executing program 6 (id=7652):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(0x0, 0x0)
mount$9p_fd(0xedc0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}})
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff007f303030"], 0x41)

165.034225ms ago: executing program 5 (id=7654):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x10000)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc010643a, &(0x7f00000001c0)={0x1, 0xb795, 0x1d})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000080000000000000a"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="28000000130a01010000000000000000020000000900010073797a0094ab7dadc4028d4000000001"], 0x28}}, 0x4040040)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)

0s ago: executing program 5 (id=7655):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x3})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = openat$cgroup_pressure(r7, &(0x7f0000000080)='io.pressure\x00', 0x2, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
sendfile64(r9, r8, 0x0, 0x8)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f00000004c0)=[@free_buffer], 0x0, 0x0, 0x0})
r10 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
readv(r10, &(0x7f00000007c0)=[{&(0x7f0000000080)=""/149, 0x95}, {0x0}], 0x2)
readv(r10, 0x0, 0x0)
write$UHID_DESTROY(r10, &(0x7f0000000200), 0x4)
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

kernel console output (not intermixed with test programs):

][T32172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1764.841076][T32172] Call Trace:
[ 1764.841081][T32172]  <TASK>
[ 1764.841085][T32172]  dump_stack_lvl+0x16c/0x1f0
[ 1764.841107][T32172]  should_fail_ex+0x512/0x640
[ 1764.841120][T32172]  ? __kmalloc_noprof+0xca/0x910
[ 1764.841134][T32172]  should_failslab+0xc2/0x120
[ 1764.841151][T32172]  __kmalloc_noprof+0xeb/0x910
[ 1764.841163][T32172]  ? alloc_pipe_info+0x1ec/0x590
[ 1764.841183][T32172]  ? alloc_pipe_info+0x1ec/0x590
[ 1764.841199][T32172]  alloc_pipe_info+0x1ec/0x590
[ 1764.841217][T32172]  splice_direct_to_actor+0x77d/0xa30
[ 1764.841235][T32172]  ? __lock_acquire+0x436/0x2890
[ 1764.841245][T32172]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1764.841262][T32172]  ? __pfx_aa_file_perm+0x10/0x10
[ 1764.841278][T32172]  ? find_held_lock+0x2b/0x80
[ 1764.841292][T32172]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1764.841312][T32172]  ? get_pid_task+0xfc/0x250
[ 1764.841326][T32172]  do_splice_direct+0x174/0x240
[ 1764.841343][T32172]  ? __pfx_do_splice_direct+0x10/0x10
[ 1764.841359][T32172]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1764.841376][T32172]  ? bpf_lsm_file_permission+0x9/0x10
[ 1764.841389][T32172]  ? security_file_permission+0x71/0x210
[ 1764.841404][T32172]  ? rw_verify_area+0xcf/0x6c0
[ 1764.841419][T32172]  do_sendfile+0xb06/0xe50
[ 1764.841436][T32172]  ? __pfx_do_sendfile+0x10/0x10
[ 1764.841451][T32172]  ? __fget_files+0x20e/0x3c0
[ 1764.841471][T32172]  __ia32_compat_sys_sendfile+0x1e5/0x220
[ 1764.841483][T32172]  ? ksys_write+0x1ac/0x250
[ 1764.841498][T32172]  ? __pfx___ia32_compat_sys_sendfile+0x10/0x10
[ 1764.841510][T32172]  ? do_user_addr_fault+0x843/0x1370
[ 1764.841526][T32172]  __do_fast_syscall_32+0xe8/0x680
[ 1764.841559][T32172]  do_fast_syscall_32+0x32/0x80
[ 1764.841570][T32172]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1764.841584][T32172] RIP: 0023:0xf700d579
[ 1764.841593][T32172] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1764.841604][T32172] RSP: 002b:00000000f53bb55c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb
[ 1764.841615][T32172] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000000000008
[ 1764.841622][T32172] RDX: 0000000000000000 RSI: 0000000000040008 RDI: 0000000000000000
[ 1764.841629][T32172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1764.841635][T32172] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1764.841642][T32172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1764.841655][T32172]  </TASK>
[ 1765.004849][T32175] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7240'.
[ 1765.008257][T32175] netlink: 'syz.4.7240': attribute type 10 has an invalid length.
[ 1765.012062][T32175] netlink: 2 bytes leftover after parsing attributes in process `syz.4.7240'.
[ 1765.020132][T32175] team0: entered promiscuous mode
[ 1765.022576][T32175] team_slave_0: entered promiscuous mode
[ 1765.025081][T32175] team_slave_1: entered promiscuous mode
[ 1765.027504][T32175] bridge0: port 3(team0) entered blocking state
[ 1765.029625][T32175] bridge0: port 3(team0) entered disabled state
[ 1765.114756][T32175] team0: entered allmulticast mode
[ 1765.117135][T32175] team_slave_0: entered allmulticast mode
[ 1765.119631][T32175] team_slave_1: entered allmulticast mode
[ 1765.123968][T32175] bridge0: port 3(team0) entered blocking state
[ 1765.126193][T32175] bridge0: port 3(team0) entered forwarding state
[ 1765.228680][T32180] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[ 1765.230961][T32180] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1765.235165][T32180] vhci_hcd vhci_hcd.0: Device attached
[ 1765.248222][T32180] netlink: 9 bytes leftover after parsing attributes in process `syz.0.7239'.
[ 1765.270137][T32180] 1·: renamed from 
c0· (while UP)
[ 1765.281342][T32180] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[ 1765.420067][T22557] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1765.521068][ T6005] usb 38-1: SetAddress Request (15) to port 0
[ 1765.567298][ T6005] usb 38-1: new SuperSpeed USB device number 15 using vhci_hcd
[ 1765.571304][T32185] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1765.574426][T32185] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1765.579835][T22557] usb 9-1: Using ep0 maxpacket: 8
[ 1765.582416][T32185] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1765.586513][T22557] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1765.589359][T22557] usb 9-1: config 0 has no interface number 0
[ 1765.591774][T22557] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1765.597149][T22557] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1765.600788][T32185] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1765.603240][T22557] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1765.608527][T22557] usb 9-1: config 0 descriptor??
[ 1765.627465][T22557] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1765.870385][T32179] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7241'.
[ 1765.871079][T32181] vhci_hcd: connection reset by peer
[ 1765.886576][T21412] vhci_hcd vhci_hcd.0: stop threads
[ 1765.888355][T21412] vhci_hcd vhci_hcd.0: release socket
[ 1765.897244][T21412] vhci_hcd vhci_hcd.0: disconnect device
[ 1765.941766][T32201] netlink: 28 bytes leftover after parsing attributes in process `syz.5.7245'.
[ 1765.946842][T32201] netlink: 'syz.5.7245': attribute type 10 has an invalid length.
[ 1765.980541][T32201] team0: Port device dummy0 added
[ 1765.991793][T32204] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1765.995114][T32201] netlink: 'syz.5.7245': attribute type 10 has an invalid length.
[ 1766.003541][T32201] team0: Port device dummy0 removed
[ 1766.008206][T32201] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1766.943251][   T54] usb 9-1: USB disconnect, device number 3
[ 1768.376015][T32253] veth0: entered promiscuous mode
[ 1768.555965][T32244] veth0: left promiscuous mode
[ 1768.919762][ T6024] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[ 1769.590684][T32235] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[ 1769.595850][T32269] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7259'.
[ 1769.674566][T32273] overlayfs: failed to resolve './bus': -2
[ 1769.709913][ T6024] usb 10-1: Using ep0 maxpacket: 8
[ 1769.713306][ T6024] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1769.715954][ T6024] usb 10-1: config 0 has no interface number 0
[ 1769.718091][ T6024] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1769.722137][ T6024] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1769.725118][ T6024] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1769.730286][ T6024] usb 10-1: config 0 descriptor??
[ 1769.737238][ T6024] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1769.769812][T32235] usb 5-1: Using ep0 maxpacket: 8
[ 1769.773128][T32235] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1769.776019][T32235] usb 5-1: config 0 has no interface number 0
[ 1769.778800][T32235] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1770.064529][T32257] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7254'.
[ 1770.486795][T32235] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1770.490014][T32235] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1770.501359][T32235] usb 5-1: config 0 descriptor??
[ 1770.669421][ T6005] usb 38-1: device descriptor read/8, error -110
[ 1770.733289][T32283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1770.735896][T32283] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1770.739035][T32283] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1770.742106][T32283] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1770.785778][T32283] batadv0 (unregistering): left promiscuous mode
[ 1770.809152][T32267] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7257'.
[ 1771.140310][ T6005] usb usb38-port1: attempt power cycle
[ 1771.190168][T22557] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1771.251456][T32235] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1
[ 1771.259658][   T24] usb 10-1: USB disconnect, device number 3
[ 1771.262828][T31538] usb 5-1: USB disconnect, device number 98
[ 1771.339869][T22557] usb 9-1: Using ep0 maxpacket: 8
[ 1771.343775][T22557] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1771.347069][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1771.352193][T22557] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1771.357252][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1771.362435][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1771.368723][T22557] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1771.372300][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1771.377144][T22557] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1771.382551][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1771.387370][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1771.393391][T22557] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[ 1771.396725][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1771.402053][T22557] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1771.407123][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1771.413655][T22557] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1771.421051][T22557] usb 9-1: string descriptor 0 read error: -22
[ 1771.423186][T22557] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1771.426164][T22557] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1771.433139][T22557] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1771.700301][ T6005] usb usb38-port1: unable to enumerate USB device
[ 1771.937777][T32302] overlayfs: failed to resolve './bus': -2
[ 1773.737470][T32235] usb 9-1: USB disconnect, device number 4
[ 1773.986594][T32330] overlayfs: failed to resolve './bus': -2
[ 1774.254461][T32340] overlayfs: workdir and upperdir must reside under the same mount
[ 1774.264434][T32340] overlayfs: statfs failed on './file0'
[ 1774.349869][T31538] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[ 1774.554330][T31538] usb 5-1: Using ep0 maxpacket: 8
[ 1774.577197][T31538] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1774.580580][T31538] usb 5-1: config 0 has no interface number 0
[ 1774.583025][T31538] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1774.588054][T31538] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1774.615065][T31538] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1774.623884][T31538] usb 5-1: config 0 descriptor??
[ 1774.636434][T31538] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1774.831951][T32354] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1774.834133][T32354] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1774.838349][T32354] vhci_hcd vhci_hcd.0: Device attached
[ 1774.866827][T32354] random: crng reseeded on system resumption
[ 1774.916950][T32334] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7277'.
[ 1775.209805][T31538] usb 46-1: SetAddress Request (2) to port 0
[ 1775.212213][T31538] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1775.563107][T32364] overlayfs: workdir and upperdir must reside under the same mount
[ 1775.863801][T32366] block nbd5: shutting down sockets
[ 1775.978405][T32354] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1776.004109][T32355] vhci_hcd: connection reset by peer
[ 1776.006634][ T4024] vhci_hcd vhci_hcd.4: stop threads
[ 1776.008409][ T4024] vhci_hcd vhci_hcd.4: release socket
[ 1776.010885][ T4024] vhci_hcd vhci_hcd.4: disconnect device
[ 1776.247377][   T24] usb 5-1: USB disconnect, device number 99
[ 1776.281690][T32384] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7287'.
[ 1776.595086][T32395] overlayfs: statfs failed on './file0'
[ 1776.645708][T32405] syzkaller0: entered promiscuous mode
[ 1776.648075][T32405] syzkaller0: entered allmulticast mode
[ 1776.658063][T32406] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7291'.
[ 1776.661759][T32405] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7291'.
[ 1776.815514][T32411] FAULT_INJECTION: forcing a failure.
[ 1776.815514][T32411] name failslab, interval 1, probability 0, space 0, times 0
[ 1776.821826][T32411] CPU: 2 UID: 0 PID: 32411 Comm: syz.0.7292 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1776.821846][T32411] Tainted: [L]=SOFTLOCKUP
[ 1776.821850][T32411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1776.821857][T32411] Call Trace:
[ 1776.821861][T32411]  <TASK>
[ 1776.821866][T32411]  dump_stack_lvl+0x16c/0x1f0
[ 1776.821886][T32411]  should_fail_ex+0x512/0x640
[ 1776.821899][T32411]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1776.821914][T32411]  should_failslab+0xc2/0x120
[ 1776.821964][T32411]  kmem_cache_alloc_noprof+0x83/0x770
[ 1776.821985][T32411]  ? skb_clone+0x190/0x3f0
[ 1776.822002][T32411]  ? skb_clone+0x190/0x3f0
[ 1776.822015][T32411]  skb_clone+0x190/0x3f0
[ 1776.822030][T32411]  netlink_deliver_tap+0xabd/0xd30
[ 1776.822049][T32411]  netlink_unicast+0x64c/0x870
[ 1776.822080][T32411]  ? __pfx_netlink_unicast+0x10/0x10
[ 1776.822102][T32411]  netlink_sendmsg+0x8c8/0xdd0
[ 1776.822119][T32411]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1776.822149][T32411]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1776.822171][T32411]  ____sys_sendmsg+0xa5d/0xc30
[ 1776.822191][T32411]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1776.822207][T32411]  ? get_compat_msghdr+0x11a/0x170
[ 1776.822228][T32411]  ___sys_sendmsg+0x134/0x1d0
[ 1776.822243][T32411]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1776.822264][T32411]  ? find_held_lock+0x2b/0x80
[ 1776.822287][T32411]  __sys_sendmsg+0x16d/0x220
[ 1776.822301][T32411]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1776.822324][T32411]  __do_fast_syscall_32+0xe8/0x680
[ 1776.822344][T32411]  do_fast_syscall_32+0x32/0x80
[ 1776.822354][T32411]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1776.822368][T32411] RIP: 0023:0xf7f75579
[ 1776.822377][T32411] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1776.822388][T32411] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1776.822399][T32411] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800002c0
[ 1776.822406][T32411] RDX: 0000000020000050 RSI: 0000000000000000 RDI: 0000000000000000
[ 1776.822413][T32411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1776.822419][T32411] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1776.822425][T32411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1776.822439][T32411]  </TASK>
[ 1776.822611][T32411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7292'.
[ 1776.854419][T32412] snd_dummy snd_dummy.0: control 5:65279:0:syz0:0 is already present
[ 1777.039835][ T6024] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[ 1777.194263][ T6024] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1777.198067][ T6024] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1777.549850][ T6024] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1777.552329][ T6024] usb 9-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1777.555406][ T6024] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1777.566469][ T6024] usb 9-1: config 0 descriptor??
[ 1777.572195][T32416] block nbd0: shutting down sockets
[ 1777.707660][T32427] bond1: (slave vlan1): Device is not bonding slave
[ 1777.720839][T32427] bond1: option active_slave: invalid value (vlan1)
[ 1777.767013][T32427] bond1 (unregistering): Released all slaves
[ 1777.979141][T32433] mkiss: ax0: crc mode is auto.
[ 1778.194218][ T6024] usbhid 9-1:0.0: can't add hid device: -71
[ 1778.200736][ T6024] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1778.214544][ T6024] usb 9-1: USB disconnect, device number 5
[ 1778.935849][T32438] 9pnet_virtio: no channels available for device syz
[ 1779.209852][T32328] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[ 1779.369782][T32328] usb 11-1: Using ep0 maxpacket: 8
[ 1779.374995][T32328] usb 11-1: config 0 has an invalid interface number: 1 but max is 0
[ 1779.377717][T32328] usb 11-1: config 0 has no interface number 0
[ 1779.379951][T32328] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1779.383569][T32328] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1779.387103][T32328] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1779.391683][T32328] usb 11-1: config 0 descriptor??
[ 1779.396799][T32328] iowarrior 11-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1779.644594][T32442] netlink: 60 bytes leftover after parsing attributes in process `syz.6.7300'.
[ 1780.299796][T31538] usb 46-1: device descriptor read/8, error -110
[ 1780.690355][T31538] usb usb46-port1: attempt power cycle
[ 1780.730623][T25196] usb 11-1: USB disconnect, device number 3
[ 1780.922206][T32460] overlayfs: workdir and upperdir must reside under the same mount
[ 1781.091491][T32471] overlayfs: statfs failed on './file0'
[ 1781.304150][T31538] usb usb46-port1: unable to enumerate USB device
[ 1781.475352][T32482] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[ 1781.477548][T32482] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1781.481612][T32482] vhci_hcd vhci_hcd.0: Device attached
[ 1781.506573][T32488] FAULT_INJECTION: forcing a failure.
[ 1781.506573][T32488] name failslab, interval 1, probability 0, space 0, times 0
[ 1781.507976][T32482] random: crng reseeded on system resumption
[ 1781.512417][T32488] CPU: 2 UID: 0 PID: 32488 Comm: syz.6.7311 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1781.512435][T32488] Tainted: [L]=SOFTLOCKUP
[ 1781.512439][T32488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1781.512446][T32488] Call Trace:
[ 1781.512450][T32488]  <TASK>
[ 1781.512455][T32488]  dump_stack_lvl+0x16c/0x1f0
[ 1781.512476][T32488]  should_fail_ex+0x512/0x640
[ 1781.512489][T32488]  ? fs_reclaim_acquire+0xae/0x150
[ 1781.512508][T32488]  should_failslab+0xc2/0x120
[ 1781.512525][T32488]  __kmalloc_noprof+0xeb/0x910
[ 1781.512538][T32488]  ? tomoyo_encode2+0x100/0x3e0
[ 1781.512556][T32488]  ? tomoyo_encode2+0x100/0x3e0
[ 1781.512570][T32488]  tomoyo_encode2+0x100/0x3e0
[ 1781.512586][T32488]  tomoyo_encode+0x29/0x50
[ 1781.512600][T32488]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1781.512619][T32488]  tomoyo_path_number_perm+0x245/0x580
[ 1781.512632][T32488]  ? tomoyo_path_number_perm+0x237/0x580
[ 1781.512646][T32488]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1781.512673][T32488]  ? find_held_lock+0x2b/0x80
[ 1781.512688][T32488]  ? hook_file_ioctl_common+0x144/0x410
[ 1781.512704][T32488]  ? __fget_files+0x20e/0x3c0
[ 1781.512719][T32488]  ? __fput_deferred+0x430/0x480
[ 1781.512733][T32488]  security_file_ioctl_compat+0x9b/0x240
[ 1781.512747][T32488]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1781.512764][T32488]  __do_fast_syscall_32+0xe8/0x680
[ 1781.512783][T32488]  do_fast_syscall_32+0x32/0x80
[ 1781.512793][T32488]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1781.512808][T32488] RIP: 0023:0xf709d579
[ 1781.512817][T32488] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1781.512828][T32488] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1781.512855][T32488] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541c
[ 1781.512862][T32488] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1781.512869][T32488] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1781.512875][T32488] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1781.512882][T32488] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1781.512896][T32488]  </TASK>
[ 1781.512976][T32488] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1781.749969][T31201] usb 48-1: SetAddress Request (2) to port 0
[ 1781.752374][T31201] usb 48-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1783.100006][T21476] block nbd4: Receive control failed (result -32)
[ 1783.105810][T32497] block nbd4: shutting down sockets
[ 1783.175272][T32505] 9pnet_virtio: no channels available for device syz
[ 1783.332267][T21476] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1783.335709][T21476] CPU: 0 UID: 0 PID: 21476 Comm: kworker/u33:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1783.335729][T21476] Tainted: [L]=SOFTLOCKUP
[ 1783.335733][T21476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1783.335742][T21476] Workqueue: hci2 hci_rx_work
[ 1783.335762][T21476] Call Trace:
[ 1783.335766][T21476]  <TASK>
[ 1783.335772][T21476]  dump_stack_lvl+0x16c/0x1f0
[ 1783.335792][T21476]  sysfs_warn_dup+0x7f/0xa0
[ 1783.335806][T21476]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1783.335819][T21476]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1783.335832][T21476]  ? find_held_lock+0x2b/0x80
[ 1783.335850][T21476]  ? do_raw_spin_unlock+0x172/0x230
[ 1783.335864][T21476]  kobject_add_internal+0x2c4/0x9d0
[ 1783.335884][T21476]  kobject_add+0x16e/0x240
[ 1783.335896][T21476]  ? __pfx_kobject_add+0x10/0x10
[ 1783.335910][T21476]  ? kobject_put+0xaf/0x6f0
[ 1783.335920][T21476]  ? _raw_spin_unlock+0x28/0x50
[ 1783.335941][T21476]  device_add+0x288/0x1980
[ 1783.335959][T21476]  ? __pfx_dev_set_name+0x10/0x10
[ 1783.335976][T21476]  ? __pfx_device_add+0x10/0x10
[ 1783.335992][T21476]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1783.336012][T21476]  hci_conn_add_sysfs+0x1a8/0x260
[ 1783.336029][T21476]  le_conn_complete_evt+0x11ed/0x1fa0
[ 1783.336048][T21476]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1783.336067][T21476]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1783.336085][T21476]  hci_le_meta_evt+0x357/0x610
[ 1783.336100][T21476]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1783.336117][T21476]  hci_event_packet+0x685/0x1210
[ 1783.336132][T21476]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1783.336148][T21476]  ? __pfx_hci_event_packet+0x10/0x10
[ 1783.336164][T21476]  ? kcov_remote_start+0x399/0x680
[ 1783.336181][T21476]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1783.336202][T21476]  hci_rx_work+0x2c9/0x1020
[ 1783.336218][T21476]  process_one_work+0x9ba/0x1b20
[ 1783.336237][T21476]  ? __pfx_process_one_work+0x10/0x10
[ 1783.336253][T21476]  ? assign_work+0x1a0/0x250
[ 1783.336266][T21476]  worker_thread+0x6c8/0xf10
[ 1783.336284][T21476]  ? __pfx_worker_thread+0x10/0x10
[ 1783.336296][T21476]  kthread+0x3c5/0x780
[ 1783.336308][T21476]  ? __pfx_kthread+0x10/0x10
[ 1783.336320][T21476]  ? rcu_is_watching+0x12/0xc0
[ 1783.336335][T21476]  ? __pfx_kthread+0x10/0x10
[ 1783.336347][T21476]  ret_from_fork+0x983/0xb10
[ 1783.336359][T21476]  ? __pfx_ret_from_fork+0x10/0x10
[ 1783.336372][T21476]  ? __switch_to+0x7af/0x10d0
[ 1783.336386][T21476]  ? __pfx_kthread+0x10/0x10
[ 1783.336398][T21476]  ret_from_fork_asm+0x1a/0x30
[ 1783.336422][T21476]  </TASK>
[ 1783.336435][T21476] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1783.423244][T21476] Bluetooth: hci2: failed to register connection device
[ 1783.659850][T32436] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1783.727901][T32490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1783.732669][T32483] vhci_hcd: connection reset by peer
[ 1783.736595][T20107] vhci_hcd vhci_hcd.5: stop threads
[ 1783.738609][T20107] vhci_hcd vhci_hcd.5: release socket
[ 1783.740979][T20107] vhci_hcd vhci_hcd.5: disconnect device
[ 1783.810869][T32436] usb 9-1: Using ep0 maxpacket: 8
[ 1783.820974][T32436] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1783.824596][T32436] usb 9-1: config 0 has no interface number 0
[ 1783.826867][T32436] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1783.835906][   T40] kauditd_printk_skb: 15 callbacks suppressed
[ 1783.835919][   T40] audit: type=1326 audit(1766903909.819:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.841297][T32436] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1783.851870][   T40] audit: type=1326 audit(1766903909.829:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=138 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.863829][   T40] audit: type=1326 audit(1766903909.849:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.863840][T32436] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1783.879760][   T40] audit: type=1326 audit(1766903909.849:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.892538][T32436] usb 9-1: config 0 descriptor??
[ 1783.904004][T32436] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1783.919793][   T40] audit: type=1326 audit(1766903909.849:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.949803][   T40] audit: type=1326 audit(1766903909.929:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.956459][T32526] netlink: 'syz.5.7322': attribute type 1 has an invalid length.
[ 1783.957173][   T40] audit: type=1326 audit(1766903909.939:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.967053][   T40] audit: type=1326 audit(1766903909.949:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1783.986385][T32526] bond1: entered promiscuous mode
[ 1783.989038][T32526] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1783.994039][T32526] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.7322'.
[ 1784.014966][   T40] audit: type=1326 audit(1766903909.999:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1784.024353][   T40] audit: type=1326 audit(1766903910.009:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32523 comm="syz.0.7321" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x7ffc0000
[ 1784.028311][T32531] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.7322'.
[ 1784.457204][T32513] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7319'.
[ 1785.105109][T32553] netlink: 48 bytes leftover after parsing attributes in process `syz.6.7327'.
[ 1785.196688][T32552] overlayfs: workdir and upperdir must reside under the same mount
[ 1785.255043][T32559] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1785.257614][T32559] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1785.618494][   T12] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1785.621682][   T12] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1785.624747][   T12] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1785.627800][   T12] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1785.652683][ T6005] usb 9-1: USB disconnect, device number 6
[ 1785.661356][T32566] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7330'.
[ 1785.895904][T32570] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[ 1785.898814][T32570] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1785.903228][T32570] vhci_hcd vhci_hcd.0: Device attached
[ 1785.923965][T32570] random: crng reseeded on system resumption
[ 1785.929250][T32574] FAULT_INJECTION: forcing a failure.
[ 1785.929250][T32574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1785.935351][T32574] CPU: 2 UID: 0 PID: 32574 Comm: syz.0.7332 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1785.935372][T32574] Tainted: [L]=SOFTLOCKUP
[ 1785.935377][T32574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1785.935384][T32574] Call Trace:
[ 1785.935389][T32574]  <TASK>
[ 1785.935393][T32574]  dump_stack_lvl+0x16c/0x1f0
[ 1785.935415][T32574]  should_fail_ex+0x512/0x640
[ 1785.935431][T32574]  _copy_from_user+0x2e/0xd0
[ 1785.935448][T32574]  copy_from_buffer+0x7f/0xc0
[ 1785.935476][T32574]  copy_uabi_to_xstate+0x26d/0x670
[ 1785.935510][T32574]  ? __pfx_copy_uabi_to_xstate+0x10/0x10
[ 1785.935546][T32574]  ? __fpu_restore_sig+0xa8a/0x1370
[ 1785.935571][T32574]  ? rcu_is_watching+0x12/0xc0
[ 1785.935587][T32574]  ? x86_task_fpu+0x5f/0x90
[ 1785.935603][T32574]  __fpu_restore_sig+0x10a6/0x1370
[ 1785.935622][T32574]  ? __pfx___fpu_restore_sig+0x10/0x10
[ 1785.935647][T32574]  ? __might_fault+0xe3/0x190
[ 1785.935661][T32574]  ? __might_fault+0x13b/0x190
[ 1785.935676][T32574]  fpu__restore_sig+0x151/0x190
[ 1785.935695][T32574]  ia32_restore_sigcontext+0x44a/0x630
[ 1785.935708][T32574]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[ 1785.935724][T32574]  ? rcu_is_watching+0x12/0xc0
[ 1785.935739][T32574]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1785.935755][T32574]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1785.935775][T32574]  __do_compat_sys_rt_sigreturn+0x18c/0x270
[ 1785.935788][T32574]  ? __pfx___do_compat_sys_rt_sigreturn+0x10/0x10
[ 1785.935802][T32574]  ? rcu_is_watching+0x12/0xc0
[ 1785.935820][T32574]  do_int80_emulation+0x104/0x480
[ 1785.935840][T32574]  asm_int80_emulation+0x1a/0x20
[ 1785.935851][T32574] RIP: 0023:0xf7f75577
[ 1785.935861][T32574] Code: 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 <cd> 80 5d 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00
[ 1785.935873][T32574] RSP: 002b:00000000f546655c EFLAGS: 00000296
[ 1785.935889][T32574] RAX: 0000000000000036 RBX: 0000000000000003 RCX: 0000000000002285
[ 1785.935897][T32574] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[ 1785.935903][T32574] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1785.935910][T32574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1785.935917][T32574] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1785.935932][T32574]  </TASK>
[ 1786.121314][T29552] block nbd5: Receive control failed (result -32)
[ 1786.124066][T32564] block nbd5: shutting down sockets
[ 1786.207614][ T6024] usb 50-1: SetAddress Request (2) to port 0
[ 1786.220441][ T6024] usb 50-1: new SuperSpeed USB device number 2 using vhci_hcd
[ 1786.811735][T32571] vhci_hcd: connection reset by peer
[ 1786.815842][   T90] vhci_hcd vhci_hcd.6: stop threads
[ 1786.818386][   T90] vhci_hcd vhci_hcd.6: release socket
[ 1786.822901][   T90] vhci_hcd vhci_hcd.6: disconnect device
[ 1786.849900][T31201] usb 48-1: device descriptor read/8, error -110
[ 1786.911318][T32575] block nbd0: shutting down sockets
[ 1787.663477][T32589] overlayfs: failed to resolve './bus': -2
[ 1787.728598][T29552] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 1787.732581][T29552] CPU: 1 UID: 0 PID: 29552 Comm: kworker/u33:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1787.732601][T29552] Tainted: [L]=SOFTLOCKUP
[ 1787.732605][T29552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1787.732615][T29552] Workqueue: hci1 hci_rx_work
[ 1787.732635][T29552] Call Trace:
[ 1787.732640][T29552]  <TASK>
[ 1787.732645][T29552]  dump_stack_lvl+0x16c/0x1f0
[ 1787.732664][T29552]  sysfs_warn_dup+0x7f/0xa0
[ 1787.732679][T29552]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1787.732692][T29552]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1787.732705][T29552]  ? find_held_lock+0x2b/0x80
[ 1787.732724][T29552]  ? do_raw_spin_unlock+0x172/0x230
[ 1787.732738][T29552]  kobject_add_internal+0x2c4/0x9d0
[ 1787.732752][T29552]  kobject_add+0x16e/0x240
[ 1787.732764][T29552]  ? __pfx_kobject_add+0x10/0x10
[ 1787.732777][T29552]  ? kobject_put+0xaf/0x6f0
[ 1787.732786][T29552]  ? _raw_spin_unlock+0x28/0x50
[ 1787.732805][T29552]  device_add+0x288/0x1980
[ 1787.732822][T29552]  ? __pfx_dev_set_name+0x10/0x10
[ 1787.732838][T29552]  ? __pfx_device_add+0x10/0x10
[ 1787.732854][T29552]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1787.732873][T29552]  hci_conn_add_sysfs+0x1a8/0x260
[ 1787.732891][T29552]  le_conn_complete_evt+0x11ed/0x1fa0
[ 1787.732909][T29552]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1787.732927][T29552]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1787.732945][T29552]  hci_le_meta_evt+0x357/0x610
[ 1787.732961][T29552]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1787.732978][T29552]  hci_event_packet+0x685/0x1210
[ 1787.732993][T29552]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1787.733009][T29552]  ? __pfx_hci_event_packet+0x10/0x10
[ 1787.733025][T29552]  ? kcov_remote_start+0x399/0x680
[ 1787.733042][T29552]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1787.733062][T29552]  hci_rx_work+0x2c9/0x1020
[ 1787.733079][T29552]  process_one_work+0x9ba/0x1b20
[ 1787.733097][T29552]  ? __pfx_process_one_work+0x10/0x10
[ 1787.733113][T29552]  ? assign_work+0x1a0/0x250
[ 1787.733126][T29552]  worker_thread+0x6c8/0xf10
[ 1787.733142][T29552]  ? __kthread_parkme+0x19e/0x250
[ 1787.733165][T29552]  ? __pfx_worker_thread+0x10/0x10
[ 1787.733179][T29552]  kthread+0x3c5/0x780
[ 1787.733191][T29552]  ? __pfx_kthread+0x10/0x10
[ 1787.733204][T29552]  ? rcu_is_watching+0x12/0xc0
[ 1787.733221][T29552]  ? __pfx_kthread+0x10/0x10
[ 1787.733233][T29552]  ret_from_fork+0x983/0xb10
[ 1787.733246][T29552]  ? __pfx_ret_from_fork+0x10/0x10
[ 1787.733260][T29552]  ? __switch_to+0x7af/0x10d0
[ 1787.733275][T29552]  ? __pfx_kthread+0x10/0x10
[ 1787.733287][T29552]  ret_from_fork_asm+0x1a/0x30
[ 1787.733312][T29552]  </TASK>
[ 1787.733328][T29552] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1787.835707][T29552] Bluetooth: hci1: failed to register connection device
[ 1787.861397][T31201] usb usb48-port1: attempt power cycle
[ 1788.026517][T32235] IPVS: starting estimator thread 0...
[ 1788.110290][T32601] IPVS: using max 45 ests per chain, 108000 per kthread
[ 1788.812280][T31201] usb usb48-port1: unable to enumerate USB device
[ 1789.219913][T31538] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[ 1789.379966][T31538] usb 10-1: Using ep0 maxpacket: 8
[ 1789.401845][T31538] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1789.405885][T31538] usb 10-1: config 0 has no interface number 0
[ 1789.408798][T31538] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1789.418036][T31538] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1789.421209][T31538] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1789.508890][T31538] usb 10-1: config 0 descriptor??
[ 1789.670849][T29552] block nbd4: Receive control failed (result -32)
[ 1789.676528][T32608] block nbd4: shutting down sockets
[ 1789.709294][T31538] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1789.766103][T32610] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7341'.
[ 1790.071025][   T54] usb 10-1: USB disconnect, device number 4
[ 1790.130163][T25196] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1790.300751][T25196] usb 9-1: Using ep0 maxpacket: 8
[ 1790.341170][T25196] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1790.346170][T25196] usb 9-1: config 0 has no interface number 0
[ 1790.348314][T25196] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1790.351981][T25196] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1790.355000][T25196] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1790.386177][T25196] usb 9-1: config 0 descriptor??
[ 1790.448750][T25196] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1790.588812][T32618] block nbd0: shutting down sockets
[ 1790.707487][T32614] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7343'.
[ 1791.102866][T32630] overlayfs: workdir and upperdir must reside under the same mount
[ 1791.195931][T32634] serio: Serial port ptm0
[ 1791.230116][T31538] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[ 1791.295410][T29552] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[ 1791.330065][ T6024] usb 50-1: device descriptor read/8, error -110
[ 1791.389817][T31538] usb 10-1: Using ep0 maxpacket: 8
[ 1791.392993][T31538] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1791.395822][T31538] usb 10-1: config 0 has no interface number 0
[ 1791.397932][T31538] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1791.401816][T31538] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1791.404842][T31538] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1791.408824][T31538] usb 10-1: config 0 descriptor??
[ 1791.624563][T32628] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7347'.
[ 1791.721250][ T6024] usb usb50-port1: attempt power cycle
[ 1791.972492][T25196] usb 9-1: USB disconnect, device number 7
[ 1791.972537][T32628] iowarrior 9-1:0.1: Error -19 while submitting URB
[ 1791.977652][T31538] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1
[ 1791.984227][T32642] iowarrior 9-1:0.1: Error -19 while submitting URB
[ 1791.995322][   T54] usb 10-1: USB disconnect, device number 5
[ 1792.280726][ T6024] usb usb50-port1: unable to enumerate USB device
[ 1792.359900][T32640] block nbd0: shutting down sockets
[ 1792.382861][T32646] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[ 1792.385515][T32646] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1792.389661][T32646] vhci_hcd vhci_hcd.0: Device attached
[ 1792.406183][T32646] random: crng reseeded on system resumption
[ 1792.612062][T32650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7353'.
[ 1792.750882][ T6024] usb 50-1: SetAddress Request (6) to port 0
[ 1792.752954][ T6024] usb 50-1: new SuperSpeed USB device number 6 using vhci_hcd
[ 1792.762946][T32657] FAULT_INJECTION: forcing a failure.
[ 1792.762946][T32657] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1792.769648][T32657] CPU: 0 UID: 0 PID: 32657 Comm: syz.0.7363 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1792.769690][T32657] Tainted: [L]=SOFTLOCKUP
[ 1792.769712][T32657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1792.769733][T32657] Call Trace:
[ 1792.769741][T32657]  <TASK>
[ 1792.769748][T32657]  dump_stack_lvl+0x16c/0x1f0
[ 1792.769805][T32657]  should_fail_ex+0x512/0x640
[ 1792.769829][T32657]  should_fail_alloc_page+0xe7/0x130
[ 1792.769861][T32657]  prepare_alloc_pages+0x401/0x670
[ 1792.769892][T32657]  ? rcu_is_watching+0x12/0xc0
[ 1792.769919][T32657]  __alloc_frozen_pages_noprof+0x18b/0x2430
[ 1792.769956][T32657]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1792.769979][T32657]  ? update_se+0x43f/0x6f0
[ 1792.770013][T32657]  ? __lock_acquire+0x436/0x2890
[ 1792.770032][T32657]  ? __lock_acquire+0x436/0x2890
[ 1792.770049][T32657]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1792.770082][T32657]  ? policy_nodemask+0xea/0x4e0
[ 1792.770112][T32657]  alloc_pages_mpol+0x1fb/0x550
[ 1792.770138][T32657]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1792.770172][T32657]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1792.770193][T32657]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1792.770211][T32657]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1792.770239][T32657]  do_anonymous_page+0xc81/0x2190
[ 1792.770268][T32657]  __handle_mm_fault+0x1ecf/0x2bb0
[ 1792.770296][T32657]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1792.770334][T32657]  ? __pte_offset_map_lock+0x174/0x310
[ 1792.770362][T32657]  ? find_held_lock+0x2b/0x80
[ 1792.770392][T32657]  ? follow_page_pte+0x5cf/0x1390
[ 1792.770425][T32657]  handle_mm_fault+0x3fe/0xad0
[ 1792.770449][T32657]  __get_user_pages+0x54e/0x3590
[ 1792.770482][T32657]  ? down_read_killable+0x313/0x4c0
[ 1792.770504][T32657]  ? __pfx___get_user_pages+0x10/0x10
[ 1792.770530][T32657]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 1792.770555][T32657]  ? get_user_pages_unlocked+0x26a/0x780
[ 1792.770587][T32657]  get_user_pages_unlocked+0x1ca/0x780
[ 1792.770617][T32657]  ? __pfx_get_user_pages_unlocked+0x10/0x10
[ 1792.770644][T32657]  ? get_user_pages_fast_only+0xae/0xf0
[ 1792.770670][T32657]  ? __pfx_get_user_pages_fast_only+0x10/0x10
[ 1792.770698][T32657]  ? __pfx___might_resched+0x10/0x10
[ 1792.770728][T32657]  hva_to_pfn+0x886/0xe60
[ 1792.770752][T32657]  ? __pfx_hva_to_pfn+0x10/0x10
[ 1792.770773][T32657]  ? __lock_acquire+0x436/0x2890
[ 1792.770803][T32657]  kvm_follow_pfn+0x2d4/0x430
[ 1792.770824][T32657]  __kvm_faultin_pfn+0x11c/0x1a0
[ 1792.770843][T32657]  ? __pfx___kvm_faultin_pfn+0x10/0x10
[ 1792.770863][T32657]  ? __pfx_xa_load+0x10/0x10
[ 1792.770882][T32657]  ? kvm_tdp_mmu_map+0x98a/0x20c0
[ 1792.770913][T32657]  kvm_mmu_faultin_pfn+0x54a/0x2060
[ 1792.770943][T32657]  ? __pfx_fast_page_fault+0x10/0x10
[ 1792.770966][T32657]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[ 1792.770992][T32657]  ? __kvm_mmu_topup_memory_cache+0x332/0x600
[ 1792.771021][T32657]  ? find_held_lock+0x2b/0x80
[ 1792.771051][T32657]  kvm_tdp_page_fault+0x186/0x3f0
[ 1792.771079][T32657]  kvm_mmu_do_page_fault+0x588/0x6c0
[ 1792.771101][T32657]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[ 1792.771130][T32657]  ? find_held_lock+0x2b/0x80
[ 1792.771158][T32657]  kvm_mmu_page_fault+0x225/0x1c60
[ 1792.771181][T32657]  ? __schedule+0x114c/0x6150
[ 1792.771204][T32657]  ? is_bpf_text_address+0x94/0x1a0
[ 1792.771236][T32657]  ? __pfx_kvm_mmu_page_fault+0x10/0x10
[ 1792.771259][T32657]  ? __lock_acquire+0x436/0x2890
[ 1792.771278][T32657]  ? __vmx_complete_interrupts+0x238/0x4e0
[ 1792.771302][T32657]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1792.771337][T32657]  handle_ept_violation+0x2df/0x710
[ 1792.771361][T32657]  ? __pfx_handle_ept_violation+0x10/0x10
[ 1792.771384][T32657]  vmx_handle_exit+0x129b/0x1a00
[ 1792.771413][T32657]  vcpu_run+0x3468/0x5a80
[ 1792.771436][T32657]  ? vmx_vcpu_load_vmcs+0x222/0x770
[ 1792.771469][T32657]  ? __pfx_vcpu_run+0x10/0x10
[ 1792.771506][T32657]  ? kvm_arch_vcpu_ioctl_run+0xfd3/0x1860
[ 1792.771528][T32657]  kvm_arch_vcpu_ioctl_run+0xfd3/0x1860
[ 1792.771558][T32657]  kvm_vcpu_ioctl+0x76d/0x16d0
[ 1792.771590][T32657]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1792.771618][T32657]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1792.771642][T32657]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1792.771673][T32657]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1792.771702][T32657]  ? do_vfs_ioctl+0x128/0x14f0
[ 1792.771725][T32657]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1792.771760][T32657]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[ 1792.771789][T32657]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1792.771817][T32657]  ? __fget_files+0x20e/0x3c0
[ 1792.771841][T32657]  ? __fput_deferred+0x430/0x480
[ 1792.771864][T32657]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1792.771894][T32657]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1792.771921][T32657]  __do_fast_syscall_32+0xe8/0x680
[ 1792.771953][T32657]  do_fast_syscall_32+0x32/0x80
[ 1792.771970][T32657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1792.771993][T32657] RIP: 0023:0xf7f75579
[ 1792.772007][T32657] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1792.772026][T32657] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1792.772045][T32657] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000000000ae80
[ 1792.772057][T32657] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1792.772075][T32657] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1792.772086][T32657] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1792.772096][T32657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1792.772123][T32657]  </TASK>
[ 1793.002261][T32647] vhci_hcd: connection reset by peer
[ 1793.004647][   T12] vhci_hcd vhci_hcd.6: stop threads
[ 1793.006507][   T12] vhci_hcd vhci_hcd.6: release socket
[ 1793.008491][   T12] vhci_hcd vhci_hcd.6: disconnect device
[ 1793.063160][T32653] block nbd5: shutting down sockets
[ 1793.220407][T25196] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1793.409859][T25196] usb 9-1: Using ep0 maxpacket: 8
[ 1793.416021][T25196] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[ 1793.419430][T25196] usb 9-1: config 0 has no interface number 0
[ 1793.423755][T25196] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1793.428286][T25196] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1793.432302][T25196] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1793.436109][T32673] overlayfs: failed to resolve './bus': -2
[ 1793.439566][T25196] usb 9-1: config 0 descriptor??
[ 1793.456239][T25196] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1793.673454][T32662] netlink: 60 bytes leftover after parsing attributes in process `syz.4.7356'.
[ 1794.523141][T21476] block nbd5: Receive control failed (result -32)
[ 1794.528711][T32679] block nbd5: shutting down sockets
[ 1794.792031][T25196] usb 9-1: USB disconnect, device number 8
[ 1794.919856][T32235] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1794.945888][T32690] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7365'.
[ 1794.972716][T32690] netlink: 'syz.6.7365': attribute type 1 has an invalid length.
[ 1795.038838][T32690] gretap1: entered promiscuous mode
[ 1795.070031][T32434] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1795.089848][T32235] usb 10-1: Using ep0 maxpacket: 8
[ 1795.093543][T32690] netlink: 32 bytes leftover after parsing attributes in process `syz.6.7365'.
[ 1795.093808][T32235] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1795.100128][T32235] usb 10-1: config 0 has no interface number 0
[ 1795.100471][T32690] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7365'.
[ 1795.102786][T32235] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1795.110474][T32235] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1795.114384][T32235] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1795.119951][T32235] usb 10-1: config 0 descriptor??
[ 1795.127904][T32235] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1795.229846][T32434] usb 5-1: Using ep0 maxpacket: 8
[ 1795.233792][T32434] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1795.237307][T32434] usb 5-1: config 0 has no interface number 0
[ 1795.240312][T32434] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1795.245064][T32434] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1795.249020][T32434] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1795.255259][T32434] usb 5-1: config 0 descriptor??
[ 1795.262283][T32434] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1
[ 1795.332087][T32684] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7362'.
[ 1795.470026][T32686] netlink: 60 bytes leftover after parsing attributes in process `syz.0.7364'.
[ 1795.795096][T32713] overlayfs: workdir and upperdir must reside under the same mount
[ 1796.137118][T32717] cgroup: No subsys list or none specified
[ 1796.372048][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[ 1796.376840][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[ 1796.384110][   T54] usb 10-1: USB disconnect, device number 6
[ 1796.384463][ T6005] usb 5-1: USB disconnect, device number 100
[ 1796.920280][   T40] kauditd_printk_skb: 22 callbacks suppressed
[ 1796.920292][   T40] audit: type=1326 audit(1766903922.909:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32728 comm="syz.5.7374" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x0
[ 1797.004977][T32731] Set syz1 is full, maxelem 1023 reached
[ 1797.156976][T32735] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[ 1797.159217][T32735] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1797.162201][T32735] vhci_hcd vhci_hcd.0: Device attached
[ 1797.165975][T32735] netlink: 9 bytes leftover after parsing attributes in process `syz.5.7374'.
[ 1797.169024][T32735] 0·: renamed from hsr_slave_1 (while UP)
[ 1797.175249][T32735] 0·: entered allmulticast mode
[ 1797.177952][T32735] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[ 1797.427372][T32746] overlayfs: workdir and upperdir must reside under the same mount
[ 1797.430950][T31201] usb 48-1: SetAddress Request (6) to port 0
[ 1797.433148][T31201] usb 48-1: new SuperSpeed USB device number 6 using vhci_hcd
[ 1797.609043][T32751] cgroup: No subsys list or none specified
[ 1797.752236][T32738] vhci_hcd: connection reset by peer
[ 1797.764422][ T4024] vhci_hcd vhci_hcd.5: stop threads
[ 1797.766889][ T4024] vhci_hcd vhci_hcd.5: release socket
[ 1797.777391][ T4024] vhci_hcd vhci_hcd.5: disconnect device
[ 1797.809901][ T6024] usb 50-1: device descriptor read/8, error -110
[ 1798.069962][ T6005] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[ 1798.204559][ T6024] usb usb50-port1: attempt power cycle
[ 1798.220437][ T6005] usb 11-1: Using ep0 maxpacket: 8
[ 1798.230042][ T6005] usb 11-1: config 0 has an invalid interface number: 1 but max is 0
[ 1798.233023][ T6005] usb 11-1: config 0 has no interface number 0
[ 1798.235398][ T6005] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1798.239804][ T6005] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1798.242918][ T6005] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1798.265811][ T6005] usb 11-1: config 0 descriptor??
[ 1798.329103][ T6005] iowarrior 11-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1798.527877][T32756] netlink: 60 bytes leftover after parsing attributes in process `syz.6.7382'.
[ 1798.829216][ T6024] usb usb50-port1: unable to enumerate USB device
[ 1799.654585][   T54] usb 11-1: USB disconnect, device number 4
[ 1800.331922][T21476] block nbd0: Receive control failed (result -32)
[ 1800.332321][  T317] block nbd0: shutting down sockets
[ 1800.407022][  T325] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[ 1800.418574][  T325] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1800.432603][  T330] sp0: Synchronizing with TNC
[ 1800.680041][T23979] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[ 1800.775455][  T337] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7396'.
[ 1800.778492][  T337] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7396'.
[ 1800.841556][T21476] Bluetooth: hci3: unknown advertising packet type: 0x87
[ 1800.841576][T21476] Bluetooth: hci3: Dropping invalid advertising data
[ 1800.846128][T21476] Bluetooth: hci3: Malformed LE Event: 0x02
[ 1800.849265][T23979] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1800.851563][  T329] [U] è
[ 1800.853916][T23979] usb 5-1: unable to read config index 0 descriptor/start: -71
[ 1800.856428][T23979] usb 5-1: can't read configurations, error -71
[ 1801.277836][  T327] block nbd6: shutting down sockets
[ 1801.632156][  T364] random: crng reseeded on system resumption
[ 1802.539475][T31201] usb 48-1: device descriptor read/8, error -110
[ 1802.776210][T21476] block nbd6: Receive control failed (result -32)
[ 1802.776602][  T377] block nbd6: shutting down sockets
[ 1802.886774][  T388] FAULT_INJECTION: forcing a failure.
[ 1802.886774][  T388] name failslab, interval 1, probability 0, space 0, times 0
[ 1802.919499][  T388] CPU: 2 UID: 0 PID: 388 Comm: syz.5.7406 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1802.919521][  T388] Tainted: [L]=SOFTLOCKUP
[ 1802.919525][  T388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1802.919533][  T388] Call Trace:
[ 1802.919537][  T388]  <TASK>
[ 1802.919543][  T388]  dump_stack_lvl+0x16c/0x1f0
[ 1802.919566][  T388]  should_fail_ex+0x512/0x640
[ 1802.919579][  T388]  ? fs_reclaim_acquire+0xae/0x150
[ 1802.919600][  T388]  should_failslab+0xc2/0x120
[ 1802.919618][  T388]  __kmalloc_noprof+0xeb/0x910
[ 1802.919631][  T388]  ? tomoyo_encode2+0x100/0x3e0
[ 1802.919650][  T388]  ? tomoyo_encode2+0x100/0x3e0
[ 1802.919665][  T388]  tomoyo_encode2+0x100/0x3e0
[ 1802.919699][  T388]  tomoyo_encode+0x29/0x50
[ 1802.919715][  T388]  tomoyo_realpath_from_path+0x18f/0x6e0
[ 1802.919736][  T388]  tomoyo_path_number_perm+0x245/0x580
[ 1802.919749][  T388]  ? tomoyo_path_number_perm+0x237/0x580
[ 1802.919764][  T388]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1802.919792][  T388]  ? find_held_lock+0x2b/0x80
[ 1802.919807][  T388]  ? hook_file_ioctl_common+0x144/0x410
[ 1802.919825][  T388]  ? __fget_files+0x20e/0x3c0
[ 1802.919841][  T388]  ? __fput_deferred+0x430/0x480
[ 1802.919855][  T388]  security_file_ioctl_compat+0x9b/0x240
[ 1802.919871][  T388]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1802.919888][  T388]  __do_fast_syscall_32+0xe8/0x680
[ 1802.919909][  T388]  do_fast_syscall_32+0x32/0x80
[ 1802.919919][  T388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1802.919935][  T388] RIP: 0023:0xf700d579
[ 1802.919944][  T388] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1802.919956][  T388] RSP: 002b:00000000f53dc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1802.919968][  T388] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000040047454
[ 1802.919976][  T388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1802.919983][  T388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1802.919989][  T388] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1802.919996][  T388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1802.920011][  T388]  </TASK>
[ 1803.000808][  T388] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1803.019646][  T390] block nbd6: shutting down sockets
[ 1803.050263][T31201] usb usb48-port1: attempt power cycle
[ 1803.139173][  T398] random: crng reseeded on system resumption
[ 1803.375780][  T406] Bluetooth: MGMT ver 1.23
[ 1803.580621][  T414] qnx6: unable to read the first superblock
[ 1803.980385][T31201] usb usb48-port1: unable to enumerate USB device
[ 1803.985553][T31201] IPVS: starting estimator thread 0...
[ 1804.159926][  T422] IPVS: using max 45 ests per chain, 108000 per kthread
[ 1804.249576][  T427] overlayfs: missing 'lowerdir'
[ 1804.520102][  T443] random: crng reseeded on system resumption
[ 1804.683546][  T450] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1804.685744][  T450] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1804.688426][  T450] vhci_hcd vhci_hcd.0: Device attached
[ 1804.901797][  T430] block nbd5: shutting down sockets
[ 1804.990289][ T6024] usb 37-1: new low-speed USB device number 71 using vhci_hcd
[ 1805.467082][  T452] vhci_hcd: connection reset by peer
[ 1805.503266][T31733] vhci_hcd vhci_hcd.0: stop threads
[ 1805.505254][T31733] vhci_hcd vhci_hcd.0: release socket
[ 1805.507201][T31733] vhci_hcd vhci_hcd.0: disconnect device
[ 1805.835858][  T455] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1806.064923][  T476] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[ 1806.067125][  T476] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1806.072379][  T476] vhci_hcd vhci_hcd.0: Device attached
[ 1806.296386][  T483] overlayfs: missing 'lowerdir'
[ 1806.329507][T23979] usb 45-1: new low-speed USB device number 2 using vhci_hcd
[ 1806.807750][  T479] vhci_hcd: connection reset by peer
[ 1806.814114][T28578] vhci_hcd vhci_hcd.4: stop threads
[ 1806.817000][T28578] vhci_hcd vhci_hcd.4: release socket
[ 1806.821033][T28578] vhci_hcd vhci_hcd.4: disconnect device
[ 1807.373454][  T503] bridge0: port 3(erspan0) entered blocking state
[ 1807.376511][  T503] bridge0: port 3(erspan0) entered disabled state
[ 1807.383316][  T503] erspan0: entered allmulticast mode
[ 1807.390853][  T503] erspan0: entered promiscuous mode
[ 1807.440644][  T506] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[ 1807.442992][  T506] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1807.446391][  T506] vhci_hcd vhci_hcd.0: Device attached
[ 1807.467570][  T506] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1807.715984][T21476] block nbd5: Receive control failed (result -32)
[ 1807.726204][  T498] block nbd5: shutting down sockets
[ 1808.306974][  T507] vhci_hcd: connection closed
[ 1808.323120][T31733] vhci_hcd vhci_hcd.4: stop threads
[ 1808.328711][T31733] vhci_hcd vhci_hcd.4: release socket
[ 1808.351668][T31733] vhci_hcd vhci_hcd.4: disconnect device
[ 1808.931307][  T526] FAULT_INJECTION: forcing a failure.
[ 1808.931307][  T526] name failslab, interval 1, probability 0, space 0, times 0
[ 1808.936803][  T526] CPU: 1 UID: 0 PID: 526 Comm: syz.5.7436 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1808.936833][  T526] Tainted: [L]=SOFTLOCKUP
[ 1808.936839][  T526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1808.936850][  T526] Call Trace:
[ 1808.936858][  T526]  <TASK>
[ 1808.936867][  T526]  dump_stack_lvl+0x16c/0x1f0
[ 1808.936898][  T526]  should_fail_ex+0x512/0x640
[ 1808.936917][  T526]  ? kmem_cache_alloc_noprof+0x62/0x770
[ 1808.936941][  T526]  should_failslab+0xc2/0x120
[ 1808.936967][  T526]  kmem_cache_alloc_noprof+0x83/0x770
[ 1808.936988][  T526]  ? posix_lock_inode+0x1b7/0x2260
[ 1808.937017][  T526]  ? posix_lock_inode+0x1b7/0x2260
[ 1808.937039][  T526]  posix_lock_inode+0x1b7/0x2260
[ 1808.937071][  T526]  ? __pfx_posix_lock_inode+0x10/0x10
[ 1808.937101][  T526]  vfs_lock_file+0xfb/0x150
[ 1808.937126][  T526]  fcntl_setlk+0x3ff/0xdf0
[ 1808.937153][  T526]  ? __pfx_fcntl_setlk+0x10/0x10
[ 1808.937179][  T526]  ? __might_fault+0xe3/0x190
[ 1808.937198][  T526]  ? __might_fault+0xe3/0x190
[ 1808.937215][  T526]  ? __might_fault+0x13b/0x190
[ 1808.937242][  T526]  do_compat_fcntl64+0x209/0x710
[ 1808.937262][  T526]  ? __pfx_do_compat_fcntl64+0x10/0x10
[ 1808.937284][  T526]  ? fput+0x70/0xf0
[ 1808.937300][  T526]  ? ksys_write+0x1ac/0x250
[ 1808.937325][  T526]  ? do_user_addr_fault+0x843/0x1370
[ 1808.937350][  T526]  __do_fast_syscall_32+0xe8/0x680
[ 1808.937379][  T526]  do_fast_syscall_32+0x32/0x80
[ 1808.937394][  T526]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1808.937415][  T526] RIP: 0023:0xf700d579
[ 1808.937429][  T526] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1808.937445][  T526] RSP: 002b:00000000f53dc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000037
[ 1808.937462][  T526] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000026
[ 1808.937472][  T526] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1808.937483][  T526] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1808.937493][  T526] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1808.937502][  T526] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1808.937525][  T526]  </TASK>
[ 1809.129736][  T537] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7439'.
[ 1809.140725][  T537] : entered promiscuous mode
[ 1809.603051][  T550] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1809.631269][  T547] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(9)
[ 1809.633501][  T547] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1809.662751][  T547] vhci_hcd vhci_hcd.0: Device attached
[ 1809.663173][  T551] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1809.930348][T23718] usb 49-1: new low-speed USB device number 2 using vhci_hcd
[ 1810.183387][  T548] vhci_hcd: connection reset by peer
[ 1810.186113][T28578] vhci_hcd vhci_hcd.6: stop threads
[ 1810.187977][T28578] vhci_hcd vhci_hcd.6: release socket
[ 1810.193127][T28578] vhci_hcd vhci_hcd.6: disconnect device
[ 1810.460680][ T6024] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1811.170736][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.176662][  T566] FAULT_INJECTION: forcing a failure.
[ 1811.176662][  T566] name failslab, interval 1, probability 0, space 0, times 0
[ 1811.185438][  T566] CPU: 0 UID: 0 PID: 566 Comm: syz.4.7446 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1811.185471][  T566] Tainted: [L]=SOFTLOCKUP
[ 1811.185476][  T566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1811.185483][  T566] Call Trace:
[ 1811.185488][  T566]  <TASK>
[ 1811.185493][  T566]  dump_stack_lvl+0x16c/0x1f0
[ 1811.185515][  T566]  should_fail_ex+0x512/0x640
[ 1811.185528][  T566]  ? fs_reclaim_acquire+0xae/0x150
[ 1811.185548][  T566]  should_failslab+0xc2/0x120
[ 1811.185567][  T566]  __kmalloc_noprof+0xeb/0x910
[ 1811.185580][  T566]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1811.185600][  T566]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1811.185659][  T566]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1811.185677][  T566]  ? tomoyo_profile+0x47/0x60
[ 1811.185696][  T566]  tomoyo_path_number_perm+0x245/0x580
[ 1811.185709][  T566]  ? tomoyo_path_number_perm+0x237/0x580
[ 1811.185724][  T566]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1811.185752][  T566]  ? find_held_lock+0x2b/0x80
[ 1811.185768][  T566]  ? hook_file_ioctl_common+0x144/0x410
[ 1811.185785][  T566]  ? __fget_files+0x20e/0x3c0
[ 1811.185801][  T566]  ? __fput_deferred+0x430/0x480
[ 1811.185816][  T566]  security_file_ioctl_compat+0x9b/0x240
[ 1811.185832][  T566]  __ia32_compat_sys_ioctl+0xc3/0x370
[ 1811.185849][  T566]  __do_fast_syscall_32+0xe8/0x680
[ 1811.185870][  T566]  do_fast_syscall_32+0x32/0x80
[ 1811.185881][  T566]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1811.185896][  T566] RIP: 0023:0xf6ffd579
[ 1811.185906][  T566] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1811.185917][  T566] RSP: 002b:00000000f53cc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1811.185935][  T566] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000000000541c
[ 1811.185942][  T566] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1811.185949][  T566] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1811.185956][  T566] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1811.185962][  T566] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1811.185976][  T566]  </TASK>
[ 1811.185982][  T566] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1811.261044][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.289796][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.340710][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.443194][  T569] overlayfs: workdir and upperdir must reside under the same mount
[ 1811.490056][T23979] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1811.490382][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.496004][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.570421][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.573921][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1811.650299][    C1] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512
[ 1812.312633][  T587] bridge0: port 4(erspan0) entered blocking state
[ 1812.315552][  T587] bridge0: port 4(erspan0) entered disabled state
[ 1812.318482][  T587] erspan0: entered allmulticast mode
[ 1812.324265][  T587] erspan0: entered promiscuous mode
[ 1812.328531][  T587] bridge0: port 4(erspan0) entered blocking state
[ 1812.331664][  T587] bridge0: port 4(erspan0) entered forwarding state
[ 1812.452456][  T593] netlink: 'syz.5.7453': attribute type 10 has an invalid length.
[ 1812.455129][  T593] netem: change failed
[ 1812.622025][  T595] FAULT_INJECTION: forcing a failure.
[ 1812.622025][  T595] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1812.627526][  T595] CPU: 3 UID: 0 PID: 595 Comm: syz.5.7454 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1812.627553][  T595] Tainted: [L]=SOFTLOCKUP
[ 1812.627559][  T595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1812.627566][  T595] Call Trace:
[ 1812.627572][  T595]  <TASK>
[ 1812.627579][  T595]  dump_stack_lvl+0x16c/0x1f0
[ 1812.627609][  T595]  should_fail_ex+0x512/0x640
[ 1812.627632][  T595]  _copy_from_user+0x2e/0xd0
[ 1812.627649][  T595]  get_compat_msghdr+0xa7/0x170
[ 1812.627669][  T595]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1812.627704][  T595]  ___sys_sendmsg+0x1ae/0x1d0
[ 1812.627727][  T595]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1812.627753][  T595]  ? find_held_lock+0x2b/0x80
[ 1812.627789][  T595]  __sys_sendmsg+0x16d/0x220
[ 1812.627810][  T595]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1812.627840][  T595]  ? do_user_addr_fault+0x843/0x1370
[ 1812.627860][  T595]  __do_fast_syscall_32+0xe8/0x680
[ 1812.627889][  T595]  do_fast_syscall_32+0x32/0x80
[ 1812.627904][  T595]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1812.627924][  T595] RIP: 0023:0xf700d579
[ 1812.627937][  T595] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1812.627952][  T595] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1812.627969][  T595] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[ 1812.627980][  T595] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1812.627990][  T595] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1812.628000][  T595] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1812.628009][  T595] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1812.628030][  T595]  </TASK>
[ 1813.197003][  T599] overlayfs: workdir and upperdir must reside under the same mount
[ 1813.420098][  T609] qnx6: unable to read the first superblock
[ 1813.914409][  T614] overlayfs: workdir and upperdir must reside under the same mount
[ 1814.085471][  T624] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.7461'.
[ 1814.215974][  T633] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[ 1814.218513][  T633] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1814.230423][  T633] vhci_hcd vhci_hcd.0: Device attached
[ 1814.240674][  T633] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[ 1814.489844][T23979] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[ 1815.075388][  T635] vhci_hcd: connection reset by peer
[ 1815.089961][T23718] vhci_hcd vhci_hcd.6: vhci_device speed not set
[ 1815.131237][T20107] vhci_hcd vhci_hcd.5: stop threads
[ 1815.133229][T20107] vhci_hcd vhci_hcd.5: release socket
[ 1815.149854][T20107] vhci_hcd vhci_hcd.5: disconnect device
[ 1815.631283][  T653] overlayfs: workdir and upperdir must reside under the same mount
[ 1816.151448][  T670] FAULT_INJECTION: forcing a failure.
[ 1816.151448][  T670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1816.156360][  T670] CPU: 3 UID: 0 PID: 670 Comm: syz.5.7474 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1816.156380][  T670] Tainted: [L]=SOFTLOCKUP
[ 1816.156384][  T670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1816.156391][  T670] Call Trace:
[ 1816.156396][  T670]  <TASK>
[ 1816.156401][  T670]  dump_stack_lvl+0x16c/0x1f0
[ 1816.156422][  T670]  should_fail_ex+0x512/0x640
[ 1816.156438][  T670]  _copy_from_iter+0x2a4/0x16c0
[ 1816.156454][  T670]  ? __pfx__copy_from_iter+0x10/0x10
[ 1816.156469][  T670]  ? __pfx___might_resched+0x10/0x10
[ 1816.156488][  T670]  file_tty_write.constprop.0+0x487/0x9b0
[ 1816.156509][  T670]  vfs_write+0x7d3/0x11d0
[ 1816.156527][  T670]  ? __pfx_tty_write+0x10/0x10
[ 1816.156543][  T670]  ? __pfx_vfs_write+0x10/0x10
[ 1816.156557][  T670]  ? find_held_lock+0x2b/0x80
[ 1816.156580][  T670]  ksys_write+0x12a/0x250
[ 1816.156602][  T670]  ? __pfx_ksys_write+0x10/0x10
[ 1816.156621][  T670]  __do_fast_syscall_32+0xe8/0x680
[ 1816.156641][  T670]  do_fast_syscall_32+0x32/0x80
[ 1816.156652][  T670]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1816.156665][  T670] RIP: 0023:0xf700d579
[ 1816.156675][  T670] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1816.156686][  T670] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1816.156697][  T670] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080002300
[ 1816.156704][  T670] RDX: 0000000000001006 RSI: 0000000000000000 RDI: 0000000000000000
[ 1816.156711][  T670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1816.156717][  T670] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1816.156724][  T670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1816.156737][  T670]  </TASK>
[ 1816.706328][  T660] block nbd4: shutting down sockets
[ 1816.801513][  T676] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[ 1816.804089][  T676] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1816.827068][  T676] vhci_hcd vhci_hcd.0: Device attached
[ 1816.959183][  T676] random: crng reseeded on system resumption
[ 1817.052485][   T90] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1817.055394][   T90] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1817.099841][T23718] usb 50-1: SetAddress Request (10) to port 0
[ 1817.102122][T23718] usb 50-1: new SuperSpeed USB device number 10 using vhci_hcd
[ 1817.894388][  T695] overlayfs: workdir and upperdir must reside under the same mount
[ 1818.523909][  T707] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9)
[ 1818.526105][  T707] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1818.528945][  T707] vhci_hcd vhci_hcd.0: Device attached
[ 1818.595332][  T710] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1818.597613][  T710] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1818.604254][  T710] vhci_hcd vhci_hcd.0: Device attached
[ 1818.759918][   T54] usb 37-1: new low-speed USB device number 72 using vhci_hcd
[ 1818.862746][  T676] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1818.879764][  T677] vhci_hcd: connection reset by peer
[ 1818.882616][T20107] vhci_hcd vhci_hcd.6: stop threads
[ 1818.885576][T20107] vhci_hcd vhci_hcd.6: release socket
[ 1818.889313][T20107] vhci_hcd vhci_hcd.6: disconnect device
[ 1818.931846][T29552] Bluetooth: hci3: command 0x0406 tx timeout
[ 1818.937324][ T6005] usb 46-1: SetAddress Request (6) to port 0
[ 1818.941098][ T6005] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[ 1819.301603][   T40] audit: type=1326 audit(1766903945.289:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=713 comm="syz.5.7483" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x0
[ 1819.319176][  T708] vhci_hcd: connection reset by peer
[ 1819.324453][T20107] vhci_hcd vhci_hcd.0: stop threads
[ 1819.326254][T20107] vhci_hcd vhci_hcd.0: release socket
[ 1819.328789][T20107] vhci_hcd vhci_hcd.0: disconnect device
[ 1819.960009][T23979] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1820.081847][  T719] block nbd0: shutting down sockets
[ 1822.263283][  T710] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1822.273930][  T711] vhci_hcd: connection reset by peer
[ 1822.283768][T28578] vhci_hcd vhci_hcd.4: stop threads
[ 1822.291936][T28578] vhci_hcd vhci_hcd.4: release socket
[ 1822.299860][T28578] vhci_hcd vhci_hcd.4: disconnect device
[ 1822.404234][  T750] overlayfs: workdir and upperdir must reside under the same mount
[ 1822.519809][  T756] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1822.522434][  T756] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1822.690949][T23718] usb 50-1: device descriptor read/8, error -110
[ 1823.138353][T23718] usb usb50-port1: attempt power cycle
[ 1823.360736][  T756] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1823.363383][  T756] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1823.707677][T23718] usb usb50-port1: unable to enumerate USB device
[ 1823.722270][  T759] block nbd5: shutting down sockets
[ 1823.861777][  T767] openvswitch: netlink: ct_state flags 010000e0 unsupported
[ 1823.866812][  T767] netlink: 'syz.4.7498': attribute type 1 has an invalid length.
[ 1823.890362][   T54] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1823.903801][  T767] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1823.983195][ T6005] usb 46-1: device descriptor read/8, error -110
[ 1824.212948][  T780] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7496'.
[ 1824.413983][  T767] bond1: (slave veth3): Enslaving as an active interface with a down link
[ 1824.421625][  T781] bond1: (slave veth0_to_bond): making interface the new active one
[ 1824.425076][  T781] veth0_to_bond: entered promiscuous mode
[ 1824.427176][  T781] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link
[ 1824.449828][ T6005] usb usb46-port1: attempt power cycle
[ 1824.731909][  T784] cgroup: No subsys list or none specified
[ 1824.778206][  T767] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1824.781107][  T767] IPv6: NLM_F_CREATE should be set when creating new route
[ 1824.942566][  T767] vlan2: entered allmulticast mode
[ 1824.944316][  T767] veth0_to_bond: entered allmulticast mode
[ 1824.947009][  T767] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[ 1825.070344][ T6005] usb usb46-port1: unable to enumerate USB device
[ 1825.080172][  T794] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1825.082419][  T794] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1825.085214][  T794] vhci_hcd vhci_hcd.0: Device attached
[ 1825.120377][  T794] random: crng reseeded on system resumption
[ 1825.310796][  T797] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[ 1825.313026][  T797] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1825.315964][  T797] vhci_hcd vhci_hcd.0: Device attached
[ 1825.362977][ T6005] usb 38-1: SetAddress Request (19) to port 0
[ 1825.365701][ T6005] usb 38-1: new SuperSpeed USB device number 19 using vhci_hcd
[ 1825.590048][ T6024] usb 48-1: SetAddress Request (10) to port 0
[ 1825.592405][ T6024] usb 48-1: new SuperSpeed USB device number 10 using vhci_hcd
[ 1825.893220][  T803] block nbd4: shutting down sockets
[ 1826.899818][  T794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1826.903847][  T795] vhci_hcd: connection reset by peer
[ 1826.906601][ T1141] vhci_hcd vhci_hcd.0: stop threads
[ 1826.908902][ T1141] vhci_hcd vhci_hcd.0: release socket
[ 1826.911518][ T1141] vhci_hcd vhci_hcd.0: disconnect device
[ 1827.097880][  T797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1827.117842][  T798] vhci_hcd: connection reset by peer
[ 1827.122666][ T1141] vhci_hcd vhci_hcd.5: stop threads
[ 1827.125057][ T1141] vhci_hcd vhci_hcd.5: release socket
[ 1827.139793][ T1141] vhci_hcd vhci_hcd.5: disconnect device
[ 1827.621015][  T822] cgroup: No subsys list or none specified
[ 1829.104483][  T841] openvswitch: netlink: ct_state flags 010000e0 unsupported
[ 1829.108282][  T841] netlink: 'syz.6.7512': attribute type 1 has an invalid length.
[ 1829.127127][  T841] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1829.199319][  T841] bond1: (slave veth3): Enslaving as an active interface with a down link
[ 1829.245256][  T841] bond1: (slave veth0_to_bond): Enslaving as an active interface with a down link
[ 1829.270227][  T841] vlan2: entered allmulticast mode
[ 1829.273248][  T841] veth0_to_bond: entered allmulticast mode
[ 1829.280556][  T841] veth0_to_bond: entered promiscuous mode
[ 1829.283705][  T841] veth0_to_bond: left promiscuous mode
[ 1829.288151][  T841] veth0_to_bond: entered promiscuous mode
[ 1829.298410][  T841] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[ 1829.332795][  T841] veth0_to_bond: left promiscuous mode
[ 1829.335992][  T845] block nbd5: shutting down sockets
[ 1830.265254][  T864] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[ 1830.267516][  T864] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1830.290072][  T864] vhci_hcd vhci_hcd.0: Device attached
[ 1830.315059][  T864] random: crng reseeded on system resumption
[ 1830.357091][  T868] FAULT_INJECTION: forcing a failure.
[ 1830.357091][  T868] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1830.365407][  T868] CPU: 2 UID: 0 PID: 868 Comm: syz.5.7518 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1830.365465][  T868] Tainted: [L]=SOFTLOCKUP
[ 1830.365472][  T868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1830.365483][  T868] Call Trace:
[ 1830.365490][  T868]  <TASK>
[ 1830.365498][  T868]  dump_stack_lvl+0x16c/0x1f0
[ 1830.365530][  T868]  should_fail_ex+0x512/0x640
[ 1830.365555][  T868]  _copy_from_user+0x2e/0xd0
[ 1830.365576][  T868]  vmci_host_unlocked_ioctl+0x16ad/0x2040
[ 1830.365598][  T868]  ? finish_task_switch.isra.0+0x202/0xbd0
[ 1830.365624][  T868]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1830.365650][  T868]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1830.365679][  T868]  ? do_vfs_ioctl+0x128/0x14f0
[ 1830.365702][  T868]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1830.365730][  T868]  ? find_held_lock+0x2b/0x80
[ 1830.365752][  T868]  ? hook_file_ioctl_common+0x144/0x410
[ 1830.365779][  T868]  ? __fget_files+0x20e/0x3c0
[ 1830.365803][  T868]  ? __fput_deferred+0x430/0x480
[ 1830.365824][  T868]  ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10
[ 1830.365844][  T868]  compat_ptr_ioctl+0x6e/0xa0
[ 1830.365865][  T868]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[ 1830.365885][  T868]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1830.365910][  T868]  __do_fast_syscall_32+0xe8/0x680
[ 1830.365941][  T868]  do_fast_syscall_32+0x32/0x80
[ 1830.365958][  T868]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1830.365981][  T868] RIP: 0023:0xf700d579
[ 1830.365996][  T868] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1830.366014][  T868] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1830.366033][  T868] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000007a9
[ 1830.366044][  T868] RDX: 00000000800003c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1830.366056][  T868] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1830.366067][  T868] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1830.366078][  T868] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1830.366102][  T868]  </TASK>
[ 1830.475269][ T6005] usb 38-1: device descriptor read/8, error -110
[ 1830.599798][ T6027] usb 50-1: SetAddress Request (14) to port 0
[ 1830.602457][ T6027] usb 50-1: new SuperSpeed USB device number 14 using vhci_hcd
[ 1830.704986][ T6024] usb 48-1: device descriptor read/8, error -110
[ 1830.898650][ T6005] usb usb38-port1: attempt power cycle
[ 1831.106897][ T6024] usb usb48-port1: attempt power cycle
[ 1831.500341][ T6005] usb usb38-port1: unable to enumerate USB device
[ 1831.802597][  T864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1831.814739][  T865] vhci_hcd: connection reset by peer
[ 1831.817720][   T12] vhci_hcd vhci_hcd.6: stop threads
[ 1831.818442][  T883] block nbd5: shutting down sockets
[ 1831.819515][   T12] vhci_hcd vhci_hcd.6: release socket
[ 1831.829494][   T12] vhci_hcd vhci_hcd.6: disconnect device
[ 1832.076770][ T6024] usb usb48-port1: unable to enumerate USB device
[ 1832.523989][  T897] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1832.524006][  T897] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1832.524057][  T897] vhci_hcd vhci_hcd.0: Device attached
[ 1832.548696][  T897] random: crng reseeded on system resumption
[ 1832.652649][  T903] openvswitch: netlink: ct_state flags 010000e0 unsupported
[ 1832.655926][  T903] netlink: 'syz.5.7526': attribute type 1 has an invalid length.
[ 1832.674766][  T903] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1832.707189][  T903] bond2: (slave veth3): Enslaving as an active interface with a down link
[ 1832.751550][  T903] bond2: (slave veth0_to_bond): making interface the new active one
[ 1832.755103][  T903] veth0_to_bond: entered promiscuous mode
[ 1832.757454][  T903] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link
[ 1832.778209][  T903] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1832.780679][  T903] IPv6: NLM_F_CREATE should be set when creating new route
[ 1832.804143][  T903] vlan2: entered allmulticast mode
[ 1832.806514][  T903] veth0_to_bond: entered allmulticast mode
[ 1832.811162][  T903] bond2: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[ 1832.819916][T32328] usb 38-1: SetAddress Request (23) to port 0
[ 1832.822138][T32328] usb 38-1: new SuperSpeed USB device number 23 using vhci_hcd
[ 1833.019062][  T911] overlayfs: workdir and upperdir must reside under the same mount
[ 1833.648066][  T920] cgroup: No subsys list or none specified
[ 1833.650471][  T897] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1833.655185][  T898] vhci_hcd: connection reset by peer
[ 1833.658445][   T12] vhci_hcd vhci_hcd.0: stop threads
[ 1833.660386][   T12] vhci_hcd vhci_hcd.0: release socket
[ 1833.662281][   T12] vhci_hcd vhci_hcd.0: disconnect device
[ 1833.792638][  T926] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[ 1833.798314][  T926] bridge0: port 4(erspan0) entered disabled state
[ 1833.801443][  T926] bridge0: port 3(team0) entered disabled state
[ 1833.803843][  T926] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1833.807195][  T926] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1833.902695][  T933] netlink: 107460 bytes leftover after parsing attributes in process `syz.4.7537'.
[ 1834.703359][  T938] afs: Unknown parameter 'floobj_ñ˜'
[ 1834.716640][  T938] FAULT_INJECTION: forcing a failure.
[ 1834.716640][  T938] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1834.722698][  T938] CPU: 0 UID: 0 PID: 938 Comm: syz.0.7538 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1834.722732][  T938] Tainted: [L]=SOFTLOCKUP
[ 1834.722738][  T938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1834.722749][  T938] Call Trace:
[ 1834.722755][  T938]  <TASK>
[ 1834.722761][  T938]  dump_stack_lvl+0x16c/0x1f0
[ 1834.722790][  T938]  should_fail_ex+0x512/0x640
[ 1834.722812][  T938]  _copy_from_user+0x2e/0xd0
[ 1834.722831][  T938]  video_usercopy+0x723/0x13e0
[ 1834.722857][  T938]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1834.722881][  T938]  ? __pfx_video_usercopy+0x10/0x10
[ 1834.722912][  T938]  ? hook_file_ioctl_common+0x144/0x410
[ 1834.722936][  T938]  v4l2_ioctl+0x1bd/0x250
[ 1834.722956][  T938]  ? __fput_deferred+0x431/0x480
[ 1834.722976][  T938]  v4l2_compat_ioctl32+0x217/0x2e0
[ 1834.722997][  T938]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[ 1834.723017][  T938]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1834.723041][  T938]  __do_fast_syscall_32+0xe8/0x680
[ 1834.723068][  T938]  do_fast_syscall_32+0x32/0x80
[ 1834.723083][  T938]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1834.723103][  T938] RIP: 0023:0xf7f75579
[ 1834.723116][  T938] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1834.723133][  T938] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1834.723150][  T938] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c008561c
[ 1834.723160][  T938] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[ 1834.723170][  T938] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1834.723180][  T938] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1834.723189][  T938] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1834.723210][  T938]  </TASK>
[ 1835.040538][  T942] FAULT_INJECTION: forcing a failure.
[ 1835.040538][  T942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1835.044871][  T942] CPU: 1 UID: 0 PID: 942 Comm: syz.6.7541 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1835.044889][  T942] Tainted: [L]=SOFTLOCKUP
[ 1835.044893][  T942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1835.044901][  T942] Call Trace:
[ 1835.044905][  T942]  <TASK>
[ 1835.044910][  T942]  dump_stack_lvl+0x16c/0x1f0
[ 1835.044933][  T942]  should_fail_ex+0x512/0x640
[ 1835.044948][  T942]  _copy_from_user+0x2e/0xd0
[ 1835.044961][  T942]  io_msg_copy_hdr.isra.0+0x56e/0x910
[ 1835.044980][  T942]  ? __pfx_io_msg_copy_hdr.isra.0+0x10/0x10
[ 1835.045004][  T942]  io_sendmsg_setup+0xfa/0x300
[ 1835.045020][  T942]  ? __pfx_io_sendmsg_setup+0x10/0x10
[ 1835.045038][  T942]  ? __asan_memset+0x23/0x50
[ 1835.045054][  T942]  ? io_cache_alloc_new+0xb8/0xf0
[ 1835.045073][  T942]  io_sendmsg_prep+0x430/0x520
[ 1835.045090][  T942]  io_submit_sqes+0xa14/0x28e0
[ 1835.045112][  T942]  __do_sys_io_uring_enter+0xd6b/0x1630
[ 1835.045129][  T942]  ? __fget_files+0x20e/0x3c0
[ 1835.045146][  T942]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1835.045162][  T942]  ? fput+0x70/0xf0
[ 1835.045173][  T942]  ? ksys_write+0x1ac/0x250
[ 1835.045189][  T942]  ? __pfx_ksys_write+0x10/0x10
[ 1835.045205][  T942]  ? do_user_addr_fault+0x843/0x1370
[ 1835.045222][  T942]  __do_fast_syscall_32+0xe8/0x680
[ 1835.045242][  T942]  do_fast_syscall_32+0x32/0x80
[ 1835.045262][  T942]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1835.045276][  T942] RIP: 0023:0xf709d579
[ 1835.045286][  T942] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1835.045297][  T942] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[ 1835.045309][  T942] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000000047bc
[ 1835.045316][  T942] RDX: 0000000000000000 RSI: 0000000000000021 RDI: 0000000000000000
[ 1835.045322][  T942] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1835.045329][  T942] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1835.045336][  T942] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1835.045351][  T942]  </TASK>
[ 1835.162787][  T940] overlayfs: workdir and upperdir must reside under the same mount
[ 1835.170850][  T946] tunl0: entered promiscuous mode
[ 1835.173075][  T946] netlink: 'syz.0.7540': attribute type 4 has an invalid length.
[ 1835.175693][  T946] netlink: 9 bytes leftover after parsing attributes in process `syz.0.7540'.
[ 1835.651835][ T6027] usb 50-1: device descriptor read/8, error -110
[ 1835.781758][  T967] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7545'.
[ 1835.840452][T26353] veth0_to_bond: left promiscuous mode
[ 1835.979807][T29552] Bluetooth: hci4: command 0x1003 tx timeout
[ 1835.979864][T21476] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1836.049989][ T6027] usb usb50-port1: attempt power cycle
[ 1836.075288][  T975] FAULT_INJECTION: forcing a failure.
[ 1836.075288][  T975] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1836.079779][  T975] CPU: 3 UID: 0 PID: 975 Comm: syz.6.7547 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1836.079799][  T975] Tainted: [L]=SOFTLOCKUP
[ 1836.079803][  T975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1836.079812][  T975] Call Trace:
[ 1836.079815][  T975]  <TASK>
[ 1836.079820][  T975]  dump_stack_lvl+0x16c/0x1f0
[ 1836.079840][  T975]  should_fail_ex+0x512/0x640
[ 1836.079855][  T975]  _copy_from_iter+0x2a4/0x16c0
[ 1836.079870][  T975]  ? __alloc_skb+0x220/0x410
[ 1836.079882][  T975]  ? __alloc_skb+0x35d/0x410
[ 1836.079893][  T975]  ? __pfx__copy_from_iter+0x10/0x10
[ 1836.079906][  T975]  ? netlink_autobind.isra.0+0x158/0x370
[ 1836.079927][  T975]  netlink_sendmsg+0x820/0xdd0
[ 1836.079946][  T975]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1836.079963][  T975]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1836.079984][  T975]  sock_write_iter+0x566/0x610
[ 1836.080002][  T975]  ? __pfx_sock_write_iter+0x10/0x10
[ 1836.080024][  T975]  ? __lock_acquire+0x436/0x2890
[ 1836.080038][  T975]  do_iter_readv_writev+0x662/0x9e0
[ 1836.080055][  T975]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1836.080069][  T975]  ? common_file_perm+0x1b1/0x500
[ 1836.080084][  T975]  ? bpf_lsm_file_permission+0x9/0x10
[ 1836.080097][  T975]  ? security_file_permission+0x71/0x210
[ 1836.080112][  T975]  ? rw_verify_area+0xcf/0x6c0
[ 1836.080127][  T975]  vfs_writev+0x35f/0xde0
[ 1836.080144][  T975]  ? __pfx_vfs_writev+0x10/0x10
[ 1836.080159][  T975]  ? find_held_lock+0x2b/0x80
[ 1836.080181][  T975]  ? __fget_files+0x20e/0x3c0
[ 1836.080197][  T975]  ? __fget_files+0x190/0x3c0
[ 1836.080214][  T975]  ? do_writev+0x28c/0x340
[ 1836.080228][  T975]  do_writev+0x28c/0x340
[ 1836.080243][  T975]  ? __pfx_do_writev+0x10/0x10
[ 1836.080258][  T975]  ? do_user_addr_fault+0x843/0x1370
[ 1836.080274][  T975]  __do_fast_syscall_32+0xe8/0x680
[ 1836.080293][  T975]  do_fast_syscall_32+0x32/0x80
[ 1836.080304][  T975]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1836.080318][  T975] RIP: 0023:0xf709d579
[ 1836.080327][  T975] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1836.080338][  T975] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000092
[ 1836.080349][  T975] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1836.080356][  T975] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 1836.080363][  T975] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1836.080369][  T975] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1836.080375][  T975] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1836.080389][  T975]  </TASK>
[ 1836.610961][ T6027] usb usb50-port1: unable to enumerate USB device
[ 1836.618556][  T982] fuse: Unknown parameter ''
[ 1837.887228][ T1009] dlm: no local IP address has been set
[ 1837.890656][T32328] usb 38-1: device descriptor read/8, error -110
[ 1837.895115][ T1009] dlm: cannot start dlm midcomms -107
[ 1838.000619][ T1005] block nbd0: shutting down sockets
[ 1838.062126][ T1010] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1838.064263][ T1010] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1838.067052][ T1010] vhci_hcd vhci_hcd.0: Device attached
[ 1838.237053][ T1010] random: crng reseeded on system resumption
[ 1838.300294][T32328] usb usb38-port1: attempt power cycle
[ 1838.360195][ T6005] usb 46-1: SetAddress Request (10) to port 0
[ 1838.362559][ T6005] usb 46-1: new SuperSpeed USB device number 10 using vhci_hcd
[ 1839.020175][   T40] audit: type=1326 audit(1766903964.989:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1013 comm="syz.0.7556" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f75579 code=0x0
[ 1839.060960][ T1024] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7558'.
[ 1839.139766][ T1028] input: syz1 as /devices/virtual/input/input270
[ 1839.540535][T32328] usb usb38-port1: unable to enumerate USB device
[ 1840.859622][ T1032] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1840.869807][ T1011] vhci_hcd: connection reset by peer
[ 1840.875177][T27352] vhci_hcd vhci_hcd.4: stop threads
[ 1840.877064][T27352] vhci_hcd vhci_hcd.4: release socket
[ 1840.879144][T27352] vhci_hcd vhci_hcd.4: disconnect device
[ 1841.301828][ T1066] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[ 1841.304086][ T1066] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1841.314600][ T1066] vhci_hcd vhci_hcd.0: Device attached
[ 1841.432859][ T1066] random: crng reseeded on system resumption
[ 1842.047286][ T1082] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1842.248318][ T1072] cgroup: No subsys list or none specified
[ 1843.037026][ T1066] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1843.045498][ T1067] vhci_hcd: connection closed
[ 1843.045841][T26353] vhci_hcd vhci_hcd.4: stop threads
[ 1843.055057][T26353] vhci_hcd vhci_hcd.4: release socket
[ 1843.057947][T26353] vhci_hcd vhci_hcd.4: disconnect device
[ 1843.202447][ T1095] block nbd6: shutting down sockets
[ 1843.409855][ T6005] usb 46-1: device descriptor read/8, error -110
[ 1843.821360][ T6005] usb usb46-port1: attempt power cycle
[ 1844.114477][ T1105] FAULT_INJECTION: forcing a failure.
[ 1844.114477][ T1105] name failslab, interval 1, probability 0, space 0, times 0
[ 1844.118677][ T1105] CPU: 3 UID: 0 PID: 1105 Comm: syz.5.7578 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1844.118697][ T1105] Tainted: [L]=SOFTLOCKUP
[ 1844.118700][ T1105] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1844.118707][ T1105] Call Trace:
[ 1844.118712][ T1105]  <TASK>
[ 1844.118717][ T1105]  dump_stack_lvl+0x16c/0x1f0
[ 1844.118738][ T1105]  should_fail_ex+0x512/0x640
[ 1844.118751][ T1105]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1844.118766][ T1105]  should_failslab+0xc2/0x120
[ 1844.118783][ T1105]  __kmalloc_cache_noprof+0x80/0x800
[ 1844.118795][ T1105]  ? do_vfs_ioctl+0x128/0x14f0
[ 1844.118808][ T1105]  ? snd_ctl_ioctl_compat+0x922/0xc70
[ 1844.118828][ T1105]  ? snd_ctl_ioctl_compat+0x922/0xc70
[ 1844.118843][ T1105]  snd_ctl_ioctl_compat+0x922/0xc70
[ 1844.118860][ T1105]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[ 1844.118876][ T1105]  ? find_held_lock+0x2b/0x80
[ 1844.118895][ T1105]  ? __fget_files+0x20e/0x3c0
[ 1844.118910][ T1105]  ? __fput_deferred+0x430/0x480
[ 1844.118924][ T1105]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[ 1844.118940][ T1105]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1844.118956][ T1105]  __do_fast_syscall_32+0xe8/0x680
[ 1844.118976][ T1105]  do_fast_syscall_32+0x32/0x80
[ 1844.118986][ T1105]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1844.119000][ T1105] RIP: 0023:0xf700d579
[ 1844.119010][ T1105] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1844.119021][ T1105] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1844.119032][ T1105] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c2c45512
[ 1844.119040][ T1105] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[ 1844.119046][ T1105] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1844.119053][ T1105] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1844.119059][ T1105] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1844.119073][ T1105]  </TASK>
[ 1844.400440][ T6005] usb usb46-port1: unable to enumerate USB device
[ 1844.613162][ T1118] cgroup: No subsys list or none specified
[ 1845.232620][T27352] veth0_to_bond: left promiscuous mode
[ 1845.260100][ T6027] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1845.429906][ T6027] usb 10-1: Using ep0 maxpacket: 16
[ 1845.664257][   T40] audit: type=1326 audit(1766903971.649:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1124 comm="syz.4.7584" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf6ffd579 code=0x0
[ 1845.685665][ T6027] usb 10-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1845.689107][ T6027] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1845.704653][ T6027] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1845.708250][ T6027] usb 10-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1845.713662][ T6027] usb 10-1: config 7 interface 0 has no altsetting 0
[ 1845.716351][ T6027] usb 10-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[ 1845.719655][ T6027] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1846.187442][ T6027] input: HID 0458:5010 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:7.0/0003:0458:5010.001F/input/input271
[ 1846.256255][ T1153] netlink: set zone limit has 4 unknown bytes
[ 1846.270995][ T6027] kye 0003:0458:5010.001F: input,hiddev0,hidraw1: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.5-1/input0
[ 1846.384809][T32436] usb 10-1: USB disconnect, device number 7
[ 1846.612568][ T1155] fido_id[1155]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb10/report_descriptor': No such file or directory
[ 1846.613041][ T1162] netlink: set zone limit has 4 unknown bytes
[ 1846.713620][ T1165] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[ 1846.716052][ T1165] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1846.728053][ T1165] vhci_hcd vhci_hcd.0: Device attached
[ 1846.750133][ T1165] random: crng reseeded on system resumption
[ 1846.854437][ T1170] cgroup: No subsys list or none specified
[ 1847.010278][ T6005] usb 50-1: SetAddress Request (18) to port 0
[ 1847.013090][ T6005] usb 50-1: new SuperSpeed USB device number 18 using vhci_hcd
[ 1847.158943][ T1177] could not open pipe file descriptor
[ 1848.176580][ T1165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1848.226698][ T1166] vhci_hcd: connection reset by peer
[ 1848.239645][T27352] vhci_hcd vhci_hcd.6: stop threads
[ 1848.242330][T27352] vhci_hcd vhci_hcd.6: release socket
[ 1848.250016][T27352] vhci_hcd vhci_hcd.6: disconnect device
[ 1848.699094][T29552] Bluetooth: hci2: command tx timeout
[ 1848.758692][ T1200] cgroup: No subsys list or none specified
[ 1849.369632][T21476] block nbd5: Receive control failed (result -32)
[ 1849.372565][ T1196] block nbd5: shutting down sockets
[ 1849.518827][T29552] block nbd0: Receive control failed (result -32)
[ 1849.523617][ T1201] block nbd0: shutting down sockets
[ 1850.010217][ T1220] mkiss: ax0: crc mode is auto.
[ 1850.451491][ T1223] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7609'.
[ 1850.770266][ T1223] loop6: detected capacity change from 0 to 524287999
[ 1850.772885][ T1223] buffer_io_error: 43 callbacks suppressed
[ 1850.772894][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.777491][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.780890][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.783565][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.786246][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.788880][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.791581][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.794272][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.796859][ T1223] ldm_validate_partition_table(): Disk read failed.
[ 1850.799073][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.801789][ T1223] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1850.804422][ T1223] Dev loop6: unable to read RDB block 0
[ 1850.806430][ T1223]  loop6: unable to read partition table
[ 1850.808502][ T1223] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[ 1850.958601][ T5348] ldm_validate_partition_table(): Disk read failed.
[ 1850.961220][ T5348] Dev loop6: unable to read RDB block 0
[ 1850.963354][ T5348]  loop6: unable to read partition table
[ 1852.024283][ T1238] FAULT_INJECTION: forcing a failure.
[ 1852.024283][ T1238] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1852.028587][ T1238] CPU: 1 UID: 0 PID: 1238 Comm: syz.5.7613 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1852.028606][ T1238] Tainted: [L]=SOFTLOCKUP
[ 1852.028610][ T1238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1852.028617][ T1238] Call Trace:
[ 1852.028621][ T1238]  <TASK>
[ 1852.028626][ T1238]  dump_stack_lvl+0x16c/0x1f0
[ 1852.028647][ T1238]  should_fail_ex+0x512/0x640
[ 1852.028662][ T1238]  _copy_from_user+0x2e/0xd0
[ 1852.028676][ T1238]  kvm_arch_vm_compat_ioctl+0x10f/0x470
[ 1852.028694][ T1238]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[ 1852.028720][ T1238]  ? kasan_quarantine_put+0x10a/0x240
[ 1852.028735][ T1238]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1852.028765][ T1238]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1852.028783][ T1238]  ? do_vfs_ioctl+0x128/0x14f0
[ 1852.028797][ T1238]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1852.028811][ T1238]  kvm_vm_compat_ioctl+0x172/0x3f0
[ 1852.028826][ T1238]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[ 1852.028841][ T1238]  ? find_held_lock+0x2b/0x80
[ 1852.028855][ T1238]  ? hook_file_ioctl_common+0x144/0x410
[ 1852.028872][ T1238]  ? __fget_files+0x20e/0x3c0
[ 1852.028887][ T1238]  ? __fput_deferred+0x430/0x480
[ 1852.028900][ T1238]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[ 1852.028915][ T1238]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1852.028930][ T1238]  __do_fast_syscall_32+0xe8/0x680
[ 1852.028950][ T1238]  do_fast_syscall_32+0x32/0x80
[ 1852.028960][ T1238]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1852.028974][ T1238] RIP: 0023:0xf700d579
[ 1852.028983][ T1238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1852.028994][ T1238] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1852.029005][ T1238] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004104aec6
[ 1852.029012][ T1238] RDX: 00000000800039c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1852.029018][ T1238] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1852.029024][ T1238] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1852.029031][ T1238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1852.029044][ T1238]  </TASK>
[ 1852.080692][ T6005] usb 50-1: device descriptor read/8, error -110
[ 1852.133272][ T1236] cgroup: No subsys list or none specified
[ 1852.509170][ T6005] usb usb50-port1: attempt power cycle
[ 1853.061049][T29552] block nbd5: Receive control failed (result -32)
[ 1853.064180][ T1243] block nbd5: shutting down sockets
[ 1853.080521][ T6005] usb usb50-port1: unable to enumerate USB device
[ 1853.940501][ T1266] netlink: 107460 bytes leftover after parsing attributes in process `syz.0.7620'.
[ 1853.965168][ T1268] netlink: 176 bytes leftover after parsing attributes in process `syz.4.7616'.
[ 1855.175935][ T1278] cgroup: No subsys list or none specified
[ 1855.183201][ T1276] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[ 1855.185376][ T1276] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1855.212446][ T1276] vhci_hcd vhci_hcd.0: Device attached
[ 1855.239663][ T1276] random: crng reseeded on system resumption
[ 1855.520065][T32328] usb 48-1: SetAddress Request (14) to port 0
[ 1855.523745][T32328] usb 48-1: new SuperSpeed USB device number 14 using vhci_hcd
[ 1856.049877][T21476] Bluetooth: hci4: command 0x1003 tx timeout
[ 1856.050349][T29552] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1856.109858][T23755] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1856.279909][T23755] usb 9-1: Using ep0 maxpacket: 32
[ 1856.282866][T23755] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1856.286405][T23755] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1856.292281][T23755] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1856.295814][T23755] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1856.298688][T23755] usb 9-1: Product: syz
[ 1856.307286][T23755] usb 9-1: Manufacturer: syz
[ 1856.309015][T23755] usb 9-1: SerialNumber: syz
[ 1856.375681][ T1276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1856.388839][ T1277] vhci_hcd: connection reset by peer
[ 1856.399954][  T638] vhci_hcd vhci_hcd.5: stop threads
[ 1856.401814][  T638] vhci_hcd vhci_hcd.5: release socket
[ 1856.403756][  T638] vhci_hcd vhci_hcd.5: disconnect device
[ 1856.521291][ T1284] FAULT_INJECTION: forcing a failure.
[ 1856.521291][ T1284] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1856.525539][ T1284] CPU: 0 UID: 0 PID: 1284 Comm: syz.4.7624 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1856.525557][ T1284] Tainted: [L]=SOFTLOCKUP
[ 1856.525582][ T1284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1856.525590][ T1284] Call Trace:
[ 1856.525595][ T1284]  <TASK>
[ 1856.525599][ T1284]  dump_stack_lvl+0x16c/0x1f0
[ 1856.525639][ T1284]  should_fail_ex+0x512/0x640
[ 1856.525656][ T1284]  _copy_to_user+0x32/0xd0
[ 1856.525670][ T1284]  simple_read_from_buffer+0xcb/0x170
[ 1856.525687][ T1284]  proc_fail_nth_read+0x197/0x240
[ 1856.525707][ T1284]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1856.525726][ T1284]  ? rw_verify_area+0xcf/0x6c0
[ 1856.525740][ T1284]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1856.525758][ T1284]  vfs_read+0x1e4/0xcf0
[ 1856.525774][ T1284]  ? __pfx___mutex_lock+0x10/0x10
[ 1856.525792][ T1284]  ? __pfx_vfs_read+0x10/0x10
[ 1856.525806][ T1284]  ? find_held_lock+0x2b/0x80
[ 1856.525824][ T1284]  ? __fget_files+0x20e/0x3c0
[ 1856.525844][ T1284]  ksys_read+0x12a/0x250
[ 1856.525859][ T1284]  ? __pfx_ksys_read+0x10/0x10
[ 1856.525878][ T1284]  __do_fast_syscall_32+0xe8/0x680
[ 1856.525897][ T1284]  do_fast_syscall_32+0x32/0x80
[ 1856.525907][ T1284]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1856.525922][ T1284] RIP: 0023:0xf6ffd579
[ 1856.525932][ T1284] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1856.525943][ T1284] RSP: 002b:00000000f53ed590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1856.525954][ T1284] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f53ed620
[ 1856.525961][ T1284] RDX: 000000000000000f RSI: 00000000f7396ff4 RDI: 0000000000000000
[ 1856.525967][ T1284] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1856.525974][ T1284] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[ 1856.525980][ T1284] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1856.525994][ T1284]  </TASK>
[ 1856.614991][T23755] usb 9-1: 0:2 : does not exist
[ 1856.627866][T23755] usb 9-1: USB disconnect, device number 9
[ 1856.643600][T31311] udevd[31311]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1856.710116][ T1292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7629'.
[ 1856.715651][ T1292] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7629'.
[ 1856.725423][ T1292] xt_SECMARK: invalid mode: 0
[ 1856.759838][ T6027] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1856.790698][T31985] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[ 1856.920149][ T6027] usb 10-1: Using ep0 maxpacket: 8
[ 1856.926156][ T6027] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[ 1856.930090][ T6027] usb 10-1: config 0 has no interface number 0
[ 1856.933345][ T6027] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1856.940299][ T6027] usb 10-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1856.953505][ T6027] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1856.960024][T31985] usb 11-1: Using ep0 maxpacket: 32
[ 1856.981753][T31985] usb 11-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1856.986476][T31985] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1857.016646][ T6027] usb 10-1: config 0 descriptor??
[ 1857.020074][T31985] usb 11-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1857.024008][T31985] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1857.028040][T31985] usb 11-1: Product: syz
[ 1857.035208][T31985] usb 11-1: Manufacturer: syz
[ 1857.037404][T31985] usb 11-1: SerialNumber: syz
[ 1857.145252][ T6027] iowarrior 10-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1857.318665][ T1288] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7626'.
[ 1857.388192][T31985] usb 11-1: 0:2 : does not exist
[ 1857.522291][T31985] usb 11-1: USB disconnect, device number 5
[ 1857.551165][T31403] udevd[31403]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb11/11-1/11-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1857.558225][ T6005] usb 10-1: USB disconnect, device number 8
[ 1857.600601][ T1297] block nbd4: shutting down sockets
[ 1857.762966][ T1315] FAULT_INJECTION: forcing a failure.
[ 1857.762966][ T1315] name failslab, interval 1, probability 0, space 0, times 0
[ 1857.768745][ T1315] CPU: 2 UID: 0 PID: 1315 Comm: syz.4.7632 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1857.768790][ T1315] Tainted: [L]=SOFTLOCKUP
[ 1857.768811][ T1315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1857.768824][ T1315] Call Trace:
[ 1857.768831][ T1315]  <TASK>
[ 1857.768840][ T1315]  dump_stack_lvl+0x16c/0x1f0
[ 1857.768872][ T1315]  should_fail_ex+0x512/0x640
[ 1857.768893][ T1315]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1857.768917][ T1315]  should_failslab+0xc2/0x120
[ 1857.768946][ T1315]  __kmalloc_cache_noprof+0x80/0x800
[ 1857.768967][ T1315]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1857.768993][ T1315]  ? snd_ctl_elem_add_compat+0x51/0x3f0
[ 1857.769024][ T1315]  ? snd_ctl_elem_add_compat+0x51/0x3f0
[ 1857.769050][ T1315]  snd_ctl_elem_add_compat+0x51/0x3f0
[ 1857.769079][ T1315]  snd_ctl_ioctl_compat+0x6ca/0xc70
[ 1857.769108][ T1315]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[ 1857.769146][ T1315]  ? find_held_lock+0x2b/0x80
[ 1857.769173][ T1315]  ? hook_file_ioctl_common+0x144/0x410
[ 1857.769293][ T1315]  ? __fget_files+0x20e/0x3c0
[ 1857.769332][ T1315]  ? __fput_deferred+0x430/0x480
[ 1857.769358][ T1315]  ? __pfx_snd_ctl_ioctl_compat+0x10/0x10
[ 1857.769388][ T1315]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1857.769428][ T1315]  __do_fast_syscall_32+0xe8/0x680
[ 1857.769462][ T1315]  do_fast_syscall_32+0x32/0x80
[ 1857.769481][ T1315]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1857.769506][ T1315] RIP: 0023:0xf6ffd579
[ 1857.769522][ T1315] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1857.769541][ T1315] RSP: 002b:00000000f53ab55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1857.769561][ T1315] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c1105518
[ 1857.769574][ T1315] RDX: 0000000080000c40 RSI: 0000000000000000 RDI: 0000000000000000
[ 1857.769586][ T1315] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1857.769599][ T1315] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1857.769612][ T1315] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1857.769636][ T1315]  </TASK>
[ 1857.867825][ T1416] ieee802154 phy0 wpan0: encryption failed: -22
[ 1857.870975][ T1416] ieee802154 phy1 wpan1: encryption failed: -22
[ 1858.020698][ T1317] Bluetooth: MGMT ver 1.23
[ 1858.022276][ T1317] FAULT_INJECTION: forcing a failure.
[ 1858.022276][ T1317] name failslab, interval 1, probability 0, space 0, times 0
[ 1858.026979][ T1317] CPU: 1 UID: 0 PID: 1317 Comm: syz.6.7633 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1858.027003][ T1317] Tainted: [L]=SOFTLOCKUP
[ 1858.027009][ T1317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1858.027018][ T1317] Call Trace:
[ 1858.027026][ T1317]  <TASK>
[ 1858.027033][ T1317]  dump_stack_lvl+0x16c/0x1f0
[ 1858.027060][ T1317]  should_fail_ex+0x512/0x640
[ 1858.027078][ T1317]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1858.027096][ T1317]  ? __pfx_disconnect_sync+0x10/0x10
[ 1858.027117][ T1317]  should_failslab+0xc2/0x120
[ 1858.027139][ T1317]  ? __pfx_disconnect_sync+0x10/0x10
[ 1858.027158][ T1317]  __kmalloc_cache_noprof+0x80/0x800
[ 1858.027175][ T1317]  ? trace_kmalloc+0x2b/0xb0
[ 1858.027195][ T1317]  ? hci_cmd_sync_submit+0xbc/0x330
[ 1858.027218][ T1317]  ? mgmt_pending_new+0xcc/0x240
[ 1858.027243][ T1317]  ? __pfx_disconnect_complete+0x10/0x10
[ 1858.027265][ T1317]  ? __pfx_disconnect_sync+0x10/0x10
[ 1858.027285][ T1317]  ? hci_cmd_sync_submit+0xbc/0x330
[ 1858.027307][ T1317]  hci_cmd_sync_submit+0xbc/0x330
[ 1858.027330][ T1317]  ? __pfx_disconnect_sync+0x10/0x10
[ 1858.027350][ T1317]  ? __pfx_disconnect_complete+0x10/0x10
[ 1858.027371][ T1317]  hci_cmd_sync_queue+0x79/0xa0
[ 1858.027394][ T1317]  disconnect+0x1d6/0x3d0
[ 1858.027416][ T1317]  ? __pfx_disconnect+0x10/0x10
[ 1858.027436][ T1317]  ? lockdep_init_map_type+0x5c/0x270
[ 1858.027452][ T1317]  ? do_init_timer+0xc9/0x110
[ 1858.027475][ T1317]  ? __pfx_mgmt_init_hdev+0x10/0x10
[ 1858.027498][ T1317]  hci_sock_sendmsg+0x1556/0x26b0
[ 1858.027523][ T1317]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[ 1858.027545][ T1317]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1858.027573][ T1317]  sock_write_iter+0x566/0x610
[ 1858.027598][ T1317]  ? __pfx_sock_write_iter+0x10/0x10
[ 1858.027628][ T1317]  ? bpf_lsm_file_permission+0x9/0x10
[ 1858.027646][ T1317]  ? security_file_permission+0x71/0x210
[ 1858.027666][ T1317]  ? rw_verify_area+0xcf/0x6c0
[ 1858.027687][ T1317]  vfs_write+0x7d3/0x11d0
[ 1858.027708][ T1317]  ? __pfx_sock_write_iter+0x10/0x10
[ 1858.027733][ T1317]  ? __pfx_vfs_write+0x10/0x10
[ 1858.027752][ T1317]  ? find_held_lock+0x2b/0x80
[ 1858.027784][ T1317]  ksys_write+0x1f8/0x250
[ 1858.027805][ T1317]  ? __pfx_ksys_write+0x10/0x10
[ 1858.027826][ T1317]  ? do_user_addr_fault+0x843/0x1370
[ 1858.027849][ T1317]  __do_fast_syscall_32+0xe8/0x680
[ 1858.027875][ T1317]  do_fast_syscall_32+0x32/0x80
[ 1858.027889][ T1317]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1858.027908][ T1317] RIP: 0023:0xf709d579
[ 1858.027920][ T1317] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1858.027936][ T1317] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1858.027950][ T1317] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[ 1858.027960][ T1317] RDX: 000000000000000d RSI: 0000000000000000 RDI: 0000000000000000
[ 1858.027968][ T1317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1858.027977][ T1317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1858.027986][ T1317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1858.028006][ T1317]  </TASK>
[ 1858.416313][ T1327] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[ 1858.418798][ T1327] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1858.422244][ T1327] vhci_hcd vhci_hcd.0: Device attached
[ 1858.462560][ T1327] random: crng reseeded on system resumption
[ 1858.522399][ T1333] FAULT_INJECTION: forcing a failure.
[ 1858.522399][ T1333] name failslab, interval 1, probability 0, space 0, times 0
[ 1858.526207][ T1333] CPU: 3 UID: 0 PID: 1333 Comm: syz.4.7639 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1858.526238][ T1333] Tainted: [L]=SOFTLOCKUP
[ 1858.526242][ T1333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1858.526249][ T1333] Call Trace:
[ 1858.526259][ T1333]  <TASK>
[ 1858.526263][ T1333]  dump_stack_lvl+0x16c/0x1f0
[ 1858.526284][ T1333]  should_fail_ex+0x512/0x640
[ 1858.526297][ T1333]  ? __kmalloc_noprof+0xca/0x910
[ 1858.526311][ T1333]  should_failslab+0xc2/0x120
[ 1858.526329][ T1333]  __kmalloc_noprof+0xeb/0x910
[ 1858.526341][ T1333]  ? iovec_from_user+0x108/0x140
[ 1858.526357][ T1333]  ? iovec_from_user+0x108/0x140
[ 1858.526369][ T1333]  iovec_from_user+0x108/0x140
[ 1858.526383][ T1333]  __import_iovec+0x88/0x650
[ 1858.526394][ T1333]  ? trace_kmalloc+0x2b/0xb0
[ 1858.526410][ T1333]  ? __kmalloc_noprof+0x35d/0x910
[ 1858.526429][ T1333]  __io_import_rw_buffer+0x4da/0x6f0
[ 1858.526449][ T1333]  ? __pfx___io_import_rw_buffer+0x10/0x10
[ 1858.526465][ T1333]  ? __pfx___io_prep_rw+0x10/0x10
[ 1858.526480][ T1333]  ? __io_alloc_req_refill+0x33a/0x5e0
[ 1858.526498][ T1333]  io_prep_rw+0x134/0x2c0
[ 1858.526510][ T1333]  ? __pfx_io_prep_rw+0x10/0x10
[ 1858.526526][ T1333]  io_prep_readv+0x20/0xa0
[ 1858.526542][ T1333]  io_submit_sqes+0xa14/0x28e0
[ 1858.526567][ T1333]  __do_sys_io_uring_enter+0xd6b/0x1630
[ 1858.526584][ T1333]  ? __fget_files+0x20e/0x3c0
[ 1858.526601][ T1333]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[ 1858.526618][ T1333]  ? fput+0x70/0xf0
[ 1858.526628][ T1333]  ? ksys_write+0x1ac/0x250
[ 1858.526644][ T1333]  ? __pfx_ksys_write+0x10/0x10
[ 1858.526663][ T1333]  ? do_user_addr_fault+0x843/0x1370
[ 1858.526687][ T1333]  __do_fast_syscall_32+0xe8/0x680
[ 1858.526715][ T1333]  do_fast_syscall_32+0x32/0x80
[ 1858.526732][ T1333]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1858.526754][ T1333] RIP: 0023:0xf6ffd579
[ 1858.526769][ T1333] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1858.526792][ T1333] RSP: 002b:00000000f53ed55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[ 1858.526809][ T1333] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000847ba
[ 1858.526820][ T1333] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000000000000
[ 1858.526831][ T1333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1858.526842][ T1333] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1858.526853][ T1333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1858.526877][ T1333]  </TASK>
[ 1858.620821][   T54] usb 10-1: new low-speed USB device number 9 using dummy_hcd
[ 1858.700069][T32434] usb 50-1: SetAddress Request (22) to port 0
[ 1858.704007][T32434] usb 50-1: new SuperSpeed USB device number 22 using vhci_hcd
[ 1858.749760][   T54] usb 10-1: device descriptor read/64, error -71
[ 1858.989820][   T54] usb 10-1: new low-speed USB device number 10 using dummy_hcd
[ 1859.130169][   T54] usb 10-1: device descriptor read/64, error -71
[ 1859.249160][   T54] usb usb10-port1: attempt power cycle
[ 1859.599834][   T54] usb 10-1: new low-speed USB device number 11 using dummy_hcd
[ 1859.630463][   T54] usb 10-1: device descriptor read/8, error -71
[ 1859.739940][ T1327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1859.765940][ T1328] vhci_hcd: connection reset by peer
[ 1859.770600][T26353] vhci_hcd vhci_hcd.6: stop threads
[ 1859.772390][T26353] vhci_hcd vhci_hcd.6: release socket
[ 1859.779789][T26353] vhci_hcd vhci_hcd.6: disconnect device
[ 1859.834697][ T1347] cgroup: No subsys list or none specified
[ 1859.879755][   T54] usb 10-1: new low-speed USB device number 12 using dummy_hcd
[ 1860.019834][   T54] usb 10-1: device descriptor read/8, error -71
[ 1860.099934][ T6028] usb 11-1: new high-speed USB device number 6 using dummy_hcd
[ 1860.249895][ T6028] usb 11-1: Using ep0 maxpacket: 8
[ 1860.262551][ T6028] usb 11-1: config 0 has an invalid interface number: 1 but max is 0
[ 1860.266118][ T6028] usb 11-1: config 0 has no interface number 0
[ 1860.268901][ T6028] usb 11-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1860.275446][ T6028] usb 11-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1860.280190][ T6028] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1860.287877][ T6028] usb 11-1: config 0 descriptor??
[ 1860.297144][ T6028] iowarrior 11-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1860.530290][   T54] usb usb10-port1: unable to enumerate USB device
[ 1860.559373][ T1351] netlink: 60 bytes leftover after parsing attributes in process `syz.6.7642'.
[ 1860.609949][T32328] usb 48-1: device descriptor read/8, error -110
[ 1860.871464][ T1361] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7644'.
[ 1861.011243][T32328] usb usb48-port1: attempt power cycle
[ 1861.439498][ T1363] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7645'.
[ 1861.445476][ T1363] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7645'.
[ 1861.454797][ T1363] xt_SECMARK: invalid mode: 0
[ 1861.600858][T32328] usb usb48-port1: unable to enumerate USB device
[ 1861.653679][ T6027] usb 11-1: USB disconnect, device number 6
[ 1862.039857][ T6027] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1862.200452][ T6027] usb 9-1: Using ep0 maxpacket: 32
[ 1862.203526][ T6027] usb 9-1: config 4 has an invalid descriptor of length 49, skipping remainder of the config
[ 1862.206949][ T6027] usb 9-1: config 4 has 0 interfaces, different from the descriptor's value: 9
[ 1862.217852][ T6027] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1862.221353][ T6027] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1862.224062][ T6027] usb 9-1: Product: syz
[ 1862.225472][ T6027] usb 9-1: Manufacturer: syz
[ 1862.227019][ T6027] usb 9-1: SerialNumber: syz
[ 1862.263123][T29552] block nbd0: Receive control failed (result -32)
[ 1862.290331][ T1366] block nbd0: shutting down sockets
[ 1862.849511][ T1372] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7647'.
[ 1863.007071][ T1385] cgroup: No subsys list or none specified
[ 1863.017974][ T1392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1863.024168][ T1392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1863.573618][ T1396] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7654'.
[ 1863.577090][ T1396] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7654'.
[ 1863.757340][ T1400] 
[ 1863.758194][ T1400] ======================================================
[ 1863.760466][ T1400] WARNING: possible circular locking dependency detected
[ 1863.762744][ T1400] syzkaller #0 Tainted: G             L     
[ 1863.765313][ T1400] ------------------------------------------------------
[ 1863.767758][ T1400] syz.5.7655/1400 is trying to acquire lock:
[ 1863.769814][ T1400] ffff88802b7497c0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12d0
[ 1863.772968][ T1400] 
[ 1863.772968][ T1400] but task is already holding lock:
[ 1863.775520][ T1400] ffff88805f9dd468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[ 1863.778284][ T1400] 
[ 1863.778284][ T1400] which lock already depends on the new lock.
[ 1863.778284][ T1400] 
[ 1863.781811][ T1400] 
[ 1863.781811][ T1400] the existing dependency chain (in reverse order) is:
[ 1863.785385][ T1400] 
[ 1863.785385][ T1400] -> #3 (&pipe->mutex){+.+.}-{4:4}:
[ 1863.787789][ T1400]        __mutex_lock+0x1aa/0x1ca0
[ 1863.789633][ T1400]        anon_pipe_write+0x15d/0x1bd0
[ 1863.791417][ T1400]        __kernel_write_iter+0x720/0xb10
[ 1863.793440][ T1400]        __kernel_write+0xf5/0x140
[ 1863.795350][ T1400]        autofs_notify_daemon+0x4db/0xd60
[ 1863.797377][ T1400]        autofs_wait+0x10f3/0x1ac0
[ 1863.799124][ T1400]        autofs_mount_wait+0x132/0x3c0
[ 1863.801025][ T1400]        autofs_d_automount+0x4b2/0x960
[ 1863.802901][ T1400]        __traverse_mounts+0x1b9/0x830
[ 1863.804976][ T1400]        step_into_slowpath+0x772/0xf50
[ 1863.807149][ T1400]        path_lookupat+0x627/0xc40
[ 1863.808921][ T1400]        filename_lookup+0x224/0x5f0
[ 1863.810920][ T1400]        kern_path+0x35/0x50
[ 1863.812412][ T1400]        lookup_bdev+0xd8/0x280
[ 1863.814015][ T1400]        resume_store+0x1d6/0x490
[ 1863.815708][ T1400]        kobj_attr_store+0x58/0x80
[ 1863.817669][ T1400]        sysfs_kf_write+0xf2/0x150
[ 1863.819354][ T1400]        kernfs_fop_write_iter+0x3af/0x570
[ 1863.821294][ T1400]        vfs_write+0x7d3/0x11d0
[ 1863.822933][ T1400]        ksys_write+0x12a/0x250
[ 1863.824506][ T1400]        __do_fast_syscall_32+0xe8/0x680
[ 1863.826369][ T1400]        do_fast_syscall_32+0x32/0x80
[ 1863.828505][ T1400]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1863.830775][ T1400] 
[ 1863.830775][ T1400] -> #2 (&sbi->pipe_mutex){+.+.}-{4:4}:
[ 1863.833207][ T1400]        __mutex_lock+0x1aa/0x1ca0
[ 1863.834840][ T1400]        autofs_notify_daemon+0x4a6/0xd60
[ 1863.836687][ T1400]        autofs_wait+0x10f3/0x1ac0
[ 1863.838425][ T1400]        autofs_mount_wait+0x132/0x3c0
[ 1863.840226][ T1400]        autofs_d_automount+0x4b2/0x960
[ 1863.842096][ T1400]        __traverse_mounts+0x1b9/0x830
[ 1863.843891][ T1400]        step_into_slowpath+0x772/0xf50
[ 1863.845989][ T1400]        path_lookupat+0x627/0xc40
[ 1863.848235][ T1400]        filename_lookup+0x224/0x5f0
[ 1863.850090][ T1400]        kern_path+0x35/0x50
[ 1863.851638][ T1400]        lookup_bdev+0xd8/0x280
[ 1863.853290][ T1400]        resume_store+0x1d6/0x490
[ 1863.854987][ T1400]        kobj_attr_store+0x58/0x80
[ 1863.856703][ T1400]        sysfs_kf_write+0xf2/0x150
[ 1863.857031][T32434] usb 50-1: device descriptor read/8, error -110
[ 1863.858431][ T1400]        kernfs_fop_write_iter+0x3af/0x570
[ 1863.862573][ T1400]        vfs_write+0x7d3/0x11d0
[ 1863.864072][ T1400]        ksys_write+0x12a/0x250
[ 1863.865822][ T1400]        __do_fast_syscall_32+0xe8/0x680
[ 1863.867694][ T1400]        do_fast_syscall_32+0x32/0x80
[ 1863.869500][ T1400]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1863.871882][ T1400] 
[ 1863.871882][ T1400] -> #1 (&of->mutex){+.+.}-{4:4}:
[ 1863.874411][ T1400]        __mutex_lock+0x1aa/0x1ca0
[ 1863.876041][ T1400]        kernfs_seq_start+0x4f/0x2a0
[ 1863.877854][ T1400]        traverse.part.0.constprop.0+0xaf/0x650
[ 1863.879912][ T1400]        seq_read_iter+0x93c/0x12d0
[ 1863.881709][ T1400]        kernfs_fop_read_iter+0x46c/0x610
[ 1863.883625][ T1400]        copy_splice_read+0x618/0xc20
[ 1863.885425][ T1400]        do_splice_read+0x285/0x370
[ 1863.887145][ T1400]        splice_direct_to_actor+0x2a1/0xa30
[ 1863.889115][ T1400]        do_splice_direct+0x174/0x240
[ 1863.890936][ T1400]        do_sendfile+0xb06/0xe50
[ 1863.892610][ T1400]        __ia32_compat_sys_sendfile+0x162/0x220
[ 1863.894811][ T1400]        __do_fast_syscall_32+0xe8/0x680
[ 1863.896672][ T1400]        do_fast_syscall_32+0x32/0x80
[ 1863.898442][ T1400]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1863.900621][ T1400] 
[ 1863.900621][ T1400] -> #0 (&p->lock){+.+.}-{4:4}:
[ 1863.902837][ T1400]        __lock_acquire+0x1669/0x2890
[ 1863.904677][ T1400]        lock_acquire+0x179/0x330
[ 1863.906382][ T1400]        __mutex_lock+0x1aa/0x1ca0
[ 1863.908183][ T1400]        seq_read_iter+0xe1/0x12d0
[ 1863.910008][ T1400]        kernfs_fop_read_iter+0x46c/0x610
[ 1863.912025][ T1400]        copy_splice_read+0x618/0xc20
[ 1863.913838][ T1400]        do_splice_read+0x285/0x370
[ 1863.915617][ T1400]        splice_file_to_pipe+0x109/0x120
[ 1863.917463][ T1400]        do_sendfile+0x400/0xe50
[ 1863.919191][ T1400]        __ia32_sys_sendfile64+0x1d7/0x220
[ 1863.921183][ T1400]        __do_fast_syscall_32+0xe8/0x680
[ 1863.923037][ T1400]        do_fast_syscall_32+0x32/0x80
[ 1863.924821][ T1400]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1863.927332][ T1400] 
[ 1863.927332][ T1400] other info that might help us debug this:
[ 1863.927332][ T1400] 
[ 1863.930885][ T1400] Chain exists of:
[ 1863.930885][ T1400]   &p->lock --> &sbi->pipe_mutex --> &pipe->mutex
[ 1863.930885][ T1400] 
[ 1863.934839][ T1400]  Possible unsafe locking scenario:
[ 1863.934839][ T1400] 
[ 1863.937387][ T1400]        CPU0                    CPU1
[ 1863.939173][ T1400]        ----                    ----
[ 1863.940937][ T1400]   lock(&pipe->mutex);
[ 1863.942298][ T1400]                                lock(&sbi->pipe_mutex);
[ 1863.944567][ T1400]                                lock(&pipe->mutex);
[ 1863.946721][ T1400]   lock(&p->lock);
[ 1863.948139][ T1400] 
[ 1863.948139][ T1400]  *** DEADLOCK ***
[ 1863.948139][ T1400] 
[ 1863.950969][ T1400] 1 lock held by syz.5.7655/1400:
[ 1863.952630][ T1400]  #0: ffff88805f9dd468 (&pipe->mutex){+.+.}-{4:4}, at: pipe_lock+0x64/0x80
[ 1863.955489][ T1400] 
[ 1863.955489][ T1400] stack backtrace:
[ 1863.957478][ T1400] CPU: 3 UID: 0 PID: 1400 Comm: syz.5.7655 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1863.957498][ T1400] Tainted: [L]=SOFTLOCKUP
[ 1863.957504][ T1400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1863.957512][ T1400] Call Trace:
[ 1863.957517][ T1400]  <TASK>
[ 1863.957522][ T1400]  dump_stack_lvl+0x116/0x1f0
[ 1863.957542][ T1400]  print_circular_bug+0x275/0x340
[ 1863.957562][ T1400]  check_noncircular+0x146/0x160
[ 1863.957582][ T1400]  __lock_acquire+0x1669/0x2890
[ 1863.957596][ T1400]  ? mark_held_locks+0x49/0x80
[ 1863.957607][ T1400]  lock_acquire+0x179/0x330
[ 1863.957618][ T1400]  ? seq_read_iter+0xe1/0x12d0
[ 1863.957633][ T1400]  ? __pfx___might_resched+0x10/0x10
[ 1863.957650][ T1400]  __mutex_lock+0x1aa/0x1ca0
[ 1863.957669][ T1400]  ? seq_read_iter+0xe1/0x12d0
[ 1863.957683][ T1400]  ? do_sendfile+0x400/0xe50
[ 1863.957697][ T1400]  ? __do_fast_syscall_32+0xe8/0x680
[ 1863.957714][ T1400]  ? do_fast_syscall_32+0x32/0x80
[ 1863.957724][ T1400]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1863.957738][ T1400]  ? seq_read_iter+0xe1/0x12d0
[ 1863.957752][ T1400]  ? __pfx___mutex_lock+0x10/0x10
[ 1863.957772][ T1400]  ? alloc_pages_bulk_noprof+0xac5/0x1410
[ 1863.957788][ T1400]  ? seq_read_iter+0xe1/0x12d0
[ 1863.957801][ T1400]  seq_read_iter+0xe1/0x12d0
[ 1863.957816][ T1400]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[ 1863.957831][ T1400]  kernfs_fop_read_iter+0x46c/0x610
[ 1863.957859][ T1400]  copy_splice_read+0x618/0xc20
[ 1863.957882][ T1400]  ? __pfx_aa_file_perm+0x10/0x10
[ 1863.957903][ T1400]  ? __pfx_copy_splice_read+0x10/0x10
[ 1863.957928][ T1400]  ? __fget_files+0x204/0x3c0
[ 1863.957948][ T1400]  ? __pfx_copy_splice_read+0x10/0x10
[ 1863.957964][ T1400]  do_splice_read+0x285/0x370
[ 1863.957980][ T1400]  splice_file_to_pipe+0x109/0x120
[ 1863.957997][ T1400]  do_sendfile+0x400/0xe50
[ 1863.958013][ T1400]  ? __pfx_do_sendfile+0x10/0x10
[ 1863.958027][ T1400]  ? do_seccomp+0x333/0x2640
[ 1863.958043][ T1400]  ? __pfx___seccomp_filter+0x10/0x10
[ 1863.958056][ T1400]  __ia32_sys_sendfile64+0x1d7/0x220
[ 1863.958067][ T1400]  ? xfd_validate_state+0x61/0x180
[ 1863.958078][ T1400]  ? __pfx___ia32_sys_sendfile64+0x10/0x10
[ 1863.958089][ T1400]  ? __secure_computing+0x21c/0x320
[ 1863.958102][ T1400]  __do_fast_syscall_32+0xe8/0x680
[ 1863.958120][ T1400]  do_fast_syscall_32+0x32/0x80
[ 1863.958130][ T1400]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1863.958143][ T1400] RIP: 0023:0xf700d579
[ 1863.958153][ T1400] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1863.958166][ T1400] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 00000000000000ef
[ 1863.958178][ T1400] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000000000a
[ 1863.958185][ T1400] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000
[ 1863.958191][ T1400] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1863.958197][ T1400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1863.958204][ T1400] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1863.958222][ T1400]  </TASK>
[ 1864.351870][T32434] usb usb50-port1: attempt power cycle
[ 1864.920025][T32434] usb usb50-port1: unable to enumerate USB device
[ 1867.900614][ T6027] usb 9-1: USB disconnect, device number 10
[ 1870.129870][T21476] Bluetooth: hci0: command 0x0406 tx timeout